Updating baselines.

2025-10-07 00:58:19 +00:00 · 2011-09-22 19:44:37 -07:00 · 2011-09-22 19:44:37 -07:00 · a2edff9385
commit a2edff9385
parent 98d4b5e867
4 changed files with 74 additions and 8 deletions
--- a/66
+++ b/66
@ -1,4 +1,70 @@

+1.6-dev-1293 | 2011-09-22 19:44:37 -0700
+
+  * Smaller script tweaks. (Seth Hall)
+
+  * Duplicate notice suppression. (Seth Hall)
+
+    - Duplicate notices are discovered with the new Notice::Info
+      field $identifier.  It's a string that is left up to the
+      notice implementor to define which would indicate a
+      fundamentally duplicate notice.  The field is optional and
+      if it's not included it's not possible for notice
+      suppression to take place.
+
+    - Duplicate notices are suppressed by default for the interval
+      defined by the Notice::default_suppression_interval variable
+      (1 hour by default).
+
+    - A new notice action was defined ACTION_NO_SUPPRESS to prevent
+      suppression for a specific notice instance.  A convenience set
+      named not_suppressed_types was also created to not suppress
+      entire notice types.
+
+    - A new field was added to the PolicyItem type to modify the length
+      of time a notice should be suppressed if the predicate matches.
+      The field is named $suppress_for.  This name makes the code more
+      readable like this: $suppress_for = 1day
+
+    - New events were created to give visibility into the notice
+      framework's suppression activity.
+      - event Notice::begin_suppression(n: Notice::Info)
+      - event Notice::suppressed(n: Notice::Info)
+      - event Notice::end_suppression(n: Notice::Info)
+
+    - The suppression.bro script doesn't have a baseline because
+      it is causing a segfault in Bro.  This one test is the
+      reason that this is being integrated into a branch instead
+      of master. (Seth Hall)
+
+  * Fix crash on exit. Addresses #607. (Jon Siwek)
+
+  * Fix PktSrc setting next_timestamp even when no packet available.
+    (Jon Siwek)
+
+  * Fix lack of NUL-termination in to_upper/to_lower BIF's return val.
+    (Jon Siwek)
+
+  * Fixing unit tests and some minor bugs. (Jon Siwek)
+
+  * Fix broctl cluster log rotation. Addresses #619. (Jon Siwek)
+
+  * Added session ID to the SSL logging. (Seth Hall)
+
+  * Adding "install-aux" target + updating bro-aux submodule. (Jon
+    Siwek)
+
+  * Cleaning up INSTALL and README. (Jon Siwek)
+
+  * Remove $Id$ tags. (Jon Siwek)
+
+  * Remove policy.old directory. Addresses #511. (Jon Siwek)
+
+  * Small rework with ssl base script to reduce memory usage. (Seth
+    Hall)
+
+  * Updated the mozilla root certs. (Seth Hall)
+
 1.6-dev-1261 | 2011-09-15 17:13:55 -0700

  * Memory leak fixes. Addresses #574 (Jon Siwek)
--- a/2
+++ b/2
@ -1 +1 @@
-1.6-dev-1261
+1.6-dev-1293
--- a/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.metrics.cluster-intermediate-update/manager-1.notice.log
@ -1,5 +1,5 @@
 #separator \x09
 #path	notice
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude	metric_index.host	metric_index.str	metric_index.network
-#types	time	string	addr	port	addr	port	enum	string	string	addr	addr	port	count	string	table	table	bool	string	string	string	double	double	addr	string	subnet
-1315167088.906913	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=1.2.3.4) 100/100	-	1.2.3.4	-	-	100	manager-1	Notice::ACTION_LOG	4	-	-	-	-	-	-	1.2.3.4	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	note	msg	sub	src	dst	p	n	peer_descr	actions	policy_items	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude	metric_index.host	metric_index.str	metric_index.network
+#types	time	string	addr	port	addr	port	enum	string	string	addr	addr	port	count	string	table	table	interval	bool	string	string	string	double	double	addr	string	subnet
+1316745737.870305	-	-	-	-	-	Test_Notice	Threshold crossed by metric_index(host=1.2.3.4) 100/100	-	1.2.3.4	-	-	100	manager-1	Notice::ACTION_LOG	5	3600.000000	-	-	-	-	-	-	1.2.3.4	-	-
--- a/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log
@ -32,6 +32,10 @@
 2	scripts/base/frameworks/notice/./actions/page.bro
 2	scripts/base/frameworks/notice/./actions/add-geodata.bro
 2	scripts/base/frameworks/notice/./extend-email/hostnames.bro
+2	scripts/base/frameworks/cluster/__load__.bro
+3	scripts/base/frameworks/cluster/./main.bro
+4	scripts/base/frameworks/control/__load__.bro
+5	scripts/base/frameworks/control/./main.bro
 1	scripts/base/frameworks/dpd/__load__.bro
 2	scripts/base/frameworks/dpd/./main.bro
 1	scripts/base/frameworks/signatures/__load__.bro
@ -43,10 +47,6 @@
 2	scripts/base/frameworks/software/./main.bro
 1	scripts/base/frameworks/communication/__load__.bro
 2	scripts/base/frameworks/communication/./main.bro
-1	scripts/base/frameworks/control/__load__.bro
-2	scripts/base/frameworks/control/./main.bro
-1	scripts/base/frameworks/cluster/__load__.bro
-2	scripts/base/frameworks/cluster/./main.bro
 1	scripts/base/frameworks/metrics/__load__.bro
 2	scripts/base/frameworks/metrics/./main.bro
 2	scripts/base/frameworks/metrics/./non-cluster.bro