From c40a97156ab30db81061a2270c436759b18ec2fe Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Wed, 11 Sep 2013 12:39:23 -0700 Subject: [PATCH 001/287] make client and server random available on script-level. Patch by ewust Addresses BIT-950 --- scripts/base/protocols/ssl/main.bro | 4 ++-- src/analyzer/protocol/ssl/events.bif | 10 ++++++++-- src/analyzer/protocol/ssl/ssl-analyzer.pac | 18 +++++++++++------- src/analyzer/protocol/ssl/ssl-protocol.pac | 4 ++-- .../.stdout | 2 ++ .../base/protocols/ssl/tls-1.2-random.test | 12 ++++++++++++ 6 files changed, 37 insertions(+), 13 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout create mode 100644 testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 2381b356e4..898b6e9bbb 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -151,7 +151,7 @@ function finish(c: connection) disable_analyzer(c$id, c$ssl$analyzer_id); } -event ssl_client_hello(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set) &priority=5 +event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: count_set) &priority=5 { set_session(c); @@ -160,7 +160,7 @@ event ssl_client_hello(c: connection, version: count, possible_ts: time, session c$ssl$session_id = bytestring_to_hexstr(session_id); } -event ssl_server_hello(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count) &priority=5 +event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5 { set_session(c); diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 3d0c7e9d6a..56e5ef59c0 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -17,13 +17,16 @@ ## ## session_id: The session ID sent by the client (if any). ## +## client_random: The random value sent by the client. For version 2 connections, +## the client challenge is returned. +## ## ciphers: The list of ciphers the client offered to use. The values are ## standardized as part of the SSL/TLS protocol. The ## :bro:id:`SSL::cipher_desc` table maps them to descriptive names. ## ## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate x509_error x509_extension -event ssl_client_hello%(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set%); +event ssl_client_hello%(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: count_set%); ## Generated for an SSL/TLS server's initial *hello* message. SSL/TLS sessions ## start with an unencrypted handshake, and Bro extracts as much information out @@ -44,6 +47,9 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, sessio ## ## session_id: The session ID as sent back by the server (if any). ## +## server_random: The random value sent by the server. For version 2 connections, +## the connection-id is returned. +## ## cipher: The cipher chosen by the server. The values are standardized as part ## of the SSL/TLS protocol. The :bro:id:`SSL::cipher_desc` table maps ## them to descriptive names. @@ -53,7 +59,7 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, sessio ## ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension ## ssl_session_ticket_handshake x509_certificate x509_error x509_extension -event ssl_server_hello%(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count%); +event ssl_server_hello%(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count%); ## Generated for SSL/TLS extensions seen in an initial handshake. SSL/TLS ## sessions start with an unencrypted handshake, and Bro extracts as much diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index 3d9564eaab..4043d1ac89 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -152,6 +152,7 @@ refine connection SSL_Conn += { function proc_client_hello(rec: SSLRecord, version : uint16, ts : double, + client_random : bytestring, session_id : uint8[], cipher_suites16 : uint16[], cipher_suites24 : uint24[]) : bool @@ -176,7 +177,8 @@ refine connection SSL_Conn += { } BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(), - version, ts, + version, ts, new StringVal(client_random.length(), + (const char*) client_random.data()), to_string_val(session_id), cipher_set); @@ -188,6 +190,7 @@ refine connection SSL_Conn += { function proc_server_hello(rec: SSLRecord, version : uint16, ts : double, + server_random : bytestring, session_id : uint8[], cipher_suites16 : uint16[], cipher_suites24 : uint24[], @@ -209,7 +212,8 @@ refine connection SSL_Conn += { BifEvent::generate_ssl_server_hello(bro_analyzer(), bro_analyzer()->Conn(), - version, ts, + version, ts, new StringVal(server_random.length(), + (const char*) server_random.data()), to_string_val(session_id), ciphers->size()==0 ? 0 : ciphers->at(0), comp_method); @@ -419,27 +423,27 @@ refine typeattr ApplicationData += &let { refine typeattr ClientHello += &let { proc : bool = $context.connection.proc_client_hello(rec, client_version, - gmt_unix_time, + gmt_unix_time, random_bytes, session_id, csuits, 0) &requires(state_changed); }; refine typeattr V2ClientHello += &let { proc : bool = $context.connection.proc_client_hello(rec, client_version, 0, - session_id, 0, ciphers) + challenge, session_id, 0, ciphers) &requires(state_changed); }; refine typeattr ServerHello += &let { proc : bool = $context.connection.proc_server_hello(rec, server_version, - gmt_unix_time, session_id, cipher_suite, 0, + gmt_unix_time, random_bytes, session_id, cipher_suite, 0, compression_method) &requires(state_changed); }; refine typeattr V2ServerHello += &let { - proc : bool = $context.connection.proc_server_hello(rec, server_version, 0, 0, - 0, ciphers, 0) + proc : bool = $context.connection.proc_server_hello(rec, server_version, 0, + conn_id_data, 0, 0, ciphers, 0) &requires(state_changed); cert : bool = $context.connection.proc_v2_certificate(rec, cert_data) diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index b35d07f18b..adee974055 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -346,7 +346,7 @@ type HelloRequest(rec: SSLRecord) = empty &let { type ClientHello(rec: SSLRecord) = record { client_version : uint16; gmt_unix_time : uint32; - random_bytes : bytestring &length = 28 &transient; + random_bytes : bytestring &length = 28; session_len : uint8; session_id : uint8[session_len]; csuit_len : uint16 &check(csuit_len > 1 && csuit_len % 2 == 0); @@ -397,7 +397,7 @@ type V2ClientHello(rec: SSLRecord) = record { type ServerHello(rec: SSLRecord) = record { server_version : uint16; gmt_unix_time : uint32; - random_bytes : bytestring &length = 28 &transient; + random_bytes : bytestring &length = 28; session_len : uint8; session_id : uint8[session_len]; cipher_suite : uint16[1]; diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout new file mode 100644 index 0000000000..d71e0171ce --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-random/.stdout @@ -0,0 +1,2 @@ +8\xd0U@\xf1\xaamI\xb5SE^K\x82\xa4\xe0\x9eG\xf3\xdd\x1f\xeey\xa6[\xcc\xd7^D\x90 +\xa7^B\xf4'&^E]|c\x83KN\xb0^N6F\xbez\xbb^Ny\xbf^O\x85p\x83\x8dX diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test new file mode 100644 index 0000000000..acea4fa131 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test @@ -0,0 +1,12 @@ +# @TEST-EXEC: bro -r $TRACES/tls1.2.trace %INPUT +# @TEST-EXEC: btest-diff .stdout + +event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: count_set) + { + print client_random; + } + +event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) + { + print server_random; + } From 9834755948c92992b80e87058e2813a0a774fed0 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Wed, 11 Sep 2013 12:50:29 -0700 Subject: [PATCH 002/287] fix case where hll_error_margin could be undefined (thanks John) --- .../base/frameworks/sumstats/plugins/hll_unique.bro | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/base/frameworks/sumstats/plugins/hll_unique.bro b/scripts/base/frameworks/sumstats/plugins/hll_unique.bro index fe1bfbd476..63a12d3092 100644 --- a/scripts/base/frameworks/sumstats/plugins/hll_unique.bro +++ b/scripts/base/frameworks/sumstats/plugins/hll_unique.bro @@ -55,9 +55,18 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal) if ( ! (rv1?$card || rv2?$card) ) return; - local rhll = hll_cardinality_init(rv1$hll_error_margin, rv1$hll_confidence); + local rhll: opaque of cardinality; + if ( rv1?$card ) + { + rhll = hll_cardinality_init(rv1$hll_error_margin, rv1$hll_confidence); hll_cardinality_merge_into(rhll, rv1$card); + } + else # if we do not have rv1, we have to have rv2... + { + rhll = hll_cardinality_init(rv2$hll_error_margin, rv2$hll_confidence); + } + if ( rv2?$card ) hll_cardinality_merge_into(rhll, rv2$card); From 1d33883dfc28250363dcb8314898ae6f406719d3 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Fri, 13 Sep 2013 00:30:18 -0500 Subject: [PATCH 003/287] Fix compiler warnings --- src/input/readers/SQLite.cc | 2 +- src/probabilistic/BitVector.cc | 4 +++- src/probabilistic/Hasher.cc | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/input/readers/SQLite.cc b/src/input/readers/SQLite.cc index eec3698540..f97b2cea13 100644 --- a/src/input/readers/SQLite.cc +++ b/src/input/readers/SQLite.cc @@ -306,7 +306,7 @@ bool SQLite::DoUpdate() ofields[j] = EntryToVal(st, fields[j], mapping[j], submapping[j]); if ( ofields[j] == 0 ) { - for ( int k = 0; k < j; ++k ) + for ( unsigned int k = 0; k < j; ++k ) delete ofields[k]; delete [] ofields; diff --git a/src/probabilistic/BitVector.cc b/src/probabilistic/BitVector.cc index 257fc9ad71..79b403960e 100644 --- a/src/probabilistic/BitVector.cc +++ b/src/probabilistic/BitVector.cc @@ -495,6 +495,7 @@ BitVector::size_type BitVector::FindNext(size_type i) const uint64 BitVector::Hash() const { u_char buf[SHA256_DIGEST_LENGTH]; + uint64 digest; SHA256_CTX ctx; sha256_init(&ctx); @@ -502,7 +503,8 @@ uint64 BitVector::Hash() const sha256_update(&ctx, &bits[i], sizeof(bits[i])); sha256_final(&ctx, buf); - return *reinterpret_cast(buf); // Use the first bytes as digest. + memcpy(&digest, buf, sizeof(digest)); // Use the first bytes as digest + return digest; } BitVector::size_type BitVector::lowest_bit(block_type block) diff --git a/src/probabilistic/Hasher.cc b/src/probabilistic/Hasher.cc index b497dba9be..1f5f0910ba 100644 --- a/src/probabilistic/Hasher.cc +++ b/src/probabilistic/Hasher.cc @@ -13,6 +13,7 @@ using namespace probabilistic; uint64 Hasher::MakeSeed(const void* data, size_t size) { u_char buf[SHA256_DIGEST_LENGTH]; + uint64 tmpseed; SHA256_CTX ctx; sha256_init(&ctx); @@ -29,7 +30,8 @@ uint64 Hasher::MakeSeed(const void* data, size_t size) } sha256_final(&ctx, buf); - return *reinterpret_cast(buf); // Use the first bytes as seed. + memcpy(&tmpseed, buf, sizeof(tmpseed)); // Use the first bytes as seed. + return tmpseed; } Hasher::digest_vector Hasher::Hash(const HashKey* key) const From a99e873d5c3f7a86f604ef3ea6e83a6a546b8015 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Sep 2013 14:29:45 -0500 Subject: [PATCH 004/287] Fix double-free and deallocator mismatch. --- src/RemoteSerializer.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 543bfaee86..fa5a29386c 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -2753,7 +2753,7 @@ error: for ( int i = 0; i < delete_fields_up_to; ++i ) delete fields[i]; - delete fields; + delete [] fields; Error("write error for creating writer"); return false; } @@ -2798,7 +2798,7 @@ bool RemoteSerializer::ProcessLogWrite() for ( int j = 0; j <= i; ++j ) delete vals[j]; - delete vals; + delete [] vals; goto error; } } @@ -3167,6 +3167,7 @@ bool RemoteSerializer::SendToChild(ChunkedIO::Chunk* c) return true; delete [] c->data; + c->data = 0; if ( ! child_pid ) return false; From 5a992879a060dd247025051990a26d5900feb3a9 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Sep 2013 14:31:03 -0500 Subject: [PATCH 005/287] Fix potential mem leak. --- src/analyzer/protocol/dhcp/dhcp-analyzer.pac | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac index 0be31334c1..336c8dc760 100644 --- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac +++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac @@ -69,6 +69,7 @@ flow DHCP_Flow(is_orig: bool) { break; case HOST_NAME_OPTION: + Unref(host_name); host_name = new StringVal((*ptr)->info()->host_name().length(), (const char*) (*ptr)->info()->host_name().begin()); break; @@ -174,6 +175,7 @@ flow DHCP_Flow(is_orig: bool) { break; case HOST_NAME_OPTION: + Unref(host_name); host_name = new StringVal((*ptr)->info()->host_name().length(), (const char*) (*ptr)->info()->host_name().begin()); break; From 3d81432a1e90e46a436b8a1e98cdcb6f0d6a4e1b Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Sep 2013 15:05:17 -0500 Subject: [PATCH 006/287] Fix out-of-bounds memory accesses. And remove a variable-length-array usage. --- src/analyzer/protocol/pop3/POP3.cc | 6 ++++-- src/input/Manager.cc | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 652fd20e32..ccbbb8df04 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -80,7 +80,7 @@ void POP3_Analyzer::DeliverStream(int len, const u_char* data, bool orig) static string trim_whitespace(const char* in) { int n = strlen(in); - char out[n]; + char* out = new char[n + 1]; char* out_p = out; in = skip_whitespace(in); @@ -112,7 +112,9 @@ static string trim_whitespace(const char* in) *out_p = 0; - return string(out); + string rval(out); + delete [] out; + return rval; } void POP3_Analyzer::ProcessRequest(int length, const char* line) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 94c025a459..d838e8cb75 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -2045,7 +2045,7 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val) case IPv6: length = sizeof(val->val.addr_val.in.in6); memcpy(data + startpos, - (const char*) &(val->val.subnet_val.prefix.in.in4), length); + (const char*) &(val->val.subnet_val.prefix.in.in6), length); break; default: From 735d2c402af678f1fe65a918010d7c5124b5a5f3 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Sep 2013 16:41:41 -0500 Subject: [PATCH 007/287] Fix/improve dereference-before-null-checks. --- src/ChunkedIO.cc | 5 ++--- src/Desc.cc | 11 ----------- src/Desc.h | 2 -- src/RemoteSerializer.cc | 3 +-- src/Serializer.cc | 2 +- src/analyzer/protocol/pia/PIA.cc | 8 +++++--- src/input/readers/Raw.cc | 13 ++++++------- src/input/readers/SQLite.cc | 5 ++++- 8 files changed, 19 insertions(+), 30 deletions(-) diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index 2c766c7eb1..7e666ee198 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -1074,9 +1074,8 @@ bool ChunkedIOSSL::Read(Chunk** chunk, bool mayblock) read_state = LEN; #ifdef DEBUG - if ( *chunk ) - DBG_LOG(DBG_CHUNKEDIO, "ssl read of size %d [%s]", - (*chunk)->len, fmt_bytes((*chunk)->data, 20)); + DBG_LOG(DBG_CHUNKEDIO, "ssl read of size %d [%s]", + (*chunk)->len, fmt_bytes((*chunk)->data, 20)); #endif return true; diff --git a/src/Desc.cc b/src/Desc.cc index 9d94321427..40b6fcc3d1 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -23,11 +23,7 @@ ODesc::ODesc(desc_type t, BroFile* arg_f) size = DEFAULT_SIZE; base = safe_malloc(size); ((char*) base)[0] = '\0'; - offset = 0; - - if ( ! base ) - OutOfMemory(); } else { @@ -337,16 +333,9 @@ void ODesc::Grow(unsigned int n) { size *= 2; base = safe_realloc(base, size); - if ( ! base ) - OutOfMemory(); } } -void ODesc::OutOfMemory() - { - reporter->InternalError("out of memory"); - } - void ODesc::Clear() { offset = 0; diff --git a/src/Desc.h b/src/Desc.h index 9fa41381ed..c16c00cf13 100644 --- a/src/Desc.h +++ b/src/Desc.h @@ -149,8 +149,6 @@ protected: // Make buffer big enough for n bytes beyond bufp. void Grow(unsigned int n); - void OutOfMemory(); - /** * Returns the location of the first place in the bytes to be hex-escaped. * diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index fa5a29386c..bc006b4b1f 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -2925,8 +2925,7 @@ void RemoteSerializer::GotID(ID* id, Val* val) const char* desc = val->AsString()->CheckString(); current_peer->val->Assign(4, new StringVal(desc)); - Log(LogInfo, fmt("peer_description is %s", - (desc && *desc) ? desc : "not set"), + Log(LogInfo, fmt("peer_description is %s", *desc ? desc : "not set"), current_peer); Unref(id); diff --git a/src/Serializer.cc b/src/Serializer.cc index e6bf6429d7..f7544765fa 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -378,7 +378,7 @@ bool Serializer::UnserializeCall(UnserialInfo* info) ignore = true; } - if ( info->print && types && ! ignore ) + if ( info->print && ! ignore ) v->Describe(&d); } diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index cc1dd7ea0e..81c7251820 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -147,10 +147,12 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) return; analyzer::Analyzer* a = Parent()->AddChildAnalyzer(tag); - a->SetSignature(rule); - if ( a ) - ReplayPacketBuffer(a); + if ( ! a ) + return; + + a->SetSignature(rule); + ReplayPacketBuffer(a); } void PIA_UDP::DeactivateAnalyzer(analyzer::Tag tag) diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 2c2b319793..64c29d632c 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -291,6 +291,12 @@ bool Raw::CloseInput() bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields) { + if ( ! info.source || strlen(info.source) == 0 ) + { + Error("No source path provided"); + return false; + } + fname = info.source; mtime = 0; execute = false; @@ -298,7 +304,6 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie int want_fields = 1; bool result; - // do Initialization string source = string(info.source); char last = info.source[source.length() - 1]; if ( last == '|' ) @@ -307,12 +312,6 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie fname = source.substr(0, fname.length() - 1); } - if ( ! info.source || strlen(info.source) == 0 ) - { - Error("No source path provided"); - return false; - } - map::const_iterator it = info.config.find("stdin"); // data that is sent to the child process if ( it != info.config.end() ) { diff --git a/src/input/readers/SQLite.cc b/src/input/readers/SQLite.cc index eec3698540..345dfdc226 100644 --- a/src/input/readers/SQLite.cc +++ b/src/input/readers/SQLite.cc @@ -187,11 +187,14 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p if ( subpos != -1 ) { const char *text = (const char*) sqlite3_column_text(st, subpos); - string s(text, sqlite3_column_bytes(st, subpos)); + if ( text == 0 ) Error("Port protocol definition did not contain text"); else + { + string s(text, sqlite3_column_bytes(st, subpos)); val->val.port_val.proto = io->ParseProto(s); + } } break; } From 20f11ad2378dcbdc0b4cc2fe5203dd87f879d5e9 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Mon, 16 Sep 2013 11:20:07 -0500 Subject: [PATCH 008/287] Fix another compiler warning --- src/builtin-func.l | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/builtin-func.l b/src/builtin-func.l index 0e63b06be6..c70b99b6c8 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -208,7 +208,11 @@ void init_alternative_mode() fprintf(fp_func_init, "// %s\n\n", auto_gen_comment); static char guard[1024]; - getcwd(guard, sizeof(guard)); + if ( getcwd(guard, sizeof(guard)) == NULL ) + { + fprintf(stderr, "Error: cannot get current working directory\n"); + err_exit(); + } strncat(guard, "/", sizeof(guard) - strlen(guard) - 1); strncat(guard, input_filename, sizeof(guard) - strlen(guard) - 1); From c0f780c728503006c3d285cd3369ea3969a5024c Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 16 Sep 2013 10:40:25 -0700 Subject: [PATCH 009/287] update hll documentation, make a few functions private and create a new copy constructor. --- src/probabilistic/CardinalityCounter.cc | 29 ++++- src/probabilistic/CardinalityCounter.h | 128 +++++++++++++--------- src/probabilistic/cardinality-counter.bif | 14 +-- 3 files changed, 108 insertions(+), 63 deletions(-) diff --git a/src/probabilistic/CardinalityCounter.cc b/src/probabilistic/CardinalityCounter.cc index ec82c31e7f..3e274da886 100644 --- a/src/probabilistic/CardinalityCounter.cc +++ b/src/probabilistic/CardinalityCounter.cc @@ -15,6 +15,9 @@ int CardinalityCounter::OptimalB(double error, double confidence) double initial_estimate = 2 * (log(1.04) - log(error)) / log(2); int answer = (int) floor(initial_estimate); + // k is the number of standard deviations that we have to go to have + // a confidence level of conf. + double k = 0; do { @@ -54,6 +57,12 @@ void CardinalityCounter::Init(uint64 size) V = m; } +CardinalityCounter::CardinalityCounter(CardinalityCounter& other) + { + Init(other.GetM()); + Merge(&other); + } + CardinalityCounter::CardinalityCounter(double error_margin, double confidence) { int b = OptimalB(error_margin, confidence); @@ -107,7 +116,16 @@ void CardinalityCounter::AddElement(uint64 hash) buckets[index] = temp; } -double CardinalityCounter::Size() +/** + * Estimate the size by using the the "raw" HyperLogLog estimate. Then, + * check if it's too "large" or "small" because the raw estimate doesn't + * do well in those cases. + * Thus, we correct for those errors as specified in the paper. + * + * Note - we deviate from the HLL algorithm in the paper here, because + * of our 64-bit hashes. + **/ +double CardinalityCounter::Size() const { double answer = 0; for ( unsigned int i = 0; i < m; i++ ) @@ -126,8 +144,11 @@ double CardinalityCounter::Size() return -pow(2, 64) * log(1 - (answer / pow(2, 64))); } -void CardinalityCounter::Merge(CardinalityCounter* c) +bool CardinalityCounter::Merge(CardinalityCounter* c) { + if ( m != c->GetM() ) + return false; + uint8_t* temp = c->GetBuckets(); V = 0; @@ -140,6 +161,8 @@ void CardinalityCounter::Merge(CardinalityCounter* c) if ( buckets[i] == 0 ) ++V; } + + return true; } uint8_t* CardinalityCounter::GetBuckets() @@ -147,7 +170,7 @@ uint8_t* CardinalityCounter::GetBuckets() return buckets; } -uint64 CardinalityCounter::GetM() +uint64 CardinalityCounter::GetM() const { return m; } diff --git a/src/probabilistic/CardinalityCounter.h b/src/probabilistic/CardinalityCounter.h index 2707c53808..a2aeea50eb 100644 --- a/src/probabilistic/CardinalityCounter.h +++ b/src/probabilistic/CardinalityCounter.h @@ -9,81 +9,78 @@ namespace probabilistic { /** - * A probabilisitc cardinality counter using the HyperLogLog algorithm. - * - * TODO: Update doc string. + * A probabilistic cardinality counter using the HyperLogLog algorithm. */ class CardinalityCounter { public: /** * Constructor. * - * Based on the error_margin, the number of buckets that need to be - * kept will be determined. Based on the max_size, the number of bits - * that will be used from the hash function will be determined. + * The number of buckets of the data structure is determined using + * the error margin and the given confidence. * - * We need the hash function to return integers that are uniformly - * distributed from 0 to 2^L-1. And if that happens, the maximum - * cardinality that this counter can handle is approximately 2^L. By - * default, we will assume a value of 64 bits. + * For example, assume an error_margin of 2% and a confidence + * of 95%. If the Size function returns an estimate of 100, this + * means that we are 95% sure that the cardinality is between 98 + * and 102. * - * Confidence in the estimate given by a cardinality counter is. + * @param error_margin error margin * - * In other words, if the cardinality is estimated to be 100 with 2% - * error margin and HLL_CONFis 0.95, then we are 95% sure that the - * actual cardinality is between 98 and 102. + * @param confidence confidence of the error. Default: 0.95 */ CardinalityCounter(double error_margin, double confidence = 0.95); /** - * Constructor used for cloning. + * Copy-Constructor + */ + CardinalityCounter(CardinalityCounter& other); + + /** + * Constructor for a known number of buckets. * - * The error margin will be 1.04/sqrt(m) with approximately 68% + * The error margin is 1.04/sqrt(size) with approximately 68% * probability. + * + * @param size number of buckets to create */ CardinalityCounter(uint64 size); /** - * Deletes the class variables. + * Destructor. */ ~CardinalityCounter(); /** - * This will add an element to the counter. It's responsible for - * adding an element and updating the value of V, if that applies. + * Add a new element to the counter. + * + * The hash function generating the hashes needs to be uniformly + * distributed over 64 bits. + * + * @param hash 64-bit hash value of the element to be added */ void AddElement(uint64 hash); /** - * Returns the size estimate of the set. First, it has the "raw" - * HyperLogLog estimate. And then, we check if it's too "large" or - * "small" because the raw estimate doesn't do well in those cases. - * Thus, we correct for those errors as specified in the paper. - */ - double Size(); - - /** - * Returns the buckets array that holds all of the rough cardinality - * estimates. - */ - uint8_t* GetBuckets(); + * Get the current estimated number of elements in the data + * structure + * + * @return Estimated number of elements + **/ + double Size() const; /** * Merges the argument cardinality counter with this one. The error - * margins are assumed to be the same, so they have the same number of - * buckets. If any of the conditions are violated, then the return - * value of size() is meaningless. + * margins of both counters have to be the same, otherwhise the merge + * operation will not be carried out. + * + * @param c Cardinality counter to merge into the current counter. + * + * @return True if successful */ - void Merge(CardinalityCounter* c); + bool Merge(CardinalityCounter* c); /** - * Returns the value of m. Should be used only for statistical - * purposes. - */ - uint64 GetM(); - - /** -c * Serializes the cardinality counter. + * Serializes the cardinality counter. * * @param info The serializaton information to use. * @@ -97,10 +94,28 @@ c * Serializes the cardinality counter. * @param info The serializaton information to use. * * @return The unserialized cardinality counter, or null if an error - * occured. + * occured. */ static CardinalityCounter* Unserialize(UnserialInfo* info); +protected: + /** + * Return the number of buckets. + * + * @return Number of buckets + */ + uint64 GetM() const; + + /** + * Returns the buckets array that holds all of the rough cardinality + * estimates. + * + * Use GetM() to determine the size. + * + * @return Array containing cardinality estimates + */ + uint8_t* GetBuckets(); + private: /** * Constructor used when unserializing, i.e., all parameters are @@ -110,31 +125,38 @@ private: /** * Helper function with code used jointly by multiple constructors. + * + * @param arg_size: number of buckets that need to be kept */ void Init(uint64 arg_size); /** - * This function will calculate the smallest value of b that will + * This function calculates the smallest value of b that will * satisfy these the constraints of a specified error margin and * confidence level. * * The exact expression for b is as follows: - * Define x = 2*(log(1.04*k/error)/log(2)). Then b is the ceiling of x + * Define x = 2*(log(1.04*k/error)/log(2)). Then b is the ceiling of x. * - * error is the error margin. + * After that initial estimate, the value of b is increased until the + * standard deviation falls within the specified valud. * - * k is the number of standard deviations that we have to go to have - * a confidence level of conf. + * @param error error margin * - * confidence: TODO. + * @param confidence confidence of the error + * + * @return minimal B-value satisfying the error-rate under confidence. */ int OptimalB(double error, double confidence); /** - * Computes when the first one appears in the element. It looks at the - * bitstring from the end though. A precondition is that the argument - * is already divisible by m, so we just ignore the last b bits, since - * m = 2^b and the last b bits will always be 0. + * Determines at which index (counted from the back) the first one-bit + * appears. The last b bits have to be 0 (the element has to be divisible + * by m), hence they are ignored. + * + * @param hash_modified hash value + * + * @returns index of first one-bit */ uint8_t Rank(uint64 hash_modified); diff --git a/src/probabilistic/cardinality-counter.bif b/src/probabilistic/cardinality-counter.bif index 5201ce95bb..46323bc212 100644 --- a/src/probabilistic/cardinality-counter.bif +++ b/src/probabilistic/cardinality-counter.bif @@ -91,7 +91,12 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op CardinalityCounter* h1 = v1->Get(); CardinalityCounter* h2 = v2->Get(); - h1->Merge(h2); + bool res = h1->Merge(h2); + if ( res == false ) + { + reporter->Error("Carinality counters with different parameters cannot be merged"); + return new Val(0, TYPE_BOOL); + } return new Val(1, TYPE_BOOL); %} @@ -126,12 +131,7 @@ function hll_cardinality_copy%(handle: opaque of cardinality%): opaque of cardin %{ CardinalityVal* cv = static_cast(handle); CardinalityCounter* h = cv->Get(); - - uint64_t m = h->GetM(); - CardinalityCounter* h2 = new CardinalityCounter(m); - - int i = 0; - h2->Merge(h); + CardinalityCounter* h2 = new CardinalityCounter(*h); CardinalityVal* out = new CardinalityVal(h2); return out; From ecc20b932a3697452208ed8ec1ebaa59ac3f7061 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Mon, 16 Sep 2013 11:00:54 -0700 Subject: [PATCH 010/287] and const 2 more functions --- src/probabilistic/CardinalityCounter.cc | 4 ++-- src/probabilistic/CardinalityCounter.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/probabilistic/CardinalityCounter.cc b/src/probabilistic/CardinalityCounter.cc index 3e274da886..ed9f4ae078 100644 --- a/src/probabilistic/CardinalityCounter.cc +++ b/src/probabilistic/CardinalityCounter.cc @@ -10,7 +10,7 @@ using namespace probabilistic; -int CardinalityCounter::OptimalB(double error, double confidence) +int CardinalityCounter::OptimalB(double error, double confidence) const { double initial_estimate = 2 * (log(1.04) - log(error)) / log(2); int answer = (int) floor(initial_estimate); @@ -87,7 +87,7 @@ CardinalityCounter::~CardinalityCounter() delete [] buckets; } -uint8_t CardinalityCounter::Rank(uint64 hash_modified) +uint8_t CardinalityCounter::Rank(uint64 hash_modified) const { uint8_t answer = 0; diff --git a/src/probabilistic/CardinalityCounter.h b/src/probabilistic/CardinalityCounter.h index a2aeea50eb..1d1e581d5d 100644 --- a/src/probabilistic/CardinalityCounter.h +++ b/src/probabilistic/CardinalityCounter.h @@ -147,7 +147,7 @@ private: * * @return minimal B-value satisfying the error-rate under confidence. */ - int OptimalB(double error, double confidence); + int OptimalB(double error, double confidence) const; /** * Determines at which index (counted from the back) the first one-bit @@ -158,7 +158,7 @@ private: * * @returns index of first one-bit */ - uint8_t Rank(uint64 hash_modified); + uint8_t Rank(uint64 hash_modified) const; /** * This is the number of buckets that will be stored. The standard From c8758c4f246b88804cb92d2b79f42624e4343ba4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 16 Sep 2013 15:36:18 -0500 Subject: [PATCH 011/287] Fix possible (unlikely) use of uninitialized value. Plus two minor refactors/nits. --- src/Func.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Func.cc b/src/Func.cc index 7859e8d2ad..11749a8a9c 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -281,7 +281,7 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const #ifdef PROFILE_BRO_FUNCTIONS DEBUG_MSG("Function: %s\n", id->Name()); #endif - if ( ! bodies.size() ) + if ( bodies.empty() ) { // Can only happen for events and hooks. assert(Flavor() == FUNC_FLAVOR_EVENT || Flavor() == FUNC_FLAVOR_HOOK); @@ -315,14 +315,14 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const loop_over_list(*args, i) f->SetElement(i, (*args)[i]); - stmt_flow_type flow; + stmt_flow_type flow = FLOW_NEXT; Val* result = 0; if ( sample_logger ) sample_logger->FunctionSeen(this); - for ( unsigned int i = 0; i < bodies.size(); ++i ) + for ( size_t i = 0; i < bodies.size(); ++i ) { if ( sample_logger ) sample_logger->LocationSeen( From 19b15217f0a1b248c96ebe14684255c4774e54fd Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 16 Sep 2013 15:40:44 -0500 Subject: [PATCH 012/287] Minor refactor to broxygen enum comments. Coverity claimed a mismatched iterator here. Don't think it was, but this might make it either go away or make its insane template output understandable. Else at least it makes the code more readable. --- src/Type.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Type.cc b/src/Type.cc index d7236e0344..2b9faa8018 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1403,8 +1403,8 @@ void CommentedEnumType::AddComment(const string& module_name, const char* name, comments[copy_string(fullname.c_str())] = new_comments; else { - comments[fullname.c_str()]->splice(comments[fullname.c_str()]->end(), - *new_comments); + list* prev_comments = comments[fullname.c_str()]; + prev_comments->splice(prev_comments->end(), *new_comments); delete new_comments; } } From bb8f102b2cb16f0c656bc50ed4a63fee72cf1216 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 16 Sep 2013 16:10:49 -0500 Subject: [PATCH 013/287] Minor refactor to SSL BinPAC grammer. An unsized array already parses indefinitely. &until($element <= 0) just causes nonsense code to be generated. I.e. checking a pointer that can never even be null against <= 0. And the compare would happen after delete'ing the pointer, making it even odder (though still benign). --- src/analyzer/protocol/ssl/ssl-protocol.pac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index b35d07f18b..41f5994072 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -667,7 +667,7 @@ type CiphertextRecord(rec: SSLRecord) = record { ###################################################################### type SSLPDU(is_orig: bool) = record { - records : SSLRecord(is_orig)[] &transient &until($element <= 0); + records : SSLRecord(is_orig)[] &transient; } &byteorder = bigendian; From a3b963ad4ee1e10ab79018c025ca7b4d1468faee Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 16 Sep 2013 16:14:01 -0500 Subject: [PATCH 014/287] Refactor Analyzer::AddChildAnalyzer and usages. Make feedback available regarding whether adding a child analyzer fails because one of the same type already exists (so one can avoid invalid pointer access of a delete'd analyzer). --- src/analyzer/Analyzer.cc | 11 +++++------ src/analyzer/Analyzer.h | 9 ++++++--- src/analyzer/protocol/gnutella/Gnutella.cc | 4 +--- src/analyzer/protocol/socks/SOCKS.cc | 10 +++++++--- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index b8b739f3cb..7a71c2e0d4 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -378,13 +378,13 @@ void Analyzer::ForwardEndOfData(bool orig) AppendNewChildren(); } -void Analyzer::AddChildAnalyzer(Analyzer* analyzer, bool init) +bool Analyzer::AddChildAnalyzer(Analyzer* analyzer, bool init) { if ( HasChildAnalyzer(analyzer->GetAnalyzerTag()) ) { analyzer->Done(); delete analyzer; - return; + return false; } // We add new children to new_children first. They are then @@ -401,6 +401,7 @@ void Analyzer::AddChildAnalyzer(Analyzer* analyzer, bool init) DBG_LOG(DBG_ANALYZER, "%s added child %s", fmt_analyzer(this).c_str(), fmt_analyzer(analyzer).c_str()); + return true; } Analyzer* Analyzer::AddChildAnalyzer(Tag analyzer) @@ -409,10 +410,8 @@ Analyzer* Analyzer::AddChildAnalyzer(Tag analyzer) { Analyzer* a = analyzer_mgr->InstantiateAnalyzer(analyzer, conn); - if ( a ) - AddChildAnalyzer(a); - - return a; + if ( a && AddChildAnalyzer(a) ) + return a; } return 0; diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 396d45d60e..b709e3dda0 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -353,9 +353,10 @@ public: * discarded. * * @param analyzer The ananlyzer to add. Takes ownership. + * @return false if analyzer type was already a child, else true. */ - void AddChildAnalyzer(Analyzer* analyzer) - { AddChildAnalyzer(analyzer, true); } + bool AddChildAnalyzer(Analyzer* analyzer) + { return AddChildAnalyzer(analyzer, true); } /** * Adds a new child analyzer to the analyzer tree. If an analyzer of @@ -363,6 +364,7 @@ public: * discarded. * * @param tag The type of analyzer to add. + * @return the new analyzer instance that was added. */ Analyzer* AddChildAnalyzer(Tag tag); @@ -600,8 +602,9 @@ protected: * @param analyzer The analyzer to add. Takes ownership. * * @param init If true, Init() will be calle.d + * @return false if analyzer type was already a child, else true. */ - void AddChildAnalyzer(Analyzer* analyzer, bool init); + bool AddChildAnalyzer(Analyzer* analyzer, bool init); /** * Inits all child analyzers. This is an internal method. diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index ff71a55fc8..84a33381a0 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -137,10 +137,8 @@ int Gnutella_Analyzer::IsHTTP(string header) analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); - if ( a ) + if ( a && Parent()->AddChildAnalyzer(a) ) { - Parent()->AddChildAnalyzer(a); - if ( Parent()->IsAnalyzer("TCP") ) { // Replay buffered data. diff --git a/src/analyzer/protocol/socks/SOCKS.cc b/src/analyzer/protocol/socks/SOCKS.cc index f9d81b8a16..76212d822b 100644 --- a/src/analyzer/protocol/socks/SOCKS.cc +++ b/src/analyzer/protocol/socks/SOCKS.cc @@ -62,9 +62,13 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig) if ( ! pia ) { pia = new pia::PIA_TCP(Conn()); - AddChildAnalyzer(pia); - pia->FirstPacket(true, 0); - pia->FirstPacket(false, 0); + if ( AddChildAnalyzer(pia) ) + { + pia->FirstPacket(true, 0); + pia->FirstPacket(false, 0); + } + else + pia = 0; } ForwardStream(len, data, orig); From fdc364084ba515749704b3542c764a6e37cc1bfb Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Mon, 16 Sep 2013 17:45:21 -0500 Subject: [PATCH 015/287] Fix cmake warning about ENABLE_PERFTOOLS not being used --- CMakeLists.