[Bro] new Bro CURRENT release (1.3.1)

Adayadil Thomas adayadil.thomas at gmail.com
Fri Jul 20 13:55:59 PDT 2007 

Is there any paper or documentation on how the dynamic protocol detection works?

Thanks


On 7/20/07, Vern Paxson <vern at icir.org> wrote:
> Bro release 1.3.1 is now available from:
>
>         ftp://bro-ids.org/bro-1.X-current.tar.gz
>
> This version fixes three bugs found in the recent 1.3 release:
>
>         1.3.1 Thu Jul 19 09:39:33 PDT 2007
>
>         - Bug fix for dynamic protocol detection (Robin Sommer).
>
>         - Bug fix for zip-encoded Web items (Robin Sommer).
>
>         - Configuration fix for installation (Brian Tierney).
>
> Patch appended.
>
>                 Vern
>
> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> diff -ru bro-1.3/CHANGES bro-1.3.1/CHANGES
> --- bro-1.3/CHANGES     2007-07-16 22:57:55.000000000 -0700
> +++ bro-1.3.1/CHANGES   2007-07-20 09:15:37.000000000 -0700
> @@ -1,7 +1,16 @@
> -@(#) $Id: CHANGES 4638 2007-07-17 05:57:45Z vern $
> +@(#) $Id: CHANGES 4653 2007-07-20 16:05:51Z vern $
>
>  -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> +1.3.1 Thu Jul 19 09:39:33 PDT 2007
> +
> +- Bug fix for dynamic protocol detection (Robin Sommer).
> +
> +- Bug fix for zip-encoded Web items (Robin Sommer).
> +
> +- Configuration fix for installation (Brian Tierney).
> +
> +
>  1.3 Mon Jul 16 22:11:00 PDT 2007
>
>  - The Bro manual has been wikified at:
> diff -ru bro-1.3/scripts/bro_config.in bro-1.3.1/scripts/bro_config.in
> --- bro-1.3/scripts/bro_config.in       2006-11-28 09:51:59.000000000 -0800
> +++ bro-1.3.1/scripts/bro_config.in     2007-07-20 09:15:35.000000000 -0700
> @@ -1,5 +1,5 @@
>  #!/bin/sh
> -# $Id: bro_config.in 3773 2006-11-03 16:37:50Z tierney $
> +# $Id: bro_config.in 4652 2007-07-20 15:39:03Z tierney $
>  #
>  # default install location for bro
>  # We probably need to sync this with what was used for --prefix
> @@ -273,7 +273,7 @@
>  BRO_LOG_ARCHIVE="${BRO_LOG_ARCHIVE:-${BROHOME}/archive}"
>
>  # Bro policy paths
> -BROPATH="${BROHOME}/site:${BROHOME}/policy"
> +BROPATH="${BROHOME}/site:${BROHOME}/policy:${BROHOME}/policy/sigs"
>  export BROPATH
>
>  # Filename of the Bro start policy.  Must be located in one of the directories in \$BROPATH
> diff -ru bro-1.3/src/PIA.cc bro-1.3.1/src/PIA.cc
> --- bro-1.3/src/PIA.cc  2007-07-04 08:28:12.000000000 -0700
> +++ bro-1.3.1/src/PIA.cc        2007-07-20 09:15:37.000000000 -0700
> @@ -92,7 +92,8 @@
>         if ( pkt_buffer.state == INIT )
>                 new_state = BUFFERING;
>
> -       if ( pkt_buffer.state == BUFFERING && len > 0 )
> +       if ( (pkt_buffer.state == BUFFERING || new_state == BUFFERING) &&
> +            len > 0 )
>                 {
>                 AddToBuffer(&pkt_buffer, seq, len, data, is_orig);
>                 if ( pkt_buffer.size > dpd_buffer_size )
> @@ -199,7 +200,7 @@
>                 new_state = BUFFERING;
>                 }
>
> -       if ( stream_buffer.state == BUFFERING )
> +       if ( stream_buffer.state == BUFFERING || new_state == BUFFERING )
>                 {
>                 AddToBuffer(&stream_buffer, len, data, is_orig);
>                 if ( stream_buffer.size > dpd_buffer_size )
> diff -ru bro-1.3/src/ZIP.cc bro-1.3.1/src/ZIP.cc
> --- bro-1.3/src/ZIP.cc  2006-09-15 16:35:40.000000000 -0700
> +++ bro-1.3.1/src/ZIP.cc        2007-07-20 09:15:36.000000000 -0700
> @@ -89,25 +89,28 @@
>                 zip->avail_out = unzip_size;
>                 zip_status = inflate(zip, Z_SYNC_FLUSH);
>
> -               if ( zip_status == Z_STREAM_END )
> +               if ( zip_status != Z_STREAM_END &&
> +                    zip_status != Z_OK &&
> +                    zip_status != Z_BUF_ERROR )
>                         {
> +                       Weird("inflate_failed");
>                         inflateEnd(zip);
> -                       delete zip;
> -                       zip = 0;
>                         break;
>                         }
>
> -               if ( zip_status != Z_OK && zip_status != Z_BUF_ERROR )
> +               int have = unzip_size - zip->avail_out;
> +               if ( have )
> +                       ForwardStream(have, unzipbuf, IsOrig());
> +
> +               if ( zip_status == Z_STREAM_END )
>                         {
> -                       Weird("inflate_failed");
>                         inflateEnd(zip);
> +                       delete zip;
> +                       zip = 0;
>                         break;
>                         }
>
> -               int have = unzip_size - zip->avail_out;
> -               ForwardStream(have, unzipbuf, IsOrig());
>                 zip_status = Z_OK;
> -
>                 }
>         while ( zip->avail_out == 0 );
>         }
> diff -ru bro-1.3/VERSION bro-1.3.1/VERSION
> --- bro-1.3/VERSION     2007-07-16 23:00:41.000000000 -0700
> +++ bro-1.3.1/VERSION   2007-07-20 09:15:37.000000000 -0700
> @@ -1 +1 @@
> -1.3
> +1.3.1
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>

More information about the Bro mailing list