[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporterAssigneeUpdated For Version PrioritySummary --- -- -- -- - -- - BIT-1185 [1] BroControl Daniel Thayer - 2014-04-21 2.3 Normal topic/dnthayer/broctld-work [2] BIT-1184 [3] Bro Jon Siwek - 2014-04-18 2.3 Normal topic/jsiwek/odesc-escaping [4] BIT-1177 [5] Bro Bernhard Amann Seth Hall 2014-04-21 2.3 Normal SumStats dynamic updates do not work in cluster mode BIT-1168 [6] Bro Brian LittleSeth Hall 2014-03-31 - Low Add Java version to software framework BIT-348 [7] Bro gregor Jon Siwek 2014-04-18 2.3 HighReassembler integer overflow issues. Data not delivered after 2GB Open GitHub Pull Requests = IssueComponent User Updated Title --- --- -- #6 [8] bro jshlbrd [9] 2014-04-15 Intel::ADDR indicators in http host field [10] #4 [11] bro mareq [12] 2014-04-01 Protocol identification heuristics. [13] #4 [14] time-machine mareq [15] 2014-04-10 When deleting connections hashtable, delete stored connections as well. [16] #3 [17] time-machine mareq [18] 2014-04-10 Correct handling of Linux SLL header and VLAN headers. [19] #2 [20] time-machine mareq [21] 2014-04-09 Query interval start/end is now taken into account. [22] #1 [23] time-machine mareq [24] 2014-03-19 TM-16: Really skip VLAN header for indexing. [25] [1] BIT-1185 https://bro-tracker.atlassian.net/browse/BIT-1185 [2] broctld-work https://github.com/bro/brocontrol/tree/topic/dnthayer/broctld-work [3] BIT-1184 https://bro-tracker.atlassian.net/browse/BIT-1184 [4] odesc-escaping https://github.com/bro/bro/tree/topic/jsiwek/odesc-escaping [5] BIT-1177 https://bro-tracker.atlassian.net/browse/BIT-1177 [6] BIT-1168 https://bro-tracker.atlassian.net/browse/BIT-1168 [7] BIT-348 https://bro-tracker.atlassian.net/browse/BIT-348 [8] Pull Request #6 https://github.com/bro/bro/pull/6 [9] jshlbrd https://github.com/jshlbrd [10] Merge Pull Request #6 with git pull https://github.com/jshlbrd/bro.git master [11] Pull Request #4 https://github.com/bro/bro/pull/4 [12] mareq https://github.com/mareq [13] Merge Pull Request #4 with git pull https://github.com/mareq/bro.git topic/mareq/analyzer-for-missing-request [14] Pull Request #4 https://github.com/bro/time-machine/pull/4 [15] mareq https://github.com/mareq [16] Merge Pull Request #4 with git pull https://github.com/mareq/time-machine.git topic/mareq/memory-leaks [17] Pull Request #3 https://github.com/bro/time-machine/pull/3 [18] mareq https://github.com/mareq [19] Merge Pull Request #3 with git pull https://github.com/mareq/time-machine.git topic/mareq/linktype-linux-sll [20] Pull Request #2 https://github.com/bro/time-machine/pull/2 [21] mareq https://github.com/mareq [22] Merge Pull Request #2 with git pull https://github.com/mareq/time-machine.git topic/mareq/in-memory-query-interval [23] Pull Request #1 https://github.com/bro/time-machine/pull/1 [24] mareq https://github.com/mareq [25] Merge Pull Request #1 with git pull https://github.com/mareq/time-machine.git topic/mareq/tm-16 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-348) Reassembler integer overflow issues. Data not delivered after 2GB
[ https://bro-tracker.atlassian.net/browse/BIT-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-348: Assignee: Robin Sommer (was: Jon Siwek) Reassembler integer overflow issues. Data not delivered after 2GB - Key: BIT-348 URL: https://bro-tracker.atlassian.net/browse/BIT-348 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: gregor Assignee: Robin Sommer Priority: High Labels: inttypes Fix For: 2.3 {noformat} #!rst The TCP Reassembler does not deliver any data to analyzers after the first 2GB due to signed integer overflow (Actually it will deliver again between 4--6GB, etc.) This happens silently, i.e., without content_gap events or Undelivered calls. This report superseded BIT-315, BIT-137 The TCP Reassembler (and Reassem) base class use ``int`` to keep track of sequence numbers and ``seq_delta`` to check for differences. If a connection exceeds 2GB, the relative sequence numbers (int) used by the Reassembler become negative. While many parts of the Reassembler still work (because seq_delta still reports the correct difference) some parts do not. In particular ``seq_to_skip`` is broken (and fails silently). There might well be other parts of the Reassembler that fail silently as well, that I haven't found yet. See Comments in TCP_Reassembler.cc for more details. The Reassembler should use int64. However this will require deep changes to the Reassembler and the TCP Analyzer and TCP_Endpoint classes (since we also store sequence numbers there). Also, the analyzer framework will need tweaks as well (e.g., Undelivered uses ``int`` for sequence numbers, also has to go to 64 bit) As a hotfix that seems to work I disabled the ``seq_to_skip`` features. It wasn't used by any analyzer or policy script (Note, that seq_to_skip is different from skip_deliveries). Hotfix is in topic/gregor/reassembler-hotfix {noformat} -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1184) topic/jsiwek/odesc-escaping
[ https://bro-tracker.atlassian.net/browse/BIT-1184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1184: -- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) topic/jsiwek/odesc-escaping --- Key: BIT-1184 URL: https://bro-tracker.atlassian.net/browse/BIT-1184 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Jon Siwek Fix For: 2.3 Minor refactor of how ODesc hex escapes stuff. Most significant: it now uses a std::set instead of std::list internally to store what strings need escaping which would prevent the recent bug of that growing out of control. Otherwise, just changed some things to re-use code and be more readable (IMO). -- This message was sent by Atlassian JIRA (v6.3-OD-02-026#6318) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev