diff --git a/NEWS b/NEWS index b95387091a..731e1bb1d6 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,6 @@ their own ``CHANGES``.) Bro 2.3 ======= -[In progress] - Dependencies ------------ @@ -31,23 +29,43 @@ New Functionality and "file-mime" gives the MIME type string of content that matches the magic and an optional strength value for the match. (See also "Changed Functionality" below for changes due to switching from - using libmagic to such wsignatures.) + using libmagic to such signatures.) - A new built-in function, "file_magic", can be used to get all file magic matches and their corresponding strength against a given chunk of data. -- The SSL analyzer now has support heartbeats as well as for a few +- The SSL analyzer now supports heartbeats as well as a few extensions, including server_name, alpn, and ec-curves. - The SSL analyzer comes with Heartbleed detector script in - protocols/ssl/heartbleed.bro. + protocols/ssl/heartbleed.bro. Note that loading this script changes + the default value of "SSL::disable_analyzer_after_detection" from true + to false to prevent encrypted heartbeats from being ignored. - The X509 analyzer can now perform OSCP validation. -- Bro now analyzers for SNMP and Radius, which produce corresponding +- Bro now has analyzers for SNMP and Radius, which produce corresponding snmp.log and radius.log output (as well as various events of course). +- BroControl has a new option "BroPort" which allows a user to specify + the starting port number for Bro. + +- BroControl has a new option "StatsLogExpireInterval" which allows a + user to specify when entries in the stats.log file expire. + +- BroControl has a new option "PFRINGClusterType" which allows a user + to specify a PF_RING cluster type. + +- BroControl now supports PF_RING+DNA. There is also a new option + "PFRINGFirstAppInstance" that allows a user to specify the starting + application instance number for processes running on a DNA cluster. + See the BroControl documentation for more details. + +- BroControl now warns a user to run "broctl install" if Bro has + been upgraded or if the broctl or node configuration has changed + since the most recent install. + Changed Functionality --------------------- @@ -71,16 +89,14 @@ Changed Functionality reporting missing data. Instead, if Bro never sees any data segments for analyzed TCP connections, the new base/misc/find-filtered-trace.bro script will log a warning in - reporter.log and to stderr. - - The old behavior can be reverted by redef'ing - "detect_filtered_trace". + reporter.log and to stderr. The old behavior can be reverted by + redef'ing "detect_filtered_trace". - We have removed the packet sorter component. - Bro no longer uses libmagic to identify file types but instead now comes with its own signature library (which initially is still - derived from libmagic;s database). This leads to a number of further + derived from libmagic's database). This leads to a number of further changes with regards to MIME types: * The second parameter of the "identify_data" built-in function @@ -95,7 +111,7 @@ Changed Functionality in Bro as magic databases are no longer used/installed. * Removed "binary" and "octet-stream" mime type detections. They - don' provide any more information than an uninitialized + don't provide any more information than an uninitialized mime_type field. * The "fa_file" record now contains a "mime_types" field that @@ -106,6 +122,16 @@ Changed Functionality - dns_TXT_reply() now supports more than one string entry by receiving a vector of strings. +- BroControl now runs the "exec" and "df" broctl commands only once + per host, instead of once per Bro node. The output of these + commands has been changed slightly to include both the host and + node names. + +- Several performance improvements were made. Particular emphasis + was put on the File Analysis system, which generally will now emit + far fewer file handle request events due to protocol analyzers now + caching that information internally. + Bro 2.2 ======= diff --git a/aux/broctl b/aux/broctl index 73f4307742..7e5cf52a9e 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 73f4307742bb8841017ee1b4eb5927674bc5f792 +Subproject commit 7e5cf52a9ef98c7e4d9f0225b082b518f871f728