[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter Assignee Updated For VersionPrioritySummary --- --- -- - -- --- BIT-1485 [1] Bro,Broker Daniel ThayerRobin Sommer 2015-09-29 - Normal add configure option to prevent building broker python bindings BIT-1484 [2] Bro Daniel ThayerRobin Sommer 2015-09-29 - Normal topic/dnthayer/doc-fixes [3] BIT-1481 [4] Bro Daniel ThayerRobin Sommer 2015-09-29 - Normal some test canonifiers don't always read from stdin BIT-1479 [5] Bro scampbell- 2015-09-16 - Normal seek functionality in RAW reader does not go to end of file BIT-1476 [6] BTestDaniel Thayer- 2015-09-13 - Normal btest-diff can generate too much output when a test fails BIT-1470 [7] Bro Wendy Edwards- 2015-09-11 2.5 Low Implemented Functions in Notice Framework BIT-1336 [8] Bro Vlad Grigorescu - 2015-09-04 2.5 Trivial ElasticSearch indices in UTC Open Fastpath Commits == Commit ComponentAuthor DateSummary --- --- --- -- 24ecb35 [9] bro-testing Vlad Grigorescu 2015-09-10 Add README.rst -> README symlink. Addresses BIT-1413 Open GitHub Pull Requests = Issue Component User Updated Title - - -- #44 [10] broyunzheng [11] 2015-09-23 Fixed parsing of V_ASN1_GENERALIZEDTIME timestamps in x509 certificates [12] #6 [13] bro-pluginsjswaro [14]2015-08-24 Adding initial conversion of TCPRS to a plugin [15] #1 [16] broctl J-Gras [17]2015-09-11 Added support for packet fanout load balancing [18] #3 [19] packet-bricks shirkdog [20] 2015-09-21 Add a check for FreeBSD in lua_interface.c [21] [1] BIT-1485 https://bro-tracker.atlassian.net/browse/BIT-1485 [2] BIT-1484 https://bro-tracker.atlassian.net/browse/BIT-1484 [3] doc-fixes https://github.com/bro/bro/tree/topic/dnthayer/doc-fixes [4] BIT-1481 https://bro-tracker.atlassian.net/browse/BIT-1481 [5] BIT-1479 https://bro-tracker.atlassian.net/browse/BIT-1479 [6] BIT-1476 https://bro-tracker.atlassian.net/browse/BIT-1476 [7] BIT-1470 https://bro-tracker.atlassian.net/browse/BIT-1470 [8] BIT-1336 https://bro-tracker.atlassian.net/browse/BIT-1336 [9] 24ecb35 https://github.com/bro/bro-testing/commit/24ecb35f121e473bf7ff8e66b2e0c2ac68b4e6c0 [10] Pull Request #44 https://github.com/bro/bro/pull/44 [11] yunzheng https://github.com/yunzheng [12] Merge Pull Request #44 with git pull --no-ff --no-commit https://github.com/yunzheng/bro.git topic/x509-generalizedtime [13] Pull Request #6 https://github.com/bro/bro-plugins/pull/6 [14] jswaro https://github.com/jswaro [15] Merge Pull Request #6 with git pull --no-ff --no-commit https://github.com/jswaro/bro-plugins.git topic/jswaro/feature/initial-tcprs-plugin [16] Pull Request #1 https://github.com/bro/broctl/pull/1 [17] J-Gras https://github.com/J-Gras [18] Merge Pull Request #1 with git pull --no-ff --no-commit https://github.com/J-Gras/broctl.git topic/jgras/pcap-config [19] Pull Request #3 https://github.com/bro/packet-bricks/pull/3 [20] shirkdog https://github.com/shirkdog [21] Merge Pull Request #3 with git pull --no-ff --no-commit https://github.com/shirkdog/packet-bricks.git master ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1487) protocols nested within HTTP CONNECT not properly detected when proxy adds headers to 200 response
Eric Karasuda created BIT-1487:
--
Summary: protocols nested within HTTP CONNECT not properly
detected when proxy adds headers to 200 response
Key: BIT-1487
URL: https://bro-tracker.atlassian.net/browse/BIT-1487
Project: Bro Issue Tracker
Issue Type: Patch
Components: Bro
Affects Versions: 2.4
Reporter: Eric Karasuda
Attachments: http-connect.patch, http-connect.pcap,
output-without-patch.tar.gz, output-with-patch.tar.gz
Failure scenario:
* a client makes a HTTP request to a proxy: CONNECT secure.newegg.com:443
* the server responds HTTP 200
* the proxy adds a header to the server's response (e.g. "Proxy-agent:
Apache/2.4.16 (Unix)" in the attached pcap).
* SSL handshake proceeds
* Bro fails to identify the SSL handshake
As soon as Bro sees "HTTP/1.0 200 Connection Established\r\n", it instantiates
a child analyzer and passes the rest of the server's response to the child. In
particular, this means the "Proxy-agent" header is treated as the first data
transmitted in the SSL handshake. As a result, protocol detection fails.
The attached patch remembers that the HTTP 200 was received and only
instantiates the child analyzer when the newline is reached at the end of the
HTTP message (e.g. after the "Proxy-agent" header).
Running {{bro -C -r http-connect.pcap}} with the attached pcap should output
{{output-without-patch.tar.gz}} before applying the patch (note the absence of
ssl.log) and should output {{output-with-patch.tar.gz}} after applying the
patch.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-07-011#70107)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1476) btest-diff can generate too much output when a test fails
[ https://bro-tracker.atlassian.net/browse/BIT-1476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1476: - Assignee: Robin Sommer > btest-diff can generate too much output when a test fails > - > > Key: BIT-1476 > URL: https://bro-tracker.atlassian.net/browse/BIT-1476 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BTest >Reporter: Daniel Thayer >Assignee: Robin Sommer > > When btest-diff fails for a test, it shows the file and then the diff of > the file vs. the baseline. For small output sizes, this can be very useful, > but it > doesn't seem useful when one must scroll through hundreds (or thousands) of > lines of output just to find where the diff begins. There is a MAX_LINES > parameter > in btest-diff to truncate the output of huge files, but it cannot be > customized and > the default value is 5000, which seems really excessive. There is also a > TEST_DIFF_BRIEF option to prevent showing any file contents, but this is > not desirable to use for tests with small baselines, and having to set it for > each > test with a large baseline seems like too much of a maintenance burden. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1479) seek functionality in RAW reader does not go to end of file
[ https://bro-tracker.atlassian.net/browse/BIT-1479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1479: - Assignee: Robin Sommer > seek functionality in RAW reader does not go to end of file > --- > > Key: BIT-1479 > URL: https://bro-tracker.atlassian.net/browse/BIT-1479 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Affects Versions: 2.4 > Environment: running bin/bro version 2.4-87-debug on linux >Reporter: scampbell >Assignee: Robin Sommer > Labels: input-framework > > When using the seek functionality for RAW input as described in > https://github.com/bro/bro/commit/cbba73ab12b3a9935162f008fe7d05ab61c5be6a > The code on line 397-398 will push the suggested value of -1 to 0 which will > disable the SEEK_END. > The fix would be to make the test if offset < -1, or to remove it in its > entirety. > many thanks! > scott -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1470: - Assignee: Robin Sommer > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Robin Sommer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1470: -- Status: Open (was: Merge Request) > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Robin Sommer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22409#comment-22409 ] Robin Sommer commented on BIT-1470: --- The code in in notice_tags() looks pretty fragile: I'd bet that we if ever changed the fields that an Info record had, we'd forget to adapt this function. Different idea: we could use record_fields() instead to get all the fields dynamically and then iterate through. For those that need special treatment to generate good defaults, we could still hardcode that; but for all others we'd just convert to string by default. > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Robin Sommer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1470: - Assignee: Daniel Thayer (was: Robin Sommer) > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Daniel Thayer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22408#comment-22408 ] Robin Sommer commented on BIT-1470: --- The code in in notice_tags() looks pretty fragile: I'd bet that we if ever changed the fields that an Info record had, we'd forget to adapt this function. Different idea: we could use record_fields() instead to get all the fields dynamically and then iterate through. For those that need special treatment to generate good defaults, we could still hardcode that; but for all others we'd just convert to string by default. > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Robin Sommer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1336) ElasticSearch indices in UTC
[ https://bro-tracker.atlassian.net/browse/BIT-1336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1336: - Assignee: Robin Sommer > ElasticSearch indices in UTC > > > Key: BIT-1336 > URL: https://bro-tracker.atlassian.net/browse/BIT-1336 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro >Affects Versions: 2.4 >Reporter: Vlad Grigorescu >Assignee: Robin Sommer >Priority: Trivial > Fix For: 2.5 > > > For improved compatibility with Kibana and other ElasticSearch frontends, the > timestamps on the Bro indices should be changed to UTC. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1486) Bro crashes when trying to Start
[ https://bro-tracker.atlassian.net/browse/BIT-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1486: -- Priority: Normal (was: Critical) > Bro crashes when trying to Start > > > Key: BIT-1486 > URL: https://bro-tracker.atlassian.net/browse/BIT-1486 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Affects Versions: 2.4 > Environment: It's on a Centos 6 OS version and we are in the process > of transitioning for an onboard NIC to a Myricom 10G fiber interface card. >Reporter: Gabriel Dinkins > Labels: broctl > > Upon trying to start the Bro IDS software it continually crashes. Upon > checking the "diag" it states: stderr.log > fatal error: problem with interface p3p1 (p3p1: no IPv4 address assigned) -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1467) several tests are broken in scripts/policy/protocols/ssl
[ https://bro-tracker.atlassian.net/browse/BIT-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1467: -- Priority: High (was: Normal) > several tests are broken in scripts/policy/protocols/ssl > > > Key: BIT-1467 > URL: https://bro-tracker.atlassian.net/browse/BIT-1467 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Reporter: Daniel Thayer >Assignee: Johanna Amann >Priority: High > Fix For: 2.5 > > > Due to recent bug fixes in the btest repo (see BIT-1455), it was > discovered that several tests in the bro repo now fail due to problems > with their canonifier. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1467) several tests are broken in scripts/policy/protocols/ssl
[ https://bro-tracker.atlassian.net/browse/BIT-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22410#comment-22410 ] Robin Sommer commented on BIT-1467: --- They keep failing for me too. Is this still a canonifier problem, or are the tests themselves broken? I'd like to get this fixed; not good if we have tests that we know to fail. > several tests are broken in scripts/policy/protocols/ssl > > > Key: BIT-1467 > URL: https://bro-tracker.atlassian.net/browse/BIT-1467 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Reporter: Daniel Thayer >Assignee: Johanna Amann > Fix For: 2.5 > > > Due to recent bug fixes in the btest repo (see BIT-1455), it was > discovered that several tests in the bro repo now fail due to problems > with their canonifier. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22411#comment-22411 ] Wendy Edwards commented on BIT-1470: Would you like me to try making this change? > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Daniel Thayer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22412#comment-22412 ] Robin Sommer commented on BIT-1363: --- Is the conclusion that the pcap-based fan-out code that got merged recently doesn't work and should be removed? That would then also affect https://github.com/bro/broctl/pull/1. > Clustered AF_PACKET support > --- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro >Affects Versions: git/master >Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi > worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but > having a direct support for multi-worker load balancing would allow to avoid > the pf_ring for many deployments with the traffic level where DNA / ZC / > Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1470: - Assignee: Wendy Edwards (was: Daniel Thayer) > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Wendy Edwards >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1470) Implemented Functions in Notice Framework
[ https://bro-tracker.atlassian.net/browse/BIT-1470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22413#comment-22413 ] Robin Sommer commented on BIT-1470: --- Sure, thanks (I should have assigned it back to you) > Implemented Functions in Notice Framework > - > > Key: BIT-1470 > URL: https://bro-tracker.atlassian.net/browse/BIT-1470 > Project: Bro Issue Tracker > Issue Type: Patch > Components: Bro >Affects Versions: 2.3 >Reporter: Wendy Edwards >Assignee: Daniel Thayer >Priority: Low > Fix For: 2.5 > > Attachments: main_mod.bro, notice_main.patch > > > I modified the main.bro file in the notice framework (see > https://github.com/bro/bro/blob/master/scripts/base/frameworks/notice/main.bro) > to implement the functions "notice_tags" and "execute_with_notice." The > patch (notice_main.patch) and the modified file (main_mod.bro) are both > attached. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1467) several tests are broken in scripts/policy/protocols/ssl
[ https://bro-tracker.atlassian.net/browse/BIT-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22414#comment-22414 ] Johanna Amann commented on BIT-1467: The tests themselves are broken -- sorry, I will try to fix this soon. > several tests are broken in scripts/policy/protocols/ssl > > > Key: BIT-1467 > URL: https://bro-tracker.atlassian.net/browse/BIT-1467 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Reporter: Daniel Thayer >Assignee: Johanna Amann >Priority: High > Fix For: 2.5 > > > Due to recent bug fixes in the btest repo (see BIT-1455), it was > discovered that several tests in the bro repo now fail due to problems > with their canonifier. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1476) btest-diff can generate too much output when a test fails
[ https://bro-tracker.atlassian.net/browse/BIT-1476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1476: -- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > btest-diff can generate too much output when a test fails > - > > Key: BIT-1476 > URL: https://bro-tracker.atlassian.net/browse/BIT-1476 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: BTest >Reporter: Daniel Thayer >Assignee: Robin Sommer > > When btest-diff fails for a test, it shows the file and then the diff of > the file vs. the baseline. For small output sizes, this can be very useful, > but it > doesn't seem useful when one must scroll through hundreds (or thousands) of > lines of output just to find where the diff begins. There is a MAX_LINES > parameter > in btest-diff to truncate the output of huge files, but it cannot be > customized and > the default value is 5000, which seems really excessive. There is also a > TEST_DIFF_BRIEF option to prevent showing any file contents, but this is > not desirable to use for tests with small baselines, and having to set it for > each > test with a large baseline seems like too much of a maintenance burden. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1336) ElasticSearch indices in UTC
[ https://bro-tracker.atlassian.net/browse/BIT-1336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1336: -- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > ElasticSearch indices in UTC > > > Key: BIT-1336 > URL: https://bro-tracker.atlassian.net/browse/BIT-1336 > Project: Bro Issue Tracker > Issue Type: Improvement > Components: Bro >Affects Versions: 2.4 >Reporter: Vlad Grigorescu >Assignee: Robin Sommer >Priority: Trivial > Fix For: 2.5 > > > For improved compatibility with Kibana and other ElasticSearch frontends, the > timestamps on the Bro indices should be changed to UTC. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22415#comment-22415 ] Kris Nielander commented on BIT-1363: - I believe the conditions for it to work depend a little bit too much on libpcap. I would suggest removing it in favor of a separate af_packet plugin, but do leave the pcap buffer patch in place. > Clustered AF_PACKET support > --- > > Key: BIT-1363 > URL: https://bro-tracker.atlassian.net/browse/BIT-1363 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro >Affects Versions: git/master >Reporter: Michal Purzynski > Attachments: pcap.c > > > Let's have a support for packet capture with the AF_PACKET sockets in multi > worker configuration. > Bro can use a single worker with af_packet, I have tested and it works, but > having a direct support for multi-worker load balancing would allow to avoid > the pf_ring for many deployments with the traffic level where DNA / ZC / > Myricom / DAG is not required. -- This message was sent by Atlassian JIRA (v7.0.0-OD-07-011#70107) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
