diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index 5442c1024a..0f76c1881a 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -25,6 +25,7 @@ rest_target(${CMAKE_BINARY_DIR}/src base/logging.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src base/protocols/http/events.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src base/protocols/http/functions.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src base/protocols/ssl/events.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/protocols/syslog/events.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src base/reporter.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src base/strings.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src base/types.bif.bro) @@ -134,7 +135,6 @@ rest_target(${psd} policy/frameworks/software/vulnerable.bro) rest_target(${psd} policy/integration/barnyard2/main.bro) rest_target(${psd} policy/integration/barnyard2/types.bro) rest_target(${psd} policy/integration/collective-intel/main.bro) -rest_target(${psd} policy/misc/analysis-groups.bro) rest_target(${psd} policy/misc/capture-loss.bro) rest_target(${psd} policy/misc/loaded-scripts.bro) rest_target(${psd} policy/misc/profiling.bro) diff --git a/scripts/policy/misc/analysis-groups.bro b/scripts/policy/misc/analysis-groups.bro deleted file mode 100644 index 17f5bab845..0000000000 --- a/scripts/policy/misc/analysis-groups.bro +++ /dev/null @@ -1,31 +0,0 @@ -##! This script gives the capability to selectively enable and disable event -##! groups at runtime. No events will be raised for all members of a disabled -##! event group. - -module AnalysisGroups; - -export { - ## By default, all event groups are enabled. - ## We disable all groups in this table. - const disabled: set[string] &redef; -} - -# Set to remember all groups which were disabled by the last update. -global currently_disabled: set[string]; - -# This is the event that the control framework uses when it needs to indicate -# that an update control action happened. -event Control::configuration_update() - { - # Reenable those which are not to be disabled anymore. - for ( g in currently_disabled ) - if ( g !in disabled ) - enable_event_group(g); - - # Disable those which are not already disabled. - for ( g in disabled ) - if ( g !in currently_disabled ) - disable_event_group(g); - - currently_disabled = copy(disabled); - } \ No newline at end of file diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index a213031f4c..dc1b4e4154 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -34,7 +34,6 @@ @load integration/barnyard2/types.bro @load integration/collective-intel/__load__.bro @load integration/collective-intel/main.bro -@load misc/analysis-groups.bro @load misc/capture-loss.bro @load misc/loaded-scripts.bro @load misc/profiling.bro diff --git a/src/EventHandler.cc b/src/EventHandler.cc index 5598f93f98..4a74d68a08 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -10,7 +10,6 @@ EventHandler::EventHandler(const char* arg_name) used = false; local = 0; type = 0; - group = 0; error_handler = false; enabled = true; } @@ -19,7 +18,6 @@ EventHandler::~EventHandler() { Unref(local); delete [] name; - delete [] group; } EventHandler::operator bool() const diff --git a/src/EventHandler.h b/src/EventHandler.h index a86b8a285c..786d9f94ba 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -41,10 +41,6 @@ public: void SetErrorHandler() { error_handler = true; } bool ErrorHandler() { return error_handler; } - const char* Group() { return group; } - void SetGroup(const char* arg_group) - { group = copy_string(arg_group); } - void SetEnable(bool arg_enable) { enabled = arg_enable; } // We don't serialize the handler(s) itself here, but @@ -54,7 +50,6 @@ public: private: const char* name; - const char* group; Func* local; FuncType* type; bool used; // this handler is indeed used somewhere diff --git a/src/EventRegistry.cc b/src/EventRegistry.cc index f51f624833..cf8aa6802e 100644 --- a/src/EventRegistry.cc +++ b/src/EventRegistry.cc @@ -85,17 +85,6 @@ void EventRegistry::PrintDebug() } } -void EventRegistry::SetGroup(const char* name, const char* group) - { - return; // FIXME. THis triggers the error below for plugin events. - - EventHandler* eh = Lookup(name); - if ( ! eh ) - reporter->InternalError("unknown event handler %s in SetGroup()", name); - - eh->SetGroup(group); - } - void EventRegistry::SetErrorHandler(const char* name) { EventHandler* eh = Lookup(name); @@ -105,18 +94,3 @@ void EventRegistry::SetErrorHandler(const char* name) eh->SetErrorHandler(); } -void EventRegistry::EnableGroup(const char* group, bool enable) - { - IterCookie* c = handlers.InitForIteration(); - - HashKey* k; - EventHandler* v; - while ( (v = handlers.NextEntry(k, c)) ) - { - delete k; - - if ( v->Group() && strcmp(v->Group(), group) == 0 ) - v->SetEnable(enable); - } - } - diff --git a/src/EventRegistry.h b/src/EventRegistry.h index 6ee5e3bcbd..3b4c8df918 100644 --- a/src/EventRegistry.h +++ b/src/EventRegistry.h @@ -26,17 +26,11 @@ public: typedef PList(constchar) string_list; string_list* Match(RE_Matcher* pattern); - // Associates a group with the given event. - void SetGroup(const char* name, const char* group); - // Marks a handler as handling errors. Error handler will not be called // recursively to avoid infinite loops in case they trigger an error // themselves. void SetErrorHandler(const char* name); - // Enable/disable all members of the group. - void EnableGroup(const char* group, bool enable); - string_list* UnusedHandlers(); string_list* UsedHandlers(); void PrintDebug(); diff --git a/src/ID.cc b/src/ID.cc index 959ad9b07d..a6e592146b 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -221,21 +221,7 @@ void ID::UpdateValAttrs() if ( Type()->Tag() == TYPE_FUNC ) { - Attr* attr = attrs->FindAttr(ATTR_GROUP); - - if ( attr ) - { - Val* group = attr->AttrExpr()->ExprVal(); - if ( group ) - { - if ( group->Type()->Tag() == TYPE_STRING ) - event_registry->SetGroup(Name(), group->AsString()->CheckString()); - else - Error("&group attribute takes string"); - } - } - - attr = attrs->FindAttr(ATTR_ERROR_HANDLER); + Attr* attr = attrs->FindAttr(ATTR_ERROR_HANDLER); if ( attr ) event_registry->SetErrorHandler(Name()); diff --git a/src/bro.bif b/src/bro.bif index 9b3eb946e2..4366d26951 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -4342,31 +4342,6 @@ function skip_smtp_data%(c: connection%): any return 0; %} -## Enables all event handlers in a given group. One can tag event handlers with -## the :bro:attr:`&group` attribute to logically group them together, e.g, -## ``event foo() &group="bar"``. This function enables all event handlers that -## belong to such a group. -## -## group: The group. -## -## .. bro:see:: disable_event_group -function enable_event_group%(group: string%) : any - %{ - event_registry->EnableGroup(group->CheckString(), true); - return 0; - %} - -## Disables all event handlers in a given group. -## -## group: The group. -## -## .. bro:see:: enable_event_group -function disable_event_group%(group: string%) : any - %{ - event_registry->EnableGroup(group->CheckString(), false); - return 0; - %} - # =========================================================================== # # Files and Directories diff --git a/src/event.bif b/src/event.bif index 8a44e8723e..ab44495fdc 100644 --- a/src/event.bif +++ b/src/event.bif @@ -2219,7 +2219,7 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line: ## ## .. bro:see:: ftp_reply fmt_ftp_port parse_eftp_port ## parse_ftp_epsv parse_ftp_pasv parse_ftp_port -event ftp_request%(c: connection, command: string, arg: string%) &group="ftp"; +event ftp_request%(c: connection, command: string, arg: string%); ## Generated for server-side FTP replies. ## @@ -2239,7 +2239,7 @@ event ftp_request%(c: connection, command: string, arg: string%) &group="ftp"; ## ## .. bro:see:: ftp_request fmt_ftp_port parse_eftp_port ## parse_ftp_epsv parse_ftp_pasv parse_ftp_port -event ftp_reply%(c: connection, code: count, msg: string, cont_resp: bool%) &group="ftp"; +event ftp_reply%(c: connection, code: count, msg: string, cont_resp: bool%); ## Generated for client-side SMTP commands. ## @@ -2264,7 +2264,7 @@ event ftp_reply%(c: connection, code: count, msg: string, cont_resp: bool%) &gro ## smtp_data smtp_reply ## ## .. note:: Bro does not support the newer ETRN extension yet. -event smtp_request%(c: connection, is_orig: bool, command: string, arg: string%) &group="smtp"; +event smtp_request%(c: connection, is_orig: bool, command: string, arg: string%); ## Generated for server-side SMTP commands. ## @@ -2295,7 +2295,7 @@ event smtp_request%(c: connection, is_orig: bool, command: string, arg: string%) ## smtp_data smtp_request ## ## .. note:: Bro doesn't support the newer ETRN extension yet. -event smtp_reply%(c: connection, is_orig: bool, code: count, cmd: string, msg: string, cont_resp: bool%) &group="smtp"; +event smtp_reply%(c: connection, is_orig: bool, code: count, cmd: string, msg: string, cont_resp: bool%); ## Generated for DATA transmitted on SMTP sessions. This event is raised for ## subsequent chunks of raw data following the ``DATA`` SMTP command until the @@ -2320,7 +2320,7 @@ event smtp_reply%(c: connection, is_orig: bool, code: count, cmd: string, msg: s ## .. note:: This event receives the unprocessed raw data. There is a separate ## set of ``mime_*`` events that strip out the outer MIME-layer of emails and ## provide structured access to their content. -event smtp_data%(c: connection, is_orig: bool, data: string%) &group="smtp"; +event smtp_data%(c: connection, is_orig: bool, data: string%); ## Generated for unexpected activity on SMTP sessions. The SMTP analyzer tracks ## the state of SMTP sessions and reports commands and other activity with this @@ -2340,7 +2340,7 @@ event smtp_data%(c: connection, is_orig: bool, data: string%) &group="smtp"; ## detail: The actual SMTP line triggering the event. ## ## .. bro:see:: smtp_data smtp_request smtp_reply -event smtp_unexpected%(c: connection, is_orig: bool, msg: string, detail: string%) &group="smtp"; +event smtp_unexpected%(c: connection, is_orig: bool, msg: string, detail: string%); ## Generated when starting to parse an email MIME entity. MIME is a ## protocol-independent data format for encoding text and files, along with @@ -4014,7 +4014,7 @@ event smb_error%(c: connection, hdr: smb_hdr, cmd: count, cmd_str: string, data: ## dns_mapping_unverified dns_mapping_valid dns_query_reply dns_rejected ## dns_request non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_message%(c: connection, is_orig: bool, msg: dns_msg, len: count%) &group="dns"; +event dns_message%(c: connection, is_orig: bool, msg: dns_msg, len: count%); ## Generated for DNS requests. For requests with multiple queries, this event ## is raised once for each. @@ -4041,7 +4041,7 @@ event dns_message%(c: connection, is_orig: bool, msg: dns_msg, len: count%) &gro ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_request%(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count%) &group="dns"; +event dns_request%(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count%); ## Generated for DNS replies that reject a query. This event is raised if a DNS ## reply either indicates failure via its status code or does not pass on any @@ -4070,7 +4070,7 @@ event dns_request%(c: connection, msg: dns_msg, query: string, qtype: count, qcl ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_request non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_rejected%(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count%) &group="dns"; +event dns_rejected%(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count%); ## Generated for DNS replies with an *ok* status code but no question section. ## @@ -4097,7 +4097,7 @@ event dns_rejected%(c: connection, msg: dns_msg, query: string, qtype: count, qc ## dns_request non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth event dns_query_reply%(c: connection, msg: dns_msg, query: string, - qtype: count, qclass: count%) &group="dns"; + qtype: count, qclass: count%); ## Generated when the DNS analyzer processes what seems to be a non-DNS packet. ## @@ -4108,7 +4108,7 @@ event dns_query_reply%(c: connection, msg: dns_msg, query: string, ## ## .. note:: This event is deprecated and superseded by Bro's dynamic protocol ## detection framework. -event non_dns_request%(c: connection, msg: string%) &group="dns"; +event non_dns_request%(c: connection, msg: string%); ## Generated for DNS replies of type *A*. For replies with multiple answers, an ## individual event of the corresponding type is raised for each. @@ -4133,7 +4133,7 @@ event non_dns_request%(c: connection, msg: string%) &group="dns"; ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &group="dns"; +event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## Generated for DNS replies of type *AAAA*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4158,7 +4158,7 @@ event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &grou ## dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request ## non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &group="dns"; +event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## Generated for DNS replies of type *A6*. For replies