[Bro-Dev] [Auto] Merge Status
Open GitHub Pull Requests = IssueComponentUserUpdated Title --- --- -- -- -- #42 [1] bro J-Gras [2] 2015-08-31 Improved logging of Base64 errors [3] #40 [4] bro knielander [5] 2015-08-31 Enable linux fanout mode with Bro [6] #6 [7] bro-plugins jswaro [8] 2015-08-24 Adding initial conversion of TCPRS to a plugin [9] [1] Pull Request #42 https://github.com/bro/bro/pull/42 [2] J-Gras https://github.com/J-Gras [3] Merge Pull Request #42 with git pull --no-ff --no-commit https://github.com/J-Gras/bro.git topic/jgras/base64-logging [4] Pull Request #40 https://github.com/bro/bro/pull/40 [5] knielander https://github.com/knielander [6] Merge Pull Request #40 with git pull --no-ff --no-commit https://github.com/knielander/bro.git master [7] Pull Request #6 https://github.com/bro/bro-plugins/pull/6 [8] jswaro https://github.com/jswaro [9] Merge Pull Request #6 with git pull --no-ff --no-commit https://github.com/jswaro/bro-plugins.git topic/jswaro/feature/initial-tcprs-plugin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1469) dpd.log contains lots of binpac exceptions for RDP
Gary Faulkner created BIT-1469: -- Summary: dpd.log contains lots of binpac exceptions for RDP Key: BIT-1469 URL: https://bro-tracker.atlassian.net/browse/BIT-1469 Project: Bro Issue Tracker Issue Type: Problem Components: BinPAC, Bro Affects Versions: git/master Environment: RHEL 6.6, 2.4-10 bro build from git Reporter: Gary Faulkner RDP scanners seem to generate a lot of binpac errors in dpd.log for RDP connections. The following log line is an example of the error that repeats continuously during the activity: 1441031469.413008 CPNcey4q2i8mGVUvEg 74.91.23.83 62082 10.10.81.2073389tcp RDP Binpac exception: binpac exception: out_of_bound: DT_Data:application_type: 3 > 2 The 10.x.x.x IP is the redacted local IP. The other IP is the scanner. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1469) dpd.log contains lots of binpac exceptions for RDP
[ https://bro-tracker.atlassian.net/browse/BIT-1469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary Faulkner updated BIT-1469: --- Attachment: rdp-31AUG15.pcap > dpd.log contains lots of binpac exceptions for RDP > -- > > Key: BIT-1469 > URL: https://bro-tracker.atlassian.net/browse/BIT-1469 > Project: Bro Issue Tracker > Issue Type: Problem > Components: BinPAC, Bro >Affects Versions: git/master > Environment: RHEL 6.6, 2.4-10 bro build from git >Reporter: Gary Faulkner > Labels: analyzer > Attachments: rdp-31AUG15.pcap > > > RDP scanners seem to generate a lot of binpac errors in dpd.log for RDP > connections. > The following log line is an example of the error that repeats continuously > during the activity: > 1441031469.413008 CPNcey4q2i8mGVUvEg 74.91.23.83 62082 > 10.10.81.2073389tcp RDP Binpac exception: binpac exception: > out_of_bound: DT_Data:application_type: 3 > 2 > The 10.x.x.x IP is the redacted local IP. The other IP is the scanner. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val
[
https://bro-tracker.atlassian.net/browse/BIT-1464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann reassigned BIT-1464:
--
Assignee: Johanna Amann
> heap overflow in build_syn_packet_val
> -
>
> Key: BIT-1464
> URL: https://bro-tracker.atlassian.net/browse/BIT-1464
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
>Assignee: Johanna Amann
> Attachments: build_syn_packet_val_bug.pcap
>
>
> {code}
> # bro -r build_syn_packet_val_bug.pcap
> =
> ==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x607000e45266 at pc 0x00cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
> READ of size 1 at 0x607000e45266 thread T0
> #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
> #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned
> char const*, bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
> #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*,
> bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
> #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int,
> int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char
> const*, int) /scratch/bro-clean/src/Conn.cc:260:3
> #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*,
> IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*)
> /scratch/bro-clean/src/Sessions.cc:758:2
> #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*,
> unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
> #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned
> char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
> #7 0xda1c1b in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
> #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #10 0x7f204146cb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1425) BroString::Set() Attempts Allocation of Negative-Length Memory
[ https://bro-tracker.atlassian.net/browse/BIT-1425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1425: -- Resolution: Fixed Status: Closed (was: Open) > BroString::Set() Attempts Allocation of Negative-Length Memory > -- > > Key: BIT-1425 > URL: https://bro-tracker.atlassian.net/browse/BIT-1425 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Affects Versions: 2.3, 2.4 > Environment: Linux Mint 17.1 (Ubuntu 14.04) on bare metal and in a > VirtualBox VM. > Mac OS X 10.10.3 >Reporter: Jonathan Ganz >Assignee: Robin Sommer > Labels: analyzer > Fix For: 2.5 > > Attachments: backtrace.log, > lbl-internal.20041215-1142.port004.dump.anon, memory_trace.log, > negativeMemory.bro > > > When the tcp_packet() event is used, Bro may attempt to allocate memory that > is negative in length (i.e. -6 bytes). Bro crashes with the following output: > tcmalloc: large alloc 0 bytes == (nil) @ 0x7f6abeaefc73 0x7f6abeb111c3 > 0x765e81 0x765b24 0x872562 0xaddc2f 0xaded94 0xb7aeca 0x775180 0x84105b > 0x83f5c0 0x83f39d 0x7fb1bc 0xb3cde6 0x7fb3d9 0x750e98 0x7f6abdaf4ec5 0x72e553 > (nil) > out of memory in new. > 1103139821.634774 fatal error: out of memory in new. > The attached pcap file and bro script cause such a crash when run with the > following command: > /usr/local/bro/bin/bro -r lbl-internal.20041215-1142.port004.dump.anon > /usr/local/bro/share/bro/site/negativeMemory.bro > A core file is not being generated for me, despite following the directions > for reporting problems > (https://www.bro.org/support/reporting-problems.html#getting-more-information-after-acrash). > The file named memory_trace.log shows an alternatively formatted traceback > of the stack when the error occurs. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val
[
https://bro-tracker.atlassian.net/browse/BIT-1464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21900#comment-21900
]
Johanna Amann commented on BIT-1464:
Ok - I managed to verify this and I think that Robin just fixed it in
1b9ee38e6933fbaf1db5822ab0e3088e41435c49.
Could you just cross-check to make sure and close the bug if that fixes it?
> heap overflow in build_syn_packet_val
> -
>
> Key: BIT-1464
> URL: https://bro-tracker.atlassian.net/browse/BIT-1464
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
>Assignee: Johanna Amann
> Attachments: build_syn_packet_val_bug.pcap
>
>
> {code}
> # bro -r build_syn_packet_val_bug.pcap
> =
> ==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x607000e45266 at pc 0x00cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
> READ of size 1 at 0x607000e45266 thread T0
> #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
> #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned
> char const*, bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
> #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*,
> bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
> #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int,
> int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char
> const*, int) /scratch/bro-clean/src/Conn.cc:260:3
> #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*,
> IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*)
> /scratch/bro-clean/src/Sessions.cc:758:2
> #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*,
> unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
> #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned
> char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
> #7 0xda1c1b in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
> #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #10 0x7f204146cb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val
[
https://bro-tracker.atlassian.net/browse/BIT-1464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann reassigned BIT-1464:
--
Assignee: Justin Azoff (was: Johanna Amann)
> heap overflow in build_syn_packet_val
> -
>
> Key: BIT-1464
> URL: https://bro-tracker.atlassian.net/browse/BIT-1464
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
>Assignee: Justin Azoff
> Attachments: build_syn_packet_val_bug.pcap
>
>
> {code}
> # bro -r build_syn_packet_val_bug.pcap
> =
> ==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x607000e45266 at pc 0x00cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
> READ of size 1 at 0x607000e45266 thread T0
> #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
> #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned
> char const*, bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
> #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*,
> bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
> #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int,
> int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char
> const*, int) /scratch/bro-clean/src/Conn.cc:260:3
> #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*,
> IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*)
> /scratch/bro-clean/src/Sessions.cc:758:2
> #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*,
> unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
> #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned
> char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
> #7 0xda1c1b in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
> #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #10 0x7f204146cb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1463) heap overflow in PktSrc::Process
[
https://bro-tracker.atlassian.net/browse/BIT-1463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann reassigned BIT-1463:
--
Assignee: Johanna Amann
> heap overflow in PktSrc::Process
>
>
> Key: BIT-1463
> URL: https://bro-tracker.atlassian.net/browse/BIT-1463
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
>Assignee: Johanna Amann
> Attachments: pktsrc_bug.pcap
>
>
> {code}
> ==11569==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x6020001bcbfc at pc 0x00da1f1b bp 0x7fff726f3d90 sp 0x7fff726f3d88
> READ of size 1 at 0x6020001bcbfc thread T0
> #0 0xda1f1a in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:325:3
> #1 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #2 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #3 0x7f2fd89beb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #4 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1464) heap overflow in build_syn_packet_val
[
https://bro-tracker.atlassian.net/browse/BIT-1464?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1464:
---
Resolution: Duplicate
Status: Closed (was: Open)
Was fixed together with BIT-1425
> heap overflow in build_syn_packet_val
> -
>
> Key: BIT-1464
> URL: https://bro-tracker.atlassian.net/browse/BIT-1464
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
>Assignee: Justin Azoff
> Attachments: build_syn_packet_val_bug.pcap
>
>
> {code}
> # bro -r build_syn_packet_val_bug.pcap
> =
> ==15198==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x607000e45266 at pc 0x00cd6731 bp 0x7fff061fe1b0 sp 0x7fff061fe1a8
> READ of size 1 at 0x607000e45266 thread T0
> #0 0xcd6730 in build_syn_packet_val(int, IP_Hdr const*, tcphdr const*)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:52:3
> #1 0xcd6730 in analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned
> char const*, bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/protocol/tcp/TCP.cc:1274
> #2 0xe24b22 in analyzer::Analyzer::NextPacket(int, unsigned char const*,
> bool, unsigned long, IP_Hdr const*, int)
> /scratch/bro-clean/src/analyzer/Analyzer.cc:222:4
> #3 0x688d9f in Connection::NextPacket(double, int, IP_Hdr const*, int,
> int, unsigned char const*&, int&, int&, pcap_pkthdr const*, unsigned char
> const*, int) /scratch/bro-clean/src/Conn.cc:260:3
> #4 0x858e6f in NetSessions::DoNextPacket(double, pcap_pkthdr const*,
> IP_Hdr const*, unsigned char const*, int, EncapsulationStack const*)
> /scratch/bro-clean/src/Sessions.cc:758:2
> #5 0x85553d in NetSessions::NextPacket(double, pcap_pkthdr const*,
> unsigned char const*, int) /scratch/bro-clean/src/Sessions.cc:231:3
> #6 0x7ba30f in net_packet_dispatch(double, pcap_pkthdr const*, unsigned
> char const*, int, iosource::PktSrc*) /scratch/bro-clean/src/Net.cc:281:2
> #7 0xda1c1b in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:423:3
> #8 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #9 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #10 0x7f204146cb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #11 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann updated BIT-1363: --- Status: Reopened (was: Closed) Resolution: (was: Fixed) > Clustered AF_PACKET support > --- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro >Affects Versions: git/master >Reporter: Michal Purzynski > > Let's have a support for packet capture with the AF_PACKET sockets in multi > worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but > having a direct support for multi-worker load balancing would allow to avoid > the pf_ring for many deployments with the traffic level where DNA / ZC / > Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21904#comment-21904 ] Johanna Amann commented on BIT-1363: Actually, sorry, it was not since this is probably not supported by broctl yet. > Clustered AF_PACKET support > --- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro >Affects Versions: git/master >Reporter: Michal Purzynski > > Let's have a support for packet capture with the AF_PACKET sockets in multi > worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but > having a direct support for multi-worker load balancing would allow to avoid > the pf_ring for many deployments with the traffic level where DNA / ZC / > Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann updated BIT-1363: --- Resolution: Fixed Status: Closed (was: Open) This was added in https://github.com/bro/bro/commit/36b5a4db0834be81ae0761f673744a5b72ae9817 > Clustered AF_PACKET support > --- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro >Affects Versions: git/master >Reporter: Michal Purzynski > > Let's have a support for packet capture with the AF_PACKET sockets in multi > worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but > having a direct support for multi-worker load balancing would allow to avoid > the pf_ring for many deployments with the traffic level where DNA / ZC / > Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1463) heap overflow in PktSrc::Process
[
https://bro-tracker.atlassian.net/browse/BIT-1463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21905#comment-21905
]
Johanna Amann commented on BIT-1463:
I have a fix in topic/johanna/bit-1463 that starts counting remaining bytes to
see if there might be an access overflow in the header.
