Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

notify on failures #1617

Merged
merged 3 commits into from
May 7, 2021
Merged

notify on failures #1617

merged 3 commits into from
May 7, 2021

Conversation

mason-fish
Copy link
Contributor

fixes #1616

Provides more information to users for two error cases:

Attempting to launch wireshark on an any conn record that has no 5-tuple information
image

Attempting to launch wireshark when no pcaps are found in the search
image

Signed-off-by: Mason Fish [email protected]

Signed-off-by: Mason Fish <[email protected]>
@mason-fish mason-fish requested a review from a team May 6, 2021 18:46
Copy link
Member

@jameskerr jameskerr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. I have one change request about checking for null.

@@ -177,10 +177,10 @@ export default class BrimcapPlugin {
// )

const tsString = ts.toString()
const dur = log.get("duration") as zed.Duration
const dur = log.try("duration") as zed.Duration
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Try can return null. In the returned object, check for null before calling isSet().

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

@mason-fish mason-fish May 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh wait I misunderstood, disregard last message. Just pushed a fix.

Signed-off-by: Mason Fish <[email protected]>
@philrz
Copy link
Contributor

philrz commented May 6, 2021

Nit: @mccanne has voiced a preference for writing "pcap" rather than "PCAP" because it's not strictly an acronym. And he's the guy who came up with libpcap, so I guess that carries some weight. 😉

@philrz
Copy link
Contributor

philrz commented May 6, 2021

For the "conn record that has no 5-tuple information" one, I might suggest this wording instead:

Flow's 5-tuple and/or time span was not found in the connection record

That is, in the current error message as written, just saying "log" doesn't give the user a whole lot of info to go on to understand if they're seeing a bug or they tried something that shouldn't have worked. I suppose if this came up a lot (which we don't expect it to) a Support article to link to would be justified (a more detailed explanation of how we index the pcap & then find stuff in it) but this'll do for now.

I also figured we might as well say "connection record" (as opposed to conn) in the abstract since it's theoretically possible we may enhance things in the future to use other summary logs to find the 5-tuple & time data (see brimdata/brimcap#72 (comment)).

Signed-off-by: Mason Fish <[email protected]>
@mason-fish mason-fish merged commit 086a7c7 into main May 7, 2021
@mason-fish mason-fish deleted the brimcap-no-pcap-notify branch May 7, 2021 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Brimcap-plugin: "pcap_support" replacement
3 participants