#478: Move BinPAC docs over to new server
----------------------------+--------------------
Reporter: robin | Owner: seth
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Website / Wiki | Version:
Keywords: |
----------------------------+--------------------
There's some BinPAC documentation in the old Wiki that we should move
over.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/478>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#465: Fix up the MIME analyzer
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
The mime analyzer has a lot of inconsistency issues and is broken in a few
places.
* mime_all_headers loops and could potentially be a bad idea. More prone
to DoS as well. Delete it?
* mime_all_data is probably also a bad idea. Especially for large files.
Delete it?
* mime_entity_data seems very similar to mime_all_data and is not chunked
as the similarity to the http_entity_data would imply. The current
mime_entity_data should be removed and the current mime_all_data should be
renamed to mime_entity_data.
* mime_next_entity is never generated by the core or policy scripts and
should either be fixed or deleted.
* mime_one_header should probably be renamed to mime_header for
consistency.
* I have no clue what mime_event is for. Is it necessary?
* mime_content_hash gives a non printable hash value and it could be
removed since hash generation is done in the script now and eventually
will be done in the file analyzer.
* The wrong ifdef is used in the source: #ifdef DEBUG_BRO used instead of
#ifdef DEBUG
* mime_end_entity is generated generated multiple times in some cases when
it shouldn't be. It's something to keep an eye out for, I never dug into
it enough to find out what caused it.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/465>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#464: Bug with complex data structures
---------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro1.6
Component: Bro | Version:
Keywords: |
---------------------+--------------------
This script:
{{{
type MetaData: record {
a: count;
tags: set[string];
};
global ip_data: table[addr] of set[MetaData] = table();
local m: MetaData = [$a=4, $tags=set("blah")];
if ( 1.2.3.4 !in ip_data )
ip_data[1.2.3.4] = set(m);
else
add ip_data[1.2.3.4][m];
}}}
Results in this error:
{{{
1306867820.149493 <no location> and ./test29.bro, line 10
([a=4, tags={blah}] and list of record { a:count; tags:set[string]; }):
error, index type doesn't match table
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/464>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#472: Cleanup scripts in bro-aux
--------------------+--------------------
Reporter: robin | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: |
--------------------+--------------------
There are some scripts in bro-aux which won't work anymore with the new
policy scripts.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/472>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#487: Bug and missing feature in syslog analyzer
---------------------+------------------------
Reporter: seth | Owner: seth
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
Some syslog packets are not analyzed correctly and the data include two
extra bytes at the end of the message (\x0a\x00).
The syslog analyzer also doesn't deal with TCP syslog and needs to.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/487>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#485: Error when defining vectors of records with optional fields
----------------------+------------------------
Reporter: vallenti | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
----------------------+------------------------
When defining vectors of records that contain optional fields, Bro
erroneously reports a type clash. Here is a minimal example that triggers
the bug:
{{{
type Foo: record {
s: string;
o: string &optional;
};
const v: vector of Foo = {
[$s="bar", $o="check"],
[$s="baz"]
}
}}}
The error is:
{{{
./vector.bro, line 8 ([$s=bar]): error, type mismatch at index 1
}}}
That is, constructing the first records succeeds, but the second falsely
fails.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/485>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#461: internal_error called for async DNS failures
---------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: |
---------------------+--------------------
Bro shouldn't be shutting down when DNS lookups fail which is what
internal_error leads to. It seems that the main area people are having
problems is the handling of the return value of nb_dns_activity, but I
think that all internal_error calls in DNS_Mgr.cc should be audited.
Maybe for the next release we can change the places where internal_error
is called based on the nb_dns_activity return value and audit the rest of
the internal_error calls later.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/461>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#460: Problem with extended records and empty container types
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
If you extend a record, the empty container types don't work anymore. The
following code::
{{{
type Blah: record {
whatever: string;
};
redef record Blah += {
test2: set[count] &default=set();
};
global foobar: Blah;
}}}
Results in this crash::
{{{
[build (topic/policy-scripts-new)]$ gdb --args ./src/bro test23.bro
GNU gdb 6.3.50-20050815 (Apple version gdb-1469) (Wed May 5 04:36:56 UTC
2010)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for
shared libraries ........ done
(gdb) r
Starting program: ./src/bro test23.bro
Reading symbols for shared libraries .+++++++ done
./test23.bro, line 6 (set() and set[count]): error, &default value has
inconsistent type
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000028
0x0000000100085138 in BroType::Tag (this=0x0) at Type.h:75
75 TypeTag Tag() const { return tag; }
(gdb) bt
#0 0x0000000100085138 in BroType::Tag (this=0x0) at Type.h:75
#1 0x0000000100224e60 in same_type (t1=0x100cb2be0, t2=0x0, is_init=0) at
./src/Type.cc:1645
#2 0x00000001000a5fe3 in Attributes::CheckAttr (this=0x100cb2d70,
a=0x100cb2c90) at ./src/Attr.cc:268
#3 0x00000001000a6e2a in Attributes::AddAttr (this=0x100cb2d70,
attr=0x100cb2c90) at ./src/Attr.cc:134
#4 0x00000001000a73b0 in Attributes::Attributes (this=0x100cb2d70,
a=0x100cb2710, t=0x100cb27c0, arg_in_record=false) at ./src/Attr.cc:105
#5 0x0000000100220de3 in TypeDecl::TypeDecl (this=0x100cb2d50,
t=0x100cb27c0, i=0x100b6e0c0 "test2", arg_attrs=0x100cb2710,
in_record=false) at ./src/Type.cc:789
#6 0x0000000100080f22 in yyparse () at parse.y:954
#7 0x0000000100094a1d in main (argc=2, argv=0x7fff5fbfeba0) at
./src/main.cc:736
(gdb)
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/460>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker