Merge remote-tracking branch 'origin/topic/johanna/xmpp-starttls'

* origin/topic/johanna/xmpp-starttls:
  XMPP: Add StartTLS event and update tests
  Add xmpp dpd sig and fix a few parsing problems for connections that do not upgrade to TLS.
  Add simple XMPP StartTLS analyzer.

BIT-1579 #merged

scripts/base/init-default.bro

@@ -65,6 +65,7 @@
 @load base/protocols/ssl
 @load base/protocols/syslog
 @load base/protocols/tunnels
+@load base/protocols/xmpp
 
 @load base/files/pe
 @load base/files/hash

scripts/base/protocols/xmpp/README

@@ -0,0 +1,5 @@
+Support for the Extensible Messaging and Presence Protocol (XMPP).
+
+Note that currently the XMPP analyzer only supports analyzing XMPP sessions
+until they do or do not switch to TLS using StartTLS. Hence, we do not get
+actual chat information from XMPP sessions, only X509 certificates.

scripts/base/protocols/xmpp/__load__.bro

@@ -0,0 +1,3 @@
+@load ./main
+
+@load-sigs ./dpd.sig

scripts/base/protocols/xmpp/dpd.sig

@@ -0,0 +1,5 @@
+signature dpd_xmpp {
+	ip-proto == tcp
+	payload /^(<\?xml[^?>]*\?>)?[\n\r ]*<stream:stream [^>]*xmlns='jabber:/
+	enable "xmpp"
+}

scripts/base/protocols/xmpp/main.bro

@@ -0,0 +1,11 @@
+
+module XMPP;
+
+const ports = { 5222/tcp, 5269/tcp };
+redef likely_server_ports += { ports };
+
+event bro_init() &priority=5
+	{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, ports);
+	}
+