server initiated restore with regex not working on burp 2.0.48

[pablodav]

Hello Graham,

I think I found an issue when testing restore from server initiated, same happens on original cliente and in a different client using restore_client.

Restore that works:
from command line.

C:\Program Files\Burp>bin\burp.exe -a r -b 31 -r "^C\:\/Users\/user1\/Documents\/log\.txt$"
2016-10-25 14:03:21: bin\burp.exe[10416] C:\Program Files/Burp/burp.conf: status_port unset
2016-10-25 14:03:21: bin\burp.exe[10416] auth ok
2016-10-25 14:03:21: bin\burp.exe[10416] Server version: 2.0.48
2016-10-25 14:03:21: bin\burp.exe[10416] nocsr ok
2016-10-25 14:03:21: bin\burp.exe[10416] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-25 14:03:21: bin\burp.exe[10416] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=1:
2016-10-25 14:03:22: bin\burp.exe[10416] Server is forcing protocol 1
2016-10-25 14:03:22: bin\burp.exe[10416] doing restore 31:^C\:\/Users\/user1\/Documents\/log\.txt$
2016-10-25 14:03:22: bin\burp.exe[10416] doing restore confirmed

f 1

--------------------------------------------------------------------------------
Start time: 2016-10-25 14:03:21
  End time: 2016-10-25 14:03:23
Time taken: 00:02
                             Attempted | Expected
                   ------------------------------
             Files:                  1 |        1
       Grand total:                  1 |        1
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:        714862 (698.11 KB)
      Bytes attempted:             0
       Bytes received:        170788 (166.79 KB)
           Bytes sent:           624
--------------------------------------------------------------------------------
2016-10-25 14:03:23: bin\burp.exe[10416] restore finished

Restore that doesn't works:
from server initiated restore:

2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] C:\Program Files/Burp/burp.conf: status_port unset
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] auth ok
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] Server version: 2.0.48
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] nocsr ok
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] Server wants to initiate a restore
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] Client accepts.
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] Restore settings:
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] backup = '34'
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] overwrite = 1
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] strip = 0
2016-10-25 14:01:44: C:\Program Files\burp\bin\burp.exe[11532] regex = '^C\:\/Users\/user1\/Documents\/log\.txt$'
2016-10-25 14:01:45: C:\Program Files\burp\bin\burp.exe[11532] Server is forcing protocol 1
2016-10-25 14:01:45: C:\Program Files\burp\bin\burp.exe[11532] doing restore 34:^C\:\/Users\/user1\/Documents\/log\.txt$
2016-10-25 14:01:45: C:\Program Files\burp\bin\burp.exe[11532] doing restore confirmed


--------------------------------------------------------------------------------
Start time: 2016-10-25 14:01:44
  End time: 2016-10-25 14:01:45
Time taken: 00:01
                             Attempted | Expected
                   ------------------------------
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:             0
      Bytes attempted:             0
       Bytes received:          1285 (1.25 KB)
           Bytes sent:           635
--------------------------------------------------------------------------------
2016-10-25 14:01:45: C:\Program Files\burp\bin\burp.exe[11532] restore finished

From client on server:

2016-10-25 14:12:16: burp[28055] auth ok
2016-10-25 14:12:16: burp[28055] Server version: 2.0.48
2016-10-25 14:12:16: burp[28055] nocsr ok
2016-10-25 14:12:16: burp[28055] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-25 14:12:16: burp[28055] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:counters_json:msg:forceproto=1:
2016-10-25 14:12:16: burp[28055] Server wants to initiate a restore
2016-10-25 14:12:16: burp[28055] Client accepts.
2016-10-25 14:12:16: burp[28055] Restore settings:
2016-10-25 14:12:16: burp[28055] orig_client = 'client1'
2016-10-25 14:12:16: burp[28055] backup = '34'
2016-10-25 14:12:16: burp[28055] overwrite = 1
2016-10-25 14:12:16: burp[28055] strip = 0
2016-10-25 14:12:16: burp[28055] restoreprefix = '/tmp'
2016-10-25 14:12:16: burp[28055] regex = '^C\:\/Users\/user1\/Documents\/log\.txt$'
2016-10-25 14:12:16: burp[28055] Switched to client client1
2016-10-25 14:12:16: burp[28055] Server is forcing protocol 1
2016-10-25 14:12:16: burp[28055] doing restore 34:^C\:\/Users\/user1\/Documents\/log\.txt$
2016-10-25 14:12:16: burp[28055] doing restore confirmed

2016-10-25 14:12:20: burp[28055] restore finished

Could be something wrong with parameters used to compile on server? Or could be a bug?

Parameters used to compile:

./configure --prefix=/usr --sysconfdir=/etc/burp --localstatedir=/var

from: https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/tasks/build-burp.yml

Hope this could help in some way.
Thanks for all what is done and all the efforts you are doing every day!

Pablo.

[pablodav]

One additional note:

• trying from command with -C client1 and same settings on different client also works.

[grke]

Hello,
It looks to me like the file isn't in backup number 34.
Have you tried doing a 'burp -a l -r (regex)' to see if it matches?

[pablodav]

Hello,

I have tried with 34 and 31 in server initiated restore.

first test:

cat restore
backup = 31
regex = ^C\:\/Users\/user1\/Documents\/log\.txt$

2016-10-25 22:18:57: bin\burp.exe[10708] burp.conf: status_port unset
2016-10-25 22:18:58: bin\burp.exe[10708] auth ok
2016-10-25 22:18:58: bin\burp.exe[10708] Server version: 2.0.48
2016-10-25 22:18:58: bin\burp.exe[10708] nocsr ok
2016-10-25 22:18:58: bin\burp.exe[10708] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-25 22:18:58: bin\burp.exe[10708] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-10-25 22:18:58: bin\burp.exe[10708] Server wants to initiate a restore
2016-10-25 22:18:58: bin\burp.exe[10708] Client accepts.
2016-10-25 22:18:58: bin\burp.exe[10708] Restore settings:
2016-10-25 22:18:58: bin\burp.exe[10708] backup = '31'
2016-10-25 22:18:58: bin\burp.exe[10708] overwrite = 0
2016-10-25 22:18:58: bin\burp.exe[10708] strip = 0
2016-10-25 22:18:58: bin\burp.exe[10708] regex = '^C\:\/Users\/user1\/Documents\/log\.txt$'
2016-10-25 22:18:58: bin\burp.exe[10708] Server is forcing protocol 1
2016-10-25 22:18:58: bin\burp.exe[10708] doing restore 31:^C\:\/Users\/user1\/Documents\/log\.txt$
2016-10-25 22:18:58: bin\burp.exe[10708] doing restore confirmed


--------------------------------------------------------------------------------
Start time: 2016-10-25 22:18:57
  End time: 2016-10-25 22:18:59
Time taken: 00:02
                             Attempted | Expected
                   ------------------------------
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:             0
      Bytes attempted:             0
       Bytes received:          1250 (1.22 KB)
           Bytes sent:           635
--------------------------------------------------------------------------------
2016-10-25 22:18:59: bin\burp.exe[10708] restore finished

Searching with same regex looks like it founds the file (also works if use -a r):

C:\Program Files\Burp>bin\burp.exe -a l -c burp.conf -r '^C\:\/Users\/user1\/Documents\/log\.txt$'
2016-10-25 22:19:59: bin\burp.exe[10860] burp.conf: status_port unset
2016-10-25 22:20:00: bin\burp.exe[10860] auth ok
2016-10-25 22:20:00: bin\burp.exe[10860] Server version: 2.0.48
2016-10-25 22:20:00: bin\burp.exe[10860] nocsr ok
2016-10-25 22:20:00: bin\burp.exe[10860] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-25 22:20:00: bin\burp.exe[10860] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=1:
2016-10-25 22:20:00: bin\burp.exe[10860] Server is forcing protocol 1
Backup: 0000015 2016-09-26 07:21:02 (deletable)
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000022 2016-10-05 17:40:06 (deletable)
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000028 2016-10-17 10:00:09 (deletable)
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000029 2016-10-18 10:20:09
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000030 2016-10-19 10:40:12 (deletable)
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000031 2016-10-20 10:44:43
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000032 2016-10-21 11:00:12
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000033 2016-10-24 07:40:14
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
Backup: 0000034 2016-10-25 08:00:06
With regex: 'C\:\/Users\/user1\/Documents\/log\.txt$'
2016-10-25 22:20:03: bin\burp.exe[10860] main socket: Peer closed SSL session
2016-10-25 22:20:03: bin\burp.exe[10860] List finished ok

second test works if server initiated restore with include = (path):

backup = 31
include = C:/Users/user1/Documents/log.txt

C:\Program Files\Burp>bin\burp.exe -a t -c burp.conf
2016-10-25 22:27:00: bin\burp.exe[10400] burp.conf: status_port unset
2016-10-25 22:27:01: bin\burp.exe[10400] auth ok
2016-10-25 22:27:01: bin\burp.exe[10400] Server version: 2.0.48
2016-10-25 22:27:01: bin\burp.exe[10400] nocsr ok
2016-10-25 22:27:01: bin\burp.exe[10400] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-25 22:27:01: bin\burp.exe[10400] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-10-25 22:27:01: bin\burp.exe[10400] Server wants to initiate a restore
2016-10-25 22:27:01: bin\burp.exe[10400] Client accepts.
2016-10-25 22:27:01: bin\burp.exe[10400] Restore settings:
2016-10-25 22:27:01: bin\burp.exe[10400] backup = '31'
2016-10-25 22:27:01: bin\burp.exe[10400] overwrite = 0
2016-10-25 22:27:01: bin\burp.exe[10400] strip = 0
2016-10-25 22:27:01: bin\burp.exe[10400] include = 'C:/Users/user1/Documents/log.txt'
2016-10-25 22:27:01: bin\burp.exe[10400] Server is forcing protocol 1
2016-10-25 22:27:02: bin\burp.exe[10400] doing restore 31:
2016-10-25 22:27:02: bin\burp.exe[10400] doing restore confirmed

f 1

--------------------------------------------------------------------------------
Start time: 2016-10-25 22:27:00
  End time: 2016-10-25 22:27:03
Time taken: 00:03
                             Attempted | Expected
                   ------------------------------
             Files:                  1 |        1
       Grand total:                  1 |        1
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:        714862 (698.11 KB)
      Bytes attempted:             0
       Bytes received:        170911 (166.91 KB)
           Bytes sent:           587
--------------------------------------------------------------------------------
2016-10-25 22:27:03: bin\burp.exe[10400] restore finished

[grke]

Hello,

In your '-a l' output above, it is not showing any found files. It is only outputting the names of the backups that it searched, but not showing any results.

I would make a shorter/simpler regex to try to match, like this:
burp.exe -a l -c burp.conf -r 'Documents/log.txt'

It will be most useful to look directly in the manifest of backups 31 and 34 to debug this.

Please use 'zless' to look at the manifests, and search for the entry for the file in 31 and 34, if the entries exist.
When you have found them, please paste them here.

Thank you.

[grke]

Issue #333 suggests adding a message when a regex matches no files - if I had implemented that, it would have helped your '-a l' a little bit.

[pablodav]

Hello Graham,

Thanks a lot for your responses.

I have been testing more with two servers and same files, and now I suspect the issue is something that could be related to fs performance.
Let me describe details to see if you suspect same thing.

First testing in two servers (server1 production, server2 test)

server1 doesn't find the file with -r regex (finds now with simpler regex after doing some changes in fs mount options)
server2 finds the file.

server1 is having much more disk usage and different filesystem (xfs)
server2 is only with one client and with ext4.

Load is higher normally but limited to 4 childrens in both.
Configuration is same for both.

For all I can see, I suspect that I need to use something like ext4 for burp and no other fs like I'm using now xfs?
I have choosen xfs only because it was default in new centos7, but I'm thinking now maybe need to define some well-known fs for burp.

The main reason why I think it's something related to fs or performance is about find command:

SERVER2 (test) find command:

time find /storage -name test.txt -type f
find: `/storage/burp/.ssh': Permission denied
/storage/burp/data/computer1/0000001 2016-09-09 14:34:03/data/t/c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000008 2016-10-26 08:04:54/data/t/c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/tmp/tmp6u0YLG/c:/Users/user1/Documents/Temporal/VIEJOS/test.txt

real    0m0.312s
user    0m0.032s
sys     0m0.040s

SERVER1 find command:

time find /storage -name test.txt -type f

• doesn't finish after more than 30 min....

/storage/burp/data/computer2/0000162 2016-10-18 18:24:07/data/t/C:/Users/user2/Documents/Documents/test.txt
/storage/burp/data/computer2/0000148 2016-09-14 12:08:13/data/t/C:/Users/user2/Documents/Documents/test.txt
/storage/burp/data/computer2/0000168 2016-10-28 14:03:04/data/t/C:/Users/user2/Documents/Documents/test.txt
/storage/burp/data/computer2/0000155 2016-09-30 13:28:12/data/t/C:/Users/user2/Documents/Documents/test.txt
^C
real    35m57.139s
user    0m7.188s
sys     0m35.152s

#### Only over my computer1: 

time find /storage/burp/data/computer1 -name test.txt -type f
/storage/burp/data/computer1/0000022 2016-10-05 17:40:06/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000035 2016-10-31 09:40:18/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000015 2016-09-26 07:21:02/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000029 2016-10-18 10:20:09/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt

real    4m45.808s
user    0m1.068s
sys     0m5.584s

Then reading more about xfs, I have noticed it:
http://xfs.org/docs/xfsdocs-xml-dev/XFS_User_Guide//tmp/en-US/html/ch05s05.html
Then I have done some changes in mount options at fstab.

And found some different results:

time find /storage/burp/data/computer1 -name test.txt -type f
/storage/burp/data/computer1/0000022 2016-10-05 17:40:06/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000035 2016-10-31 09:40:18/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000015 2016-09-26 07:21:02/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
/storage/burp/data/computer1/0000029 2016-10-18 10:20:09/data/t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt

real    1m17.947s
user    0m0.800s
sys     0m2.612s

After changing it I have seen that in SERVER1 simpler regex works:

C:\Program Files\Burp>bin\burp.exe -a l -c burp.conf -r "VIEJOS/test.txt
2016-10-31 15:06:21: bin\burp.exe[12968] burp.conf: status_port unset
2016-10-31 15:06:22: bin\burp.exe[12968] auth ok
2016-10-31 15:06:22: bin\burp.exe[12968] Server version: 2.0.48
2016-10-31 15:06:22: bin\burp.exe[12968] nocsr ok
2016-10-31 15:06:22: bin\burp.exe[12968] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(

2016-10-31 15:06:22: bin\burp.exe[12968] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:fo
2016-10-31 15:06:22: bin\burp.exe[12968] Server is forcing protocol 1
Backup: 0000015 2016-09-26 07:21:02 (deletable)
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000022 2016-10-05 17:40:06 (deletable)
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000029 2016-10-18 10:20:09 (deletable)
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000030 2016-10-19 10:40:12 (deletable)
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000031 2016-10-20 10:44:43
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000032 2016-10-21 11:00:12
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000033 2016-10-24 07:40:14
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000034 2016-10-25 08:00:06
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000035 2016-10-31 09:40:18
With regex: VIEJOS/test.txt
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-10-31 15:06:24: bin\burp.exe[12968] main socket: Peer closed SSL session
2016-10-31 15:06:24: bin\burp.exe[12968] List finished ok

But not the complex regex, that works on SERVER2. (test).

SERVER2 (test):

/storage/burp/data/computer1/0000034 2016-10-25 08:00:06# zless manifest.gz | grep -A 1 -e "VIEJOS/test.txt"
t0035t/c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
r0032A A IH/ B A A A O A A BUGxcH BM9p1D BUGaS2 A CAg J
f0033c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
x0024206:b8d944f1ba3adb9edb75f6c19cb3b8d9

C:\Program Files\Burp>bin\burp.exe -a l -c burp.conf -r "^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
2016-10-31 12:46:58: bin\burp.exe[8164] auth ok
2016-10-31 12:46:58: bin\burp.exe[8164] Server version: 2.0.48
2016-10-31 12:46:58: bin\burp.exe[8164] nocsr ok
2016-10-31 12:46:58: bin\burp.exe[8164] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(2

2016-10-31 12:46:58: bin\burp.exe[8164] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=
2016-10-31 12:46:58: bin\burp.exe[8164] Server is forcing protocol 1
Backup: 0000001 2016-09-09 14:34:03 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000002 2016-09-09 15:06:23 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000003 2016-09-09 15:10:22
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000004 2016-09-09 15:15:13
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000005 2016-09-09 15:17:33
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000006 2016-09-09 15:26:28
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000007 2016-10-03 15:52:15
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000008 2016-10-26 08:04:54
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-10-31 12:46:58: bin\burp.exe[8164] main socket: Peer closed SSL session
2016-10-31 12:46:58: bin\burp.exe[8164] List finished ok

SERVER2

Using idle server only with one client (test server):

C:\Program Files\Burp>bin\burp.exe -a l -c burp_l240lnx922.conf -r "^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
2016-10-31 12:56:30: bin\burp.exe[1412] auth ok
2016-10-31 12:56:30: bin\burp.exe[1412] Server version: 2.0.48
2016-10-31 12:56:30: bin\burp.exe[1412] nocsr ok
2016-10-31 12:56:30: bin\burp.exe[1412] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(2

2016-10-31 12:56:30: bin\burp.exe[1412] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=
2016-10-31 12:56:30: bin\burp.exe[1412] Server is forcing protocol 1
Backup: 0000001 2016-09-09 14:34:03 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000002 2016-09-09 15:06:23 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000003 2016-09-09 15:10:22
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000004 2016-09-09 15:15:13
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000005 2016-09-09 15:17:33
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000006 2016-09-09 15:26:28
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000007 2016-10-03 15:52:15
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000008 2016-10-26 08:04:54
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-10-31 12:56:30: bin\burp.exe[1412] main socket: Peer closed SSL session
2016-10-31 12:56:30: bin\burp.exe[1412] List finished ok

server test log:

2016-10-31 12:52:10: burp[24398] pipe from child: end of data
2016-10-31 12:52:10: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:52:26: burp[24398] Connect from peer: 10.100.64.134:55938
2016-10-31 12:52:26: burp[1871] auth ok for: computer1
2016-10-31 12:52:26: burp[1871] Client computer1 does not want a certificate signed
2016-10-31 12:52:26: burp[1871] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-31 12:52:26: burp[1871] Server is using protocol=1
2016-10-31 12:52:26: burp[1871] Client supports being sent json counters.
2016-10-31 12:52:26: burp[1871] exit child
98] pipe from child: disconnected fd 7
2016-10-31 12:47:43: burp[24398] Connect from peer: 10.100.64.134:55830
2016-10-31 12:47:43: burp[24398] forked child: 1781
2016-10-31 12:47:43: burp[24398] pipe from child: end of data
2016-10-31 12:47:43: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:48:15: burp[24398] Connect from peer: 10.100.64.134:55844
2016-10-31 12:48:15: burp[24398] forked child: 1790
2016-10-31 12:48:15: burp[24398] pipe from child: end of data
2016-10-31 12:48:15: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:48:42: burp[24398] Connect from peer: 10.100.64.134:55853
2016-10-31 12:48:42: burp[24398] forked child: 1801
2016-10-31 12:48:42: burp[24398] pipe from child: end of data
2016-10-31 12:48:42: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:48:47: burp[24398] Connect from peer: 10.100.64.134:55855
2016-10-31 12:48:47: burp[24398] forked child: 1802
2016-10-31 12:48:47: burp[24398] pipe from child: end of data
2016-10-31 12:48:47: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:48:59: burp[24398] Connect from peer: 10.100.64.134:55859
2016-10-31 12:48:59: burp[24398] forked child: 1803
2016-10-31 12:48:59: burp[24398] pipe from child: end of data
2016-10-31 12:48:59: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:49:08: burp[24398] Connect from peer: 10.100.64.134:55867
2016-10-31 12:49:08: burp[24398] forked child: 1807
2016-10-31 12:49:08: burp[24398] pipe from child: end of data
2016-10-31 12:49:08: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:49:15: burp[24398] Connect from peer: 10.100.64.134:55870
2016-10-31 12:49:15: burp[24398] forked child: 1808
2016-10-31 12:49:15: burp[24398] pipe from child: end of data
2016-10-31 12:49:15: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:49:44: burp[24398] Connect from peer: 10.100.64.134:55879
2016-10-31 12:49:44: burp[24398] forked child: 1815
2016-10-31 12:49:44: burp[24398] pipe from child: end of data
2016-10-31 12:49:44: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:51:42: burp[24398] Connect from peer: 10.100.64.134:55925
2016-10-31 12:51:42: burp[24398] forked child: 1824
2016-10-31 12:51:43: burp[24398] pipe from child: end of data
2016-10-31 12:51:43: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:52:09: burp[24398] Connect from peer: 10.100.64.134:55932
2016-10-31 12:52:09: burp[24398] forked child: 1870
2016-10-31 12:52:10: burp[24398] pipe from child: end of data
2016-10-31 12:52:10: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:52:26: burp[24398] Connect from peer: 10.100.64.134:55938
2016-10-31 12:52:26: burp[24398] forked child: 1871
2016-10-31 12:52:26: burp[24398] pipe from child: end of data
2016-10-31 12:52:26: burp[24398] pipe from child: disconnected fd 7
2016-10-31 12:56:30: burp[24398] Connect from peer: 10.100.64.134:56027
2016-10-31 12:56:30: burp[1920] auth ok for: computer1
2016-10-31 12:56:30: burp[1920] Client computer1 does not want a certificate signed
2016-10-31 12:56:30: burp[1920] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-31 12:56:30: burp[1920] Server is using protocol=1
2016-10-31 12:56:30: burp[1920] Client supports being sent json counters.
2016-10-31 12:56:30: burp[1920] exit child

SERVER1:

(test previous)

C:\Program Files\Burp>bin\burp.exe -a l -c burp.conf -r "^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
2016-10-31 12:53:23: bin\burp.exe[12880] burp.conf: status_port unset
2016-10-31 12:53:23: bin\burp.exe[12880] auth ok
2016-10-31 12:53:23: bin\burp.exe[12880] Server version: 2.0.48
2016-10-31 12:53:23: bin\burp.exe[12880] nocsr ok
2016-10-31 12:53:23: bin\burp.exe[12880] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(

2016-10-31 12:53:23: bin\burp.exe[12880] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:fo
2016-10-31 12:53:23: bin\burp.exe[12880] Server is forcing protocol 1
Backup: 0000015 2016-09-26 07:21:02 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000022 2016-10-05 17:40:06 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000029 2016-10-18 10:20:09 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000030 2016-10-19 10:40:12 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000031 2016-10-20 10:44:43
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000032 2016-10-21 11:00:12
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000033 2016-10-24 07:40:14
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000034 2016-10-25 08:00:06
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
Backup: 0000035 2016-10-31 09:40:18
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test.txt
2016-10-31 12:54:17: bin\burp.exe[12880] main socket: Peer closed SSL session
2016-10-31 12:54:17: bin\burp.exe[12880] List finished ok

Server log:

2016-10-31 12:52:35: burp[32388] auth ok for: computer1
2016-10-31 12:52:35: burp[32388] Client computer1 does not want a certificate signed
2016-10-31 12:52:35: burp[32388] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-31 12:52:35: burp[32388] Server is using protocol=1
2016-10-31 12:52:35: burp[32388] Client supports being sent json counters.
2016-10-31 12:52:39: burp[32388] exit child
.66.12:1936
2016-10-31 12:20:00: burp[17722] forked child: 30893
2016-10-31 12:20:00: burp[17722] pipe from child: end of data
2016-10-31 12:20:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:25:00: burp[17722] Connect from peer: 10.100.66.12:4718
2016-10-31 12:25:00: burp[17722] forked child: 31161
2016-10-31 12:25:00: burp[17722] pipe from child: end of data
2016-10-31 12:25:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:30:00: burp[17722] Connect from peer: 10.100.66.12:3600
2016-10-31 12:30:00: burp[17722] forked child: 31415
2016-10-31 12:30:00: burp[17722] pipe from child: end of data
2016-10-31 12:30:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:35:00: burp[17722] Connect from peer: 10.100.66.12:2631
2016-10-31 12:35:00: burp[17722] forked child: 31604
2016-10-31 12:35:00: burp[17722] pipe from child: end of data
2016-10-31 12:35:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:38:25: burp[17722] Connect from peer: 10.100.64.134:55598
2016-10-31 12:38:25: burp[17722] forked child: 31748
2016-10-31 12:40:00: burp[17722] Connect from peer: 10.100.66.12:1930
2016-10-31 12:40:00: burp[17722] forked child: 31812
2016-10-31 12:40:00: burp[17722] pipe from child: end of data
2016-10-31 12:40:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:40:05: burp[17722] Connect from peer: 10.100.64.134:55639
2016-10-31 12:40:05: burp[17722] forked child: 31818
2016-10-31 12:40:06: burp[17722] pipe from child: end of data
2016-10-31 12:40:06: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:42:19: burp[17722] Connect from peer: 10.100.64.134:55698
2016-10-31 12:42:19: burp[17722] forked child: 31902
2016-10-31 12:45:00: burp[17722] Connect from peer: 10.100.66.12:4803
2016-10-31 12:45:00: burp[17722] forked child: 32010
2016-10-31 12:45:00: burp[17722] pipe from child: end of data
2016-10-31 12:45:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:50:00: burp[17722] Connect from peer: 10.100.66.12:4353
2016-10-31 12:50:00: burp[17722] forked child: 32263
2016-10-31 12:50:00: burp[17722] pipe from child: end of data
2016-10-31 12:50:00: burp[17722] pipe from child: disconnected fd 7
2016-10-31 12:50:39: burp[17722] Connect from peer: 10.100.64.134:55905
2016-10-31 12:50:39: burp[17722] forked child: 32306
2016-10-31 12:51:17: burp[17722] Connect from peer: 10.100.64.134:55918
2016-10-31 12:51:17: burp[17722] forked child: 32334
2016-10-31 12:52:35: burp[17722] Connect from peer: 10.100.64.134:55945
2016-10-31 12:52:35: burp[17722] forked child: 32388
2016-10-31 12:53:23: burp[17722] Connect from peer: 10.100.64.134:55961
2016-10-31 12:53:23: burp[32421] auth ok for: computer1
2016-10-31 12:53:23: burp[32421] Client computer1 does not want a certificate signed
2016-10-31 12:53:23: burp[32421] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-10-31 12:53:23: burp[32421] Server is using protocol=1
2016-10-31 12:53:23: burp[32421] Client supports being sent json counters.
2016-10-31 12:54:17: burp[32421] exit child

Analyzing manifest in both:

server 1:

 zless manifest.gz | grep -A 1 test.txt
t0035t/C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
r0032A A IH/ B A A A O A A BUGxcH BM9p1D BUGaS2 A CAg J
f0033C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
x0024206:b8d944f1ba3adb9edb75f6c19cb3b8d9
--
t006Et/C:/Users/user1/Documents/gitprojects/coffeescripts/SQLMigration/MGS/parametros/mgs_parametros_gdc_test.txt
r0033A A IH/ B A A A HL A A BXWu9a BXWtW2 BXWu9a A CAg J
f006CC:/Users/user1/Documents/gitprojects/coffeescripts/SQLMigration/MGS/parametros/mgs_parametros_gdc_test.txt
x0024651:74142b1b73724bf9bcbddc170be3db89
--
t006At/C:/Users/user1/Documents/gitprojects/coffeescripts/SQLMigration/MGS/parametros/mgs_parametros_test.txt
r0034A A IH/ B A A A B5j A A BXWu9a BXWtTC BXWu9a A CAg J
f0068C:/Users/user1/Documents/gitprojects/coffeescripts/SQLMigration/MGS/parametros/mgs_parametros_test.txt
x00257971:6f89925ef3db0eaccdd5c7c3366beeac

server2 test:

zless manifest.gz | grep -A 1 test.txt
t0035t/c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
r0032A A IH/ B A A A O A A BUGxcH BM9p1D BUGaS2 A CAg J
f0033c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
x0024206:b8d944f1ba3adb9edb75f6c19cb3b8d9

Main differences between server1 and SERVER2:

server1:

Uses NAS through iscsi with xfs.

 df -hT
Filesystem                      Type      Size  Used Avail Use% Mounted on
udev                            devtmpfs  3,0G  4,0K  3,0G   1% /dev
tmpfs                           tmpfs     597M  1,1M  596M   1% /run
/dev/sda1                       ext4       19G  7,9G  9,8G  45% /
none                            tmpfs     4,0K     0  4,0K   0% /sys/fs/cgroup
none                            tmpfs     5,0M     0  5,0M   0% /run/lock
none                            tmpfs     3,0G     0  3,0G   0% /run/shm
none                            tmpfs     100M     0  100M   0% /run/user
/dev/mapper/burp01-burp_storage xfs       5,3T  2,8T  2,5T  53% /storage

$ mount
/dev/mapper/burp01-burp_storage on /storage type xfs (rw,nobarrier,logbufs=8,logbsize=256k,inode64,_netdev)

sudo iostat -hm
Linux 4.4.0-45-generic (l240lnx920)     31/10/16        _x86_64_        (8 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           4,00    0,00    0,93    4,24    0,00   90,84

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sda
                  1,24         0,02         0,01      18787      10775
sdc
                132,24        13,62         2,49   11783062    2150099
sdb
                 69,83         7,59         2,84    6565270    2457068
dm-0
                210,42        21,21         5,33   18348325    4607224
dm-1
                  0,00         0,00         0,00          1          0
dm-2
                  0,00         0,00         0,00          1          0

server2:

Has only 1 client
Uses local ext4 instead of xfs through iscsi.

Conclusion

I think it is not a burp issue, something with fs that could affect burp.
I need to do lot of more tests to confirm my conclusion. (Will do once get more time)
Maybe this issue can be closed.

Kind regards,
Pablo.

[grke]

I think that it is most likely not the filesystem. If you are using a network filesystem, it will make things slower. It's not going to affect whether regex matches things in the manifest or not.

I observe that one manifest has a lowercase 'c' as the drive letter, and the other has an uppercase 'C' as the drive letter.
If you match the case of the drive letter in the manifest with your regex, does it work correctly?

[pablodav]

Hello Graham,

Thanks for your response.

You are completely right, I haven't noticed it when doing manual test with -a l -r regex (but was only mistake in manual testing -a l).
I have different C and c in both clients for the include, but for now you can go to the end of this message as I found where the issue comes from.

In resume: there are 2 problems with "Server initiated restore and regex":

1. when incexc has some include path that doesn't exist in the backup
2. when incexc is nested more than 2 times, like client having . incexc/profilex and profilex having . global_inclusions

I'm pasting all the details that I have been checking just to have clear info.

SERVER1

Regex in SERVER1 now works with C in uppercase.
But server initiated restore with same regex doesn't.

C:\Program Files\Burp>bin\burp.exe -a l -c burp.conf -r "^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$"
2016-11-02 08:09:20: bin\burp.exe[10296] auth ok
2016-11-02 08:09:20: bin\burp.exe[10296] Server version: 2.0.48
2016-11-02 08:09:20: bin\burp.exe[10296] nocsr ok
2016-11-02 08:09:20: bin\burp.exe[10296] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 08:09:20: bin\burp.exe[10296] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=1:
2016-11-02 08:09:20: bin\burp.exe[10296] Server is forcing protocol 1
Backup: 0000022 2016-10-05 17:40:06 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000029 2016-10-18 10:20:09 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000030 2016-10-19 10:40:12 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000031 2016-10-20 10:44:43
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000032 2016-10-21 11:00:12
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000033 2016-10-24 07:40:14
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000034 2016-10-25 08:00:06
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000035 2016-10-31 09:40:18
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000036 2016-11-01 10:00:08
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-11-02 08:09:24: bin\burp.exe[10296] main socket: Peer closed SSL session
2016-11-02 08:09:24: bin\burp.exe[10296] List finished ok

C:\Program Files\Burp>bin\burp.exe -c burp.conf -a t
2016-11-02 08:11:01: bin\burp.exe[10268] auth ok
2016-11-02 08:11:01: bin\burp.exe[10268] Server version: 2.0.48
2016-11-02 08:11:01: bin\burp.exe[10268] nocsr ok
2016-11-02 08:11:01: bin\burp.exe[10268] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 08:11:01: bin\burp.exe[10268] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-11-02 08:11:01: bin\burp.exe[10268] Server wants to initiate a restore
2016-11-02 08:11:01: bin\burp.exe[10268] Client accepts.
2016-11-02 08:11:01: bin\burp.exe[10268] Restore settings:
2016-11-02 08:11:01: bin\burp.exe[10268] backup = '36'
2016-11-02 08:11:01: bin\burp.exe[10268] overwrite = 1
2016-11-02 08:11:01: bin\burp.exe[10268] strip = 0
2016-11-02 08:11:01: bin\burp.exe[10268] regex = '^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 08:11:01: bin\burp.exe[10268] Server is forcing protocol 1
2016-11-02 08:11:01: bin\burp.exe[10268] doing restore 36:^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 08:11:01: bin\burp.exe[10268] doing restore confirmed


--------------------------------------------------------------------------------
Start time: 2016-11-02 08:11:01
  End time: 2016-11-02 08:11:02
Time taken: 00:01
                             Attempted | Expected
                   ------------------------------
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:             0
      Bytes attempted:             0
       Bytes received:          1342 (1.31 KB)
           Bytes sent:           673
--------------------------------------------------------------------------------
2016-11-02 08:11:02: bin\burp.exe[10268] restore finished

SERVER2

The server initiated restore curiously works

C:\Program Files\Burp>bin\burp.exe -c burp_server2.conf -a t
2016-11-02 08:13:51: bin\burp.exe[3260] auth ok
2016-11-02 08:13:51: bin\burp.exe[3260] Server version: 2.0.48
2016-11-02 08:13:51: bin\burp.exe[3260] nocsr ok
2016-11-02 08:13:51: bin\burp.exe[3260] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 08:13:51: bin\burp.exe[3260] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:counters_json:msg:forceproto=1:
2016-11-02 08:13:51: bin\burp.exe[3260] Server wants to initiate a restore
2016-11-02 08:13:51: bin\burp.exe[3260] Client accepts.
2016-11-02 08:13:52: bin\burp.exe[3260] Restore settings:
2016-11-02 08:13:52: bin\burp.exe[3260] backup = '8'
2016-11-02 08:13:52: bin\burp.exe[3260] overwrite = 1
2016-11-02 08:13:52: bin\burp.exe[3260] strip = 0
2016-11-02 08:13:52: bin\burp.exe[3260] regex = '^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 08:13:52: bin\burp.exe[3260] Server is forcing protocol 1
2016-11-02 08:13:52: bin\burp.exe[3260] doing restore 8:^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 08:13:52: bin\burp.exe[3260] doing restore confirmed

f 1

--------------------------------------------------------------------------------
Start time: 2016-11-02 08:13:51
  End time: 2016-11-02 08:13:52
Time taken: 00:01
                             Attempted | Expected
                   ------------------------------
             Files:                  1 |        1
       Grand total:                  1 |        1
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:           206
      Bytes attempted:             0
       Bytes received:          2556 (2.50 KB)
           Bytes sent:           672
--------------------------------------------------------------------------------
2016-11-02 08:13:52: bin\burp.exe[3260] restore finished

Trying to reproduce the error in SERVER2 (test)

Also with xfs on SERVER2 now.

