Merge remote-tracking branch 'origin/master' into topic/seth/smb

# Conflicts: # testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log # testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log # testing/btest/Baseline/plugins.hooks/output # testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log # testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
2025-10-04 23:58:20 +00:00 · 2016-07-30 01:58:23 -04:00 · 2016-07-30 01:58:23 -04:00 · da7ec8064b
commit da7ec8064b
parent fee3af419b 4ad5d9073a
416 changed files with 27341 additions and 26258 deletions
--- a/scripts/base/frameworks/input/main.bro
+++ b/scripts/base/frameworks/input/main.bro
@ -103,6 +103,17 @@ export {
 		## it is skipped.
 		pred: function(typ: Input::Event, left: any, right: any): bool &optional;

+		## Error event that is raised when an information, warning or error
+		## is raised by the input stream. If the level is error, the stream will automatically
+		## be closed.
+		## The event receives the Input::TableDescription as the first argument, the
+		## message as the second argument and the Reporter::Level as the third argument.
+		##
+		## The event is raised like if it had been declared as follows:
+		## error_ev: function(desc: TableDescription, message: string, level: Reporter::Level) &optional;
+		## The actual declaration uses the ``any`` type because of deficiencies of the Bro type system.
+		error_ev: any &optional;
+
 		## A key/value table that will be passed to the reader.
 		## Interpretation of the values is left to the reader, but
 		## usually they will be used for configuration purposes.
@ -146,6 +157,17 @@ export {
 		## all fields, or each field value as a separate argument).
 		ev: any;

+		## Error event that is raised when an information, warning or error
+		## is raised by the input stream. If the level is error, the stream will automatically
+		## be closed.
+		## The event receives the Input::EventDescription as the first argument, the
+		## message as the second argument and the Reporter::Level as the third argument.
+		##
+		## The event is raised like it had been declared as follows:
+		## error_ev: function(desc: EventDescription, message: string, level: Reporter::Level) &optional;
+		## The actual declaration uses the ``any`` type because of deficiencies of the Bro type system.
+		error_ev: any &optional;
+
 		## A key/value table that will be passed to the reader.
 		## Interpretation of the values is left to the reader, but
 		## usually they will be used for configuration purposes.
--- a/scripts/base/frameworks/netcontrol/catch-and-release.bro
+++ b/scripts/base/frameworks/netcontrol/catch-and-release.bro
@ -125,6 +125,14 @@ export {
 	##          the inserted block.
 	global get_catch_release_info: function(a: addr) : BlockInfo;

+	## Event is raised when catch and release cases management of an IP address because no
+	## activity was seen within the watch_until period.
+	##
+	## a: The address that is no longer being managed.
+	##
+	## bi: The :bro:see:`NetControl::BlockInfo` record containing information about the block.
+	global catch_release_forgotten: event(a: addr, bi: BlockInfo);
+
 	## If true, catch_release_seen is called on the connection originator in new_connection,
 	## connection_established, partial_connection, connection_attempt, connection_rejected,
 	## connection_reset and connection_pending
@ -198,6 +206,8 @@ function per_block_interval(t: table[addr] of BlockInfo, idx: addr): interval
 		{
 		local log = populate_log_record(idx, t[idx], FORGOTTEN);
 		Log::write(CATCH_RELEASE, log);
+
+		event NetControl::catch_release_forgotten(idx, t[idx]);
 		}
@endif

--- a/scripts/base/frameworks/notice/actions/drop.bro
+++ b/scripts/base/frameworks/notice/actions/drop.bro
@ -19,7 +19,7 @@ export {
 	};
 }

-hook notice(n: Notice::Info)
+hook notice(n: Notice::Info) &priority=-5
 	{
 	if ( ACTION_DROP in n$actions )
 		{
--- a/scripts/base/frameworks/reporter/main.bro
+++ b/scripts/base/frameworks/reporter/main.bro
@ -17,22 +17,14 @@ export {
 	## The reporter logging stream identifier.
 	redef enum Log::ID += { LOG };

-	## An indicator of reporter message severity.
-	type Level: enum {
-		## Informational, not needing specific attention.
-		INFO,
-		## Warning of a potential problem.
-		WARNING,
-		## A non-fatal error that should be addressed, but doesn't
-		## terminate program execution.
-		ERROR
-	};
-
 	## The record type which contains the column fields of the reporter log.
 	type Info: record {
 		## The network time at which the reporter event was generated.
 		ts:       time   &log;
-		## The severity of the reporter message.
+		## The severity of the reporter message. Levels are INFO for informational
+		## messages, not needing specific attention; WARNING for warning of a potential
+		## problem, and ERROR for a non-fatal error that should be addressed, but doesn't
+		## terminate program execution.
 		level:    Level  &log;
 		## An info/warning/error message that could have either been
 		## generated from the internal Bro core or at the scripting-layer.