Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp

scripts/base/init-bare.bro

@@ -740,6 +740,7 @@ type pcap_packet: record {
 	caplen: count;	##< The number of bytes captured (<= *len*).
 	len: count;	##< The length of the packet in bytes, including link-level header.
 	data: string;	##< The payload of the packet, including link-level header.
+	link_type: link_encap;	##< Layer 2 link encapsulation type.
 };
 
 ## GeoIP location information.
@@ -954,6 +955,11 @@ const tcp_max_above_hole_without_any_acks = 16384 &redef;
 ## .. bro:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks
 const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef;
 
+## Number of TCP segments to buffer beyond what's been acknowledged already
+## to detect retransmission inconsistencies. Zero disables any additonal
+## buffering.
+const tcp_max_old_segments = 0 &redef;
+
 ## For services without a handler, these sets define originator-side ports
 ## that still trigger reassembly.
 ##
@@ -1495,6 +1501,33 @@ type pkt_hdr: record {
 	icmp: icmp_hdr &optional;	##< The ICMP header if an ICMP packet.
 };
 
+## Values extracted from the layer 2 header.
+##
+## .. bro:see:: pkt_hdr
+type l2_hdr: record {
+	encap: link_encap;      ##< L2 link encapsulation.
+	len: count;		##< Total frame length on wire.
+	cap_len: count;		##< Captured length.
+	src: string &optional;	##< L2 source (if Ethernet).
+	dst: string &optional;	##< L2 destination (if Ethernet).
+	vlan: count &optional;	##< Outermost VLAN tag if any (and Ethernet).
+	eth_type: count &optional;	##< Innermost Ethertype (if Ethernet).
+	proto: layer3_proto;	##< L3 protocol.
+};
+
+## A raw packet header, consisting of L2 header and everything in
+## :bro:id:`pkt_hdr`. .
+##
+## .. bro:see:: raw_packet pkt_hdr
+type raw_pkt_hdr: record {
+	l2: l2_hdr;			##< The layer 2 header.
+	ip: ip4_hdr &optional;		##< The IPv4 header if an IPv4 packet.
+	ip6: ip6_hdr &optional;		##< The IPv6 header if an IPv6 packet.
+	tcp: tcp_hdr &optional;		##< The TCP header if a TCP packet.
+	udp: udp_hdr &optional;		##< The UDP header if a UDP packet.
+	icmp: icmp_hdr &optional;	##< The ICMP header if an ICMP packet.
+};
+
 ## A Teredo origin indication header.  See :rfc:`4380` for more information
 ## about the Teredo protocol.
 ##

scripts/base/protocols/ssl/consts.bro

@@ -120,9 +120,9 @@ export {
 		[18] = "signed_certificate_timestamp",
 		[19] = "client_certificate_type",
 		[20] = "server_certificate_type",
-		[21] = "padding", # temporary till 2015-03-12
+		[21] = "padding", # temporary till 2016-03-12
 		[22] = "encrypt_then_mac",
-		[23] = "extended_master_secret", # temporary till 2015-09-26
+		[23] = "extended_master_secret",
 		[35] = "SessionTicket TLS",
 		[40] = "extended_random",
 		[13172] = "next_protocol_negotiation",
@@ -169,7 +169,8 @@ export {
 		[256] = "ffdhe2048",
 		[257] = "ffdhe3072",
 		[258] = "ffdhe4096",
-		[259] = "ffdhe8192",
+		[259] = "ffdhe6144",
+		[260] = "ffdhe8192",
 		[0xFF01] = "arbitrary_explicit_prime_curves",
 		[0xFF02] = "arbitrary_explicit_char2_curves"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };