#340: Cleanup: unify where global consts are defined (access from policy layer
and event engine)
-----------------------------+--------------------
Reporter: gregor | Owner:
Type: Feature Request | Status: new
Priority: Low | Milestone: Bro1.6
Component: Bro | Version:
Keywords: |
-----------------------------+--------------------
{{{
#!rst
Global ``const``'s that are accessible from the policy layer and event
engine (e.g., to configure features) are currently defined in different
ways:
1. in ``bro.init`` and ``NetVar.{cc|h}``
2. in a specific .bro policy script and ``NetVar.{cc|h}``
3. in ``const.bif``
According to our discussion on bro-dev, we should change it to only use
``const.bif``.
For case 2. we should add a ``redef`` in the .bro policy scripts, so that
users looking at the script see that the const exists (TODO: how to best
auto-doucment these).
Setting milestone to 1.6 as it seems this can be done together with the
general policy script overhaul, but can also be pushed backed.
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/340>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#337: BroCtl's top has trouble with large values
------------------------+------------------------
Reporter: robin | Owner: robin
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: BroControl | Version: git/master
------------------------+------------------------
From Craig:
File "/home/users/bro/bro-151/lib/broctl/BroControl/control.py", line
588, in getTopOutput
d["vsize"] = int(p[1])
ValueError: invalid literal for int(): 2.17684e+09
Here's a possible fix for this:
d["vsize"] = int(float(p[1]))
Craig
fun 2 % !!
ipython
Python 2.6.6 (r266:84292, Sep 29 2010, 08:18:31)
Type "copyright", "credits" or "license" for more information.
IPython 0.10.1 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object'. ?object also works, ?? prints more.
In [1]: p = [ 'foo', '2.17684e+09' ]
In [2]: print type(p[1])
<type 'str'>
In [3]: print p[1]
2.17684e+09
In [4]: d = {}
In [5]: d["vsize"] = int(float(p[1]))
In [6]: print d["vsize"]
2176840000
In [7]: print type(d["vsize"])
<type 'int'>
--
Ticket URL: <http://tracker.icir.org/bro/ticket/337>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#326: HTTP Analyzer overflow on content-lengths > 2GB
----------------------+------------------------
Reporter: gregor | Owner:
Type: Patch | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: inttypes |
----------------------+------------------------
{{{
#!rst
The HTTP analyzer uses 32 bit signed ints to parse the content-length
header, track body length etc. This causes overflow and for content
lengths > 2GB. This effects the reported body length as well as parsing of
pipelined or persistent connection.
The overflow might also cause crashes.
Changes in this patch:
* Change the affected integers in to 64 bit wide
* Overload min/max inline functions in util.h to work with different
widths and signedness.
* Explicitly cast parameters to min/max where in cases were the
compiler complained.
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/326>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#325: Remove ACTIVE_MAPPING code
------------------------+---------------------
Reporter: robin | Type: Problem
Status: new | Priority: Normal
Milestone: Bro1.6 | Component: Bro
Version: git/master |
------------------------+---------------------
The configure option is already gone, let's not forget to remove the
code as well.
--
Ticket URL: <http://tracker.icir.org/bro/ticket/325>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#319: Changes Xprintf() formats to use PRIxyz, e.g., PRIu64, PRIx32
----------------------+--------------------
Reporter: gregor | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: inttypes |
----------------------+--------------------
{{{
#!rst
Change all *X*\ printf(), fmt(), etc. format strings to use ``PRIxyz``
macros to specify how to print fixed-width integer types like uint64_t.
These are defined in ``stdint.h``
C.f.
http://www.opengroup.org/onlinepubs/000095399/basedefs/inttypes.h.html
They are a C99 and POSIX standard and using them should get rid of a lot
of warnings related to format specifiers.
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/319>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#335: Small warning about "main"
---------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: |
---------------------+--------------------
Small warning during compile about the main function::
{{{
main.cc: In function ‘int main(int, char**)’:
main.cc:415: warning: deprecated conversion from string constant to
‘char*’
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/335>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#329: Remove detect-protocols-http.bro from Broctl's default local.bro
------------------------+--------------------
Reporter: seth | Owner: robin
Type: Task | Status: new
Priority: Normal | Milestone: Bro1.6
Component: BroControl | Version:
Keywords: |
------------------------+--------------------
This script does a for loop over a 7 element table for every http_header
and http_request event. In my opinion, I'd say that the benefit does not
outweigh the cost and it should be removed from the default local.bro
scripts.
--
Ticket URL: <http://tracker.icir.org/bro/ticket/329>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#328: Programmatic pattern construction at init time.
-----------------------------+--------------------
Reporter: seth | Owner:
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: |
-----------------------------+--------------------
bro.bif contains functions for dynamically creating patterns but they are
disabled if reading live traffic because the DFA and NFA data structures
can't be fully cleaned up. It would be useful to be able to call these
functions in bro_init handlers regardless of if live traffic is being
analyzed which should be acceptable for memory concerns but allows
patterns to be built from configuration variables.
Here are the functions:
{{{
function merge_pattern%(p1: pattern, p2: pattern%): pattern
function string_to_pattern%(s: string, convert: bool%): pattern
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/328>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker