[Bro] Running external command line programs
Chris Crawford
christopher.p.crawford at gmail.com
Mon Feb 25 13:18:38 PST 2013
Hey Seth,
Cool. I pulled the most recent code from github. It cleans up /tmp, the
code looks cleaner -- with more when statements -- but it also causes bro
to consume 100% CPU and the only way I can kill bro is by doing a Ctrl-Z
and then a kill -9. I never get output from the command I add to
Exec::run, so I added some print statements to try to trace where things go
off the tracks:
# exec-test.bro
1 @load ./exec
2
3
4 event bro_init()
5 {
6 print "hello";
7 when ( local result = Exec::run([$cmd="ls /"]) )
8 {
9 print "it ran?!?";
10 if ( result?$stdout )
11 print result$stdout;
12 if ( result?$files )
13 print result$files;
14 }
15 }
# exec.bro
140 function run(cmd: Command): Result
141 {
142 print "hi";
Then, when I run the following:
$ bro
/usr/local/bro-2.1/share/bro/policy/frameworks/communication/listen.bro
exec-test.bro
hello
So, it looks like bro gets hung up before it can get into Exec::run.
-Chris
On Fri, Feb 22, 2013 at 12:06 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 22, 2013, at 11:59 AM, Chris Crawford <
> christopher.p.crawford at gmail.com> wrote:
>
> > This got me wondering -- why would exec-test.bro ever have a case where
> (! r?$stdout) is true, when I have a program that absolutely returns output
> every time it's run? (And then print out "nothing?!?")
>
> You don't have to do that check if you know your script will have
> something on stdout. I may even make stdout an empty vector by default (as
> opposed to null). I can see that argument making sense.
>
> > system(fmt("rm %s_done", tmpfile));
> > system(fmt("rm %s_stdout", tmpfile));
> > system(fmt("rm %s_stderr", tmpfile));
> >
> > I'm just not sure where it should go.
>
> You're running old code. :) I may not have finished taking care of that
> yet in the version you're running. Hopefully this will be in Bro's master
> branch soon but using when statements and just generally being much nicer.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130225/63d7f11d/attachment.html
More information about the Bro
mailing list