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0f64f304b8..1c427188ca 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -153,9 +153,10 @@ if (NOT DISABLE_ELASTICSEARCH AND LIBCURL_FOUND) list(APPEND OPTLIBS ${LibCURL_LIBRARIES}) endif() -if (ENABLE_PERFTOOLS_DEBUG) +if (ENABLE_PERFTOOLS_DEBUG OR ENABLE_PERFTOOLS) # Just a no op to prevent CMake from complaining about manually-specified - # ENABLE_PERFTOOLS_DEBUG not being used if google perftools weren't found + # ENABLE_PERFTOOLS_DEBUG or ENABLE_PERFTOOLS not being used if google + # perftools weren't found endif () set(brodeps From fdc0d5c7ec14ee45207bf9b94e7ecd6426769050 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 17 Sep 2013 15:29:41 -0500 Subject: [PATCH 016/287] Fix compiler warning (time_t is not a pointer type) --- src/bro.bif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bro.bif b/src/bro.bif index c9b77e4368..93b0da2dcc 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2945,7 +2945,7 @@ function strftime%(fmt: string, d: time%) : string ## Returns: The time value calculated from parsing *d* with *fmt*. function strptime%(fmt: string, d: string%) : time %{ - const time_t timeval = time_t(NULL); + const time_t timeval = time_t(); struct tm t = *localtime(&timeval); if ( strptime(d->CheckString(), fmt->CheckString(), &t) == NULL ) From a316878d01adec45049c5a65af92ccc71f24e695 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 17 Sep 2013 16:42:48 -0500 Subject: [PATCH 017/287] Add checks to avoid improper negative values use. --- src/Expr.cc | 14 +++++++-- src/Val.cc | 10 +++++++ src/Val.h | 11 +++++++ src/analyzer/protocol/conn-size/ConnSize.cc | 14 +++++---- src/analyzer/protocol/icmp/ICMP.cc | 6 ++-- src/analyzer/protocol/tcp/TCP.cc | 7 ++--- src/analyzer/protocol/udp/UDP.cc | 8 ++--- .../analyzer/data_event/DataEvent.cc | 9 ++---- src/file_analysis/analyzer/extract/Extract.cc | 3 +- src/input/Manager.cc | 30 +++++++++---------- src/logging/Manager.cc | 29 +++++++++--------- src/util.cc | 10 +++++++ 12 files changed, 89 insertions(+), 62 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index e64172675e..f060b98602 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -3137,12 +3137,14 @@ FieldExpr::FieldExpr(Expr* arg_op, const char* arg_field_name) { RecordType* rt = op->Type()->AsRecordType(); field = rt->FieldOffset(field_name); - td = rt->FieldDecl(field); if ( field < 0 ) ExprError("no such field in record"); else + { SetType(rt->FieldType(field)->Ref()); + td = rt->FieldDecl(field); + } } } @@ -3852,7 +3854,15 @@ void FieldAssignExpr::EvalIntoAggregate(const BroType* t, Val* aggr, Frame* f) Val* v = op->Eval(f); if ( v ) - rec->Assign(rt->FieldOffset(field_name.c_str()), v); + { + int idx = rt->FieldOffset(field_name.c_str()); + + if ( idx < 0 ) + reporter->InternalError("Missing record field: %s", + field_name.c_str()); + + rec->Assign(idx, v); + } } int FieldAssignExpr::IsRecordElement(TypeDecl* td) const diff --git a/src/Val.cc b/src/Val.cc index 389e76fe1d..9d1b27b333 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2670,6 +2670,16 @@ Val* RecordVal::LookupWithDefault(int field) const return record_type->FieldDefault(field); } +Val* RecordVal::Lookup(const char* field, bool with_default) const + { + int idx = record_type->FieldOffset(field); + + if ( idx < 0 ) + reporter->InternalError("missing record field: %s", field); + + return with_default ? LookupWithDefault(idx) : Lookup(idx); + } + RecordVal* RecordVal::CoerceTo(const RecordType* t, Val* aggr, bool allow_orphaning) const { if ( ! record_promotion_compatible(t->AsRecordType(), Type()->AsRecordType()) ) diff --git a/src/Val.h b/src/Val.h index 019c390699..a7088313d6 100644 --- a/src/Val.h +++ b/src/Val.h @@ -895,6 +895,17 @@ public: Val* Lookup(int field) const; // Does not Ref() value. Val* LookupWithDefault(int field) const; // Does Ref() value. + /** + * Looks up the value of a field by field name. If the field doesn't + * exist in the record type, it's an internal error: abort. + * @param field name of field to lookup. + * @param with_default whether to rely on field's &default attribute when + * the field has yet to be initialized. + * @return the value in field \a field. It is Ref()'d only if + * \a with_default is true. + */ + Val* Lookup(const char* field, bool with_default = false) const; + void Describe(ODesc* d) const; // This is an experiment to associate a BroObj within the diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index b912fe3d2d..ad08c78c4f 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -54,17 +54,19 @@ void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val) { // RecordType *connection_type is decleared in NetVar.h - int orig_endp_idx = connection_type->FieldOffset("orig"); - int resp_endp_idx = connection_type->FieldOffset("resp"); - RecordVal *orig_endp = conn_val->Lookup(orig_endp_idx)->AsRecordVal(); - RecordVal *resp_endp = conn_val->Lookup(resp_endp_idx)->AsRecordVal(); + RecordVal *orig_endp = conn_val->Lookup("orig")->AsRecordVal(); + RecordVal *resp_endp = conn_val->Lookup("resp")->AsRecordVal(); // endpoint is the RecordType from NetVar.h - // TODO: or orig_endp->Type()->AsRecordVal()->FieldOffset() int pktidx = endpoint->FieldOffset("num_pkts"); int bytesidx = endpoint->FieldOffset("num_bytes_ip"); - // TODO: error handling? + if ( pktidx < 0 ) + reporter->InternalError("'endpoint' record missing 'num_pkts' field"); + + if ( bytesidx < 0 ) + reporter->InternalError("'endpoint' record missing 'num_bytes_ip' field"); + orig_endp->Assign(pktidx, new Val(orig_pkts, TYPE_COUNT)); orig_endp->Assign(bytesidx, new Val(orig_bytes, TYPE_COUNT)); resp_endp->Assign(pktidx, new Val(resp_pkts, TYPE_COUNT)); diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 732727d709..a851ebe8ee 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -440,10 +440,8 @@ void ICMP_Analyzer::Describe(ODesc* d) const void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val) { - int orig_endp_idx = connection_type->FieldOffset("orig"); - int resp_endp_idx = connection_type->FieldOffset("resp"); - RecordVal *orig_endp = conn_val->Lookup(orig_endp_idx)->AsRecordVal(); - RecordVal *resp_endp = conn_val->Lookup(resp_endp_idx)->AsRecordVal(); + RecordVal *orig_endp = conn_val->Lookup("orig")->AsRecordVal(); + RecordVal *resp_endp = conn_val->Lookup("resp")->AsRecordVal(); UpdateEndpointVal(orig_endp, 1); UpdateEndpointVal(resp_endp, 0); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 8f42e0f2b1..c9cd8ed8d1 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1102,11 +1102,8 @@ void TCP_Analyzer::FlipRoles() void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val) { - int orig_endp_idx = connection_type->FieldOffset("orig"); - int resp_endp_idx = connection_type->FieldOffset("resp"); - - RecordVal *orig_endp_val = conn_val->Lookup(orig_endp_idx)->AsRecordVal(); - RecordVal *resp_endp_val = conn_val->Lookup(resp_endp_idx)->AsRecordVal(); + RecordVal *orig_endp_val = conn_val->Lookup("orig")->AsRecordVal(); + RecordVal *resp_endp_val = conn_val->Lookup("resp")->AsRecordVal(); orig_endp_val->Assign(0, new Val(orig->Size(), TYPE_COUNT)); orig_endp_val->Assign(1, new Val(int(orig->state), TYPE_COUNT)); diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 3050ea5648..4c26ae5d99 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -170,13 +170,9 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, void UDP_Analyzer::UpdateConnVal(RecordVal *conn_val) { - int orig_endp_idx = connection_type->FieldOffset("orig"); - int resp_endp_idx = connection_type->FieldOffset("resp"); - RecordVal *orig_endp = conn_val->Lookup(orig_endp_idx)->AsRecordVal(); - RecordVal *resp_endp = conn_val->Lookup(resp_endp_idx)->AsRecordVal(); + RecordVal *orig_endp = conn_val->Lookup("orig")->AsRecordVal(); + RecordVal *resp_endp = conn_val->Lookup("resp")->AsRecordVal(); - orig_endp = conn_val->Lookup(orig_endp_idx)->AsRecordVal(); - resp_endp = conn_val->Lookup(resp_endp_idx)->AsRecordVal(); UpdateEndpointVal(orig_endp, 1); UpdateEndpointVal(resp_endp, 0); diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index cf2d7e52ec..a9ffa26bf2 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -20,13 +20,8 @@ DataEvent::DataEvent(RecordVal* args, File* file, file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file) { - using BifType::Record::Files::AnalyzerArgs; - - int chunk_off = AnalyzerArgs->FieldOffset("chunk_event"); - int stream_off = AnalyzerArgs->FieldOffset("stream_event"); - - Val* chunk_val = args->Lookup(chunk_off); - Val* stream_val = args->Lookup(stream_off); + Val* chunk_val = args->Lookup("chunk_event"); + Val* stream_val = args->Lookup("stream_event"); if ( ! chunk_val && ! stream_val ) return 0; diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index 504ffd9112..1a3917cd0e 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -33,8 +33,7 @@ Extract::~Extract() static Val* get_extract_field_val(RecordVal* args, const char* name) { - using BifType::Record::Files::AnalyzerArgs; - Val* rval = args->Lookup(AnalyzerArgs->FieldOffset(name)); + Val* rval = args->Lookup(name); if ( ! rval ) reporter->Error("File extraction analyzer missing arg field: %s", name); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index d838e8cb75..d739a96809 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -296,7 +296,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) return false; } - Val* name_val = description->LookupWithDefault(rtype->FieldOffset("name")); + Val* name_val = description->Lookup("name", true); string name = name_val->AsString()->CheckString(); Unref(name_val); @@ -308,10 +308,10 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) return false; } - EnumVal* reader = description->LookupWithDefault(rtype->FieldOffset("reader"))->AsEnumVal(); + EnumVal* reader = description->Lookup("reader", true)->AsEnumVal(); // get the source ... - Val* sourceval = description->LookupWithDefault(rtype->FieldOffset("source")); + Val* sourceval = description->Lookup("source", true); assert ( sourceval != 0 ); const BroString* bsource = sourceval->AsString(); string source((const char*) bsource->Bytes(), bsource->Len()); @@ -321,7 +321,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) rinfo.source = copy_string(source.c_str()); rinfo.name = copy_string(name.c_str()); - EnumVal* mode = description->LookupWithDefault(rtype->FieldOffset("mode"))->AsEnumVal(); + EnumVal* mode = description->Lookup("mode", true)->AsEnumVal(); switch ( mode->InternalInt() ) { case 0: @@ -342,7 +342,7 @@ bool Manager::CreateStream(Stream* info, RecordVal* description) Unref(mode); - Val* config = description->LookupWithDefault(rtype->FieldOffset("config")); + Val* config = description->Lookup("config", true); info->config = config->AsTableVal(); // ref'd by LookupWithDefault { @@ -401,11 +401,11 @@ bool Manager::CreateEventStream(RecordVal* fval) } - RecordType *fields = fval->LookupWithDefault(rtype->FieldOffset("fields"))->AsType()->AsTypeType()->Type()->AsRecordType(); + RecordType *fields = fval->Lookup("fields", true)->AsType()->AsTypeType()->Type()->AsRecordType(); - Val *want_record = fval->LookupWithDefault(rtype->FieldOffset("want_record")); + Val *want_record = fval->Lookup("want_record", true); - Val* event_val = fval->LookupWithDefault(rtype->FieldOffset("ev")); + Val* event_val = fval->Lookup("ev", true); Func* event = event_val->AsFunc(); Unref(event_val); @@ -547,18 +547,18 @@ bool Manager::CreateTableStream(RecordVal* fval) } } - Val* pred = fval->LookupWithDefault(rtype->FieldOffset("pred")); + Val* pred = fval->Lookup("pred", true); - RecordType *idx = fval->LookupWithDefault(rtype->FieldOffset("idx"))->AsType()->AsTypeType()->Type()->AsRecordType(); + RecordType *idx = fval->Lookup("idx", true)->AsType()->AsTypeType()->Type()->AsRecordType(); RecordType *val = 0; - if ( fval->LookupWithDefault(rtype->FieldOffset("val")) != 0 ) + if ( fval->Lookup("val", true) != 0 ) { - val = fval->LookupWithDefault(rtype->FieldOffset("val"))->AsType()->AsTypeType()->Type()->AsRecordType(); + val = fval->Lookup("val", true)->AsType()->AsTypeType()->Type()->AsRecordType(); Unref(val); // The lookupwithdefault in the if-clause ref'ed val. } - TableVal *dst = fval->LookupWithDefault(rtype->FieldOffset("destination"))->AsTableVal(); + TableVal *dst = fval->Lookup("destination", true)->AsTableVal(); // check if index fields match table description int num = idx->NumFields(); @@ -588,9 +588,9 @@ bool Manager::CreateTableStream(RecordVal* fval) return false; } - Val *want_record = fval->LookupWithDefault(rtype->FieldOffset("want_record")); + Val *want_record = fval->Lookup("want_record", true); - Val* event_val = fval->LookupWithDefault(rtype->FieldOffset("ev")); + Val* event_val = fval->Lookup("ev", true); Func* event = event_val ? event_val->AsFunc() : 0; Unref(event_val); diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 79e23fb63f..87d3be9f13 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -295,7 +295,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval) return false; } - RecordType* columns = sval->Lookup(rtype->FieldOffset("columns")) + RecordType* columns = sval->Lookup("columns") ->AsType()->AsTypeType()->Type()->AsRecordType(); bool log_attr_present = false; @@ -322,7 +322,7 @@ bool Manager::CreateStream(EnumVal* id, RecordVal* sval) return false; } - Val* event_val = sval->Lookup(rtype->FieldOffset("ev")); + Val* event_val = sval->Lookup("ev"); Func* event = event_val ? event_val->AsFunc() : 0; if ( event ) @@ -579,19 +579,18 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval) return false; // Find the right writer type. - int idx = rtype->FieldOffset("writer"); - EnumVal* writer = fval->LookupWithDefault(idx)->AsEnumVal(); + EnumVal* writer = fval->Lookup("writer", true)->AsEnumVal(); // Create a new Filter instance. - Val* name = fval->LookupWithDefault(rtype->FieldOffset("name")); - Val* pred = fval->LookupWithDefault(rtype->FieldOffset("pred")); - Val* path_func = fval->LookupWithDefault(rtype->FieldOffset("path_func")); - Val* log_local = fval->LookupWithDefault(rtype->FieldOffset("log_local")); - Val* log_remote = fval->LookupWithDefault(rtype->FieldOffset("log_remote")); - Val* interv = fval->LookupWithDefault(rtype->FieldOffset("interv")); - Val* postprocessor = fval->LookupWithDefault(rtype->FieldOffset("postprocessor")); - Val* config = fval->LookupWithDefault(rtype->FieldOffset("config")); + Val* name = fval->Lookup("name", true); + Val* pred = fval->Lookup("pred", true); + Val* path_func = fval->Lookup("path_func", true); + Val* log_local = fval->Lookup("log_local", true); + Val* log_remote = fval->Lookup("log_remote", true); + Val* interv = fval->Lookup("interv", true); + Val* postprocessor = fval->Lookup("postprocessor", true); + Val* config = fval->Lookup("config", true); Filter* filter = new Filter; filter->name = name->AsString()->CheckString(); @@ -616,8 +615,8 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval) // Build the list of fields that the filter wants included, including // potentially rolling out fields. - Val* include = fval->Lookup(rtype->FieldOffset("include")); - Val* exclude = fval->Lookup(rtype->FieldOffset("exclude")); + Val* include = fval->Lookup("include"); + Val* exclude = fval->Lookup("exclude"); filter->num_fields = 0; filter->fields = 0; @@ -631,7 +630,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval) } // Get the path for the filter. - Val* path_val = fval->Lookup(rtype->FieldOffset("path")); + Val* path_val = fval->Lookup("path"); if ( path_val ) { diff --git a/src/util.cc b/src/util.cc index f26b3fb0c2..aeb8fdeef8 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1261,6 +1261,16 @@ void _set_processing_status(const char* status) int fd = open(proc_status_file, O_CREAT | O_WRONLY | O_TRUNC, 0700); + if ( fd < 0 ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + reporter->Error("Failed to open process status file '%s': %s", + proc_status_file, buf); + errno = old_errno; + return; + } + int len = strlen(status); while ( len ) { From 9d3fc1e7ed5d1972449abcd531ae02fe00290604 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 18 Sep 2013 14:36:59 -0700 Subject: [PATCH 018/287] Updating CHANGES and VERSION. --- CHANGES | 21 +++++++++++++++++++++ VERSION | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9376f3f459..79041b5368 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,25 @@ +2.1-1344 | 2013-09-16 16:20:55 -0500 + + * Refactor Analyzer::AddChildAnalyzer and usages. (Jon Siwek) + + * Minor refactor to SSL BinPAC grammer. (Jon Siwek) + + * Minor refactor to Broxygen enum comments. (Jon Siwek) + + * Fix possible (unlikely) use of uninitialized value. (Jon Siwek) + + * Fix/improve dereference-before-null-checks. (Jon Siwek) + + * Fix out-of-bounds memory accesses, and remove a + variable-length-array usage. (Jon Siwek) + + * Fix potential mem leak. (Jon Siwek) + + * Fix double-free and deallocator mismatch. (Jon Siwek) + + * Fix another function val reference counting bug. (Jon Siwek) + 2.1-1335 | 2013-09-12 16:13:53 -0500 * Documentation fixes (Daniel Thayer, Jon Siwek) diff --git a/VERSION b/VERSION index c2f9e8bbcc..5a4c59bacf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-1335 +2.1-1344 From d417bd9f3a05d275cbca6685b35a03fc566c7869 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Wed, 18 Sep 2013 23:48:54 -0500 Subject: [PATCH 019/287] Update documentation of required packages --- configure | 2 +- doc/install/install.rst | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 6c557a22d0..1990d78569 100755 --- a/configure +++ b/configure @@ -49,9 +49,9 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --with-flex=PATH path to flex executable --with-bison=PATH path to bison executable --with-perl=PATH path to perl executable + --with-libmagic=PATH path to libmagic install root Optional Packages in Non-Standard Locations: - --with-libmagic=PATH path to libmagic install root --with-geoip=PATH path to the libGeoIP install root --with-perftools=PATH path to Google Perftools install root --with-python=PATH path to Python interpreter diff --git a/doc/install/install.rst b/doc/install/install.rst index 1b775389f3..a29be72472 100644 --- a/doc/install/install.rst +++ b/doc/install/install.rst @@ -29,13 +29,15 @@ before you begin: * Libpcap (http://www.tcpdump.org) * OpenSSL libraries (http://www.openssl.org) * BIND8 library - * Libmagic + * Libmagic 5.04 or greater * Libz * Bash (for BroControl) To build Bro from source, the following additional dependencies are required: * CMake 2.6.3 or greater (http://www.cmake.org) + * Make + * C/C++ compiler * SWIG (http://www.swig.org) * Bison (GNU Parser Generator) * Flex (Fast Lexical Analyzer) From 79bd81c8da1a845ea22d18eb3012224abb0c6ed4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Sep 2013 11:39:52 -0500 Subject: [PATCH 020/287] Fix nesting/indent level whitespace mismatch. The EndData() doesn't make sense as part of the condition that implies the state is such that it's not inside data. It might make sense as part of an else block, but it also seems fine to unconditionally EndData() like it currently does. That way unexpected states (mail != 0) are dealt with sooner rather than later. --- src/analyzer/protocol/smtp/SMTP.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index b496e97c69..c3fb21b6a4 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -599,7 +599,7 @@ void SMTP_Analyzer::UpdateState(const int cmd_code, const int reply_code) case 0: if ( st != SMTP_IN_DATA ) UnexpectedCommand(cmd_code, reply_code); - EndData(); + EndData(); state = SMTP_AFTER_DATA; break; From d05a02e848dc0e9ff27293339d3cb90c48ce25ba Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Sep 2013 12:57:14 -0500 Subject: [PATCH 021/287] Update Mozilla root CA certs. --- scripts/base/protocols/ssl/mozilla-ca-list.bro | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro index ad8e445912..e97a1b2d50 100644 --- a/scripts/base/protocols/ssl/mozilla-ca-list.bro +++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro @@ -1,5 +1,5 @@ # Don't edit! This file is automatically generated. -# Generated at: Fri Jul 13 22:22:40 -0400 2012 +# Generated at: Thu Sep 19 12:41:00 -0500 2013 @load base/protocols/ssl module SSL; redef root_certs += { @@ -143,4 +143,6 @@ redef root_certs += { ["CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL"] = "\x30\x82\x05\x63\x30\x82\x03\x4B\xA0\x03\x02\x01\x02\x02\x01\x3B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x1E\x17\x0D\x31\x30\x30\x31\x30\x31\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x31\x32\x33\x31\x32\x33\x35\x39\x30\x31\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x4C\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x13\x0D\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x4C\x74\x64\x2E\x31\x2C\x30\x2A\x06\x03\x55\x04\x03\x13\x23\x53\x74\x61\x72\x74\x43\x6F\x6D\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x47\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xB6\x89\x36\x5B\x07\xB7\x20\x36\xBD\x82\xBB\xE1\x16\x20\x03\x95\x7A\xAF\x0E\xA3\x55\xC9\x25\x99\x4A\xC5\xD0\x56\x41\x87\x90\x4D\x21\x60\xA4\x14\x87\x3B\xCD\xFD\xB2\x3E\xB4\x67\x03\x6A\xED\xE1\x0F\x4B\xC0\x91\x85\x70\x45\xE0\x42\x9E\xDE\x29\x23\xD4\x01\x0D\xA0\x10\x79\xB8\xDB\x03\xBD\xF3\xA9\x2F\xD1\xC6\xE0\x0F\xCB\x9E\x8A\x14\x0A\xB8\xBD\xF6\x56\x62\xF1\xC5\x72\xB6\x32\x25\xD9\xB2\xF3\xBD\x65\xC5\x0D\x2C\x6E\xD5\x92\x6F\x18\x8B\x00\x41\x14\x82\x6F\x40\x20\x26\x7A\x28\x0F\xF5\x1E\x7F\x27\xF7\x94\xB1\x37\x3D\xB7\xC7\x91\xF7\xE2\x01\xEC\xFD\x94\x89\xE1\xCC\x6E\xD3\x36\xD6\x0A\x19\x79\xAE\xD7\x34\x82\x65\xFF\x7C\x42\xBB\xB6\xDD\x0B\xA6\x34\xAF\x4B\x60\xFE\x7F\x43\x49\x06\x8B\x8C\x43\xB8\x56\xF2\xD9\x7F\x21\x43\x17\xEA\xA7\x48\x95\x01\x75\x75\xEA\x2B\xA5\x43\x95\xEA\x15\x84\x9D\x08\x8D\x26\x6E\x55\x9B\xAB\xDC\xD2\x39\xD2\x31\x1D\x60\xE2\xAC\xCC\x56\x45\x24\xF5\x1C\x54\xAB\xEE\x86\xDD\x96\x32\x85\xF8\x4C\x4F\xE8\x95\x76\xB6\x05\xDD\x36\x23\x67\xBC\xFF\x15\xE2\xCA\x3B\xE6\xA6\xEC\x3B\xEC\x26\x11\x34\x48\x8D\xF6\x80\x2B\x1A\x23\x02\xEB\x8A\x1C\x3A\x76\x2A\x7B\x56\x16\x1C\x72\x2A\xB3\xAA\xE3\x60\xA5\x00\x9F\x04\x9B\xE2\x6F\x1E\x14\x58\x5B\xA5\x6C\x8B\x58\x3C\xC3\xBA\x4E\x3A\x5C\xF7\xE1\x96\x2B\x3E\xEF\x07\xBC\xA4\xE5\x5D\xCC\x4D\x9F\x0D\xE1\xDC\xAA\xBB\xE1\x6E\x1A\xEC\x8F\xE1\xB6\x4C\x4D\x79\x72\x5D\x17\x35\x0B\x1D\xD7\xC1\x47\xDA\x96\x24\xE0\xD0\x72\xA8\x5A\x5F\x66\x2D\x10\xDC\x2F\x2A\x13\xAE\x26\xFE\x0A\x1C\x19\xCC\xD0\x3E\x0B\x9C\xC8\x09\x2E\xF9\x5B\x96\x7A\x47\x9C\xE9\x7A\xF3\x05\x50\x74\x95\x73\x9E\x30\x09\xF3\x97\x82\x5E\xE6\x8F\x39\x08\x1E\x59\xE5\x35\x14\x42\x13\xFF\x00\x9C\xF7\xBE\xAA\x50\xCF\xE2\x51\x48\xD7\xB8\x6F\xAF\xF8\x4E\x7E\x33\x98\x92\x14\x62\x3A\x75\x63\xCF\x7B\xFA\xDE\x82\x3B\xA9\xBB\x39\xE2\xC4\xBD\x2C\x00\x0E\xC8\x17\xAC\x13\xEF\x4D\x25\x8E\xD8\xB3\x90\x2F\xA9\xDA\x29\x7D\x1D\xAF\x74\x3A\xB2\x27\xC0\xC1\x1E\x3E\x75\xA3\x16\xA9\xAF\x7A\x22\x5D\x9F\x13\x1A\xCF\xA7\xA0\xEB\xE3\x86\x0A\xD3\xFD\xE6\x96\x95\xD7\x23\xC8\x37\xDD\xC4\x7C\xAA\x36\xAC\x98\x1A\x12\xB1\xE0\x4E\xE8\xB1\x3B\xF5\xD6\x6F\xF1\x30\xD7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4B\xC5\xB4\x40\x6B\xAD\x1C\xB3\xA5\x1C\x65\x6E\x46\x36\x89\x87\x05\x0C\x0E\xB6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x73\x57\x3F\x2C\xD5\x95\x32\x7E\x37\xDB\x96\x92\xEB\x19\x5E\x7E\x53\xE7\x41\xEC\x11\xB6\x47\xEF\xB5\xDE\xED\x74\x5C\xC5\xF1\x8E\x49\xE0\xFC\x6E\x99\x13\xCD\x9F\x8A\xDA\xCD\x3A\x0A\xD8\x3A\x5A\x09\x3F\x5F\x34\xD0\x2F\x03\xD2\x66\x1D\x1A\xBD\x9C\x90\x37\xC8\x0C\x8E\x07\x5A\x94\x45\x46\x2A\xE6\xBE\x7A\xDA\xA1\xA9\xA4\x69\x12\x92\xB0\x7D\x36\xD4\x44\x87\xD7\x51\xF1\x29\x63\xD6\x75\xCD\x16\xE4\x27\x89\x1D\xF8\xC2\x32\x48\xFD\xDB\x99\xD0\x8F\x5F\x54\x74\xCC\xAC\x67\x34\x11\x62\xD9\x0C\x0A\x37\x87\xD1\xA3\x17\x48\x8E\xD2\x17\x1D\xF6\xD7\xFD\xDB\x65\xEB\xFD\xA8\xD4\xF5\xD6\x4F\xA4\x5B\x75\xE8\xC5\xD2\x60\xB2\xDB\x09\x7E\x25\x8B\x7B\xBA\x52\x92\x9E\x3E\xE8\xC5\x77\xA1\x3C\xE0\x4A\x73\x6B\x61\xCF\x86\xDC\x43\xFF\xFF\x21\xFE\x23\x5D\x24\x4A\xF5\xD3\x6D\x0F\x62\x04\x05\x57\x82\xDA\x6E\xA4\x33\x25\x79\x4B\x2E\x54\x19\x8B\xCC\x2C\x3D\x30\xE9\xD1\x06\xFF\xE8\x32\x46\xBE\xB5\x33\x76\x77\xA8\x01\x5D\x96\xC1\xC1\xD5\xBE\xAE\x25\xC0\xC9\x1E\x0A\x09\x20\x88\xA1\x0E\xC9\xF3\x6F\x4D\x82\x54\x00\x20\xA7\xD2\x8F\xE4\x39\x54\x17\x2E\x8D\x1E\xB8\x1B\xBB\x1B\xBD\x9A\x4E\x3B\x10\x34\xDC\x9C\x88\x53\xEF\xA2\x31\x5B\x58\x4F\x91\x62\xC8\xC2\x9A\x9A\xCD\x15\x5D\x38\xA9\xD6\xBE\xF8\x13\xB5\x9F\x12\x69\xF2\x50\x62\xAC\xFB\x17\x37\xF4\xEE\xB8\x75\x67\x60\x10\xFB\x83\x50\xF9\x44\xB5\x75\x9C\x40\x17\xB2\xFE\xFD\x79\x5D\x6E\x58\x58\x5F\x30\xFC\x00\xAE\xAF\x33\xC1\x0E\x4E\x6C\xBA\xA7\xA6\xA1\x7F\x32\xDB\x38\xE0\xB1\x72\x17\x0A\x2B\x91\xEC\x6A\x63\x26\xED\x89\xD4\x78\xCC\x74\x1E\x05\xF8\x6B\xFE\x8C\x6A\x76\x39\x29\xAE\x65\x23\x12\x95\x08\x22\x1C\x97\xCE\x5B\x06\xEE\x0C\xE2\xBB\xBC\x1F\x44\x93\xF6\xD8\x38\x45\x05\x21\xED\xE4\xAD\xAB\x12\xB6\x03\xA4\x42\x2E\x2D\xC4\x09\x3A\x03\x67\x69\x84\x9A\xE1\x59\x90\x8A\x28\x85\xD5\x5D\x74\xB1\xD1\x0E\x20\x58\x9B\x13\xA5\xB0\x63\xA6\xED\x7B\x47\xFD\x45\x55\x30\xA4\xEE\x9A\xD4\xE6\xE2\x87\xEF\x98\xC9\x32\x82\x11\x29\x22\xBC\x00\x0A\x31\x5E\x2D\x0F\xC0\x8E\xE9\x6B\xB2\x8F\x2E\x06\xD8\xD1\x91\xC7\xC6\x12\xF4\x4C\xFD\x30\x17\xC3\xC1\xDA\x38\x5B\xE3\xA9\xEA\xE6\xA1\xBA\x79\xEF\x73\xD8\xB6\x53\x57\x2D\xF6\xD0\xE1\xD7\x48", ["CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x33\x38\x30\x33\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x32\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD7\xC7\x5E\xF7\xC1\x07\xD4\x77\xFB\x43\x21\xF4\xF4\xF5\x69\xE4\xEE\x32\x01\xDB\xA3\x86\x1F\xE4\x59\x0D\xBA\xE7\x75\x83\x52\xEB\xEA\x1C\x61\x15\x48\xBB\x1D\x07\xCA\x8C\xAE\xB0\xDC\x96\x9D\xEA\xC3\x60\x92\x86\x82\x28\x73\x9C\x56\x06\xFF\x4B\x64\xF0\x0C\x2A\x37\x49\xB5\xE5\xCF\x0C\x7C\xEE\xF1\x4A\xBB\x73\x30\x65\xF3\xD5\x2F\x83\xB6\x7E\xE3\xE7\xF5\x9E\xAB\x60\xF9\xD3\xF1\x9D\x92\x74\x8A\xE4\x1C\x96\xAC\x5B\x80\xE9\xB5\xF4\x31\x87\xA3\x51\xFC\xC7\x7E\xA1\x6F\x8E\x53\x77\xD4\x97\xC1\x55\x33\x92\x3E\x18\x2F\x75\xD4\xAD\x86\x49\xCB\x95\xAF\x54\x06\x6C\xD8\x06\x13\x8D\x5B\xFF\xE1\x26\x19\x59\xC0\x24\xBA\x81\x71\x79\x90\x44\x50\x68\x24\x94\x5F\xB8\xB3\x11\xF1\x29\x41\x61\xA3\x41\xCB\x23\x36\xD5\xC1\xF1\x32\x50\x10\x4E\x7F\xF4\x86\x93\xEC\x84\xD3\x8E\xBC\x4B\xBF\x5C\x01\x4E\x07\x3D\xDC\x14\x8A\x94\x0A\xA4\xEA\x73\xFB\x0B\x51\xE8\x13\x07\x18\xFA\x0E\xF1\x2B\xD1\x54\x15\x7D\x3C\xE1\xF7\xB4\x19\x42\x67\x62\x5E\x77\xE0\xA2\x55\xEC\xB6\xD9\x69\x17\xD5\x3A\xAF\x44\xED\x4A\xC5\x9E\xE4\x7A\x27\x7C\xE5\x75\xD7\xAA\xCB\x25\xE7\xDF\x6B\x0A\xDB\x0F\x4D\x93\x4E\xA8\xA0\xCD\x7B\x2E\xF2\x59\x01\x6A\xB7\x0D\xB8\x07\x81\x7E\x8B\x38\x1B\x38\xE6\x0A\x57\x99\x3D\xEE\x21\xE8\xA3\xF5\x0C\x16\xDD\x8B\xEC\x34\x8E\x9C\x2A\x1C\x00\x15\x17\x8D\x68\x83\xD2\x70\x9F\x18\x08\xCD\x11\x68\xD5\xC9\x6B\x52\xCD\xC4\x46\x8F\xDC\xB5\xF3\xD8\x57\x73\x1E\xE9\x94\x39\x04\xBF\xD3\xDE\x38\xDE\xB4\x53\xEC\x69\x1C\xA2\x7E\xC4\x8F\xE4\x1B\x70\xAD\xF2\xA2\xF9\xFB\xF7\x16\x64\x66\x69\x9F\x49\x51\xA2\xE2\x15\x18\x67\x06\x4A\x7F\xD5\x6C\xB5\x4D\xB3\x33\xE0\x61\xEB\x5D\xBE\xE9\x98\x0F\x32\xD7\x1D\x4B\x3C\x2E\x5A\x01\x52\x91\x09\xF2\xDF\xEA\x8D\xD8\x06\x40\x63\xAA\x11\xE4\xFE\xC3\x37\x9E\x14\x52\x3F\xF4\xE2\xCC\xF2\x61\x93\xD1\xFD\x67\x6B\xD7\x52\xAE\xBF\x68\xAB\x40\x43\xA0\x57\x35\x53\x78\xF0\x53\xF8\x61\x42\x07\x64\xC6\xD7\x6F\x9B\x4C\x38\x0D\x63\xAC\x62\xAF\x36\x8B\xA2\x73\x0A\x0D\xF5\x21\xBD\x74\xAA\x4D\xEA\x72\x03\x49\xDB\xC7\x5F\x1D\x62\x63\xC7\xFD\xDD\x91\xEC\x33\xEE\xF5\x6D\xB4\x6E\x30\x68\xDE\xC8\xD6\x26\xB0\x75\x5E\x7B\xB4\x07\x20\x98\xA1\x76\x32\xB8\x4D\x6C\x4F\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xC9\x80\x77\xE0\x62\x92\x82\xF5\x46\x9C\xF3\xBA\xF7\x4C\xC3\xDE\xB8\xA3\xAD\x39\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x53\x5F\x21\xF5\xBA\xB0\x3A\x52\x39\x2C\x92\xB0\x6C\x00\xC9\xEF\xCE\x20\xEF\x06\xF2\x96\x9E\xE9\xA4\x74\x7F\x7A\x16\xFC\xB7\xF5\xB6\xFB\x15\x1B\x3F\xAB\xA6\xC0\x72\x5D\x10\xB1\x71\xEE\xBC\x4F\xE3\xAD\xAC\x03\x6D\x2E\x71\x2E\xAF\xC4\xE3\xAD\xA3\xBD\x0C\x11\xA7\xB4\xFF\x4A\xB2\x7B\x10\x10\x1F\xA7\x57\x41\xB2\xC0\xAE\xF4\x2C\x59\xD6\x47\x10\x88\xF3\x21\x51\x29\x30\xCA\x60\x86\xAF\x46\xAB\x1D\xED\x3A\x5B\xB0\x94\xDE\x44\xE3\x41\x08\xA2\xC1\xEC\x1D\xD6\xFD\x4F\xB6\xD6\x47\xD0\x14\x0B\xCA\xE6\xCA\xB5\x7B\x77\x7E\x41\x1F\x5E\x83\xC7\xB6\x8C\x39\x96\xB0\x3F\x96\x81\x41\x6F\x60\x90\xE2\xE8\xF9\xFB\x22\x71\xD9\x7D\xB3\x3D\x46\xBF\xB4\x84\xAF\x90\x1C\x0F\x8F\x12\x6A\xAF\xEF\xEE\x1E\x7A\xAE\x02\x4A\x8A\x17\x2B\x76\xFE\xAC\x54\x89\x24\x2C\x4F\x3F\xB6\xB2\xA7\x4E\x8C\xA8\x91\x97\xFB\x29\xC6\x7B\x5C\x2D\xB9\xCB\x66\xB6\xB7\xA8\x5B\x12\x51\x85\xB5\x09\x7E\x62\x78\x70\xFE\xA9\x6A\x60\xB6\x1D\x0E\x79\x0C\xFD\xCA\xEA\x24\x80\x72\xC3\x97\x3F\xF2\x77\xAB\x43\x22\x0A\xC7\xEB\xB6\x0C\x84\x82\x2C\x80\x6B\x41\x8A\x08\xC0\xEB\xA5\x6B\xDF\x99\x12\xCB\x8A\xD5\x5E\x80\x0C\x91\xE0\x26\x08\x36\x48\xC5\xFA\x38\x11\x35\xFF\x25\x83\x2D\xF2\x7A\xBF\xDA\xFD\x8E\xFE\xA5\xCB\x45\x2C\x1F\xC4\x88\x53\xAE\x77\x0E\xD9\x9A\x76\xC5\x8E\x2C\x1D\xA3\xBA\xD5\xEC\x32\xAE\xC0\xAA\xAC\xF7\xD1\x7A\x4D\xEB\xD4\x07\xE2\x48\xF7\x22\x8E\xB0\xA4\x9F\x6A\xCE\x8E\xB2\xB2\x60\xF4\xA3\x22\xD0\x23\xEB\x94\x5A\x7A\x69\xDD\x0F\xBF\x40\x57\xAC\x6B\x59\x50\xD9\xA3\x99\xE1\x6E\xFE\x8D\x01\x79\x27\x23\x15\xDE\x92\x9D\x7B\x09\x4D\x5A\xE7\x4B\x48\x30\x5A\x18\xE6\x0A\x6D\xE6\x8F\xE0\xD2\xBB\xE6\xDF\x7C\x6E\x21\x82\xC1\x68\x39\x4D\xB4\x98\x58\x66\x62\xCC\x4A\x90\x5E\xC3\xFA\x27\x04\xB1\x79\x15\x74\x99\xCC\xBE\xAD\x20\xDE\x26\x60\x1C\xEB\x56\x51\xA6\xA3\xEA\xE4\xA3\x3F\xA7\xFF\x61\xDC\xF1\x5A\x4D\x6C\x32\x23\x43\xEE\xAC\xA8\xEE\xEE\x4A\x12\x09\x3C\x5D\x71\xC2\xBE\x79\xFA\xC2\x87\x68\x1D\x0B\xFD\x5C\x69\xCC\x06\xD0\x9A\x7D\x54\x99\x2A\xC9\x39\x1A\x19\xAF\x4B\x2A\x43\xF3\x63\x5D\x5A\x58\xE2\x2F\xE3\x1D\xE4\xA9\xD6\xD0\x0A\xD0\x9E\xBF\xD7\x81\x09\xF1\xC9\xC7\x26\x0D\xAC\x98\x16\x56\xA0", ["CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA5\xDA\x0A\x95\x16\x50\xE3\x95\xF2\x5E\x9D\x76\x31\x06\x32\x7A\x9B\xF1\x10\x76\xB8\x00\x9A\xB5\x52\x36\xCD\x24\x47\xB0\x9F\x18\x64\xBC\x9A\xF6\xFA\xD5\x79\xD8\x90\x62\x4C\x22\x2F\xDE\x38\x3D\xD6\xE0\xA8\xE9\x1C\x2C\xDB\x78\x11\xE9\x8E\x68\x51\x15\x72\xC7\xF3\x33\x87\xE4\xA0\x5D\x0B\x5C\xE0\x57\x07\x2A\x30\xF5\xCD\xC4\x37\x77\x28\x4D\x18\x91\xE6\xBF\xD5\x52\xFD\x71\x2D\x70\x3E\xE7\xC6\xC4\x8A\xE3\xF0\x28\x0B\xF4\x76\x98\xA1\x8B\x87\x55\xB2\x3A\x13\xFC\xB7\x3E\x27\x37\x8E\x22\xE3\xA8\x4F\x2A\xEF\x60\xBB\x3D\xB7\x39\xC3\x0E\x01\x47\x99\x5D\x12\x4F\xDB\x43\xFA\x57\xA1\xED\xF9\x9D\xBE\x11\x47\x26\x5B\x13\x98\xAB\x5D\x16\x8A\xB0\x37\x1C\x57\x9D\x45\xFF\x88\x96\x36\xBF\xBB\xCA\x07\x7B\x6F\x87\x63\xD7\xD0\x32\x6A\xD6\x5D\x6C\x0C\xF1\xB3\x6E\x39\xE2\x6B\x31\x2E\x39\x00\x27\x14\xDE\x38\xC0\xEC\x19\x66\x86\x12\xE8\x9D\x72\x16\x13\x64\x52\xC7\xA9\x37\x1C\xFD\x82\x30\xED\x84\x18\x1D\xF4\xAE\x5C\xFF\x70\x13\x00\xEB\xB1\xF5\x33\x7A\x4B\xD6\x55\xF8\x05\x8D\x4B\x69\xB0\xF5\xB3\x28\x36\x5C\x14\xC4\x51\x73\x4D\x6B\x0B\xF1\x34\x07\xDB\x17\x39\xD7\xDC\x28\x7B\x6B\xF5\x9F\xF3\x2E\xC1\x4F\x17\x2A\x10\xF3\xCC\xCA\xE8\xEB\xFD\x6B\xAB\x2E\x9A\x9F\x2D\x82\x6E\x04\xD4\x52\x01\x93\x2D\x3D\x86\xFC\x7E\xFC\xDF\xEF\x42\x1D\xA6\x6B\xEF\xB9\x20\xC6\xF7\xBD\xA0\xA7\x95\xFD\xA7\xE6\x89\x24\xD8\xCC\x8C\x34\x6C\xE2\x23\x2F\xD9\x12\x1A\x21\xB9\x55\x91\x6F\x0B\x91\x79\x19\x0C\xAD\x40\x88\x0B\x70\xE2\x7A\xD2\x0E\xD8\x68\x48\xBB\x82\x13\x39\x10\x58\xE9\xD8\x2A\x07\xC6\x12\xDB\x58\xDB\xD2\x3B\x55\x10\x47\x05\x15\x67\x62\x7E\x18\x63\xA6\x46\x3F\x09\x0E\x54\x32\x5E\xBF\x0D\x62\x7A\x27\xEF\x80\xE8\xDB\xD9\x4B\x06\x5A\x37\x5A\x25\xD0\x08\x12\x77\xD4\x6F\x09\x50\x97\x3D\xC8\x1D\xC3\xDF\x8C\x45\x30\x56\xC6\xD3\x64\xAB\x66\xF3\xC0\x5E\x96\x9C\xC3\xC4\xEF\xC3\x7C\x6B\x8B\x3A\x79\x7F\xB3\x49\xCF\x3D\xE2\x89\x9F\xA0\x30\x4B\x85\xB9\x9C\x94\x24\x79\x8F\x7D\x6B\xA9\x45\x68\x0F\x2B\xD0\xF1\xDA\x1C\xCB\x69\xB8\xCA\x49\x62\x6D\xC8\xD0\x63\x62\xDD\x60\x0F\x58\xAA\x8F\xA1\xBC\x05\xA5\x66\xA2\xCF\x1B\x76\xB2\x84\x64\xB1\x4C\x39\x52\xC0\x30\xBA\xF0\x8C\x4B\x02\xB0\xB6\xB7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x47\xB8\xCD\xFF\xE5\x6F\xEE\xF8\xB2\xEC\x2F\x4E\x0E\xF9\x25\xB0\x8E\x3C\x6B\xC3\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x00\x20\x23\x41\x35\x04\x90\xC2\x40\x62\x60\xEF\xE2\x35\x4C\xD7\x3F\xAC\xE2\x34\x90\xB8\xA1\x6F\x76\xFA\x16\x16\xA4\x48\x37\x2C\xE9\x90\xC2\xF2\x3C\xF8\x0A\x9F\xD8\x81\xE5\xBB\x5B\xDA\x25\x2C\xA4\xA7\x55\x71\x24\x32\xF6\xC8\x0B\xF2\xBC\x6A\xF8\x93\xAC\xB2\x07\xC2\x5F\x9F\xDB\xCC\xC8\x8A\xAA\xBE\x6A\x6F\xE1\x49\x10\xCC\x31\xD7\x80\xBB\xBB\xC8\xD8\xA2\x0E\x64\x57\xEA\xA2\xF5\xC2\xA9\x31\x15\xD2\x20\x6A\xEC\xFC\x22\x01\x28\xCF\x86\xB8\x80\x1E\xA9\xCC\x11\xA5\x3C\xF2\x16\xB3\x47\x9D\xFC\xD2\x80\x21\xC4\xCB\xD0\x47\x70\x41\xA1\xCA\x83\x19\x08\x2C\x6D\xF2\x5D\x77\x9C\x8A\x14\x13\xD4\x36\x1C\x92\xF0\xE5\x06\x37\xDC\xA6\xE6\x90\x9B\x38\x8F\x5C\x6B\x1B\x46\x86\x43\x42\x5F\x3E\x01\x07\x53\x54\x5D\x65\x7D\xF7\x8A\x73\xA1\x9A\x54\x5A\x1F\x29\x43\x14\x27\xC2\x85\x0F\xB5\x88\x7B\x1A\x3B\x94\xB7\x1D\x60\xA7\xB5\x9C\xE7\x29\x69\x57\x5A\x9B\x93\x7A\x43\x30\x1B\x03\xD7\x62\xC8\x40\xA6\xAA\xFC\x64\xE4\x4A\xD7\x91\x53\x01\xA8\x20\x88\x6E\x9C\x5F\x44\xB9\xCB\x60\x81\x34\xEC\x6F\xD3\x7D\xDA\x48\x5F\xEB\xB4\x90\xBC\x2D\xA9\x1C\x0B\xAC\x1C\xD5\xA2\x68\x20\x80\x04\xD6\xFC\xB1\x8F\x2F\xBB\x4A\x31\x0D\x4A\x86\x1C\xEB\xE2\x36\x29\x26\xF5\xDA\xD8\xC4\xF2\x75\x61\xCF\x7E\xAE\x76\x63\x4A\x7A\x40\x65\x93\x87\xF8\x1E\x80\x8C\x86\xE5\x86\xD6\x8F\x0E\xFC\x53\x2C\x60\xE8\x16\x61\x1A\xA2\x3E\x43\x7B\xCD\x39\x60\x54\x6A\xF5\xF2\x89\x26\x01\x68\x83\x48\xA2\x33\xE8\xC9\x04\x91\xB2\x11\x34\x11\x3E\xEA\xD0\x43\x19\x1F\x03\x93\x90\x0C\xFF\x51\x3D\x57\xF4\x41\x6E\xE1\xCB\xA0\xBE\xEB\xC9\x63\xCD\x6D\xCC\xE4\xF8\x36\xAA\x68\x9D\xED\xBD\x5D\x97\x70\x44\x0D\xB6\x0E\x35\xDC\xE1\x0C\x5D\xBB\xA0\x51\x94\xCB\x7E\x16\xEB\x11\x2F\xA3\x92\x45\xC8\x4C\x71\xD9\xBC\xC9\x99\x52\x57\x46\x2F\x50\xCF\xBD\x35\x69\xF4\x3D\x15\xCE\x06\xA5\x2C\x0F\x3E\xF6\x81\xBA\x94\xBB\xC3\xBB\xBF\x65\x78\xD2\x86\x79\xFF\x49\x3B\x1A\x83\x0C\xF0\xDE\x78\xEC\xC8\xF2\x4D\x4C\x1A\xDE\x82\x29\xF8\xC1\x5A\xDA\xED\xEE\xE6\x27\x5E\xE8\x45\xD0\x9D\x1C\x51\xA8\x68\xAB\x44\xE3\xD0\x8B\x6A\xE3\xF8\x3B\xBB\xDC\x4D\xD7\x64\xF2\x51\xBE\xE6\xAA\xAB\x5A\xE9\x31\xEE\x06\xBC\x73\xBF\x13\x62\x0A\x9F\xC7\xB9\x97", + ["CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE"] = "\x30\x82\x03\xC3\x30\x82\x02\xAB\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x30\x1E\x17\x0D\x30\x38\x31\x30\x30\x31\x31\x30\x32\x39\x35\x36\x5A\x17\x0D\x33\x33\x31\x30\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBD\x75\x93\xF0\x62\x22\x6F\x24\xAE\xE0\x7A\x76\xAC\x7D\xBD\xD9\x24\xD5\xB8\xB7\xFC\xCD\xF0\x42\xE0\xEB\x78\x88\x56\x5E\x9B\x9A\x54\x1D\x4D\x0C\x8A\xF6\xD3\xCF\x70\xF4\x52\xB5\xD8\x93\x04\xE3\x46\x86\x71\x41\x4A\x2B\xF0\x2A\x2C\x55\x03\xD6\x48\xC3\xE0\x39\x38\xED\xF2\x5C\x3C\x3F\x44\xBC\x93\x3D\x61\xAB\x4E\xCD\x0D\xBE\xF0\x20\x27\x58\x0E\x44\x7F\x04\x1A\x87\xA5\xD7\x96\x14\x36\x90\xD0\x49\x7B\xA1\x75\xFB\x1A\x6B\x73\xB1\xF8\xCE\xA9\x09\x2C\xF2\x53\xD5\xC3\x14\x44\xB8\x86\xA5\xF6\x8B\x2B\x39\xDA\xA3\x33\x54\xD9\xFA\x72\x1A\xF7\x22\x15\x1C\x88\x91\x6B\x7F\x66\xE5\xC3\x6A\x80\xB0\x24\xF3\xDF\x86\x45\x88\xFD\x19\x7F\x75\x87\x1F\x1F\xB1\x1B\x0A\x73\x24\x5B\xB9\x65\xE0\x2C\x54\xC8\x60\xD3\x66\x17\x3F\xE1\xCC\x54\x33\x73\x91\x02\x3A\xA6\x7F\x7B\x76\x39\xA2\x1F\x96\xB6\x38\xAE\xB5\xC8\x93\x74\x1D\x9E\xB9\xB4\xE5\x60\x9D\x2F\x56\xD1\xE0\xEB\x5E\x5B\x4C\x12\x70\x0C\x6C\x44\x20\xAB\x11\xD8\xF4\x19\xF6\xD2\x9C\x52\x37\xE7\xFA\xB6\xC2\x31\x3B\x4A\xD4\x14\x99\xAD\xC7\x1A\xF5\x5D\x5F\xFA\x07\xB8\x7C\x0D\x1F\xD6\x83\x1E\xB3\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB5\x03\xF7\x76\x3B\x61\x82\x6A\x12\xAA\x18\x53\xEB\x03\x21\x94\xBF\xFE\xCE\xCA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x56\x3D\xEF\x94\xD5\xBD\xDA\x73\xB2\x58\xBE\xAE\x90\xAD\x98\x27\x97\xFE\x01\xB1\xB0\x52\x00\xB8\x4D\xE4\x1B\x21\x74\x1B\x7E\xC0\xEE\x5E\x69\x2A\x25\xAF\x5C\xD6\x1D\xDA\xD2\x79\xC9\xF3\x97\x29\xE0\x86\x87\xDE\x04\x59\x0F\xF1\x59\xD4\x64\x85\x4B\x99\xAF\x25\x04\x1E\xC9\x46\xA9\x97\xDE\x82\xB2\x1B\x70\x9F\x9C\xF6\xAF\x71\x31\xDD\x7B\x05\xA5\x2C\xD3\xB9\xCA\x47\xF6\xCA\xF2\xF6\xE7\xAD\xB9\x48\x3F\xBC\x16\xB7\xC1\x6D\xF4\xEA\x09\xAF\xEC\xF3\xB5\xE7\x05\x9E\xA6\x1E\x8A\x53\x51\xD6\x93\x81\xCC\x74\x93\xF6\xB9\xDA\xA6\x25\x05\x74\x79\x5A\x7E\x40\x3E\x82\x4B\x26\x11\x30\x6E\xE1\x3F\x41\xC7\x47\x00\x35\xD5\xF5\xD3\xF7\x54\x3E\x81\x3D\xDA\x49\x6A\x9A\xB3\xEF\x10\x3D\xE6\xEB\x6F\xD1\xC8\x22\x47\xCB\xCC\xCF\x01\x31\x92\xD9\x18\xE3\x22\xBE\x09\x1E\x1A\x3E\x5A\xB2\xE4\x6B\x0C\x54\x7A\x7D\x43\x4E\xB8\x89\xA5\x7B\xD7\xA2\x3D\x96\x86\xCC\xF2\x26\x34\x2D\x6A\x92\x9D\x9A\x1A\xD0\x30\xE2\x5D\x4E\x04\xB0\x5F\x8B\x20\x7E\x77\xC1\x3D\x95\x82\xD1\x46\x9A\x3B\x3C\x78\xB8\x6F\xA1\xD0\x0D\x64\xA2\x78\x1E\x29\x4E\x93\xC3\xA4\x54\x14\x5B", + ["emailAddress=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE"] = "\x30\x82\x04\x03\x30\x82\x02\xEB\xA0\x03\x02\x01\x02\x02\x10\x54\x80\xF9\xA0\x73\xED\x3F\x00\x4C\xCA\x89\xD8\xE3\x71\xE6\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x0C\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x45\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x72\x65\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x30\x22\x18\x0F\x32\x30\x31\x30\x31\x30\x33\x30\x31\x30\x31\x30\x33\x30\x5A\x18\x0F\x32\x30\x33\x30\x31\x32\x31\x37\x32\x33\x35\x39\x35\x39\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x0C\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x45\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x72\x65\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC8\x20\xC0\xEC\xE0\xC5\x4B\xAB\x07\x78\x95\xF3\x44\xEE\xFB\x0B\x0C\xFF\x74\x8E\x61\xBB\xB1\x62\xEA\x23\xD8\xAB\xA1\x65\x32\x7A\xEB\x8E\x17\x4F\x96\xD8\x0A\x7B\x91\xA2\x63\x6C\xC7\x8C\x4C\x2E\x79\xBF\xA9\x05\xFC\x69\x5C\x95\x8D\x62\xF9\xB9\x70\xED\xC3\x51\x7D\xD0\x93\xE6\x6C\xEB\x30\x4B\xE1\xBC\x7D\xBF\x52\x9B\xCE\x6E\x7B\x65\xF2\x38\xB1\xC0\xA2\x32\xEF\x62\xB2\x68\xE0\x61\x53\xC1\x36\x95\xFF\xEC\x94\xBA\x36\xAE\x9C\x1C\xA7\x32\x0F\xE5\x7C\xB4\xC6\x6F\x74\xFD\x7B\x18\xE8\xAC\x57\xED\x06\x20\x4B\x32\x30\x58\x5B\xFD\xCD\xA8\xE6\xA1\xFC\x70\xBC\x8E\x92\x73\xDB\x97\xA7\x7C\x21\xAE\x3D\xC1\xF5\x48\x87\x6C\x27\xBD\x9F\x25\x74\x81\x55\xB0\xF7\x75\xF6\x3D\xA4\x64\x6B\xD6\x4F\xE7\xCE\x40\xAD\x0F\xDD\x32\xD3\xBC\x8A\x12\x53\x98\xC9\x89\xFB\x10\x1D\x4D\x7E\xCD\x7E\x1F\x56\x0D\x21\x70\x85\xF6\x20\x83\x1F\xF6\xBA\x1F\x04\x8F\xEA\x77\x88\x35\xC4\xFF\xEA\x4E\xA1\x8B\x4D\x3F\x63\x1B\x44\xC3\x44\xD4\x25\x76\xCA\xB7\x8D\xD7\x1E\x4A\x66\x64\xCD\x5C\xC5\x9C\x83\xE1\xC2\x08\x88\x9A\xEC\x4E\xA3\xF1\x3E\x1C\x2C\xD9\x6C\x1D\xA1\x4B\x02\x03\x01\x00\x01\xA3\x81\x8A\x30\x81\x87\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x12\xF2\x5A\x3E\xEA\x56\x1C\xBF\xCD\x06\xAC\xF1\xF1\x25\xC9\xA9\x4B\xD4\x14\x99\x30\x45\x06\x03\x55\x1D\x25\x04\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x03\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x04\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x08\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7B\xF6\xE4\xC0\x0D\xAA\x19\x47\xB7\x4D\x57\xA3\xFE\xAD\xBB\xB1\x6A\xD5\x0F\x9E\xDB\xE4\x63\xC5\x8E\xA1\x50\x56\x93\x96\xB8\x38\xC0\x24\x22\x66\xBC\x53\x14\x61\x95\xBF\xD0\xC7\x2A\x96\x39\x3F\x7D\x28\xB3\x10\x40\x21\x6A\xC4\xAF\xB0\x52\x77\x18\xE1\x96\xD8\x56\x5D\xE3\xDD\x36\x5E\x1D\xA7\x50\x54\xA0\xC5\x2A\xE4\xAA\x8C\x94\x8A\x4F\x9D\x35\xFF\x76\xA4\x06\x13\x91\xA2\xA2\x7D\x00\x44\x3F\x55\xD3\x82\x3C\x1A\xD5\x5B\xBC\x56\x4C\x22\x2E\x46\x43\x8A\x24\x40\x2D\xF3\x12\xB8\x3B\x70\x1A\xA4\x96\xB9\x1A\xAF\x87\x41\x1A\x6A\x18\x0D\x06\x4F\xC7\x3E\x6E\xB9\x29\x4D\x0D\x49\x89\x11\x87\x32\x5B\xE6\x4B\x04\xC8\xE4\x5C\xE6\x74\x73\x94\x5D\x16\x98\x13\x95\xFE\xFB\xDB\xB1\x44\xE5\x3A\x70\xAC\x37\x6B\xE6\xB3\x33\x72\x28\xC9\xB3\x57\xA0\xF6\x02\x16\x88\x06\x0B\xB6\xA6\x4B\x20\x28\xD4\xDE\x3D\x8B\xAD\x37\x05\x53\x74\xFE\x6E\xCC\xBC\x43\x17\x71\x5E\xF9\xC5\xCC\x1A\xA9\x61\xEE\xF7\x76\x0C\xF3\x72\xF4\x72\xAD\xCF\x72\x02\x36\x07\x47\xCF\xEF\x19\x50\x89\x60\xCC\xE9\x24\x95\x0F\xC2\xCB\x1D\xF2\x6F\x76\x90\xC7\xCC\x75\xC1\x96\xC5\x9D", }; From 1ed210a57247620174326bc530b0fe7a373761b7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Sep 2013 13:57:51 -0500 Subject: [PATCH 022/287] Set safe umask when creating script profiler tmp files. --- src/Brofiler.