Hello,
we are considering to provide packages for a number of different
.deb and .rpm based distributions starting with Bro 2.4, using the
OpenSuse build service.
As a first step, I have created a repository that contains nightly Bro
builds for CentOs, Debian, Fedora, Suse Linux, Scientific Linux,
Univention as well as Ubuntu.
At the moment, Bro is installed into /opt/bro and broctl needs root
permissions to run. Users in the Bro group (which is automatically created
on installation) should be able to modify configuration files like
local.bro, or the broctl configuration, and read the log files that Bro
writes.
The package is called bro-nightly which is a metapackage which pulls in
the sub-packages
bro-core-nightly, containing only bro without broctl or libbroccoli
broctl-nightly, containing broctl
libbroccoli-nightly, containing libbroccoli
and libbroccoli-devel-nightly, containing the header files for libbroccoli
The obs interface showing the status and sources is available at
https://build.opensuse.org/package/show/home:0xxon:bro/bro-nightly and
downloads are available at
http://software.opensuse.org/download.html?project=home%3A0xxon%3Abro&packa…
(locations will change in the future).
If you add the repositories to your distribution, new nightly builds
should automatically be installed each time bro is updated.
Additionally, Bro 2.3.2 packages are available at
https://build.opensuse.org/package/show/home:0xxon:bro/bro.
At the moment, this is in an early stage and I would be happy to receive
any kind of feedback or problems that you encounter when using these
packages. Please note that the packages have not gone through a lot of
testing and that you should not use them in a production environment :)
Johanna
Johanna Amann created BIT-1364:
----------------------------------
Summary: Bro does not attach UDP analyzers when signature matches after first packet
Key: BIT-1364
URL: https://bro-tracker.atlassian.net/browse/BIT-1364
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Johanna Amann
Fix For: 2.4
Attachments: f1.pcap, f2.pcap
At the moment, Bro only seems to attach UDP analyzers based on signatures, if the very first UDP packet matches the signature. Even if later UDP packets match the signature, the analyzer is not attached.
The attachments contain a test case. f1.pcap contains a DTLS connection with a few STUN packets that are sent first, which is not recognized as DTLS. f2.pcap contains the same connection with the first few packets missing.
It would probably be nice if one could at least opt to attach analyzers at a later time too, if a signature matches. (I know that 2.4 is probably a bit optimistic for this).
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
Michal Purzynski created BIT-1363:
-------------------------------------
Summary: Clustered AF_PACKET support
Key: BIT-1363
URL: https://bro-tracker.atlassian.net/browse/BIT-1363
Project: Bro Issue Tracker
Issue Type: New Feature
Components: Bro
Affects Versions: git/master
Reporter: Michal Purzynski
Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration.
Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
[ https://bro-tracker.atlassian.net/browse/BIT-1362?page=com.atlassian.jira.p… ]
Daniel Thayer updated BIT-1362:
-------------------------------
Status: Merge Request (was: Open)
> topic/dnthayer/fixes-for-2.4
> ----------------------------
>
> Key: BIT-1362
> URL: https://bro-tracker.atlassian.net/browse/BIT-1362
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: BroControl
> Reporter: Daniel Thayer
> Fix For: 2.4
>
>
> The branch topic/dnthayer/fixes-for-2.4 contains fixes that address
> BIT-1360, 1355, 1349, 1329, and 631, as well as various other fixes
> and improvements.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
[ https://bro-tracker.atlassian.net/browse/BIT-1362?page=com.atlassian.jira.p… ]
Daniel Thayer updated BIT-1362:
-------------------------------
Description:
The branch topic/dnthayer/fixes-for-2.4 contains fixes that address
BIT-1360, 1355, 1349, 1329, and 631, as well as various other fixes
and improvements.
> topic/dnthayer/fixes-for-2.4
> ----------------------------
>
> Key: BIT-1362
> URL: https://bro-tracker.atlassian.net/browse/BIT-1362
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: BroControl
> Reporter: Daniel Thayer
> Fix For: 2.4
>
>
> The branch topic/dnthayer/fixes-for-2.4 contains fixes that address
> BIT-1360, 1355, 1349, 1329, and 631, as well as various other fixes
> and improvements.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
Daniel Thayer created BIT-1362:
----------------------------------
Summary: topic/dnthayer/fixes-for-2.4
Key: BIT-1362
URL: https://bro-tracker.atlassian.net/browse/BIT-1362
Project: Bro Issue Tracker
Issue Type: Problem
Components: BroControl
Reporter: Daniel Thayer
Fix For: 2.4
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)