zeek-dev September 2015

zeek-dev@lists.zeek.org

233 discussions

by Merge Tracker

Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- --------------- ------------ ---------- ------------- ---------- --------------------------------------------------------------- BIT-1485 [1] Bro,Broker Daniel Thayer Robin Sommer 2015-09-29 - Normal add configure option to prevent building broker python bindings BIT-1484 [2] Bro Daniel Thayer Robin Sommer 2015-09-29 - Normal topic/dnthayer/doc-fixes [3] BIT-1481 [4] Bro Daniel Thayer Robin Sommer 2015-09-29 - Normal some test canonifiers don't always read from stdin BIT-1479 [5] Bro scampbell - 2015-09-16 - Normal seek functionality in RAW reader does not go to end of file BIT-1476 [6] BTest Daniel Thayer - 2015-09-13 - Normal btest-diff can generate too much output when a test fails BIT-1470 [7] Bro Wendy Edwards - 2015-09-11 2.5 Low Implemented Functions in Notice Framework BIT-1336 [8] Bro Vlad Grigorescu - 2015-09-04 2.5 Trivial ElasticSearch indices in UTC Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- --------------- ---------- ---------------------------------------------------- 24ecb35 [9] bro-testing Vlad Grigorescu 2015-09-10 Add README.rst -> README symlink. Addresses BIT-1413 Open GitHub Pull Requests ========================= Issue Component User Updated Title -------- ------------- ------------- ---------- ---------------------------------------------------------------------------- #44 [10] bro yunzheng [11] 2015-09-23 Fixed parsing of V_ASN1_GENERALIZEDTIME timestamps in x509 certificates [12] #6 [13] bro-plugins jswaro [14] 2015-08-24 Adding initial conversion of TCPRS to a plugin [15] #1 [16] broctl J-Gras [17] 2015-09-11 Added support for packet fanout load balancing [18] #3 [19] packet-bricks shirkdog [20] 2015-09-21 Add a check for FreeBSD in lua_interface.c [21] [1] BIT-1485 https://bro-tracker.atlassian.net/browse/BIT-1485 [2] BIT-1484 https://bro-tracker.atlassian.net/browse/BIT-1484 [3] doc-fixes https://github.com/bro/bro/tree/topic/dnthayer/doc-fixes [4] BIT-1481 https://bro-tracker.atlassian.net/browse/BIT-1481 [5] BIT-1479 https://bro-tracker.atlassian.net/browse/BIT-1479 [6] BIT-1476 https://bro-tracker.atlassian.net/browse/BIT-1476 [7] BIT-1470 https://bro-tracker.atlassian.net/browse/BIT-1470 [8] BIT-1336 https://bro-tracker.atlassian.net/browse/BIT-1336 [9] 24ecb35 https://github.com/bro/bro-testing/commit/24ecb35f121e473bf7ff8e66b2e0c2ac6… [10] Pull Request #44 https://github.com/bro/bro/pull/44 [11] yunzheng https://github.com/yunzheng [12] Merge Pull Request #44 with git pull --no-ff --no-commit https://github.com/yunzheng/bro.git topic/x509-generalizedtime [13] Pull Request #6 https://github.com/bro/bro-plugins/pull/6 [14] jswaro https://github.com/jswaro [15] Merge Pull Request #6 with git pull --no-ff --no-commit https://github.com/jswaro/bro-plugins.git topic/jswaro/feature/initial-tcprs-plugin [16] Pull Request #1 https://github.com/bro/broctl/pull/1 [17] J-Gras https://github.com/J-Gras [18] Merge Pull Request #1 with git pull --no-ff --no-commit https://github.com/J-Gras/broctl.git topic/jgras/pcap-config [19] Pull Request #3 https://github.com/bro/packet-bricks/pull/3 [20] shirkdog https://github.com/shirkdog [21] Merge Pull Request #3 with git pull --no-ff --no-commit https://github.com/shirkdog/packet-bricks.git master

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1481) some test canonifiers don't always read from stdin

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1481?page=com.atlassian.jira.p… ] Robin Sommer reassigned BIT-1481: --------------------------------- Assignee: Robin Sommer > some test canonifiers don't always read from stdin > -------------------------------------------------- > > Key: BIT-1481 > URL: https://bro-tracker.atlassian.net/browse/BIT-1481 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Daniel Thayer > Assignee: Robin Sommer > > Some of the test canonifier scripts being used in the Bro test suite > cannot reliably be combined with other canonifiers in a pipeline. > For example, this works: > TEST_DIFF_CANONIFIER="diff-remove-x509-names | diff-remove-timestamps" > but switching the order of these canonifiers does not work: > TEST_DIFF_CANONIFIER="diff-remove-timestamps | diff-remove-x509-names" -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1484) topic/dnthayer/doc-fixes

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1484?page=com.atlassian.jira.p… ] Robin Sommer reassigned BIT-1484: --------------------------------- Assignee: Robin Sommer > topic/dnthayer/doc-fixes > ------------------------ > > Key: BIT-1484 > URL: https://bro-tracker.atlassian.net/browse/BIT-1484 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Daniel Thayer > Assignee: Robin Sommer > > The branch "topic/dnthayer/doc-fixes" in the bro repo contains various > doc fixes and improvements that I've collected over the past two months. > These are mostly just small fixes or clarifications based on user questions on > the mailing list. The most significant changes are to the input framework > and the GeoIP documentation. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1485) add configure option to prevent building broker python bindings

by Robin Sommer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1485?page=com.atlassian.jira.p… ] Robin Sommer reassigned BIT-1485: --------------------------------- Assignee: Robin Sommer > add configure option to prevent building broker python bindings > --------------------------------------------------------------- > > Key: BIT-1485 > URL: https://bro-tracker.atlassian.net/browse/BIT-1485 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro, Broker > Reporter: Daniel Thayer > Assignee: Robin Sommer > > There should be a configure option to prevent building the broker python bindings. > Also, the summary output of configure should more clearly show whether or not > pybroker will be built (for example, if you have an older version of swig, it's not easy > to see the warning message about not being able to build python bindings). -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [Auto] Merge Status

by Merge Tracker

Open Merge Requests =================== ID Component Reporter Assignee Updated For Version Priority Summary ------------ ----------- --------------- ---------- ---------- ------------- ---------- --------------------------------------------------------------- BIT-1485 [1] Bro,Broker Daniel Thayer - 2015-09-25 - Normal add configure option to prevent building broker python bindings BIT-1484 [2] Bro Daniel Thayer - 2015-09-23 - Normal topic/dnthayer/doc-fixes [3] BIT-1481 [4] Bro Daniel Thayer - 2015-09-20 - Normal some test canonifiers don't always read from stdin BIT-1479 [5] Bro scampbell - 2015-09-16 - Normal seek functionality in RAW reader does not go to end of file BIT-1476 [6] BTest Daniel Thayer - 2015-09-13 - Normal btest-diff can generate too much output when a test fails BIT-1470 [7] Bro Wendy Edwards - 2015-09-11 2.5 Low Implemented Functions in Notice Framework BIT-1336 [8] Bro Vlad Grigorescu - 2015-09-04 2.5 Trivial ElasticSearch indices in UTC Open Fastpath Commits ====================== Commit Component Author Date Summary ----------- ----------- --------------- ---------- ---------------------------------------------------- 24ecb35 [9] bro-testing Vlad Grigorescu 2015-09-10 Add README.rst -> README symlink. Addresses BIT-1413 Open GitHub Pull Requests ========================= Issue Component User Updated Title -------- ------------- ------------- ---------- ---------------------------------------------------------------------------- #44 [10] bro yunzheng [11] 2015-09-23 Fixed parsing of V_ASN1_GENERALIZEDTIME timestamps in x509 certificates [12] #6 [13] bro-plugins jswaro [14] 2015-08-24 Adding initial conversion of TCPRS to a plugin [15] #1 [16] broctl J-Gras [17] 2015-09-11 Added support for packet fanout load balancing [18] #3 [19] packet-bricks shirkdog [20] 2015-09-21 Add a check for FreeBSD in lua_interface.c [21] [1] BIT-1485 https://bro-tracker.atlassian.net/browse/BIT-1485 [2] BIT-1484 https://bro-tracker.atlassian.net/browse/BIT-1484 [3] doc-fixes https://github.com/bro/bro/tree/topic/dnthayer/doc-fixes [4] BIT-1481 https://bro-tracker.atlassian.net/browse/BIT-1481 [5] BIT-1479 https://bro-tracker.atlassian.net/browse/BIT-1479 [6] BIT-1476 https://bro-tracker.atlassian.net/browse/BIT-1476 [7] BIT-1470 https://bro-tracker.atlassian.net/browse/BIT-1470 [8] BIT-1336 https://bro-tracker.atlassian.net/browse/BIT-1336 [9] 24ecb35 https://github.com/bro/bro-testing/commit/24ecb35f121e473bf7ff8e66b2e0c2ac6… [10] Pull Request #44 https://github.com/bro/bro/pull/44 [11] yunzheng https://github.com/yunzheng [12] Merge Pull Request #44 with git pull --no-ff --no-commit https://github.com/yunzheng/bro.git topic/x509-generalizedtime [13] Pull Request #6 https://github.com/bro/bro-plugins/pull/6 [14] jswaro https://github.com/jswaro [15] Merge Pull Request #6 with git pull --no-ff --no-commit https://github.com/jswaro/bro-plugins.git topic/jswaro/feature/initial-tcprs-plugin [16] Pull Request #1 https://github.com/bro/broctl/pull/1 [17] J-Gras https://github.com/J-Gras [18] Merge Pull Request #1 with git pull --no-ff --no-commit https://github.com/J-Gras/broctl.git topic/jgras/pcap-config [19] Pull Request #3 https://github.com/bro/packet-bricks/pull/3 [20] shirkdog https://github.com/shirkdog [21] Merge Pull Request #3 with git pull --no-ff --no-commit https://github.com/shirkdog/packet-bricks.git master

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support

by Michal Purzynski (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.p… ] Michal Purzynski commented on BIT-1363: --------------------------------------- Kris, I've modified the example from the kernel documentation to support FANOUT and it works like it should. So it's definitely libpcap being the issue here. > Clustered AF_PACKET support > --------------------------- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support

by Michal Purzynski (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.p… ] Michal Purzynski commented on BIT-1363: --------------------------------------- I'm happy to review the code and test it. > Clustered AF_PACKET support > --------------------------- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support

by Jan Grashoefer (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.p… ] Jan Grashoefer commented on BIT-1363: ------------------------------------- I have already started writing a POC for a plugin. In case it works as expected I am going to add TPACKET_V3 support. As I am not used to write C/C++ code I would be glad if you can help review/test my code. > Clustered AF_PACKET support > --------------------------- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support

by Kris Nielander (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.p… ] Kris Nielander edited comment on BIT-1363 at 9/28/15 10:55 AM: --------------------------------------------------------------- I wouldn't mind putting some more effort into this to bring it to a separate, cleaner module. was (Author: krisnielander): I wouldn't mind putting some more effort into this to bring it to separate, cleaner module. > Clustered AF_PACKET support > --------------------------- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support

by Kris Nielander (JIRA)

[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.p… ] Kris Nielander commented on BIT-1363: ------------------------------------- I wouldn't mind putting some more effort into this to bring it to separate, cleaner module. > Clustered AF_PACKET support > --------------------------- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: git/master > Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107)

5 years, 8 months

Jump to page:

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

zeek-dev September 2015