Change logging of HTTP 1xx responses to occur in their own columns.

Instead of as entirely new log lines (addresses #411).

scripts/base/protocols/http/main.bro

@@ -48,6 +48,10 @@ export {
 		status_code:             count    &log &optional;
 		## The status message returned by the server.
 		status_msg:              string   &log &optional;
+		## The last 1xx informational reply code returned by the server.
+		info_code:               count    &log &optional;
+		## The last 1xx informational reply message returned by the server.
+		info_msg:               string    &log &optional;
 		## The filename given in the Content-Disposition header
 		## sent by the server.
 		filename:                string   &log &optional;
@@ -173,6 +177,11 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p
 	
 	c$http$status_code = code;
 	c$http$status_msg = reason;
+	if ( code/100 == 1 )
+		{
+		c$http$info_code = code;
+		c$http$info_msg = reason;
+		}
 	}
 	
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=5
@@ -249,13 +258,15 @@ event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) &
 	# The reply body is done so we're ready to log.
 	if ( ! is_orig )
 		{
-		Log::write(HTTP::LOG, c$http);
 		# If the response was an informational 1xx, we're still expecting
 		# the real response later, so we'll continue using the same record
 		if ( c$http$status_code/100 != 1 )
+			{
+			Log::write(HTTP::LOG, c$http);
 			delete c$http_state$pending[c$http_state$current_response];
 			}
 		}
+	}
 
 event connection_state_remove(c: connection) &priority=-5
 	{

testing/btest/Baseline/istate.events-ssl/receiver.http.log

@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124231.969273	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149787.593092	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-

testing/btest/Baseline/istate.events-ssl/sender.http.log

@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124231.969273	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149787.593092	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-

testing/btest/Baseline/istate.events/receiver.http.log

@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124240.720195	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149750.648989	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-

testing/btest/Baseline/istate.events/sender.http.log

@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124240.720195	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149750.648989	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log

@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1315799856.264750	UWkUyAuUGXf	10.0.1.104	64216	193.40.5.162	80	GET	lepo.it.da.ut.ee	/~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf	-	Wget/1.12 (darwin10.8.0)	0	F	346	F	404	Not Found	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1315799856.264750	UWkUyAuUGXf	10.0.1.104	64216	193.40.5.162	80	GET	lepo.it.da.ut.ee	/~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf	-	Wget/1.12 (darwin10.8.0)	0	F	346	F	404	Not Found	-	-	-	-	-	-	-	text/html	-	-

testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log

@@ -1,6 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	-	F	0	F	100	Continue	-	-	-	-	-	-	-	-
-1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	2001	F	60731	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	2001	F	60731	F	200	OK	100	Continue	-	-	-	-	-	text/html	-	-

testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log

@@ -1,9 +1,9 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	FAKE_MIME	-	-
-1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	FAKE_MIME	-	-
-1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	FAKE_MIME	-	-
-1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	image/png	e0029eea80812e9a8e57b8d05d52938a	-
-1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	image/png	30aa926344f58019d047e85ba049ca1e	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	-	-	FAKE_MIME	-	-
+1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	-	-	FAKE_MIME	-	-
+1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	-	-	FAKE_MIME	-	-
+1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	-	-	image/png	e0029eea80812e9a8e57b8d05d52938a	-
+1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	-	-	image/png	30aa926344f58019d047e85ba049ca1e	-

testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log

@@ -1,9 +1,9 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	file
-1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	-	-
-1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	-	-
-1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	-	-
-1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	-	-
-1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	file
+1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	-	-	-	-