[Bro-Dev] [JIRA] (BIT-1343) Add Support for Including Common PAC Files
grigorescu created BIT-1343:
---
Summary: Add Support for Including Common PAC Files
Key: BIT-1343
URL: https://bro-tracker.atlassian.net/browse/BIT-1343
Project: Bro Issue Tracker
Issue Type: Problem
Components: BinPAC
Reporter: grigorescu
Priority: Low
With some new analyzers, we're duplicating code that we're shipping with Bro,
due to a limitation in BinPAC - currently, BinPAC doesn't support %include-ing
files from other directories. ASN.1 is a good example of this - SNMP and
Kerberos both need a copy of the same ASN.1 parsing code. SMB also has some
overlap with other analyzers.
I tried the obvious fix of adding parsing support for {{%include
../snmp/asn1.pac}}, but the include paths get mixed up and compilation fails.
I believe this should be a relatively simple fix.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1344) New SSH Analyzer
[ https://bro-tracker.atlassian.net/browse/BIT-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] grigorescu updated BIT-1344: Status: Merge Request (was: Open) New SSH Analyzer Key: BIT-1344 URL: https://bro-tracker.atlassian.net/browse/BIT-1344 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: 2.4 Reporter: grigorescu The SSH analyzer was rewritten from scratch in topic/vladg/ssh. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1344) New SSH Analyzer
grigorescu created BIT-1344: --- Summary: New SSH Analyzer Key: BIT-1344 URL: https://bro-tracker.atlassian.net/browse/BIT-1344 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: 2.4 Reporter: grigorescu The SSH analyzer was rewritten from scratch in topic/vladg/ssh. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-947) Incorrect size calculation for SSH failed/successful heuristic
[ https://bro-tracker.atlassian.net/browse/BIT-947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20020#comment-20020 ] grigorescu commented on BIT-947: Yes - since the new SSH analyzer does away with the heuristic entirely, this issue will be addressed. Incorrect size calculation for SSH failed/successful heuristic -- Key: BIT-947 URL: https://bro-tracker.atlassian.net/browse/BIT-947 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: grigorescu Priority: Low Fix For: 2.4 We're getting a lot of false positives for successful SSH logins from a source that we recently blackholed. I suspect what's happening is that the retransmissions keep bumping up the size of the connection, until it crosses the threshold for a successful connection. With the changes from BIT-730: Find and fix tcp sequence counting bugs, is it possible to improve the accuracy of the reported size? -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [Auto] Merge Status
Open Merge Requests
===
IDComponent Reporter AssigneeUpdated For
Version PrioritySummary
- -- --
- -- -
BIT-1340 [1] Bro Seth Hall Jon Siwek 2015-03-13
2.4 Normal RDP analyzer (topic/seth/rdp)
BIT-1303 [2] pysubnettree Daniel Thayer - 2015-03-17
2.4 Normal pysubnettree tests should be changed to use btest
Open Fastpath Commits
==
Commit ComponentAuthor DateSummary
--- --- - --
---
31795e7 [3] bro Johanna Amann 2015-03-10 When setting the SSL
analyzer to fail, also stop processing
Open GitHub Pull Requests
=
IssueComponentUser Updated Title
--- --- - --
--
#28 [4] bro aeppert [5]2015-03-18 Seems to fix a case where an
entry in the table may be null on insert. [6]
#27 [7] bro petiepooo [8] 2015-03-14 Add defensive check for
localtime_r() call [9]
[1] BIT-1340
https://bro-tracker.atlassian.net/browse/BIT-1340
[2] BIT-1303
https://bro-tracker.atlassian.net/browse/BIT-1303
[3] 31795e7
https://github.com/bro/bro/commit/31795e7600561511add762951eee6292b186f6d3
[4] Pull Request #28 https://github.com/bro/bro/pull/28
[5] aeppert https://github.com/aeppert
[6] Merge Pull Request #28 with git pull --no-ff --no-commit
https://github.com/aeppert/bro.git master
[7] Pull Request #27 https://github.com/bro/bro/pull/27
[8] petiepooohttps://github.com/petiepooo
[9] Merge Pull Request #27 with git pull --no-ff --no-commit
https://github.com/petiepooo/bro.git topic/petiepooo/localtime_r-segv
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1326) Broctl installation requires sqlite but does not check for its presence
[
https://bro-tracker.atlassian.net/browse/BIT-1326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20022#comment-20022
]
Aashish Sharma commented on BIT-1326:
-
I am trying to test some stuff with the current master on FreeBSD.
Any idea when this would be fixed and/or any hints on a workaround ?
Thanks,
Broctl installation requires sqlite but does not check for its presence
---
Key: BIT-1326
URL: https://bro-tracker.atlassian.net/browse/BIT-1326
Project: Bro Issue Tracker
Issue Type: Problem
Components: BroControl
Affects Versions: git/master
Reporter: Johanna Amann
Fix For: 2.4
Trying to start broctl on a new installation of FreeBSD with a standard
python installation results in the following error message upon first start:
{code}
[bro@marge ~/master]$ broctl
Traceback (most recent call last):
File /xa/bro/master/bin/broctl, line 29, in module
from BroControl.broctl import BroCtl
File /xa/bro/master/lib/broctl/BroControl/broctl.py, line 8, in module
from BroControl import util
File /xa/bro/master/lib/broctl/BroControl/util.py, line 6, in module
from BroControl import config
File /xa/bro/master/lib/broctl/BroControl/config.py, line 10, in module
from .state import SqliteState
File /xa/bro/master/lib/broctl/BroControl/state.py, line 2, in module
import sqlite3
File /usr/local/lib/python2.7/sqlite3/__init__.py, line 24, in module
from dbapi2 import *
File /usr/local/lib/python2.7/sqlite3/dbapi2.py, line 28, in module
from _sqlite3 import *
ImportError: No module named _sqlite3
{code}
We should probably check for the module in cmake and refuse installation if
it is not present.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1326) Broctl installation requires sqlite but does not check for its presence
[
https://bro-tracker.atlassian.net/browse/BIT-1326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20023#comment-20023
]
Daniel Thayer commented on BIT-1326:
On FreeBSD, you need to install a package called py27-sqlite3.
Broctl installation requires sqlite but does not check for its presence
---
Key: BIT-1326
URL: https://bro-tracker.atlassian.net/browse/BIT-1326
Project: Bro Issue Tracker
Issue Type: Problem
Components: BroControl
Affects Versions: git/master
Reporter: Johanna Amann
Fix For: 2.4
Trying to start broctl on a new installation of FreeBSD with a standard
python installation results in the following error message upon first start:
{code}
[bro@marge ~/master]$ broctl
Traceback (most recent call last):
File /xa/bro/master/bin/broctl, line 29, in module
from BroControl.broctl import BroCtl
File /xa/bro/master/lib/broctl/BroControl/broctl.py, line 8, in module
from BroControl import util
File /xa/bro/master/lib/broctl/BroControl/util.py, line 6, in module
from BroControl import config
File /xa/bro/master/lib/broctl/BroControl/config.py, line 10, in module
from .state import SqliteState
File /xa/bro/master/lib/broctl/BroControl/state.py, line 2, in module
import sqlite3
File /usr/local/lib/python2.7/sqlite3/__init__.py, line 24, in module
from dbapi2 import *
File /usr/local/lib/python2.7/sqlite3/dbapi2.py, line 28, in module
from _sqlite3 import *
ImportError: No module named _sqlite3
{code}
We should probably check for the module in cmake and refuse installation if
it is not present.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1346) Val::CONVERTER Fatal Error - Sumstats Related
[
https://bro-tracker.atlassian.net/browse/BIT-1346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Siwek updated BIT-1346:
---
Fix Version/s: 2.4
Val::CONVERTER Fatal Error - Sumstats Related
-
Key: BIT-1346
URL: https://bro-tracker.atlassian.net/browse/BIT-1346
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Aaron Eppert
Priority: Critical
Labels: sumstats
Fix For: 2.4
Bro 2.3-451-debug
Linux 2.6.32-504.8.1.el6.x86_64
reporter.log
{ts:1426643084.0629,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643086.504566,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643089.234903,level:Reporter::ERROR,message:extra base64
groups after \u0027=\u0027 padding are ignored,location:}
{ts:1426643089.234903,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643093.283505,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643095.710806,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643098.094734,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643108.020824,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643110.429037,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
{ts:1426643122.957015,level:Reporter::ERROR,message:incomplete
base64 group, padding with 12 bits of 0,location:}
stderr.log
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: Check to see if the tagged
attribute exists, if so, log it, else
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: it is from the original
Intel::LOG, drop it on the floor. This
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: prevents duplicate logging AND
avoids a tertiary intel log to
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: parse.
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment:
unlimited
unlimited
unlimited
unlimited
fatal error in no location: Val::CONVERTER (string/port) (80/tcp)
stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
.cmdline
-U .status -p broctl -p broctl-live -p local -p manager local.bro broctl
base/frameworks/cluster local-manager.bro broctl/auto -B threading
.env_vars
PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/tokumx/bin:/root/bin
BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
CLUSTER_NODE=manager
.status
TERMINATED [atexit]
No prof.log
No packet_filter.log
No loaded_scripts.log
#0 0x003345c32625 in raise () from /lib64/libc.so.6
#1 0x003345c33e05 in abort () from /lib64/libc.so.6
#2 0x007847d9 in Reporter::FatalError (this=0x1ba5490,
fmt=0xaf4f56 %s) at /root/ane/bro/src/Reporter.cc:92
#3 0x0078bfb4 in BroObj::BadTag (this=0x4edeb20,
msg=0xaeaeae Val::CONVERTER, t1=0xb05a89 string, t2=0xb05aa3 port)
at /root/ane/bro/src/Obj.cc:134
#4 0x00770c1c in Val::AsPortVal (this=0x4edeb20)
at /root/ane/bro/src/Val.h:282
#5 0x0075aecd in BifFunc::bro_get_port_transport_proto (
frame=0x5862c60, BiF_ARGS=0x58f2d50) at bro.bif:3153
#6 0x0074f3cd in BuiltinFunc::Call (this=0x217e940, args=0x58f2d50,
parent=0x5862c60) at /root/ane/bro/src/Func.cc:564
#7 0x00740c4d in CallExpr::Eval (this=0x2299aa0, f=0x5862c60)
at /root/ane/bro/src/Expr.cc:4920
#8 0x007370b7 in AssignExpr::Eval (this=0x2299b50, f=0x5862c60)
at /root/ane/bro/src/Expr.cc:2669
#9 0x007e22bf in ExprStmt::Exec (this=0x2299cc0, f=0x5862c60,
flow=@0x7fff70b12154) at /root/ane/bro/src/Stmt.cc:369
#10
[Bro-Dev] [JIRA] (BIT-1344) New SSH Analyzer
[ https://bro-tracker.atlassian.net/browse/BIT-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann reassigned BIT-1344: -- Assignee: Johanna Amann New SSH Analyzer Key: BIT-1344 URL: https://bro-tracker.atlassian.net/browse/BIT-1344 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: 2.4 Reporter: grigorescu Assignee: Johanna Amann The SSH analyzer was rewritten from scratch in topic/vladg/ssh. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1345) Crash due to a bad dictionary insert
Aaron Eppert created BIT-1345: - Summary: Crash due to a bad dictionary insert Key: BIT-1345 URL: https://bro-tracker.atlassian.net/browse/BIT-1345 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Aaron Eppert Priority: High #0 0x00713b87 in Dictionary::Insert (this=0x1339840, new_entry=0xb18a9d0, copy_key=0) at /root/redacted/bro/src/Dict.cc:419 #1 0x007130b0 in Dictionary::Insert (this=0x1339840, key=0xa23f6d0, key_size=36, hash=658668102, val=0x67fde40, copy_key=0) at /root/redacted/bro/src/Dict.cc:158 #2 0x006cb508 in Dictionary::Insert (this=0x1339840, key=0x74ba81b0, val=0x67fde40) at /root/redacted/bro/src/Dict.h:47 #3 0x0077ee9b in IDPDict::Insert (this=0x1339840, key=0xebf780 #redacted-redacted.redacted.redacted#21703#1182, val=0x67fde40) at /root/redacted/bro/src/Scope.h:18 #4 0x0077ef05 in Scope::Insert (this=0x133a8b0, name=0xebf780 #redacted-redacted.redacted.redacted#21703#1182, id=0x67fde40) at /root/redacted/bro/src/Scope.h:26 #5 0x008010cc in MutableVal::Bind (this=0x14f451f0) at /root/redacted/bro/src/Val.cc:624 #6 0x00800ec8 in MutableVal::AddProperties (this=0x14f451f0, arg_props=2 '\002') at /root/redacted/bro/src/Val.cc:558 #7 0x0080a8d6 in RecordVal::AddProperties (this=0x14f451f0, arg_props=2 '\002') at /root/redacted/bro/src/Val.cc:2866 #8 0x00805948 in TableVal::Assign (this=0xb1dab00, index=0x13e81770, k=0x0, new_val=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Val.cc:1502 #9 0x00805501 in TableVal::Assign (this=0xb1dab00, index=0x13e81770, new_val=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Val.cc:1442 #10 0x00738b13 in IndexExpr::Assign (this=0x2087350, f=0x12073280, v=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Expr.cc:3135 #11 0x007362a2 in RefExpr::Assign (this=0x2087540, f=0x12073280, v=0x14f451f0, opcode=OP_ASSIGN) at /root/redacted/bro/src/Expr.cc:2463 #12 0x007370ea in AssignExpr::Eval (this=0x20874d0, f=0x12073280) at /root/redacted/bro/src/Expr.cc:2673 #13 0x007e22bb in ExprStmt::Exec (this=0x2087660, f=0x12073280, flow=@0x74ba8624) at /root/redacted/bro/src/Stmt.cc:369 #14 0x007e8375 in StmtList::Exec (this=0x2082c80, f=0x12073280, flow=@0x74ba8624) at /root/redacted/bro/src/Stmt.cc:1764 #15 0x0074e6cd in BroFunc::Call (this=0x2087e70, args=0x13525bb0, parent=0x0) at /root/redacted/bro/src/Func.cc:386 #16 0x00725883 in EventHandler::Call (this=0x2082160, vl=0x13525bb0, no_remote=false) at /root/redacted/bro/src/EventHandler.cc:80 #17 0x006d8cc2 in Event::Dispatch (this=0x620e610, no_remote=false) at /root/redacted/bro/src/Event.h:50 #18 0x00724ef7 in EventMgr::Dispatch (this=0xebd400) at /root/redacted/bro/src/Event.cc:111 #19 0x00725032 in EventMgr::Drain (this=0xebd400) at /root/redacted/bro/src/Event.cc:128 #20 0x00788828 in net_packet_dispatch (t=1426626559.98401, hdr=0x3314d40, pkt=0x7f14a8b464cc Address 0x7f14a8b464cc out of bounds, hdr_size=14, src_ps=0x3314c00) at /root/redacted/bro/src/Net.cc:278 #21 0x00a786d5 in iosource::PktSrc::Process (this=0x3314c00) at /root/redacted/bro/src/iosource/PktSrc.cc:411 #22 0x007889f8 in net_run () at /root/redacted/bro/src/Net.cc:320 #23 0x006d8157 in main (argc=20, argv=0x74ba9188) at /root/redacted/bro/src/main.cc:1200 -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1345) Crash due to a bad dictionary insert
[ https://bro-tracker.atlassian.net/browse/BIT-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20021#comment-20021 ] Aaron Eppert commented on BIT-1345: --- https://github.com/bro/bro/pull/28 is the proposed fix for this problem. Crash due to a bad dictionary insert Key: BIT-1345 URL: https://bro-tracker.atlassian.net/browse/BIT-1345 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Aaron Eppert Priority: High #0 0x00713b87 in Dictionary::Insert (this=0x1339840, new_entry=0xb18a9d0, copy_key=0) at /root/redacted/bro/src/Dict.cc:419 #1 0x007130b0 in Dictionary::Insert (this=0x1339840, key=0xa23f6d0, key_size=36, hash=658668102, val=0x67fde40, copy_key=0) at /root/redacted/bro/src/Dict.cc:158 #2 0x006cb508 in Dictionary::Insert (this=0x1339840, key=0x74ba81b0, val=0x67fde40) at /root/redacted/bro/src/Dict.h:47 #3 0x0077ee9b in IDPDict::Insert (this=0x1339840, key=0xebf780 #redacted-redacted.redacted.redacted#21703#1182, val=0x67fde40) at /root/redacted/bro/src/Scope.h:18 #4 0x0077ef05 in Scope::Insert (this=0x133a8b0, name=0xebf780 #redacted-redacted.redacted.redacted#21703#1182, id=0x67fde40) at /root/redacted/bro/src/Scope.h:26 #5 0x008010cc in MutableVal::Bind (this=0x14f451f0) at /root/redacted/bro/src/Val.cc:624 #6 0x00800ec8 in MutableVal::AddProperties (this=0x14f451f0, arg_props=2 '\002') at /root/redacted/bro/src/Val.cc:558 #7 0x0080a8d6 in RecordVal::AddProperties (this=0x14f451f0, arg_props=2 '\002') at /root/redacted/bro/src/Val.cc:2866 #8 0x00805948 in TableVal::Assign (this=0xb1dab00, index=0x13e81770, k=0x0, new_val=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Val.cc:1502 #9 0x00805501 in TableVal::Assign (this=0xb1dab00, index=0x13e81770, new_val=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Val.cc:1442 #10 0x00738b13 in IndexExpr::Assign (this=0x2087350, f=0x12073280, v=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Expr.cc:3135 #11 0x007362a2 in RefExpr::Assign (this=0x2087540, f=0x12073280, v=0x14f451f0, opcode=OP_ASSIGN) at /root/redacted/bro/src/Expr.cc:2463 #12 0x007370ea in AssignExpr::Eval (this=0x20874d0, f=0x12073280) at /root/redacted/bro/src/Expr.cc:2673 #13 0x007e22bb in ExprStmt::Exec (this=0x2087660, f=0x12073280, flow=@0x74ba8624) at /root/redacted/bro/src/Stmt.cc:369 #14 0x007e8375 in StmtList::Exec (this=0x2082c80, f=0x12073280, flow=@0x74ba8624) at /root/redacted/bro/src/Stmt.cc:1764 #15 0x0074e6cd in BroFunc::Call (this=0x2087e70, args=0x13525bb0, parent=0x0) at /root/redacted/bro/src/Func.cc:386 #16 0x00725883 in EventHandler::Call (this=0x2082160, vl=0x13525bb0, no_remote=false) at /root/redacted/bro/src/EventHandler.cc:80 #17 0x006d8cc2 in Event::Dispatch (this=0x620e610, no_remote=false) at /root/redacted/bro/src/Event.h:50 #18 0x00724ef7 in EventMgr::Dispatch (this=0xebd400) at /root/redacted/bro/src/Event.cc:111 #19 0x00725032 in EventMgr::Drain (this=0xebd400) at /root/redacted/bro/src/Event.cc:128 #20 0x00788828 in net_packet_dispatch (t=1426626559.98401, hdr=0x3314d40, pkt=0x7f14a8b464cc Address 0x7f14a8b464cc out of bounds, hdr_size=14, src_ps=0x3314c00) at /root/redacted/bro/src/Net.cc:278 #21 0x00a786d5 in iosource::PktSrc::Process (this=0x3314c00) at /root/redacted/bro/src/iosource/PktSrc.cc:411 #22 0x007889f8 in net_run () at /root/redacted/bro/src/Net.cc:320 #23 0x006d8157 in main (argc=20, argv=0x74ba9188) at /root/redacted/bro/src/main.cc:1200 -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1345) Crash due to a bad dictionary insert
[ https://bro-tracker.atlassian.net/browse/BIT-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1345: --- Fix Version/s: 2.4 Crash due to a bad dictionary insert Key: BIT-1345 URL: https://bro-tracker.atlassian.net/browse/BIT-1345 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Aaron Eppert Priority: High Fix For: 2.4 #0 0x00713b87 in Dictionary::Insert (this=0x1339840, new_entry=0xb18a9d0, copy_key=0) at /root/redacted/bro/src/Dict.cc:419 #1 0x007130b0 in Dictionary::Insert (this=0x1339840, key=0xa23f6d0, key_size=36, hash=658668102, val=0x67fde40, copy_key=0) at /root/redacted/bro/src/Dict.cc:158 #2 0x006cb508 in Dictionary::Insert (this=0x1339840, key=0x74ba81b0, val=0x67fde40) at /root/redacted/bro/src/Dict.h:47 #3 0x0077ee9b in IDPDict::Insert (this=0x1339840, key=0xebf780 #redacted-redacted.redacted.redacted#21703#1182, val=0x67fde40) at /root/redacted/bro/src/Scope.h:18 #4 0x0077ef05 in Scope::Insert (this=0x133a8b0, name=0xebf780 #redacted-redacted.redacted.redacted#21703#1182, id=0x67fde40) at /root/redacted/bro/src/Scope.h:26 #5 0x008010cc in MutableVal::Bind (this=0x14f451f0) at /root/redacted/bro/src/Val.cc:624 #6 0x00800ec8 in MutableVal::AddProperties (this=0x14f451f0, arg_props=2 '\002') at /root/redacted/bro/src/Val.cc:558 #7 0x0080a8d6 in RecordVal::AddProperties (this=0x14f451f0, arg_props=2 '\002') at /root/redacted/bro/src/Val.cc:2866 #8 0x00805948 in TableVal::Assign (this=0xb1dab00, index=0x13e81770, k=0x0, new_val=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Val.cc:1502 #9 0x00805501 in TableVal::Assign (this=0xb1dab00, index=0x13e81770, new_val=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Val.cc:1442 #10 0x00738b13 in IndexExpr::Assign (this=0x2087350, f=0x12073280, v=0x14f451f0, op=OP_ASSIGN) at /root/redacted/bro/src/Expr.cc:3135 #11 0x007362a2 in RefExpr::Assign (this=0x2087540, f=0x12073280, v=0x14f451f0, opcode=OP_ASSIGN) at /root/redacted/bro/src/Expr.cc:2463 #12 0x007370ea in AssignExpr::Eval (this=0x20874d0, f=0x12073280) at /root/redacted/bro/src/Expr.cc:2673 #13 0x007e22bb in ExprStmt::Exec (this=0x2087660, f=0x12073280, flow=@0x74ba8624) at /root/redacted/bro/src/Stmt.cc:369 #14 0x007e8375 in StmtList::Exec (this=0x2082c80, f=0x12073280, flow=@0x74ba8624) at /root/redacted/bro/src/Stmt.cc:1764 #15 0x0074e6cd in BroFunc::Call (this=0x2087e70, args=0x13525bb0, parent=0x0) at /root/redacted/bro/src/Func.cc:386 #16 0x00725883 in EventHandler::Call (this=0x2082160, vl=0x13525bb0, no_remote=false) at /root/redacted/bro/src/EventHandler.cc:80 #17 0x006d8cc2 in Event::Dispatch (this=0x620e610, no_remote=false) at /root/redacted/bro/src/Event.h:50 #18 0x00724ef7 in EventMgr::Dispatch (this=0xebd400) at /root/redacted/bro/src/Event.cc:111 #19 0x00725032 in EventMgr::Drain (this=0xebd400) at /root/redacted/bro/src/Event.cc:128 #20 0x00788828 in net_packet_dispatch (t=1426626559.98401, hdr=0x3314d40, pkt=0x7f14a8b464cc Address 0x7f14a8b464cc out of bounds, hdr_size=14, src_ps=0x3314c00) at /root/redacted/bro/src/Net.cc:278 #21 0x00a786d5 in iosource::PktSrc::Process (this=0x3314c00) at /root/redacted/bro/src/iosource/PktSrc.cc:411 #22 0x007889f8 in net_run () at /root/redacted/bro/src/Net.cc:320 #23 0x006d8157 in main (argc=20, argv=0x74ba9188) at /root/redacted/bro/src/main.cc:1200 -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1346) Val::CONVERTER Fatal Error - Sumstats Related
Aaron Eppert created BIT-1346:
-
Summary: Val::CONVERTER Fatal Error - Sumstats Related
Key: BIT-1346
URL: https://bro-tracker.atlassian.net/browse/BIT-1346
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Aaron Eppert
Priority: Critical
Bro 2.3-451-debug
Linux 2.6.32-504.8.1.el6.x86_64
reporter.log
{ts:1426643084.0629,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643086.504566,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643089.234903,level:Reporter::ERROR,message:extra base64
groups after \u0027=\u0027 padding are ignored,location:}
{ts:1426643089.234903,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643093.283505,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643095.710806,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643098.094734,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643108.020824,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643110.429037,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
{ts:1426643122.957015,level:Reporter::ERROR,message:incomplete base64
group, padding with 12 bits of 0,location:}
stderr.log
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: Check to see if the tagged
attribute exists, if so, log it, else
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: it is from the original
Intel::LOG, drop it on the floor. This
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: prevents duplicate logging AND
avoids a tertiary intel log to
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment: parse.
internal warning in
/usr/local/bro/spool/installed-scripts-do-not-touch/site/ps-cif/./ps-cif.bro,
line 4: Discarded extraneous Broxygen comment:
unlimited
unlimited
unlimited
unlimited
fatal error in no location: Val::CONVERTER (string/port) (80/tcp)
stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
.cmdline
-U .status -p broctl -p broctl-live -p local -p manager local.bro broctl
base/frameworks/cluster local-manager.bro broctl/auto -B threading
.env_vars
PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/tokumx/bin:/root/bin
BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
CLUSTER_NODE=manager
.status
TERMINATED [atexit]
No prof.log
No packet_filter.log
No loaded_scripts.log
#0 0x003345c32625 in raise () from /lib64/libc.so.6
#1 0x003345c33e05 in abort () from /lib64/libc.so.6
#2 0x007847d9 in Reporter::FatalError (this=0x1ba5490,
fmt=0xaf4f56 %s) at /root/ane/bro/src/Reporter.cc:92
#3 0x0078bfb4 in BroObj::BadTag (this=0x4edeb20,
msg=0xaeaeae Val::CONVERTER, t1=0xb05a89 string, t2=0xb05aa3 port)
at /root/ane/bro/src/Obj.cc:134
#4 0x00770c1c in Val::AsPortVal (this=0x4edeb20)
at /root/ane/bro/src/Val.h:282
#5 0x0075aecd in BifFunc::bro_get_port_transport_proto (
frame=0x5862c60, BiF_ARGS=0x58f2d50) at bro.bif:3153
#6 0x0074f3cd in BuiltinFunc::Call (this=0x217e940, args=0x58f2d50,
parent=0x5862c60) at /root/ane/bro/src/Func.cc:564
#7 0x00740c4d in CallExpr::Eval (this=0x2299aa0, f=0x5862c60)
at /root/ane/bro/src/Expr.cc:4920
#8 0x007370b7 in AssignExpr::Eval (this=0x2299b50, f=0x5862c60)
at /root/ane/bro/src/Expr.cc:2669
#9 0x007e22bf in ExprStmt::Exec (this=0x2299cc0, f=0x5862c60,
flow=@0x7fff70b12154) at /root/ane/bro/src/Stmt.cc:369
#10 0x007e2b6f in IfStmt::DoExec (this=0x2299e20, f=0x5862c60,
v=0x58b1870, flow=@0x7fff70b12154) at /root/ane/bro/src/Stmt.cc:484
#11 0x007e22f3 in ExprStmt::Exec (this=0x2299e20, f=0x5862c60,
flow=@0x7fff70b12154) at /root/ane/bro/src/Stmt.cc:373
#12 0x007e8379 in
[Bro-Dev] [JIRA] (BIT-1347) Please merge topic/johanna/dtls
[ https://bro-tracker.atlassian.net/browse/BIT-1347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann updated BIT-1347: --- Summary: Please merge topic/johanna/dtls (was: Please merge topic/johanna/tls) Please merge topic/johanna/dtls --- Key: BIT-1347 URL: https://bro-tracker.atlassian.net/browse/BIT-1347 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Johanna Amann Labels: dtls, ssl Fix For: 2.4 Please merge topic/johanna/dtls First and foremost, this branch brings DTLS 1.0 / 1.2 support to Bro. Dtls is mostly handled just like SSL. It emits the same events and thus works seamlessly with the current SSL scripts in the Bro core. Furthermore, it implements TLS record layer defragmentation for the TLS Handshake protocol enabling us e.g. to deal with connections containing large certificates. The analyzer is now split into three parts, a SSL/TLS analyzer, a DTLS analyzer and a TLS handshake protocol analyzer. The SSL/TLS and DTLS analyzer use a large amount of same code by including common pac-files. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1347) Please merge topic/johanna/tls
[ https://bro-tracker.atlassian.net/browse/BIT-1347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann updated BIT-1347: --- Status: Merge Request (was: Open) Please merge topic/johanna/tls -- Key: BIT-1347 URL: https://bro-tracker.atlassian.net/browse/BIT-1347 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Johanna Amann Labels: dtls, ssl Fix For: 2.4 Please merge topic/johanna/dtls First and foremost, this branch brings DTLS 1.0 / 1.2 support to Bro. Dtls is mostly handled just like SSL. It emits the same events and thus works seamlessly with the current SSL scripts in the Bro core. Furthermore, it implements TLS record layer defragmentation for the TLS Handshake protocol enabling us e.g. to deal with connections containing large certificates. The analyzer is now split into three parts, a SSL/TLS analyzer, a DTLS analyzer and a TLS handshake protocol analyzer. The SSL/TLS and DTLS analyzer use a large amount of same code by including common pac-files. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1347) Please merge topic/johanna/tls
Johanna Amann created BIT-1347: -- Summary: Please merge topic/johanna/tls Key: BIT-1347 URL: https://bro-tracker.atlassian.net/browse/BIT-1347 Project: Bro Issue Tracker Issue Type: Improvement Components: Bro Affects Versions: git/master Reporter: Johanna Amann Fix For: 2.4 Please merge topic/johanna/dtls First and foremost, this branch brings DTLS 1.0 / 1.2 support to Bro. Dtls is mostly handled just like SSL. It emits the same events and thus works seamlessly with the current SSL scripts in the Bro core. Furthermore, it implements TLS record layer defragmentation for the TLS Handshake protocol enabling us e.g. to deal with connections containing large certificates. The analyzer is now split into three parts, a SSL/TLS analyzer, a DTLS analyzer and a TLS handshake protocol analyzer. The SSL/TLS and DTLS analyzer use a large amount of same code by including common pac-files. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1348) topic/dnthayer/fix-typos
[ https://bro-tracker.atlassian.net/browse/BIT-1348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Thayer updated BIT-1348: --- Status: Merge Request (was: Open) topic/dnthayer/fix-typos Key: BIT-1348 URL: https://bro-tracker.atlassian.net/browse/BIT-1348 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Daniel Thayer Fix For: 2.4 The branch topic/dnthayer/fix-typos in the bro-plugins repo contains a few small doc fixes, and a portability improvement for the configure script. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1348) topic/dnthayer/fix-typos
Daniel Thayer created BIT-1348: -- Summary: topic/dnthayer/fix-typos Key: BIT-1348 URL: https://bro-tracker.atlassian.net/browse/BIT-1348 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Daniel Thayer Fix For: 2.4 The branch topic/dnthayer/fix-typos in the bro-plugins repo contains a few small doc fixes, and a portability improvement for the configure script. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-342) Add payload to ICMP analyzer
[ https://bro-tracker.atlassian.net/browse/BIT-342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-342: -- Status: Merge Request (was: Open) Add payload to ICMP analyzer Key: BIT-342 URL: https://bro-tracker.atlassian.net/browse/BIT-342 Project: Bro Issue Tracker Issue Type: Patch Components: Bro Affects Versions: 1.5.2 Reporter: Seth Hall Assignee: Jon Siwek Fix For: 2.4 Attachments: ICMP-add-payload.diff This is a patch from Julien Sentier on the mailing list that makes ICMP payloads available at the scripting layer. Is there a reason this isn't already available? I would have committed it to fastpath except I don't know if it's not already doing this due to the potential overhead of creating a lot of strings in ICMP floods. At the very least, I suppose it could be optional (which the patch doesn't currently do). -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
