[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter Assignee Updated For Version PrioritySummary --- - -- - -- - BIT-1519 [1] Bro Daniel Thayer - 2016-01-12 - Normal bro segfaults when trying to delete a record field that doesn't exist BIT-1490 [2] BroControl Seth Hall Justin Azoff 2015-12-11 2.5 Low Need ability to expire logs with more granularity than #days. Open GitHub Pull Requests = Issue ComponentUser Updated Title --- - -- - #51 [3] bro aeppert [4]2016-01-14 Add version to HTTP::Info [5] #50 [6] bro aeppert [7]2016-01-08 NOTIFY is a valid SIP message per RFC3265 [8] #49 [9] bro wglodek [10] 2015-12-23 update ParseRequest to handle missing uri [11] #46 [12] bro albertzaharovits [13] 2015-12-18 HTTP Content-Disposition header updates filename field in HTTP::Info [14] #3 [15] broctl aeppert [16] 2015-12-30 Wrap interface for running a custom plugin [17] [1] BIT-1519 https://bro-tracker.atlassian.net/browse/BIT-1519 [2] BIT-1490 https://bro-tracker.atlassian.net/browse/BIT-1490 [3] Pull Request #51 https://github.com/bro/bro/pull/51 [4] aeppert https://github.com/aeppert [5] Merge Pull Request #51 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-3 [6] Pull Request #50 https://github.com/bro/bro/pull/50 [7] aeppert https://github.com/aeppert [8] Merge Pull Request #50 with git pull --no-ff --no-commit https://github.com/aeppert/bro.git patch-2 [9] Pull Request #49 https://github.com/bro/bro/pull/49 [10] wglodek https://github.com/wglodek [11] Merge Pull Request #49 with git pull --no-ff --no-commit https://github.com/0xcc-labs/bro.git topic/http-missing-uri [12] Pull Request #46 https://github.com/bro/bro/pull/46 [13] albertzaharovits https://github.com/albertzaharovits [14] Merge Pull Request #46 with git pull --no-ff --no-commit https://github.com/albertzaharovits/bro.git master [15] Pull Request #3 https://github.com/bro/broctl/pull/3 [16] aeppert https://github.com/aeppert [17] Merge Pull Request #3 with git pull --no-ff --no-commit https://github.com/aeppert/broctl.git master ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1523) ActiveHTTP module is broken
[
https://bro-tracker.atlassian.net/browse/BIT-1523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Seth Hall updated BIT-1523:
---
Resolution: Invalid
Status: Closed (was: Open)
This is only a problem if you allow Bro to shutdown immediately. We don't
always develop for that scenario since it represents such a minor use of Bro.
bro active-http-test.bro exit_only_after_terminate=T
> ActiveHTTP module is broken
> ---
>
> Key: BIT-1523
> URL: https://bro-tracker.atlassian.net/browse/BIT-1523
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
> Environment: Mac OS X 10.11.2, Bro 2.4.1 (installed from Homebrew),
> curl 7.43.0
> CentOS 7.1.1503, Bro 2.4.1 (installed from OpenSuSE build service), curl
> 7.29.0
>Reporter: Derek Ditch
> Labels: bug, script
>
> When trying a very simple script found in Seth Hall's Bro Junk Drawer [1], I
> cannot get ActiveHTTP to even perform a successful GET request. I'd like to
> use ActiveHTTP to do RESTful POSTs for a notice or given behavior.
> CentOS output:
> {code}
> [vagrant@simplerockbuild ~]$ bro active-http-test.bro
> rm: cannot remove ‘/tmp/bro-activehttp-0ZTaA97EcF9_body’: No such file or
> directory
> {code}
> Mac OS X output:
> {code}
> $ bro active-http-test.bro
> rm: /tmp/bro-activehttp-nuJUYIMCT4e_body: No such file or directory
> rm: /tmp/bro-activehttp-nuJUYIMCT4e_headers: No such file or directory
> {code}
> [1]
> https://github.com/sethhall/bro-junk-drawer/blob/master/active-http-test.bro
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-04-012#71001)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1523) ActiveHTTP module is broken
[
https://bro-tracker.atlassian.net/browse/BIT-1523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23828#comment-23828
]
Derek Ditch commented on BIT-1523:
--
That fixed the problem. Might add that the documentation of the ActiveHTTP
module or other modules that have a race condition during interactive use of
Bro.
Thanks Seth!
> ActiveHTTP module is broken
> ---
>
> Key: BIT-1523
> URL: https://bro-tracker.atlassian.net/browse/BIT-1523
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: 2.4
> Environment: Mac OS X 10.11.2, Bro 2.4.1 (installed from Homebrew),
> curl 7.43.0
> CentOS 7.1.1503, Bro 2.4.1 (installed from OpenSuSE build service), curl
> 7.29.0
>Reporter: Derek Ditch
> Labels: bug, script
>
> When trying a very simple script found in Seth Hall's Bro Junk Drawer [1], I
> cannot get ActiveHTTP to even perform a successful GET request. I'd like to
> use ActiveHTTP to do RESTful POSTs for a notice or given behavior.
> CentOS output:
> {code}
> [vagrant@simplerockbuild ~]$ bro active-http-test.bro
> rm: cannot remove ‘/tmp/bro-activehttp-0ZTaA97EcF9_body’: No such file or
> directory
> {code}
> Mac OS X output:
> {code}
> $ bro active-http-test.bro
> rm: /tmp/bro-activehttp-nuJUYIMCT4e_body: No such file or directory
> rm: /tmp/bro-activehttp-nuJUYIMCT4e_headers: No such file or directory
> {code}
> [1]
> https://github.com/sethhall/bro-junk-drawer/blob/master/active-http-test.bro
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-04-012#71001)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1519) bro segfaults when trying to delete a record field that doesn't exist
[ https://bro-tracker.atlassian.net/browse/BIT-1519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer reassigned BIT-1519: - Assignee: Robin Sommer > bro segfaults when trying to delete a record field that doesn't exist > - > > Key: BIT-1519 > URL: https://bro-tracker.atlassian.net/browse/BIT-1519 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Reporter: Daniel Thayer >Assignee: Robin Sommer > Attachments: test.bro > > > When using the "delete" statement on a record field that doesn't exist, > Bro will (correctly) report an error message, but then it segfaults. -- This message was sent by Atlassian JIRA (v7.1.0-OD-04-012#71001) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1514) Test plugins.pktsrc fails
[
https://bro-tracker.atlassian.net/browse/BIT-1514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23829#comment-23829
]
Robin Sommer commented on BIT-1514:
---
Forgot to comment on this earlier: I had tried to reproduce it here, but no
luck. valgrind also didn't flag anything. I also double-checked the code and
didn't spot anything obvious.
> Test plugins.pktsrc fails
> -
>
> Key: BIT-1514
> URL: https://bro-tracker.atlassian.net/browse/BIT-1514
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
>Affects Versions: git/master
> Environment: Fedora 23
>Reporter: Jan Grashoefer
>Assignee: Robin Sommer
>
> The plugins.pktsrc test fails for me. Bro crashes with:
> {code}
> *** Error in `bro': corrupted double-linked list: 0x03ac10a0 ***
> === Backtrace: =
> /lib64/libc.so.6(+0x77e15)[0x7f5c5e23ae15]
> /lib64/libc.so.6(+0x7eed8)[0x7f5c5e241ed8]
> /lib64/libc.so.6(+0x807a8)[0x7f5c5e2437a8]
> /lib64/libc.so.6(cfree+0x4c)[0x7f5c5e246cac]
> bro(_ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_mESt10_Select1stIS9_ESt4lessIS7_ESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E+0x32)[0x5d3322]
> bro(_ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_mESt10_Select1stIS9_ESt4lessIS7_ESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E+0x1c)[0x5d330c]
> bro(_ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_mESt10_Select1stIS9_ESt4lessIS7_ESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E+0x1c)[0x5d330c]
> bro(_ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_mESt10_Select1stIS9_ESt4lessIS7_ESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E+0x1c)[0x5d330c]
> bro(_ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_mESt10_Select1stIS9_ESt4lessIS7_ESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E+0x1c)[0x5d330c]
> bro(_ZNSt8_Rb_treeISt4pairINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_ES0_IKS7_mESt10_Select1stIS9_ESt4lessIS7_ESaIS9_EE8_M_eraseEPSt13_Rb_tree_nodeIS9_E+0x1c)[0x5d330c]
> bro(_ZN8BrofilerD1Ev+0x22)[0x5d2162]
> /lib64/libc.so.6(+0x39658)[0x7f5c5e1fc658]
> /lib64/libc.so.6(+0x396a5)[0x7f5c5e1fc6a5]
> /lib64/libc.so.6(__libc_start_main+0xf7)[0x7f5c5e1e3587]
> bro(_start+0x29)[0x5ac359]
> === Memory map:
> 0040-00a35000 r-xp fd:01 5378219
> /home/jgras/devel/bro/build/src/bro
> 00c34000-00c36000 r--p 00634000 fd:01 5378219
> /home/jgras/devel/bro/build/src/bro
> 00c36000-00c3a000 rw-p 00636000 fd:01 5378219
> /home/jgras/devel/bro/build/src/bro
> 00c3a000-00c4e000 rw-p 00:00 0
> 01c02000-03cb7000 rw-p 00:00 0
> [heap]
> 7f5c5000-7f5c50021000 rw-p 00:00 0
> 7f5c50021000-7f5c5400 ---p 00:00 0
> 7f5c577ff000-7f5c5780 ---p 00:00 0
> 7f5c5780-7f5c5800 rw-p 00:00 0
> 7f5c5800-7f5c58021000 rw-p 00:00 0
> 7f5c58021000-7f5c5c00 ---p 00:00 0
> 7f5c5c39c000-7f5c5c39d000 ---p 00:00 0
> 7f5c5c39d000-7f5c5cb9d000 rw-p 00:00 0
> 7f5c5cb9d000-7f5c5cba r-xp fd:01 5636209
> /home/jgras/devel/bro/testing/btest/.tmp/plugins.pktsrc/build/lib/Demo-Foo.linux-x86_64.so
> 7f5c5cba-7f5c5cda ---p 3000 fd:01 5636209
> /home/jgras/devel/bro/testing/btest/.tmp/plugins.pktsrc/build/lib/Demo-Foo.linux-x86_64.so
> 7f5c5cda-7f5c5cda1000 r--p 3000 fd:01 5636209
> /home/jgras/devel/bro/testing/btest/.tmp/plugins.pktsrc/build/lib/Demo-Foo.linux-x86_64.so
> 7f5c5cda1000-7f5c5cda2000 rw-p 4000 fd:01 5636209
> /home/jgras/devel/bro/testing/btest/.tmp/plugins.pktsrc/build/lib/Demo-Foo.linux-x86_64.so
> 7f5c5cda2000-7f5c5cdad000 r-xp fd:00 135163
> /usr/lib64/libnss_files-2.22.so
> 7f5c5cdad000-7f5c5cfac000 ---p b000 fd:00 135163
> /usr/lib64/libnss_files-2.22.so
> 7f5c5cfac000-7f5c5cfad000 r--p a000 fd:00 135163
> /usr/lib64/libnss_files-2.22.so
> 7f5c5cfad000-7f5c5cfae000 rw-p b000 fd:00 135163
> /usr/lib64/libnss_files-2.22.so
> 7f5c5cfae000-7f5c5cfb4000 rw-p 00:00 0
> 7f5c5cfb4000-7f5c5d023000 r-xp fd:00 139841
> /usr/lib64/libpcre.so.1.2.6
> 7f5c5d023000-7f5c5d222000 ---p 0006f000 fd:00 139841
> /usr/lib64/libpcre.so.1.2.6
> 7f5c5d222000-7f5c5d223000 r--p 0006e000 fd:00 139841
> /usr/lib64/libpcre.so.1.2.6
> 7f5c5d223000-7f5c5d224000 rw-p 0006f000 fd:00 139841
> /usr/lib64/libpc
[Bro-Dev] [JIRA] (BIT-1413) README files misidentified by GitHub
[ https://bro-tracker.atlassian.net/browse/BIT-1413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23830#comment-23830 ] Robin Sommer commented on BIT-1413: --- yeah would prefer to keep, make it easier to navigate. Would it work with github to do a bullet list with relative links instead of the toctree? (However, I'm not sure if then Sphinx would complain about the sub-directory README not being included anywhere.) > README files misidentified by GitHub > > > Key: BIT-1413 > URL: https://bro-tracker.atlassian.net/browse/BIT-1413 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Documentation >Reporter: Vlad Grigorescu >Assignee: Johanna Amann >Priority: Low > Fix For: 2.5 > > > If a README file doesn't have an extension, GitHub will parse it as Markdown. > Because our README files are ReST, this results in some ugly (and not very > useful) READMEs when visiting the repository on GitHub. > For example, see: https://github.com/bro/btest#readme > There are two options we could take to fix this: rename README to README.rst, > or create a symlink. I tried out the symlink option here, and I think the > result is much more useful: https://github.com/grigorescu/btest#readme > The affected repos are: > binpac > bro > bro-aux > bro-plugins > bro-scripts > broccoli > broccoli-perl > broccoli-python > broccoli-ruby > broctl (broctl's README just instructs users to see doc/broctl.rst. This > could just be a symlink) > broker > bromagic (this can probably be deleted?) > btest > capstats > time-machine > trace-summary -- This message was sent by Atlassian JIRA (v7.1.0-OD-04-012#71001) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1515) Interface setup plug-in
[ https://bro-tracker.atlassian.net/browse/BIT-1515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23831#comment-23831 ] Justin Azoff commented on BIT-1515: --- Doug Burks commented on the interface setup gist: Hi Justin, Regarding the ethtool invocation, I seem to remember an issue with certain NICs where the command might fail when trying to set multiple options at one time. http://blog.securityonion.net/2011/10/when-is-full-packet-capture-not-full.html "You can set multiple options in one "ethtool" command, but this can be problematic if your card doesn't support all of the settings." Here is what we do in Security Onion that has been working well for a few years now: for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done Hope that helps! > Interface setup plug-in > --- > > Key: BIT-1515 > URL: https://bro-tracker.atlassian.net/browse/BIT-1515 > Project: Bro Issue Tracker > Issue Type: Task > Components: Bro >Reporter: Jeannette Dopheide >Assignee: Justin Azoff >Priority: Low > > Place holder ticket to remind Justin to finish the interface setup plug-in he > has been working on. -- This message was sent by Atlassian JIRA (v7.1.0-OD-04-012#71001) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1519) bro segfaults when trying to delete a record field that doesn't exist
[ https://bro-tracker.atlassian.net/browse/BIT-1519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robin Sommer updated BIT-1519: -- Resolution: Merged (was: Fixed) Status: Closed (was: Merge Request) > bro segfaults when trying to delete a record field that doesn't exist > - > > Key: BIT-1519 > URL: https://bro-tracker.atlassian.net/browse/BIT-1519 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro >Reporter: Daniel Thayer >Assignee: Robin Sommer > Attachments: test.bro > > > When using the "delete" statement on a record field that doesn't exist, > Bro will (correctly) report an error message, but then it segfaults. -- This message was sent by Atlassian JIRA (v7.1.0-OD-04-012#71001) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1413) README files misidentified by GitHub
[ https://bro-tracker.atlassian.net/browse/BIT-1413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johanna Amann updated BIT-1413: --- Resolution: Fixed Status: Closed (was: Open) > README files misidentified by GitHub > > > Key: BIT-1413 > URL: https://bro-tracker.atlassian.net/browse/BIT-1413 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Documentation >Reporter: Vlad Grigorescu >Assignee: Johanna Amann >Priority: Low > Fix For: 2.5 > > > If a README file doesn't have an extension, GitHub will parse it as Markdown. > Because our README files are ReST, this results in some ugly (and not very > useful) READMEs when visiting the repository on GitHub. > For example, see: https://github.com/bro/btest#readme > There are two options we could take to fix this: rename README to README.rst, > or create a symlink. I tried out the symlink option here, and I think the > result is much more useful: https://github.com/grigorescu/btest#readme > The affected repos are: > binpac > bro > bro-aux > bro-plugins > bro-scripts > broccoli > broccoli-perl > broccoli-python > broccoli-ruby > broctl (broctl's README just instructs users to see doc/broctl.rst. This > could just be a symlink) > broker > bromagic (this can probably be deleted?) > btest > capstats > time-machine > trace-summary -- This message was sent by Atlassian JIRA (v7.1.0-OD-04-012#71001) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1413) README files misidentified by GitHub
[ https://bro-tracker.atlassian.net/browse/BIT-1413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23833#comment-23833 ] Johanna Amann commented on BIT-1413: After playing around for a bit - it is basically impossible to create something here that works in sphinx and in github (the links end up broken in one of the two cases). The current solution is to change the phrasing somewhat, so it does not look odd when the links are not present on GitHub and leave everything else as is. Besides this, everything in this ticket is done. Closing. > README files misidentified by GitHub > > > Key: BIT-1413 > URL: https://bro-tracker.atlassian.net/browse/BIT-1413 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Documentation >Reporter: Vlad Grigorescu >Assignee: Johanna Amann >Priority: Low > Fix For: 2.5 > > > If a README file doesn't have an extension, GitHub will parse it as Markdown. > Because our README files are ReST, this results in some ugly (and not very > useful) READMEs when visiting the repository on GitHub. > For example, see: https://github.com/bro/btest#readme > There are two options we could take to fix this: rename README to README.rst, > or create a symlink. I tried out the symlink option here, and I think the > result is much more useful: https://github.com/grigorescu/btest#readme > The affected repos are: > binpac > bro > bro-aux > bro-plugins > bro-scripts > broccoli > broccoli-perl > broccoli-python > broccoli-ruby > broctl (broctl's README just instructs users to see doc/broctl.rst. This > could just be a symlink) > broker > bromagic (this can probably be deleted?) > btest > capstats > time-machine > trace-summary -- This message was sent by Atlassian JIRA (v7.1.0-OD-04-012#71001) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
