diff --git a/CHANGES b/CHANGES index 1f2df6ff0d..8bbd14fde9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,17 @@ +2.0-150 | 2012-03-13 16:16:22 -0700 + + * Changing the regular expression to allow Site::local_nets in + signatures. (Julien Sentier) + + * Removing a line of dead code. Found by . Closes #786. (Julien + Sentier) + +2.0-146 | 2012-03-13 15:39:38 -0700 + + * Change IPv6 literal constant syntax to require encasing square + brackets. (Jon Siwek) + 2.0-145 | 2012-03-09 15:10:35 -0800 * Remove the match expression. 'match' and 'using' are no longer diff --git a/NEWS b/NEWS index 15b834b040..75f9e4822b 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,9 @@ Bro 2.1 the default scripts, nor was it likely to be used by anybody anytime soon. With that, "match" and "using" are no longer reserved keywords. +- The syntax for IPv6 literals changed from "2607:f8b0:4009:802::1012" + to "[2607:f8b0:4009:802::1012]". + TODO: Extend. Bro 2.0 diff --git a/VERSION b/VERSION index c4c99acc07..aeb2df7379 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-145 +2.0-150 diff --git a/aux/broccoli b/aux/broccoli index ca13601450..a08ca90727 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit ca13601450803b48d70122609764e51252a0d86e +Subproject commit a08ca90727c5c4b90aa8633106ec33a5cf7378d4 diff --git a/aux/btest b/aux/btest index ee87db37b5..9c9fde204d 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit ee87db37b520b88a55323a9767234c30b801e439 +Subproject commit 9c9fde204dd5518bdfdb8b4a86d38ed06e597209 diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index db9e030c33..e6c0131337 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -275,7 +275,7 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior { c$ftp$passive=T; - if ( code == 229 && data$h == :: ) + if ( code == 229 && data$h == [::] ) data$h = id$resp_h; ftp_data_expected[data$h, data$p] = c$ftp; diff --git a/src/SMTP.cc b/src/SMTP.cc index 0a6e217e3e..85a3bc79dc 100644 --- a/src/SMTP.cc +++ b/src/SMTP.cc @@ -352,7 +352,6 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) const char* ext; int ext_len; - line = skip_whitespace(line + ext_len, end_of_line); get_word(end_of_line - line, line, ext_len, ext); ProcessExtension(ext_len, ext); } diff --git a/src/rule-scan.l b/src/rule-scan.l index 1ba9bed1de..781c477ff2 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -18,7 +18,7 @@ WS [ \t]+ D [0-9]+ H [0-9a-fA-F]+ STRING \"([^\n\"]|\\\")*\" -ID [0-9a-zA-Z_-]+ +ID ([0-9a-zA-Z_-]+::)*[0-9a-zA-Z_-]+ RE \/(\\\/)?([^/]|[^\\]\\\/)*\/ META \.[^ \t]+{WS}[^\n]+ PID ([0-9a-zA-Z_-]|"::")+ diff --git a/src/scan.l b/src/scan.l index 5bb97e4314..ca7a01574c 100644 --- a/src/scan.l +++ b/src/scan.l @@ -228,6 +228,24 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) ++yylloc.last_line; } + /* IPv6 literal constant patterns */ +"["({HEX}:){7}{HEX}"]" { + string s(yytext+1); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} +"["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]" { + string s(yytext+3); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} +"["({HEX}|:)*"::"({HEX}|:)*"]" { + string s(yytext+1); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} +"["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]" { + string s(yytext+1); + RET_CONST(new AddrVal(s.erase(s.size()-1))) +} + [!%*/+\-,:;<=>?()\[\]{}~$|] return yytext[0]; "--" return TOK_DECR; @@ -448,11 +466,6 @@ F RET_CONST(new Val(false, TYPE_BOOL)) ({D}"."){3}{D} RET_CONST(new AddrVal(yytext)) -({HEX}:){7}{HEX} RET_CONST(new AddrVal(yytext)) - -0x{HEX}({HEX}|:)*"::"({HEX}|:)* RET_CONST(new AddrVal(yytext+2)) -(({D}|:)({HEX}|:)*)?"::"({HEX}|:)* RET_CONST(new AddrVal(yytext)) - "0x"{HEX}+ RET_CONST(new Val(static_cast(strtol(yytext, 0, 16)), TYPE_COUNT)) {H}("."