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Brofiler.cc b/src/Brofiler.cc index c9a3505069..777be52217 100644 --- a/src/Brofiler.cc +++ b/src/Brofiler.cc @@ -2,6 +2,7 @@ #include #include #include +#include #include "Brofiler.h" #include "util.h" @@ -54,7 +55,10 @@ bool Brofiler::WriteStats() if ( p && ! p[7] ) { + mode_t old_umask = umask(S_IXUSR | S_IRWXO | S_IRWXG); int fd = mkstemp(bf); + umask(old_umask); + if ( fd == -1 ) { reporter->Error("Failed to generate unique file name from BRO_PROFILER_FILE: %s", bf); From 8b48a476ecf58a96d9cb014b275c7172f188a176 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Thu, 19 Sep 2013 12:53:45 -0700 Subject: [PATCH 023/287] update mozilla root ca list --- scripts/base/protocols/ssl/mozilla-ca-list.bro | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro index e97a1b2d50..75dc057a55 100644 --- a/scripts/base/protocols/ssl/mozilla-ca-list.bro +++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro @@ -1,5 +1,5 @@ # Don't edit! This file is automatically generated. -# Generated at: Thu Sep 19 12:41:00 -0500 2013 +# Generated at: Thu Sep 19 12:40:13 -0700 2013 @load base/protocols/ssl module SSL; redef root_certs += { @@ -7,8 +7,6 @@ redef root_certs += { ["emailAddress=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"] = "\x30\x82\x03\x13\x30\x82\x02\x7C\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xC4\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2D\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC4\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x54\x68\x61\x77\x74\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x73\x65\x72\x76\x65\x72\x2D\x63\x65\x72\x74\x73\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD3\xA4\x50\x6E\xC8\xFF\x56\x6B\xE6\xCF\x5D\xB6\xEA\x0C\x68\x75\x47\xA2\xAA\xC2\xDA\x84\x25\xFC\xA8\xF4\x47\x51\xDA\x85\xB5\x20\x74\x94\x86\x1E\x0F\x75\xC9\xE9\x08\x61\xF5\x06\x6D\x30\x6E\x15\x19\x02\xE9\x52\xC0\x62\xDB\x4D\x99\x9E\xE2\x6A\x0C\x44\x38\xCD\xFE\xBE\xE3\x64\x09\x70\xC5\xFE\xB1\x6B\x29\xB6\x2F\x49\xC8\x3B\xD4\x27\x04\x25\x10\x97\x2F\xE7\x90\x6D\xC0\x28\x42\x99\xD7\x4C\x43\xDE\xC3\xF5\x21\x6D\x54\x9F\x5D\xC3\x58\xE1\xC0\xE4\xD9\x5B\xB0\xB8\xDC\xB4\x7B\xDF\x36\x3A\xC2\xB5\x66\x22\x12\xD6\x87\x0D\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x07\xFA\x4C\x69\x5C\xFB\x95\xCC\x46\xEE\x85\x83\x4D\x21\x30\x8E\xCA\xD9\xA8\x6F\x49\x1A\xE6\xDA\x51\xE3\x60\x70\x6C\x84\x61\x11\xA1\x1A\xC8\x48\x3E\x59\x43\x7D\x4F\x95\x3D\xA1\x8B\xB7\x0B\x62\x98\x7A\x75\x8A\xDD\x88\x4E\x4E\x9E\x40\xDB\xA8\xCC\x32\x74\xB9\x6F\x0D\xC6\xE3\xB3\x44\x0B\xD9\x8A\x6F\x9A\x29\x9B\x99\x18\x28\x3B\xD1\xE3\x40\x28\x9A\x5A\x3C\xD5\xB5\xE7\x20\x1B\x8B\xCA\xA4\xAB\x8D\xE9\x51\xD9\xE2\x4C\x2C\x59\xA9\xDA\xB9\xB2\x75\x1B\xF6\x42\xF2\xEF\xC7\xF2\x18\xF9\x89\xBC\xA3\xFF\x8A\x23\x2E\x70\x47", ["emailAddress=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"] = "\x30\x82\x03\x27\x30\x82\x02\x90\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x81\xCE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x19\x70\x72\x65\x6D\x69\x75\x6D\x2D\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x39\x36\x30\x38\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x5A\x41\x31\x15\x30\x13\x06\x03\x55\x04\x08\x13\x0C\x57\x65\x73\x74\x65\x72\x6E\x20\x43\x61\x70\x65\x31\x12\x30\x10\x06\x03\x55\x04\x07\x13\x09\x43\x61\x70\x65\x20\x54\x6F\x77\x6E\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x13\x14\x54\x68\x61\x77\x74\x65\x20\x43\x6F\x6E\x73\x75\x6C\x74\x69\x6E\x67\x20\x63\x63\x31\x28\x30\x26\x06\x03\x55\x04\x0B\x13\x1F\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x44\x69\x76\x69\x73\x69\x6F\x6E\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x54\x68\x61\x77\x74\x65\x20\x50\x72\x65\x6D\x69\x75\x6D\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x31\x28\x30\x26\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x19\x70\x72\x65\x6D\x69\x75\x6D\x2D\x73\x65\x72\x76\x65\x72\x40\x74\x68\x61\x77\x74\x65\x2E\x63\x6F\x6D\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xD2\x36\x36\x6A\x8B\xD7\xC2\x5B\x9E\xDA\x81\x41\x62\x8F\x38\xEE\x49\x04\x55\xD6\xD0\xEF\x1C\x1B\x95\x16\x47\xEF\x18\x48\x35\x3A\x52\xF4\x2B\x6A\x06\x8F\x3B\x2F\xEA\x56\xE3\xAF\x86\x8D\x9E\x17\xF7\x9E\xB4\x65\x75\x02\x4D\xEF\xCB\x09\xA2\x21\x51\xD8\x9B\xD0\x67\xD0\xBA\x0D\x92\x06\x14\x73\xD4\x93\xCB\x97\x2A\x00\x9C\x5C\x4E\x0C\xBC\xFA\x15\x52\xFC\xF2\x44\x6E\xDA\x11\x4A\x6E\x08\x9F\x2F\x2D\xE3\xF9\xAA\x3A\x86\x73\xB6\x46\x53\x58\xC8\x89\x05\xBD\x83\x11\xB8\x73\x3F\xAA\x07\x8D\xF4\x42\x4D\xE7\x40\x9D\x1C\x37\x02\x03\x01\x00\x01\xA3\x13\x30\x11\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x26\x48\x2C\x16\xC2\x58\xFA\xE8\x16\x74\x0C\xAA\xAA\x5F\x54\x3F\xF2\xD7\xC9\x78\x60\x5E\x5E\x6E\x37\x63\x22\x77\x36\x7E\xB2\x17\xC4\x34\xB9\xF5\x08\x85\xFC\xC9\x01\x38\xFF\x4D\xBE\xF2\x16\x42\x43\xE7\xBB\x5A\x46\xFB\xC1\xC6\x11\x1F\xF1\x4A\xB0\x28\x46\xC9\xC3\xC4\x42\x7D\xBC\xFA\xAB\x59\x6E\xD5\xB7\x51\x88\x11\xE3\xA4\x85\x19\x6B\x82\x4C\xA4\x0C\x12\xAD\xE9\xA4\xAE\x3F\xF1\xC3\x49\x65\x9A\x8C\xC5\xC8\x3E\x25\xB7\x94\x99\xBB\x92\x32\x71\x07\xF0\x86\x5E\xED\x50\x27\xA6\x0D\xA6\x23\xF9\xBB\xCB\xA6\x07\x14\x42", ["OU=Equifax Secure Certificate Authority,O=Equifax,C=US"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xA0\x03\x02\x01\x02\x02\x04\x35\xDE\xF4\xCF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x17\x0D\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC1\x5D\xB1\x58\x67\x08\x62\xEE\xA0\x9A\x2D\x1F\x08\x6D\x91\x14\x68\x98\x0A\x1E\xFE\xDA\x04\x6F\x13\x84\x62\x21\xC3\xD1\x7C\xCE\x9F\x05\xE0\xB8\x01\xF0\x4E\x34\xEC\xE2\x8A\x95\x04\x64\xAC\xF1\x6B\x53\x5F\x05\xB3\xCB\x67\x80\xBF\x42\x02\x8E\xFE\xDD\x01\x09\xEC\xE1\x00\x14\x4F\xFC\xFB\xF0\x0C\xDD\x43\xBA\x5B\x2B\xE1\x1F\x80\x70\x99\x15\x57\x93\x16\xF1\x0F\x97\x6A\xB7\xC2\x68\x23\x1C\xCC\x4D\x59\x30\xAC\x51\x1E\x3B\xAF\x2B\xD6\xEE\x63\x45\x7B\xC5\xD9\x5F\x50\xD2\xE3\x50\x0F\x3A\x88\xE7\xBF\x14\xFD\xE0\xC7\xB9\x02\x03\x01\x00\x01\xA3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1D\x1F\x04\x69\x30\x67\x30\x65\xA0\x63\xA0\x61\xA4\x5F\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07\x45\x71\x75\x69\x66\x61\x78\x31\x2D\x30\x2B\x06\x03\x55\x04\x0B\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x1A\x06\x03\x55\x1D\x10\x04\x13\x30\x11\x81\x0F\x32\x30\x31\x38\x30\x38\x32\x32\x31\x36\x34\x31\x35\x31\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x48\xE6\x68\xF9\x2B\xD2\xB2\x95\xD7\x47\xD8\x23\x20\x10\x4F\x33\x98\x90\x9F\xD4\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1A\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0D\x30\x0B\x1B\x05\x56\x33\x2E\x30\x63\x03\x02\x06\xC0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x58\xCE\x29\xEA\xFC\xF7\xDE\xB5\xCE\x02\xB9\x17\xB5\x85\xD1\xB9\xE3\xE0\x95\xCC\x25\x31\x0D\x00\xA6\x92\x6E\x7F\xB6\x92\x63\x9E\x50\x95\xD1\x9A\x6F\xE4\x11\xDE\x63\x85\x6E\x98\xEE\xA8\xFF\x5A\xC8\xD3\x55\xB2\x66\x71\x57\xDE\xC0\x21\xEB\x3D\x2A\xA7\x23\x49\x01\x04\x86\x42\x7B\xFC\xEE\x7F\xA2\x16\x52\xB5\x67\x67\xD3\x40\xDB\x3B\x26\x58\xB2\x28\x77\x3D\xAE\x14\x77\x61\xD6\xFA\x2A\x66\x27\xA0\x0D\xFA\xA7\x73\x5C\xEA\x70\xF1\x94\x21\x65\x44\x5F\xFA\xFC\xEF\x29\x68\xA9\xA2\x87\x79\xEF\x79\xEF\x4F\xAC\x07\x77\x38", - ["OU=DSTCA E1,O=Digital Signature Trust Co.,C=US"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xA0\x03\x02\x01\x02\x02\x04\x36\x70\x15\x96\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x30\x1E\x17\x0D\x39\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5A\x17\x0D\x31\x38\x31\x32\x31\x30\x31\x38\x34\x30\x32\x33\x5A\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x30\x81\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8B\x00\x30\x81\x87\x02\x81\x81\x00\xA0\x6C\x81\xA9\xCF\x34\x1E\x24\xDD\xFE\x86\x28\xCC\xDE\x83\x2F\xF9\x5E\xD4\x42\xD2\xE8\x74\x60\x66\x13\x98\x06\x1C\xA9\x51\x12\x69\x6F\x31\x55\xB9\x49\x72\x00\x08\x7E\xD3\xA5\x62\x44\x37\x24\x99\x8F\xD9\x83\x48\x8F\x99\x6D\x95\x13\xBB\x43\x3B\x2E\x49\x4E\x88\x37\xC1\xBB\x58\x7F\xFE\xE1\xBD\xF8\xBB\x61\xCD\xF3\x47\xC0\x99\xA6\xF1\xF3\x91\xE8\x78\x7C\x00\xCB\x61\xC9\x44\x27\x71\x69\x55\x4A\x7E\x49\x4D\xED\xA2\xA3\xBE\x02\x4C\x00\xCA\x02\xA8\xEE\x01\x02\x31\x64\x0F\x52\x2D\x13\x74\x76\x36\xB5\x7A\xB4\x2D\x71\x02\x01\x03\xA3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1D\x1F\x04\x61\x30\x5F\x30\x5D\xA0\x5B\xA0\x59\xA4\x57\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x31\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x31\x39\x39\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5A\x81\x0F\x32\x30\x31\x38\x31\x32\x31\x30\x31\x38\x31\x30\x32\x33\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x6A\x79\x7E\x91\x69\x46\x18\x13\x0A\x02\x77\xA5\x59\x5B\x60\x98\x25\x0E\xA2\xF8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x6A\x79\x7E\x91\x69\x46\x18\x13\x0A\x02\x77\xA5\x59\x5B\x60\x98\x25\x0E\xA2\xF8\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x19\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0C\x30\x0A\x1B\x04\x56\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x22\x12\xD8\x7A\x1D\xDC\x81\x06\xB6\x09\x65\xB2\x87\xC8\x1F\x5E\xB4\x2F\xE9\xC4\x1E\xF2\x3C\xC1\xBB\x04\x90\x11\x4A\x83\x4E\x7E\x93\xB9\x4D\x42\xC7\x92\x26\xA0\x5C\x34\x9A\x38\x72\xF8\xFD\x6B\x16\x3E\x20\xEE\x82\x8B\x31\x2A\x93\x36\x85\x23\x88\x8A\x3C\x03\x68\xD3\xC9\x09\x0F\x4D\xFC\x6C\xA4\xDA\x28\x72\x93\x0E\x89\x80\xB0\x7D\xFE\x80\x6F\x65\x6D\x18\x33\x97\x8B\xC2\x6B\x89\xEE\x60\x3D\xC8\x9B\xEF\x7F\x2B\x32\x62\x73\x93\xCB\x3C\xE3\x7B\xE2\x76\x78\x45\xBC\xA1\x93\x04\xBB\x86\x9F\x3A\x5B\x43\x7A\xC3\x8A\x65", - ["OU=DSTCA E2,O=Digital Signature Trust Co.,C=US"] = "\x30\x82\x03\x29\x30\x82\x02\x92\xA0\x03\x02\x01\x02\x02\x04\x36\x6E\xD3\xCE\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x1E\x17\x0D\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x17\x0D\x31\x38\x31\x32\x30\x39\x31\x39\x34\x37\x32\x36\x5A\x30\x46\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x30\x81\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8B\x00\x30\x81\x87\x02\x81\x81\x00\xBF\x93\x8F\x17\x92\xEF\x33\x13\x18\xEB\x10\x7F\x4E\x16\xBF\xFF\x06\x8F\x2A\x85\xBC\x5E\xF9\x24\xA6\x24\x88\xB6\x03\xB7\xC1\xC3\x5F\x03\x5B\xD1\x6F\xAE\x7E\x42\xEA\x66\x23\xB8\x63\x83\x56\xFB\x28\x2D\xE1\x38\x8B\xB4\xEE\xA8\x01\xE1\xCE\x1C\xB6\x88\x2A\x22\x46\x85\xFB\x9F\xA7\x70\xA9\x47\x14\x3F\xCE\xDE\x65\xF0\xA8\x71\xF7\x4F\x26\x6C\x8C\xBC\xC6\xB5\xEF\xDE\x49\x27\xFF\x48\x2A\x7D\xE8\x4D\x03\xCC\xC7\xB2\x52\xC6\x17\x31\x13\x3B\xB5\x4D\xDB\xC8\xC4\xF6\xC3\x0F\x24\x2A\xDA\x0C\x9D\xE7\x91\x5B\x80\xCD\x94\x9D\x02\x01\x03\xA3\x82\x01\x24\x30\x82\x01\x20\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x68\x06\x03\x55\x1D\x1F\x04\x61\x30\x5F\x30\x5D\xA0\x5B\xA0\x59\xA4\x57\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x24\x30\x22\x06\x03\x55\x04\x0A\x13\x1B\x44\x69\x67\x69\x74\x61\x6C\x20\x53\x69\x67\x6E\x61\x74\x75\x72\x65\x20\x54\x72\x75\x73\x74\x20\x43\x6F\x2E\x31\x11\x30\x0F\x06\x03\x55\x04\x0B\x13\x08\x44\x53\x54\x43\x41\x20\x45\x32\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x31\x39\x39\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x81\x0F\x32\x30\x31\x38\x31\x32\x30\x39\x31\x39\x31\x37\x32\x36\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x1E\x82\x4D\x28\x65\x80\x3C\xC9\x41\x6E\xAC\x35\x2E\x5A\xCB\xDE\xEE\xF8\x39\x5B\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1E\x82\x4D\x28\x65\x80\x3C\xC9\x41\x6E\xAC\x35\x2E\x5A\xCB\xDE\xEE\xF8\x39\x5B\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x19\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0C\x30\x0A\x1B\x04\x56\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x47\x8D\x83\xAD\x62\xF2\xDB\xB0\x9E\x45\x22\x05\xB9\xA2\xD6\x03\x0E\x38\x72\xE7\x9E\xFC\x7B\xE6\x93\xB6\x9A\xA5\xA2\x94\xC8\x34\x1D\x91\xD1\xC5\xD7\xF4\x0A\x25\x0F\x3D\x78\x81\x9E\x0F\xB1\x67\xC4\x90\x4C\x63\xDD\x5E\xA7\xE2\xBA\x9F\xF5\xF7\x4D\xA5\x31\x7B\x9C\x29\x2D\x4C\xFE\x64\x3E\xEC\xB6\x53\xFE\xEA\x9B\xED\x82\xDB\x74\x75\x4B\x07\x79\x6E\x1E\xD8\x19\x83\x73\xDE\xF5\x3E\xD0\xB5\xDE\xE7\x4B\x68\x7D\x43\x2E\x2A\x20\xE1\x7E\xA0\x78\x44\x9E\x08\xF5\x98\xF9\xC7\x7F\x1B\x1B\xD6\x06\x20\x02\x58\xA1\xC3\xA2\x03", ["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64", ["OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x03\x02\x30\x82\x02\x6B\x02\x10\x7D\xD9\xFE\x07\xCF\xA8\x1E\xB7\x10\x79\x67\xFB\xA7\x89\x34\xC6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x1E\x17\x0D\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xC1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x0B\x13\x33\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x32\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCC\x5E\xD1\x11\x5D\x5C\x69\xD0\xAB\xD3\xB9\x6A\x4C\x99\x1F\x59\x98\x30\x8E\x16\x85\x20\x46\x6D\x47\x3F\xD4\x85\x20\x84\xE1\x6D\xB3\xF8\xA4\xED\x0C\xF1\x17\x0F\x3B\xF9\xA7\xF9\x25\xD7\xC1\xCF\x84\x63\xF2\x7C\x63\xCF\xA2\x47\xF2\xC6\x5B\x33\x8E\x64\x40\x04\x68\xC1\x80\xB9\x64\x1C\x45\x77\xC7\xD8\x6E\xF5\x95\x29\x3C\x50\xE8\x34\xD7\x78\x1F\xA8\xBA\x6D\x43\x91\x95\x8F\x45\x57\x5E\x7E\xC5\xFB\xCA\xA4\x04\xEB\xEA\x97\x37\x54\x30\x6F\xBB\x01\x47\x32\x33\xCD\xDC\x57\x9B\x64\x69\x61\xF8\x9B\x1D\x1C\x89\x4F\x5C\x67\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x51\x4D\xCD\xBE\x5C\xCB\x98\x19\x9C\x15\xB2\x01\x39\x78\x2E\x4D\x0F\x67\x70\x70\x99\xC6\x10\x5A\x94\xA4\x53\x4D\x54\x6D\x2B\xAF\x0D\x5D\x40\x8B\x64\xD3\xD7\xEE\xDE\x56\x61\x92\x5F\xA6\xC4\x1D\x10\x61\x36\xD3\x2C\x27\x3C\xE8\x29\x09\xB9\x11\x64\x74\xCC\xB5\x73\x9F\x1C\x48\xA9\xBC\x61\x01\xEE\xE2\x17\xA6\x0C\xE3\x40\x08\x3B\x0E\xE7\xEB\x44\x73\x2A\x9A\xF1\x69\x92\xEF\x71\x14\xC3\x39\xAC\x71\xA7\x91\x09\x6F\xE4\x71\x06\xB3\xBA\x59\x57\x26\x79\x00\xF6\xF8\x0D\xA2\x33\x30\x28\xD4\xAA\x58\xA0\x9D\x9D\x69\x91\xFD", ["CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE"] = "\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0", @@ -19,11 +17,10 @@ redef root_certs += { ["CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\x9B\x7E\x06\x49\xA3\x3E\x62\xB9\xD5\xEE\x90\x48\x71\x29\xEF\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\xBA\x9C\x52\xFC\x78\x1F\x1A\x1E\x6F\x1B\x37\x73\xBD\xF8\xC9\x6B\x94\x12\x30\x4F\xF0\x36\x47\xF5\xD0\x91\x0A\xF5\x17\xC8\xA5\x61\xC1\x16\x40\x4D\xFB\x8A\x61\x90\xE5\x76\x20\xC1\x11\x06\x7D\xAB\x2C\x6E\xA6\xF5\x11\x41\x8E\xFA\x2D\xAD\x2A\x61\x59\xA4\x67\x26\x4C\xD0\xE8\xBC\x52\x5B\x70\x20\x04\x58\xD1\x7A\xC9\xA4\x69\xBC\x83\x17\x64\xAD\x05\x8B\xBC\xD0\x58\xCE\x8D\x8C\xF5\xEB\xF0\x42\x49\x0B\x9D\x97\x27\x67\x32\x6E\xE1\xAE\x93\x15\x1C\x70\xBC\x20\x4D\x2F\x18\xDE\x92\x88\xE8\x6C\x85\x57\x11\x1A\xE9\x7E\xE3\x26\x11\x54\xA2\x45\x96\x55\x83\xCA\x30\x89\xE8\xDC\xD8\xA3\xED\x2A\x80\x3F\x7F\x79\x65\x57\x3E\x15\x20\x66\x08\x2F\x95\x93\xBF\xAA\x47\x2F\xA8\x46\x97\xF0\x12\xE2\xFE\xC2\x0A\x2B\x51\xE6\x76\xE6\xB7\x46\xB7\xE2\x0D\xA6\xCC\xA8\xC3\x4C\x59\x55\x89\xE6\xE8\x53\x5C\x1C\xEA\x9D\xF0\x62\x16\x0B\xA7\xC9\x5F\x0C\xF0\xDE\xC2\x76\xCE\xAF\xF7\x6A\xF2\xFA\x41\xA6\xA2\x33\x14\xC9\xE5\x7A\x63\xD3\x9E\x62\x37\xD5\x85\x65\x9E\x0E\xE6\x53\x24\x74\x1B\x5E\x1D\x12\x53\x5B\xC7\x2C\xE7\x83\x49\x3B\x15\xAE\x8A\x68\xB9\x57\x97\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xC1\xAB\x92\x08\xF7\x3F\x2F\xC9\xB2\xFE\xE4\x5A\x9F\x64\xDE\xDB\x21\x4F\x86\x99\x34\x76\x36\x57\xDD\xD0\x15\x2F\xC5\xAD\x7F\x15\x1F\x37\x62\x73\x3E\xD4\xE7\x5F\xCE\x17\x03\xDB\x35\xFA\x2B\xDB\xAE\x60\x09\x5F\x1E\x5F\x8F\x6E\xBB\x0B\x3D\xEA\x5A\x13\x1E\x0C\x60\x6F\xB5\xC0\xB5\x23\x22\x2E\x07\x0B\xCB\xA9\x74\xCB\x47\xBB\x1D\xC1\xD7\xA5\x6B\xCC\x2F\xD2\x42\xFD\x49\xDD\xA7\x89\xCF\x53\xBA\xDA\x00\x5A\x28\xBF\x82\xDF\xF8\xBA\x13\x1D\x50\x86\x82\xFD\x8E\x30\x8F\x29\x46\xB0\x1E\x3D\x35\xDA\x38\x62\x16\x18\x4A\xAD\xE6\xB6\x51\x6C\xDE\xAF\x62\xEB\x01\xD0\x1E\x24\xFE\x7A\x8F\x12\x1A\x12\x68\xB8\xFB\x66\x99\x14\x14\x45\x5C\xAE\xE7\xAE\x69\x17\x81\x2B\x5A\x37\xC9\x5E\x2A\xF4\xC6\xE2\xA1\x5C\x54\x9B\xA6\x54\x00\xCF\xF0\xF1\xC1\xC7\x98\x30\x1A\x3B\x36\x16\xDB\xA3\x6E\xEA\xFD\xAD\xB2\xC2\xDA\xEF\x02\x47\x13\x8A\xC0\xF1\xB3\x31\xAD\x4F\x1C\xE1\x4F\x9C\xAF\x0F\x0C\x9D\xF7\x78\x0D\xD8\xF4\x35\x56\x80\xDA\xB7\x6D\x17\x8F\x9D\x1E\x81\x64\xE1\xFE\xC5\x45\xBA\xAD\x6B\xB9\x0A\x7A\x4E\x4F\x4B\x84\xEE\x4B\xF1\x7D\xDD\x11", ["CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\xEC\xA0\xA7\x8B\x6E\x75\x6A\x01\xCF\xC4\x7C\xCC\x2F\x94\x5E\xD7\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x34\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\xCB\xA5\x11\x69\xC6\x59\xAB\xF1\x8F\xB5\x19\x0F\x56\xCE\xCC\xB5\x1F\x20\xE4\x9E\x26\x25\x4B\xE0\x73\x65\x89\x59\xDE\xD0\x83\xE4\xF5\x0F\xB5\xBB\xAD\xF1\x7C\xE8\x21\xFC\xE4\xE8\x0C\xEE\x7C\x45\x22\x19\x76\x92\xB4\x13\xB7\x20\x5B\x09\xFA\x61\xAE\xA8\xF2\xA5\x8D\x85\xC2\x2A\xD6\xDE\x66\x36\xD2\x9B\x02\xF4\xA8\x92\x60\x7C\x9C\x69\xB4\x8F\x24\x1E\xD0\x86\x52\xF6\x32\x9C\x41\x58\x1E\x22\xBD\xCD\x45\x62\x95\x08\x6E\xD0\x66\xDD\x53\xA2\xCC\xF0\x10\xDC\x54\x73\x8B\x04\xA1\x46\x33\x33\x5C\x17\x40\xB9\x9E\x4D\xD3\xF3\xBE\x55\x83\xE8\xB1\x89\x8E\x5A\x7C\x9A\x96\x22\x90\x3B\x88\x25\xF2\xD2\x53\x88\x02\x0C\x0B\x78\xF2\xE6\x37\x17\x4B\x30\x46\x07\xE4\x80\x6D\xA6\xD8\x96\x2E\xE8\x2C\xF8\x11\xB3\x38\x0D\x66\xA6\x9B\xEA\xC9\x23\x5B\xDB\x8E\xE2\xF3\x13\x8E\x1A\x59\x2D\xAA\x02\xF0\xEC\xA4\x87\x66\xDC\xC1\x3F\xF5\xD8\xB9\xF4\xEC\x82\xC6\xD2\x3D\x95\x1D\xE5\xC0\x4F\x84\xC9\xD9\xA3\x44\x28\x06\x6A\xD7\x45\xAC\xF0\x6B\x6A\xEF\x4E\x5F\xF8\x11\x82\x1E\x38\x63\x34\x66\x50\xD4\x3E\x93\x73\xFA\x30\xC3\x66\xAD\xFF\x93\x2D\x97\xEF\x03\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x8F\xFA\x25\x6B\x4F\x5B\xE4\xA4\x4E\x27\x55\xAB\x22\x15\x59\x3C\xCA\xB5\x0A\xD4\x4A\xDB\xAB\xDD\xA1\x5F\x53\xC5\xA0\x57\x39\xC2\xCE\x47\x2B\xBE\x3A\xC8\x56\xBF\xC2\xD9\x27\x10\x3A\xB1\x05\x3C\xC0\x77\x31\xBB\x3A\xD3\x05\x7B\x6D\x9A\x1C\x30\x8C\x80\xCB\x93\x93\x2A\x83\xAB\x05\x51\x82\x02\x00\x11\x67\x6B\xF3\x88\x61\x47\x5F\x03\x93\xD5\x5B\x0D\xE0\xF1\xD4\xA1\x32\x35\x85\xB2\x3A\xDB\xB0\x82\xAB\xD1\xCB\x0A\xBC\x4F\x8C\x5B\xC5\x4B\x00\x3B\x1F\x2A\x82\xA6\x7E\x36\x85\xDC\x7E\x3C\x67\x00\xB5\xE4\x3B\x52\xE0\xA8\xEB\x5D\x15\xF9\xC6\x6D\xF0\xAD\x1D\x0E\x85\xB7\xA9\x9A\x73\x14\x5A\x5B\x8F\x41\x28\xC0\xD5\xE8\x2D\x4D\xA4\x5E\xCD\xAA\xD9\xED\xCE\xDC\xD8\xD5\x3C\x42\x1D\x17\xC1\x12\x5D\x45\x38\xC3\x38\xF3\xFC\x85\x2E\x83\x46\x48\xB2\xD7\x20\x5F\x92\x36\x8F\xE7\x79\x0F\x98\x5E\x99\xE8\xF0\xD0\xA4\xBB\xF5\x53\xBD\x2A\xCE\x59\xB0\xAF\x6E\x7F\x6C\xBB\xD2\x1E\x00\xB0\x21\xED\xF8\x41\x62\x82\xB9\xD8\xB2\xC4\xBB\x46\x50\xF3\x31\xC5\x8F\x01\xA8\x74\xEB\xF5\x78\x27\xDA\xE7\xF7\x66\x43\xF3\x9E\x83\x3E\x20\xAA\xC3\x35\x60\x91\xCE", ["CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US"] = "\x30\x82\x04\xD8\x30\x82\x04\x41\xA0\x03\x02\x01\x02\x02\x04\x37\x4A\xD2\x43\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xC3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x3B\x30\x39\x06\x03\x55\x04\x0B\x13\x32\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x3A\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5A\x17\x0D\x31\x39\x30\x35\x32\x35\x31\x36\x33\x39\x34\x30\x5A\x30\x81\xC3\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x3B\x30\x39\x06\x03\x55\x04\x0B\x13\x32\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x3A\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8B\x00\x30\x81\x87\x02\x81\x81\x00\xCD\x28\x83\x34\x54\x1B\x89\xF3\x0F\xAF\x37\x91\x31\xFF\xAF\x31\x60\xC9\xA8\xE8\xB2\x10\x68\xED\x9F\xE7\x93\x36\xF1\x0A\x64\xBB\x47\xF5\x04\x17\x3F\x23\x47\x4D\xC5\x27\x19\x81\x26\x0C\x54\x72\x0D\x88\x2D\xD9\x1F\x9A\x12\x9F\xBC\xB3\x71\xD3\x80\x19\x3F\x47\x66\x7B\x8C\x35\x28\xD2\xB9\x0A\xDF\x24\xDA\x9C\xD6\x50\x79\x81\x7A\x5A\xD3\x37\xF7\xC2\x4A\xD8\x29\x92\x26\x64\xD1\xE4\x98\x6C\x3A\x00\x8A\xF5\x34\x9B\x65\xF8\xED\xE3\x10\xFF\xFD\xB8\x49\x58\xDC\xA0\xDE\x82\x39\x6B\x81\xB1\x16\x19\x61\xB9\x54\xB6\xE6\x43\x02\x01\x03\xA3\x82\x01\xD7\x30\x82\x01\xD3\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x82\x01\x19\x06\x03\x55\x1D\x1F\x04\x82\x01\x10\x30\x82\x01\x0C\x30\x81\xDE\xA0\x81\xDB\xA0\x81\xD8\xA4\x81\xD5\x30\x81\xD2\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x3B\x30\x39\x06\x03\x55\x04\x0B\x13\x32\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x3A\x30\x38\x06\x03\x55\x04\x03\x13\x31\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x29\xA0\x27\xA0\x25\x86\x23\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x52\x4C\x2F\x6E\x65\x74\x31\x2E\x63\x72\x6C\x30\x2B\x06\x03\x55\x1D\x10\x04\x24\x30\x22\x80\x0F\x31\x39\x39\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5A\x81\x0F\x32\x30\x31\x39\x30\x35\x32\x35\x31\x36\x30\x39\x34\x30\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xF0\x17\x62\x13\x55\x3D\xB3\xFF\x0A\x00\x6B\xFB\x50\x84\x97\xF3\xED\x62\xD0\x1A\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xF0\x17\x62\x13\x55\x3D\xB3\xFF\x0A\x00\x6B\xFB\x50\x84\x97\xF3\xED\x62\xD0\x1A\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x19\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0C\x30\x0A\x1B\x04\x56\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x90\xDC\x30\x02\xFA\x64\x74\xC2\xA7\x0A\xA5\x7C\x21\x8D\x34\x17\xA8\xFB\x47\x0E\xFF\x25\x7C\x8D\x13\x0A\xFB\xE4\x98\xB5\xEF\x8C\xF8\xC5\x10\x0D\xF7\x92\xBE\xF1\xC3\xD5\xD5\x95\x6A\x04\xBB\x2C\xCE\x26\x36\x65\xC8\x31\xC6\xE7\xEE\x3F\xE3\x57\x75\x84\x7A\x11\xEF\x46\x4F\x18\xF4\xD3\x98\xBB\xA8\x87\x32\xBA\x72\xF6\x3C\xE2\x3D\x9F\xD7\x1D\xD9\xC3\x60\x43\x8C\x58\x0E\x22\x96\x2F\x62\xA3\x2C\x1F\xBA\xAD\x05\xEF\xAB\x32\x78\x87\xA0\x54\x73\x19\xB5\x5C\x05\xF9\x52\x3E\x6D\x2D\x45\x0B\xF7\x0A\x93\xEA\xED\x06\xF9\xB2", - ["CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net"] = "\x30\x82\x04\x5C\x30\x82\x03\x44\xA0\x03\x02\x01\x02\x02\x04\x38\x63\xB9\x66\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x1E\x17\x0D\x39\x39\x31\x32\x32\x34\x31\x37\x35\x30\x35\x31\x5A\x17\x0D\x31\x39\x31\x32\x32\x34\x31\x38\x32\x30\x35\x31\x5A\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x4D\x4B\xA9\x12\x86\xB2\xEA\xA3\x20\x07\x15\x16\x64\x2A\x2B\x4B\xD1\xBF\x0B\x4A\x4D\x8E\xED\x80\x76\xA5\x67\xB7\x78\x40\xC0\x73\x42\xC8\x68\xC0\xDB\x53\x2B\xDD\x5E\xB8\x76\x98\x35\x93\x8B\x1A\x9D\x7C\x13\x3A\x0E\x1F\x5B\xB7\x1E\xCF\xE5\x24\x14\x1E\xB1\x81\xA9\x8D\x7D\xB8\xCC\x6B\x4B\x03\xF1\x02\x0C\xDC\xAB\xA5\x40\x24\x00\x7F\x74\x94\xA1\x9D\x08\x29\xB3\x88\x0B\xF5\x87\x77\x9D\x55\xCD\xE4\xC3\x7E\xD7\x6A\x64\xAB\x85\x14\x86\x95\x5B\x97\x32\x50\x6F\x3D\xC8\xBA\x66\x0C\xE3\xFC\xBD\xB8\x49\xC1\x76\x89\x49\x19\xFD\xC0\xA8\xBD\x89\xA3\x67\x2F\xC6\x9F\xBC\x71\x19\x60\xB8\x2D\xE9\x2C\xC9\x90\x76\x66\x7B\x94\xE2\xAF\x78\xD6\x65\x53\x5D\x3C\xD6\x9C\xB2\xCF\x29\x03\xF9\x2F\xA4\x50\xB2\xD4\x48\xCE\x05\x32\x55\x8A\xFD\xB2\x64\x4C\x0E\xE4\x98\x07\x75\xDB\x7F\xDF\xB9\x08\x55\x60\x85\x30\x29\xF9\x7B\x48\xA4\x69\x86\xE3\x35\x3F\x1E\x86\x5D\x7A\x7A\x15\xBD\xEF\x00\x8E\x15\x22\x54\x17\x00\x90\x26\x93\xBC\x0E\x49\x68\x91\xBF\xF8\x47\xD3\x9D\x95\x42\xC1\x0E\x4D\xDF\x6F\x26\xCF\xC3\x18\x21\x62\x66\x43\x70\xD6\xD5\xC0\x07\xE1\x02\x03\x01\x00\x01\xA3\x74\x30\x72\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x55\xE4\x81\xD1\x11\x80\xBE\xD8\x89\xB9\x08\xA3\x31\xF9\xA1\x24\x09\x16\xB9\x70\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x55\xE4\x81\xD1\x11\x80\xBE\xD8\x89\xB9\x08\xA3\x31\xF9\xA1\x24\x09\x16\xB9\x70\x30\x1D\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x10\x30\x0E\x1B\x08\x56\x35\x2E\x30\x3A\x34\x2E\x30\x03\x02\x04\x90\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x59\x47\xAC\x21\x84\x8A\x17\xC9\x9C\x89\x53\x1E\xBA\x80\x85\x1A\xC6\x3C\x4E\x3E\xB1\x9C\xB6\x7C\xC6\x92\x5D\x18\x64\x02\xE3\xD3\x06\x08\x11\x61\x7C\x63\xE3\x2B\x9D\x31\x03\x70\x76\xD2\xA3\x28\xA0\xF4\xBB\x9A\x63\x73\xED\x6D\xE5\x2A\xDB\xED\x14\xA9\x2B\xC6\x36\x11\xD0\x2B\xEB\x07\x8B\xA5\xDA\x9E\x5C\x19\x9D\x56\x12\xF5\x54\x29\xC8\x05\xED\xB2\x12\x2A\x8D\xF4\x03\x1B\xFF\xE7\x92\x10\x87\xB0\x3A\xB5\xC3\x9D\x05\x37\x12\xA3\xC7\xF4\x15\xB9\xD5\xA4\x39\x16\x9B\x53\x3A\x23\x91\xF1\xA8\x82\xA2\x6A\x88\x68\xC1\x79\x02\x22\xBC\xAA\xA6\xD6\xAE\xDF\xB0\x14\x5F\xB8\x87\xD0\xDD\x7C\x7F\x7B\xFF\xAF\x1C\xCF\xE6\xDB\x07\xAD\x5E\xDB\x85\x9D\xD0\x2B\x0D\x33\xDB\x04\xD1\xE6\x49\x40\x13\x2B\x76\xFB\x3E\xE9\x9C\x89\x0F\x15\xCE\x18\xB0\x85\x78\x21\x4F\x6B\x4F\x0E\xFA\x36\x67\xCD\x07\xF2\xFF\x08\xD0\xE2\xDE\xD9\xBF\x2A\xAF\xB8\x87\x86\x21\x3C\x04\xCA\xB7\x94\x68\x7F\xCF\x3C\xE9\x98\xD7\x38\xFF\xEC\xC0\xD9\x50\xF0\x2E\x4B\x58\xAE\x46\x6F\xD0\x2E\xC3\x60\xDA\x72\x55\x72\xBD\x4C\x45\x9E\x61\xBA\xBF\x84\x81\x92\x03\xD1\xD2\x69\x7C\xC5", + ["CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net"] = "\x30\x82\x04\x2A\x30\x82\x03\x12\xA0\x03\x02\x01\x02\x02\x04\x38\x63\xDE\xF8\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x1E\x17\x0D\x39\x39\x31\x32\x32\x34\x31\x37\x35\x30\x35\x31\x5A\x17\x0D\x32\x39\x30\x37\x32\x34\x31\x34\x31\x35\x31\x32\x5A\x30\x81\xB4\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x31\x40\x30\x3E\x06\x03\x55\x04\x0B\x14\x37\x77\x77\x77\x2E\x65\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x50\x53\x5F\x32\x30\x34\x38\x20\x69\x6E\x63\x6F\x72\x70\x2E\x20\x62\x79\x20\x72\x65\x66\x2E\x20\x28\x6C\x69\x6D\x69\x74\x73\x20\x6C\x69\x61\x62\x2E\x29\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x28\x63\x29\x20\x31\x39\x39\x39\x20\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x33\x30\x31\x06\x03\x55\x04\x03\x13\x2A\x45\x6E\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x28\x32\x30\x34\x38\x29\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAD\x4D\x4B\xA9\x12\x86\xB2\xEA\xA3\x20\x07\x15\x16\x64\x2A\x2B\x4B\xD1\xBF\x0B\x4A\x4D\x8E\xED\x80\x76\xA5\x67\xB7\x78\x40\xC0\x73\x42\xC8\x68\xC0\xDB\x53\x2B\xDD\x5E\xB8\x76\x98\x35\x93\x8B\x1A\x9D\x7C\x13\x3A\x0E\x1F\x5B\xB7\x1E\xCF\xE5\x24\x14\x1E\xB1\x81\xA9\x8D\x7D\xB8\xCC\x6B\x4B\x03\xF1\x02\x0C\xDC\xAB\xA5\x40\x24\x00\x7F\x74\x94\xA1\x9D\x08\x29\xB3\x88\x0B\xF5\x87\x77\x9D\x55\xCD\xE4\xC3\x7E\xD7\x6A\x64\xAB\x85\x14\x86\x95\x5B\x97\x32\x50\x6F\x3D\xC8\xBA\x66\x0C\xE3\xFC\xBD\xB8\x49\xC1\x76\x89\x49\x19\xFD\xC0\xA8\xBD\x89\xA3\x67\x2F\xC6\x9F\xBC\x71\x19\x60\xB8\x2D\xE9\x2C\xC9\x90\x76\x66\x7B\x94\xE2\xAF\x78\xD6\x65\x53\x5D\x3C\xD6\x9C\xB2\xCF\x29\x03\xF9\x2F\xA4\x50\xB2\xD4\x48\xCE\x05\x32\x55\x8A\xFD\xB2\x64\x4C\x0E\xE4\x98\x07\x75\xDB\x7F\xDF\xB9\x08\x55\x60\x85\x30\x29\xF9\x7B\x48\xA4\x69\x86\xE3\x35\x3F\x1E\x86\x5D\x7A\x7A\x15\xBD\xEF\x00\x8E\x15\x22\x54\x17\x00\x90\x26\x93\xBC\x0E\x49\x68\x91\xBF\xF8\x47\xD3\x9D\x95\x42\xC1\x0E\x4D\xDF\x6F\x26\xCF\xC3\x18\x21\x62\x66\x43\x70\xD6\xD5\xC0\x07\xE1\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x55\xE4\x81\xD1\x11\x80\xBE\xD8\x89\xB9\x08\xA3\x31\xF9\xA1\x24\x09\x16\xB9\x70\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3B\x9B\x8F\x56\x9B\x30\xE7\x53\x99\x7C\x7A\x79\xA7\x4D\x97\xD7\x19\x95\x90\xFB\x06\x1F\xCA\x33\x7C\x46\x63\x8F\x96\x66\x24\xFA\x40\x1B\x21\x27\xCA\xE6\x72\x73\xF2\x4F\xFE\x31\x99\xFD\xC8\x0C\x4C\x68\x53\xC6\x80\x82\x13\x98\xFA\xB6\xAD\xDA\x5D\x3D\xF1\xCE\x6E\xF6\x15\x11\x94\x82\x0C\xEE\x3F\x95\xAF\x11\xAB\x0F\xD7\x2F\xDE\x1F\x03\x8F\x57\x2C\x1E\xC9\xBB\x9A\x1A\x44\x95\xEB\x18\x4F\xA6\x1F\xCD\x7D\x57\x10\x2F\x9B\x04\x09\x5A\x84\xB5\x6E\xD8\x1D\x3A\xE1\xD6\x9E\xD1\x6C\x79\x5E\x79\x1C\x14\xC5\xE3\xD0\x4C\x93\x3B\x65\x3C\xED\xDF\x3D\xBE\xA6\xE5\x95\x1A\xC3\xB5\x19\xC3\xBD\x5E\x5B\xBB\xFF\x23\xEF\x68\x19\xCB\x12\x93\x27\x5C\x03\x2D\x6F\x30\xD0\x1E\xB6\x1A\xAC\xDE\x5A\xF7\xD1\xAA\xA8\x27\xA6\xFE\x79\x81\xC4\x79\x99\x33\x57\xBA\x12\xB0\xA9\xE0\x42\x6C\x93\xCA\x56\xDE\xFE\x6D\x84\x0B\x08\x8B\x7E\x8D\xEA\xD7\x98\x21\xC6\xF3\xE7\x3C\x79\x2F\x5E\x9C\xD1\x4C\x15\x8D\xE1\xEC\x22\x37\xCC\x9A\x43\x0B\x97\xDC\x80\x90\x8D\xB3\x67\x9B\x6F\x48\x08\x15\x56\xCF\xBF\xF1\x2B\x7C\x5E\x9A\x76\xE9\x59\x90\xC5\x7C\x83\x35\x11\x65\x51", ["CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE"] = "\x30\x82\x03\x77\x30\x82\x02\x5F\xA0\x03\x02\x01\x02\x02\x04\x02\x00\x00\xB9\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0B\x13\x0A\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x31\x32\x31\x38\x34\x36\x30\x30\x5A\x17\x0D\x32\x35\x30\x35\x31\x32\x32\x33\x35\x39\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x49\x45\x31\x12\x30\x10\x06\x03\x55\x04\x0A\x13\x09\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x31\x13\x30\x11\x06\x03\x55\x04\x0B\x13\x0A\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x42\x61\x6C\x74\x69\x6D\x6F\x72\x65\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xA3\x04\xBB\x22\xAB\x98\x3D\x57\xE8\x26\x72\x9A\xB5\x79\xD4\x29\xE2\xE1\xE8\x95\x80\xB1\xB0\xE3\x5B\x8E\x2B\x29\x9A\x64\xDF\xA1\x5D\xED\xB0\x09\x05\x6D\xDB\x28\x2E\xCE\x62\xA2\x62\xFE\xB4\x88\xDA\x12\xEB\x38\xEB\x21\x9D\xC0\x41\x2B\x01\x52\x7B\x88\x77\xD3\x1C\x8F\xC7\xBA\xB9\x88\xB5\x6A\x09\xE7\x73\xE8\x11\x40\xA7\xD1\xCC\xCA\x62\x8D\x2D\xE5\x8F\x0B\xA6\x50\xD2\xA8\x50\xC3\x28\xEA\xF5\xAB\x25\x87\x8A\x9A\x96\x1C\xA9\x67\xB8\x3F\x0C\xD5\xF7\xF9\x52\x13\x2F\xC2\x1B\xD5\x70\x70\xF0\x8F\xC0\x12\xCA\x06\xCB\x9A\xE1\xD9\xCA\x33\x7A\x77\xD6\xF8\xEC\xB9\xF1\x68\x44\x42\x48\x13\xD2\xC0\xC2\xA4\xAE\x5E\x60\xFE\xB6\xA6\x05\xFC\xB4\xDD\x07\x59\x02\xD4\x59\x18\x98\x63\xF5\xA5\x63\xE0\x90\x0C\x7D\x5D\xB2\x06\x7A\xF3\x85\xEA\xEB\xD4\x03\xAE\x5E\x84\x3E\x5F\xFF\x15\xED\x69\xBC\xF9\x39\x36\x72\x75\xCF\x77\x52\x4D\xF3\xC9\x90\x2C\xB9\x3D\xE5\xC9\x23\x53\x3F\x1F\x24\x98\x21\x5C\x07\x99\x29\xBD\xC6\x3A\xEC\xE7\x6E\x86\x3A\x6B\x97\x74\x63\x33\xBD\x68\x18\x31\xF0\x78\x8D\x76\xBF\xFC\x9E\x8E\x5D\x2A\x86\xA7\x4D\x90\xDC\x27\x1A\x39\x02\x03\x01\x00\x01\xA3\x45\x30\x43\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE5\x9D\x59\x30\x82\x47\x58\xCC\xAC\xFA\x08\x54\x36\x86\x7B\x3A\xB5\x04\x4D\xF0\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x03\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x85\x0C\x5D\x8E\xE4\x6F\x51\x68\x42\x05\xA0\xDD\xBB\x4F\x27\x25\x84\x03\xBD\xF7\x64\xFD\x2D\xD7\x30\xE3\xA4\x10\x17\xEB\xDA\x29\x29\xB6\x79\x3F\x76\xF6\x19\x13\x23\xB8\x10\x0A\xF9\x58\xA4\xD4\x61\x70\xBD\x04\x61\x6A\x12\x8A\x17\xD5\x0A\xBD\xC5\xBC\x30\x7C\xD6\xE9\x0C\x25\x8D\x86\x40\x4F\xEC\xCC\xA3\x7E\x38\xC6\x37\x11\x4F\xED\xDD\x68\x31\x8E\x4C\xD2\xB3\x01\x74\xEE\xBE\x75\x5E\x07\x48\x1A\x7F\x70\xFF\x16\x5C\x84\xC0\x79\x85\xB8\x05\xFD\x7F\xBE\x65\x11\xA3\x0F\xC0\x02\xB4\xF8\x52\x37\x39\x04\xD5\xA9\x31\x7A\x18\xBF\xA0\x2A\xF4\x12\x99\xF7\xA3\x45\x82\xE3\x3C\x5E\xF5\x9D\x9E\xB5\xC8\x9E\x7C\x2E\xC8\xA4\x9E\x4E\x08\x14\x4B\x6D\xFD\x70\x6D\x6B\x1A\x63\xBD\x64\xE6\x1F\xB7\xCE\xF0\xF2\x9F\x2E\xBB\x1B\xB7\xF2\x50\x88\x73\x92\xC2\xE2\xE3\x16\x8D\x9A\x32\x02\xAB\x8E\x18\xDD\xE9\x10\x11\xEE\x7E\x35\xAB\x90\xAF\x3E\x30\x94\x7A\xD0\x33\x3D\xA7\x65\x0F\xF5\xFC\x8E\x9E\x62\xCF\x47\x44\x2C\x01\x5D\xBB\x1D\xB5\x32\xD2\x47\xD2\x38\x2E\xD0\xFE\x81\xDC\x32\x6A\x1E\xB5\xEE\x3C\xD5\xFC\xE7\x81\x1D\x19\xC3\x24\x42\xEA\x63\x39\xA9", ["CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US"] = "\x30\x82\x02\x90\x30\x82\x01\xF9\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x5A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x2D\x30\x2B\x06\x03\x55\x04\x03\x13\x24\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x47\x6C\x6F\x62\x61\x6C\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xBA\xE7\x17\x90\x02\x65\xB1\x34\x55\x3C\x49\xC2\x51\xD5\xDF\xA7\xD1\x37\x8F\xD1\xE7\x81\x73\x41\x52\x60\x9B\x9D\xA1\x17\x26\x78\xAD\xC7\xB1\xE8\x26\x94\x32\xB5\xDE\x33\x8D\x3A\x2F\xDB\xF2\x9A\x7A\x5A\x73\x98\xA3\x5C\xE9\xFB\x8A\x73\x1B\x5C\xE7\xC3\xBF\x80\x6C\xCD\xA9\xF4\xD6\x2B\xC0\xF7\xF9\x99\xAA\x63\xA2\xB1\x47\x02\x0F\xD4\xE4\x51\x3A\x12\x3C\x6C\x8A\x5A\x54\x84\x70\xDB\xC1\xC5\x90\xCF\x72\x45\xCB\xA8\x59\xC0\xCD\x33\x9D\x3F\xA3\x96\xEB\x85\x33\x21\x1C\x3E\x1E\x3E\x60\x6E\x76\x9C\x67\x85\xC5\xC8\xC3\x61\x02\x03\x01\x00\x01\xA3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xBE\xA8\xA0\x74\x72\x50\x6B\x44\xB7\xC9\x23\xD8\xFB\xA8\xFF\xB3\x57\x6B\x68\x6C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xBE\xA8\xA0\x74\x72\x50\x6B\x44\xB7\xC9\x23\xD8\xFB\xA8\xFF\xB3\x57\x6B\x68\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x30\xE2\x01\x51\xAA\xC7\xEA\x5F\xDA\xB9\xD0\x65\x0F\x30\xD6\x3E\xDA\x0D\x14\x49\x6E\x91\x93\x27\x14\x31\xEF\xC4\xF7\x2D\x45\xF8\xEC\xC7\xBF\xA2\x41\x0D\x23\xB4\x92\xF9\x19\x00\x67\xBD\x01\xAF\xCD\xE0\x71\xFC\x5A\xCF\x64\xC4\xE0\x96\x98\xD0\xA3\x40\xE2\x01\x8A\xEF\x27\x07\xF1\x65\x01\x8A\x44\x2D\x06\x65\x75\x52\xC0\x86\x10\x20\x21\x5F\x6C\x6B\x0F\x6C\xAE\x09\x1C\xAF\xF2\xA2\x18\x34\xC4\x75\xA4\x73\x1C\xF1\x8D\xDC\xEF\xAD\xF9\xB3\x76\xB4\x92\xBF\xDC\x95\x10\x1E\xBE\xCB\xC8\x3B\x5A\x84\x60\x19\x56\x94\xA9\x55", ["CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US"] = "\x30\x82\x02\x82\x30\x82\x01\xEB\xA0\x03\x02\x01\x02\x02\x01\x04\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x17\x0D\x32\x30\x30\x36\x32\x31\x30\x34\x30\x30\x30\x30\x5A\x30\x53\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x49\x6E\x63\x2E\x31\x26\x30\x24\x06\x03\x55\x04\x03\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x31\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xCE\x2F\x19\xBC\x17\xB7\x77\xDE\x93\xA9\x5F\x5A\x0D\x17\x4F\x34\x1A\x0C\x98\xF4\x22\xD9\x59\xD4\xC4\x68\x46\xF0\xB4\x35\xC5\x85\x03\x20\xC6\xAF\x45\xA5\x21\x51\x45\x41\xEB\x16\x58\x36\x32\x6F\xE2\x50\x62\x64\xF9\xFD\x51\x9C\xAA\x24\xD9\xF4\x9D\x83\x2A\x87\x0A\x21\xD3\x12\x38\x34\x6C\x8D\x00\x6E\x5A\xA0\xD9\x42\xEE\x1A\x21\x95\xF9\x52\x4C\x55\x5A\xC5\x0F\x38\x4F\x46\xFA\x6D\xF8\x2E\x35\xD6\x1D\x7C\xEB\xE2\xF0\xB0\x75\x80\xC8\xA9\x13\xAC\xBE\x88\xEF\x3A\x6E\xAB\x5F\x2A\x38\x62\x02\xB0\x12\x7B\xFE\x8F\xA6\x03\x02\x03\x01\x00\x01\xA3\x66\x30\x64\x30\x11\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x01\x01\x04\x04\x03\x02\x00\x07\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4A\x78\x32\x52\x11\xDB\x59\x16\x36\x5E\xDF\xC1\x14\x36\x40\x6A\x47\x7C\x4C\xA1\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4A\x78\x32\x52\x11\xDB\x59\x16\x36\x5E\xDF\xC1\x14\x36\x40\x6A\x47\x7C\x4C\xA1\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x75\x5B\xA8\x9B\x03\x11\xE6\xE9\x56\x4C\xCD\xF9\xA9\x4C\xC0\x0D\x9A\xF3\xCC\x65\x69\xE6\x25\x76\xCC\x59\xB7\xD6\x54\xC3\x1D\xCD\x99\xAC\x19\xDD\xB4\x85\xD5\xE0\x3D\xFC\x62\x20\xA7\x84\x4B\x58\x65\xF1\xE2\xF9\x95\x21\x3F\xF5\xD4\x7E\x58\x1E\x47\x87\x54\x3E\x58\xA1\xB5\xB5\xF8\x2A\xEF\x71\xE7\xBC\xC3\xF6\xB1\x49\x46\xE2\xD7\xA0\x6B\xE5\x56\x7A\x9A\x27\x98\x7C\x46\x62\x14\xE7\xC9\xFC\x6E\x03\x12\x79\x80\x38\x1D\x48\x82\x8D\xFC\x17\xFE\x2A\x96\x2B\xB5\x62\xA6\xA6\x3D\xBD\x7F\x92\x59\xCD\x5A\x2A\x82\xB2\x37\x79", - ["OU=Equifax Secure eBusiness CA-2,O=Equifax Secure,C=US"] = "\x30\x82\x03\x20\x30\x82\x02\x89\xA0\x03\x02\x01\x02\x02\x04\x37\x70\xCF\xB5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x32\x30\x1E\x17\x0D\x39\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5A\x17\x0D\x31\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x32\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xE4\x39\x39\x93\x1E\x52\x06\x1B\x28\x36\xF8\xB2\xA3\x29\xC5\xED\x8E\xB2\x11\xBD\xFE\xEB\xE7\xB4\x74\xC2\x8F\xFF\x05\xE7\xD9\x9D\x06\xBF\x12\xC8\x3F\x0E\xF2\xD6\xD1\x24\xB2\x11\xDE\xD1\x73\x09\x8A\xD4\xB1\x2C\x98\x09\x0D\x1E\x50\x46\xB2\x83\xA6\x45\x8D\x62\x68\xBB\x85\x1B\x20\x70\x32\xAA\x40\xCD\xA6\x96\x5F\xC4\x71\x37\x3F\x04\xF3\xB7\x41\x24\x39\x07\x1A\x1E\x2E\x61\x58\xA0\x12\x0B\xE5\xA5\xDF\xC5\xAB\xEA\x37\x71\xCC\x1C\xC8\x37\x3A\xB9\x97\x52\xA7\xAC\xC5\x6A\x24\x94\x4E\x9C\x7B\xCF\xC0\x6A\xD6\xDF\x21\xBD\x02\x03\x01\x00\x01\xA3\x82\x01\x09\x30\x82\x01\x05\x30\x70\x06\x03\x55\x1D\x1F\x04\x69\x30\x67\x30\x65\xA0\x63\xA0\x61\xA4\x5F\x30\x5D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x45\x71\x75\x69\x66\x61\x78\x20\x53\x65\x63\x75\x72\x65\x20\x65\x42\x75\x73\x69\x6E\x65\x73\x73\x20\x43\x41\x2D\x32\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x43\x52\x4C\x31\x30\x1A\x06\x03\x55\x1D\x10\x04\x13\x30\x11\x81\x0F\x32\x30\x31\x39\x30\x36\x32\x33\x31\x32\x31\x34\x34\x35\x5A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x50\x9E\x0B\xEA\xAF\x5E\xB9\x20\x48\xA6\x50\x6A\xCB\xFD\xD8\x20\x7A\xA7\x82\x76\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x50\x9E\x0B\xEA\xAF\x5E\xB9\x20\x48\xA6\x50\x6A\xCB\xFD\xD8\x20\x7A\xA7\x82\x76\x30\x0C\x06\x03\x55\x1D\x13\x04\x05\x30\x03\x01\x01\xFF\x30\x1A\x06\x09\x2A\x86\x48\x86\xF6\x7D\x07\x41\x00\x04\x0D\x30\x0B\x1B\x05\x56\x33\x2E\x30\x63\x03\x02\x06\xC0\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x81\x81\x00\x0C\x86\x82\xAD\xE8\x4E\x1A\xF5\x8E\x89\x27\xE2\x35\x58\x3D\x29\xB4\x07\x8F\x36\x50\x95\xBF\x6E\xC1\x9E\xEB\xC4\x90\xB2\x85\xA8\xBB\xB7\x42\xE0\x0F\x07\x39\xDF\xFB\x9E\x90\xB2\xD1\xC1\x3E\x53\x9F\x03\x44\xB0\x7E\x4B\xF4\x6F\xE4\x7C\x1F\xE7\xE2\xB1\xE4\xB8\x9A\xEF\xC3\xBD\xCE\xDE\x0B\x32\x34\xD9\xDE\x28\xED\x33\x6B\xC4\xD4\xD7\x3D\x12\x58\xAB\x7D\x09\x2D\xCB\x70\xF5\x13\x8A\x94\xA1\x27\xA4\xD6\x70\xC5\x6D\x94\xB5\xC9\x7D\x9D\xA0\xD2\xC6\x08\x49\xD9\x66\x9B\xA6\xD3\xF4\x0B\xDC\xC5\x26\x57\xE1\x91\x30\xEA\xCD", ["CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x18\x30\x82\x03\x00\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x33\x38\x33\x31\x5A\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x96\x96\xD4\x21\x49\x60\xE2\x6B\xE8\x41\x07\x0C\xDE\xC4\xE0\xDC\x13\x23\xCD\xC1\x35\xC7\xFB\xD6\x4E\x11\x0A\x67\x5E\xF5\x06\x5B\x6B\xA5\x08\x3B\x5B\x29\x16\x3A\xE7\x87\xB2\x34\x06\xC5\xBC\x05\xA5\x03\x7C\x82\xCB\x29\x10\xAE\xE1\x88\x81\xBD\xD6\x9E\xD3\xFE\x2D\x56\xC1\x15\xCE\xE3\x26\x9D\x15\x2E\x10\xFB\x06\x8F\x30\x04\xDE\xA7\xB4\x63\xB4\xFF\xB1\x9C\xAE\x3C\xAF\x77\xB6\x56\xC5\xB5\xAB\xA2\xE9\x69\x3A\x3D\x0E\x33\x79\x32\x3F\x70\x82\x92\x99\x61\x6D\x8D\x30\x08\x8F\x71\x3F\xA6\x48\x57\x19\xF8\x25\xDC\x4B\x66\x5C\xA5\x74\x8F\x98\xAE\xC8\xF9\xC0\x06\x22\xE7\xAC\x73\xDF\xA5\x2E\xFB\x52\xDC\xB1\x15\x65\x20\xFA\x35\x66\x69\xDE\xDF\x2C\xF1\x6E\xBC\x30\xDB\x2C\x24\x12\xDB\xEB\x35\x35\x68\x90\xCB\x00\xB0\x97\x21\x3D\x74\x21\x23\x65\x34\x2B\xBB\x78\x59\xA3\xD6\xE1\x76\x39\x9A\xA4\x49\x8E\x8C\x74\xAF\x6E\xA4\x9A\xA3\xD9\x9B\xD2\x38\x5C\x9B\xA2\x18\xCC\x75\x23\x84\xBE\xEB\xE2\x4D\x33\x71\x8E\x1A\xF0\xC2\xF8\xC7\x1D\xA2\xAD\x03\x97\x2C\xF8\xCF\x25\xC6\xF6\xB8\x24\x31\xB1\x63\x5D\x92\x7F\x63\xF0\x25\xC9\x53\x2E\x1F\xBF\x4D\x02\x03\x01\x00\x01\xA3\x81\xD2\x30\x81\xCF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x95\xB1\xB4\xF0\x94\xB6\xBD\xC7\xDA\xD1\x11\x09\x21\xBE\xC1\xAF\x49\xFD\x10\x7B\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x8F\x06\x03\x55\x1D\x23\x04\x81\x87\x30\x81\x84\x80\x14\x95\xB1\xB4\xF0\x94\xB6\xBD\xC7\xDA\xD1\x11\x09\x21\xBE\xC1\xAF\x49\xFD\x10\x7B\xA1\x69\xA4\x67\x30\x65\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x21\x30\x1F\x06\x03\x55\x04\x03\x13\x18\x41\x64\x64\x54\x72\x75\x73\x74\x20\x43\x6C\x61\x73\x73\x20\x31\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2C\x6D\x64\x1B\x1F\xCD\x0D\xDD\xB9\x01\xFA\x96\x63\x34\x32\x48\x47\x99\xAE\x97\xED\xFD\x72\x16\xA6\x73\x47\x5A\xF4\xEB\xDD\xE9\xF5\xD6\xFB\x45\xCC\x29\x89\x44\x5D\xBF\x46\x39\x3D\xE8\xEE\xBC\x4D\x54\x86\x1E\x1D\x6C\xE3\x17\x27\x43\xE1\x89\x56\x2B\xA9\x6F\x72\x4E\x49\x33\xE3\x72\x7C\x2A\x23\x9A\xBC\x3E\xFF\x28\x2A\xED\xA3\xFF\x1C\x23\xBA\x43\x57\x09\x67\x4D\x4B\x62\x06\x2D\xF8\xFF\x6C\x9D\x60\x1E\xD8\x1C\x4B\x7D\xB5\x31\x2F\xD9\xD0\x7C\x5D\xF8\xDE\x6B\x83\x18\x78\x37\x57\x2F\xE8\x33\x07\x67\xDF\x1E\xC7\x6B\x2A\x95\x76\xAE\x8F\x57\xA3\xF0\xF4\x52\xB4\xA9\x53\x08\xCF\xE0\x4F\xD3\x7A\x53\x8B\xFD\xBB\x1C\x56\x36\xF2\xFE\xB2\xB6\xE5\x76\xBB\xD5\x22\x65\xA7\x3F\xFE\xD1\x66\xAD\x0B\xBC\x6B\x99\x86\xEF\x3F\x7D\xF3\x18\x32\xCA\x7B\xC6\xE3\xAB\x64\x46\x95\xF8\x26\x69\xD9\x55\x83\x7B\x2C\x96\x07\xFF\x59\x2C\x44\xA3\xC6\xE5\xE9\xA9\xDC\xA1\x63\x80\x5A\x21\x5E\x21\xCF\x53\x54\xF0\xBA\x6F\x89\xDB\xA8\xAA\x95\xCF\x8B\xE3\x71\xCC\x1E\x1B\x20\x44\x08\xC0\x7A\xB6\x40\xFD\xC4\xE4\x35\xE1\x1D\x16\x1C\xD0\xBC\x2B\x8E\xD6\x71\xD9", ["CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x36\x30\x82\x03\x1E\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB7\xF7\x1A\x33\xE6\xF2\x00\x04\x2D\x39\xE0\x4E\x5B\xED\x1F\xBC\x6C\x0F\xCD\xB5\xFA\x23\xB6\xCE\xDE\x9B\x11\x33\x97\xA4\x29\x4C\x7D\x93\x9F\xBD\x4A\xBC\x93\xED\x03\x1A\xE3\x8F\xCF\xE5\x6D\x50\x5A\xD6\x97\x29\x94\x5A\x80\xB0\x49\x7A\xDB\x2E\x95\xFD\xB8\xCA\xBF\x37\x38\x2D\x1E\x3E\x91\x41\xAD\x70\x56\xC7\xF0\x4F\x3F\xE8\x32\x9E\x74\xCA\xC8\x90\x54\xE9\xC6\x5F\x0F\x78\x9D\x9A\x40\x3C\x0E\xAC\x61\xAA\x5E\x14\x8F\x9E\x87\xA1\x6A\x50\xDC\xD7\x9A\x4E\xAF\x05\xB3\xA6\x71\x94\x9C\x71\xB3\x50\x60\x0A\xC7\x13\x9D\x38\x07\x86\x02\xA8\xE9\xA8\x69\x26\x18\x90\xAB\x4C\xB0\x4F\x23\xAB\x3A\x4F\x84\xD8\xDF\xCE\x9F\xE1\x69\x6F\xBB\xD7\x42\xD7\x6B\x44\xE4\xC7\xAD\xEE\x6D\x41\x5F\x72\x5A\x71\x08\x37\xB3\x79\x65\xA4\x59\xA0\x94\x37\xF7\x00\x2F\x0D\xC2\x92\x72\xDA\xD0\x38\x72\xDB\x14\xA8\x45\xC4\x5D\x2A\x7D\xB7\xB4\xD6\xC4\xEE\xAC\xCD\x13\x44\xB7\xC9\x2B\xDD\x43\x00\x25\xFA\x61\xB9\x69\x6A\x58\x23\x11\xB7\xA7\x33\x8F\x56\x75\x59\xF5\xCD\x29\xD7\x46\xB7\x0A\x2B\x65\xB6\xD3\x42\x6F\x15\xB2\xB8\x7B\xFB\xEF\xE9\x5D\x53\xD5\x34\x5A\x27\x02\x03\x01\x00\x01\xA3\x81\xDC\x30\x81\xD9\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x99\x06\x03\x55\x1D\x23\x04\x81\x91\x30\x81\x8E\x80\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\xA1\x73\xA4\x71\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB0\x9B\xE0\x85\x25\xC2\xD6\x23\xE2\x0F\x96\x06\x92\x9D\x41\x98\x9C\xD9\x84\x79\x81\xD9\x1E\x5B\x14\x07\x23\x36\x65\x8F\xB0\xD8\x77\xBB\xAC\x41\x6C\x47\x60\x83\x51\xB0\xF9\x32\x3D\xE7\xFC\xF6\x26\x13\xC7\x80\x16\xA5\xBF\x5A\xFC\x87\xCF\x78\x79\x89\x21\x9A\xE2\x4C\x07\x0A\x86\x35\xBC\xF2\xDE\x51\xC4\xD2\x96\xB7\xDC\x7E\x4E\xEE\x70\xFD\x1C\x39\xEB\x0C\x02\x51\x14\x2D\x8E\xBD\x16\xE0\xC1\xDF\x46\x75\xE7\x24\xAD\xEC\xF4\x42\xB4\x85\x93\x70\x10\x67\xBA\x9D\x06\x35\x4A\x18\xD3\x2B\x7A\xCC\x51\x42\xA1\x7A\x63\xD1\xE6\xBB\xA1\xC5\x2B\xC2\x36\xBE\x13\x0D\xE6\xBD\x63\x7E\x79\x7B\xA7\x09\x0D\x40\xAB\x6A\xDD\x8F\x8A\xC3\xF6\xF6\x8C\x1A\x42\x05\x51\xD4\x45\xF5\x9F\xA7\x62\x21\x68\x15\x20\x43\x3C\x99\xE7\x7C\xBD\x24\xD8\xA9\x91\x17\x73\x88\x3F\x56\x1B\x31\x38\x18\xB4\x71\x0F\x9A\xCD\xC8\x0E\x9E\x8E\x2E\x1B\xE1\x8C\x98\x83\xCB\x1F\x31\xF1\x44\x4C\xC6\x04\x73\x49\x76\x60\x0F\xC7\xF8\xBD\x17\x80\x6B\x2E\xE9\xCC\x4C\x0E\x5A\x9A\x79\x0F\x20\x0A\x2E\xD5\x9E\x63\x26\x1E\x55\x92\x94\xD8\x82\x17\x5A\x7B\xD0\xBC\xC7\x8F\x4E\x86\x04", ["CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x15\x30\x82\x02\xFD\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x31\x35\x30\x5A\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE9\x1A\x30\x8F\x83\x88\x14\xC1\x20\xD8\x3C\x9B\x8F\x1B\x7E\x03\x74\xBB\xDA\x69\xD3\x46\xA5\xF8\x8E\xC2\x0C\x11\x90\x51\xA5\x2F\x66\x54\x40\x55\xEA\xDB\x1F\x4A\x56\xEE\x9F\x23\x6E\xF4\x39\xCB\xA1\xB9\x6F\xF2\x7E\xF9\x5D\x87\x26\x61\x9E\x1C\xF8\xE2\xEC\xA6\x81\xF8\x21\xC5\x24\xCC\x11\x0C\x3F\xDB\x26\x72\x7A\xC7\x01\x97\x07\x17\xF9\xD7\x18\x2C\x30\x7D\x0E\x7A\x1E\x62\x1E\xC6\x4B\xC0\xFD\x7D\x62\x77\xD3\x44\x1E\x27\xF6\x3F\x4B\x44\xB3\xB7\x38\xD9\x39\x1F\x60\xD5\x51\x92\x73\x03\xB4\x00\x69\xE3\xF3\x14\x4E\xEE\xD1\xDC\x09\xCF\x77\x34\x46\x50\xB0\xF8\x11\xF2\xFE\x38\x79\xF7\x07\x39\xFE\x51\x92\x97\x0B\x5B\x08\x5F\x34\x86\x01\xAD\x88\x97\xEB\x66\xCD\x5E\xD1\xFF\xDC\x7D\xF2\x84\xDA\xBA\x77\xAD\xDC\x80\x08\xC7\xA7\x87\xD6\x55\x9F\x97\x6A\xE8\xC8\x11\x64\xBA\xE7\x19\x29\x3F\x11\xB3\x78\x90\x84\x20\x52\x5B\x11\xEF\x78\xD0\x83\xF6\xD5\x48\x90\xD0\x30\x1C\xCF\x80\xF9\x60\xFE\x79\xE4\x88\xF2\xDD\x00\xEB\x94\x45\xEB\x65\x94\x69\x40\xBA\xC0\xD5\xB4\xB8\xBA\x7D\x04\x11\xA8\xEB\x31\x05\x96\x94\x4E\x58\x21\x8E\x9F\xD0\x60\xFD\x02\x03\x01\x00\x01\xA3\x81\xD1\x30\x81\xCE\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x81\x3E\x37\xD8\x92\xB0\x1F\x77\x9F\x5C\xB4\xAB\x73\xAA\xE7\xF6\x34\x60\x2F\xFA\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x8E\x06\x03\x55\x1D\x23\x04\x81\x86\x30\x81\x83\x80\x14\x81\x3E\x37\xD8\x92\xB0\x1F\x77\x9F\x5C\xB4\xAB\x73\xAA\xE7\xF6\x34\x60\x2F\xFA\xA1\x68\xA4\x66\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x1D\x30\x1B\x06\x03\x55\x04\x0B\x13\x14\x41\x64\x64\x54\x72\x75\x73\x74\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x13\x17\x41\x64\x64\x54\x72\x75\x73\x74\x20\x50\x75\x62\x6C\x69\x63\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x03\xF7\x15\x4A\xF8\x24\xDA\x23\x56\x16\x93\x76\xDD\x36\x28\xB9\xAE\x1B\xB8\xC3\xF1\x64\xBA\x20\x18\x78\x95\x29\x27\x57\x05\xBC\x7C\x2A\xF4\xB9\x51\x55\xDA\x87\x02\xDE\x0F\x16\x17\x31\xF8\xAA\x79\x2E\x09\x13\xBB\xAF\xB2\x20\x19\x12\xE5\x93\xF9\x4B\xF9\x83\xE8\x44\xD5\xB2\x41\x25\xBF\x88\x75\x6F\xFF\x10\xFC\x4A\x54\xD0\x5F\xF0\xFA\xEF\x36\x73\x7D\x1B\x36\x45\xC6\x21\x6D\xB4\x15\xB8\x4E\xCF\x9C\x5C\xA5\x3D\x5A\x00\x8E\x06\xE3\x3C\x6B\x32\x7B\xF2\x9F\xF0\xB6\xFD\xDF\xF0\x28\x18\x48\xF0\xC6\xBC\xD0\xBF\x34\x80\x96\xC2\x4A\xB1\x6D\x8E\xC7\x90\x45\xDE\x2F\x67\xAC\x45\x04\xA3\x7A\xDC\x55\x92\xC9\x47\x66\xD8\x1A\x8C\xC7\xED\x9C\x4E\x9A\xE0\x12\xBB\xB5\x6A\x4C\x84\xE1\xE1\x22\x0D\x87\x00\x64\xFE\x8C\x7D\x62\x39\x65\xA6\xEF\x42\xB6\x80\x25\x12\x61\x01\xA8\x24\x13\x70\x00\x11\x26\x5F\xFA\x35\x50\xC5\x48\xCC\x06\x47\xE8\x27\xD8\x70\x8D\x5F\x64\xE6\xA1\x44\x26\x5E\x22\xEC\x92\xCD\xFF\x42\x9A\x44\x21\x6D\x5C\xC5\xE3\x22\x1D\x5F\x47\x12\xE7\xCE\x5F\x5D\xFA\xD8\xAA\xB1\x33\x2D\xD9\x76\xF2\x4E\x3A\x33\x0C\x2B\xB3\x2D\x90\x06", @@ -118,7 +115,6 @@ redef root_certs += { ["emailAddress=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU"] = "\x30\x82\x04\x0A\x30\x82\x02\xF2\xA0\x03\x02\x01\x02\x02\x09\x00\xC2\x7E\x43\x04\x4E\x47\x3F\x19\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x0C\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1F\x30\x1D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x1E\x17\x0D\x30\x39\x30\x36\x31\x36\x31\x31\x33\x30\x31\x38\x5A\x17\x0D\x32\x39\x31\x32\x33\x30\x31\x31\x33\x30\x31\x38\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x48\x55\x31\x11\x30\x0F\x06\x03\x55\x04\x07\x0C\x08\x42\x75\x64\x61\x70\x65\x73\x74\x31\x16\x30\x14\x06\x03\x55\x04\x0A\x0C\x0D\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x4C\x74\x64\x2E\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x4D\x69\x63\x72\x6F\x73\x65\x63\x20\x65\x2D\x53\x7A\x69\x67\x6E\x6F\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x30\x39\x31\x1F\x30\x1D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xE9\xF8\x8F\xF3\x63\xAD\xDA\x86\xD8\xA7\xE0\x42\xFB\xCF\x91\xDE\xA6\x26\xF8\x99\xA5\x63\x70\xAD\x9B\xAE\xCA\x33\x40\x7D\x6D\x96\x6E\xA1\x0E\x44\xEE\xE1\x13\x9D\x94\x42\x52\x9A\xBD\x75\x85\x74\x2C\xA8\x0E\x1D\x93\xB6\x18\xB7\x8C\x2C\xA8\xCF\xFB\x5C\x71\xB9\xDA\xEC\xFE\xE8\x7E\x8F\xE4\x2F\x1D\xB2\xA8\x75\x87\xD8\xB7\xA1\xE5\x3B\xCF\x99\x4A\x46\xD0\x83\x19\x7D\xC0\xA1\x12\x1C\x95\x6D\x4A\xF4\xD8\xC7\xA5\x4D\x33\x2E\x85\x39\x40\x75\x7E\x14\x7C\x80\x12\x98\x50\xC7\x41\x67\xB8\xA0\x80\x61\x54\xA6\x6C\x4E\x1F\xE0\x9D\x0E\x07\xE9\xC9\xBA\x33\xE7\xFE\xC0\x55\x28\x2C\x02\x80\xA7\x19\xF5\x9E\xDC\x55\x53\x03\x97\x7B\x07\x48\xFF\x99\xFB\x37\x8A\x24\xC4\x59\xCC\x50\x10\x63\x8E\xAA\xA9\x1A\xB0\x84\x1A\x86\xF9\x5F\xBB\xB1\x50\x6E\xA4\xD1\x0A\xCC\xD5\x71\x7E\x1F\xA7\x1B\x7C\xF5\x53\x6E\x22\x5F\xCB\x2B\xE6\xD4\x7C\x5D\xAE\xD6\xC2\xC6\x4C\xE5\x05\x01\xD9\xED\x57\xFC\xC1\x23\x79\xFC\xFA\xC8\x24\x83\x95\xF3\xB5\x6A\x51\x01\xD0\x77\xD6\xE9\x12\xA1\xF9\x1A\x83\xFB\x82\x1B\xB9\xB0\x97\xF4\x76\x06\x33\x43\x49\xA0\xFF\x0B\xB5\xFA\xB5\x02\x03\x01\x00\x01\xA3\x81\x80\x30\x7E\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xCB\x0F\xC6\xDF\x42\x43\xCC\x3D\xCB\xB5\x48\x23\xA1\x1A\x7A\xA6\x2A\xBB\x34\x68\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\xCB\x0F\xC6\xDF\x42\x43\xCC\x3D\xCB\xB5\x48\x23\xA1\x1A\x7A\xA6\x2A\xBB\x34\x68\x30\x1B\x06\x03\x55\x1D\x11\x04\x14\x30\x12\x81\x10\x69\x6E\x66\x6F\x40\x65\x2D\x73\x7A\x69\x67\x6E\x6F\x2E\x68\x75\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\xC9\xD1\x0E\x5E\x2E\xD5\xCC\xB3\x7C\x3E\xCB\xFC\x3D\xFF\x0D\x28\x95\x93\x04\xC8\xBF\xDA\xCD\x79\xB8\x43\x90\xF0\xA4\xBE\xEF\xF2\xEF\x21\x98\xBC\xD4\xD4\x5D\x06\xF6\xEE\x42\xEC\x30\x6C\xA0\xAA\xA9\xCA\xF1\xAF\x8A\xFA\x3F\x0B\x73\x6A\x3E\xEA\x2E\x40\x7E\x1F\xAE\x54\x61\x79\xEB\x2E\x08\x37\xD7\x23\xF3\x8C\x9F\xBE\x1D\xB1\xE1\xA4\x75\xDB\xA0\xE2\x54\x14\xB1\xBA\x1C\x29\xA4\x18\xF6\x12\xBA\xA2\x14\x14\xE3\x31\x35\xC8\x40\xFF\xB7\xE0\x05\x76\x57\xC1\x1C\x59\xF2\xF8\xBF\xE4\xED\x25\x62\x5C\x84\xF0\x7E\x7E\x1F\xB3\xBE\xF9\xB7\x21\x11\xCC\x03\x01\x56\x70\xA7\x10\x92\x1E\x1B\x34\x81\x1E\xAD\x9C\x1A\xC3\x04\x3C\xED\x02\x61\xD6\x1E\x06\xF3\x5F\x3A\x87\xF2\x2B\xF1\x45\x87\xE5\x3D\xAC\xD1\xC7\x57\x84\xBD\x6B\xAE\xDC\xD8\xF9\xB6\x1B\x62\x70\x0B\x3D\x36\xC9\x42\xF2\x32\xD7\x7A\x61\xE6\xD2\xDB\x3D\xCF\xC8\xA9\xC9\x9B\xDC\xDB\x58\x44\xD7\x6F\x38\xAF\x7F\x78\xD3\xA3\xAD\x1A\x75\xBA\x1C\xC1\x36\x7C\x8F\x1E\x6D\x1C\xC3\x75\x46\xAE\x35\x05\xA6\xF6\x5C\x3D\x21\xEE\x56\xF0\xC9\x82\x22\x2D\x7A\x54\xAB\x70\xC3\x7D\x22\x65\x82\x70\x96", ["CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi,O=Elektronik Bilgi Guvenligi A.S.,C=TR"] = "\x30\x82\x03\xB6\x30\x82\x02\x9E\xA0\x03\x02\x01\x02\x02\x10\x44\x99\x8D\x3C\xC0\x03\x27\xBD\x9C\x76\x95\xB9\xEA\xDB\xAC\xB5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0A\x13\x1F\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x42\x69\x6C\x67\x69\x20\x47\x75\x76\x65\x6E\x6C\x69\x67\x69\x20\x41\x2E\x53\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x03\x13\x33\x65\x2D\x47\x75\x76\x65\x6E\x20\x4B\x6F\x6B\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\x67\x6C\x61\x79\x69\x63\x69\x73\x69\x30\x1E\x17\x0D\x30\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5A\x17\x0D\x31\x37\x30\x31\x30\x34\x31\x31\x33\x32\x34\x38\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x28\x30\x26\x06\x03\x55\x04\x0A\x13\x1F\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x42\x69\x6C\x67\x69\x20\x47\x75\x76\x65\x6E\x6C\x69\x67\x69\x20\x41\x2E\x53\x2E\x31\x3C\x30\x3A\x06\x03\x55\x04\x03\x13\x33\x65\x2D\x47\x75\x76\x65\x6E\x20\x4B\x6F\x6B\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\x67\x6C\x61\x79\x69\x63\x69\x73\x69\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC3\x12\x20\x9E\xB0\x5E\x00\x65\x8D\x4E\x46\xBB\x80\x5C\xE9\x2C\x06\x97\xD5\xF3\x72\xC9\x70\xB9\xE7\x4B\x65\x80\xC1\x4B\xBE\x7E\x3C\xD7\x54\x31\x94\xDE\xD5\x12\xBA\x53\x16\x02\xEA\x58\x63\xEF\x5B\xD8\xF3\xED\x2A\x1A\xAA\x71\x48\xA3\xDC\x10\x2D\x5F\x5F\xEB\x5C\x4B\x9C\x96\x08\x42\x25\x28\x11\xCC\x8A\x5A\x62\x01\x50\xD5\xEB\x09\x53\x2F\xF8\xC3\x8F\xFE\xB3\xFC\xFD\x9D\xA2\xE3\x5F\x7D\xBE\xED\x0B\xE0\x60\xEB\x69\xEC\x33\xED\xD8\x8D\xFB\x12\x49\x83\x00\xC9\x8B\x97\x8C\x3B\x73\x2A\x32\xB3\x12\xF7\xB9\x4D\xF2\xF4\x4D\x6D\xC7\xE6\xD6\x26\x37\x08\xF2\xD9\xFD\x6B\x5C\xA3\xE5\x48\x5C\x58\xBC\x42\xBE\x03\x5A\x81\xBA\x1C\x35\x0C\x00\xD3\xF5\x23\x7E\x71\x30\x08\x26\x38\xDC\x25\x11\x47\x2D\xF3\xBA\x23\x10\xA5\xBF\xBC\x02\xF7\x43\x5E\xC7\xFE\xB0\x37\x50\x99\x7B\x0F\x93\xCE\xE6\x43\x2C\xC3\x7E\x0D\xF2\x1C\x43\x66\x60\xCB\x61\x31\x47\x87\xA3\x4F\xAE\xBD\x56\x6C\x4C\xBC\xBC\xF8\x05\xCA\x64\xF4\xE9\x34\xA1\x2C\xB5\x73\xE1\xC2\x3E\xE8\xC8\xC9\x34\x25\x08\x5C\xF3\xED\xA6\xC7\x94\x9F\xAD\x88\x43\x25\xD7\xE1\x39\x60\xFE\xAC\x39\x59\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x9F\xEE\x44\xB3\x94\xD5\xFA\x91\x4F\x2E\xD9\x55\x9A\x04\x56\xDB\x2D\xC4\xDB\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7F\x5F\xB9\x53\x5B\x63\x3D\x75\x32\xE7\xFA\xC4\x74\x1A\xCB\x46\xDF\x46\x69\x1C\x52\xCF\xAA\x4F\xC2\x68\xEB\xFF\x80\xA9\x51\xE8\x3D\x62\x77\x89\x3D\x0A\x75\x39\xF1\x6E\x5D\x17\x87\x6F\x68\x05\xC1\x94\x6C\xD9\x5D\xDF\xDA\xB2\x59\xCB\xA5\x10\x8A\xCA\xCC\x39\xCD\x9F\xEB\x4E\xDE\x52\xFF\x0C\xF0\xF4\x92\xA9\xF2\x6C\x53\xAB\x9B\xD2\x47\xA0\x1F\x74\xF7\x9B\x9A\xF1\x2F\x15\x9F\x7A\x64\x30\x18\x07\x3C\x2A\x0F\x67\xCA\xFC\x0F\x89\x61\x9D\x65\xA5\x3C\xE5\xBC\x13\x5B\x08\xDB\xE3\xFF\xED\xBB\x06\xBB\x6A\x06\xB1\x7A\x4F\x65\xC6\x82\xFD\x1E\x9C\x8B\xB5\x0D\xEE\x48\xBB\xB8\xBD\xAA\x08\xB4\xFB\xA3\x7C\xCB\x9F\xCD\x90\x76\x5C\x86\x96\x78\x57\x0A\x66\xF9\x58\x1A\x9D\xFD\x97\x29\x60\xDE\x11\xA6\x90\x1C\x19\x1C\xEE\x01\x96\x22\x34\x34\x2E\x91\xF9\xB7\xC4\x27\xD1\x7B\xE6\xBF\xFB\x80\x44\x5A\x16\xE5\xEB\xE0\xD4\x0A\x38\xBC\xE4\x91\xE3\xD5\xEB\x5C\xC1\xAC\xDF\x1B\x6A\x7C\x9E\xE5\x75\xD2\xB6\x97\x87\xDB\xCC\x87\x2B\x43\x3A\x84\x08\xAF\xAB\x3C\xDB\xF7\x3C\x66\x31\x86\xB0\x9D\x53\x79\xED\xF8\x23\xDE\x42\xE3\x2D\x82\xF1\x0F\xE5\xFA\x97", ["CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3"] = "\x30\x82\x03\x5F\x30\x82\x02\x47\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x21\x58\x53\x08\xA2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x39\x30\x33\x31\x38\x31\x30\x30\x30\x30\x30\x5A\x30\x4C\x31\x20\x30\x1E\x06\x03\x55\x04\x0B\x13\x17\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x2D\x20\x52\x33\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCC\x25\x76\x90\x79\x06\x78\x22\x16\xF5\xC0\x83\xB6\x84\xCA\x28\x9E\xFD\x05\x76\x11\xC5\xAD\x88\x72\xFC\x46\x02\x43\xC7\xB2\x8A\x9D\x04\x5F\x24\xCB\x2E\x4B\xE1\x60\x82\x46\xE1\x52\xAB\x0C\x81\x47\x70\x6C\xDD\x64\xD1\xEB\xF5\x2C\xA3\x0F\x82\x3D\x0C\x2B\xAE\x97\xD7\xB6\x14\x86\x10\x79\xBB\x3B\x13\x80\x77\x8C\x08\xE1\x49\xD2\x6A\x62\x2F\x1F\x5E\xFA\x96\x68\xDF\x89\x27\x95\x38\x9F\x06\xD7\x3E\xC9\xCB\x26\x59\x0D\x73\xDE\xB0\xC8\xE9\x26\x0E\x83\x15\xC6\xEF\x5B\x8B\xD2\x04\x60\xCA\x49\xA6\x28\xF6\x69\x3B\xF6\xCB\xC8\x28\x91\xE5\x9D\x8A\x61\x57\x37\xAC\x74\x14\xDC\x74\xE0\x3A\xEE\x72\x2F\x2E\x9C\xFB\xD0\xBB\xBF\xF5\x3D\x00\xE1\x06\x33\xE8\x82\x2B\xAE\x53\xA6\x3A\x16\x73\x8C\xDD\x41\x0E\x20\x3A\xC0\xB4\xA7\xA1\xE9\xB2\x4F\x90\x2E\x32\x60\xE9\x57\xCB\xB9\x04\x92\x68\x68\xE5\x38\x26\x60\x75\xB2\x9F\x77\xFF\x91\x14\xEF\xAE\x20\x49\xFC\xAD\x40\x15\x48\xD1\x02\x31\x61\x19\x5E\xB8\x97\xEF\xAD\x77\xB7\x64\x9A\x7A\xBF\x5F\xC1\x13\xEF\x9B\x62\xFB\x0D\x6C\xE0\x54\x69\x16\xA9\x03\xDA\x6E\xE9\x83\x93\x71\x76\xC6\x69\x85\x82\x17\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x8F\xF0\x4B\x7F\xA8\x2E\x45\x24\xAE\x4D\x50\xFA\x63\x9A\x8B\xDE\xE2\xDD\x1B\xBC\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x4B\x40\xDB\xC0\x50\xAA\xFE\xC8\x0C\xEF\xF7\x96\x54\x45\x49\xBB\x96\x00\x09\x41\xAC\xB3\x13\x86\x86\x28\x07\x33\xCA\x6B\xE6\x74\xB9\xBA\x00\x2D\xAE\xA4\x0A\xD3\xF5\xF1\xF1\x0F\x8A\xBF\x73\x67\x4A\x83\xC7\x44\x7B\x78\xE0\xAF\x6E\x6C\x6F\x03\x29\x8E\x33\x39\x45\xC3\x8E\xE4\xB9\x57\x6C\xAA\xFC\x12\x96\xEC\x53\xC6\x2D\xE4\x24\x6C\xB9\x94\x63\xFB\xDC\x53\x68\x67\x56\x3E\x83\xB8\xCF\x35\x21\xC3\xC9\x68\xFE\xCE\xDA\xC2\x53\xAA\xCC\x90\x8A\xE9\xF0\x5D\x46\x8C\x95\xDD\x7A\x58\x28\x1A\x2F\x1D\xDE\xCD\x00\x37\x41\x8F\xED\x44\x6D\xD7\x53\x28\x97\x7E\xF3\x67\x04\x1E\x15\xD7\x8A\x96\xB4\xD3\xDE\x4C\x27\xA4\x4C\x1B\x73\x73\x76\xF4\x17\x99\xC2\x1F\x7A\x0E\xE3\x2D\x08\xAD\x0A\x1C\x2C\xFF\x3C\xAB\x55\x0E\x0F\x91\x7E\x36\xEB\xC3\x57\x49\xBE\xE1\x2E\x2D\x7C\x60\x8B\xC3\x41\x51\x13\x23\x9D\xCE\xF7\x32\x6B\x94\x01\xA8\x99\xE7\x2C\x33\x1F\x3A\x3B\x25\xD2\x86\x40\xCE\x3B\x2C\x86\x78\xC9\x61\x2F\x14\xBA\xEE\xDB\x55\x6F\xDF\x84\xEE\x05\x09\x4D\xBD\x28\xD8\x72\xCE\xD3\x62\x50\x65\x1E\xEB\x92\x97\x83\x31\xD9\xB3\xB5\xCA\x47\x58\x3F\x5F", - ["CN=TC TrustCenter Universal CA III,OU=TC TrustCenter Universal CA,O=TC TrustCenter