I have changed the include to uppercase C in client for SERVER2.
It did a completely new full backup

--------------------------------------------------------------------------------
Start time: 2016-11-02 08:17:54
  End time: 2016-11-02 08:19:58
Time taken: 02:04
                         New   Changed Duplicate   Deleted     Total |  Scanned
                   ------------------------------------------------------------
             Files:     3708         0         0         0      3708 |     3708
       Grand total:     3708         0         0         0      3708 |     3708
                   ------------------------------------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:     569855808 (543.46 MB)
      Bytes in backup:     570697664 (544.26 MB)
       Bytes received:        536377 (523.81 KB)
           Bytes sent:     330934632 (315.60 MB)
--------------------------------------------------------------------------------

The regex shows the last backup as the unique with C uppercase:

C:\Program Files\Burp>bin\burp.exe -a l -c burp_server2.conf -r "^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$"
2016-11-02 08:20:47: bin\burp.exe[5344] auth ok
2016-11-02 08:20:47: bin\burp.exe[5344] Server version: 2.0.48
2016-11-02 08:20:47: bin\burp.exe[5344] nocsr ok
2016-11-02 08:20:47: bin\burp.exe[5344] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 08:20:47: bin\burp.exe[5344] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:counters_json:msg:forceproto=1:
2016-11-02 08:20:47: bin\burp.exe[5344] Server is forcing protocol 1
Backup: 0000001 2016-09-09 14:34:03 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000003 2016-09-09 15:10:22 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000004 2016-09-09 15:15:13
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000005 2016-09-09 15:17:33
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000006 2016-09-09 15:26:28
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000007 2016-10-03 15:52:15
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000008 2016-10-26 08:04:54
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000009 2016-11-02 08:17:55 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-11-02 08:20:47: bin\burp.exe[5344] main socket: Peer closed SSL session
2016-11-02 08:20:47: bin\burp.exe[5344] List finished ok

Unfortunately it didn't reproduce the error.

C:\Program Files\Burp>bin\burp.exe -c burp_server2.conf -a t
2016-11-02 08:24:32: bin\burp.exe[6708] auth ok
2016-11-02 08:24:32: bin\burp.exe[6708] Server version: 2.0.48
2016-11-02 08:24:32: bin\burp.exe[6708] nocsr ok
2016-11-02 08:24:32: bin\burp.exe[6708] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 08:24:32: bin\burp.exe[6708] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:counters_json:msg:forceproto=1:
2016-11-02 08:24:32: bin\burp.exe[6708] Server wants to initiate a restore
2016-11-02 08:24:32: bin\burp.exe[6708] Client accepts.
2016-11-02 08:24:32: bin\burp.exe[6708] Restore settings:
2016-11-02 08:24:32: bin\burp.exe[6708] backup = '9'
2016-11-02 08:24:32: bin\burp.exe[6708] overwrite = 1
2016-11-02 08:24:32: bin\burp.exe[6708] strip = 0
2016-11-02 08:24:32: bin\burp.exe[6708] regex = '^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 08:24:32: bin\burp.exe[6708] Server is forcing protocol 1
2016-11-02 08:24:32: bin\burp.exe[6708] doing restore 9:^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 08:24:32: bin\burp.exe[6708] doing restore confirmed

f 1

--------------------------------------------------------------------------------
Start time: 2016-11-02 08:24:32
  End time: 2016-11-02 08:24:32
Time taken: 00:00
                             Attempted | Expected
                   ------------------------------
             Files:                  1 |        1
       Grand total:                  1 |        1
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:           206
      Bytes attempted:             0
       Bytes received:          2555 (2.50 KB)
           Bytes sent:           672
--------------------------------------------------------------------------------
2016-11-02 08:24:32: bin\burp.exe[6708] restore finished

I have rebuit SERVER1 but didn't change anything.

Trying to reproduce the problem 2 in SERVER2 (Reproduced)

Finally I have reproduced the problem when I deleted all the backups and started again to BURP2:

C:\Program Files\Burp>bin\burp.exe -a l -c burp_server2.conf -r "^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$"
2016-11-02 10:51:05: bin\burp.exe[8788] auth ok
2016-11-02 10:51:05: bin\burp.exe[8788] Server version: 2.0.48
2016-11-02 10:51:05: bin\burp.exe[8788] nocsr ok
2016-11-02 10:51:05: bin\burp.exe[8788] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 10:51:05: bin\burp.exe[8788] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=1:
2016-11-02 10:51:05: bin\burp.exe[8788] Server is forcing protocol 1
Backup: 0000001 2016-11-02 10:43:56 (deletable)
With regex: ^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
C:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-11-02 10:51:05: bin\burp.exe[8788] main socket: Peer closed SSL session
2016-11-02 10:51:05: bin\burp.exe[8788] List finished ok

C:\Program Files\Burp>bin\burp.exe -c burp_server2.conf -a t
2016-11-02 10:50:30: bin\burp.exe[4112] auth ok
2016-11-02 10:50:30: bin\burp.exe[4112] Server version: 2.0.48
2016-11-02 10:50:30: bin\burp.exe[4112] nocsr ok
2016-11-02 10:50:30: bin\burp.exe[4112] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 10:50:30: bin\burp.exe[4112] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-11-02 10:50:30: bin\burp.exe[4112] Server wants to initiate a restore
2016-11-02 10:50:30: bin\burp.exe[4112] Client accepts.
2016-11-02 10:50:30: bin\burp.exe[4112] Restore settings:
2016-11-02 10:50:30: bin\burp.exe[4112] backup = '1'
2016-11-02 10:50:30: bin\burp.exe[4112] overwrite = 1
2016-11-02 10:50:30: bin\burp.exe[4112] strip = 0
2016-11-02 10:50:30: bin\burp.exe[4112] regex = '^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 10:50:30: bin\burp.exe[4112] Server is forcing protocol 1
2016-11-02 10:50:30: bin\burp.exe[4112] doing restore 1:^C\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 10:50:30: bin\burp.exe[4112] doing restore confirmed


--------------------------------------------------------------------------------
Start time: 2016-11-02 10:50:30
  End time: 2016-11-02 10:50:30
Time taken: 00:00
                             Attempted | Expected
                   ------------------------------
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:             0
      Bytes attempted:             0
       Bytes received:          1377 (1.34 KB)
           Bytes sent:           672

I have tried also with c lowercase but got same result.

Also tried to reduce the incexc parameters, now using:

exclude_ext = dll
exclude_ext = exe
exclude_ext = iso
exclude_ext = msi
exclude_ext = msu
exclude_ext = ost
exclude_ext = part
exclude_ext = tmp
exclude_regex = c:/Users/Administrator
exclude_regex = c:/Users/All Users
exclude_regex = c:/Users/Default
exclude_regex = c:/Users/MiradoreClient
exclude_regex = c:/Users/Public
include_glob = c:/Users/*/Contacts
include_glob = c:/Users/*/Desktop
include_glob = c:/Users/*/Documents
include_glob = c:/Users/*/Favorites
include_glob = c:/Users/*/Links
cross_all_filesystems = 0
read_all_fifos = 0
read_all_blockdevs = 0
min_file_size = 0
max_file_size = 0
split_vss = 0
strip_vss = 0
acl = 1
xattr = 1
atime = 0
scan_problem_raises_error = 0
overwrite = 0
strip = 0

compression = 5

It's done in a nested incexc files:

cat /etc/burp/clientconfdir/client1

password = somepass

# More configuration files can be read, using syntax like the following
# (without the leading '# ').
. incexc/profile_win6x
# -------------------------------------------------------------------------------------

cat /etc/burp/clientconfdir/incexc/profile_win6x

#hard_quota No permitir backups a clientes con mas de xxGb en el backup total
#hard_quota Do not allow to backup clients with more than xxGb in the whole backup
hard_quota=65Gb

#soft_quota enviar "WARNING" backups a de clientes con mas de xxGb en el backup total
#soft_quota send "WARNING" to backups clients with more than xxGb in the whole backup
soft_quota=50Gb

. win6x_global_inclusions
. win6x_global_exclusions
#. video_exclusions
#. audio_exclusions
# ------------------------------------------------------------------------------------


cat /etc/burp/clientconfdir/incexc/win6x_global_inclusions

include=c:/Notes
include=c:/notesid
include=c:/CBackup

include_glob=c:/Users/*/Contacts
include_glob=c:/Users/*/Documents
include_glob=c:/Users/*/Favorites
include_glob=c:/Users/*/Links
include_glob=c:/Users/*/Desktop
# -------------------------------------------------------------------------------------

cat /etc/burp/clientconfdir/incexc/win6x_global_exclusions

exclude_regex="c:/Users/Administrator"
exclude_regex="c:/Users/Default"
exclude_regex="c:/Users/Public"
exclude_regex="c:/Users/MiradoreClient"
exclude_regex="c:/Users/All Users"
exclude_ext=exe
exclude_ext=msi
exclude_ext=msu
exclude_ext=iso
exclude_ext=dll
exclude_ext=part
exclude_ext=tmp
exclude_ext=ost
# -------------------------------------------------------------------------------------

Recovering from reproduced problem.

Simplified configuration with incexc recovers from the reproduced problem:

include = c:/Users/user1/Documents/Temporal
nobackup = .nobackup
cross_all_filesystems = 0
read_all_fifos = 0
read_all_blockdevs = 0
min_file_size = 0
max_file_size = 0
split_vss = 0
strip_vss = 0
acl = 1
xattr = 1
atime = 0
scan_problem_raises_error = 0
overwrite = 0
strip = 0

compression = 5

C:\Program Files\Burp>bin\burp.exe -c burp_server2.conf -a t
2016-11-02 11:46:23: bin\burp.exe[5876] auth ok
2016-11-02 11:46:23: bin\burp.exe[5876] Server version: 2.0.48
2016-11-02 11:46:23: bin\burp.exe[5876] nocsr ok
2016-11-02 11:46:23: bin\burp.exe[5876] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 11:46:23: bin\burp.exe[5876] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:counters_json:msg:forceproto=1:
2016-11-02 11:46:23: bin\burp.exe[5876] Server wants to initiate a restore
2016-11-02 11:46:23: bin\burp.exe[5876] Client accepts.
2016-11-02 11:46:23: bin\burp.exe[5876] Restore settings:
2016-11-02 11:46:23: bin\burp.exe[5876] backup = '4'
2016-11-02 11:46:23: bin\burp.exe[5876] overwrite = 1
2016-11-02 11:46:23: bin\burp.exe[5876] strip = 0
2016-11-02 11:46:23: bin\burp.exe[5876] regex = '^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 11:46:23: bin\burp.exe[5876] Server is forcing protocol 1
2016-11-02 11:46:23: bin\burp.exe[5876] doing restore 4:^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 11:46:23: bin\burp.exe[5876] doing restore confirmed

f 1

--------------------------------------------------------------------------------
Start time: 2016-11-02 11:46:23
  End time: 2016-11-02 11:46:23
Time taken: 00:00
                             Attempted | Expected
                   ------------------------------
             Files:                  1 |        1
       Grand total:                  1 |        1
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:           206
      Bytes attempted:             0
       Bytes received:          2519 (2.46 KB)
           Bytes sent:           672
--------------------------------------------------------------------------------
2016-11-02 11:46:23: bin\burp.exe[5876] restore finished

Found the root cause of the issue

After big amount of combinations, I found how to reproduce the problem.
Seems that regex in server initiated restore uses de incexc configured at the time of running the restore.

If I add some include=/path/non/in/backup

The regex works but the server initiated restore doesn't.

Let me show in real example:

Backup 9

Adding only:

exclude_ext=pst
include_glob=c:/Users/*/Documents

In incexc/profile_win6x

Restore works, also regex:

C:\Program Files\Burp>bin\burp.exe -a l -c burp_server2.conf -r "^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$"
2016-11-02 13:08:05: bin\burp.exe[11896] auth ok
2016-11-02 13:08:05: bin\burp.exe[11896] Server version: 2.0.48
2016-11-02 13:08:05: bin\burp.exe[11896] nocsr ok
2016-11-02 13:08:05: bin\burp.exe[11896] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 13:08:05: bin\burp.exe[11896] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=1:
2016-11-02 13:08:06: bin\burp.exe[11896] Server is forcing protocol 1
Backup: 0000001 2016-11-02 11:08:19 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000004 2016-11-02 11:44:06 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000005 2016-11-02 11:49:46
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000006 2016-11-02 12:27:33
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000007 2016-11-02 12:30:52
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000008 2016-11-02 12:34:12
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000009 2016-11-02 12:37:09 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000010 2016-11-02 13:00:06
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-11-02 13:08:06: bin\burp.exe[11896] main socket: Peer closed SSL session
2016-11-02 13:08:06: bin\burp.exe[11896] List finished ok

C:\Program Files\Burp>bin\burp.exe -c burp_server2.conf -a t
2016-11-02 13:08:13: bin\burp.exe[2252] auth ok
2016-11-02 13:08:13: bin\burp.exe[2252] Server version: 2.0.48
2016-11-02 13:08:13: bin\burp.exe[2252] nocsr ok
2016-11-02 13:08:13: bin\burp.exe[2252] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 13:08:13: bin\burp.exe[2252] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-11-02 13:08:13: bin\burp.exe[2252] Server wants to initiate a restore
2016-11-02 13:08:13: bin\burp.exe[2252] Client accepts.
2016-11-02 13:08:13: bin\burp.exe[2252] Restore settings:
2016-11-02 13:08:13: bin\burp.exe[2252] backup = '9'
2016-11-02 13:08:13: bin\burp.exe[2252] overwrite = 1
2016-11-02 13:08:13: bin\burp.exe[2252] strip = 0
2016-11-02 13:08:13: bin\burp.exe[2252] regex = '^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 13:08:13: bin\burp.exe[2252] Server is forcing protocol 1
2016-11-02 13:08:13: bin\burp.exe[2252] doing restore 9:^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 13:08:13: bin\burp.exe[2252] doing restore confirmed

f 1

--------------------------------------------------------------------------------
Start time: 2016-11-02 13:08:13
  End time: 2016-11-02 13:08:13
Time taken: 00:00
                             Attempted | Expected
                   ------------------------------
             Files:                  1 |        1
       Grand total:                  1 |        1
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:           206
      Bytes attempted:             0
       Bytes received:          2529 (2.47 KB)
           Bytes sent:           672
--------------------------------------------------------------------------------
2016-11-02 13:08:14: bin\burp.exe[2252] restore finished

Adding include=c:/Notes to incexc/profile_win6x that is not in backup:

exclude_ext=pst
include=c:/Notes
include_glob=c:/Users/*/Documents

regex works but server initiated restore doesn't:

