Re: [Bro-Dev] Dot release?

[Seth Hall]

On Jan 30, 2014, at 1:17 PM, Bernhard Amann  wrote:

> I already told Robin - but just for the record, I think it is a good 
> idea/plan.


I'm in the same boat as Bernhard here.  Looking forward to the 2.2.1 release. ;)

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Re: [Bro-Dev] Dot release?

[Robin Sommer]

On Thu, Jan 30, 2014 at 11:22 -0800, you wrote:

> fixed and I wonder whether 2.2.1 is the right target for that.

Yes, that would be good to get in there too if we can figure out
what's going on.

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org
ICSI/LBNL* Fax   +1 (510) 666-2956 * www.icir.org/robin
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Re: [Bro-Dev] Dot release?

[Matthias Vallentin]

> I'd wait for two more things though:

Aashish also raised some potential bugs with Bro's hashing. It appears
that the Bloom filters fill up too quickly, i.e., do not meet their
false positive requirements. My hunch is that this has to do with the
construction of hash functions, perhaps they are not pairwise
independent unless parametrized in a certain way, or perhaps there's
just some other smaller bug in place. In any case, it needs to be
fixed and I wonder whether 2.2.1 is the right target for that.

Matthias
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Re: [Bro-Dev] Dot release?

[Liam Randall]

Yes, the current master is WAY more stable on busy production sensors that
2.2.  For sites really leaning on the intel framework master is the only
way to go.

Thanks,

Liam Randall


On Thu, Jan 30, 2014 at 1:17 PM, Bernhard Amann
wrote:

> I already told Robin - but just for the record, I think it is a good
> idea/plan.
>
> Bernhard
>
> On Jan 30, 2014, at 8:57 AM, Slagell, Adam J  wrote:
>
> > I like that plan. I think there are some minor Maverick's issues too
> that Daniel found. So we might want to get those in there as well.
> >
> > On Jan 30, 2014, at 10:50 AM, Robin Sommer  wrote:
> >
> >> Folks,
> >>
> >> making a 2.2.1 release has been coming up a few times and I'm thinking
> >> we should just snapshot current master for that. We've been fixing
> >> quite a number of things since 2.2, yet there aren't any larger new
> >> features yet (GRE tunnel decapsulation being the only one I can think
> >> of right now).
> >>
> >> I'd wait for two more things though:
> >>
> >>   - Merging, and some testing, of Jon's recent file analysis
> >>   framework API changes that make the file handle management more
> >>   efficient.
> >>
> >>   - Figuring out the exec and/or sumstats problems (it looks certain
> >>   at this point that exec isn't cleaning up fully; and sumstats may
> >>   have a larger than expected CPU impact, but that's not clear yet I
> >>   believe).
> >>
> >> Once 2.2.1 is out, I'd then next work on merging my dynamic plugin
> >> code, which is mostly ready but needs cleanup, review, documentation,
> >> testing.
> >>
> >> How does that sound? If good, now would also be the time to finalize
> >> any other minor fixes that people might want to see in 2.2.1.
> >>
> >> Robin
> >>
> >> --
> >> Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org
> >> ICSI/LBNL* Fax   +1 (510) 666-2956 * www.icir.org/robin
> >> ___
> >> bro-dev mailing list
> >> bro-dev@bro.org
> >> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
> >
> > --
> >
> > Adam J. Slagell
> > Chief Information Security Officer
> > Assistant Director, Cybersecurity
> > National Center for Supercomputing Applications
> > University of Illinois at Urbana-Champaign
> > www.ncsa.illinois.edu/~slagell/
> >
> > "Under the Illinois Freedom of Information Act (FOIA), any written
> communication to or from University employees regarding University business
> is a public record and may be subject to public disclosure."
> >
> >
> > ___
> > bro-dev mailing list
> > bro-dev@bro.org
> > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
>
> ___
> bro-dev mailing list
> bro-dev@bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>



-- 
Liam Randall
Managing Partner
510-281-0760
www.Broala.com 
>From the creators of Bro 
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Re: [Bro-Dev] Dot release?

[Bernhard Amann]

I already told Robin - but just for the record, I think it is a good idea/plan.

