zeek-dev December 2010

zeek-dev@lists.zeek.org

69 discussions

[Bro-Dev] #340: Cleanup: unify where global consts are defined (access from policy layer and event engine)

by Bro Tracker

#340: Cleanup: unify where global consts are defined (access from policy layer and event engine) -----------------------------+-------------------- Reporter: gregor | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro1.6 Component: Bro | Version: Keywords: | -----------------------------+-------------------- {{{ #!rst Global ``const``'s that are accessible from the policy layer and event engine (e.g., to configure features) are currently defined in different ways: 1. in ``bro.init`` and ``NetVar.{cc|h}`` 2. in a specific .bro policy script and ``NetVar.{cc|h}`` 3. in ``const.bif`` According to our discussion on bro-dev, we should change it to only use ``const.bif``. For case 2. we should add a ``redef`` in the .bro policy scripts, so that users looking at the script see that the const exists (TODO: how to best auto-doucment these). Setting milestone to 1.6 as it seems this can be done together with the general policy script overhaul, but can also be pushed backed. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/340> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 8 months

[Bro-Dev] #337: BroCtl's top has trouble with large values

by Bro Tracker

#337: BroCtl's top has trouble with large values ------------------------+------------------------ Reporter: robin | Owner: robin Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: BroControl | Version: git/master ------------------------+------------------------ From Craig: File "/home/users/bro/bro-151/lib/broctl/BroControl/control.py", line 588, in getTopOutput d["vsize"] = int(p[1]) ValueError: invalid literal for int(): 2.17684e+09 Here's a possible fix for this: d["vsize"] = int(float(p[1])) Craig fun 2 % !! ipython Python 2.6.6 (r266:84292, Sep 29 2010, 08:18:31) Type "copyright", "credits" or "license" for more information. IPython 0.10.1 -- An enhanced Interactive Python. ? -> Introduction and overview of IPython's features. %quickref -> Quick reference. help -> Python's own help system. object? -> Details about 'object'. ?object also works, ?? prints more. In [1]: p = [ 'foo', '2.17684e+09' ] In [2]: print type(p[1]) <type 'str'> In [3]: print p[1] 2.17684e+09 In [4]: d = {} In [5]: d["vsize"] = int(float(p[1])) In [6]: print d["vsize"] 2176840000 In [7]: print type(d["vsize"]) <type 'int'> -- Ticket URL: <http://tracker.icir.org/bro/ticket/337> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 8 months

[Bro-Dev] #326: HTTP Analyzer overflow on content-lengths > 2GB

by Bro Tracker

#326: HTTP Analyzer overflow on content-lengths > 2GB ----------------------+------------------------ Reporter: gregor | Owner: Type: Patch | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: inttypes | ----------------------+------------------------ {{{ #!rst The HTTP analyzer uses 32 bit signed ints to parse the content-length header, track body length etc. This causes overflow and for content lengths > 2GB. This effects the reported body length as well as parsing of pipelined or persistent connection. The overflow might also cause crashes. Changes in this patch: * Change the affected integers in to 64 bit wide * Overload min/max inline functions in util.h to work with different widths and signedness. * Explicitly cast parameters to min/max where in cases were the compiler complained. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/326> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 8 months

[Bro-Dev] #324: Remove EXPIRE_DFA_STATES code

by Bro Tracker

#324: Remove EXPIRE_DFA_STATES code -------------------+----------------------- Reporter: robin | Type: Task Status: new | Priority: Normal Component: Bro | Version: git/master -------------------+----------------------- The configure options is already gone, let's not forget to remove the code as well. -- Ticket URL: <http://tracker.icir.org/bro/ticket/324> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 9 months

[Bro-Dev] #325: Remove ACTIVE_MAPPING code

by Bro Tracker

#325: Remove ACTIVE_MAPPING code ------------------------+--------------------- Reporter: robin | Type: Problem Status: new | Priority: Normal Milestone: Bro1.6 | Component: Bro Version: git/master | ------------------------+--------------------- The configure option is already gone, let's not forget to remove the code as well. -- Ticket URL: <http://tracker.icir.org/bro/ticket/325> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 9 months

[Bro-Dev] #319: Changes Xprintf() formats to use PRIxyz, e.g., PRIu64, PRIx32

by Bro Tracker

#319: Changes Xprintf() formats to use PRIxyz, e.g., PRIu64, PRIx32 ----------------------+-------------------- Reporter: gregor | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: Keywords: inttypes | ----------------------+-------------------- {{{ #!rst Change all *X*\ printf(), fmt(), etc. format strings to use ``PRIxyz`` macros to specify how to print fixed-width integer types like uint64_t. These are defined in ``stdint.h`` C.f. http://www.opengroup.org/onlinepubs/000095399/basedefs/inttypes.h.html They are a C99 and POSIX standard and using them should get rid of a lot of warnings related to format specifiers. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/319> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 11 months

[Bro-Dev] #335: Small warning about "main"

by Bro Tracker

#335: Small warning about "main" ---------------------+-------------------- Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: Keywords: | ---------------------+-------------------- Small warning during compile about the main function:: {{{ main.cc: In function ‘int main(int, char**)’: main.cc:415: warning: deprecated conversion from string constant to ‘char*’ }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/335> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 11 months

[Bro-Dev] #329: Remove detect-protocols-http.bro from Broctl's default local.bro

by Bro Tracker

#329: Remove detect-protocols-http.bro from Broctl's default local.bro ------------------------+-------------------- Reporter: seth | Owner: robin Type: Task | Status: new Priority: Normal | Milestone: Bro1.6 Component: BroControl | Version: Keywords: | ------------------------+-------------------- This script does a for loop over a 7 element table for every http_header and http_request event. In my opinion, I'd say that the benefit does not outweigh the cost and it should be removed from the default local.bro scripts. -- Ticket URL: <http://tracker.icir.org/bro/ticket/329> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 11 months

[Bro-Dev] #328: Programmatic pattern construction at init time.

by Bro Tracker

#328: Programmatic pattern construction at init time. -----------------------------+-------------------- Reporter: seth | Owner: Type: Feature Request | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: Keywords: | -----------------------------+-------------------- bro.bif contains functions for dynamically creating patterns but they are disabled if reading live traffic because the DFA and NFA data structures can't be fully cleaned up. It would be useful to be able to call these functions in bro_init handlers regardless of if live traffic is being analyzed which should be acceptable for memory concerns but allows patterns to be built from configuration variables. Here are the functions: {{{ function merge_pattern%(p1: pattern, p2: pattern%): pattern function string_to_pattern%(s: string, convert: bool%): pattern }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/328> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 12 months

[Bro-Dev] #330: Nit: portmapper.bro needs to load scan.bro

by Bro Tracker

#330: Nit: portmapper.bro needs to load scan.bro ---------------------+------------------------ Reporter: gregor | Owner: Type: Problem | Status: new Priority: Low | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ portmapper.bro requires scan.bro, so add a @load scan to portmapper.bro -- Ticket URL: <http://tracker.icir.org/bro/ticket/330> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 12 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev December 2010