Merge remote-tracking branch 'origin/master' into topic/robin/broker-logging

2025-10-15 04:58:21 +00:00 · 2017-02-17 16:30:17 -08:00 · 2017-02-17 16:30:17 -08:00 · 524002eefa
commit 524002eefa
parent 511ca9e043 5f910e1005
13 changed files with 99 additions and 17 deletions
--- a/19
+++ b/19
@ -1,4 +1,23 @@
 2.5-62 | 2017-02-15 15:56:38 -0800
  * Fix case in which scripts were able to access unitialized variables
    in certain cases. Addresses BIT-1785. (Jon Siwek)
 2.5-60 | 2017-02-15 15:19:20 -0800
  * Implement ERSPAN support.
    There is a small caveat to this implementation.  The ethernet
    header that is carried over the tunnel is ignored.  If a user
    tries to do MAC address logging, it will only show the MAC
    addresses for the outer tunnel and the inner MAC addresses
    will be stripped and not available anywhere. (Seth Hall)
  * Tiny mime-type fix from Dan Caselden. (Seth Hall)
  * Update failing intel framework test. (Johanna Amann)
 2.5-55 | 2017-02-10 09:50:43 -0500
  * Fixed intel expiration reset. Reinserting the same indicator did not reset
--- a/2
+++ b/2
@ -1 +1 @@
-2.5-55
+2.5-62
--- a/scripts/base/frameworks/files/magic/general.sig
+++ b/scripts/base/frameworks/files/magic/general.sig
@ -116,7 +116,7 @@ signature file-reg-utf16 {
 # Microsoft Registry format (typically DESKTOP.DAT)
 signature file-regf {
-	file-mime "application vnd.ms-regf", 49
+	file-mime "application/vnd.ms-regf", 49
 	file-magic /^\x72\x65\x67\x66/
 }
--- a/src/Frame.cc
+++ b/src/Frame.cc
@ -33,6 +33,15 @@ Frame::~Frame()
 	Release();
 	}
 void Frame::Reset(int startIdx)
 	{
 	for ( int i = startIdx; i < size; ++i )
 		{
 		Unref(frame[i]);
 		frame[i] = 0;
 		}
 	}
 void Frame::Release()
 	{
 	for ( int i = 0; i < size; ++i )
--- a/src/Frame.h
+++ b/src/Frame.h
@ -24,6 +24,7 @@ public:
 		frame[n] = v;
 		}
 	void Reset(int startIdx);
 	void Release();
 	void Describe(ODesc* d) const;
--- a/src/Func.cc
+++ b/src/Func.cc
@ -397,6 +397,7 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const
 				bodies[i].stmts->GetLocationInfo());
 		Unref(result);
 		f->Reset(args->length());
 		try
 			{
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -431,7 +431,6 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		return;
 		}
 #endif
 	int proto = ip_hdr->NextProto();
 	if ( CheckHeaderTrunc(proto, len, caplen, pkt, encapsulation) )
@ -510,6 +509,11 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		uint16 proto_typ = ntohs(*((uint16*)(data + 2)));
 		int gre_version = flags_ver & 0x0007;
 		// If a carried packet has ethernet, this will help skip it.
 		unsigned int eth_len = 0;
 		unsigned int gre_len = gre_header_len(flags_ver);
 		unsigned int ppp_len = gre_version == 1 ? 1 : 0;
 		if ( gre_version != 0 && gre_version != 1 )
 			{
 			Weird(fmt("unknown_gre_version_%d", gre_version), ip_hdr,
@ -519,7 +523,18 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		if ( gre_version == 0 )
 			{
-			if ( proto_typ != 0x0800 && proto_typ != 0x86dd )
+			if ( proto_typ == 0x6558 && len > gre_len + 14 )
 				{
 				// transparent ethernet bridging
 				eth_len = 14;
 				proto_typ = ntohs(*((uint16*)(data + gre_len + 12)));
 				}
 			if ( proto_typ == 0x0800 )
 				proto = IPPROTO_IPV4;
 			else if ( proto_typ == 0x86dd )
 				proto = IPPROTO_IPV6;
 			else
 				{
 				// Not IPv4/IPv6 payload.
 				Weird(fmt("unknown_gre_protocol_%" PRIu16, proto_typ), ip_hdr,
@ -527,7 +542,6 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 				return;
 				}
 			proto = (proto_typ == 0x0800) ? IPPROTO_IPV4 : IPPROTO_IPV6;
 			}
 		else // gre_version == 1
@ -556,10 +570,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 			return;
 			}
-		unsigned int gre_len = gre_header_len(flags_ver);
+		if ( len < gre_len + ppp_len + eth_len || caplen < gre_len + ppp_len + eth_len )
 		unsigned int ppp_len = gre_version == 1 ? 1 : 0;
 		if ( len < gre_len + ppp_len || caplen < gre_len + ppp_len )
 			{
 			Weird("truncated_GRE", ip_hdr, encapsulation);
 			return;
@ -578,9 +589,9 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 			proto = (ppp_proto == 0x0021) ? IPPROTO_IPV4 : IPPROTO_IPV6;
 			}
-		data += gre_len + ppp_len;
+		data += gre_len + ppp_len + eth_len;
-		len -= gre_len + ppp_len;
+		len -= gre_len + ppp_len + eth_len;
-		caplen -= gre_len + ppp_len;
+		caplen -= gre_len + ppp_len + eth_len;
 		// Treat GRE tunnel like IP tunnels, fallthrough to logic below now
 		// that GRE header is stripped and only payload packet remains.
@ -607,7 +618,6 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		// Check for a valid inner packet first.
 		IP_Hdr* inner = 0;
 		int result = ParseIPPacket(caplen, data, proto, inner);
 		if ( result < 0 )
 			Weird("truncated_inner_IP", ip_hdr, encapsulation);
@ -794,6 +804,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
 	// Construct fake packet for DoNextPacket
 	Packet p;
 	p.Init(DLT_RAW, &ts, caplen, len, data, false, "");
 	DoNextPacket(t, &p, inner, outer);
 	delete inner;
--- a/testing/btest/Baseline/core.erspan/tunnel.log
+++ b/testing/btest/Baseline/core.erspan/tunnel.log
@ -0,0 +1,10 @@
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
 #open	2017-02-03-20-27-11
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1442309933.472798	CHhAvVGS1DHFjwGM9	10.200.0.3	0	10.200.0.224	0	Tunnel::GRE	Tunnel::DISCOVER
 #close	2017-02-03-20-27-11
--- a/testing/btest/Baseline/language.uninitialized-local2/out
+++ b/testing/btest/Baseline/language.uninitialized-local2/out
@ -0,0 +1,2 @@
 error in /home/jon/projects/bro/bro/testing/btest/.tmp/language.uninitialized-local2/uninitialized-local2.bro, line 19: value used but not set (var_b)
 var_a is, baz
--- a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output
+++ b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	reporter
-#open	2016-09-20-22-35-58
+#open	2017-02-11-16-36-40
 #fields	ts	level	message	location
 #types	time	enum	string	string
-0.000000	Reporter::INFO	Tried to remove non-existing item '192.168.1.1' (Intel::ADDR).	/home/jgras/devel/bro/scripts/base/frameworks/intel/./main.bro, lines 507-508
+0.000000	Reporter::INFO	Tried to remove non-existing item '192.168.1.1' (Intel::ADDR).	/home/johanna/bro/master/scripts/base/frameworks/intel/./main.bro, lines 520-521
 0.000000	Reporter::INFO	received termination signal	(empty)
-#close	2016-09-20-22-35-59
+#close	2017-02-11-16-36-40
--- a/testing/btest/Traces/erspan.trace
+++ b/testing/btest/Traces/erspan.trace
--- a/testing/btest/core/erspan.bro
+++ b/testing/btest/core/erspan.bro
@ -0,0 +1,4 @@
 # @TEST-EXEC: bro -C -b -r $TRACES/erspan.trace %INPUT 
 # @TEST-EXEC: btest-diff tunnel.log
@load base/frameworks/tunnels
--- a/testing/btest/language/uninitialized-local2.bro
+++ b/testing/btest/language/uninitialized-local2.bro
@ -0,0 +1,25 @@
 # @TEST-EXEC: bro -b %INPUT >out 2>&1
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
 event test()
 	{
 	local var_a: string = "foo";
 	}
 event test()
 	{
 	if ( F )
 		{
 		local var_b: string = "bar";
 		}
 	local var_a: string = "baz";
 	print "var_a is", var_a;
 	print "var_b is", var_b;
 	}
 event bro_init()
 	{
 	event test();
 	}
		`@ -0,0 +1,2 @@`
							`error in /home/jon/projects/bro/bro/testing/btest/.tmp/language.uninitialized-local2/uninitialized-local2.bro, line 19: value used but not set (var_b)`
							`var_a is, baz`