with multiple answers, an ## individual event of the corresponding type is raised for each. @@ -4183,7 +4183,7 @@ event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &g ## dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request ## non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &group="dns"; +event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## Generated for DNS replies of type *NS*. For replies with multiple answers, an ## individual event of the corresponding type is raised for each. @@ -4208,7 +4208,7 @@ event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%) &gro ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_NS_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%) &group="dns"; +event dns_NS_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%); ## Generated for DNS replies of type *CNAME*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4233,7 +4233,7 @@ event dns_NS_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%) ## dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request ## non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_CNAME_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%) &group="dns"; +event dns_CNAME_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%); ## Generated for DNS replies of type *PTR*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4258,7 +4258,7 @@ event dns_CNAME_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: strin ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_PTR_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%) &group="dns"; +event dns_PTR_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%); ## Generated for DNS replies of type *CNAME*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4283,7 +4283,7 @@ event dns_PTR_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string% ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_SOA_reply%(c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa%) &group="dns"; +event dns_SOA_reply%(c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa%); ## Generated for DNS replies of type *WKS*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4306,7 +4306,7 @@ event dns_SOA_reply%(c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa% ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &group="dns"; +event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## Generated for DNS replies of type *HINFO*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4329,7 +4329,7 @@ event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &group="dns" ## dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request ## non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &group="dns"; +event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## Generated for DNS replies of type *MX*. For replies with multiple answers, an ## individual event of the corresponding type is raised for each. @@ -4356,7 +4356,7 @@ event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &group="dn ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string, preference: count%) &group="dns"; +event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string, preference: count%); ## Generated for DNS replies of type *TXT*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4381,7 +4381,7 @@ event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string, ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_TXT_reply%(c: connection, msg: dns_msg, ans: dns_answer, str: string%) &group="dns"; +event dns_TXT_reply%(c: connection, msg: dns_msg, ans: dns_answer, str: string%); ## Generated for DNS replies of type *SRV*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4404,7 +4404,7 @@ event dns_TXT_reply%(c: connection, msg: dns_msg, ans: dns_answer, str: string%) ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_SRV_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &group="dns"; +event dns_SRV_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## Generated for DNS replies of type *EDNS*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4427,7 +4427,7 @@ event dns_SRV_reply%(c: connection, msg: dns_msg, ans: dns_answer%) &group="dns" ## dns_mapping_valid dns_message dns_query_reply dns_rejected dns_request ## non_dns_request dns_max_queries dns_session_timeout dns_skip_addl ## dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%) &group="dns"; +event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%); ## Generated for DNS replies of type *TSIG*. For replies with multiple answers, ## an individual event of the corresponding type is raised for each. @@ -4450,7 +4450,7 @@ event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%) &gr ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_TSIG_addl%(c: connection, msg: dns_msg, ans: dns_tsig_additional%) &group="dns"; +event dns_TSIG_addl%(c: connection, msg: dns_msg, ans: dns_tsig_additional%); ## Generated at the end of processing a DNS packet. This event is the last ## ``dns_*`` event that will be raised for a DNS query/reply and signals that @@ -4472,7 +4472,7 @@ event dns_TSIG_addl%(c: connection, msg: dns_msg, ans: dns_tsig_additional%) &gr ## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply ## dns_rejected dns_request non_dns_request dns_max_queries dns_session_timeout ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth -event dns_end%(c: connection, msg: dns_msg%) &group="dns"; +event dns_end%(c: connection, msg: dns_msg%); ## Generated for DHCP messages of type *discover*. ## @@ -6610,7 +6610,7 @@ event gaobot_signature_found%(c: connection%); ## ## .. todo:: Unclear what this event is for; it's never raised. We should just ## remove it. -event dns_full_request%(%) &group="dns"; +event dns_full_request%(%); ## Deprecated. Will be removed. event anonymization_mapping%(orig: addr, mapped: addr%); diff --git a/src/parse.y b/src/parse.y index 7ce1174595..520623de2c 100644 --- a/src/parse.y +++ b/src/parse.y @@ -2,7 +2,7 @@ // See the file "COPYING" in the main distribution directory for copyright. %} -%expect 88 +%expect 85 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF @@ -23,7 +23,7 @@ %token TOK_ATTR_EXPIRE_CREATE TOK_ATTR_EXPIRE_READ TOK_ATTR_EXPIRE_WRITE %token TOK_ATTR_PERSISTENT TOK_ATTR_SYNCHRONIZED %token TOK_ATTR_RAW_OUTPUT TOK_ATTR_MERGEABLE -%token TOK_ATTR_PRIORITY TOK_ATTR_GROUP TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER +%token TOK_ATTR_PRIORITY TOK_ATTR_LOG TOK_ATTR_ERROR_HANDLER %token TOK_ATTR_TYPE_COLUMN %token TOK_DEBUG @@ -1362,8 +1362,6 @@ attr: { $$ = new Attr(ATTR_MERGEABLE); } | TOK_ATTR_PRIORITY '=' expr { $$ = new Attr(ATTR_PRIORITY, $3); } - | TOK_ATTR_GROUP '=' expr - { $$ = new Attr(ATTR_GROUP, $3); } | TOK_ATTR_TYPE_COLUMN '=' expr { $$ = new Attr(ATTR_TYPE_COLUMN, $3); } | TOK_ATTR_LOG diff --git a/src/protocols/http/events.bif b/src/protocols/http/events.bif index e4f71f70fc..ead8bc254b 100644 --- a/src/protocols/http/events.bif +++ b/src/protocols/http/events.bif @@ -20,7 +20,7 @@ ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done ply http_stats ## truncate_http_URI -event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%) &group="http-request"; +event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%); ## Generated for HTTP replies. Bro supports persistent and pipelined HTTP ## sessions and raises corresponding events as it parses client/server @@ -41,7 +41,7 @@ event http_request%(c: connection, method: string, original_URI: string, unescap ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_request ## http_stats -event http_reply%(c: connection, version: string, code: count, reason: string%) &group="http-reply"; +event http_reply%(c: connection, version: string, code: count, reason: string%); ## Generated for HTTP headers. Bro supports persistent and pipelined HTTP ## sessions and raises corresponding events as it parses client/server @@ -64,7 +64,7 @@ event http_reply%(c: connection, version: string, code: count, reason: string%) ## ## .. note:: This event is also raised for headers found in nested body ## entities. -event http_header%(c: connection, is_orig: bool, name: string, value: string%) &group="http-header"; +event http_header%(c: connection, is_orig: bool, name: string, value: string%); ## Generated for HTTP headers, passing on all headers of an HTTP message at ## once. Bro supports persistent and pipelined HTTP sessions and raises @@ -86,7 +86,7 @@ event http_header%(c: connection, is_orig: bool, name: string, value: string%) & ## ## .. note:: This event is also raised for headers found in nested body ## entities. -event http_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%) &group="http-header"; +event http_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## Generated when starting to parse an HTTP body entity. This event is generated ## at least once for each non-empty (client or server) HTTP body; and @@ -105,7 +105,7 @@ event http_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%) ## .. bro:see:: http_all_headers http_content_type http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## mime_begin_entity -event http_begin_entity%(c: connection, is_orig: bool%) &group="http-body"; +event http_begin_entity%(c: connection, is_orig: bool%); ## Generated when finishing parsing an HTTP body entity. This event is generated ## at least once for each non-empty (client or server) HTTP body; and @@ -124,7 +124,7 @@ event http_begin_entity%(c: connection, is_orig: bool%) &group="http-body"; ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_entity_data ## http_event http_header http_message_done http_reply http_request ## http_stats mime_end_entity -event http_end_entity%(c: connection, is_orig: bool%) &group="http-body"; +event http_end_entity%(c: connection, is_orig: bool%); ## Generated when parsing an HTTP body entity, passing on the data. This event ## can potentially be raised many times for each entity, each time passing a @@ -152,7 +152,7 @@ event http_end_entity%(c: connection, is_orig: bool%) &group="http-body"; ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_event http_header http_message_done http_reply http_request http_stats ## mime_entity_data http_entity_data_delivery_size skip_http_data -event http_entity_data%(c: connection, is_orig: bool, length: count, data: string%) &group="http-body"; +event http_entity_data%(c: connection, is_orig: bool, length: count, data: string%); ## Generated for reporting an HTTP body's content type. This event is ## generated at the end of parsing an HTTP header, passing on the MIME @@ -176,7 +176,7 @@ event http_entity_data%(c: connection, is_orig: bool, length: count, data: strin ## ## .. note:: This event is also raised for headers found in nested body ## entities. -event http_content_type%(c: connection, is_orig: bool, ty: string, subty: string%) &group="http-body"; +event http_content_type%(c: connection, is_orig: bool, ty: string, subty: string%); ## Generated once at the end of parsing an HTTP message. Bro supports persistent ## and pipelined HTTP sessions and raises corresponding events as it parses @@ -198,7 +198,7 @@ event http_content_type%(c: connection, is_orig: bool, ty: string, subty: string ## ## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_reply http_request http_stats -event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%) &group="http-body"; +event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%); ## Generated for errors found when decoding HTTP requests or replies. ## diff --git a/src/scan.l b/src/scan.l index faa831ea93..a4d80c88ed 100644 --- a/src/scan.l +++ b/src/scan.l @@ -332,7 +332,6 @@ when return TOK_WHEN; &encrypt return TOK_ATTR_ENCRYPT; &error_handler return TOK_ATTR_ERROR_HANDLER; &expire_func return TOK_ATTR_EXPIRE_FUNC; -&group return TOK_ATTR_GROUP; &log return TOK_ATTR_LOG; &mergeable return TOK_ATTR_MERGEABLE; &optional return TOK_ATTR_OPTIONAL; diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 0482b574f8..0db69c1f17 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2013-04-01-19-44-31 +#open 2013-04-09-22-37-59 #fields name #types string scripts/base/init-bare.bro @@ -36,5 +36,6 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/./HTTP.events.bif.bro build/scripts/base/bif/plugins/./HTTP.functions.bif.bro build/scripts/base/bif/plugins/./SSL.events.bif.bro + build/scripts/base/bif/plugins/./Syslog.events.bif.bro scripts/policy/misc/loaded-scripts.bro -#close 2013-04-01-19-44-31 +#close 2013-04-09-22-37-59 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 390040ab4a..aa406976a0 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2013-04-01-19-44-38 +#open 2013-04-09-22-38-15 #fields name #types string scripts/base/init-bare.bro @@ -36,6 +36,7 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/./HTTP.events.bif.bro build/scripts/base/bif/plugins/./HTTP.functions.bif.bro build/scripts/base/bif/plugins/./SSL.events.bif.bro + build/scripts/base/bif/plugins/./Syslog.events.bif.bro scripts/base/init-default.bro scripts/base/utils/site.bro scripts/base/utils/./patterns.bro @@ -126,4 +127,4 @@ scripts/base/init-default.bro scripts/base/protocols/syslog/./main.bro scripts/base/misc/find-checksum-offloading.bro scripts/policy/misc/loaded-scripts.bro -#close 2013-04-01-19-44-38 +#close 2013-04-09-22-38-15