zeek-dev January 2013

zeek-dev@lists.zeek.org

56 discussions

[Bro-Dev] #935: Enhance logging framework with a delay mechanism

by Bro Tracker

#935: Enhance logging framework with a delay mechanism ----------------------+------------------------ Reporter: matthias | Owner: seth Type: Task | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | ----------------------+------------------------ The logging framework currently does not support a delay mechanism until a desired asynchronous operations finishes. While there exist complicated ad-hoc workarounds in the case of sending email notices and the notary code, it would be nice to shield this complexity from the user. To implement this feature, we could consider a special delay *filter* which buffers records until they are acked. A user may want to customize the buffering behavior by either specifying that record order matters or that each acked record can be logged immediately. This would then determine the buffering/flushing policy. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/935> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 9 months

[Bro-Dev] #934: GPRS Tunneling Protocol (GTP) Analyzer

by Bro Tracker

#934: GPRS Tunneling Protocol (GTP) Analyzer -------------------------+----------------------------------------- Reporter: liamrandall | Type: Feature Request Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: GTP GPRS Tunneling Protocol -------------------------+----------------------------------------- Requesting support for GTP Analyzers. http://en.wikipedia.org/wiki/GPRS_Tunnelling_Protocol Public samples: http://cloudshark.org/captures/374cf36574b6 http://www.pcapr.net/view/bwilkerson/2010/7/5/10/gtp3.pcap.html Test environement are available upon request. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/934> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 9 months

[Bro-Dev] #928: Incorporate ICSI certificate notary into SSL logging

by Bro Tracker

#928: Incorporate ICSI certificate notary into SSL logging -------------------------------+------------------------ Reporter: matthias | Owner: Type: Test Case Missing | Status: new Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Keywords: | -------------------------------+------------------------ This commit (i) adds support for delayed logging for SSL records, and (ii) provides a new script notary.bro that interacts with the ICSI certificate notary. The delayed logging implementation takes the idea of delaying notices one step further: it logs records in the order as they would normally occur by buffering them until a specified maximum timeout (by default 15 seconds). A user can delay a record by adding an opaque identifier, and is responsible to remove the same identifier later to "undelay" the record, allowing it to be flushed. The notary script comes as a client application to this new interface. For each leaf certificate in a chain sent by a server, the script computes the SHA1 hash and queries the notary. As soon as the reply arrives, the script enhances the SSL log record with the details from the notary response and undelays the record. The notary script also caches DNS replies for an hour after creation. Due to the changing state of the notary, it is difficult to write a test case for this script. Thus I'll just file it as a merge request, and would appreciate if folks (in particular Seth :-) could have a look at it. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/928> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 9 months

[Bro-Dev] #937: topic/seth/sendpackets: A test program for sending packets through Broccoli.

by Bro Tracker

#937: topic/seth/sendpackets: A test program for sending packets through Broccoli. ---------------------------+------------------------ Reporter: seth | Owner: robin Type: Merge Request | Status: new Priority: Normal | Milestone: Bro2.2 Component: Broccoli | Version: git/master Keywords: | ---------------------------+------------------------ This was pulled from the timemachine repository. It fits better here. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/937> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 9 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

7 years, 10 months

Re: [Bro-Dev] #938: robin (was: topic/seth/software-version-updates Updates to vulnerable software checking.)

by Bro Tracker

#938: robin ----------------------+------------------------ Reporter: robin | Owner: seth Type: Problem | Status: assigned Priority: Normal | Milestone: Bro2.2 Component: Bro | Version: git/master Resolution: | Keywords: robin ----------------------+------------------------ Changes (by robin): * status: new => assigned * reporter: seth => robin * cc: robin (added) * owner: => seth * keywords: => robin * type: Merge Request => Problem Comment: Did you run the tests? I see a number of them failing in all three sets (btest and the two external) -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/938#comment:1> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 10 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

> Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 928 [1] | matthias | seth | Normal | Incorporate ICSI certificate notary into SSL logging Bro | 938 [2] | seth | | Normal | topic/seth/software-version-updates Updates to vulnerable software checking. [3] Broccoli | 937 [4] | seth | robin | Normal | topic/seth/sendpackets: A test program for sending packets through Broccoli. [5] [1] #928: http://tracker.bro-ids.org/bro/ticket/928 [2] #938: http://tracker.bro-ids.org/bro/ticket/938 [3] software-version-updates: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_pat… [4] #937: http://tracker.bro-ids.org/bro/ticket/937 [5] sendpackets:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbroccoli&old=master&ne…:

7 years, 10 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

> Open Merge Requests for Bro2.2 > ============================== Component | Id | Reporter | Owner | Prio | Summary ------------------------------------------------------------------------------------------------------------------ Bro | 928 [1] | matthias | seth | Normal | Incorporate ICSI certificate notary into SSL logging Bro | 938 [2] | seth | | Normal | topic/seth/software-version-updates Updates to vulnerable software checking. [3] Broccoli | 937 [4] | seth | robin | Normal | topic/seth/sendpackets: A test program for sending packets through Broccoli. [5] [1] #928: http://tracker.bro-ids.org/bro/ticket/928 [2] #938: http://tracker.bro-ids.org/bro/ticket/938 [3] software-version-updates: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbro&old=master&new_pat… [4] #937: http://tracker.bro-ids.org/bro/ticket/937 [5] sendpackets:: http://tracker.bro-ids.org/bro/changeset?old_path=%2Fbroccoli&old=master&ne…:

7 years, 10 months

[Bro-Dev] #478: Move BinPAC docs over to new server

by Bro Tracker

#478: Move BinPAC docs over to new server ----------------------------+-------------------- Reporter: robin | Owner: seth Type: Problem | Status: new Priority: Normal | Milestone: Bro1.6 Component: Website / Wiki | Version: Keywords: | ----------------------------+-------------------- There's some BinPAC documentation in the old Wiki that we should move over. -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/478> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 10 months

[Bro-Dev] #940: manager crash if can't send mail

by Bro Tracker

#940: manager crash if can't send mail ------------------------+--------------------- Reporter: drmckay | Type: Problem Status: new | Priority: Normal Milestone: Bro2.2 | Component: Bro Version: git/master | Keywords: ------------------------+--------------------- warning: cannot send mail manager not running (was crashed) If sendmail stopped in runtime the manager crashing silently. Better error handling required. :) -- Ticket URL: <http://tracker.bro-ids.org/bro/ticket/940> Bro Tracker <http://tracker.bro-ids.org/bro> Bro Issue Tracker

7 years, 10 months

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev January 2013