Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog

Conflicts:
	src/Func.cc
	src/probabilistic/CMakeLists.txt

NEWS

@@ -117,8 +117,9 @@ New Functionality
     bloomfilter_add(bf: opaque of bloomfilter, x: any)
     bloomfilter_lookup(bf: opaque of bloomfilter, x: any): count
     bloomfilter_merge(bf1: opaque of bloomfilter, bf2: opaque of bloomfilter): opaque of bloomfilter
+    bloomfilter_clear(bf: opaque of bloomfilter)
 
-  See TODO for full documentation.
+  See <INSERT LINK> for full documentation.
 
 Changed Functionality
 ~~~~~~~~~~~~~~~~~~~~~

VERSION

@@ -1 +1 @@
-2.1-824
+2.1-888

aux/binpac

@@ -1 +1 @@
-Subproject commit c39bd478b9d0ecd05b1b83aa9d09a7887893977c
+Subproject commit 896ddedde55c48ec2163577fc258b49c418abb3e

cmake

@@ -1 +1 @@
-Subproject commit 0187b33a29d5ec824f940feff60dc5d8c2fe314f
+Subproject commit 026639f8368e56742c0cb5d9fb390ea64e60ec50

doc/scripts/DocSourcesList.cmake

@@ -17,6 +17,7 @@ rest_target(${psd} base/init-default.bro internal)
 rest_target(${psd} base/init-bare.bro internal)
 
 rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/analyzer.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/bloom-filter.bif.bro)
 rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/bro.bif.bro)
 rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/const.bif.bro)
 rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/event.bif.bro)

scripts/base/init-bare.bro

@@ -705,8 +705,6 @@ type entropy_test_result: record {
 @load base/bif/strings.bif
 @load base/bif/bro.bif
 @load base/bif/reporter.bif
-@load base/bif/bloom-filter.bif
-@load base/bif/hyper-loglog.bif
 
 ## Deprecated. This is superseded by the new logging framework.
 global log_file_name: function(tag: string): string &redef;
@@ -3052,3 +3050,5 @@ const snaplen = 8192 &redef;
 @load base/frameworks/input
 @load base/frameworks/analyzer
 @load base/frameworks/file-analysis
+
+@load base/bif

src/CMakeLists.txt

@@ -6,6 +6,9 @@ include_directories(BEFORE
 # This collects generated bif and pac files from subdirectories.
 set(bro_ALL_GENERATED_OUTPUTS  CACHE INTERNAL "automatically generated files" FORCE)
 
+# This collects bif inputs that we'll load automatically.
+set(bro_AUTO_BIFS CACHE INTERNAL "BIFs for automatic inclusion" FORCE)
+
 # If TRUE, use CMake's object libraries for sub-directories instead of
 # static libraries. This requires CMake >= 2.8.8.
 set(bro_HAVE_OBJECT_LIBRARIES FALSE)
@@ -383,8 +386,21 @@ set(BRO_EXE bro
     CACHE STRING "Bro executable binary" FORCE)
 
 # Target to create all the autogenerated files.
+add_custom_target(generate_outputs_stage1)
+add_dependencies(generate_outputs_stage1 ${bro_ALL_GENERATED_OUTPUTS})
+
+# Target to create the joint includes files that pull in the bif code.
+bro_bif_create_includes(generate_outputs_stage2 ${CMAKE_CURRENT_BINARY_DIR} "${bro_AUTO_BIFS}")
+add_dependencies(generate_outputs_stage2 generate_outputs_stage1)
+
+# Global target to trigger creation of autogenerated code.
 add_custom_target(generate_outputs)
-add_dependencies(generate_outputs ${bro_ALL_GENERATED_OUTPUTS})
+add_dependencies(generate_outputs generate_outputs_stage2)
+
+# Build __load__.bro files for standard *.bif.bro.
+bro_bif_create_loader(bif_loader ${CMAKE_BINARY_DIR}/scripts/base/bif)
+add_dependencies(bif_loader ${bro_SUBDIRS})
+add_dependencies(bro bif_loader)
 
 # Build __load__.bro files for plugins/*.bif.bro.
 bro_bif_create_loader(bif_loader_plugins ${CMAKE_BINARY_DIR}/scripts/base/bif/plugins)

src/Func.cc

@@ -560,9 +560,8 @@ void builtin_error(const char* msg, BroObj* arg)
 #include "reporter.bif.func_def"
 #include "strings.bif.func_def"
 
-// TODO: Add a nicer mechanism to pull in subdirectory bifs automatically.
