[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter AssigneeUpdated For Version PrioritySummary --- -- -- - -- - BIT-1168 [1] Bro Brian Little Seth Hall 2014-03-31 - Low Add Java version to software framework BIT-348 [2] Bro gregorJon Siwek 2014-04-17 2.3 HighReassembler integer overflow issues. Data not delivered after 2GB Open GitHub Pull Requests = IssueComponent User Updated Title --- --- -- #6 [3] bro jshlbrd [4] 2014-04-15 Intel::ADDR indicators in http host field [5] #4 [6] bro mareq [7]2014-04-01 Protocol identification heuristics. [8] #4 [9] time-machine mareq [10] 2014-04-10 When deleting connections hashtable, delete stored connections as well. [11] #3 [12] time-machine mareq [13] 2014-04-10 Correct handling of Linux SLL header and VLAN headers. [14] #2 [15] time-machine mareq [16] 2014-04-09 Query interval start/end is now taken into account. [17] #1 [18] time-machine mareq [19] 2014-03-19 TM-16: Really skip VLAN header for indexing. [20] [1] BIT-1168 https://bro-tracker.atlassian.net/browse/BIT-1168 [2] BIT-348 https://bro-tracker.atlassian.net/browse/BIT-348 [3] Pull Request #6 https://github.com/bro/bro/pull/6 [4] jshlbrd https://github.com/jshlbrd [5] Merge Pull Request #6 with git pull https://github.com/jshlbrd/bro.git master [6] Pull Request #4 https://github.com/bro/bro/pull/4 [7] mareq https://github.com/mareq [8] Merge Pull Request #4 with git pull https://github.com/mareq/bro.git topic/mareq/analyzer-for-missing-request [9] Pull Request #4 https://github.com/bro/time-machine/pull/4 [10] mareq https://github.com/mareq [11] Merge Pull Request #4 with git pull https://github.com/mareq/time-machine.git topic/mareq/memory-leaks [12] Pull Request #3 https://github.com/bro/time-machine/pull/3 [13] mareq https://github.com/mareq [14] Merge Pull Request #3 with git pull https://github.com/mareq/time-machine.git topic/mareq/linktype-linux-sll [15] Pull Request #2 https://github.com/bro/time-machine/pull/2 [16] mareq https://github.com/mareq [17] Merge Pull Request #2 with git pull https://github.com/mareq/time-machine.git topic/mareq/in-memory-query-interval [18] Pull Request #1 https://github.com/bro/time-machine/pull/1 [19] mareq https://github.com/mareq [20] Merge Pull Request #1 with git pull https://github.com/mareq/time-machine.git topic/mareq/tm-16 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-348) Reassembler integer overflow issues. Data not delivered after 2GB
[
https://bro-tracker.atlassian.net/browse/BIT-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16202#comment-16202
]
Jon Siwek commented on BIT-348:
---
For testing the TCP wrap-around, I had a trace of a ~5GB file downloaded via
FTP and that seemed to be handled alright AFAICT.
Reassembler integer overflow issues. Data not delivered after 2GB
-
Key: BIT-348
URL: https://bro-tracker.atlassian.net/browse/BIT-348
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: gregor
Assignee: Jon Siwek
Priority: High
Labels: inttypes
Fix For: 2.3
{noformat}
#!rst
The TCP Reassembler does not deliver any data to analyzers after the first
2GB due to signed integer overflow (Actually it will deliver again between
4--6GB, etc.) This happens silently, i.e., without content_gap events or
Undelivered calls.
This report superseded BIT-315, BIT-137
The TCP Reassembler (and Reassem) base class use ``int`` to keep track of
sequence numbers and ``seq_delta`` to check for differences. If a connection
exceeds 2GB, the relative sequence numbers (int) used by the Reassembler
become negative. While many parts of the Reassembler still work (because
seq_delta still reports the correct difference) some parts do not. In
particular ``seq_to_skip`` is broken (and fails silently). There might well
be other parts of the Reassembler that fail
silently as well, that I haven't found yet.
See Comments in TCP_Reassembler.cc for more details.
The Reassembler should use int64. However this will require deep changes to
the Reassembler and the TCP Analyzer and TCP_Endpoint classes (since we also
store sequence numbers there). Also, the analyzer framework will need tweaks
as well (e.g., Undelivered uses ``int`` for sequence numbers, also has to go
to 64 bit)
As a hotfix that seems to work I disabled the ``seq_to_skip`` features. It
wasn't used by any analyzer or policy script (Note, that seq_to_skip is
different from skip_deliveries). Hotfix is in
topic/gregor/reassembler-hotfix
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1183) topic/jsiwek/ascii-log-memleak-fix
[ https://bro-tracker.atlassian.net/browse/BIT-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16203#comment-16203 ] Robin Sommer commented on BIT-1183: --- Excellent catch! topic/jsiwek/ascii-log-memleak-fix -- Key: BIT-1183 URL: https://bro-tracker.atlassian.net/browse/BIT-1183 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Jon Siwek Fix For: 2.3 This branch fixes a memory leak in the ASCII log writer that occurs after each rotation. -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1184) topic/jsiwek/odesc-escaping
Jon Siwek created BIT-1184: -- Summary: topic/jsiwek/odesc-escaping Key: BIT-1184 URL: https://bro-tracker.atlassian.net/browse/BIT-1184 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Jon Siwek Fix For: 2.3 Minor refactor of how ODesc hex escapes stuff. Most significant: it now uses a std::set instead of std::list internally to store what strings need escaping which would prevent the recent bug of that growing out of control. Otherwise, just changed some things to re-use code and be more readable (IMO). -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1184) topic/jsiwek/odesc-escaping
[ https://bro-tracker.atlassian.net/browse/BIT-1184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1184: --- Status: Merge Request (was: Open) topic/jsiwek/odesc-escaping --- Key: BIT-1184 URL: https://bro-tracker.atlassian.net/browse/BIT-1184 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Jon Siwek Fix For: 2.3 Minor refactor of how ODesc hex escapes stuff. Most significant: it now uses a std::set instead of std::list internally to store what strings need escaping which would prevent the recent bug of that growing out of control. Otherwise, just changed some things to re-use code and be more readable (IMO). -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1177) SumStats dynamic updates do not work in cluster mode
[ https://bro-tracker.atlassian.net/browse/BIT-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=16204#comment-16204 ] Bernhard Amann commented on BIT-1177: - I addressed this in the branch topic/bernhard/ticket1177. Basically, the function request_key is now ignored on worker nodes. This fixes the problem (if you have a non-cluster-aware script file, that calls the function on both, the master and the worker nodes it will now work flawlessly). However, it is not entirely pretty - there might be use cases where we actually want to allow just worker nodes to trigger data collection. That case just silently fails at the moment. Not entirely pretty, but it should work for now. If anyone has a better solution, I am open for suggestions SumStats dynamic updates do not work in cluster mode Key: BIT-1177 URL: https://bro-tracker.atlassian.net/browse/BIT-1177 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Bernhard Amann Assignee: Bernhard Amann Fix For: 2.3 In cluster mode, dynamic updates via the request_key function do not work. The reason is, that, at the moment, in cluster mode the function is defined only on the manager. -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1177) SumStats dynamic updates do not work in cluster mode
[ https://bro-tracker.atlassian.net/browse/BIT-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bernhard Amann updated BIT-1177: Status: Merge Request (was: Open) SumStats dynamic updates do not work in cluster mode Key: BIT-1177 URL: https://bro-tracker.atlassian.net/browse/BIT-1177 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Bernhard Amann Assignee: Bernhard Amann Fix For: 2.3 In cluster mode, dynamic updates via the request_key function do not work. The reason is, that, at the moment, in cluster mode the function is defined only on the manager. -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
