Merge remote-tracking branch 'origin/master' into dev/2.7

* origin/master:
  Fix SumStats "last" plugin in cluster mode
  Remove unnessary check
  Support appending to vector of any
  Fix coding conventions nits/typos
  Updating submodule(s).
  Revert "Switch frag_timeout from redef to option"
  Improve error handling in x509_ocsp_verify function
  Updating submodule(s).
  Updating submodule(s).
  Update baseline for plugins.hooks for redef -> option changes
  Switch frag_timeout from redef to option
  Switch GridFTP options from redef to option
  Updating submodule(s).
  Fix a unit test relying on a bash-ism

CHANGES

@@ -1,4 +1,30 @@
 
+2.6-beta2-83 | 2018-11-08 12:25:21 -0600
+
+  * Fix SumStats "last" plugin in cluster mode (Jon Siwek, Corelight)
+
+2.6-beta2-82 | 2018-11-08 09:38:52 -0600
+
+  * Remove unnecessary Bloom filter empty check (Matthias Vallentin)
+
+2.6-beta2-80 | 2018-11-07 11:46:34 -0600
+
+  * Support appending to vector of any (Jon Siwek, Corelight)
+
+2.6-beta2-79 | 2018-11-07 10:27:00 -0600
+
+  * Fix coding conventions nits/typos (Vern Paxson, Corelight)
+
+2.6-beta2-77 | 2018-11-06 09:32:17 -0600
+
+  * Switch GridFTP options from redef to option (Vlad Grigorescu)
+
+  * Improve error handling in x509_ocsp_verify function (Jon Siwek, Corelight)
+
+2.6-beta2-68 | 2018-11-02 18:30:01 -0500
+
+  * Fix a unit test relying on a bash-ism (Jon Siwek, Corelight)
+
 2.6-beta2-67 | 2018-11-02 17:41:46 -0500
 
   * Add script-layer call stack to internal errors messages that abort (Jon Siwek, Corelight)

VERSION

@@ -1 +1 @@
-2.6-beta2-67
+2.6-beta2-83

aux/broker

@@ -1 +1 @@
-Subproject commit 54db7298eba858c4ceb4df7ef05cdbc8f18c8598
+Subproject commit 04c08cb5343ea5cfcc00d978dc74ccebe1ca3757

scripts/base/frameworks/sumstats/plugins/last.bro

@@ -17,7 +17,8 @@ export {
 	};
 
 	redef record ResultVal += {
-		## This is the queue where elements are maintained.  Use the
+		## This is the queue where elements are maintained.
+		## Don't access this value directly, instead use the
 		## :bro:see:`SumStats::get_last` function to get a vector of
 		## the current element values.
 		last_elements: Queue::Queue &optional;
@@ -29,10 +30,21 @@ export {
 
 function get_last(rv: ResultVal): vector of Observation
 	{
-	local s: vector of Observation = vector();
+	local s: vector of any = vector();
+
 	if ( rv?$last_elements )
 		Queue::get_vector(rv$last_elements, s);
-	return s;
+
+	local rval: vector of Observation = vector();
+
+	for ( i in s )
+		# When using the cluster-ized version of SumStats, Queue's
+		# internal table storage uses "any" type for values, so we need
+		# to cast them here or else they may be left as Broker::Data from
+		# the unserialization process.
+		rval += s[i] as Observation;
+
+	return rval;
 	}
 
 hook register_observe_plugins()

scripts/base/protocols/ftp/gridftp.bro

@@ -30,15 +30,15 @@ module GridFTP;
 export {
 	## Number of bytes transferred before guessing a connection is a
 	## GridFTP data channel.
-	const size_threshold = 1073741824 &redef;
+	option size_threshold = 1073741824;
 
 	## Time during which we check whether a connection's size exceeds the
 	## :bro:see:`GridFTP::size_threshold`.
-	const max_time = 2 min &redef;
+	option max_time = 2 min;
 
 	## Whether to skip further processing of the GridFTP data channel once
 	## detected, which may help performance.
-	const skip_data = T &redef;
+	option skip_data = T;
 
 	## Raised when a GridFTP data channel is detected.
 	##

src/3rdparty

@@ -1 +1 @@
-Subproject commit 16c6bd63fca5c901a8616b657b58180e0f19588b
+Subproject commit 159423357282935f72060bd3a2780501cba7dd9a

src/Conn.cc

@@ -412,7 +412,7 @@ RecordVal* Connection::BuildConnVal()
 		id_val->Assign(2, new AddrVal(resp_addr));
 		id_val->Assign(3, port_mgr->Get(ntohs(resp_port), prot_type));
 
-		RecordVal *orig_endp = new RecordVal(endpoint);
+		RecordVal* orig_endp = new RecordVal(endpoint);
 		orig_endp->Assign(0, new Val(0, TYPE_COUNT));
 		orig_endp->Assign(1, new Val(0, TYPE_COUNT));
 		orig_endp->Assign(4, new Val(orig_flow_label, TYPE_COUNT));
@@ -423,7 +423,7 @@ RecordVal* Connection::BuildConnVal()
 		if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
 			orig_endp->Assign(5, new StringVal(fmt_mac(orig_l2_addr, l2_len)));
 
-		RecordVal *resp_endp = new RecordVal(endpoint);
+		RecordVal* resp_endp = new RecordVal(endpoint);
 		resp_endp->Assign(0, new Val(0, TYPE_COUNT));
 		resp_endp->Assign(1, new Val(0, TYPE_COUNT));
 		resp_endp->Assign(4, new Val(resp_flow_label, TYPE_COUNT));

src/Expr.cc

@@ -1485,8 +1485,9 @@ AddToExpr::AddToExpr(Expr* arg_op1, Expr* arg_op2)
 				ExprError("appending non-arithmetic to arithmetic vector");
 			}
 
-		else if ( bt1 != bt2 )
-			ExprError("incompatible vector append");
+		else if ( bt1 != bt2 && bt1 != TYPE_ANY )
+			ExprError(fmt("incompatible vector append: %s and %s",
+					  type_name(bt1), type_name(bt2)));
 
 		else
 			SetType(op1->Type()->Ref());

src/file_analysis/analyzer/x509/functions.bif

@@ -303,7 +303,12 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
 	int result = -1;
 	X509* issuer_certificate = 0;
 	X509* signer = 0;
+	ASN1_GENERALIZEDTIME* thisUpdate = nullptr;
+	ASN1_GENERALIZEDTIME* nextUpdate = nullptr;
+	int type = -1;
+
 	OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(NULL, &start, ocsp_reply->Len());
+
 	if ( ! resp )
 		{
 		rval = x509_result_record(-1, "Could not parse OCSP response");
@@ -441,13 +446,35 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
 		return x509_result_record(-1, "OCSP reply is not for host certificate");
 
 	// next - check freshness of proof...
-	ASN1_GENERALIZEDTIME *thisUpdate;
-	ASN1_GENERALIZEDTIME *nextUpdate;
-	int type;
 	type = OCSP_single_get0_status(single, NULL, NULL, &thisUpdate, &nextUpdate);
-	if ( ! ASN1_GENERALIZEDTIME_check(thisUpdate) || ! ASN1_GENERALIZEDTIME_check(nextUpdate) )
+
+	if ( type == -1 )
 		{
-		rval = x509_result_record(-1, "OCSP reply contains invalid dates");
+		rval = x509_result_record(-1, "OCSP reply failed to retrieve update times");
+		goto x509_ocsp_cleanup;
+		}
+
+	if ( ! thisUpdate )
+		{
+		rval = x509_result_record(-1, "OCSP reply missing thisUpdate field");
+		goto x509_ocsp_cleanup;
+		}
+
+	if ( ! nextUpdate )
+		{
+		rval = x509_result_record(-1, "OCSP reply missing nextUpdate field");
+		goto x509_ocsp_cleanup;
+		}
+
+	if ( ! ASN1_GENERALIZEDTIME_check(thisUpdate) )
+		{
+		rval = x509_result_record(-1, "OCSP reply contains invalid thisUpdate field");
+		goto x509_ocsp_cleanup;
+		}
+
+	if ( ! ASN1_GENERALIZEDTIME_check(nextUpdate) )
+		{
+		rval = x509_result_record(-1, "OCSP reply contains invalid nextUpdate field");
 		goto x509_ocsp_cleanup;
 		}
 

src/parse.y

@@ -990,7 +990,7 @@ type:
 				{
 				NullStmt here;
 				if ( $1 )
-					$1->Error("not a BRO type", &here);
+					$1->Error("not a Bro type", &here);
 				$$ = error_type();
 				}
 			else

src/probabilistic/bloom-filter.bif

@@ -173,9 +173,6 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count
 	%{
 	const BloomFilterVal* bfv = static_cast<const BloomFilterVal*>(bf);
 
