Merge remote-tracking branch 'origin/fastpath'

* origin/fastpath:
  Add two more TLS extension values that we see in live traffic.
  Fixed IPv6 link local unicast CIDR and added	IPv6 loopback to private address space.
  Fixed a problem where cluster workers were still processing notices in some cases.
  Added Carrier Grade NAT CIDR and link local IPv6 to "private_address_space"

CHANGES

@@ -1,4 +1,19 @@
 
+2.0-315 | 2012-05-03 11:44:17 -0700
+
+  * Add two more TLS extension values that we see in live traffic.
+    (Bernhard Amann)
+
+  * Fixed IPv6 link local unicast CIDR and added IPv6 loopback to
+    private address space. (Seth Hall)
+
+  * Fixed a problem where cluster workers were still processing
+    notices in some cases. (Seth Hall)
+
+  * Added a configure option to specify the 'etc' directory. Addresses
+    #801. (Daniel Thayer)
+
+
 2.0-306 | 2012-04-24 14:37:00 -0700
 
   * Add further TLS extension values "extended_random" and

VERSION

@@ -1 +1 @@
-2.0-306
+2.0-315

aux/broccoli

@@ -1 +1 @@
-Subproject commit 55f368b0ad283b2e7d68ef72922b5d9683e2a880
+Subproject commit 157c18427cb9bb52564e65d8224b95f70dc79e66

aux/broctl

@@ -1 +1 @@
-Subproject commit ff35c3c144885902c898bf8b47e351c7b8d55e10
+Subproject commit 22df444f54d8cbc05976ef4a5524c73a45ab6372

aux/btest

@@ -1 +1 @@
-Subproject commit 045a02749b20b3c5896497959e6fda02d060508f
+Subproject commit c0bbe9b8676f4655e7a984ac5eb8dfba3cd061b2

scripts/base/frameworks/notice/cluster.bro

@@ -23,7 +23,10 @@ redef Cluster::worker2manager_events += /Notice::cluster_notice/;
 @if ( Cluster::local_node_type() != Cluster::MANAGER )
 # The notice policy is completely handled by the manager and shouldn't be 
 # done by workers or proxies to save time for packet processing.
-redef policy = {};
+event bro_init() &priority=-11
+	{
+	Notice::policy = table();
+	}
 
 event Notice::begin_suppression(n: Notice::Info)
 	{

scripts/base/protocols/ssl/consts.bro

@@ -81,6 +81,8 @@ export {
 		[35] = "SessionTicket TLS",
 		[40] = "extended_random",
 		[13172] = "next_protocol_negotiation",
+		[13175] = "origin_bound_certificates",
+		[13180] = "encrypted_client_certificates",
 		[65281] = "renegotiation_info"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 	

scripts/base/utils/site.bro

@@ -10,15 +10,19 @@ export {
 	const private_address_space: set[subnet] = {
 		10.0.0.0/8,
 		192.168.0.0/16,
+		172.16.0.0/12,
+		100.64.0.0/10,  # RFC6598 Carrier Grade NAT
 		127.0.0.0/8,
-		172.16.0.0/12
+		[fe80::]/10,
+		[::1]/128,
 	} &redef;
 
 	## Networks that are considered "local".
 	const local_nets: set[subnet] &redef;
 
-	## This is used for retrieving the subnet when you multiple 
+	## This is used for retrieving the subnet when using multiple entries in
-	## :bro:id:`Site::local_nets`.  A membership query can be done with an 
+	## :bro:id:`Site::local_nets`.  It's populated automatically from there.
+	## A membership query can be done with an
 	## :bro:type:`addr` and the table will yield the subnet it was found
 	## within.
 	global local_nets_table: table[subnet] of subnet = {};
@@ -40,27 +44,33 @@ export {
 
 	## Function that returns true if an address corresponds to one of
 	## the local networks, false if not.
+	## The function inspects :bro:id:`Site::local_nets`.
 	global is_local_addr: function(a: addr): bool;
 
 	## Function that returns true if an address corresponds to one of
 	## the neighbor networks, false if not.
+	## The function inspects :bro:id:`Site::neighbor_nets`.
 	global is_neighbor_addr: function(a: addr): bool;
 
 	## Function that returns true if an address corresponds to one of
 	## the private/unrouted networks, false if not.
+	## The function inspects :bro:id:`Site::private_address_space`.
 	global is_private_addr: function(a: addr): bool;
 
 	## Function that returns true if a host name is within a local
 	## DNS zone.
+	## The function inspects :bro:id:`Site::local_zones`.
 	global is_local_name: function(name: string): bool;
 
 	## Function that returns true if a host name is within a neighbor
 	## DNS zone.
+	## The function inspects :bro:id:`Site::neighbor_zones`.
 	global is_neighbor_name: function(name: string): bool;
 
 	## Function that returns a common separated list of email addresses
 	## that are considered administrators for the IP address provided as
 	## an argument.
+	## The function inspects :bro:id:`Site::local_admins`.
 	global get_emails: function(a: addr): string;
 }