From adfe3a0754d936de1dbe702848b5bf36fe8c19ed Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Mon, 10 Feb 2014 23:56:23 -0800
Subject: [PATCH 1/3] add channel_id tls extension number.

This number is not IANA defined, but we see it being
actively used.
---
 scripts/base/protocols/ssl/consts.bro | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro
index 55289a7419..b81aebfbbb 100644
--- a/scripts/base/protocols/ssl/consts.bro
+++ b/scripts/base/protocols/ssl/consts.bro
@@ -86,6 +86,7 @@ export {
 		[13172] = "next_protocol_negotiation",
 		[13175] = "origin_bound_certificates",
 		[13180] = "encrypted_client_certificates",
+		[30031] = "channel_id",
 		[65281] = "renegotiation_info"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };
 	

From 6563b544d8b5e532006682acc3313c5989ce0fe5 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@illinois.edu>
Date: Wed, 12 Feb 2014 17:00:12 -0600
Subject: [PATCH 2/3] Fix memory leak in modbus analyzer.

Would happen if there's a 'modbus_read_fifo_queue_response'
event handler.
---
 .../protocol/modbus/modbus-analyzer.pac       | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac
index a9c773b9e9..c2d009c961 100644
--- a/src/analyzer/protocol/modbus/modbus-analyzer.pac
+++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac
@@ -10,6 +10,7 @@
 %header{
 	VectorVal* bytestring_to_coils(bytestring coils, uint quantity);
 	RecordVal* HeaderToBro(ModbusTCP_TransportHeader *header);
+	VectorVal* create_vector_of_count();
 	%}
 
 %code{
@@ -30,6 +31,14 @@
 		return modbus_header;
 		}
 
+	VectorVal* create_vector_of_count()
+		{
+		VectorType* vt = new VectorType(base_type(TYPE_COUNT));
+		VectorVal* vv = new VectorVal(vt);
+		Unref(vt);
+		return vv;
+		}
+
 	%}
 
 refine flow ModbusTCP_Flow += {
@@ -367,7 +376,7 @@ refine flow ModbusTCP_Flow += {
 		if ( ::modbus_read_file_record_request )
 			{
 			//TODO: this need to be a vector of some Reference Request record type
-			//VectorVal *t = new VectorVal(new VectorType(base_type(TYPE_COUNT)));
+			//VectorVal *t = create_vector_of_count();
 			//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
 			//	{
 			//	Val* r = new Val((${message.references[i].ref_type}), TYPE_COUNT);
@@ -393,7 +402,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_file_record_response )
 			{
-			//VectorVal *t = new VectorVal(new VectorType(base_type(TYPE_COUNT)));
+			//VectorVal *t = create_vector_of_count();
 			//for ( unsigned int i = 0; i < ${message.references}->size(); ++i )
 			//	{
 			//	//TODO: work the reference type in here somewhere
@@ -414,7 +423,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_file_record_request )
 			{
-			//VectorVal* t = new VectorVal(new VectorType(base_type(TYPE_COUNT)));
+			//VectorVal* t = create_vector_of_count();
 			//for ( unsigned int i = 0; i < (${message.references}->size()); ++i )
 			//	{
 			//	Val* r = new Val((${message.references[i].ref_type}), TYPE_COUNT);
@@ -447,7 +456,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_file_record_response )
 			{
-			//VectorVal* t = new VectorVal(new VectorType(base_type(TYPE_COUNT)));
+			//VectorVal* t = create_vector_of_count();
 			//for ( unsigned int i = 0; i < (${messages.references}->size()); ++i )
 			//	{
 			//	Val* r = new Val((${message.references[i].ref_type}), TYPE_COUNT);
@@ -589,7 +598,7 @@ refine flow ModbusTCP_Flow += {
 
 		if ( ::modbus_read_fifo_queue_response )
 			{
-			VectorVal* t = new VectorVal(new VectorType(base_type(TYPE_COUNT)));
+			VectorVal* t = create_vector_of_count();
 			for ( unsigned int i = 0; i < (${message.register_data})->size(); ++i )
 				{
 				Val* r = new Val(${message.register_data[i]}, TYPE_COUNT);

From e844727e7339a95054e05cdf8634d6fd47044e74 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@illinois.edu>
Date: Wed, 12 Feb 2014 17:03:51 -0600
Subject: [PATCH 3/3] Increase timeouts of some unit tests.

---
 testing/btest/core/leaks/basic-cluster.bro          | 2 +-
 testing/btest/core/leaks/dataseries.bro             | 2 +-
 testing/btest/core/leaks/file-analysis-http-get.bro | 2 +-
 testing/btest/core/leaks/hll_cluster.bro            | 2 +-
 testing/btest/core/leaks/input-reread.bro           | 2 +-
 testing/btest/core/leaks/test-all.bro               | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/testing/btest/core/leaks/basic-cluster.bro b/testing/btest/core/leaks/basic-cluster.bro
index 2c13c2315c..2d93469850 100644
--- a/testing/btest/core/leaks/basic-cluster.bro
+++ b/testing/btest/core/leaks/basic-cluster.bro
@@ -9,7 +9,7 @@
 # @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 25
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
diff --git a/testing/btest/core/leaks/dataseries.bro b/testing/btest/core/leaks/dataseries.bro
index 61c9c030e9..fcb5782f4e 100644
--- a/testing/btest/core/leaks/dataseries.bro
+++ b/testing/btest/core/leaks/dataseries.bro
@@ -8,4 +8,4 @@
 #
 # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 25
diff --git a/testing/btest/core/leaks/file-analysis-http-get.bro b/testing/btest/core/leaks/file-analysis-http-get.bro
index 8256f3e6da..aa4708305e 100644
--- a/testing/btest/core/leaks/file-analysis-http-get.bro
+++ b/testing/btest/core/leaks/file-analysis-http-get.bro
@@ -5,7 +5,7 @@
 # @TEST-GROUP: leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 25
 
 redef test_file_analysis_source = "HTTP";
 
diff --git a/testing/btest/core/leaks/hll_cluster.bro b/testing/btest/core/leaks/hll_cluster.bro
index a6f704a677..a843452e00 100644
--- a/testing/btest/core/leaks/hll_cluster.bro
+++ b/testing/btest/core/leaks/hll_cluster.bro
@@ -10,7 +10,7 @@
 # @TEST-EXEC: sleep 2
 # @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro runnumber=1 %INPUT
 # @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro runnumber=2 %INPUT
-# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-bg-wait 25
 #
 # @TEST-EXEC: btest-diff manager-1/.stdout
 # @TEST-EXEC: btest-diff worker-1/.stdout
diff --git a/testing/btest/core/leaks/input-reread.bro b/testing/btest/core/leaks/input-reread.bro
index fa37f04ede..c6ff5361be 100644
--- a/testing/btest/core/leaks/input-reread.bro
+++ b/testing/btest/core/leaks/input-reread.bro
@@ -14,7 +14,7 @@
 # @TEST-EXEC: cp input4.log input.log
 # @TEST-EXEC: sleep 5
 # @TEST-EXEC: cp input5.log input.log
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 30
 
 @TEST-START-FILE input1.log
 #separator \x09
diff --git a/testing/btest/core/leaks/test-all.bro b/testing/btest/core/leaks/test-all.bro
index acba16bd6d..7cdccb202a 100644
--- a/testing/btest/core/leaks/test-all.bro
+++ b/testing/btest/core/leaks/test-all.bro
@@ -5,4 +5,4 @@
 # @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
 #
 # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy
-# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-bg-wait 25