#928: Incorporate ICSI certificate notary into SSL logging
-------------------------------+------------------------
Reporter: matthias | Owner:
Type: Test Case Missing | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
-------------------------------+------------------------
This commit (i) adds support for delayed logging for SSL records, and (ii)
provides a new script notary.bro that interacts with the ICSI certificate
notary.
The delayed logging implementation takes the idea of delaying notices one
step further: it logs records in the order as they would normally occur by
buffering them until a specified maximum timeout (by default 15 seconds).
A user can delay a record by adding an opaque identifier, and is
responsible to remove the same identifier later to "undelay" the record,
allowing it to be flushed.
The notary script comes as a client application to this new interface. For
each leaf certificate in a chain sent by a server, the script computes the
SHA1 hash and queries the notary. As soon as the reply arrives, the script
enhances the SSL log record with the details from the notary response and
undelays the record. The notary script also caches DNS replies for an hour
after creation.
Due to the changing state of the notary, it is difficult to write a test
case for this script. Thus I'll just file it as a merge request, and would
appreciate if folks (in particular Seth :-) could have a look at it.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/928>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#478: Move BinPAC docs over to new server
----------------------------+--------------------
Reporter: robin | Owner: seth
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Website / Wiki | Version:
Keywords: |
----------------------------+--------------------
There's some BinPAC documentation in the old Wiki that we should move
over.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/478>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#754: Complete implementation of switch statement
----------------------+------------------------
Reporter: seth | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Keywords: language |
----------------------+------------------------
The switch statement is stubbed out in the parser but it's not completely
implemented. I'd like to have it available, there are several use cases
where it would be handy to have.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/754>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#927: topic/seth/metrics-merge: Metrics framework updates
---------------------------+------------------------
Reporter: seth | Owner: robin
Type: Merge Request | Status: new
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------------+------------------------
This branch is in a workable state and basically ready to be merged, but
I'd appreciate a more detailed API/sanity review from anyone willing to
take a look before it gets merged. This code is starting to get more and
more important and I don't think we can afford to get it wrong for a
release. New scripts include policy/misc/scan.bro, policy/misc/detect-
traceroute, and various metrics test scripts that you can find by
searching for "base/frameworks/metrics".
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/927>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#422: Array-style index accessor for strings
---------------------+----------------------
Reporter: seth | Owner: robin
Type: Task | Status: reopened
Priority: Normal | Milestone: Bro2.2
Component: Bro | Version:
Resolution: | Keywords: language
---------------------+----------------------
Comment (by matthias):
Replying to [comment:10 jsiwek]:
> [..] but I think I side with Vern's argument for `s[1:4]` if we were to
vote now.
Same, I am in favor of an `a:b`-style syntax now, too, after realizing
that the `[a,b]` may result in ambiguous interpretations.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/422#comment:11>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#923: Parse Error Missing in Record/Type Confusion
------------------------+---------------------
Reporter: grigorescu | Type: Problem
Status: new | Priority: Normal
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
The following code:
{{{
type test_record: record { my_string: string; };
function test(s: test_record) { print test_record$my_string; }
event bro_init() { test([$my_string="Hello"]); }
}}}
causes a reporter error: {{{fatal error in <no location>: Val::CONVERTER
(type/record) (<no value description>)}}}. Note that function test is
attempting to access test_record$my_string (where test_record is a type)
as opposed to s$my_string (where s is an instance of test_record).
This is a message that I've seen before, and had a very hard time
debugging. It seems like this should generate a parse error, or at the
very least, report the location.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/923>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
