diff --git a/CHANGES b/CHANGES index ca1932768d..28bd93ba6b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.5-651 | 2018-06-08 16:37:38 +0000 +2.5-658 | 2018-06-08 16:41:07 +0000 * Allow BRO_DEFAULT_LISTEN_ADDRESS to control broker listen address. This environment variable is now set to listen only on IPv4 @@ -11,6 +11,23 @@ (like `getenv`) from variable initializations in those particular frameworks. (Corelight) +2.5-655 | 2018-06-08 10:43:03 -0500 + + * Correct conn history field documentation (Corelight) + +2.5-652 | 2018-06-07 13:57:23 -0500 + + * GH-131: disable krb ticket decryption on non-Linux (Corelight) + +2.5-651 | 2018-06-07 09:57:29 -0500 + + * Fix signed/unsigned comparison compiler warning (Corelight) + +2.5-650 | 2018-06-06 16:20:18 -0500 + + * Improve Broker performance (Corelight) +>>>>>>> b51e6f39ddc641811d4875cda4543d3a60fb5a63 + 2.5-648 | 2018-06-05 17:32:47 -0500 * BIT-1936: improve Broxygen warnings (Corelight) diff --git a/CMakeLists.txt b/CMakeLists.txt index 34fb514cc6..d0ea236330 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -144,10 +144,12 @@ if (LIBGEOIP_FOUND) endif () set(USE_KRB5 false) -find_package(LibKrb5) -if (LibKrb5_FOUND) - set(USE_KRB5 true) - list(APPEND OPTLIBS ${LibKrb5_LIBRARY}) +if ( ${CMAKE_SYSTEM_NAME} MATCHES Linux ) + find_package(LibKrb5) + if (LibKrb5_FOUND) + set(USE_KRB5 true) + list(APPEND OPTLIBS ${LibKrb5_LIBRARY}) + endif () endif () set(HAVE_PERFTOOLS false) diff --git a/VERSION b/VERSION index d3b74ae5f3..0b13a1e84e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5-651 +2.5-658 diff --git a/aux/broctl b/aux/broctl index fc7abc2c5e..99ef926d09 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit fc7abc2c5e459b51d60b2036db428053b5fb27f5 +Subproject commit 99ef926d09a144a9919dec01f6231692e170120e diff --git a/aux/broker b/aux/broker index 81cf863bb2..9b56fea499 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 81cf863bb26c39b88f6cf6d1d8439458a1586bee +Subproject commit 9b56fea4999d4e11a5cd2caaafd934759015fab5 diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index c806a017e0..0e9661dea3 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -95,9 +95,12 @@ export { ## ## If the event comes from the originator, the letter is in ## upper-case; if it comes from the responder, it's in - ## lower-case. Multiple packets of the same type will only be - ## noted once (e.g. we only record one "d" in each direction, - ## regardless of how many data packets were seen.) + ## lower-case. The 'a', 'c', 'd', 'i', 'q', and 't' flags are + ## recorded a maximum of one time in either direction regardless + ## of how many are actually seen. However, 'f', 'h', 'r', or + ## 's' may be recorded multiple times for either direction and + ## only compressed when sharing a sequence number with the + ## last-seen packet of the same flag type. history: string &log &optional; ## Number of packets that the originator sent. ## Only set if :bro:id:`use_conn_size_analyzer` = T. diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index f01c409429..e8672e7ebe 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -80,7 +80,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) } } -FrameBuffer::FrameBuffer(int header_length) +FrameBuffer::FrameBuffer(size_t header_length) { hdr_len = header_length; msg_buf = 0; diff --git a/src/analyzer/protocol/ncp/NCP.h b/src/analyzer/protocol/ncp/NCP.h index bdf5d8bffe..ff64db9077 100644 --- a/src/analyzer/protocol/ncp/NCP.h +++ b/src/analyzer/protocol/ncp/NCP.h @@ -51,7 +51,7 @@ protected: class FrameBuffer { public: - explicit FrameBuffer(int header_length); + explicit FrameBuffer(size_t header_length); virtual ~FrameBuffer(); // Returns -1 if frame is not ready, 0 if it else, and 1 if @@ -67,7 +67,7 @@ public: protected: virtual void compute_msg_length() = 0; - int hdr_len; + size_t hdr_len; u_char* msg_buf; uint64 msg_len; size_t buf_n; // number of bytes in msg_buf diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 8184a86111..3d666fa1d4 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -136,6 +136,7 @@ Manager::BrokerState::BrokerState(broker::broker_options options) Manager::Manager(bool reading_pcaps) { bound_port = 0; + peer_count = 0; next_timestamp = 1; SetIdle(false); @@ -205,7 +206,7 @@ bool Manager::Active() if ( bound_port > 0 ) return true; - return bstate->endpoint.peers().size(); + return peer_count > 0; } void Manager::AdvanceTime(double seconds_since_unix_epoch) @@ -301,7 +302,7 @@ bool Manager::PublishEvent(string topic, std::string name, broker::vector args) if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; DBG_LOG(DBG_BROKER, "Publishing event: %s", @@ -317,7 +318,7 @@ bool Manager::PublishEvent(string topic, RecordVal* args) if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; if ( ! args->Lookup(0) ) @@ -347,7 +348,7 @@ bool Manager::RelayEvent(std::string first_topic, if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; DBG_LOG(DBG_BROKER, "Publishing %s-relay event: %s", @@ -381,7 +382,7 @@ bool Manager::RelayEvent(std::string first_topic, if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; if ( ! args->Lookup(0) ) @@ -413,7 +414,7 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; ID* i = global_scope()->Lookup(id.c_str()); @@ -453,7 +454,7 @@ bool Manager::PublishLogCreate(EnumVal* stream, EnumVal* writer, if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; auto stream_id = stream->Type()->AsEnumType()->Lookup(stream->AsEnum()); @@ -507,7 +508,7 @@ bool Manager::PublishLogWrite(EnumVal* stream, EnumVal* writer, string path, int if ( bstate->endpoint.is_shutdown() ) return true; - if ( ! bstate->endpoint.peers().size() ) + if ( peer_count == 0 ) return true; auto stream_id_num = stream->AsEnum(); @@ -1185,16 +1186,19 @@ void Manager::ProcessStatus(broker::status stat) break; case broker::sc::peer_added: - assert(ctx); - log_mgr->SendAllWritersTo(*ctx); + ++peer_count; + assert(ctx); + log_mgr->SendAllWritersTo(*ctx); event = Broker::peer_added; break; case broker::sc::peer_removed: + --peer_count; event = Broker::peer_removed; break; case broker::sc::peer_lost: + --peer_count; event = Broker::peer_lost; break; } @@ -1490,11 +1494,7 @@ bool Manager::TrackStoreQuery(StoreHandleVal* handle, broker::request_id id, const Stats& Manager::GetStatistics() { - if ( bstate->endpoint.is_shutdown() ) - statistics.num_peers = 0; - else - statistics.num_peers = bstate->endpoint.peers().size(); - + statistics.num_peers = peer_count; statistics.num_stores = data_stores.size(); statistics.num_pending_queries = pending_queries.size(); diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 976aa82a03..182203f829 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -414,6 +414,8 @@ private: Stats statistics; double next_timestamp; bool reading_pcaps; + int peer_count; + static int script_scope; static VectorType* vector_of_data_type;