zeek-dev April 2013

zeek-dev@lists.zeek.org

45 discussions

by Robin Sommer

To collect where we are, here's what I believe we want to have in 2.2: - Measurement framework (mostly done; Seth) - With Bloom filters and Hyperloglog? (state?; Soumya/Bernhard/Seth) - File analysis framework (mostly done; Jon) - With Windows executable analyzer (state?; Seth) - Sqlite/Postgresql readers/writers (mostly done?; Bernhard) - BroControl test-suite (state?; Daniel) - Fix for BroControl's log archival, #970 (state?; Daniel) - Internal analyzer reorg (partially done; Robin) - Thread state cleanup (done, needs testing with input framework; Robin/Bernhard) - DNP3 (mostly done; Hui) - DHCP (state?; Vlad) - Input framework extensions for exec module (mostly done; Bernhard/Seth) - Documentation (can wait for beta period) - Scripting guide (whatever is ready; Scott) - Remaining parts from old Wiki (Daniel) - Overall cleanup How does that look? Anything else in terms of larger tasks (there are plenty smaller items in tickets of course, though we'll probably end up bumping quite a few again). Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin

9 years, 1 month

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/robin/plugins: Lots of cleanup and API documentation for the analyzer/* classes. (e0c4bd1)

by Robin Sommer

On Mon, Apr 01, 2013 at 13:17 -0700, I wrote: > TODOs: One more, and a larger one actually: - Convert all the current analyzers over to the one-directory-per-analyzer structure. I might need some help with that eventually. Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin

9 years, 1 month

[Bro-Dev] Removing --use-binpac

by Robin Sommer

I propose to remove this switch. We shouldn't have more than one protocol analyzer per protocol; where we currently do, we should decide if we want the C++ or BinPAC version. The --use-binpac switch is currently used here (condensed version of "grep FLAGS_use_binpac"): HTTP.h: http_event || http_stats) && !FLAGS_use_binpac; } HTTP-binpac.h: { return (http_request || http_reply) && FLAGS_use_binpac; } DNS.h: ! FLAGS_use_binpac; DNS-binpac.h: { return (dns_request || dns_full_request) && FLAGS_use_binpac; } DNS-binpac.h: { return (dns_request || dns_full_request) && FLAGS_use_binpac; } DHCP-binpac.h: { return dhcp_request && FLAGS_use_binpac; } I suggest we do the following: - Remove the binpac version of HTTP (it's by default off and hence hardly used/tested by anybody). - Remove the binpac version of DNS (same reason). - Enable DHCP even without that flag (I'm actually surprised it isn't already, there's no alternative). Robin -- Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin

9 years, 1 month

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/robin/plugins: Lots of cleanup and API documentation for the analyzer/* classes. (e0c4bd1)

by Seth Hall

On Apr 1, 2013, at 4:17 PM, Robin Sommer <robin(a)icir.org> wrote: > - event groups are broken (do we want to keep them?) I don't think we need them. The original reason for them was for your old multicore work, right? .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/

9 years, 1 month

[Bro-Dev] topic/jsiwek/file-analysis

by Siwek, Jonathan Luke

I'm claiming that this branch now has parity with all the old file analysis functionality. I'm planning on doing more stress testing and finishing up documentation (like writing a how-to guide with examples). But otherwise I want to stop adding features and get it merged with master soon (and we'll see if I have time or not to add any features before 2.2 is released, but I'm doubtful). So if anyone wants to look it over, test it out, and/or raise any major objections with the way things are working, that would help. Thanks. Jon

9 years, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev April 2013