{H})+ RET_CONST(dns_mgr->LookupHost(yytext)) diff --git a/testing/btest/Baseline/language.ipv6-literals/output b/testing/btest/Baseline/language.ipv6-literals/output new file mode 100644 index 0000000000..f2b9a985f0 --- /dev/null +++ b/testing/btest/Baseline/language.ipv6-literals/output @@ -0,0 +1,22 @@ +::1 +::ffff +::255.255.255.255 +::10.10.255.255 +1::1 +1::a +1::1:1 +1::1:a +a::a +a::1 +a::a:a +a::a:1 +a:a::a +aaaa::ffff +192.168.1.100 +ffff::c0a8:164 +::192.168.1.100 +805b:2d9d:dc28::fc57:d4c8:1fff +aaaa::bbbb +aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222 +aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222 +aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222 diff --git a/testing/btest/bifs/addr_count_conversion.bro b/testing/btest/bifs/addr_count_conversion.bro index 2559d39f27..360994a8e5 100644 --- a/testing/btest/bifs/addr_count_conversion.bro +++ b/testing/btest/bifs/addr_count_conversion.bro @@ -3,7 +3,7 @@ global v: index_vec; -v = addr_to_counts(2001:0db8:85a3:0000:0000:8a2e:0370:7334); +v = addr_to_counts([2001:0db8:85a3:0000:0000:8a2e:0370:7334]); print v; print counts_to_addr(v); v = addr_to_counts(1.2.3.4); diff --git a/testing/btest/bifs/addr_to_ptr_name.bro b/testing/btest/bifs/addr_to_ptr_name.bro index c9b3fb9e16..b9c831d061 100644 --- a/testing/btest/bifs/addr_to_ptr_name.bro +++ b/testing/btest/bifs/addr_to_ptr_name.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro %INPUT >output # @TEST-EXEC: btest-diff output -print addr_to_ptr_name(2607:f8b0:4009:802::1012); +print addr_to_ptr_name([2607:f8b0:4009:802::1012]); print addr_to_ptr_name(74.125.225.52); diff --git a/testing/btest/bifs/addr_version.bro b/testing/btest/bifs/addr_version.bro index 8d496a9294..3e0123ef42 100644 --- a/testing/btest/bifs/addr_version.bro +++ b/testing/btest/bifs/addr_version.bro @@ -2,6 +2,6 @@ # @TEST-EXEC: btest-diff out print is_v4_addr(1.2.3.4); -print is_v4_addr(::1); +print is_v4_addr([::1]); print is_v6_addr(1.2.3.4); -print is_v6_addr(::1); +print is_v6_addr([::1]); diff --git a/testing/btest/bifs/to_addr.bro b/testing/btest/bifs/to_addr.bro index 3b79648b00..3a43438bb7 100644 --- a/testing/btest/bifs/to_addr.bro +++ b/testing/btest/bifs/to_addr.bro @@ -17,4 +17,4 @@ test_to_addr("10.20.30.40", 10.20.30.40); test_to_addr("100.200.30.40", 100.200.30.40); test_to_addr("10.0.0.0", 10.0.0.0); test_to_addr("10.00.00.000", 10.0.0.0); -test_to_addr("not an IP", ::); +test_to_addr("not an IP", [::]); diff --git a/testing/btest/bifs/to_subnet.bro b/testing/btest/bifs/to_subnet.bro index 6b1eb54946..59064893e1 100644 --- a/testing/btest/bifs/to_subnet.bro +++ b/testing/btest/bifs/to_subnet.bro @@ -6,6 +6,6 @@ global sn: subnet; sn = to_subnet("10.0.0.0/8"); print sn, sn == 10.0.0.0/8; sn = to_subnet("2607:f8b0::/32"); -print sn, sn == 2607:f8b0::/32; +print sn, sn == [2607:f8b0::]/32; sn = to_subnet("10.0.0.0"); -print sn, sn == ::/0; +print sn, sn == [::]/0; diff --git a/testing/btest/language/ipv6-literals.bro b/testing/btest/language/ipv6-literals.bro new file mode 100644 index 0000000000..6f1f9d59fb --- /dev/null +++ b/testing/btest/language/ipv6-literals.bro @@ -0,0 +1,30 @@ +# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: btest-diff output + +local v: vector of addr = vector(); + +v[|v|] = [::1]; +v[|v|] = [::ffff]; +v[|v|] = [::ffff:ffff]; +v[|v|] = [::0a0a:ffff]; +v[|v|] = [1::1]; +v[|v|] = [1::a]; +v[|v|] = [1::1:1]; +v[|v|] = [1::1:a]; +v[|v|] = [a::a]; +v[|v|] = [a::1]; +v[|v|] = [a::a:a]; +v[|v|] = [a::a:1]; +v[|v|] = [a:a::a]; +v[|v|] = [aaaa:0::ffff]; +v[|v|] = [::ffff:192.168.1.100]; +v[|v|] = [ffff::192.168.1.100]; +v[|v|] = [::192.168.1.100]; +v[|v|] = [805B:2D9D:DC28::FC57:212.200.31.255]; +v[|v|] = [0xaaaa::bbbb]; +v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222]; +v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222]; +v[|v|] = [aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222]; + +for (i in v) + print v[i]; diff --git a/testing/btest/language/sizeof.bro b/testing/btest/language/sizeof.bro index 860c9487ff..99d7b51ce8 100644 --- a/testing/btest/language/sizeof.bro +++ b/testing/btest/language/sizeof.bro @@ -20,7 +20,7 @@ type example_record: record { }; global a: addr = 1.2.3.4; -global a6: addr = ::1; +global a6: addr = [::1]; global b: bool = T; global c: count = 10; global d: double = -1.23;