Re: [Bro-Dev] Bare Mode

2013-11-22 Thread Siwek, Jonathan Luke 

On Nov 21, 2013, at 9:33 PM, anthony kasza anthony.ka...@gmail.com wrote:

 I'm curious if Bro in bare mode is ever used for anything.

The intention for mode is to allow users more choice in what script-level 
functionality to load.  In practice, I don’t know how often it’s used for that.

The other thing I frequently use it for is unit tests, where I want minimal 
test cases and faster parse time.

 I'm not surprised to see bare mode include bifs. Is there a design decision
 why bare mode includes things like the input and logging framework but
 not the protocol directories that make use of them (e.g.
 bro/base/protocols/conn) ?

If it’s something that’s tightly coupled with internals and only has parse-time 
performance cost, then that’s something to expect to be loaded in bare mode.  
The protocol analysis packages don’t satisfy either condition — internals don’t 
depend on them to be loaded and loading them can have run-time performance 
costs.

- Jon
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Re: [Bro-Dev] Bare Mode

2013-11-22 Thread Robin Sommer 


On Fri, Nov 22, 2013 at 15:38 +, you wrote:

 The intention for mode is to allow users more choice in what
 script-level functionality to load.  In practice, I don’t know how
 often it’s used for that.

I'll add that bare mode is essentially what used to be the default
configuration in Bro 2.0. So it's also a way to get back to the old
approach where you would add things as you need them. Bro is more
difficult to use that way but it can reduce resource usage quite a bit
if one really only needs a couple pieces.

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 * ro...@icir.org
ICSI/LBNL* Fax   +1 (510) 666-2956 * www.icir.org/robin
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1096) Should check version of libmagic not version of file

2013-11-22 Thread Ryan Schmidt (JIRA) 
Ryan Schmidt created BIT-1096:
-

 Summary: Should check version of libmagic not version of file
 Key: BIT-1096
 URL: https://bro-tracker.atlassian.net/browse/BIT-1096
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: 2.2
 Environment: Mac OS X 10.6.8; libmagic and other dependencies 
installed using MacPorts
Reporter: Ryan Schmidt


As far as I can tell, bro requires the libmagic library, but not the file 
program. However bro's configuration script appears not to be checking the 
version of the libmagic library, but the version of the file program. This is a 
problem in distributions like MacPorts where the libmagic library and the file 
program are in separate packages; installing the libmagic package does not mean 
you will automatically get the corresponding version of the file program.

This causes a build failure on Mac OS X 10.6 Snow Leopard for example which 
ships with /usr/bin/file version 5.03. Even though libmagic 5.15 is installed 
from MacPorts, bro fails to configure, thinking it's too old. The MacPorts 
project's bug report for that is https://trac.macports.org/ticket/41457

Could you change bro's configuration script to check the version of libmagic 
instead? You can check MAGIC_VERSION in magic.h.



--
This message was sent by Atlassian JIRA
(v6.2-OD-03#6206)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1096) Should check version of libmagic not version of file

2013-11-22 Thread Ryan Schmidt (JIRA) 

[ 
https://bro-tracker.atlassian.net/browse/BIT-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14801#comment-14801
 ] 

Ryan Schmidt commented on BIT-1096:
---

bq. Looks like MAGIC_VERSION doesn't appear in magic.h until libmagic 5.13, 
which is probably why it's currently looking in {{file --version}} output for 
version info.

Oh. Well drat.

bq. Is it sufficient to use MAGIC_VERSION if available and fallback on {{file 
--version}} ? Or is there a better way to extract the version from older 
libmagics?

That would address my immediate concern. There doesn't seem to be a 
{{libmagic-config}} program or pkg-config .pc file for libmagic so I don't know 
how else to check its version.

 Should check version of libmagic not version of file
 

 Key: BIT-1096
 URL: https://bro-tracker.atlassian.net/browse/BIT-1096
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: 2.2
 Environment: Mac OS X 10.6.8; libmagic and other dependencies 
 installed using MacPorts
Reporter: Ryan Schmidt

 As far as I can tell, bro requires the libmagic library, but not the file 
 program. However bro's configuration script appears not to be checking the 
 version of the libmagic library, but the version of the file program. This is 
 a problem in distributions like MacPorts where the libmagic library and the 
 file program are in separate packages; installing the libmagic package does 
 not mean you will automatically get the corresponding version of the file 
 program.
 This causes a build failure on Mac OS X 10.6 Snow Leopard for example which 
 ships with /usr/bin/file version 5.03. Even though libmagic 5.15 is installed 
 from MacPorts, bro fails to configure, thinking it's too old. The MacPorts 
 project's bug report for that is https://trac.macports.org/ticket/41457
 Could you change bro's configuration script to check the version of libmagic 
 instead? You can check MAGIC_VERSION in magic.h.



--
This message was sent by Atlassian JIRA
(v6.2-OD-03#6206)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1096) Should check version of libmagic not version of file

2013-11-22 Thread Seth Hall (JIRA) 

[ 
https://bro-tracker.atlassian.net/browse/BIT-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14802#comment-14802
 ] 

Seth Hall commented on BIT-1096:


Unfortunately there probably isn't much we will do about this.  We're already 
had some early discussions about forking and modifying libmagic and building it 
directly into Bro which would make it problem go away.  I'm going to close this 
ticket because it's unlikely we'll address it before taking some other course 
of action anyway.

 Should check version of libmagic not version of file
 

 Key: BIT-1096
 URL: https://bro-tracker.atlassian.net/browse/BIT-1096
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: 2.2
 Environment: Mac OS X 10.6.8; libmagic and other dependencies 
 installed using MacPorts
Reporter: Ryan Schmidt

 As far as I can tell, bro requires the libmagic library, but not the file 
 program. However bro's configuration script appears not to be checking the 
 version of the libmagic library, but the version of the file program. This is 
 a problem in distributions like MacPorts where the libmagic library and the 
 file program are in separate packages; installing the libmagic package does 
 not mean you will automatically get the corresponding version of the file 
 program.
 This causes a build failure on Mac OS X 10.6 Snow Leopard for example which 
 ships with /usr/bin/file version 5.03. Even though libmagic 5.15 is installed 
 from MacPorts, bro fails to configure, thinking it's too old. The MacPorts 
 project's bug report for that is https://trac.macports.org/ticket/41457
 Could you change bro's configuration script to check the version of libmagic 
 instead? You can check MAGIC_VERSION in magic.h.



--
This message was sent by Atlassian JIRA
(v6.2-OD-03#6206)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-1096) Should check version of libmagic not version of file

2013-11-22 Thread Seth Hall (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Seth Hall updated BIT-1096:
---

Resolution: Won't Fix
Status: Closed  (was: Open)

Unfortunately there isn't a better way to check the version at this time.

 Should check version of libmagic not version of file
 

 Key: BIT-1096
 URL: https://bro-tracker.atlassian.net/browse/BIT-1096
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: 2.2
 Environment: Mac OS X 10.6.8; libmagic and other dependencies 
 installed using MacPorts
Reporter: Ryan Schmidt

 As far as I can tell, bro requires the libmagic library, but not the file 
 program. However bro's configuration script appears not to be checking the 
 version of the libmagic library, but the version of the file program. This is 
 a problem in distributions like MacPorts where the libmagic library and the 
 file program are in separate packages; installing the libmagic package does 
 not mean you will automatically get the corresponding version of the file 
 program.
 This causes a build failure on Mac OS X 10.6 Snow Leopard for example which 
 ships with /usr/bin/file version 5.03. Even though libmagic 5.15 is installed 
 from MacPorts, bro fails to configure, thinking it's too old. The MacPorts 
 project's bug report for that is https://trac.macports.org/ticket/41457
 Could you change bro's configuration script to check the version of libmagic 
 instead? You can check MAGIC_VERSION in magic.h.



--
This message was sent by Atlassian JIRA
(v6.2-OD-03#6206)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev