#911: SRV replies don't get processed by DNS analyzer
---------------------+------------------------
Reporter: vern | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
The event engine doesn't appear to generate {{{dns_SRV_reply}}} in some
cases, as indicated by running on the attached trace. I've tried this
with both the default DNS analysis and my own custom analysis (that uses
-b to not run other stuff) and have confirmed that the reply event isn't
getting generated, even though there aren't any checksum issues or such.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/911>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#876: BroControl "diag" emails
-----------------------------+------------------------
Reporter: seth | Owner: dnthayer
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: BroControl | Version: git/master
Keywords: |
-----------------------------+------------------------
The BroControl "diag" emails should have a stanza at the beginning about
recommending that the email be forwarded to a crash-specific mailing list
for us to try and debug problems better. Robin's suggested wording was
along these lines
{{{
we could put a sentence at the the
beignning of the mail that says "if you want to help us debug this
problem, please forward this mail to XXX", perhaps with a reply-to
accordingly set.
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/876>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#909: topic/seth/pppoe
---------------------------+------------------------
Reporter: seth | Owner: robin
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------------+------------------------
Support for IP in PPPoE along with a test.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/909>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#906: Need tcp_max_above_hole_without_any_acks to be redefinable
------------------------+---------------------
Reporter: carsten | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
In my scripts, I must redefine tcp_max_above_hole_without_any_acks from
scripts/base/init-bare.bro.
Currently I have to patch the source for doing it, as the constant is not
redefinable from a script. The fun thing is: the documentation even says
"If set to zero, then we don’t ever give up.", which you currently cannot
do from scripts.
Please change inside scripts/base/init-bare.bro from
const tcp_max_above_hole_without_any_acks = 4096;
to
const tcp_max_above_hole_without_any_acks = 4096 &redef;
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/906>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#907: Need tcp_excessive_data_without_further_acks to be redefinable
------------------------+---------------------
Reporter: carsten | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
In my scripts, I must redefine tcp_excessive_data_without_further_acks
from scripts/base/init-bare.bro.
Currently I have to patch the source for doing it, as the constant is not
redefinable from a script. The fun thing is: the documentation even says
"If set to zero, then we don’t ever give up.", which you currently cannot
do from scripts.
Please change inside scripts/base/init-bare.bro from
const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024;
to
const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024
&redef;
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/907>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#905: Need tcp_max_initial_window to be redefinable
------------------------+---------------------
Reporter: carsten | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
In my scripts, I must redefine tcp_max_initial_window from scripts/base
/init-bare.bro.
Currently I have to patch the source for doing it, as the constant is not
redefinable from a script. The fun thing is: the documentation even says
"Set to zero to turn off this determination.", which you currently cannot
do from scripts.
Please change inside scripts/base/init-bare.bro from
const tcp_max_initial_window = 4096;
to
const tcp_max_initial_window = 4096 &redef;
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/905>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker