#970: broctl restart eating logs?
------------------------+-----------------------------
Reporter: robin | Type: Problem
Status: new | Priority: Low
Milestone: Bro2.2 | Component: Bro
Version: git/master | Resolution: Solved/Applied
------------------------+-----------------------------
It looks like "broctl restart" sometimes deletes logs before they get
archived. We need to investigate what might be going on there.
This may or may not be related to the missing support for the old
"--keep-tmp" option. However, it seems to happen without --clear as
well. Aashish can provide details / help test fixes.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/970>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#972: Default arguments for functions
-----------------------------+------------------------
Reporter: robin | Owner:
Type: Feature Request | Status: new
Priority: Low | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
-----------------------------+------------------------
it would be very convenient to support default arguments for functions,
including for BiFs.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/972>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#968: Add bytestring_to_uint16, uint32, uint64 functions
------------------------+------------------------
Reporter: yun | Type: Patch
Status: new | Priority: Low
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords: bytestring
------------------------+------------------------
Attached is a patch to add the following functions to bro.bif:
* bytestring_to_uint16
* bytestring_to_uint32
* bytestring_to_uint64
Tests are also included.
The patch is based on #908
--
Ticket URL: <http://tracker.bro.org/bro/ticket/968>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#973: bro crash with default in record in record
------------------------+---------------------
Reporter: dmandelb | Type: Problem
Status: new | Priority: Low
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
When I have a default value in one record that's inside of another
record, I get a crash trying to print that value. I've attached source
code that reliably crashes for me along with a log of what I see when it
crashes. The output I'm expecting is:
[bar=4321, foo=[foo=1234, quux=9876]]
[foo=1234, quux=9876]
9876
--
Ticket URL: <http://tracker.bro.org/bro/ticket/973>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#974: segmentation fault with schedule statement
------------------------+---------------------
Reporter: dmandelb | Type: Problem
Status: new | Priority: Low
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+---------------------
A schedule statement in global scope reliably causes a segmentation fault
for me:
{{{
$ cat test.bro
event foo()
{
print("Foo!");
}
schedule 1 sec { foo() };
$ bro test.bro
Segmentation fault
}}}
I understand if the schedule statement should be in a bro_init event
instead, I think an error message would be better than a segfault.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/974>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
I'm claiming that this branch now has parity with all the old file analysis functionality. I'm planning on doing more stress testing and finishing up documentation (like writing a how-to guide with examples). But otherwise I want to stop adding features and get it merged with master soon (and we'll see if I have time or not to add any features before 2.2 is released, but I'm doubtful). So if anyone wants to look it over, test it out, and/or raise any major objections with the way things are working, that would help. Thanks.
Jon
#975: Signature for modbus
------------------+------------------------
Reporter: seth | Owner: seth
Type: Task | Status: new
Priority: Low | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
------------------+------------------------
Before the 2.2 release try to create a reasonable signature to identify
modbus with DPD. This may require careful attention to protocolviolation
and protocolconfirmation calls in the modbus analyzer.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/975>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#591: Time to finish collecting stats
----------------------------+------------------------
Reporter: seth | Owner: robin
Type: Merge Request | Status: closed
Priority: Normal | Milestone: Bro2.2
Component: BroControl | Version: git/master
Resolution: fixed | Keywords: beta
----------------------------+------------------------
Comment (by robin):
So I had this applied before seeing the latest comments. Let's reopen if
the issue is still there.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/591#comment:13>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#963: bro-cut fails with gawk < 3.1.6
------------------------+---------------------
Reporter: ckanich | Type: Patch
Status: new | Priority: Low
Milestone: | Component: bro-aux
Version: git/master | Keywords:
------------------------+---------------------
Was working on a trace machine with a very old awk and bro-cut would error
out because of the call to strftime(). Here's a patch, tested with ancient
gawk and recent gawk.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/963>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
