zeek-dev April 2011

zeek-dev@lists.zeek.org

61 discussions

[Bro-Dev] #340: Cleanup: unify where global consts are defined (access from policy layer and event engine)

by Bro Tracker

#340: Cleanup: unify where global consts are defined (access from policy layer and event engine) -----------------------------+-------------------- Reporter: gregor | Owner: Type: Feature Request | Status: new Priority: Low | Milestone: Bro1.6 Component: Bro | Version: Keywords: | -----------------------------+-------------------- {{{ #!rst Global ``const``'s that are accessible from the policy layer and event engine (e.g., to configure features) are currently defined in different ways: 1. in ``bro.init`` and ``NetVar.{cc|h}`` 2. in a specific .bro policy script and ``NetVar.{cc|h}`` 3. in ``const.bif`` According to our discussion on bro-dev, we should change it to only use ``const.bif``. For case 2. we should add a ``redef`` in the .bro policy scripts, so that users looking at the script see that the const exists (TODO: how to best auto-doucment these). Setting milestone to 1.6 as it seems this can be done together with the general policy script overhaul, but can also be pushed backed. }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/340> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #357: Only log missing support for libgeoip a single time.

by Bro Tracker

#357: Only log missing support for libgeoip a single time. ---------------------+------------------------ Reporter: seth | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: sprint | ---------------------+------------------------ I've seen too many people with logs that are full of messages indicating no support for libgeoip. -- Ticket URL: <http://tracker.icir.org/bro/ticket/357> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #421: Initialize set/table field in records.

by Bro Tracker

#421: Initialize set/table field in records. --------------------+-------------------- Reporter: robin | Owner: robin Type: Task | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: Keywords: | --------------------+-------------------- We should initialize set/tables in instantiated records to empty values if they don't have an &optional attribute. -- Ticket URL: <http://tracker.icir.org/bro/ticket/421> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #412: Port the istate tests to btes

by Bro Tracker

#412: Port the istate tests to btes --------------------+-------------------- Reporter: robin | Owner: robin Type: Task | Status: new Priority: Normal | Milestone: Bro1.6 Component: Bro | Version: Keywords: | --------------------+-------------------- They are in testings/istate. -- Ticket URL: <http://tracker.icir.org/bro/ticket/412> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #444: bug fix for POP3 analyzer

by Bro Tracker

#444: bug fix for POP3 analyzer ---------------------+----------------- Reporter: vern | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: Bro | Version: Keywords: | ---------------------+----------------- The POP3 analyzer has a major bug, which is that it doesn't recognize '.' terminators in multi-line replies if the terminator is bare (no newline). This causes it to ignore the rest of the session that it's analyzing. Patch appended. I even tested it! -- Ticket URL: <http://tracker.icir.org/bro/ticket/444> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #435: topic/jsiwek/doc-framework

by Bro Tracker

#435: topic/jsiwek/doc-framework ---------------------------+------------------------ Reporter: jsiwek | Owner: Type: Merge Request | Status: new Priority: Low | Milestone: Bro1.6 Component: Bro | Version: git/master Keywords: | ---------------------------+------------------------ * Changes to Bro's scanner/parser to facilitate automatic generation of Bro policy script documentation (reStructuredText format) * Adds command line flags `-Z` and `--doc-scripts` to bro to toggle this new doc generation mode * Changes to bifcl to pass comments starting with "##" through into the generated .bro script * Adds a `make doc` build target to generate reStructuredText for a defined set of Bro policy scripts and then run that through Sphinx to create HTML documentation -- Ticket URL: <http://tracker.icir.org/bro/ticket/435> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #430: Build error in LogMgr.cc

by Bro Tracker

#430: Build error in LogMgr.cc ----------------------+----------------------- Reporter: appleman | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: Bro | Version: git/topic Keywords: | ----------------------+----------------------- I cloned the repository as master and built bro. I then did ... git checkout topic/robin/logging-internals make ... and it died with the following errors: [ 16%] Building CXX object src/CMakeFiles/bro.dir/LogMgr.cc.o /home/appleman/bro/trunk/scripts/bro/src/LogMgr.cc: In member function ‘bool LogMgr::AddFilter(EnumVal*, RecordVal*)’: /home/appleman/bro/trunk/scripts/bro/src/LogMgr.cc:691: error: ‘transform’ is not a member of ‘std’ make[3]: *** [src/CMakeFiles/bro.dir/LogMgr.cc.o] Error 1 make[3]: Leaving directory `/home/appleman/bro/trunk/scripts/bro/build' make[2]: *** [src/CMakeFiles/bro.dir/all] Error 2 make[2]: Leaving directory `/home/appleman/bro/trunk/scripts/bro/build' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/appleman/bro/trunk/scripts/bro/build' make: *** [all] Error 2 My gcc version is 4.4.3 Problem was resolved for me by adding #include <algorithm> to LogMgr.cc -- Ticket URL: <http://tracker.icir.org/bro/ticket/430> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #443: Print a message instead of a stack trace when debug.log can't be opened

by Bro Tracker

#443: Print a message instead of a stack trace when debug.log can't be opened -----------------------------+------------------- Reporter: leres | Owner: robin Type: Feature Request | Status: new Priority: Low | Milestone: Component: BroControl | Version: 1.5.3 Keywords: | -----------------------------+------------------- If you start bro and neither the spool directory nor the current working directory are writable, you get a stack trace: {{{ dig 16 # service bro start Traceback (most recent call last): File "/usr/local/bin/broctl", line 712, in <module> Config = config.Configuration("etc/broctl.cfg", BroBase, BroDist, Version, StandAlone) File "/usr/local/lib/broctl/BroControl/config.py", line 203, in __init__ (success, output) = execute.captureCmd("uname") File "/usr/local/lib/broctl/BroControl/execute.py", line 200, in captureCmd util.debug(1, "%-10s %s" % ("[local]", cmdline)) File "/usr/local/lib/broctl/BroControl/util.py", line 78, in debug DebugOut = open("debug.log", "a") IOError: [Errno 13] Permission denied: 'debug.log' }}} It would be a lot more helpful to print the paths; see attached patch to BroControl/util.py which results in: {{{ dig 17 # service bro start warning: Can't open /usr/local/spool/debug.log: Permission denied error: Can't open /debug.log: Permission denied }}} -- Ticket URL: <http://tracker.icir.org/bro/ticket/443> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #445: Split up cron command

by Bro Tracker

#445: Split up cron command ------------------------+-------------------- Reporter: robin | Owner: robin Type: Task | Status: new Priority: Normal | Milestone: Bro1.6 Component: BroControl | Version: Keywords: | ------------------------+-------------------- Split the `cron` command into separate statistics and watch/restart commands. -- Ticket URL: <http://tracker.icir.org/bro/ticket/445> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

[Bro-Dev] #401: broctl crash reports should display size of core dump

by Bro Tracker

#401: broctl crash reports should display size of core dump ------------------------+-------------------- Reporter: seth | Owner: robin Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: BroControl | Version: Keywords: | ------------------------+-------------------- This would help with remote debugging since it would become easier in some cases to determine the result of a crash if the crash is due to memory exhaustion. One case in particular that it would be really helpful for is someone running 32-bit Bro on a 64-bit platform since the crash (i think) will always happen right at 4GB. -- Ticket URL: <http://tracker.icir.org/bro/ticket/401> Bro Tracker <http://tracker.icir.org/bro> Bro Issue Tracker

10 years, 4 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev April 2011