diff --git a/CHANGES b/CHANGES index 96f33be5f3..3aa1c7e59a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,24 @@ +2.1-50 | 2012-10-02 12:06:08 -0700 + + * Fix a typing issue that prevented the ElasticSearch timeout to + work. (Matthias Vallentin) + + * Use second granularity for ElasticSearch timeouts. (Matthias + Vallentin) + + * Fix compile issues with older versions of libcurl, which don't + offer *_MS timeout constants. (Matthias Vallentin) + +2.1-47 | 2012-10-02 11:59:29 -0700 + + * Fix for the input framework: BroStrings were constructed without a + final \0, which makes them unusable by basically all internal + functions (like to_count). (Bernhard Amann) + + * Remove deprecated script functionality (see NEWS for details). + (Daniel Thayer) + 2.1-39 | 2012-09-29 14:09:16 -0700 * Reliability adjustments to istate tests with network diff --git a/NEWS b/NEWS index 09b38418c0..3b14f2c7ac 100644 --- a/NEWS +++ b/NEWS @@ -28,8 +28,9 @@ Changed Functionality make_connection_persistent(), generate_idmef(), split_complete() -- "this" is no longer a reserved keyword. +- Removed a now unused argument from "do_split" helper function. +- "this" is no longer a reserved keyword. Bro 2.1 ------- diff --git a/VERSION b/VERSION index 2f0d3d7c59..22b33d6bf8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-39 +2.1-50 diff --git a/cmake b/cmake index 2a72c5e08e..125f9a5fa8 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 2a72c5e08e018cf632033af3920432d5f684e130 +Subproject commit 125f9a5fa851381d0350efa41a4d14f27be263a2 diff --git a/scripts/base/frameworks/logging/writers/elasticsearch.bro b/scripts/base/frameworks/logging/writers/elasticsearch.bro index b0e8fac40e..1901759730 100644 --- a/scripts/base/frameworks/logging/writers/elasticsearch.bro +++ b/scripts/base/frameworks/logging/writers/elasticsearch.bro @@ -26,8 +26,10 @@ export { ## e.g. prefix = "bro\_" would create types of bro_dns, bro_software, etc. const type_prefix = "" &redef; - ## The time before an ElasticSearch transfer will timeout. - ## This is not working! + ## The time before an ElasticSearch transfer will timeout. Note that + ## the fractional part of the timeout will be ignored. In particular, time + ## specifications less than a second result in a timeout value of 0, which + ## means "no timeout." const transfer_timeout = 2secs; ## The batch size is the number of messages that will be queued up before diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 6eadb3aba8..83e9dc9bc5 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -2007,7 +2007,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) case TYPE_STRING: { - BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 0); + BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 1); return new StringVal(s); } diff --git a/src/logging/writers/ElasticSearch.cc b/src/logging/writers/ElasticSearch.cc index cb3248a044..ae825ac997 100644 --- a/src/logging/writers/ElasticSearch.cc +++ b/src/logging/writers/ElasticSearch.cc @@ -48,7 +48,7 @@ ElasticSearch::ElasticSearch(WriterFrontend* frontend) : WriterBackend(frontend) last_send = current_time(); failing = false; - transfer_timeout = BifConst::LogElasticSearch::transfer_timeout * 1000; + transfer_timeout = static_cast(BifConst::LogElasticSearch::transfer_timeout); curl_handle = HTTPSetup(); } @@ -373,8 +373,8 @@ bool ElasticSearch::HTTPSend(CURL *handle) // Some timeout options. These will need more attention later. curl_easy_setopt(handle, CURLOPT_NOSIGNAL, 1); - curl_easy_setopt(handle, CURLOPT_CONNECTTIMEOUT_MS, transfer_timeout); - curl_easy_setopt(handle, CURLOPT_TIMEOUT_MS, transfer_timeout*2); + curl_easy_setopt(handle, CURLOPT_CONNECTTIMEOUT, transfer_timeout); + curl_easy_setopt(handle, CURLOPT_TIMEOUT, transfer_timeout); curl_easy_setopt(handle, CURLOPT_DNS_CACHE_TIMEOUT, 60*60); CURLcode return_code = curl_easy_perform(handle); diff --git a/src/logging/writers/ElasticSearch.h b/src/logging/writers/ElasticSearch.h index 0e88bf3e88..fef0a00ffd 100644 --- a/src/logging/writers/ElasticSearch.h +++ b/src/logging/writers/ElasticSearch.h @@ -68,7 +68,7 @@ private: string path; string index_prefix; - uint64 transfer_timeout; + long transfer_timeout; bool failing; uint64 batch_size; diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.basic/out b/testing/btest/Baseline/scripts.base.frameworks.input.basic/out index ebac1866b6..c456298062 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.input.basic/out +++ b/testing/btest/Baseline/scripts.base.frameworks.input.basic/out @@ -1,5 +1,5 @@ { -[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ +[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={ 2, 4, 1, @@ -12,3 +12,4 @@ BB }, vc=[10, 20, 30], ve=[]] } +4242 diff --git a/testing/btest/scripts/base/frameworks/input/basic.bro b/testing/btest/scripts/base/frameworks/input/basic.bro index df2ab676b8..faab303534 100644 --- a/testing/btest/scripts/base/frameworks/input/basic.bro +++ b/testing/btest/scripts/base/frameworks/input/basic.bro @@ -8,9 +8,9 @@ @TEST-START-FILE input.log #separator \x09 #path ssh -#fields b i e c p sn a d t iv s sc ss se vc ve f -#types bool int enum count port subnet addr double time interval string table table table vector vector func -T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} +#fields b i e c p sn a d t iv s sc ss se vc ve ns +#types bool int enum count port subnet addr double time interval string table table table vector vector string +T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242 @TEST-END-FILE @load base/protocols/ssh @@ -37,6 +37,7 @@ type Val: record { t: time; iv: interval; s: string; + ns: string; sc: set[count]; ss: set[string]; se: set[string]; @@ -57,6 +58,7 @@ event bro_init() event Input::update_finished(name: string, source:string) { print outfile, servers; + print outfile, to_count(servers[-42]$ns); # try to actually use a string. If null-termination is wrong this will fail. close(outfile); terminate(); }