-	if ( bfv->Empty() )
-		return new Val(0, TYPE_COUNT);
-
 	if ( ! bfv->Type() )
 		reporter->Error("cannot perform lookup on untyped Bloom filter");
 

testing/btest/Baseline/language.vector-any-append/out

@@ -0,0 +1 @@
+[0, 1, 2, 3]

testing/btest/Baseline/plugins.hooks/output

@@ -274,7 +274,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@@ -459,7 +459,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -482,6 +482,9 @@
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
@@ -1165,7 +1168,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@@ -1350,7 +1353,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -1373,6 +1376,9 @@
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
@@ -2055,7 +2061,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -2240,7 +2246,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@@ -2263,6 +2269,9 @@
 0.000000 | HookCallFunction Option::set_change_handler(FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
@@ -2666,7 +2675,7 @@
 0.000000 | HookLoadFile  base<...>/x509
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1539890895.780919, node=bro, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()

testing/btest/Baseline/scripts.base.frameworks.sumstats.last-cluster/manager-1..stdout

@@ -0,0 +1,9 @@
+node up, worker-1
+test thresh crossed, [[num=0, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=1, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=2, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=3, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=4, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=5, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=6, dbl=<uninitialized>, str=<uninitialized>]]
+test thresh crossed, [[num=7, dbl=<uninitialized>, str=<uninitialized>]]

testing/btest/language/index-assignment-invalid.bro

@@ -1,6 +1,6 @@
 # @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1
 # @TEST-EXEC: grep "internal error" output >output2
-# @TEST-EXEC: for i in {1..5}; do cat output2 | cut -d'|' -f$i >>out; done
+# @TEST-EXEC: for i in 1 2 3 4 5; do cat output2 | cut -d'|' -f$i >>out; done
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
 
 @load base/utils/queue

testing/btest/language/vector-any-append.bro

@@ -0,0 +1,22 @@
+# @TEST-EXEC: bro -b %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+function assign(v: vector of any)
+	{
+	v[|v|] = |v|;
+	}
+
+function append(v: vector of any)
+	{
+	v += |v|;
+	}
+
+event bro_init()
+	{
+	local v: vector of count;
+	assign(v);
+	assign(v);
+	append(v);
+	append(v);
+	print v;
+	}

testing/btest/scripts/base/frameworks/sumstats/last-cluster.bro

@@ -0,0 +1,68 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 25
+
+# @TEST-EXEC: btest-diff manager-1/.stdout
+#
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+};
+@TEST-END-FILE
+
+global c = 0;
+
+event do_observe()
+	{
+	print "do observe", c;
+	SumStats::observe("test",
+	                  [$str=cat(c)],
+	                  [$num=c]
+	                  );
+	++c;
+	schedule 0.1secs { do_observe() };
+	}
+
+event bro_init()
+	{
+	local r1 = SumStats::Reducer($stream="test",
+	                             $apply=set(SumStats::LAST),
+	                             $num_last_elements=1
+	                             );
+
+	SumStats::create([$name="test",
+	                  $epoch=10secs,
+	                  $reducers=set(r1),
+	                  $threshold_val(key: SumStats::Key, result: SumStats::Result): double = { return 2.0; },
+	                  $threshold = 1.0,
+	                  $threshold_crossed(key: SumStats::Key, result: SumStats::Result) =
+	                  {
+	                  local l = SumStats::get_last(result["test"]);
+	                  print "test thresh crossed", l;
+
+	                  if ( l[0]$num == 7 )
+	                      terminate();
+	                  }
+	                 ]);
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	print "node up", name;
+
+	if ( Cluster::node == "worker-1" && name == "manager-1" )
+		schedule 0.1secs { do_observe() };
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	print "node down", name;
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, id: string)
+	{
+	terminate();
+	}