C:\Program Files\Burp>bin\burp.exe -a l -c burp_server2.conf -r "^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$"
2016-11-02 13:09:39: bin\burp.exe[6180] auth ok
2016-11-02 13:09:39: bin\burp.exe[6180] Server version: 2.0.48
2016-11-02 13:09:39: bin\burp.exe[6180] nocsr ok
2016-11-02 13:09:39: bin\burp.exe[6180] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 13:09:39: bin\burp.exe[6180] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=1:
2016-11-02 13:09:39: bin\burp.exe[6180] Server is forcing protocol 1
Backup: 0000001 2016-11-02 11:08:19 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000004 2016-11-02 11:44:06 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000005 2016-11-02 11:49:46
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000006 2016-11-02 12:27:33
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000007 2016-11-02 12:30:52
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000008 2016-11-02 12:34:12
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
Backup: 0000009 2016-11-02 12:37:09 (deletable)
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
Backup: 0000010 2016-11-02 13:00:06
With regex: ^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
c:/Users/user1/Documents/Temporal/VIEJOS/test.txt
2016-11-02 13:09:39: bin\burp.exe[6180] main socket: Peer closed SSL session
2016-11-02 13:09:39: bin\burp.exe[6180] List finished ok

C:\Program Files\Burp>bin\burp.exe -c burp_server2.conf -a t
2016-11-02 13:10:10: bin\burp.exe[6220] auth ok
2016-11-02 13:10:10: bin\burp.exe[6220] Server version: 2.0.48
2016-11-02 13:10:10: bin\burp.exe[6220] nocsr ok
2016-11-02 13:10:10: bin\burp.exe[6220] SSL is using cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD

2016-11-02 13:10:10: bin\burp.exe[6220] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:srestore:sincexc:counters_json:msg:forceproto=1:
2016-11-02 13:10:10: bin\burp.exe[6220] Server wants to initiate a restore
2016-11-02 13:10:10: bin\burp.exe[6220] Client accepts.
2016-11-02 13:10:11: bin\burp.exe[6220] Restore settings:
2016-11-02 13:10:11: bin\burp.exe[6220] backup = '9'
2016-11-02 13:10:11: bin\burp.exe[6220] overwrite = 1
2016-11-02 13:10:11: bin\burp.exe[6220] strip = 0
2016-11-02 13:10:11: bin\burp.exe[6220] regex = '^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$'
2016-11-02 13:10:11: bin\burp.exe[6220] Server is forcing protocol 1
2016-11-02 13:10:11: bin\burp.exe[6220] doing restore 9:^c\:\/Users\/user1\/Documents\/Temporal\/VIEJOS\/test\.txt$
2016-11-02 13:10:11: bin\burp.exe[6220] doing restore confirmed


--------------------------------------------------------------------------------
Start time: 2016-11-02 13:10:10
  End time: 2016-11-02 13:10:11
Time taken: 00:01
                             Attempted | Expected
                   ------------------------------
                   ------------------------------

             Messages:             0
             Warnings:             0

      Bytes estimated:             0
      Bytes attempted:             0
       Bytes received:          1304 (1.27 KB)
           Bytes sent:           672
--------------------------------------------------------------------------------
2016-11-02 13:10:11: bin\burp.exe[6220] restore finished

Seems that the bug is with regex from server initiated restore when incexc configuration doesn't equals all folders in backup.

Also I have checked that same behaviour happens when using nested include_glob.
For example, if I add the include_glob= to file profile_win6x it works, but if I move it to one more nested inc it doesn't, cfg example:

$ cat /etc/burp/clientconfdir/client1
password = somepass
. incexc/profile_win6x
# -------------------------------------------------------------------------------------

$ cat /etc/burp/clientconfdir/incexc/profile_win6x
hard_quota=65Gb
soft_quota=50Gb

. win6x_global_inclusions
# ------------------------------------------------------------------------------------

$ cat /etc/burp/clientconfdir/incexc/win6x_global_inclusions
include_glob=c:/Users/*/Documents

Now I'm thinking how to workaround it, maybe I need to exclude those dirs that are not part of the backup on all the clients for now.

Kind regards
Pablo.

[pablodav]

Workaround fix done in my burp2_server role: CoffeeITWorks/ansible_burp2_server@32f1791

[grke]

I haven't reviewed all the data that you posted yet.
I'll get around to it sometime and decide what to do with this issue.

[pablodav]

no issues!
I have managed a workaround changing the includes files.
I will try to make more automated tests (to ansible_burp2_server) to see if
I can replicate this kind of behaviour in linux also (I haven't tested with
linux backup the same kind of nested inc configuration).

Anyway if someone reports this kind of issues with server initiated restore
we already ACK the solution and there is no problem with that, maybe the
issue can be closed and we only could add some notes in includes section
but I will try to confirm if same thing happens on linux also.

El mar., 8 nov. 2016 a las 8:26, grke (notifications@github.com) escribió:

I haven't reviewed all the data that you posted yet.
I'll get around to it sometime and decide what to do with this issue.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#501 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AEQPn6J_6VbKRluMaYsydfzL2BpPPZwmks5q8FxNgaJpZM4KgQFU
.

Pablo.

[grke]

Hello,

I have tried to read and follow what the issue that you are working around is, but I don't understand.

I think I need:
a) A clientconfdir file, plus include files, for which there is no problem.
b) A clientconfdir file, plus include files, for which there is a problem.

These things need to be as small as possible. The absolute minimum amount of config that is needed for the demonstration.

I will run (a) on a client with no previous backups.
When I am done, I will run (b) on a client with no previous backups.

Are you able to send me (a) and (b)?

[pablodav]

For windows tests I have done it:

I have incexc folder with:

https://github.com/CoffeeITWorks/ansible_burp2_server/tree/master/files/incexc

Then I add a clienta with this info:

password = somepass
. incexc/profile_win6x

Do a server initiated restore with the profile_win6x as it is.

https://github.com/CoffeeITWorks/ansible_burp2_server/blob/master/files/incexc/profile_win6x

Then to replicate the issue just add one include line with path non existing on the client (on backup):

#hard_quota No permitir backups a clientes con mas de xxGb en el backup total
#hard_quota Do not allow to backup clients with more than xxGb in the whole backup
hard_quota=65Gb

#soft_quota enviar "WARNING" backups a de clientes con mas de xxGb en el backup total
#soft_quota send "WARNING" to backups clients with more than xxGb in the whole backup
soft_quota=50Gb

# Due to issue: https://github.com/grke/burp/issues/501
# I'm moving some inclusions and reducing the way I'm using nested files and also not including anything that is not 
# on all clients. 
# . win6x_global_inclusions
include=C:/CBackup
include_glob=C:/Users/*/Contacts
include_glob=C:/Users/*/Documents
include_glob=C:/Users/*/Favorites
include_glob=C:/Users/*/Links
include_glob=C:/Users/*/Desktop

. win6x_global_exclusions
. video_exclusions
. audio_exclusions

attach requires extension, so here is the file also:
profile_win6x.txt

For Linux I need to test same.

Kind regards,
Pablo.

[grke]

Do you do a backup, then restore, then add the line to the config, then backup, then restore?

[pablodav]

Previous tests were:

First do backup
Then restore -----> ok
Add the line
Then restore -----> doesn't restore

Now as you asked for these steps I have added to the tests:

Now I have do backup (with line previously added)
Then restore -----> doesn't restore (Tested with both backup 1 and 2)

Then remove the line
Then restore -----> ok

Note: regex expression used in lasts tests is simple, like c:/path/testfile

[grke]

I managed to reproduce it. Hopefully I can fix it soon.

[grke]

Now fixed in master.

[pablodav]

Awesome! Thanks! El mar., 13 dic. 2016 a las 8:49, grke (<notifications@github.com>) escribió:

Now fixed in master. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#501 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEQPn-MJPK3kSlPB8Mh-HZoxbJvdmSiTks5rHoY3gaJpZM4KgQFU> .

-- Pablo.