diff --git a/CHANGES b/CHANGES index 159e7d9a9a..21f1b9b19c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,19 @@ +2.0-315 | 2012-05-03 11:44:17 -0700 + + * Add two more TLS extension values that we see in live traffic. + (Bernhard Amann) + + * Fixed IPv6 link local unicast CIDR and added IPv6 loopback to + private address space. (Seth Hall) + + * Fixed a problem where cluster workers were still processing + notices in some cases. (Seth Hall) + + * Added a configure option to specify the 'etc' directory. Addresses + #801. (Daniel Thayer) + + 2.0-306 | 2012-04-24 14:37:00 -0700 * Add further TLS extension values "extended_random" and diff --git a/VERSION b/VERSION index dc9d148493..f2f473e46d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-306 +2.0-315 diff --git a/aux/broccoli b/aux/broccoli index 55f368b0ad..157c18427c 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 55f368b0ad283b2e7d68ef72922b5d9683e2a880 +Subproject commit 157c18427cb9bb52564e65d8224b95f70dc79e66 diff --git a/aux/broctl b/aux/broctl index ff35c3c144..22df444f54 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit ff35c3c144885902c898bf8b47e351c7b8d55e10 +Subproject commit 22df444f54d8cbc05976ef4a5524c73a45ab6372 diff --git a/aux/btest b/aux/btest index 045a02749b..c0bbe9b867 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 045a02749b20b3c5896497959e6fda02d060508f +Subproject commit c0bbe9b8676f4655e7a984ac5eb8dfba3cd061b2 diff --git a/scripts/base/frameworks/notice/cluster.bro b/scripts/base/frameworks/notice/cluster.bro index 281901cf31..087c3ead51 100644 --- a/scripts/base/frameworks/notice/cluster.bro +++ b/scripts/base/frameworks/notice/cluster.bro @@ -23,7 +23,10 @@ redef Cluster::worker2manager_events += /Notice::cluster_notice/; @if ( Cluster::local_node_type() != Cluster::MANAGER ) # The notice policy is completely handled by the manager and shouldn't be # done by workers or proxies to save time for packet processing. -redef policy = {}; +event bro_init() &priority=-11 + { + Notice::policy = table(); + } event Notice::begin_suppression(n: Notice::Info) { diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 6c33e6e438..42989a4cb9 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -81,6 +81,8 @@ export { [35] = "SessionTicket TLS", [40] = "extended_random", [13172] = "next_protocol_negotiation", + [13175] = "origin_bound_certificates", + [13180] = "encrypted_client_certificates", [65281] = "renegotiation_info" } &default=function(i: count):string { return fmt("unknown-%d", i); }; diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.bro index 4aeb70fe3f..55ee0e5ed1 100644 --- a/scripts/base/utils/site.bro +++ b/scripts/base/utils/site.bro @@ -8,27 +8,31 @@ export { ## Address space that is considered private and unrouted. ## By default it has RFC defined non-routable IPv4 address space. const private_address_space: set[subnet] = { - 10.0.0.0/8, - 192.168.0.0/16, - 127.0.0.0/8, - 172.16.0.0/12 + 10.0.0.0/8, + 192.168.0.0/16, + 172.16.0.0/12, + 100.64.0.0/10, # RFC6598 Carrier Grade NAT + 127.0.0.0/8, + [fe80::]/10, + [::1]/128, } &redef; ## Networks that are considered "local". const local_nets: set[subnet] &redef; - - ## This is used for retrieving the subnet when you multiple - ## :bro:id:`Site::local_nets`. A membership query can be done with an - ## :bro:type:`addr` and the table will yield the subnet it was found + + ## This is used for retrieving the subnet when using multiple entries in + ## :bro:id:`Site::local_nets`. It's populated automatically from there. + ## A membership query can be done with an + ## :bro:type:`addr` and the table will yield the subnet it was found ## within. global local_nets_table: table[subnet] of subnet = {}; ## Networks that are considered "neighbors". const neighbor_nets: set[subnet] &redef; - + ## If local network administrators are known and they have responsibility ## for defined address space, then a mapping can be defined here between - ## networks for which they have responsibility and a set of email + ## networks for which they have responsibility and a set of email ## addresses. const local_admins: table[subnet] of set[string] = {} &redef; @@ -40,27 +44,33 @@ export { ## Function that returns true if an address corresponds to one of ## the local networks, false if not. + ## The function inspects :bro:id:`Site::local_nets`. global is_local_addr: function(a: addr): bool; - + ## Function that returns true if an address corresponds to one of ## the neighbor networks, false if not. + ## The function inspects :bro:id:`Site::neighbor_nets`. global is_neighbor_addr: function(a: addr): bool; - + ## Function that returns true if an address corresponds to one of ## the private/unrouted networks, false if not. + ## The function inspects :bro:id:`Site::private_address_space`. global is_private_addr: function(a: addr): bool; - ## Function that returns true if a host name is within a local + ## Function that returns true if a host name is within a local ## DNS zone. + ## The function inspects :bro:id:`Site::local_zones`. global is_local_name: function(name: string): bool; - - ## Function that returns true if a host name is within a neighbor + + ## Function that returns true if a host name is within a neighbor ## DNS zone. + ## The function inspects :bro:id:`Site::neighbor_zones`. global is_neighbor_name: function(name: string): bool; - + ## Function that returns a common separated list of email addresses ## that are considered administrators for the IP address provided as ## an argument. + ## The function inspects :bro:id:`Site::local_admins`. global get_emails: function(a: addr): string; } @@ -73,22 +83,22 @@ function is_local_addr(a: addr): bool { return a in local_nets; } - + function is_neighbor_addr(a: addr): bool { return a in neighbor_nets; } - + function is_private_addr(a: addr): bool { return a in private_address_space; } - + function is_local_name(name: string): bool { return local_dns_suffix_regex in name; } - + function is_neighbor_name(name: string): bool { return local_dns_neighbor_suffix_regex in name; @@ -96,7 +106,7 @@ function is_neighbor_name(name: string): bool # This is a hack for doing a for loop. const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; - + # TODO: make this work with IPv6 function find_all_emails(ip: addr): set[string] {