e.g. improve formatting, descriptions, address any TODOs like the one about inserting URLs, etc.
As part of the switch to broker the hard limit of about 185 workers has been improved.
We went from using 5 file descriptors(1 socket and 4 pipes) per worker to 1 so adding 200 workers no longer breaks the select FD_SETSIZE.
This has come up a few times on the mailing list.
&synchronized is gone now right? It's not mentioned.
Yes, and no. Technically it's still there if one sets up connections
manually through the old communication system.
I made a finalization pass over NEWS. Anyone still feel free to review or make more suggestions though.
If you have any &synchronized left bro will complain about them and die with
fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions.
But I don't know what those actions are or where to set that flag. If that's easy to setup we should just provide a script someone can @load to fix it until the scripts are updated.
Fortunately there's only a few bro packages that use it:
{{./packages/dopheide_bro_notice_correlation/scripts/multi.bro
./packages/initconf_phish-analysis/scripts/smtp-malicious-indicators.bro
./packages/initconf_phish-analysis/scripts/smtp-thresholds.bro
./packages/initconf_phish-analysis/scripts/smtp-url-clicks.bro
./packages/initconf_scan-NG/scripts/check-knock.bro
./packages/initconf_scan-NG/scripts/check-port-knock.bro
./packages/initconf_smtp-url-analysis/scripts/smtp-malicious-indicators.bro
./packages/initconf_smtp-url-analysis/scripts/smtp-thresholds.bro
./packages/initconf_smtp-url-analysis/scripts/smtp-url-clicks.bro
./packages/joesecurity_Joe-Sandbox-Bro/scripts/joesandbox.bro
./packages/ncsa_bro-is-darknet/scripts/main.bro}}
I have the fix for my package, it's mostly Aashish that will be affected here.
Backward compatibility with the old communication system isn't trivial. The idea is that the error prevents "silent failure" situations, but the suggested action is to port the script to use Broker. Enabling use of the old comm. system isn't recommended, but the 'old_comm_usage_is_ok' will silence the error in cases where one actually does want to use it.
I'll extend the error to say "but the suggested action is to port your script to use the new Broker API", or else let me know what else would help clarify.