#478: Move BinPAC docs over to new server
----------------------------+--------------------
Reporter: robin | Owner: seth
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Website / Wiki | Version:
Keywords: |
----------------------------+--------------------
There's some BinPAC documentation in the old Wiki that we should move
over.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/478>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#754: Complete implementation of switch statement
----------------------+------------------------
Reporter: seth | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Keywords: language |
----------------------+------------------------
The switch statement is stubbed out in the parser but it's not completely
implemented. I'd like to have it available, there are several use cases
where it would be handy to have.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/754>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#730: Find and fix tcp sequence counting bugs
---------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version:
Keywords: |
---------------------+--------------------
Sometimes the code that watches for tcp sequence wrap around will trigger
erroneously and the payload value will be grossly misrepresented in the
c$(resp|orig)$size fields.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/730>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#660: Initializing a table with a record as an index does not work
--------------------+---------------------
Reporter: amannb | Type: Problem
Status: new | Priority: Normal
Milestone: | Component: Bro
Version: | Keywords:
--------------------+---------------------
The following code
{{{
type irecord: record {
resp_h: addr;
};
global my_table: table[irecord] of int = {
[[$resp_h=1.2.3.4]] = 12,
};
}}}
results in an error:
{{{
error in ./bug2.bro, line 7: illegal initializer ([[$resp_h=1.2.3.4]] =
12)
}}}
It probably should return an initialized table.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/660>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#690: GTP de-tunneling
------------------------+---------------------
Reporter: robin | Type: Problem
Status: new | Priority: Normal
Milestone: 2.1 | Component: Bro
Version: git/master |
------------------------+---------------------
----- Forwarded message from "Langer, Carsten (NSN - DE/Duesseldorf)"
-----
From: "Langer, Carsten (NSN - DE/Duesseldorf)"
[...]
I lately developed a GTP (GPRS Tunneling Protocol) de-tunneling
functionality for bro-ids, which I want to share with you in the hope
that you might find it helpful.
[...]
Please find attached a patched version of the Sessions.cc, where from
line 601 to 701 I have introduced the de-GTP stuff. This is based on
bro-ids v1.5.3. I found that patching this one single location was
good enough for my purpose.
It works for me, however I could only test it against a couple of
network traces that I have, so if you are interested to re-use the
patch, please give it a try against other sets of data as well. I
added 3 weird-warnings (lines 614, 674, 691) if something goes wrong
within the patch, but haven't updated anything in the weird.bro
script.
[...]
As I'm not using the bro-ids for network security analysis but for
application performance analysis, [...] I did
not take any measures against recursive GTP tunnels.
----- End forwarded message -----
[attachment:"Sessions_patched_for_gtp-detunneling.cc"]
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/690>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#779: missing values cause bro to crash when used inside of a 'when' statement.
------------------------+---------------------------------------
Reporter: justin | Type: Problem
Status: new | Priority: Normal
Milestone: | Component: Bro
Version: git/master | Keywords: when InterpreterException
------------------------+---------------------------------------
Simplest test case:
{{{
event bro_init()
{
local loc: geo_location;
when (local hostname = lookup_addr(127.0.0.1)){
print "Location", loc$country_code;
print "ok";
terminate();
}
}
}}}
gives:
{{{
terminate called after throwing an instance of 'InterpreterException'
}}}
outside of the when block, reporter.log would get:
{{{
Reporter::ERROR field value missing [loc$country_code]
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/779>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#741: Remove HTTP verbs from HTTP analyzer
---------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version:
Keywords: |
---------------------+--------------------
We should remove the HTTP verbs (methods) from the HTTP analyzer and just
parse out whatever the client gives. Nonstandard verbs will cause the
client side of the analyzer to completely not work which is clearly not
optimal.
Making this change will remove a couple of for loops from the HTTP
analyzer too.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/741>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
#579: Syslog logging writer
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.7
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
Martin has completely convinced me of the need for this. I don't know
about timeline we should put on it though. The one thought I have about
it is that it needs to use TCP due to extremely long lines that Bro logs
tend to have. I think it would be ok for it to have the same output
rendering that the LogAscii writer has.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/579>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker