#1010: BroControl plugin for adding environment variables
-----------------------------+------------------------
Reporter: seth | Owner: dnthayer
Type: Feature Request | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
-----------------------------+------------------------
We should have the ability to add environment variables to Bro at start up
time. The option should be available globally in broctl.cfg and per-node
in node.cfg. The environments variables should be applied to the process
with priority based on how specific the variable is applied (per-node
variables defined after global variables so that the per-node variable is
used).
As a name suggestion for the configuration option: env_vars (same name in
node.cfg and broctl.cfg).
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1010>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1024: make it possible to use redef to append to vectors
------------------------+-----------------------------
Reporter: dmandelb | Type: Feature Request
Status: new | Priority: Medium
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+-----------------------------
On 2013-06-19 18:00, Siwek, Jonathan Luke wrote:
> On Jun 19, 2013, at 11:14 AM, David Mandelberg <david(a)mandelberg.org>
wrote:
>
>> What's the recommended way to append to a vector? The documentation
>> says vectors are like tables, so I tried the below code, but it gives
>> some errors.
>>
>> const foo: vector of double = vector() &redef;
>>
>> redef foo += {
>> [|foo|] = 42.0
>> };
>
> Appending to a vector can't currently be done w/ redef, but I don't
> think it would be difficult to implement if you want to add a ticket
> to the tracker.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1024>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1001: File analysis framework tasks
-------------------+------------------------
Reporter: robin | Owner: jsiwek
Type: Task | Status: new
Priority: Low | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
-------------------+------------------------
The core of the framework is merged now, a few remaining TODOs (excluding
any larger script-layer changes Seth plans to do):
- Use just hashes internally for tracking files, not unique strings.
- Remove the script-level data-injection functions, as discussed.
- Hook input framework with file analysis internally, likewise as
discussed.
- Remove postpone_timeout, replace with set_timeout.
- Extend Doxygen comments.
- Once plugin branch is merged:
- move IRC_Data and FTP_Data over to corresponding plugins
- move file_analysis.bif down into file_analysis
- move to new plugin structure and separate out the analyzers
into their own directories.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1001>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1019: topic/jsiwek/plugin-docs
---------------------------+------------------------
Reporter: jsiwek | Owner:
Type: Merge Request | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------------+------------------------
This adds a protocol analyzer reference page to the script reference docs
in place of the index page that used to list links to docs for each
individual .bif file.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1019>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1020: TLSv1.2 Support
-------------------------+-----------------------------
Reporter: liamrandall | Type: Feature Request
Status: new | Priority: Medium
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
-------------------------+-----------------------------
Starting to see this in production as sites migrate to TLSv1.2; TLS Record
Fragmentation also not implemented (not in wireshark either).
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1020>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1002: Merge new thread cleanup code
---------------------+------------------------
Reporter: amannb | Owner:
Type: Problem | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
topic/bernhard/thread-cleanup contains a change to the thread-cleanup code
which changes how messages are exchanged on thread shutdown.
The biggest change is that now messages from the thread to the parent are
still executed until the child thread returns that it executed the
finished message. That means the child thread can still push all its work
on the queue before it is shut down. Queues are emptied by the parent
thread until they receive the child thread notification that the shutdown
has been processed.
Before this change, all message processing was shut down the moment the
master processed the finish-message, all data still in the queue from
child to parent was lost.
The change does not seem to have any adverse side effects, all tests still
seem to pass.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1002>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1021: merge topic/bernhard/input-update
---------------------------+------------------------
Reporter: amannb | Owner:
Type: Merge Request | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------------+------------------------
The branch contains a rewrite of the raw input reader which is much more
stable and offers more features.
All tests still seem to pass.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1021>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#1027: topic/seth/ssl-remove-log-queue
---------------------------+------------------------
Reporter: seth | Owner:
Type: Merge Request | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
---------------------------+------------------------
I removed the log queueing that was included with the log delay mechanism
in the SSL script. It could lead to high memory use and there was at
least one case where a suspected bug was leading to complete log loss.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/1027>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
#988: Bug in HTTP body extraction
----------------------+--------------------
Reporter: matthias | Owner: seth
Type: Problem | Status: new
Priority: High | Milestone: Bro2.2
Component: Bro | Version: 2.1
Keywords: |
----------------------+--------------------
There exists a bug in HTTP body extraction that prevents certain bodies
from being dumped, even though having set
{{{
redef extract_file_types = /.*/;
}}}
This happens presumably because Bro does not figure out the correct MIME
type and does not set `c$http$mime_type`. It results in this check
failing:
{{{
if ( c$http?$mime_type && extract_file_types in c$http$mime_type )
{
c$http$extract_file = T;
}
}}}
On a related note, I also find missing responses to HTTP POST requests
which I assume come from the same issues.
I have a trace that I could attach, but wanted to make sure it's worth the
effort in face of the upcoming file analysis framework, or if we plan on
pushing a 2.1 hotfix for this.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/988>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker