zeek-dev November 2010

zeek-dev@lists.zeek.org

153 discussions

[Bro-Dev] #326: HTTP Analyzer overflow on content-lengths > 2GB

by Bro Tracker

#326: HTTP Analyzer overflow on content-lengths > 2GB ----------------------+------------------------ Reporter: gregor | Owner: Type: Patch | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: inttypes | ----------------------+------------------------ {{{ #!rst The HTTP analyzer uses 32 bit signed ints to parse the content-length header, track body length etc. This causes overflow and for content lengths > 2GB. This effects the reported body length as well as parsing of pipelined or persistent connection. The overflow might also cause crashes. Changes in this patch: * Change the affected integers in to 64 bit wide * Overload min/max inline functions in util.h to work with different widths and signedness. * Explicitly cast parameters to min/max where in cases were the compiler complained. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/326> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 7 months

[Bro-Dev] #324: Remove EXPIRE_DFA_STATES code

by Bro Tracker

#324: Remove EXPIRE_DFA_STATES code -------------------+----------------------- Reporter: robin | Type: Task Status: new | Priority: Normal Component: Bro | Version: git/master -------------------+----------------------- The configure options is already gone, let's not forget to remove the code as well. -- Ticket URL: <http://tracker.icir.org/bro/ticket/324> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 8 months

[Bro-Dev] #325: Remove ACTIVE_MAPPING code

by Bro Tracker

#325: Remove ACTIVE_MAPPING code ------------------------+--------------------- Reporter: robin | Type: Problem Status: new | Priority: Normal Milestone: Bro1.6 | Component: Bro Version: git/master | ------------------------+--------------------- The configure option is already gone, let's not forget to remove the code as well. -- Ticket URL: <http://tracker.icir.org/bro/ticket/325> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 8 months

[Bro-Dev] #319: Changes Xprintf() formats to use PRIxyz, e.g., PRIu64, PRIx32

by Bro Tracker

#319: Changes Xprintf() formats to use PRIxyz, e.g., PRIu64, PRIx32 ----------------------+-------------------- Reporter: gregor | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: Keywords: inttypes | ----------------------+-------------------- {{{ #!rst Change all *X*\ printf(), fmt(), etc. format strings to use ``PRIxyz`` macros to specify how to print fixed-width integer types like uint64_t. These are defined in ``stdint.h`` C.f. http://www.opengroup.org/onlinepubs/000095399/basedefs/inttypes.h.html They are a C99 and POSIX standard and using them should get rid of a lot of warnings related to format specifiers. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/319> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 9 months

[Bro-Dev] #318: Use inttypes.h instead of home-made ifdefs

by Bro Tracker

#318: Use inttypes.h instead of home-made ifdefs ----------------------+------------------------ Reporter: gregor | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: inttypes | ----------------------+------------------------ * Use inttypes.h for fixed width integer types instead of using self-made #ifdefs. (E.g., uint64_t, int32_t). Cf. util.[ch] * Replace old ``uint32`` et al. with standard ``uint32_t`` et al. inttypes.h is a C99 and POSIX standard. Check for possible roadblock when doing so -- Ticket URL: <http://tracker.icir.org/bro/ticket/318> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 10 months

[Bro-Dev] #315: TCP Reassemblier type inconsistency

by Bro Tracker

#315: TCP Reassemblier type inconsistency ----------------------+------------------------ Reporter: gregor | Owner: Type: Problem | Status: new Priority: Low | Milestone: Component: Bro | Version: git/master Keywords: inttypes | ----------------------+------------------------ {{{ #!rst The TCP Reassembler (and the general Reassembler which is the base class) have a type inconsitency: internally they define the sequence numbers as ``int``. When they have to compare seq numbers, they call ``seq_delta()`` which takes two ``uint32``. The reassemblers should also use ``uint32_t`` internally. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/315> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 10 months

[Bro-Dev] #317: Analyzer::Undelivered should use relative sequence numbers (and go to 64bit)

by Bro Tracker

#317: Analyzer::Undelivered should use relative sequence numbers (and go to 64bit) ----------------------+------------------------ Reporter: gregor | Owner: Type: Task | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: inttypes | ----------------------+------------------------ {{{ #!rst ``Analyzer::Undelivered(int seq, int len)`` is called with absolute TCP sequence from the TCP reassambler. However, since the analyzer framework should work on abstract byte streams, it should return *realtive* sequence numbers. In addition, it should use 64 bit integers! Note, that Undelivered is not really used. The HTTP.cc analyzer uses it, but ``seq`` is to generate a mime_content_gap event. It does seem that HTTP.cc assumes the seq number is relative.... }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/317> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 10 months

[Bro-Dev] #321: Load http.bro script from http-header

by Bro Tracker

#321: Load http.bro script from http-header ---------------------+------------------------ Reporter: gregor | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ http-header.bro should load http.bro, as it uses functions defined there. (If other http-* scripts are loaded before http.bro, they'll pull in http.bro and thus works) -- Ticket URL: <http://tracker.icir.org/bro/ticket/321> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

9 years, 11 months

[Bro-Dev] Masters updated

by Robin Sommer

I've updated all the masters and devels to - integrate a round of cleanup removing files no longer necessary. - the latest changes from SVN. I've also adapted the test-suite (in bro-private) to work with the new setup, and it passes fine with all the changes (well, to be precise, it reports the same differences as svn trunk; seems it's not completely up to date). We should now see if master is working for everybody. If so, we'll have a stable base to work from. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org

9 years, 12 months

[Bro-Dev] Thoughts on documenting scripts

by Robin Sommer

I've added a page on how we might use Sphinx to auto-generate Bro script documentation to the projects list, see http://bro.icir.org/devel/projects/autodoc.html This includes a mock-up of how Sphinx input and output could look like. What do you guys think? Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org

10 years

Jump to page:

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev November 2010