-#include "probabilistic/bloom-filter.bif.h"
-#include "probabilistic/hyper-loglog.bif.h"
+
+#include "__all__.bif.cc" // Autogenerated for compiling in the bif_target() code.
 
 void init_builtin_funcs()
 	{
@@ -578,9 +577,7 @@ void init_builtin_funcs()
 #include "reporter.bif.func_init"
 #include "strings.bif.func_init"
 
-// TODO: Add a nicer mechanism to pull in subdirectory bifs automatically.
-#include "probabilistic/bloom-filter.bif.init.cc"
-#include "probabilistic/hyper-loglog.bif.init.cc"
+#include "__all__.bif.init.cc" // Autogenerated for compiling in the bif_target() code.
 
 	did_builtin_init = true;
 	}

src/H3.h

@@ -66,18 +66,30 @@
 template <typename T, int N>
 class H3 {
 public:
-	H3(T seed = bro_random())
+	H3()
+		{
+		Init(false, 0);
+		}
+
+	H3(T seed)
+		{
+		Init(true, seed);
+		}
+
+	void Init(bool have_seed, T seed)
 		{
 		T bit_lookup[N * CHAR_BIT];
 
 		for ( size_t bit = 0; bit < N * CHAR_BIT; bit++ )
 			{
 			bit_lookup[bit] = 0;
-			seed = bro_prng(seed);
 			for ( size_t i = 0; i < sizeof(T)/2; i++ )
+				{
+				seed = have_seed ? bro_prng(seed) : bro_random();
 				// assume random() returns at least 16 random bits
 				bit_lookup[bit] = (bit_lookup[bit] << 16) | (seed & 0xFFFF);
 				}
+			}
 
 		for ( size_t byte = 0; byte < N; byte++ )
 			{

src/OpaqueVal.cc

@@ -650,24 +650,50 @@ size_t BloomFilterVal::Count(const Val* val) const
 	return cnt;
 	}
 
+void BloomFilterVal::Clear()
+	{
+	bloom_filter->Clear();
+	}
+
+bool BloomFilterVal::Empty() const
+	{
+	return bloom_filter->Empty();
+	}
+
 BloomFilterVal* BloomFilterVal::Merge(const BloomFilterVal* x,
 				      const BloomFilterVal* y)
 	{
 	if ( ! same_type(x->Type(), y->Type()) )
-		reporter->InternalError("cannot merge Bloom filters with different types");
-
-	BloomFilterVal* result;
-
-	if ( (result = DoMerge<probabilistic::BasicBloomFilter>(x, y)) )
-		return result;
-
-	else if ( (result = DoMerge<probabilistic::CountingBloomFilter>(x, y)) )
-		return result;
-
-	reporter->InternalError("failed to merge Bloom filters");
+		{
+		reporter->Error("cannot merge Bloom filters with different types");
 		return 0;
 		}
 
+	if ( typeid(*x->bloom_filter) != typeid(*y->bloom_filter) )
+		{
+		reporter->Error("cannot merge different Bloom filter types");
+		return 0;
+		}
+
+	probabilistic::BloomFilter* copy = x->bloom_filter->Clone();
+
+	if ( ! copy->Merge(y->bloom_filter) )
+		{
+		reporter->Error("failed to merge Bloom filter");
+		return 0;
+		}
+
+	BloomFilterVal* merged = new BloomFilterVal(copy);
+
+	if ( ! merged->Typify(x->Type()) )
+		{
+		reporter->Error("failed to set type on merged Bloom filter");
+		return 0;
+		}
+
+	return merged;
+	}
+
 BloomFilterVal::~BloomFilterVal()
 	{
 	Unref(type);
@@ -702,11 +728,11 @@ bool BloomFilterVal::DoUnserialize(UnserialInfo* info)
 
 	if ( is_typed )
 		{
-		BroType* type = BroType::Unserialize(info);
-		if ( ! Typify(type) )
+		BroType* t = BroType::Unserialize(info);
+		if ( ! Typify(t) )
 			return false;
 
-		Unref(type);
+		Unref(t);
 		}
 
 	bloom_filter = probabilistic::BloomFilter::Unserialize(info);

src/OpaqueVal.h

@@ -141,6 +141,8 @@ public:
 
 	void Add(const Val* val);
 	size_t Count(const Val* val) const;
+	void Clear();
+	bool Empty() const;
 
 	static BloomFilterVal* Merge(const BloomFilterVal* x,
 				     const BloomFilterVal* y);
@@ -157,28 +159,6 @@ private:
 	BloomFilterVal(const BloomFilterVal&);
 	BloomFilterVal& operator=(const BloomFilterVal&);
 
-	template <typename T>
-	static BloomFilterVal* DoMerge(const BloomFilterVal* x,
-				       const BloomFilterVal* y)
-		{
-		if ( typeid(*x->bloom_filter) != typeid(*y->bloom_filter) )
-			reporter->InternalError("cannot merge different Bloom filter types");
-
-		if ( typeid(T) != typeid(*x->bloom_filter) )
-			return 0;
-
-		const T* a = static_cast<const T*>(x->bloom_filter);
-		const T* b = static_cast<const T*>(y->bloom_filter);
-
-		BloomFilterVal* merged = new BloomFilterVal(T::Merge(a, b));
-		assert(merged);
-
-		if ( ! merged->Typify(x->Type()) )
-			reporter->InternalError("failed to set type on merged Bloom filter");
-
-		return merged;
-		}
-
 	BroType* type;
 	CompositeHash* hash;
 	probabilistic::BloomFilter* bloom_filter;

src/PktSrc.cc

@@ -77,6 +77,12 @@ int PktSrc::ExtractNextPacket()
 
 	data = last_data = pcap_next(pd, &hdr);
 
+	if ( data && (hdr.len == 0 || hdr.caplen == 0) )
+		{
+		sessions->Weird("empty_pcap_header", &hdr, data);
+		return 0;
+		}
+
 	if ( data )
 		next_timestamp = hdr.ts.tv_sec + double(hdr.ts.tv_usec) / 1e6;
 

src/analyzer/Manager.cc

@@ -103,7 +103,6 @@ void Manager::InitPreScript()
 
 void Manager::InitPostScript()
 	{
-	#include "analyzer.bif.init.cc"
 	}
 
 void Manager::DumpDebug()

src/file_analysis/Manager.cc

@@ -60,7 +60,6 @@ void Manager::RegisterAnalyzerComponent(Component* component)
 
 void Manager::InitPostScript()
 	{
-	#include "file_analysis.bif.init.cc"
 	}
 
 void Manager::Terminate()

src/probabilistic/BitVector.cc

@@ -463,6 +463,17 @@ bool BitVector::Empty() const
 	return bits.empty();
 	}
 
+bool BitVector::AllZero() const
+	{
+	for ( size_t i = 0; i < bits.size(); ++i )
+		{
+		if ( bits[i] )
+			return false;
+		}
+
+	return true;
+	}
+
 BitVector::size_type BitVector::FindFirst() const
 	{
 	return find_from(0);
@@ -557,11 +568,11 @@ bool BitVector::DoUnserialize(UnserialInfo* info)
 		bits[i] = static_cast<block_type>(block);
 		}
 
-	uint64 num_bits;
-	if ( ! UNSERIALIZE(&num_bits) )
+	uint64 n;
+	if ( ! UNSERIALIZE(&n) )
 		return false;
 
-	num_bits = static_cast<size_type>(num_bits);
+	num_bits = static_cast<size_type>(n);
 
 	return true;
 	}

src/probabilistic/BitVector.h

@@ -253,6 +253,12 @@ public:
 	 */
 	bool Empty() const;
 
+	/**
+	 * Checks whether all bits are 0.
+	 * @return `true` iff all bits in all blocks are 0.
+	 */
+	bool AllZero() const;
+
 	/**
 	 * Finds the bit position of of the first 1-bit.
