zeek-dev July 2012

zeek-dev@lists.zeek.org

162 discussions

by Bro Tracker

#846: Tests Failures ---------------------+------------------------ Reporter: robin | Owner: Type: Problem | Status: new Priority: High | Milestone: Bro2.1 Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ The is collected from mails: {{{ core.checksums … failed [Gilbert, Matthias; non-determinisitc] bifs.system [Gilbert; should should be fixed by now, please double-check] istate.bro-ipv6-socket … failed [Fails if IPv6 connectivity not available (fw in this case); can we test for that somehow? Otherwise, fine to leave as it is for now.) istate.broccoli-ipv6-socket … failed [Same] scripts.base.protocols.smtp.basic [Matthias; with clang] scripts.base.frameworks.logging.rotate-custom [Matthias; with clang] core.dns-init [Adam; when using dnscrypt from OpenDNS] }}} -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/846> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

9 years, 10 months

Re: [Bro-Dev] [Bro-Commits] [git/bro] master: Merge remote-tracking branch 'origin/fastpath' (d262a70)

by Siwek, Jonathan Luke

Yes, thanks, that tweak makes sense to me: the loop should also terminate if an autocorrected path is found for which the same filter was previously responsible for writing (probably due to use of a path_func), and still do the warning about the original path conflict. Jon On Jul 26, 2012, at 7:28 PM, Robin Sommer wrote: > Repository : ssh://git@bro-ids.icir.org/bro > > On branch : master > Link : http://tracker.bro-ids.org/bro/changeset/d262a70509f4f7088c261509d6f6f4b593… > >> --------------------------------------------------------------- > > commit d262a70509f4f7088c261509d6f6f4b5930f5896 > Merge: 412bebb 63e8bf7 > Author: Robin Sommer <robin(a)icir.org> > Date: Thu Jul 26 15:30:35 2012 -0700 > > Merge remote-tracking branch 'origin/fastpath' > > Small tweak: I added the "same writer" constraint to the loop > condition as well. Makes sense? > > * origin/fastpath: > Change path conflicts between log filters to be auto-corrected. > > > >> --------------------------------------------------------------- > > d262a70509f4f7088c261509d6f6f4b5930f5896 > scripts/base/frameworks/logging/main.bro | 11 +++++- > src/logging/Manager.cc | 42 +++++++++++++++----- > .../http-2-2.log} | 21 ++++++++-- > .../http-2.log | 23 +++++++++++ > .../http-3.log | 23 +++++++++++ > .../reporter.log | 17 +------- > .../frameworks/logging/writer-path-conflict.bro | 12 +++++- > 7 files changed, 119 insertions(+), 30 deletions(-) > > diff --cc src/logging/Manager.cc > index 3499d55,b1b289a..568a777 > --- a/src/logging/Manager.cc > +++ b/src/logging/Manager.cc > @@@ -758,9 -758,38 +758,39 @@@ bool Manager::Write(EnumVal* id, Record > #endif > } > > + Stream::WriterPathPair wpp(filter->writer->AsEnum(), path); > + > // See if we already have a writer for this path. > - Stream::WriterMap::iterator w = > - stream->writers.find(Stream::WriterPathPair(filter->writer->AsEnum(), path)); > + Stream::WriterMap::iterator w = stream->writers.find(wpp); > + > + if ( w != stream->writers.end() && > + w->second->instantiating_filter != filter->name ) > + { > + // Auto-correct path due to conflict with another filter over the > + // same writer/path pair > + string instantiator = w->second->instantiating_filter; > + string new_path; > + unsigned int i = 2; > + > + do { > + char num[32]; > + snprintf(num, sizeof(num), "-%u", i++); > + new_path = path + num; > + wpp.second = new_path; > + w = stream->writers.find(wpp); > - } while ( w != stream->writers.end()); > ++ } while ( w != stream->writers.end() && > ++ w->second->instantiating_filter != filter->name ); > + > + Unref(filter->path_val); > + filter->path_val = new StringVal(new_path.c_str()); > + > + reporter->Warning("Write using filter '%s' on path '%s' changed to" > + " use new path '%s' to avoid conflict with filter '%s'", > + filter->name.c_str(), path.c_str(), new_path.c_str(), > + instantiator.c_str()); > + > + path = filter->path = filter->path_val->AsString()->CheckString(); > + } > > WriterFrontend* writer = 0; > > > _______________________________________________ > bro-commits mailing list > bro-commits(a)bro-ids.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits >

9 years, 10 months

Re: [Bro-Dev] [Bro-Commits] [git/bro] fastpath: make want_record=T the default for events (76ea182)

by Vlad Grigorescu

So, the documentation right above it should probably be changed also. Also, while we're at it, "seperate," "signle," and "rised" might as well be fixed. --Vlad On 7/27/12 12:14 AM, "Bernhard Amann" <bernhard(a)ICSI.Berkeley.EDU> wrote: diff --git a/scripts/base/frameworks/input/main.bro b/scripts/base/frameworks/input/main.bro index c31f92d..7f01540 100644 --- a/scripts/base/frameworks/input/main.bro +++ b/scripts/base/frameworks/input/main.bro @@ -84,7 +84,7 @@ export { ## If want_record if false (default), the event receives each value in fields as a seperate argument. ## If it is set to true, the event receives all fields in a signle record value. - want_record: bool &default=F; + want_record: bool &default=T; ## The event that is rised each time a new line is received from the reader. ## The event will receive an Input::Event enum as the first element, and the fields as the following arguments.

9 years, 10 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

> Unmerged Fastpath Commits > ========================= Component | Revision | Committer | Date | Summary ------------------------------------------------------------------------------------------------------------------ bro | f02ed65 | Bernhard Amann | 2012-07-26 | Fix crash when encountering an InterpreterException in a predicate in logging or input Framework. [1] bro | 76ea182 | Bernhard Amann | 2012-07-26 | make want_record=T the default for events [2] [1] fastpath: http://tracker.bro-ids.org/bro/changeset/f02ed65878b81dfde81c2483887223bab9… [2] fastpath: http://tracker.bro-ids.org/bro/changeset/76ea1823877677612e159c54edf1958898…

9 years, 10 months

[Bro-Dev] #858: Logging framework stops completely when DoInit returns false

by Bro Tracker

#858: Logging framework stops completely when DoInit returns false ---------------------+------------------------ Reporter: amannb | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ This has to be introduced quite recently - I tried to find the reason for the bug, but I am just too blind at the Moment. When one of the log writers returns from DoInit with false the whole logging framework just seems to stop - no output is done anymore to any file. To reproduce - change the return code of DoInit in None.cc to false and execute the attached Bro script. Logs will be written until the first http request is encountered. Starting from that moment, all activity stops and no more log messages are output to any file (including reporter/debug.log). -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/858> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

9 years, 10 months

[Bro-Dev] Master-test merge (Re: [Bro-Commits] [git/bro] master: Merge branch 'topic/robin/master-test' (24aea29))

by Robin Sommer

On Mon, Jul 23, 2012 at 17:01 -0700, I wrote: > Merge branch 'topic/robin/master-test' This has the recent threading changes, plus all other pending merge requests. Please test, I hope it doesn't break anything .. Problems remaining: - Occasional tests failures reporting a bad file descriptor on Mac OS. Reason still unclear. - #start timestamps can be 1969-... when network time is not yet set. - tuning/logs-to-elasticsearch.bro not loaded by test-all-policy because it triggers lock-ups. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org

9 years, 10 months

[Bro-Dev] Testing errors with new XCode

by Slagell, Adam J

Gave master a try today. Hardly saw any clang warnings. Did get the following on tests (after turning off DNSCrypt). [ 25%] bifs.to_double_from_string ... failed 1 of 304 tests failed, 21 skipped make[2]: *** [btest-verbose] Error 1 Coverage for 'btest' dir: 1051/1711 (61.4%) Bro script statements covered. Coverage for 'external' dir: Complete test suite code coverage: 1051/1711 (61.4%) Bro script statements covered. Output of diag.log: bifs.to_double_from_string ... failed % 'btest-diff error' failed unexpectedly (exit code 1) % cat .diag == File =============================== error in /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to count (to_double(d) and NotADouble) error in /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to count (to_double(d) and ) == Diff =============================== --- /tmp/test-diff.33926.error.baseline.tmp 2012-07-25 18:52:04.000000000 +0000 +++ /tmp/test-diff.33926.error.tmp 2012-07-25 18:52:04.000000000 +0000 @@ -1,2 +1,2 @@ -error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to count (to_double(d) and NotADouble) -error in /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /da/home/robin/bro/master/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to count (to_double(d) and ) +error in /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 15: bad conversion to count (to_double(d) and NotADouble) +error in /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 7 and /Users/slagell/Downloads/bro/testing/btest/.tmp/bifs.to_double_from_string/to_double_from_string.bro, line 16: bad conversion to count (to_double(d) and ) ======================================= % cat .stderr core.mobile-ipv6-home-addr ... not available, skipped core.mobile-ipv6-routing ... not available, skipped core.mobility-checksums ... not available, skipped core.mobility_msg ... not available, skipped core.leaks.ayiya ... not available, skipped core.leaks.basic-cluster ... not available, skipped core.leaks.dataseries-rotate ... not available, skipped core.leaks.dataseries ... not available, skipped core.leaks.dns ... not available, skipped core.leaks.incr-vec-expr ... not available, skipped core.leaks.ip-in-ip ... not available, skipped core.leaks.ipv6_ext_headers ... not available, skipped core.leaks.teredo ... not available, skipped core.leaks.remote ... not available, skipped core.leaks.vector-val-bifs ... not available, skipped core.leaks.test-all ... not available, skipped scripts.base.frameworks.logging.dataseries.options ... not available, skipped scripts.base.frameworks.logging.dataseries.rotate ... not available, skipped scripts.base.frameworks.logging.dataseries.test-logging ... not available, skipped scripts.base.frameworks.logging.dataseries.time-as-int ... not available, skipped scripts.base.frameworks.logging.dataseries.wikipedia ... not available, skipped slagell@prometheus: bro $ ------ Adam J. Slagell, CISO, CISSP Chief Information Security Officer National Center for Supercomputing Applications University of Illinois at Urbana-Champaign www.slagell.info 217.244.8965 "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."

9 years, 10 months

[Bro-Dev] #859: to_double bif

by Bro Tracker

#859: to_double bif ------------------------+----------------------------- Reporter: scampbell | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.1 | Component: Bro Version: git/master | Keywords: bif ------------------------+----------------------------- It would be quite useful to include a to_double bif as the new input framework makes this sort of thing much more common when digesting logs. sample code: ## Converts a :bro:type:`string` to a :bro:type:`double`. ## ## str: The :bro:type:`string` to convert. ## ## Returns: The :bro:type:`string` *str* as double, or 0 if *str* has ## an invalid format. ## function to_double%(str: string%): count %{ const char* s = str->CheckString(); char* end_s; double d = (double) strtod(s, &end_s); if ( s[0] == '\0' || end_s[0] != '\0' ) { builtin_error("bad conversion to count", @ARG@[0]); d = 0; } return new Val(d, TYPE_DOUBLE); %} -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/859> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

9 years, 10 months

[Bro-Dev] #855: unhelpful bro-cut error message for bad field

by Bro Tracker

#855: unhelpful bro-cut error message for bad field ---------------------+------------------------ Reporter: vern | Owner: Type: Problem | Status: new Priority: Normal | Milestone: Component: Bro | Version: git/master Keywords: | ---------------------+------------------------ If I run "{{{bro-cut foo}}}" on a log file that doesn't have a field named {{{foo}}}, the message it generates is: {{{ bro-cut error: unknown field f[i] }}} Looks like a level of de-referencing got left off. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/855> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

9 years, 10 months

[Bro-Dev] Hui Lin_std::length_error

by Hui Lin (Hugo)

HI, So far my DNP3 analzyer works OK on well-formatted DNP3 dump, even the packets are not in the right order. However, when I test it again some fuzzied DNP3 packets, this error sometimes happens. The weird thing is that, I run the same dump several times, sometimes, it can finish the work with weird.log, and sometimes Bro throws out this error. terminate called after throwing an instance of 'std::length_error' what(): vector::reserve Aborted Any idea? -- Hui Lin PhD Candidate, Research Assistant Electrical and Computer Engineering Department University of Illinois at Urbana-Champaign

9 years, 10 months

← Newer
1
2
3
4
5
6
7
...
17
Older →

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev July 2012