Bernhard

On Jan 30, 2014, at 8:57 AM, Slagell, Adam J  wrote:

> I like that plan. I think there are some minor Maverick's issues too that 
> Daniel found. So we might want to get those in there as well.
> 
> On Jan 30, 2014, at 10:50 AM, Robin Sommer  wrote:
> 
>> Folks,
>> 
>> making a 2.2.1 release has been coming up a few times and I'm thinking
>> we should just snapshot current master for that. We've been fixing
>> quite a number of things since 2.2, yet there aren't any larger new
>> features yet (GRE tunnel decapsulation being the only one I can think
>> of right now).
>> 
>> I'd wait for two more things though:
>> 
>>   - Merging, and some testing, of Jon's recent file analysis
>>   framework API changes that make the file handle management more
>>   efficient.
>> 
>>   - Figuring out the exec and/or sumstats problems (it looks certain
>>   at this point that exec isn't cleaning up fully; and sumstats may
>>   have a larger than expected CPU impact, but that's not clear yet I
>>   believe).
>> 
>> Once 2.2.1 is out, I'd then next work on merging my dynamic plugin
>> code, which is mostly ready but needs cleanup, review, documentation,
>> testing.
>> 
>> How does that sound? If good, now would also be the time to finalize
>> any other minor fixes that people might want to see in 2.2.1.
>> 
>> Robin
>> 
>> -- 
>> Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org
>> ICSI/LBNL* Fax   +1 (510) 666-2956 * www.icir.org/robin
>> ___
>> bro-dev mailing list
>> bro-dev@bro.org
>> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
> 
> --
> 
> Adam J. Slagell
> Chief Information Security Officer
> Assistant Director, Cybersecurity
> National Center for Supercomputing Applications
> University of Illinois at Urbana-Champaign
> www.ncsa.illinois.edu/~slagell/
> 
> "Under the Illinois Freedom of Information Act (FOIA), any written 
> communication to or from University employees regarding University business 
> is a public record and may be subject to public disclosure." 
> 
> 
> ___
> bro-dev mailing list
> bro-dev@bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev


___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] Dot release?

[Robin Sommer]

Folks,

making a 2.2.1 release has been coming up a few times and I'm thinking
we should just snapshot current master for that. We've been fixing
quite a number of things since 2.2, yet there aren't any larger new
features yet (GRE tunnel decapsulation being the only one I can think
of right now).

I'd wait for two more things though:

- Merging, and some testing, of Jon's recent file analysis
framework API changes that make the file handle management more
efficient.

- Figuring out the exec and/or sumstats problems (it looks certain
at this point that exec isn't cleaning up fully; and sumstats may
have a larger than expected CPU impact, but that's not clear yet I
believe).

Once 2.2.1 is out, I'd then next work on merging my dynamic plugin
code, which is mostly ready but needs cleanup, review, documentation,
testing.

How does that sound? If good, now would also be the time to finalize
any other minor fixes that people might want to see in 2.2.1.

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org
ICSI/LBNL* Fax   +1 (510) 666-2956 * www.icir.org/robin
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Re: [Bro-Dev] Dot release?

[Slagell, Adam J]

I like that plan. I think there are some minor Maverick's issues too that 
Daniel found. So we might want to get those in there as well.

On Jan 30, 2014, at 10:50 AM, Robin Sommer  wrote:

> Folks,
> 
> making a 2.2.1 release has been coming up a few times and I'm thinking
> we should just snapshot current master for that. We've been fixing
> quite a number of things since 2.2, yet there aren't any larger new
> features yet (GRE tunnel decapsulation being the only one I can think
> of right now).
> 
> I'd wait for two more things though:
> 
>- Merging, and some testing, of Jon's recent file analysis
>framework API changes that make the file handle management more
>efficient.
> 
>- Figuring out the exec and/or sumstats problems (it looks certain
>at this point that exec isn't cleaning up fully; and sumstats may
>have a larger than expected CPU impact, but that's not clear yet I
>believe).
> 
> Once 2.2.1 is out, I'd then next work on merging my dynamic plugin
> code, which is mostly ready but needs cleanup, review, documentation,
> testing.
> 
> How does that sound? If good, now would also be the time to finalize
> any other minor fixes that people might want to see in 2.2.1.
> 
> Robin
> 
> -- 
> Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org
> ICSI/LBNL* Fax   +1 (510) 666-2956 * www.icir.org/robin
> ___
> bro-dev mailing list
> bro-dev@bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

--

Adam J. Slagell
Chief Information Security Officer
Assistant Director, Cybersecurity
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
www.ncsa.illinois.edu/~slagell/

"Under the Illinois Freedom of Information Act (FOIA), any written 
communication to or from University employees regarding University business is 
a public record and may be subject to public disclosure." 


___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev