On Tue, Oct 28, 2014 at 01:18:09PM -0700, Jonathan Siwek wrote:
> Some didn't look quite right so fixed while merging: the return value of
> fwrite is in terms of number of objects written, not number of bytes
> written and some calls still mixed those up.
Thank you, I totally managed
Hello,
we are considering to provide packages for a number of different
.deb and .rpm based distributions starting with Bro 2.4, using the
OpenSuse build service.
As a first step, I have created a repository that contains nightly Bro
builds for CentOs, Debian, Fedora, Suse Linux, Scientific Linux
Hi,
currently it is not possible to build Bro on RedHat / CentOs 6 or earlier
because the cmake version available on those systems is too low.
Is there any important reason why we need 2.8? CentOs 6 only has 2.6.4 by
default.
Johanna
___
bro-dev mailin
On Tue, Feb 17, 2015 at 09:53:23PM +, Siwek, Jon wrote:
> > currently it is not possible to build Bro on RedHat / CentOs 6 or earlier
> > because the cmake version available on those systems is too low.
>
> I think 6.6 has CMake 2.8.12.2 now.
>
> But yeah, before they were at 2.6.4.
Ah, ok.
On Wed, Feb 18, 2015 at 03:27:20PM +, Siwek, Jon wrote:
>
> Yeah, patching it out should be easy for the moment.
[...]
Thank you, that worked. One more question - currently Bro does not compile
on systems that use libpcap < 1.1.1, because PCAP_NETMASK_UNKNOWN is not
defined (example compile e
On Fri, Feb 20, 2015 at 01:48:30PM -0800, Robin Sommer wrote:
> > I’m not that familiar either, but think it may be fine to provide our
> > own preprocessor definition if it doesn’t exist.
>
> I'll remove the dependency on the macro, it's used mainly as
> placeholder value, and we can use our own
Hi,
On Mon, Mar 23, 2015 at 03:33:13PM -0500, Daniel Thayer wrote:
> I'm glad to hear that you're testing broctl on FreeBSD (I always
> test on Linux). Here are my initial ideas:
> How many hosts are in your cluster? (you mentioned "28 physical nodes",
> does that mean 28 computers?!)
It is 28
On Mon, Mar 23, 2015 at 04:15:12PM -0500, Daniel Thayer wrote:
> When you do a broctl status, does it show a status line for every Bro
> node in your cluster?
Yes, it does. At least I think so, the number is quite large :)
> How are you running broctl status:
> 1) just by typing "broctl status",
?project=network%3Abro&package=bro-nightly
(currently it still is a 404; should hopefully be available within the
next few hours).
The binaries at the old location will no longer be updated.
Johanna
On Thu, Feb 12, 2015 at 12:53:51PM -0800, Johanna Amann wrote:
> Hello,
>
> we are c
On Wed, Jul 15, 2015 at 08:20:18AM -0700, Robin Sommer wrote:
> Unclear to me why these are failing?
I think the .seen.certs one is a race condition between loading of the
intel file and running the trace. Let me take a look at that, I might be
able to fix it.
Not sure about the other one.
Johan
On Wed, Jul 15, 2015 at 09:04:16AM -0700, Johanna Amann wrote:
> On Wed, Jul 15, 2015 at 08:20:18AM -0700, Robin Sommer wrote:
> > Unclear to me why these are failing?
>
> I think the .seen.certs one is a race condition between loading of the
> intel file and running the trace.
On Mon, Sep 21, 2015 at 10:56:42AM -0500, Vlad Grigorescu wrote:
> For Bro 2.5, I'd like to add some more functionality to the Windows
> Portable Executable analyzer. I think there's a lot of valuable data that
> could be extracted, but the format is rather challenging to work with. Some
> protocol
Hello Jakub,
this is a known bug at the moment - tracked in
https://bro-tracker.atlassian.net/browse/BIT-1325
At the moment there is no workaround to this, besides writing to
separate sqlite database files -- sorry.
Johanna
On 5 Nov 2015, at 7:03, Jakub S. Paulovic wrote:
> Hello,
>
> I am t
Actually - there is a patch in that bug that you might want to try - I
forgot about that. I am not completely sure about the performance
implications it might have though.
Johanna
On 5 Nov 2015, at 8:43, Johanna Amann wrote:
> Hello Jakub,
>
> this is a known bug at the moment - t
On Thu, Jan 28, 2016 at 08:56:16AM -0800, Robin Sommer wrote:
> sha1 is filled in the 2nd version. I think saw a different example
> where it was md5sum that was set in the 2nd version but not the
> baseline version. Were there any changes in this regard?
I am not aware of anything in the SSL so
On 28 Jan 2016, at 18:19, Seth Hall wrote:
>> On Jan 28, 2016, at 11:56 AM, Robin Sommer wrote:
>>
>> On Thu, Jan 28, 2016 at 03:25 -0600,
>> jenk...@brotestbed.ncsa.illinois.edu wrote:
>>
>>> from
>>> /home/jenkins/workspace/UnitTests/bro/aux/plugins/elasticsearch/build/elastics
Could someone who has access to the machines please tell me what the exact
CentOS version running on jenkins is?
And also - the output of openssl version.
Johanna
On Tue, Feb 02, 2016 at 08:43:21AM -0800, Robin Sommer wrote:
> We still have a few Jenkins errors. Can somebody take the action item
Hi,
we currently have a ton of branches in Bro which have been merged into
master (some of them a long time ago). And - I would like to delete them,
unless people think they are worth keeping around for some reason.
To be more specific, the branches I would like to delete are:
robin/topic/writer
Just one more warning - if no one complains, I will go ahead and delete
all of this on Friday.
Johanna
On Wed, Apr 20, 2016 at 10:28:01AM -0700, Johanna Amann wrote:
> Hi,
>
> we currently have a ton of branches in Bro which have been merged into
> master (some of them a long time a
On Mon, Jun 06, 2016 at 02:14:50PM -0500, Daniel Thayer wrote:
> On 06/06/2016 01:50 PM, Robin Sommer wrote:
> > - For shipping binary plugins:
> >
> > - Through meta information, we let the author specify a build
> >command to build all their binary stuff, such as "./configure &&
> >
On 9 Jun 2016, at 13:29, Matthias Vallentin wrote:
>> I see benefits in two separate repos:
>
> Yep.
>
>> client: bro-pkg
>> community packages: bro-pkg-community
>
> I'm not sure if I understand the -community suffix. The client bro-pkg
> makes sense to me. But the first association I h
I think kind of like having the certificates being handled as files by
default. However, I see that most people who run clusters in production
do not want that information in files.log. So - from my point of view,
it might make sense to have a policy script that filters certificates
from files.
And to add a me three to this - I am also with him on this one. On top
of things - I might misremember this, but didn't we plan package names
to include the github user name at one point of time? So a package name
would be user/redis, for example, and there also could be user2/redis?
Johanna
O
On 8 Aug 2016, at 8:20, Robin Sommer wrote:
> (Moving to bro-dev).
>
> On Sun, Aug 07, 2016 at 09:59 -0700, Johanna Amann wrote:
>
>> Yup, that is exactly it. There currently is a rewrite of Broker
>> underway, which will use the newer library versions, but it is not
&g
I just finished a branch that adds support for TLSv1.3 to Bro (branch
topic/johanna/tls13, important commit:
https://github.com/bro/bro/commit/fdef28ce7c3455d43267ab07dbb8ad96c9ea3890).
What do people think of the idea of adding that patch to the upcoming Bro
2.5 release?
I know that we are quite
nt problems. FWIW, I can run this branch on my end
> for until release happens.
>
> Aashish
>
> On Fri, Oct 07, 2016 at 02:06:53PM -0700, Johanna Amann wrote:
>> I just finished a branch that adds support for TLSv1.3 to Bro (branch
>> topic/johanna/t
On 8 Oct 2016, at 17:38, Vlad Grigorescu wrote:
> Well, I should point out that Cloudflare enabled it a couple of weeks
> ago:
> https://blog.cloudflare.com/introducing-tls-1-3/
You actually got that to run? I did not manage to get any client to
successfully negotiate TLS 1.3 with them and se
As a follow-up: since all responses were positives, I filed a
merge-request for this and it should (hopefully) make it into 2.5.
Merge-request for those who want to follow it:
https://bro-tracker.atlassian.net/browse/BIT-1727
Johanna
On Fri, Oct 07, 2016 at 02:06:53PM -0700, Johanna Amann wrote
Just to add to this - there is no analyzer and so far this is also not
planned. In addition to that - OpenFlow encourages use of TLS, so you
(hopefully) should not actually see a lot of unencrypted OF traffic on
the wire.
Johanna
On 17 Oct 2016, at 15:47, Slagell, Adam J wrote:
> I get you no
Hi,
plugins/hooks currently fails because of the changed year number:
0.00 | HookCallFunction strftime(%Y, XX.XX)
0.00 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
0.00 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
-0.00 | HookCallFunction to_count(
Just to add my two cents to this, because automated testing is actually
one of the things that I really think package managers should do...
On Mon, Jan 16, 2017 at 06:45:52PM +, Siwek, Jon wrote:
> 1) Add `bro-pkg test ` command.
Might it also make sense to just run the test on installation,
On Thu, Jan 19, 2017 at 11:19:20AM -0600, Alberto Garcia wrote:
> Hi,
>
> I've compiled bro from source to do some debugging. Once compiled I can't
> run bro since there is an error popping up:
>
> default@debian:~/bro$ ./build/src/bro
> fatal error: can't find base/init-bare.bro
>
> If I do the
On Tue, Jan 17, 2017 at 04:01:19AM +, Siwek, Jon wrote:
> > I actually think it would be neat to do this isolated, especially given
> > that this enables testing before installing.
>
> Not sure I follow. Can you explain further?
Sorry - what I meant is that the tests can run before the packa
Hi Jon,
On Wed, Jan 25, 2017 at 02:23:57AM +, Siwek, Jon wrote:
> bro-pkg 1.0 is now out and supports
>
> * package unit testing [1]
thanks for this. Are there any extra steps that one has to do for this to
work? I tried to activate it for my repository at
https://github.com/0xxon/bro-sumsta
Ah, and if you remember to specify --version master, things suddenly look
much better - ignore this :)
Johanna
On Fri, Jan 27, 2017 at 11:10:46AM -0800, Johanna Amann wrote:
> Hi Jon,
>
> On Wed, Jan 25, 2017 at 02:23:57AM +, Siwek, Jon wrote:
> > bro-pkg 1.0 is now o
ir) + ':' + bropath
TypeError: coercing to Unicode: need string or buffer, NoneType found
The same happens with your bro-test-package.
Is there anything obvious that I am doing wrong?
Johanna
On Fri, Jan 27, 2017 at 11:14:18AM -0800, Johanna Amann wrote:
> Ah, and if you remember
And as a followup - this happens because Bro was not in the path.
This really should give a nicer error message though (or abort before
even trying to install).
Johanna
On 27 Jan 2017, at 11:34, Johanna Amann wrote:
> And - second followup - this time I think I am doing things right t
On Fri, Feb 10, 2017 at 11:51:08AM -0600, Vlad Grigorescu wrote:
> What do people think about splitting up portions of init-bare into separate
> files, and having init-bare simply @load those files? Right now, it's a
> 4500+ line script that keeps growing, and it commonly results in conflicts.
>
>
>> 1493427133.170419 Reporter::ERROR incompatible hashers in
>> BasicBloomFilter merge (empty) -
>
>> Not sure if the error is because an opaque of bloomfilter cannot be
>> sent over worker2manager_events and manager2worker_events or if I am
>> doing something not quite right.
>
> Bloom fil
Looking over Changes, there is nothing that I am especially concerned
about at a cursory glance.
Johanna
On Fri, May 12, 2017 at 05:08:51PM -0400, Seth Hall wrote:
>
> > On May 12, 2017, at 4:34 PM, Robin Sommer wrote:
> >
> > I just went through the CHANGES since 2.5 and
> > I can see snapsh
Use "in":
if ("my_dynamic_name" in mytable)
Johanna
On 8 Aug 2017, at 11:04, Reinhard Gentz wrote:
> Hi,
>
> I would like to check if a certain table element exists and then take
> corresponding action like the following:
>
> if (exists(mytable["my_dynamic_name"]))
> do something
> else
>
Hello bro-dev,
in this email I want to get feedback on a possible syntax for the configuration
framework. The aim of the configuration framework is to provide an easy method
for Bro users and script writers to change configuration options during the
runtime of Bro (as opposed to only on startup as
> Could the definition be
>
> const filter = “ip” &config;
>
> if you just wanted to use NameSpace::filter ? That kinda seems like the best
> of both worlds… Especially if anything marked &redef was automatically
> registered as a configuration variable.
technically - yes. Though I am not qui
On Wed, Sep 20, 2017 at 10:00:33PM -0500, Daniel Thayer wrote:
> On 9/20/17 5:24 PM, Johanna Amann wrote:
> > advantages or disadvantages. One idea is to have a different syntax to
> > define
> > the configuration option. Instead of
> >
> > const filter
On Thu, Sep 21, 2017 at 08:22:23AM -0700, Robin Sommer wrote:
> > comments. Like Jan, I had a hard time understanding the benefit having
> > two names for the same value: the identifier and config string.
>
> Yeah, that's been my original concern as well. What if we focused that
> new attribute ju
On Thu, Sep 21, 2017 at 02:57:31PM +, Siwek, Jon wrote:
>
> > I'm not sure how exposing something like "input.pcap.filter" is any
> > different from exposing something like "Pcap::filter" from that standpoint.
> > Maybe there's a larger discussion here around what the user experience
> > s
On 21 Sep 2017, at 9:10, Siwek, Jon wrote:
>> On Sep 21, 2017, at 10:37 AM, Johanna Amann
>> wrote:
>>
>> The only thing that I would like to avoid (which is obviously
>> separate
>> from this) is internally remapping variable names to configuration
&g
> I think that it's important to have this behavior come with a reasonable
> default. I think that whatever we choose should just work out of the box.
> For example, I think the existing construct should continue to work:
>
> > const user_name: string &redef
I agree; note that what I proposed pre
hing like this (similar to what has been said
> already):
>
> module Foo;
>
> export {
>
> ## The username for our new feature.
> ##
> ## Display: User Name
> option user_name: string;
>
> }
>
> And we could even star
> On Fri, Oct 06, 2017 at 16:53 +, you wrote:
>
> > # contains topic prefixes
> > const Cluster::manager_subscriptions: set[string] &redef;
> >
> > # contains (topic string, event name) pairs
> > const Cluster::manager_publications: set[string, string] &redef;
>
> I'm wonderi
> Script-Author Example Usage
> ---
>
> # Script author that wants to utilize data stores doesn't have to be aware of
> # whether user is running a cluster or if they want to use persistent storage
> # backends.
>
> const Software::tracked_store_name = "bro/framework/softw
Hello everyone,
the branch topic/johanna/config contains an implementation of the
configuration framework as it was discussed in an earlier thread on this
list. GitHub link: https://github.com/bro/bro/compare/topic/johanna/config
The implementation is basically what we discussed in the earlier th
> 1. Thinking of handlers that may change values and are associated with a
> priority, hooks come to my mind (e.g. Intel::extend_match). Are
> functions preferable compared to hooks here?
In this case - yes. The problem with hooks is that they cannot return a
value, which is used here to let use
On 30 Nov 2017, at 10:22, Jan Grashöfer wrote:
> On 30/11/17 19:01, Johanna Amann wrote:
>>> 1. Thinking of handlers that may change values and are associated
>>> with a
>>> priority, hooks come to my mind (e.g. Intel::extend_match). Are
>>> functions pref
> > think of that. I honestly also never liked modifying the values that are
> > passed in arguments; this is for example also theoretically possible for
> > events, but something that we have avoided to use in practice so far.
>
> Yeah, and it also won't work for atomic values, at least not sin
On 7 Dec 2017, at 14:56, Azoff, Justin S wrote:
>> On Dec 7, 2017, at 5:22 PM, Johanna Amann
>> wrote:
>
>> Indeed, that is my thought. This seems like a job for broker, instead
>> of trying to somehow force this into a complex ascii-representation.
>>
>&
> I don't think skipping "async" this would be a big deal for anything,
> as the cases where the new behaviour may actually lead to significant
> differences should be rare.
After pondering this for a while I am a bit afraid that skipping async
completely might lead to quite hard to debug problems
Hi,
I am going to delete these (merged) branches thursday, unless someone
feels especially attached to them:
topic/dnthayer/ticket1821
topic/dnthayer/ticket1836
topic/dnthayer/ticket1863
topic/jazoff/contentline-limit
topic/jazoff/fix-gridftp
topic/jazoff/fix-intel-error
topic/jazof
This is done.
Johanna
On 30 Jan 2018, at 15:36, Johanna Amann wrote:
> Hi,
>
> I am going to delete these (merged) branches thursday, unless someone
> feels especially attached to them:
>
> topic/dnthayer/ticket1821
> topic/dnthayer/ticket1836
> topic/dnthayer/tic
Hi Martina,
you have picked out one of the more confusing parts of Bro to look at. The
logging code is sadly quite complex - mostly because it has to handle a
lot of different cases.
On Fri, Feb 02, 2018 at 04:33:55PM +, Martina Balintova wrote:
> Hi,
> Here are 2 questions, one about usage o
I just wanted to quickly chime in here to say that I generally like the
idea of having these contexts. I have no idea how complex it would be to
implement something like this, but that seems like it might be a
relatively clean solution to our problem :)
Johanna
On Tue, Jan 30, 2018 at 07:38:42AM
On 13 Feb 2018, at 7:44, Robin Sommer wrote:
> On Thu, Feb 08, 2018 at 10:01 -0800, Johanna wrote:
>
>> I just wanted to quickly chime in here to say that I generally like
>> the
>> idea of having these contexts.
>
> Sounds like we all like that idea. Now the question is if we want to
> wait fo
On 13 Feb 2018, at 8:36, Seth Hall wrote:
> On 13 Feb 2018, at 11:31, Robin Sommer wrote:
>
>> We could even go a step further and compile CAF statically into
>> libbroker, so that in the end from a user's perspective all they deal
>> with is Broker: if they link against it, they get everything
s.x509.signed_certificate_timestamp
>
> - Jon
>
> On Fri, Feb 16, 2018 at 12:53 PM, Johanna Amann
> wrote:
>> Repository : ssh://g...@bro-ids.icir.org/bro
>> On branch : master
>> Link :
>> https://github.com/bro/bro/co
This is fixed - thanks again for pointing it out.
Johanna
On 18 Feb 2018, at 19:52, Johanna Amann wrote:
> Sorry about that - I ran the SSL tests but forgot the x.509 tests.
>
> I will fix that by tuesday at the very latest. (At the moment I have a
> bit spotty Internet)
>
>
Hi Justin,
> How is the Configuration framework intended to be used on a cluster?
It is intended to read the configuration on the manager node; events
then should be used internally to distribute the data to all other
nodes.
And you are right - that is something that is completely missing at t
Hi,
I will be updating the Bro git/webserver. There might be intermittent
outages in the next few hours (mostly of git - the webserver should
automatically fail over).
Johanna
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mai
After a brief fight with httpd (the old config file did not work without
changes), everything seems to be up and working again.
Please let me know if you notice/encounter any problems.
Johanna
On Thu, Apr 19, 2018 at 11:41:33AM -0700, Johanna Amann wrote:
> Hi,
>
> I will be updatin
Hi Aashish,
This changed with Bro 2.5.1. To quote NEWS:
- The input framework's Ascii reader is now more resilient. If an input
is marked to reread a file when it changes and the file didn't exist
during a check Bro would stop watching the file in previous versions.
The same could happen
Trying this I noticed a few things (ordered by urgency from my point of
view).
With this change, we Bro cannot be compiled out of the Box on
RedHat/Centos 7 anymore. Since that is the latest release of RedHat and
probably used in production by quite a few people a potentially
significant amoun
On 26 Apr 2018, at 14:05, Jon Siwek wrote:
> On 4/26/18 2:04 PM, Johanna Amann wrote:
>
>> With this change, we Bro cannot be compiled out of the Box on
>> RedHat/Centos 7 anymore. Since that is the latest release of RedHat
>> and probably used in production
On 26 Apr 2018, at 14:04, Vern Paxson wrote:
> In implementing bitwise operations for counts (now pretty much done!),
> I found that Bro's internals actually support "||" and "&&" operators
> for
> patterns:
>
> p1 || p2returns a pattern that matches either p1 or p2
> p1 &&
On Thu, Apr 26, 2018 at 01:43:53PM -0700, Vern Paxson wrote:
> > A nice thing about "add" and "delete" for sets is that you can infer the
> > I do also notice that you had "s + e" in the proposal and not "v + e".
> > Isn't that weird by the same logic or is it just an accidental omission?
>
> Th
On Thu, Apr 26, 2018 at 09:29:24AM -0700, Vern Paxson wrote:
> > Just one more thing still: I'm actually feeling pretty strongly
> > against having multiple different operators for the same operation
> > (set union, set addition/removal).
>
> I'm fine with removing "add" and "delete" for sets! (B
On 30 Apr 2018, at 11:13, Robin Sommer wrote:
> On Mon, Apr 30, 2018 at 07:10 -0700, you wrote:
>
>> Okay, I can live with this as long as '|' and '-' support add-to-set and
>> remove-from-set. But I think those have to work, given we'll enable them
>> for operations on two sets.
>
> Well, my
On 27 Apr 2018, at 8:55, Robin Sommer wrote:
> On Thu, Apr 26, 2018 at 16:54 -0500, you wrote:
>
>> (1) Users whose OS has insufficient CMake will need to compile/obtain
>> a newer one.
>
>> (2) We go back to CMake 2.8.12 and have people compile CAF
>> themselves.
>> (Or maybe we could condit
On 3 May 2018, at 14:20, Jon Siwek wrote:
> On 5/2/18 9:59 AM, Johanna Amann wrote:
>
>>>> (3) I need to try to hack our CMake system more to try to get back
>>>> down
>>>> to 2.8.12 while still being able to embed CAF.
>
> I think (hope!)
> What do people think? Any support, or concerns?
I am in favor. The only thing I would miss are the immediate change
notifications by email - I really like those...
Johanna
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mail
I am also more in favor of starting clean and manually letting people
move tickets that they think are important over.
But - currently there is a lot in the tracker that are nice to have or
potential problems that I do not ever see getting addressed.
Johanna
On 18 May 2018, at 9:17, Slagell, A
>
> Unfortunatly, to use "stringstream" I will have to include the
> header file. Is this possible to do in plugin functions?
>
Sure, plugins include libraries/other headers/etc. all the time.
Johanna
___
bro-dev mailing list
bro-dev@bro.org
http://ma
Hi,
the main bro server will go down for system upgrades a bit. This should
mostly affect the git server, the webpage should stay accessible.
I will write another email once I am done.
Johanna
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.ics
This is done, please let me know if you encounter any problems.
Johanna
On Thu, May 31, 2018 at 08:13:04AM -0700, Johanna Amann wrote:
> Hi,
>
> the main bro server will go down for system upgrades a bit. This should
> mostly affect the git server, the webpage should stay access
Hum. Would it make sense to introduce a test that checks all
script-files for non-ascii-characters?
I can so see that happening again...
Johanna
On 2 Jun 2018, at 1:57, Seth Hall wrote:
> Repository : ssh://g...@bro-ids.icir.org/bro
> On branch : master
> Link :
> https://github.com/br
I think I like these, the only small concern I have is...
> (2) A notion of "logarithmic counts" for history events: for certain
> events ('C' = checksum, 'T' = retransmission, and 'W' = zero window)
> the count is repeated on the 10th/100th/1000th/etc. occurrence. So a
> history valu
On 15 Jun 2018, at 14:40, Azoff, Justin S wrote:
>> On Jun 2, 2018, at 12:49 PM, Johanna Amann wrote:
>>
>> Hum. Would it make sense to introduce a test that checks all
>> script-files for non-ascii-characters?
>>
>> I can so see that happening again...
&g
On Tue, Jun 19, 2018 at 11:21:10AM -0700, Vern Paxson wrote:
> In working on adding bitwise &/| operators for counts, I've come across
> apparently undocumented && and || operators for patterns:
>
> p1 && p2 yields a pattern that matches a p1 followed by a p2
> p1 || p2 yields a patter
> (3) Implement "v += e" to mean "append the element e to the vector v".
Do we want to do this now, or should we potentially wait a release-cycle
with it (to prevent the situation where v + e and v+= e means something
different).
Looking at the emails I am generally not 100% sure if we reached co
> If there actually is no (longer) problems with concatenating patterns
> at run-time, I'd agree to deprecate.
>
> I'm imagine it existed because there was such a problem with
> dynamically creating patterns at run-time, but don't know/remember
> what it was.
>
Now that you mention it - yes, the
On Sun, Jun 24, 2018 at 07:07:06PM -0700, Vern Paxson wrote:
> s1 == s2 iff both sets have exactly the same members
>
> s1 < s2 iff every element in s1 is in s2, but s2 has some
> elements not in s1
[...]
> Any concerns with adding these too?
I actually hav
On Fri, Jun 29, 2018 at 08:58:25AM -0700, Vern Paxson wrote:
> This in fact suggests we could implement record equality by converting the
> records to hash indices and then comparing those.
Oh, neat. If that actually works in all cases (so also with records of
records, etc) I would be totally on b
On Fri, Jun 29, 2018 at 12:00:30PM -0700, Vern Paxson wrote:
> Once I wound up monkeying around with the internals of the pattern-matching
> code (to fix leaks, because Johanna [correctly] pushed back on adding the
> &/| operators for general use if they leaked, which an old ticket indicated
> they
On Fri, Jun 29, 2018 at 12:26:34PM -0700, Vern Paxson wrote:
> > Just so I have this right: it looks like the preferred would not be
> > /(?i foo)/ but rather /(?i)foo/, yes?
>
> Oh and to follow up on this, so in PCRE does /x((?i)bar)foo/ make the "foo"
> part case-insensitive too, or not? It's
Hi Jim,
On 16 Aug 2018, at 13:40, Jim Mellander wrote:
> It would be most convenient if the 'any' type could defer type
> checking
> until runtime at the script level.
>
> For instance, if both A & B are defined as type 'any', a compile time
> error
>
> "illegal comparison (A < B)"
>
> occurs u
Hi,
when I go to tracker.bro.org, the top-right box (Filter result) for me
shows:
"The filter configured for this gadget could not be retrieved. Please
verify it is still valid on the issue navigator.". This seems to be
independent of Browser. I think this used to show the merge-requests.
Can so
ste it because the @if-statement is complex enough that
you will not come up with it yourself easily...
Johanna
On 29 Aug 2018, at 8:13, Jon Siwek wrote:
> On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann
> wrote:
>
>> + If you use these events, you can make your scripts work on old
Sorry, yup.
Johanna
On 29 Aug 2018, at 9:10, Azoff, Justin S wrote:
>> On Aug 29, 2018, at 12:02 PM, Johanna Amann wrote:
>>
>> @if ( version <= 2.6)
>> event 2.5-event
>> @else
>> event 2.6-event
>> @endif
>>
>> breaks with 2.
To pick up the idea that you mentioned before - do we also want to make
the new policy/protocols/smb/__load__.bro trigger a reporter warning
that it is deprecated?
Johanna
On 30 Aug 2018, at 14:07, Jonathan Siwek wrote:
> Repository : ssh://g...@bro-ids.icir.org/bro
> On branch : master
> Lin
Hi Craig,
I actually recently started working on this, however I am did not quite
look at what you want.
There already is a branch called topic/johanna/static, which now makes
--build-static(-only) work for broker whan CAF is built statically - it
does not yet pass the static flags through to bro
it from
somewhere make sure that you actually have that commit in the branch)
Johanna
On Thu, Dec 06, 2018 at 07:01:25AM -0800, Johanna Amann wrote:
> Hi Craig,
>
> I actually recently started working on this, however I am did not quite
> look at what you want.
>
> There a
itories are currently being migrated; if you pull it from
> somewhere make sure that you actually have that commit in the branch)
>
> Johanna
>
> On Thu, Dec 06, 2018 at 07:01:25AM -0800, Johanna Amann wrote:
> > Hi Craig,
> >
> > I actually recently started workin
1 - 100 of 512 matches
Mail list logo