It fixes the problem in the presented trace and I hope that it also will fix
similar problems with other headers (e.g. mpls/vlan/whatever).
> heap overflow in PktSrc::Process
>
>
> Key: BIT-1463
> URL: https://bro-tracker.atlassian.net/browse/BIT-1463
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
>Assignee: Johanna Amann
> Attachments: pktsrc_bug.pcap
>
>
> {code}
> ==11569==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x6020001bcbfc at pc 0x00da1f1b bp 0x7fff726f3d90 sp 0x7fff726f3d88
> READ of size 1 at 0x6020001bcbfc thread T0
> #0 0xda1f1a in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:325:3
> #1 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #2 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #3 0x7f2fd89beb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #4 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1463) heap overflow in PktSrc::Process
[
https://bro-tracker.atlassian.net/browse/BIT-1463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Johanna Amann updated BIT-1463:
---
Status: Merge Request (was: Open)
Assignee: (was: Johanna Amann)
> heap overflow in PktSrc::Process
>
>
> Key: BIT-1463
> URL: https://bro-tracker.atlassian.net/browse/BIT-1463
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
> Attachments: pktsrc_bug.pcap
>
>
> {code}
> ==11569==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x6020001bcbfc at pc 0x00da1f1b bp 0x7fff726f3d90 sp 0x7fff726f3d88
> READ of size 1 at 0x6020001bcbfc thread T0
> #0 0xda1f1a in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:325:3
> #1 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #2 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #3 0x7f2fd89beb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #4 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
Wendy Edwards created BIT-1470: -- Summary: Implemented Functions in Notice Framework Key: BIT-1470 URL: https://bro-tracker.atlassian.net/browse/BIT-1470 Project: Bro Issue Tracker Issue Type: Patch Components: Bro Affects Versions: 2.3 Reporter: Wendy Edwards Attachments: main_mod.bro, notice_main.patch I modified the main.bro file in the notice framework (see https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) to implement the functions "notice_tags" and "execute_with_notice." The patch (notice_main.patch) and the modified file (main_mod.bro) are both attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-02-259#70102) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1463) heap overflow in PktSrc::Process
[
https://bro-tracker.atlassian.net/browse/BIT-1463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21914#comment-21914
]
Johanna Amann commented on BIT-1463:
topic/johanna/bit-1463-bro24 contains the patch for 2.4.
> heap overflow in PktSrc::Process
>
>
> Key: BIT-1463
> URL: https://bro-tracker.atlassian.net/browse/BIT-1463
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
> Attachments: pktsrc_bug.pcap
>
>
> {code}
> ==11569==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x6020001bcbfc at pc 0x00da1f1b bp 0x7fff726f3d90 sp 0x7fff726f3d88
> READ of size 1 at 0x6020001bcbfc thread T0
> #0 0xda1f1a in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:325:3
> #1 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #2 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #3 0x7f2fd89beb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #4 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1463) heap overflow in PktSrc::Process
[
https://bro-tracker.atlassian.net/browse/BIT-1463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robin Sommer updated BIT-1463:
--
Resolution: Merged (was: Fixed)
Status: Closed (was: Merge Request)
> heap overflow in PktSrc::Process
>
>
> Key: BIT-1463
> URL: https://bro-tracker.atlassian.net/browse/BIT-1463
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
>Reporter: Justin Azoff
> Attachments: pktsrc_bug.pcap
>
>
> {code}
> ==11569==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x6020001bcbfc at pc 0x00da1f1b bp 0x7fff726f3d90 sp 0x7fff726f3d88
> READ of size 1 at 0x6020001bcbfc thread T0
> #0 0xda1f1a in iosource::PktSrc::Process()
> /scratch/bro-clean/src/iosource/PktSrc.cc:325:3
> #1 0x7ba7bf in net_run() /scratch/bro-clean/src/Net.cc:330:4
> #2 0x641d9c in main /scratch/bro-clean/src/main.cc:1199:3
> #3 0x7f2fd89beb44 in __libc_start_main
> /tmp/buildd/glibc-2.19/csu/libc-start.c:287
> #4 0x5ee98c in _start (/scratch/bro-clean/build/src/bro+0x5ee98c)
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-259#70102)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
