From 76ea1823877677612e159c54edf1958898e7ceb2 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 26 Jul 2012 21:13:49 -0700
Subject: [PATCH 1/5] make want_record=T the default for events

---
 scripts/base/frameworks/input/main.bro                     | 2 +-
 testing/btest/scripts/base/frameworks/input/binary.bro     | 2 +-
 testing/btest/scripts/base/frameworks/input/event.bro      | 2 +-
 testing/btest/scripts/base/frameworks/input/executeraw.bro | 2 +-
 testing/btest/scripts/base/frameworks/input/raw.bro        | 2 +-
 testing/btest/scripts/base/frameworks/input/rereadraw.bro  | 2 +-
 testing/btest/scripts/base/frameworks/input/streamraw.bro  | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/base/frameworks/input/main.bro b/scripts/base/frameworks/input/main.bro
index c31f92dba5..7f015402bc 100644
--- a/scripts/base/frameworks/input/main.bro
+++ b/scripts/base/frameworks/input/main.bro
@@ -84,7 +84,7 @@ export {
 
 		## If want_record if false (default), the event receives each value in fields as a seperate argument.
 		## If it is set to true, the event receives all fields in a signle record value.
-		want_record: bool &default=F;
+		want_record: bool &default=T;
 
 		## The event that is rised each time a new line is received from the reader.
 		## The event will receive an Input::Event enum as the first element, and the fields as the following arguments.
diff --git a/testing/btest/scripts/base/frameworks/input/binary.bro b/testing/btest/scripts/base/frameworks/input/binary.bro
index 86e02196b5..ce7f66a01d 100644
--- a/testing/btest/scripts/base/frameworks/input/binary.bro
+++ b/testing/btest/scripts/base/frameworks/input/binary.bro
@@ -51,6 +51,6 @@ event bro_init()
 	{
 	try = 0;
 	outfile = open("../out");
-	Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]);
+	Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
 	Input::remove("input");
 	}
diff --git a/testing/btest/scripts/base/frameworks/input/event.bro b/testing/btest/scripts/base/frameworks/input/event.bro
index f07ca0c43e..d0088472e7 100644
--- a/testing/btest/scripts/base/frameworks/input/event.bro
+++ b/testing/btest/scripts/base/frameworks/input/event.bro
@@ -49,6 +49,6 @@ event bro_init()
 	{
 	try = 0;
 	outfile = open("../out");
-	Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]);
+	Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
 	Input::remove("input");
 	}
diff --git a/testing/btest/scripts/base/frameworks/input/executeraw.bro b/testing/btest/scripts/base/frameworks/input/executeraw.bro
index 222b4256d1..626b9cdfd2 100644
--- a/testing/btest/scripts/base/frameworks/input/executeraw.bro
+++ b/testing/btest/scripts/base/frameworks/input/executeraw.bro
@@ -37,6 +37,6 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
 event bro_init()
 	{
 	outfile = open("../out.tmp");
-	Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]);
+	Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F]);
 	Input::remove("input");
 	}
diff --git a/testing/btest/scripts/base/frameworks/input/raw.bro b/testing/btest/scripts/base/frameworks/input/raw.bro
index cb19213173..d15aec22bb 100644
--- a/testing/btest/scripts/base/frameworks/input/raw.bro
+++ b/testing/btest/scripts/base/frameworks/input/raw.bro
@@ -44,6 +44,6 @@ event bro_init()
 	{
 	try = 0;
 	outfile = open("../out");
-	Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
+	Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F]);
 	Input::remove("input");
 	}
diff --git a/testing/btest/scripts/base/frameworks/input/rereadraw.bro b/testing/btest/scripts/base/frameworks/input/rereadraw.bro
index 1051351c2b..2fdcdc8f9e 100644
--- a/testing/btest/scripts/base/frameworks/input/rereadraw.bro
+++ b/testing/btest/scripts/base/frameworks/input/rereadraw.bro
@@ -44,7 +44,7 @@ event bro_init()
 	{
 	try = 0;
 	outfile = open("../out");
-	Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]);
+	Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line, $want_record=F]);
 	Input::force_update("input");
 	Input::remove("input");
 	}
diff --git a/testing/btest/scripts/base/frameworks/input/streamraw.bro b/testing/btest/scripts/base/frameworks/input/streamraw.bro
index a6aba88c5f..3bc06f7dea 100644
--- a/testing/btest/scripts/base/frameworks/input/streamraw.bro
+++ b/testing/btest/scripts/base/frameworks/input/streamraw.bro
@@ -58,5 +58,5 @@ event bro_init()
 	{
 	outfile = open("../out");
 	try = 0;
-	Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
+	Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F]);
 	}

From f02ed65878b81dfde81c2483887223bab99ad2e8 Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Thu, 26 Jul 2012 21:51:29 -0700
Subject: [PATCH 2/5] Fix crash when encountering an InterpreterException in a
 predicate in logging or input Framework.

Inputframework: did not contain any error handling for this case.

Logging framework: tried to catch the interpreter-exception. However the exception already was caught
by the call-function and not propagated. Instead, call returns a 0-pointer in this case, which
lead to a segmentation fault.
---
 src/input/Manager.cc   |  9 ++++++---
 src/logging/Manager.cc | 21 ++++++---------------
 2 files changed, 12 insertions(+), 18 deletions(-)

diff --git a/src/input/Manager.cc b/src/input/Manager.cc
index 40e3c413bb..d278933125 100644
--- a/src/input/Manager.cc
+++ b/src/input/Manager.cc
@@ -1544,7 +1544,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
 
 bool Manager::CallPred(Func* pred_func, const int numvals, ...)
 	{
-	bool result;
+	bool result = false;
 	val_list vl(numvals);
 
 	va_list lP;
@@ -1555,8 +1555,11 @@ bool Manager::CallPred(Func* pred_func, const int numvals, ...)
 	va_end(lP);
 
 	Val* v = pred_func->Call(&vl);
-	result = v->AsBool();
-	Unref(v);
+	if ( v ) 
+		{
+		result = v->AsBool();
+		Unref(v);
+		}
 
 	return(result);
 	}
diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index b1b289a478..6729ec24d2 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -686,16 +686,13 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 
 			int result = 1;
 
-			try
+			Val* v = filter->pred->Call(&vl);
+			if ( v ) 
 				{
-				Val* v = filter->pred->Call(&vl);
 				result = v->AsBool();
 				Unref(v);
 				}
 
-			catch ( InterpreterException& e )
-				{ /* Already reported. */ }
-
 			if ( ! result )
 				continue;
 			}
@@ -726,12 +723,9 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 
 			Val* v = 0;
 
-			try
-				{
-				v = filter->path_func->Call(&vl);
-				}
+			v = filter->path_func->Call(&vl);
 
-			catch ( InterpreterException& e )
+			if ( !v )
 				{
 				return false;
 				}
@@ -1381,16 +1375,13 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
 
 	int result = 0;
 
-	try
+	Val* v = func->Call(&vl);
+	if ( v ) 
 		{
-		Val* v = func->Call(&vl);
 		result = v->AsBool();
 		Unref(v);
 		}
 
-	catch ( InterpreterException& e )
-		{ /* Already reported. */ }
-
 	return result;
 	}
 

From a3798070da5dbfd95469c784a6fcae5efdf8203a Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Fri, 27 Jul 2012 07:33:04 -0700
Subject: [PATCH 3/5] update input framework documentation to reflect
 want_record change.

---
 scripts/base/frameworks/input/main.bro | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/base/frameworks/input/main.bro b/scripts/base/frameworks/input/main.bro
index 7f015402bc..55da6ae7ec 100644
--- a/scripts/base/frameworks/input/main.bro
+++ b/scripts/base/frameworks/input/main.bro
@@ -82,11 +82,11 @@ export {
 		## Record describing the fields to be retrieved from the source input.
 		fields: any;
 
-		## If want_record if false (default), the event receives each value in fields as a seperate argument.
-		## If it is set to true, the event receives all fields in a signle record value.
+		## If want_record if false, the event receives each value in fields as a separate argument.
+		## If it is set to true (default), the event receives all fields in a single record value.
 		want_record: bool &default=T;
 
-		## The event that is rised each time a new line is received from the reader.
+		## The event that is raised each time a new line is received from the reader.
 		## The event will receive an Input::Event enum as the first element, and the fields as the following arguments.
 		ev: any;
 

From 2a9993619f6637ac6afcb8a6e4fd3afcba34a676 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 27 Jul 2012 13:49:49 -0400
Subject: [PATCH 4/5] Script-level rotation postprocessor fix.

- This fixes a problem with writers that don't have a
  postprocessor.  Jon is still looking into the rotation
  problem in the core.
---
 scripts/base/frameworks/logging/main.bro | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro
index 79c9884f9d..db79324d0d 100644
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@@ -341,8 +341,9 @@ function __default_rotation_postprocessor(info: RotationInfo) : bool
 	{
 	if ( info$writer in default_rotation_postprocessors )
 		return default_rotation_postprocessors[info$writer](info);
-
-	return F;
+	else
+		# Return T by default so that postprocessor-less writers don't shutdown.
+		return T;
 	}
 
 function default_path_func(id: ID, path: string, rec: any) : string

From 76520645bb6e134e28adab59d9af93129150db3f Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 27 Jul 2012 13:51:03 -0400
Subject: [PATCH 5/5] Small (potential performance) improvement for logging
 framework.

---
 scripts/base/frameworks/logging/main.bro | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro
index db79324d0d..c29215fd86 100644
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@@ -348,16 +348,16 @@ function __default_rotation_postprocessor(info: RotationInfo) : bool
 
 function default_path_func(id: ID, path: string, rec: any) : string
 	{
+	# The suggested path value is a previous result of this function
+	# or a filter path explicitly set by the user, so continue using it.
+	if ( path != "" )
+		return path;
+
 	local id_str = fmt("%s", id);
 
 	local parts = split1(id_str, /::/);
 	if ( |parts| == 2 )
 		{
-		# The suggested path value is a previous result of this function
-		# or a filter path explicitly set by the user, so continue using it.
-		if ( path != "" )
-			return path;
-
 		# Example: Notice::LOG -> "notice"
 		if ( parts[2] == "LOG" )
 			{