From df6001533385b04548e34efe0ddc2255ec2e4204 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@illinois.edu>
Date: Fri, 20 Mar 2015 11:08:31 -0500
Subject: [PATCH] Remove "unmatched_HTTP_reply" weird.

BIT-725 #close
---
 CHANGES                                       |  4 +++
 NEWS                                          |  4 +++
 VERSION                                       |  2 +-
 src/analyzer/protocol/http/HTTP.cc            |  4 +--
 .../weird.log                                 | 27 ++-----------------
 5 files changed, 12 insertions(+), 29 deletions(-)

diff --git a/CHANGES b/CHANGES
index 52d2d52541..00e6a35c63 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.3-564 | 2015-03-20 11:12:02 -0500
+
+  * BIT-725: Remove "unmatched_HTTP_reply" weird. (Jon Siwek)
+
 2.3-562 | 2015-03-20 10:31:02 -0500
 
   * BIT-1207: Add unit test to catch breaking changes to local.bro
diff --git a/NEWS b/NEWS
index 4d1539b33c..17c167ba39 100644
--- a/NEWS
+++ b/NEWS
@@ -102,6 +102,10 @@ Changed Functionality
 
 - [TODO] Add changed BroControl features.
 
+- The weird named "unmatched_HTTP_reply" has been removed since it can
+  be detected at the script-layer and is handled correctly by the
+  default HTTP scripts.
+
 Deprecated Functionality
 ------------------------
 
diff --git a/VERSION b/VERSION
index 94e71b7279..db48ace9dc 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3-562
+2.3-564
diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc
index 924c958e43..c8d62aa379 100644
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@@ -985,9 +985,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 				{
 				++num_replies;
 
-				if ( unanswered_requests.empty() )
-					Weird("unmatched_HTTP_reply");
-				else
+				if ( ! unanswered_requests.empty() )
 					ProtocolConfirmation();
 
 				reply_state = EXPECT_REPLY_MESSAGE;
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
index 9b9ba53885..1721f8f79f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
@@ -3,56 +3,33 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2013-08-26-19-04-10
+#open	2015-03-20-16-03-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1354328874.278822	CCvvfg3TEfuqmmG4bh	128.2.6.136	46564	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328874.299063	CCvvfg3TEfuqmmG4bh	128.2.6.136	46564	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328874.321792	CsRx2w45OKnoww6xl4	128.2.6.136	46565	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328874.342591	CsRx2w45OKnoww6xl4	128.2.6.136	46565	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328882.908690	CIPOse170MGiRM1Qf4	128.2.6.136	46569	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328882.928027	CIPOse170MGiRM1Qf4	128.2.6.136	46569	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328882.949510	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328882.968948	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328887.094494	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328887.114613	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.141058	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.161077	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.183942	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.204740	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.226199	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.245592	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.267625	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.287655	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328891.309065	CwSkQu4eWZCH7OONC1	128.2.6.136	46577	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328895.355012	CfTOmO0HKorjr8Zp7	128.2.6.136	46578	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328895.396634	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328895.416133	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328895.438812	CyAhVIzHqb7t7kv28	128.2.6.136	46580	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328895.459490	CyAhVIzHqb7t7kv28	128.2.6.136	46580	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328895.480865	Cab0vO1xNYSS2hJkle	128.2.6.136	46581	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328903.614145	CkDsfG2YIeWJmXWNWj	128.2.6.136	46584	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328903.634196	CkDsfG2YIeWJmXWNWj	128.2.6.136	46584	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328903.656369	CUKS0W3HFYOnBqSE5e	128.2.6.136	46585	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328903.676395	CUKS0W3HFYOnBqSE5e	128.2.6.136	46585	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328911.832856	CojBOU3CXcLHl1r6x1	128.2.6.136	46589	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328911.853464	CojBOU3CXcLHl1r6x1	128.2.6.136	46589	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328911.876341	CJzVQRGJrX6V15ik7	128.2.6.136	46590	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328911.897044	CJzVQRGJrX6V15ik7	128.2.6.136	46590	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328920.052085	CBQnJn22qN8TOeeZil	128.2.6.136	46594	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328920.072101	CBQnJn22qN8TOeeZil	128.2.6.136	46594	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328920.094072	CbEsuD3dgDDngdlbKf	128.2.6.136	46595	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328920.114526	CbEsuD3dgDDngdlbKf	128.2.6.136	46595	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.266693	Cnkr172qPtDAaK7Xd	128.2.6.136	46599	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.287402	Cnkr172qPtDAaK7Xd	128.2.6.136	46599	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.308714	CcxZj6188NwHGl3a16	128.2.6.136	46600	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.328257	CcxZj6188NwHGl3a16	128.2.6.136	46600	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.476011	COTmF91mGWcb4zV7W5	128.2.6.136	46604	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.496732	COTmF91mGWcb4zV7W5	128.2.6.136	46604	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328924.518204	CuChlg202P8sUFuXrg	128.2.6.136	46605	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328924.537671	CuChlg202P8sUFuXrg	128.2.6.136	46605	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328932.734579	CY93mM3aViMiLKuSw3	128.2.6.136	46609	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328932.754657	CY93mM3aViMiLKuSw3	128.2.6.136	46609	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
 1354328932.776609	CXgISq6dA2DVPzqp9	128.2.6.136	46610	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328932.796568	CXgISq6dA2DVPzqp9	128.2.6.136	46610	173.194.75.103	80	unmatched_HTTP_reply	-	F	bro
-#close	2013-08-26-19-04-10
+#close	2015-03-20-16-03-02