Finalize 2.6 NEWS release notes

Description

e.g. improve formatting, descriptions, address any TODOs like the one about inserting URLs, etc.

Environment

None

Activity

Show:
Justin Azoff
August 30, 2018, 6:20 AM

As part of the switch to broker the hard limit of about 185 workers has been improved.

We went from using 5 file descriptors(1 socket and 4 pipes) per worker to 1 so adding 200 workers no longer breaks the select FD_SETSIZE.

This has come up a few times on the mailing list.

&synchronized is gone now right? It's not mentioned.

Robin Sommer
August 30, 2018, 10:00 AM

Yes, and no. Technically it's still there if one sets up connections
manually through the old communication system.

Jon Siwek
September 1, 2018, 8:32 AM

I made a finalization pass over NEWS. Anyone still feel free to review or make more suggestions though.

Justin Azoff
September 1, 2018, 8:47 AM

If you have any &synchronized left bro will complain about them and die with

fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions.

But I don't know what those actions are or where to set that flag. If that's easy to setup we should just provide a script someone can @load to fix it until the scripts are updated.

Fortunately there's only a few bro packages that use it:

{{./packages/dopheide_bro_notice_correlation/scripts/multi.bro
./packages/initconf_phish-analysis/scripts/smtp-malicious-indicators.bro
./packages/initconf_phish-analysis/scripts/smtp-thresholds.bro
./packages/initconf_phish-analysis/scripts/smtp-url-clicks.bro
./packages/initconf_scan-NG/scripts/check-knock.bro
./packages/initconf_scan-NG/scripts/check-port-knock.bro
./packages/initconf_smtp-url-analysis/scripts/smtp-malicious-indicators.bro
./packages/initconf_smtp-url-analysis/scripts/smtp-thresholds.bro
./packages/initconf_smtp-url-analysis/scripts/smtp-url-clicks.bro
./packages/joesecurity_Joe-Sandbox-Bro/scripts/joesandbox.bro
./packages/ncsa_bro-is-darknet/scripts/main.bro}}

I have the fix for my package, it's mostly Aashish that will be affected here.

Jon Siwek
September 5, 2018, 12:14 AM

Backward compatibility with the old communication system isn't trivial. The idea is that the error prevents "silent failure" situations, but the suggested action is to port the script to use Broker. Enabling use of the old comm. system isn't recommended, but the 'old_comm_usage_is_ok' will silence the error in cases where one actually does want to use it.

I'll extend the error to say "but the suggested action is to port your script to use the new Broker API", or else let me know what else would help clarify.

Fixed

Assignee

Jon Siwek

Reporter

Jon Siwek

Labels

None

External issue ID

None

Components

Fix versions

Priority

Normal