From 0e3934b19616653927dbd4558363ee30ee055266 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 17 Feb 2012 15:36:12 -0800 Subject: [PATCH 1/2] Updating NEWS. --- CHANGES | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 15 ++++++++++++++- VERSION | 2 +- 3 files changed, 63 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 9286a5409e..092a5b3740 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,52 @@ +2.0-85 | 2012-02-17 15:36:12 -0800 + + * Changing ARP detection to always kick in even if no analyzer is + activated. (Robin Sommer) + + * DNS name lookups performed by Bro now also query AAAA records. + DNS_Mgr handles combining the results of the A and AAAA queries + for a given hostname such that at the scripting layer, the name + resolution can yield a set with both IPv4 and IPv6 addresses. (Jon + Siwek) + + * Add counts_to_addr and addr_to_counts conversion BIFs. (Jon Siwek) + + * Change HashKey threshold for using H3 to 36 bytes. (Jon Siwek) + + * Remove mention of --enable-brov6 in docs. (Daniel Thayer) + + * Remove --enable-brov6 from configure usage text (Daniel Thayer) + + * Add a test and baseline for addr_to_ptr_name BiF. (Daniel Thayer) + + * Adding a test and baseline for ptr_name_to_addr BiF. (Seth Hall) + + * Fix the ptr_name_to_addr BiF to work with IPv6 (Daniel Thayer) + + * Fix a memory leak that perftools now complains about. (Jon Siwek) + + * Remove --enable-brov6 flag, IPv6 now supported by default. (Jon Siwek) + + Some script-layer changes of note: + + - dns_AAAA_reply event signature changed: the string representation + of an IPv6 addr is easily derived from the addr value, it doesn't + need to be another parameter. This event also now generated directly + by the DNS analyzer instead of being "faked" into a dns_A_reply event. + + - Removed addr_to_count BIF. It used to return the host-order + count representation of IPv4 addresses only. To make it more + generic, we might later add a BIF to return a vector of counts + in order to support IPv6. + + - Changed the result of enclosing addr variables in vertical pipes + (e.g. |my_addr|) to return the bit-width of the address type which + is 128 for IPv6 and 32 for IPv4. It used to function the same + way as addr_to_count mentioned above. + + - Remove bro_has_ipv6 BIF + 2.0-57 | 2012-02-10 00:02:35 -0800 * Fix typos in the documentation. (Daniel Thayer) diff --git a/NEWS b/NEWS index 1a257ce18f..b89493276b 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,20 @@ Release Notes This document summarizes the most important changes in the current Bro release. For a complete list of changes, see the ``CHANGES`` file. + +Bro 2.1 +------- + +- Bro now supports IPv6 out of the box; the configure switch + --enable-brov6 is gone. + +- DNS name lookups performed by Bro now also query AAAA records. The + results of the A and AAAA queries for a given hostname are combined + such that at the scripting layer, the name resolution can yield a + set with both IPv4 and IPv6 addresses. + +TODO: Extend. + Bro 2.0 ------- @@ -61,4 +75,3 @@ final release are: - diff --git a/VERSION b/VERSION index 8dd930b077..0e3b680daa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-57 +2.0-85 From b3333a7da227769b02a9ebeeea04ea13c983f58e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 17 Feb 2012 15:41:06 -0800 Subject: [PATCH 2/2] Reverting loopback change which doesn't seem to fully work. --- CHANGES | 2 +- VERSION | 2 +- src/PktSrc.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 092a5b3740..1285b53cf8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.0-85 | 2012-02-17 15:36:12 -0800 +2.0-86 | 2012-02-17 15:41:06 -0800 * Changing ARP detection to always kick in even if no analyzer is activated. (Robin Sommer) diff --git a/VERSION b/VERSION index 0e3b680daa..2436939ed7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-85 +2.0-86 diff --git a/src/PktSrc.cc b/src/PktSrc.cc index 598f13b51c..68b9785e6f 100644 --- a/src/PktSrc.cc +++ b/src/PktSrc.cc @@ -191,7 +191,7 @@ void PktSrc::Process() switch ( datalink ) { case DLT_NULL: { - protocol = (data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]; + protocol = (data[3] << 24) + (data[2] << 16) + (data[1] << 8) + data[0]; if ( protocol != AF_INET && protocol != AF_INET6 ) {