 	 * @return The position of the first bit that equals to one or `npos` if no

src/probabilistic/BloomFilter.cc

@@ -1,9 +1,11 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
+#include <typeinfo>
+#include <cmath>
+#include <limits>
+
 #include "BloomFilter.h"
 
-#include <cmath>
-#include <limits>
 #include "CounterVector.h"
 #include "Serializer.h"
 
@@ -74,17 +76,48 @@ size_t BasicBloomFilter::K(size_t cells, size_t capacity)
 	return std::ceil(frac * std::log(2));
 	}
 
-BasicBloomFilter* BasicBloomFilter::Merge(const BasicBloomFilter* x,
-                                          const BasicBloomFilter* y)
+bool BasicBloomFilter::Empty() const
 	{
-	if ( ! x->hasher->Equals(y->hasher) )
-		reporter->InternalError("incompatible hashers during BasicBloomFilter merge");
+	return bits->AllZero();
+	}
 
-	BasicBloomFilter* result = new BasicBloomFilter();
-	result->hasher = x->hasher->Clone();
-	result->bits = new BitVector(*x->bits | *y->bits);
+void BasicBloomFilter::Clear()
+	{
+	bits->Clear();
+	}
 
-	return result;
+bool BasicBloomFilter::Merge(const BloomFilter* other)
+	{
+	if ( typeid(*this) != typeid(*other) )
+		return false;
+
+	const BasicBloomFilter* o = static_cast<const BasicBloomFilter*>(other);
+
+	if ( ! hasher->Equals(o->hasher) )
+		{
+		reporter->Error("incompatible hashers in BasicBloomFilter merge");
+		return false;
+		}
+
+	else if ( bits->Size() != o->bits->Size() )
+		{
+		reporter->Error("different bitvector size in BasicBloomFilter merge");
+		return false;
+		}
+
+	(*bits) |= *o->bits;
+
+	return true;
+	}
+
+BasicBloomFilter* BasicBloomFilter::Clone() const
+	{
+	BasicBloomFilter* copy = new BasicBloomFilter();
+
+	copy->hasher = hasher->Clone();
+	copy->bits = new BitVector(*bits);
+
+	return copy;
 	}
 
 BasicBloomFilter::BasicBloomFilter()
@@ -130,19 +163,6 @@ size_t BasicBloomFilter::CountImpl(const Hasher::digest_vector& h) const
 	return 1;
 	}
 
-CountingBloomFilter* CountingBloomFilter::Merge(const CountingBloomFilter* x,
-						const CountingBloomFilter* y)
-	{
-	if ( ! x->hasher->Equals(y->hasher) )
-		reporter->InternalError("incompatible hashers during CountingBloomFilter merge");
-
-	CountingBloomFilter* result = new CountingBloomFilter();
-	result->hasher = x->hasher->Clone();
-	result->cells = new CounterVector(*x->cells | *y->cells);
-
-	return result;
-	}
-
 CountingBloomFilter::CountingBloomFilter()
 	{
 	cells = 0;
@@ -155,6 +175,50 @@ CountingBloomFilter::CountingBloomFilter(const Hasher* hasher,
 	cells = new CounterVector(width, arg_cells);
 	}
 
+bool CountingBloomFilter::Empty() const
+	{
+	return cells->AllZero();
+	}
+
+void CountingBloomFilter::Clear()
+	{
+	cells->Clear();
+	}
+
+bool CountingBloomFilter::Merge(const BloomFilter* other)
+	{
+	if ( typeid(*this) != typeid(*other) )
+		return false;
+
+	const CountingBloomFilter* o = static_cast<const CountingBloomFilter*>(other);
+
+	if ( ! hasher->Equals(o->hasher) )
+		{
+		reporter->Error("incompatible hashers in CountingBloomFilter merge");
+		return false;
+		}
+
+	else if ( cells->Size() != o->cells->Size() )
+		{
+		reporter->Error("different bitvector size in CountingBloomFilter merge");
+		return false;
+		}
+
+	(*cells) |= *o->cells;
+
+	return true;
+	}
+
+CountingBloomFilter* CountingBloomFilter::Clone() const
+	{
+	CountingBloomFilter* copy = new CountingBloomFilter();
+
+	copy->hasher = hasher->Clone();
+	copy->cells = new CounterVector(*cells);
+
+	return copy;
+	}
+
 IMPLEMENT_SERIAL(CountingBloomFilter, SER_COUNTINGBLOOMFILTER)
 
 bool CountingBloomFilter::DoSerialize(SerialInfo* info) const

src/probabilistic/BloomFilter.h

@@ -47,6 +47,34 @@ public:
 		return CountImpl((*hasher)(x));
 		}
 
+	/**
+	 * Checks whether the Bloom filter is empty.
+	 *
+	 * @return `true` if the Bloom filter contains no elements.
+	 */
+	virtual bool Empty() const = 0;
+
+	/**
+	 * Removes all elements, i.e., resets all bits in the underlying bit vector.
+	 */
+	virtual void Clear() = 0;
+
+	/**
+	 * Merges another Bloom filter into a copy of this one.
+	 *
+	 * @param other The other Bloom filter.
+	 *
+	 * @return `true` on success.
+	 */
+	virtual bool Merge(const BloomFilter* other) = 0;
+
+	/**
+	 * Constructs a copy of this Bloom filter.
+	 *
+	 * @return A copy of `*this`.
+	 */
+	virtual BloomFilter* Clone() const = 0;
+
 	/**
 	 * Serializes the Bloom filter.
 	 *
@@ -147,13 +175,11 @@ public:
 	 */
 	static size_t K(size_t cells, size_t capacity);
 
-	/**
-	 * Merges two basic Bloom filters.
-	 *
-	 * @return The merged Bloom filter.
-	 */
-	static BasicBloomFilter* Merge(const BasicBloomFilter* x,
-				       const BasicBloomFilter* y);
+	// Overridden from BloomFilter.
+	virtual bool Empty() const;
+	virtual void Clear();
+	virtual bool Merge(const BloomFilter* other);
+	virtual BasicBloomFilter* Clone() const;
 
 protected:
 	DECLARE_SERIAL(BasicBloomFilter);
@@ -188,13 +214,11 @@ public:
 	 */
 	CountingBloomFilter(const Hasher* hasher, size_t cells, size_t width);
 
-	/**
-	 * Merges two counting Bloom filters.
-	 *
-	 * @return The merged Bloom filter.
-	 */
-	static CountingBloomFilter* Merge(const CountingBloomFilter* x,
-					  const CountingBloomFilter* y);
+	// Overridden from BloomFilter.
+	virtual bool Empty() const;
+	virtual void Clear();
+	virtual bool Merge(const BloomFilter* other);
+	virtual CountingBloomFilter* Clone() const;
 
 protected:
 	DECLARE_SERIAL(CountingBloomFilter);

src/probabilistic/CMakeLists.txt

@@ -14,8 +14,8 @@ set(probabilistic_SRCS
     HyperLogLog.cc)
 
 bif_target(bloom-filter.bif)
-set(BIF_OUTPUT_CC_SAVE ${BIF_OUTPUT_CC})
 bif_target(hyper-loglog.bif)
 
-bro_add_subdir_library(probabilistic ${probabilistic_SRCS} ${BIF_OUTPUT_CC_SAVE} ${BIF_OUTPUT_CC})
+bro_add_subdir_library(probabilistic ${probabilistic_SRCS})
+
 add_dependencies(bro_probabilistic generate_outputs)

src/probabilistic/CounterVector.cc

@@ -70,6 +70,16 @@ bool CounterVector::Decrement(size_type cell, count_type value)
 	return carry;
 	}
 
+bool CounterVector::AllZero() const
+	{
+	return bits->AllZero();
+	}
+
+void CounterVector::Clear()
+	{
+	bits->Clear();
+	}
+
 CounterVector::count_type CounterVector::Count(size_type cell) const
 	{
 	assert(cell < Size());
@@ -173,11 +183,11 @@ bool CounterVector::DoUnserialize(UnserialInfo* info)
 	if ( ! bits )
 		return false;
 
-	uint64 width;
-	if ( ! UNSERIALIZE(&width) )
+	uint64 w;
+	if ( ! UNSERIALIZE(&w) )
 		return false;
 
-	width = static_cast<size_t>(width);
+	width = static_cast<size_t>(w);
 
 	return true;
 	}

src/probabilistic/CounterVector.h

@@ -77,6 +77,17 @@ public:
 	 */
 	count_type Count(size_type cell) const;
 
+	/**
+	 * Checks whether all counters are 0.
+	 * @return `true` iff all counters have the value 0.
+	 */
+	bool AllZero() const;
+
+	/**
+	 * Sets all counters to 0.
+	 */
+	void Clear();
+
 	/**
 	 * Retrieves the number of cells in the storage.
 	 *

src/probabilistic/Hasher.h

@@ -74,16 +74,25 @@ public:
 	 *
 	 * @param k The number of hash functions to apply.
 	 *
-	 * @param name The hasher's name.
+	 * @param name The hasher's name. Hashers with the same name should
+	 * provide consistent results.
 	 *
 	 * @return Returns a new hasher instance.
 	 */
 	static Hasher* Create(size_t k, const std::string& name);
 
 protected:
+	/**
+	 * Constructor.
+	 *
+	 * @param k the number of hash functions.
+	 *
+	 * @param name A name for the hasher. Hashers with the same name
+	 * should provide consistent results.
+	 */
 	Hasher(size_t k, const std::string& name);
 
-	private:
+private:
 	const size_t k;
 	std::string name;
 };

src/probabilistic/bloom-filter.bif

@@ -20,15 +20,23 @@ module GLOBAL;
 
 ## Creates a basic Bloom filter.
 ##
+## .. note:: A Bloom filter can have a name associated with it. In the future,
+##    Bloom filters with the same name will be compatible across indepedent Bro
+##    instances, i.e., it will be possible to merge them. Currently, however, that is
+##    not yet supported.
+##
 ## fp: The desired false-positive rate.
 ##
 ## capacity: the maximum number of elements that guarantees a false-positive
 ## rate of *fp*.
 ##
 ## name: A name that uniquely identifies and seeds the Bloom filter. If empty,
-## the initialization will become dependent on the initial seed.
+## the filter will remain tied to the current Bro process.
 ##
 ## Returns: A Bloom filter handle.
+##
+## .. bro:see:: bloomfilter_counting_init  bloomfilter_add bloomfilter_lookup
+##    bloomfilter_clear bloomfilter_merge
 function bloomfilter_basic_init%(fp: double, capacity: count,
                                  name: string &default=""%): opaque of bloomfilter
 	%{
@@ -47,18 +55,28 @@ function bloomfilter_basic_init%(fp: double, capacity: count,
 
 ## Creates a counting Bloom filter.
 ##
+## .. note:: A Bloom filter can have a name associated with it. In the future,
+##    Bloom filters with the same name will be compatible across indepedent Bro
+##    instances, i.e., it will be possible to merge them. Currently, however, that is
+##    not yet supported.
+##
 ## k: The number of hash functions to use.
 ##
-## cells: The number of cells of the underlying counter vector.
+## cells: The number of cells of the underlying counter vector. As there's no
+## single answer to what's the best parameterization for a counting Bloom filter,
+## we refer to the Bloom filter literature here for choosing an appropiate value.
 ##
 ## max: The maximum counter value associated with each each element described
 ## by *w = ceil(log_2(max))* bits. Each bit in the underlying counter vector
 ## becomes a cell of size *w* bits.
 ##
 ## name: A name that uniquely identifies and seeds the Bloom filter. If empty,
-## the initialization will become dependent on the initial seed.
+## the filter will remain tied to the current Bro process.
 ##
 ## Returns: A Bloom filter handle.
+##
+## .. bro:see:: bloomfilter_basic_init bloomfilter_add bloomfilter_lookup
+##    bloomfilter_clear bloomfilter_merge
 function bloomfilter_counting_init%(k: count, cells: count, max: count,
 				    name: string &default=""%): opaque of bloomfilter
 	%{
@@ -82,6 +100,9 @@ function bloomfilter_counting_init%(k: count, cells: count, max: count,
 ## bf: The Bloom filter handle.
 ##
 ## x: The element to add.
+##
+## .. bro:see:: bloomfilter_counting_init bloomfilter_basic_init loomfilter_lookup
+##    bloomfilter_clear bloomfilter_merge
 function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any
 	%{
 	BloomFilterVal* bfv = static_cast<BloomFilterVal*>(bf);
@@ -105,10 +126,16 @@ function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any
 ## x: The element to count.
 ##
 ## Returns: the counter associated with *x* in *bf*.
+##
+## .. bro:see:: bloomfilter_counting_init bloomfilter_basic_init
+##    bloomfilter_add bloomfilter_clear bloomfilter_merge
 function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count
 	%{
 	const BloomFilterVal* bfv = static_cast<const BloomFilterVal*>(bf);
 
+	if ( bfv->Empty() )
+		return new Val(0, TYPE_COUNT);
+
 	if ( ! bfv->Type() )
 		reporter->Error("cannot perform lookup on untyped Bloom filter");
 
@@ -121,13 +148,38 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count
 	return new Val(0, TYPE_COUNT);
 	%}
 
+## Removes all elements from a Bloom filter. This function resets all bits in the
+## underlying bitvector back to 0 but does not change the parameterization of the
+## Bloom filter, such as the element type and the hasher seed.
+##
+## bf: The Bloom filter handle.
+##
+## .. bro:see:: bloomfilter_counting_init bloomfilter_basic_init
+##    bloomfilter_add bloomfilter_lookup bloomfilter_merge
+function bloomfilter_clear%(bf: opaque of bloomfilter%): any
+	%{
+	BloomFilterVal* bfv = static_cast<BloomFilterVal*>(bf);
+
+	if ( bfv->Type() ) // Untyped Bloom filters are already empty.
+		bfv->Clear();
+
+	return 0;
+	%}
+
 ## Merges two Bloom filters.
 ##
+## .. note:: Currently Bloom filters created by different Bro instances cannot
+##    be merged. In the future, this will be supported as long as both filters
+##    are created with the same name.
+##
 ## bf1: The first Bloom filter handle.
 ##
 ## bf2: The second Bloom filter handle.
 ##
 ## Returns: The union of *bf1* and *bf2*.
+##
+## .. bro:see:: bloomfilter_counting_init bloomfilter_basic_init
+##    bloomfilter_add bloomfilter_lookup bloomfilter_clear
 function bloomfilter_merge%(bf1: opaque of bloomfilter,
 			    bf2: opaque of bloomfilter%): opaque of bloomfilter
 	%{

src/util.cc

@@ -829,7 +829,7 @@ bool have_random_seed()
 	return bro_rand_determistic;
 	}
 
-long int bro_prng(long int state)
+unsigned int bro_prng(unsigned int  state)
 	{
 	// Use our own simple linear congruence PRNG to make sure we are
 	// predictable across platforms.

src/util.h

@@ -175,7 +175,7 @@ extern bool have_random_seed();
 
 // A simple linear congruence PRNG. It takes its state as argument and
 // returns a new random value, which can serve as state for subsequent calls.
-long int bro_prng(long int state);
+unsigned int bro_prng(unsigned int state);
 
 // Replacement for the system random(), to which is normally falls back
 // except when a seed has been given. In that case, the function bro_prng.

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2013-07-05-05-20-50
+#open	2013-07-25-17-54-33
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -12,6 +12,7 @@ scripts/base/init-bare.bro
   build/scripts/base/bif/strings.bif.bro
   build/scripts/base/bif/bro.bif.bro
   build/scripts/base/bif/reporter.bif.bro
+  build/scripts/base/bif/bloom-filter.bif.bro
   build/scripts/base/bif/event.bif.bro
   build/scripts/base/bif/plugins/__load__.bro
     build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
@@ -87,6 +88,7 @@ scripts/base/init-bare.bro
   scripts/base/frameworks/file-analysis/__load__.bro
     scripts/base/frameworks/file-analysis/main.bro
       build/scripts/base/bif/file_analysis.bif.bro
+  build/scripts/base/bif/__load__.bro
 scripts/policy/misc/loaded-scripts.bro
   scripts/base/utils/paths.bro
-#close	2013-07-05-05-20-50
+#close	2013-07-25-17-54-33

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2013-07-10-21-18-31
+#open	2013-07-25-17-54-33
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@@ -12,6 +12,7 @@ scripts/base/init-bare.bro
   build/scripts/base/bif/strings.bif.bro
   build/scripts/base/bif/bro.bif.bro
   build/scripts/base/bif/reporter.bif.bro
+  build/scripts/base/bif/bloom-filter.bif.bro
   build/scripts/base/bif/event.bif.bro
   build/scripts/base/bif/plugins/__load__.bro
     build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
@@ -87,6 +88,7 @@ scripts/base/init-bare.bro
   scripts/base/frameworks/file-analysis/__load__.bro
     scripts/base/frameworks/file-analysis/main.bro
       build/scripts/base/bif/file_analysis.bif.bro
+  build/scripts/base/bif/__load__.bro
 scripts/base/init-default.bro
   scripts/base/utils/site.bro
     scripts/base/utils/patterns.bro
@@ -195,4 +197,4 @@ scripts/base/init-default.bro
   scripts/base/protocols/tunnels/__load__.bro
   scripts/base/misc/find-checksum-offloading.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2013-07-10-21-18-31
+#close	2013-07-25-17-54-33

testing/btest/Makefile

@@ -24,4 +24,11 @@ cleanup:
 update-doc-sources:
 	../../doc/scripts/genDocSourcesList.sh ../../doc/scripts/DocSourcesList.cmake
 
+# Updates the three coverage tests that usually need tweaking when
+# scripts get added/removed.
+update-coverage-tests: update-doc-sources
+	btest -qU coverage.bare-load-baseline
+	btest -qU coverage.default-load-baseline
+	@echo "Use 'git diff' to check updates look right."
+
 .PHONY: all btest-verbose brief btest-brief coverage cleanup