Merge remote-tracking branch 'origin/topic/dnthayer/doc-fixes-for-2.6'

* origin/topic/dnthayer/doc-fixes-for-2.6: Fix some typos and improve formatting in NEWS Update the operators documentation Replace references to libgeoip in the documentation Update install instructions for python-ipaddress Update documentation of "option" and "redef" declarations Improvements to the config framework documentation Rearrange some lines on the "Log Files" documentation page Improve install/setup instructions for libmaxminddb Update NEWS for config framework clusterization changes Update config framework doc for clusterization changes Fix typos and formatting issues in config framework docs
2025-10-02 06:38:20 +00:00 · 2018-08-17 17:07:57 -05:00 · 2018-08-17 17:07:57 -05:00 · 1671244a64
commit 1671244a64
parent edf8658b11 a71ed6f781
16 changed files with 231 additions and 129 deletions
--- a/51
+++ b/51
@ -114,7 +114,11 @@ New Functionality
  - Option variables: The new "option" keyword allows variables to be
    declared as runtime options. Such variables cannot be changed
    using normal assignments. Instead, they can be changed using the
-    new function Option::set.
+    new function Config::set_value.  This function will automatically
+    apply the change to all nodes in a cluster.  Note that options can also
+    be changed using the new function Option::set, but this function will
+    not send the change to any other nodes, so Config::set_value should
+    typically be used instead of Option::set.

    It is possible to "subscribe" to an option through
    Option::set_change_handler, which will trigger a handler callback
@ -162,7 +166,7 @@ New Functionality
        }

    The specified file will now be monitored continuously for changes, so
-    that writing "testbool T" into /path/to/config.dat will
+    that writing "TestConfig::testbool T" into /path/to/config.dat will
    automatically update the option's value accordingly.

    The configuration framework creates a config.log that shows all
@ -220,7 +224,6 @@ New Functionality
  ssl_server_curve event, ssl_server_curve is now marked as deprecated.

 - Functions for retrieving files by their ID have been added:
-
  Files::file_exists, Files::lookup_File

 - New functions in the logging API: Log::get_filter_names, Log::enable_stream
@ -237,13 +240,13 @@ New Functionality
    mount_proc_umnt, mount_proc_umnt_all, mount_proc_not_implemented,
    mount_reply_status.

- Added new NFS events: nfs_proc_symlink, nfs_proc_link, nfs_proc_sattr
+- Added new NFS events: nfs_proc_symlink, nfs_proc_link, nfs_proc_sattr.

 - The SMB scripts in policy/protocols/smb are now moved into base/protocols/smb
  and loaded/enabled by default.

 - Added new SMB events: smb1_transaction_secondary_request,
-  smb1_transaction2_secondary_request, smb1_transaction_response
+  smb1_transaction2_secondary_request, smb1_transaction_response.

 - Bro can now decrypt Kerberos tickets, and retrieve the authentication from
  them, given a suitable keytab file.
@ -260,20 +263,18 @@ New Functionality

 - You can now specify that a pattern matches in a case-insensitive
  fashion by adding 'i' to the end of its specification.  So for example
-  /fOO/i == "Foo" yields T, as does /fOO/i in "xFoObar".  Characters
-  enclosed in quotes however keep their casing, so /"fOO"/i in "xFoObar"
-  yields F, though it yields T for "xfOObar".
+  /fOO/i == "Foo" yields T, as does /fOO/i in "xFoObar".

  You can achieve the same functionality for a subpattern enclosed in
  parentheses by adding "?i:" to the open parenthesis.  So for example
-  "/foo|(?i:bar)/" will match "BaR", but not "FoO".
+  /foo|(?i:bar)/ will match "BaR", but not "FoO".

  For both ways of specifying case-insensitivity, characters enclosed in
-  double quotes maintain their case-sensitivity.  So for example /"foo"/i
-  will not match "Foo", but it will match "foo".
+  double quotes remain case-sensitive.  So for example /"foo"/i will not
+  match "Foo", but it will match "foo".

 - "make install" now installs Bro's include headers (and more) into
-  --prefix so that compiling plugins does no longer need access to a
+  --prefix so that compiling plugins no longer needs access to a
  source/build tree. For OS distributions, this also facilitates
  creating "bro-devel" packages providing all files necessary to build
  plugins.
@ -313,7 +314,7 @@ New Functionality
  of non-equality, proper superset, and superset-or-equal.

 - An expression of the form "v += e" will append the value of the expression
-  "e" to the end of the vector "v" (of course assuming type-compatbility).
+  "e" to the end of the vector "v" (of course assuming type-compatibility).
  "redef v += { a, b, c }" will similarly extend a vector previously declared
  with &redef by appending the result of expressions "a", "b", and "c" to
  the vector at initialization-time.
@ -336,9 +337,9 @@ Changed Functionality
    script since it's generally less relevant now with the updated log.

  - Removed the base/protocols/dhcp/utils.bro script and thus the
-    'reverse_ip' function.
+    "reverse_ip" function.

-  - Replaced all DHCP events with the single 'dhcp_message' event.
+  - Replaced all DHCP events with the single "dhcp_message" event.
    The list of removed events includes:

    - dhcp_discover
@ -381,9 +382,9 @@ Changed Functionality
  redef SOCKS::default_capture_password = T;

 - The DNS base scripts no longer generate some noisy and annoying
-  weirds (dns_unmatched_msg, dns_unmatched_msg_quantity, dns_unmatched_reply)
+  weirds (dns_unmatched_msg, dns_unmatched_msg_quantity, dns_unmatched_reply).

- The 'tunnel_parents' field of conn.log is now marked &optional, so, for
+- The "tunnel_parents" field of conn.log is now marked &optional, so, for
  the default configuration of logs, this field will show "-" instead of
  "(empty)" for connections that lack any tunneling.

@ -403,7 +404,7 @@ Changed Functionality
  - event ssl_server_signature now has an additional argument
    "signature_and_hashalgorithm".

- The "dnp3_header_block" event no longer has the "start" parameter
+- The "dnp3_header_block" event no longer has the "start" parameter.

 - The string_to_pattern() built-in (and the now-deprecated merge_pattern()
  built-in) is no longer restricted to only be called at initialization time.
@ -426,11 +427,11 @@ Removed Functionality
  https://github.com/bro/packages for a list of Bro packages currently
  available.

- BroControl: The option 'IPv6Comm' and 'ZoneID' options are no longer
-  available (though Broker should be able to handle IPv6 automatically).
-
 - The "ocsp_request" event no longer has "requestorName" parameter.

+- BroControl: The "IPv6Comm" and "ZoneID" options are no longer
+  available (though Broker should be able to handle IPv6 automatically).
+
 Deprecated Functionality
 ------------------------

@ -445,10 +446,6 @@ Deprecated Functionality
  as BiFs like send_id(). Use Broker data stores and the new
  configuration framework instead.

- BroControl: The 'update' command is deprecated and scheduled for
-  removal with the next Bro release. Bro's new configuration framework
-  is taking its place.
-
 - Mixing of scalars and vectors, such as "v + e" yielding a vector
  corresponding to the vector v with the scalar e added to each of
  its elements, has been deprecated.
@ -459,6 +456,10 @@ Deprecated Functionality
 - The undocumented feature of using "&&" and "||" operators for patterns
  has been deprecated.

+- BroControl: The "update" command is deprecated and scheduled for
+  removal with the next Bro release. Bro's new configuration framework
+  is taking its place.
+
 Bro 2.5.1
 =========