GmbH,C=DE"] = "\x30\x82\x03\xE1\x30\x82\x02\xC9\xA0\x03\x02\x01\x02\x02\x0E\x63\x25\x00\x01\x00\x02\x14\x8D\x33\x15\x02\xE4\x6C\xF4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1F\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x49\x49\x49\x30\x1E\x17\x0D\x30\x39\x30\x39\x30\x39\x30\x38\x31\x35\x32\x37\x5A\x17\x0D\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x7B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x1C\x30\x1A\x06\x03\x55\x04\x0A\x13\x13\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x47\x6D\x62\x48\x31\x24\x30\x22\x06\x03\x55\x04\x0B\x13\x1B\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x31\x28\x30\x26\x06\x03\x55\x04\x03\x13\x1F\x54\x43\x20\x54\x72\x75\x73\x74\x43\x65\x6E\x74\x65\x72\x20\x55\x6E\x69\x76\x65\x72\x73\x61\x6C\x20\x43\x41\x20\x49\x49\x49\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC2\xDA\x9C\x62\xB0\xB9\x71\x12\xB0\x0B\xC8\x1A\x57\xB2\xAE\x83\x14\x99\xB3\x34\x4B\x9B\x90\xA2\xC5\xE7\xE7\x2F\x02\xA0\x4D\x2D\xA4\xFA\x85\xDA\x9B\x25\x85\x2D\x40\x28\x20\x6D\xEA\xE0\xBD\xB1\x48\x83\x22\x29\x44\x9F\x4E\x83\xEE\x35\x51\x13\x73\x74\xD5\xBC\xF2\x30\x66\x94\x53\xC0\x40\x36\x2F\x0C\x84\x65\xCE\x0F\x6E\xC2\x58\x93\xE8\x2C\x0B\x3A\xE9\xC1\x8E\xFB\xF2\x6B\xCA\x3C\xE2\x9C\x4E\x8E\xE4\xF9\x7D\xD3\x27\x9F\x1B\xD5\x67\x78\x87\x2D\x7F\x0B\x47\xB3\xC7\xE8\xC9\x48\x7C\xAF\x2F\xCC\x0A\xD9\x41\xEF\x9F\xFE\x9A\xE1\xB2\xAE\xF9\x53\xB5\xE5\xE9\x46\x9F\x60\xE3\xDF\x8D\xD3\x7F\xFB\x96\x7E\xB3\xB5\x72\xF8\x4B\xAD\x08\x79\xCD\x69\x89\x40\x27\xF5\x2A\xC1\xAD\x43\xEC\xA4\x53\xC8\x61\xB6\xF7\xD2\x79\x2A\x67\x18\x76\x48\x6D\x5B\x25\x01\xD1\x26\xC5\xB7\x57\x69\x23\x15\x5B\x61\x8A\xAD\xF0\x1B\x2D\xD9\xAF\x5C\xF1\x26\x90\x69\xA9\xD5\x0C\x40\xF5\x33\x80\x43\x8F\x9C\xA3\x76\x2A\x45\xB4\xAF\xBF\x7F\x3E\x87\x3F\x76\xC5\xCD\x2A\xDE\x20\xC5\x16\x58\xCB\xF9\x1B\xF5\x0F\xCB\x0D\x11\x52\x64\xB8\xD2\x76\x62\x77\x83\xF1\x58\x9F\xFF\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x56\xE7\xE1\x5B\x25\x43\x80\xE0\xF6\x8C\xE1\x71\xBC\x8E\xE5\x80\x2F\xC4\x48\xE2\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x56\xE7\xE1\x5B\x25\x43\x80\xE0\xF6\x8C\xE1\x71\xBC\x8E\xE5\x80\x2F\xC4\x48\xE2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x83\xC7\xAF\xEA\x7F\x4D\x0A\x3C\x39\xB1\x68\xBE\x7B\x6D\x89\x2E\xE9\xB3\x09\xE7\x18\x57\x8D\x85\x9A\x17\xF3\x76\x42\x50\x13\x0F\xC7\x90\x6F\x33\xAD\xC5\x49\x60\x2B\x6C\x49\x58\x19\xD4\xE2\xBE\xB7\xBF\xAB\x49\xBC\x94\xC8\xAB\xBE\x28\x6C\x16\x68\xE0\xC8\x97\x46\x20\xA0\x68\x67\x60\x88\x39\x20\x51\xD8\x68\x01\x11\xCE\xA7\xF6\x11\x07\xF6\xEC\xEC\xAC\x1A\x1F\xB2\x66\x6E\x56\x67\x60\x7A\x74\x5E\xC0\x6D\x97\x36\xAE\xB5\x0D\x5D\x66\x73\xC0\x25\x32\x45\xD8\x4A\x06\x07\x8F\xC4\xB7\x07\xB1\x4D\x06\x0D\xE1\xA5\xEB\xF4\x75\xCA\xBA\x9C\xD0\xBD\xB3\xD3\x32\x24\x4C\xEE\x7E\xE2\x76\x04\x4B\x49\x53\xD8\xF2\xE9\x54\x33\xFC\xE5\x71\x1F\x3D\x14\x5C\x96\x4B\xF1\x3A\xF2\x00\xBB\x6C\xB4\xFA\x96\x55\x08\x88\x09\xC1\xCC\x91\x19\x29\xB0\x20\x2D\xFF\xCB\x38\xA4\x40\xE1\x17\xBE\x79\x61\x80\xFF\x07\x03\x86\x4C\x4E\x7B\x06\x9F\x11\x86\x8D\x89\xEE\x27\xC4\xDB\xE2\xBC\x19\x8E\x0B\xC3\xC3\x13\xC7\x2D\x03\x63\x3B\xD3\xE8\xE4\xA2\x2A\xC2\x82\x08\x94\x16\x54\xF0\xEF\x1F\x27\x90\x25\xB8\x0D\x0E\x28\x1B\x47\x77\x47\xBD\x1C\xA8\x25\xF1\x94\xB4\x66", ["CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES"] = "\x30\x82\x06\x14\x30\x82\x03\xFC\xA0\x03\x02\x01\x02\x02\x08\x53\xEC\x3B\xEE\xFB\xB2\x48\x5F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0C\x39\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x46\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x1E\x17\x0D\x30\x39\x30\x35\x32\x30\x30\x38\x33\x38\x31\x35\x5A\x17\x0D\x33\x30\x31\x32\x33\x31\x30\x38\x33\x38\x31\x35\x5A\x30\x51\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x42\x30\x40\x06\x03\x55\x04\x03\x0C\x39\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x46\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x20\x43\x49\x46\x20\x41\x36\x32\x36\x33\x34\x30\x36\x38\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xCA\x96\x6B\x8E\xEA\xF8\xFB\xF1\xA2\x35\xE0\x7F\x4C\xDA\xE0\xC3\x52\xD7\x7D\xB6\x10\xC8\x02\x5E\xB3\x43\x2A\xC4\x4F\x6A\xB2\xCA\x1C\x5D\x28\x9A\x78\x11\x1A\x69\x59\x57\xAF\xB5\x20\x42\xE4\x8B\x0F\xE6\xDF\x5B\xA6\x03\x92\x2F\xF5\x11\xE4\x62\xD7\x32\x71\x38\xD9\x04\x0C\x71\xAB\x3D\x51\x7E\x0F\x07\xDF\x63\x05\x5C\xE9\xBF\x94\x6F\xC1\x29\x82\xC0\xB4\xDA\x51\xB0\xC1\x3C\xBB\xAD\x37\x4A\x5C\xCA\xF1\x4B\x36\x0E\x24\xAB\xBF\xC3\x84\x77\xFD\xA8\x50\xF4\xB1\xE7\xC6\x2F\xD2\x2D\x59\x8D\x7A\x0A\x4E\x96\x69\x52\x02\xAA\x36\x98\xEC\xFC\xFA\x14\x83\x0C\x37\x1F\xC9\x92\x37\x7F\xD7\x81\x2D\xE5\xC4\xB9\xE0\x3E\x34\xFE\x67\xF4\x3E\x66\xD1\xD3\xF4\x40\xCF\x5E\x62\x34\x0F\x70\x06\x3E\x20\x18\x5A\xCE\xF7\x72\x1B\x25\x6C\x93\x74\x14\x93\xA3\x73\xB1\x0E\xAA\x87\x10\x23\x59\x5F\x20\x05\x19\x47\xED\x68\x8E\x92\x12\xCA\x5D\xFC\xD6\x2B\xB2\x92\x3C\x20\xCF\xE1\x5F\xAF\x20\xBE\xA0\x76\x7F\x76\xE5\xEC\x1A\x86\x61\x33\x3E\xE7\x7B\xB4\x3F\xA0\x0F\x8E\xA2\xB9\x6A\x6F\xB9\x87\x26\x6F\x41\x6C\x88\xA6\x50\xFD\x6A\x63\x0B\xF5\x93\x16\x1B\x19\x8F\xB2\xED\x9B\x9B\xC9\x90\xF5\x01\x0C\xDF\x19\x3D\x0F\x3E\x38\x23\xC9\x2F\x8F\x0C\xD1\x02\xFE\x1B\x55\xD6\x4E\xD0\x8D\x3C\xAF\x4F\xA4\xF3\xFE\xAF\x2A\xD3\x05\x9D\x79\x08\xA1\xCB\x57\x31\xB4\x9C\xC8\x90\xB2\x67\xF4\x18\x16\x93\x3A\xFC\x47\xD8\xD1\x78\x96\x31\x1F\xBA\x2B\x0C\x5F\x5D\x99\xAD\x63\x89\x5A\x24\x20\x76\xD8\xDF\xFD\xAB\x4E\xA6\x22\xAA\x9D\x5E\xE6\x27\x8A\x7D\x68\x29\xA3\xE7\x8A\xB8\xDA\x11\xBB\x17\x2D\x99\x9D\x13\x24\x46\xF7\xC5\xE2\xD8\x9F\x8E\x7F\xC7\x8F\x74\x6D\x5A\xB2\xE8\x72\xF5\xAC\xEE\x24\x10\xAD\x2F\x14\xDA\xFF\x2D\x9A\x46\x71\x47\xBE\x42\xDF\xBB\x01\xDB\xF4\x7F\xD3\x28\x8F\x31\x59\x5B\xD3\xC9\x02\xA6\xB4\x52\xCA\x6E\x97\xFB\x43\xC5\x08\x26\x6F\x8A\xF4\xBB\xFD\x9F\x28\xAA\x0D\xD5\x45\xF3\x13\x3A\x1D\xD8\xC0\x78\x8F\x41\x67\x3C\x1E\x94\x64\xAE\x7B\x0B\xC5\xE8\xD9\x01\x88\x39\x1A\x97\x86\x64\x41\xD5\x3B\x87\x0C\x6E\xFA\x0F\xC6\xBD\x48\x14\xBF\x39\x4D\xD4\x9E\x41\xB6\x8F\x96\x1D\x63\x96\x93\xD9\x95\x06\x78\x31\x68\x9E\x37\x06\x3B\x80\x89\x45\x61\x39\x23\xC7\x1B\x44\xA3\x15\xE5\x1C\xF8\x92\x30\xBB\x02\x03\x01\x00\x01\xA3\x81\xEF\x30\x81\xEC\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x01\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x65\xCD\xEB\xAB\x35\x1E\x00\x3E\x7E\xD5\x74\xC0\x1C\xB4\x73\x47\x0E\x1A\x64\x2F\x30\x81\xA6\x06\x03\x55\x1D\x20\x04\x81\x9E\x30\x81\x9B\x30\x81\x98\x06\x04\x55\x1D\x20\x00\x30\x81\x8F\x30\x2F\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x23\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x69\x72\x6D\x61\x70\x72\x6F\x66\x65\x73\x69\x6F\x6E\x61\x6C\x2E\x63\x6F\x6D\x2F\x63\x70\x73\x30\x5C\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x02\x30\x50\x1E\x4E\x00\x50\x00\x61\x00\x73\x00\x65\x00\x6F\x00\x20\x00\x64\x00\x65\x00\x20\x00\x6C\x00\x61\x00\x20\x00\x42\x00\x6F\x00\x6E\x00\x61\x00\x6E\x00\x6F\x00\x76\x00\x61\x00\x20\x00\x34\x00\x37\x00\x20\x00\x42\x00\x61\x00\x72\x00\x63\x00\x65\x00\x6C\x00\x6F\x00\x6E\x00\x61\x00\x20\x00\x30\x00\x38\x00\x30\x00\x31\x00\x37\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x17\x7D\xA0\xF9\xB4\xDD\xC5\xC5\xEB\xAD\x4B\x24\xB5\xA1\x02\xAB\xDD\xA5\x88\x4A\xB2\x0F\x55\x4B\x2B\x57\x8C\x3B\xE5\x31\xDD\xFE\xC4\x32\xF1\xE7\x5B\x64\x96\x36\x32\x18\xEC\xA5\x32\x77\xD7\xE3\x44\xB6\xC0\x11\x2A\x80\xB9\x3D\x6A\x6E\x7C\x9B\xD3\xAD\xFC\xC3\xD6\xA3\xE6\x64\x29\x7C\xD1\xE1\x38\x1E\x82\x2B\xFF\x27\x65\xAF\xFB\x16\x15\xC4\x2E\x71\x84\xE5\xB5\xFF\xFA\xA4\x47\xBD\x64\x32\xBB\xF6\x25\x84\xA2\x27\x42\xF5\x20\xB0\xC2\x13\x10\x11\xCD\x10\x15\xBA\x42\x90\x2A\xD2\x44\xE1\x96\x26\xEB\x31\x48\x12\xFD\x2A\xDA\xC9\x06\xCF\x74\x1E\xA9\x4B\xD5\x87\x28\xF9\x79\x34\x92\x3E\x2E\x44\xE8\xF6\x8F\x4F\x8F\x35\x3F\x25\xB3\x39\xDC\x63\x2A\x90\x6B\x20\x5F\xC4\x52\x12\x4E\x97\x2C\x2A\xAC\x9D\x97\xDE\x48\xF2\xA3\x66\xDB\xC2\xD2\x83\x95\xA6\x66\xA7\x9E\x25\x0F\xE9\x0B\x33\x91\x65\x0A\x5A\xC3\xD9\x54\x12\xDD\xAF\xC3\x4E\x0E\x1F\x26\x5E\x0D\xDC\xB3\x8D\xEC\xD5\x81\x70\xDE\xD2\x4F\x24\x05\xF3\x6C\x4E\xF5\x4C\x49\x66\x8D\xD1\xFF\xD2\x0B\x25\x41\x48\xFE\x51\x84\xC6\x42\xAF\x80\x04\xCF\xD0\x7E\x64\x49\xE4\xF2\xDF\xA2\xEC\xB1\x4C\xC0\x2A\x1D\xE7\xB4\xB1\x65\xA2\xC4\xBC\xF1\x98\xF4\xAA\x70\x07\x63\xB4\xB8\xDA\x3B\x4C\xFA\x40\x22\x30\x5B\x11\xA6\xF0\x05\x0E\xC6\x02\x03\x48\xAB\x86\x9B\x85\xDD\xDB\xDD\xEA\xA2\x76\x80\x73\x7D\xF5\x9C\x04\xC4\x45\x8D\xE7\xB9\x1C\x8B\x9E\xEA\xD7\x75\xD1\x72\xB1\xDE\x75\x44\xE7\x42\x7D\xE2\x57\x6B\x7D\xDC\x99\xBC\x3D\x83\x28\xEA\x80\x93\x8D\xC5\x4C\x65\xC1\x70\x81\xB8\x38\xFC\x43\x31\xB2\xF6\x03\x34\x47\xB2\xAC\xFB\x22\x06\xCB\x1E\xDD\x17\x47\x1C\x5F\x66\xB9\xD3\x1A\xA2\xDA\x11\xB1\xA4\xBC\x23\xC9\xE4\xBE\x87\xFF\xB9\x94\xB6\xF8\x5D\x20\x4A\xD4\x5F\xE7\xBD\x68\x7B\x65\xF2\x15\x1E\xD2\x3A\xA9\x2D\xE9\xD8\x6B\x24\xAC\x97\x58\x44\x47\xAD\x59\x18\xF1\x21\x65\x70\xDE\xCE\x34\x60\xA8\x40\xF1\xF3\x3C\xA4\xC3\x28\x23\x8C\xFE\x27\x33\x43\x40\xA0\x17\x3C\xEB\xEA\x3B\xB0\x72\xA6\xA3\xB9\x4A\x4B\x5E\x16\x48\xF4\xB2\xBC\xC8\x8C\x92\xC5\x9D\x9F\xAC\x72\x36\xBC\x34\x80\x34\x6B\xA9\x8B\x92\xC0\xB8\x17\xED\xEC\x76\x53\xF5\x24\x01\x8C\xB3\x22\xE8\x4B\x7C\x55\xC6\x9D\xFA\xA3\x14\xBB\x65\x85\x6E\x6E\x4F\x12\x7E\x0A\x3C\x9D\x95", ["CN=Izenpe.com,O=IZENPE S.A.,C=ES"] = "\x30\x82\x05\xF1\x30\x82\x03\xD9\xA0\x03\x02\x01\x02\x02\x10\x00\xB0\xB7\x5A\x16\x48\x5F\xBF\xE1\xCB\xF5\x8B\xD7\x19\xE6\x7D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x38\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0C\x0A\x49\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\x30\x1E\x17\x0D\x30\x37\x31\x32\x31\x33\x31\x33\x30\x38\x32\x38\x5A\x17\x0D\x33\x37\x31\x32\x31\x33\x30\x38\x32\x37\x32\x35\x5A\x30\x38\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x0C\x0B\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x31\x13\x30\x11\x06\x03\x55\x04\x03\x0C\x0A\x49\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC9\xD3\x7A\xCA\x0F\x1E\xAC\xA7\x86\xE8\x16\x65\x6A\xB1\xC2\x1B\x45\x32\x71\x95\xD9\xFE\x10\x5B\xCC\xAF\xE7\xA5\x79\x01\x8F\x89\xC3\xCA\xF2\x55\x71\xF7\x77\xBE\x77\x94\xF3\x72\xA4\x2C\x44\xD8\x9E\x92\x9B\x14\x3A\xA1\xE7\x24\x90\x0A\x0A\x56\x8E\xC5\xD8\x26\x94\xE1\xD9\x48\xE1\x2D\x3E\xDA\x0A\x72\xDD\xA3\x99\x15\xDA\x81\xA2\x87\xF4\x7B\x6E\x26\x77\x89\x58\xAD\xD6\xEB\x0C\xB2\x41\x7A\x73\x6E\x6D\xDB\x7A\x78\x41\xE9\x08\x88\x12\x7E\x87\x2E\x66\x11\x63\x6C\x54\xFB\x3C\x9D\x72\xC0\xBC\x2E\xFF\xC2\xB7\xDD\x0D\x76\xE3\x3A\xD7\xF7\xB4\x68\xBE\xA2\xF5\xE3\x81\x6E\xC1\x46\x6F\x5D\x8D\xE0\x4D\xC6\x54\x55\x89\x1A\x33\x31\x0A\xB1\x57\xB9\xA3\x8A\x98\xC3\xEC\x3B\x34\xC5\x95\x41\x69\x7E\x75\xC2\x3C\x20\xC5\x61\xBA\x51\x47\xA0\x20\x90\x93\xA1\x90\x4B\xF3\x4E\x7C\x85\x45\x54\x9A\xD1\x05\x26\x41\xB0\xB5\x4D\x1D\x33\xBE\xC4\x03\xC8\x25\x7C\xC1\x70\xDB\x3B\xF4\x09\x2D\x54\x27\x48\xAC\x2F\xE1\xC4\xAC\x3E\xC8\xCB\x92\x4C\x53\x39\x37\x23\xEC\xD3\x01\xF9\xE0\x09\x44\x4D\x4D\x64\xC0\xE1\x0D\x5A\x87\x22\xBC\xAD\x1B\xA3\xFE\x26\xB5\x15\xF3\xA7\xFC\x84\x19\xE9\xEC\xA1\x88\xB4\x44\x69\x84\x83\xF3\x89\xD1\x74\x06\xA9\xCC\x0B\xD6\xC2\xDE\x27\x85\x50\x26\xCA\x17\xB8\xC9\x7A\x87\x56\x2C\x1A\x01\x1E\x6C\xBE\x13\xAD\x10\xAC\xB5\x24\xF5\x38\x91\xA1\xD6\x4B\xDA\xF1\xBB\xD2\xDE\x47\xB5\xF1\xBC\x81\xF6\x59\x6B\xCF\x19\x53\xE9\x8D\x15\xCB\x4A\xCB\xA9\x6F\x44\xE5\x1B\x41\xCF\xE1\x86\xA7\xCA\xD0\x6A\x9F\xBC\x4C\x8D\x06\x33\x5A\xA2\x85\xE5\x90\x35\xA0\x62\x5C\x16\x4E\xF0\xE3\xA2\xFA\x03\x1A\xB4\x2C\x71\xB3\x58\x2C\xDE\x7B\x0B\xDB\x1A\x0F\xEB\xDE\x21\x1F\x06\x77\x06\x03\xB0\xC9\xEF\x99\xFC\xC0\xB9\x4F\x0B\x86\x28\xFE\xD2\xB9\xEA\xE3\xDA\xA5\xC3\x47\x69\x12\xE0\xDB\xF0\xF6\x19\x8B\xED\x7B\x70\xD7\x02\xD6\xED\x87\x18\x28\x2C\x04\x24\x4C\x77\xE4\x48\x8A\x1A\xC6\x3B\x9A\xD4\x0F\xCA\xFA\x75\xD2\x01\x40\x5A\x8D\x79\xBF\x8B\xCF\x4B\xCF\xAA\x16\xC1\x95\xE4\xAD\x4C\x8A\x3E\x17\x91\xD4\xB1\x62\xE5\x82\xE5\x80\x04\xA4\x03\x7E\x8D\xBF\xDA\x7F\xA2\x0F\x97\x4F\x0C\xD3\x0D\xFB\xD7\xD1\xE5\x72\x7E\x1C\xC8\x77\xFF\x5B\x9A\x0F\xB7\xAE\x05\x46\xE5\xF1\xA8\x16\xEC\x47\xA4\x17\x02\x03\x01\x00\x01\xA3\x81\xF6\x30\x81\xF3\x30\x81\xB0\x06\x03\x55\x1D\x11\x04\x81\xA8\x30\x81\xA5\x81\x0F\x69\x6E\x66\x6F\x40\x69\x7A\x65\x6E\x70\x65\x2E\x63\x6F\x6D\xA4\x81\x91\x30\x81\x8E\x31\x47\x30\x45\x06\x03\x55\x04\x0A\x0C\x3E\x49\x5A\x45\x4E\x50\x45\x20\x53\x2E\x41\x2E\x20\x2D\x20\x43\x49\x46\x20\x41\x30\x31\x33\x33\x37\x32\x36\x30\x2D\x52\x4D\x65\x72\x63\x2E\x56\x69\x74\x6F\x72\x69\x61\x2D\x47\x61\x73\x74\x65\x69\x7A\x20\x54\x31\x30\x35\x35\x20\x46\x36\x32\x20\x53\x38\x31\x43\x30\x41\x06\x03\x55\x04\x09\x0C\x3A\x41\x76\x64\x61\x20\x64\x65\x6C\x20\x4D\x65\x64\x69\x74\x65\x72\x72\x61\x6E\x65\x6F\x20\x45\x74\x6F\x72\x62\x69\x64\x65\x61\x20\x31\x34\x20\x2D\x20\x30\x31\x30\x31\x30\x20\x56\x69\x74\x6F\x72\x69\x61\x2D\x47\x61\x73\x74\x65\x69\x7A\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x1D\x1C\x65\x0E\xA8\xF2\x25\x7B\xB4\x91\xCF\xE4\xB1\xB1\xE6\xBD\x55\x74\x6C\x05\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x78\xA6\x0C\x16\x4A\x9F\x4C\x88\x3A\xC0\xCB\x0E\xA5\x16\x7D\x9F\xB9\x48\x5F\x18\x8F\x0D\x62\x36\xF6\xCD\x19\x6B\xAC\xAB\xD5\xF6\x91\x7D\xAE\x71\xF3\x3F\xB3\x0E\x78\x85\x9B\x95\xA4\x27\x21\x47\x42\x4A\x7C\x48\x3A\xF5\x45\x7C\xB3\x0C\x8E\x51\x78\xAC\x95\x13\xDE\xC6\xFD\x7D\xB8\x1A\x90\x4C\xAB\x92\x03\xC7\xED\x42\x01\xCE\x0F\xD8\xB1\xFA\xA2\x92\xE1\x60\x6D\xAE\x7A\x6B\x09\xAA\xC6\x29\xEE\x68\x49\x67\x30\x80\x24\x7A\x31\x16\x39\x5B\x7E\xF1\x1C\x2E\xDD\x6C\x09\xAD\xF2\x31\xC1\x82\x4E\xB9\xBB\xF9\xBE\xBF\x2A\x85\x3F\xC0\x40\xA3\x3A\x59\xFC\x59\x4B\x3C\x28\x24\xDB\xB4\x15\x75\xAE\x0D\x88\xBA\x2E\x73\xC0\xBD\x58\x87\xE5\x42\xF2\xEB\x5E\xEE\x1E\x30\x22\x99\xCB\x37\xD1\xC4\x21\x6C\x81\xEC\xBE\x6D\x26\xE6\x1C\xE4\x42\x20\x9E\x47\xB0\xAC\x83\x59\x70\x2C\x35\xD6\xAF\x36\x34\xB4\xCD\x3B\xF8\x32\xA8\xEF\xE3\x78\x89\xFB\x8D\x45\x2C\xDA\x9C\xB8\x7E\x40\x1C\x61\xE7\x3E\xA2\x92\x2C\x4B\xF2\xCD\xFA\x98\xB6\x29\xFF\xF3\xF2\x7B\xA9\x1F\x2E\xA0\x93\x57\x2B\xDE\x85\x03\xF9\x69\x37\xCB\x9E\x78\x6A\x05\xB4\xC5\x31\x78\x89\xEC\x7A\xA7\x85\xE1\xB9\x7B\x3C\xDE\xBE\x1E\x79\x84\xCE\x9F\x70\x0E\x59\xC2\x35\x2E\x90\x2A\x31\xD9\xE4\x45\x7A\x41\xA4\x2E\x13\x9B\x34\x0E\x66\x7B\x49\xAB\x64\x97\xD0\x46\xC3\x79\x9D\x72\x50\x63\xA6\x98\x5B\x06\xBD\x48\x6D\xD8\x39\x83\x70\xE8\x35\xF0\x05\xD1\xAA\xBC\xE3\xDB\xC8\x02\xEA\x7C\xFD\x82\xDA\xC2\x5B\x52\x35\xAE\x98\x3A\xAD\xBA\x35\x93\x23\xA7\x1F\x48\xDD\x35\x46\x98\xB2\x10\x68\xE4\xA5\x31\xC2\x0A\x58\x2E\x19\x81\x10\xC9\x50\x75\xFC\xEA\x5A\x16\xCE\x11\xD7\xEE\xEF\x50\x88\x2D\x61\xFF\x3F\x42\x73\x05\x94\x43\xD5\x8E\x3C\x4E\x01\x3A\x19\xA5\x1F\x46\x4E\x77\xD0\x5D\xE5\x81\x22\x21\x87\xFE\x94\x7D\x84\xD8\x93\xAD\xD6\x68\x43\x48\xB2\xDB\xEB\x73\x24\xE7\x91\x7F\x54\xA4\xB6\x80\x3E\x9D\xA3\x3C\x4C\x72\xC2\x57\xC4\xA0\xD4\xCC\x38\x27\xCE\xD5\x06\x9E\xA2\x48\xD9\xE9\x9F\xCE\x82\x70\x36\x93\x9A\x3B\xDF\x96\x21\xE3\x59\xB7\x0C\xDA\x91\x37\xF0\xFD\x59\x5A\xB3\x99\xC8\x69\x6C\x43\x26\x01\x35\x63\x60\x55\x89\x03\x3A\x75\xD8\xBA\x4A\xD9\x54\xFF\xEE\xDE\x80\xD8\x2D\xD1\x38\xD5\x5E\x2D\x0B\x98\x7D\x3E\x6C\xDB\xFC\x26\x88\xC7", ["CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU"] = "\x30\x82\x07\x4F\x30\x82\x05\x37\xA0\x03\x02\x01\x02\x02\x09\x00\xA3\xDA\x42\x7E\xA4\xB1\xAE\xDA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x30\x1E\x17\x0D\x30\x38\x30\x38\x30\x31\x31\x32\x32\x39\x35\x30\x5A\x17\x0D\x33\x38\x30\x37\x33\x31\x31\x32\x32\x39\x35\x30\x5A\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAF\x00\xCB\x70\x37\x2B\x80\x5A\x4A\x3A\x6C\x78\x94\x7D\xA3\x7F\x1A\x1F\xF6\x35\xD5\xBD\xDB\xCB\x0D\x44\x72\x3E\x26\xB2\x90\x52\xBA\x63\x3B\x28\x58\x6F\xA5\xB3\x6D\x94\xA6\xF3\xDD\x64\x0C\x55\xF6\xF6\xE7\xF2\x22\x22\x80\x5E\xE1\x62\xC6\xB6\x29\xE1\x81\x6C\xF2\xBF\xE5\x7D\x32\x6A\x54\xA0\x32\x19\x59\xFE\x1F\x8B\xD7\x3D\x60\x86\x85\x24\x6F\xE3\x11\xB3\x77\x3E\x20\x96\x35\x21\x6B\xB3\x08\xD9\x70\x2E\x64\xF7\x84\x92\x53\xD6\x0E\xB0\x90\x8A\x8A\xE3\x87\x8D\x06\xD3\xBD\x90\x0E\xE2\x99\xA1\x1B\x86\x0E\xDA\x9A\x0A\xBB\x0B\x61\x50\x06\x52\xF1\x9E\x7F\x76\xEC\xCB\x0F\xD0\x1E\x0D\xCF\x99\x30\x3D\x1C\xC4\x45\x10\x58\xAC\xD6\xD3\xE8\xD7\xE5\xEA\xC5\x01\x07\x77\xD6\x51\xE6\x03\x7F\x8A\x48\xA5\x4D\x68\x75\xB9\xE9\xBC\x9E\x4E\x19\x71\xF5\x32\x4B\x9C\x6D\x60\x19\x0B\xFB\xCC\x9D\x75\xDC\xBF\x26\xCD\x8F\x93\x78\x39\x79\x73\x5E\x25\x0E\xCA\x5C\xEB\x77\x12\x07\xCB\x64\x41\x47\x72\x93\xAB\x50\xC3\xEB\x09\x76\x64\x34\xD2\x39\xB7\x76\x11\x09\x0D\x76\x45\xC4\xA9\xAE\x3D\x6A\xAF\xB5\x7D\x65\x2F\x94\x58\x10\xEC\x5C\x7C\xAF\x7E\xE2\xB6\x18\xD9\xD0\x9B\x4E\x5A\x49\xDF\xA9\x66\x0B\xCC\x3C\xC6\x78\x7C\xA7\x9C\x1D\xE3\xCE\x8E\x53\xBE\x05\xDE\x60\x0F\x6B\xE5\x1A\xDB\x3F\xE3\xE1\x21\xC9\x29\xC1\xF1\xEB\x07\x9C\x52\x1B\x01\x44\x51\x3C\x7B\x25\xD7\xC4\xE5\x52\x54\x5D\x25\x07\xCA\x16\x20\xB8\xAD\xE4\x41\xEE\x7A\x08\xFE\x99\x6F\x83\xA6\x91\x02\xB0\x6C\x36\x55\x6A\xE7\x7D\xF5\x96\xE6\xCA\x81\xD6\x97\xF1\x94\x83\xE9\xED\xB0\xB1\x6B\x12\x69\x1E\xAC\xFB\x5D\xA9\xC5\x98\xE9\xB4\x5B\x58\x7A\xBE\x3D\xA2\x44\x3A\x63\x59\xD4\x0B\x25\xDE\x1B\x4F\xBD\xE5\x01\x9E\xCD\xD2\x29\xD5\x9F\x17\x19\x0A\x6F\xBF\x0C\x90\xD3\x09\x5F\xD9\xE3\x8A\x35\xCC\x79\x5A\x4D\x19\x37\x92\xB7\xC4\xC1\xAD\xAF\xF4\x79\x24\x9A\xB2\x01\x0B\xB1\xAF\x5C\x96\xF3\x80\x32\xFB\x5C\x3D\x98\xF1\xA0\x3F\x4A\xDE\xBE\xAF\x94\x2E\xD9\x55\x9A\x17\x6E\x60\x9D\x63\x6C\xB8\x63\xC9\xAE\x81\x5C\x18\x35\xE0\x90\xBB\xBE\x3C\x4F\x37\x22\xB9\x7E\xEB\xCF\x9E\x77\x21\xA6\x3D\x38\x81\xFB\x48\xDA\x31\x3D\x2B\xE3\x89\xF5\xD0\xB5\xBD\x7E\xE0\x50\xC4\x12\x89\xB3\x23\x9A\x10\x31\x85\xDB\xAE\x6F\xEF\x38\x33\x18\x76\x11\x02\x03\x01\x00\x01\xA3\x82\x01\x6C\x30\x82\x01\x68\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x0C\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xF9\x24\xAC\x0F\xB2\xB5\xF8\x79\xC0\xFA\x60\x88\x1B\xC4\xD9\x4D\x02\x9E\x17\x19\x30\x81\xE3\x06\x03\x55\x1D\x23\x04\x81\xDB\x30\x81\xD8\x80\x14\xF9\x24\xAC\x0F\xB2\xB5\xF8\x79\xC0\xFA\x60\x88\x1B\xC4\xD9\x4D\x02\x9E\x17\x19\xA1\x81\xB4\xA4\x81\xB1\x30\x81\xAE\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x55\x31\x43\x30\x41\x06\x03\x55\x04\x07\x13\x3A\x4D\x61\x64\x72\x69\x64\x20\x28\x73\x65\x65\x20\x63\x75\x72\x72\x65\x6E\x74\x20\x61\x64\x64\x72\x65\x73\x73\x20\x61\x74\x20\x77\x77\x77\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x2F\x61\x64\x64\x72\x65\x73\x73\x29\x31\x12\x30\x10\x06\x03\x55\x04\x05\x13\x09\x41\x38\x32\x37\x34\x33\x32\x38\x37\x31\x1B\x30\x19\x06\x03\x55\x04\x0A\x13\x12\x41\x43\x20\x43\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x20\x53\x2E\x41\x2E\x31\x29\x30\x27\x06\x03\x55\x04\x03\x13\x20\x43\x68\x61\x6D\x62\x65\x72\x73\x20\x6F\x66\x20\x43\x6F\x6D\x6D\x65\x72\x63\x65\x20\x52\x6F\x6F\x74\x20\x2D\x20\x32\x30\x30\x38\x82\x09\x00\xA3\xDA\x42\x7E\xA4\xB1\xAE\xDA\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x3D\x06\x03\x55\x1D\x20\x04\x36\x30\x34\x30\x32\x06\x04\x55\x1D\x20\x00\x30\x2A\x30\x28\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1C\x68\x74\x74\x70\x3A\x2F\x2F\x70\x6F\x6C\x69\x63\x79\x2E\x63\x61\x6D\x65\x72\x66\x69\x72\x6D\x61\x2E\x63\x6F\x6D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x90\x12\xAF\x22\x35\xC2\xA3\x39\xF0\x2E\xDE\xE9\xB5\xE9\x78\x7C\x48\xBE\x3F\x7D\x45\x92\x5E\xE9\xDA\xB1\x19\xFC\x16\x3C\x9F\xB4\x5B\x66\x9E\x6A\xE7\xC3\xB9\x5D\x88\xE8\x0F\xAD\xCF\x23\x0F\xDE\x25\x3A\x5E\xCC\x4F\xA5\xC1\xB5\x2D\xAC\x24\xD2\x58\x07\xDE\xA2\xCF\x69\x84\x60\x33\xE8\x10\x0D\x13\xA9\x23\xD0\x85\xE5\x8E\x7B\xA6\x9E\x3D\x72\x13\x72\x33\xF5\xAA\x7D\xC6\x63\x1F\x08\xF4\xFE\x01\x7F\x24\xCF\x2B\x2C\x54\x09\xDE\xE2\x2B\x6D\x92\xC6\x39\x4F\x16\xEA\x3C\x7E\x7A\x46\xD4\x45\x6A\x46\xA8\xEB\x75\x82\x56\xA7\xAB\xA0\x7C\x68\x13\x33\xF6\x9D\x30\xF0\x6F\x27\x39\x24\x23\x2A\x90\xFD\x90\x29\x35\xF2\x93\xDF\x34\xA5\xC6\xF7\xF8\xEF\x8C\x0F\x62\x4A\x7C\xAE\xD3\xF5\x54\xF8\x8D\xB6\x9A\x56\x87\x16\x82\x3A\x33\xAB\x5A\x22\x08\xF7\x82\xBA\xEA\x2E\xE0\x47\x9A\xB4\xB5\x45\xA3\x05\x3B\xD9\xDC\x2E\x45\x40\x3B\xEA\xDC\x7F\xE8\x3B\xEB\xD1\xEC\x26\xD8\x35\xA4\x30\xC5\x3A\xAC\x57\x9E\xB3\x76\xA5\x20\x7B\xF9\x1E\x4A\x05\x62\x01\xA6\x28\x75\x60\x97\x92\x0D\x6E\x3E\x4D\x37\x43\x0D\x92\x15\x9C\x18\x22\xCD\x51\x99\xA0\x29\x1A\x3C\x5F\x8A\x32\x33\x5B\x30\xC7\x89\x2F\x47\x98\x0F\xA3\x03\xC6\xF6\xF1\xAC\xDF\x32\xF0\xD9\x81\x1A\xE4\x9C\xBD\xF6\x80\x14\xF0\xD1\x2C\xB9\x85\xF5\xD8\xA3\xB1\xC8\xA5\x21\xE5\x1C\x13\x97\xEE\x0E\xBD\xDF\x29\xA9\xEF\x34\x53\x5B\xD3\xE4\x6A\x13\x84\x06\xB6\x32\x02\xC4\x52\xAE\x22\xD2\xDC\xB2\x21\x42\x1A\xDA\x40\xF0\x29\xC9\xEC\x0A\x0C\x5C\xE2\xD0\xBA\xCC\x48\xD3\x37\x0A\xCC\x12\x0A\x8A\x79\xB0\x3D\x03\x7F\x69\x4B\xF4\x34\x20\x7D\xB3\x34\xEA\x8E\x4B\x64\xF5\x3E\xFD\xB3\x23\x67\x15\x0D\x04\xB8\xF0\x2D\xC1\x09\x51\x3C\xB2\x6C\x15\xF0\xA5\x23\xD7\x83\x74\xE4\xE5\x2E\xC9\xFE\x98\x27\x42\xC6\xAB\xC6\x9E\xB0\xD0\x5B\x38\xA5\x9B\x50\xDE\x7E\x18\x98\xB5\x45\x3B\xF6\x79\xB4\xE8\xF7\x1A\x7B\x06\x83\xFB\xD0\x8B\xDA\xBB\xC7\xBD\x18\xAB\x08\x6F\x3C\x80\x6B\x40\x3F\x19\x19\xBA\x65\x8A\xE6\xBE\xD5\x5C\xD3\x36\xD7\xEF\x40\x52\x24\x60\x38\x67\x04\x31\xEC\x8F\xF3\x82\xC6\xDE\xB9\x55\xF3\x3B\x31\x91\x5A\xDC\xB5\x08\x15\xAD\x76\x25\x0A\x0D\x7B\x2E\x87\xE2\x0C\xA6\x06\xBC\x26\x10\x6D\x37\x9D\xEC\xDD\x78\x8C\x7C\x80\xC5\xF0\xD9\x77\x48\xD0", @@ -145,4 +141,13 @@ redef root_certs += { ["CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO"] = "\x30\x82\x05\x59\x30\x82\x03\x41\xA0\x03\x02\x01\x02\x02\x01\x02\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x31\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x17\x0D\x34\x30\x31\x30\x32\x36\x30\x38\x32\x38\x35\x38\x5A\x30\x4E\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x4E\x4F\x31\x1D\x30\x1B\x06\x03\x55\x04\x0A\x0C\x14\x42\x75\x79\x70\x61\x73\x73\x20\x41\x53\x2D\x39\x38\x33\x31\x36\x33\x33\x32\x37\x31\x20\x30\x1E\x06\x03\x55\x04\x03\x0C\x17\x42\x75\x79\x70\x61\x73\x73\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA5\xDA\x0A\x95\x16\x50\xE3\x95\xF2\x5E\x9D\x76\x31\x06\x32\x7A\x9B\xF1\x10\x76\xB8\x00\x9A\xB5\x52\x36\xCD\x24\x47\xB0\x9F\x18\x64\xBC\x9A\xF6\xFA\xD5\x79\xD8\x90\x62\x4C\x22\x2F\xDE\x38\x3D\xD6\xE0\xA8\xE9\x1C\x2C\xDB\x78\x11\xE9\x8E\x68\x51\x15\x72\xC7\xF3\x33\x87\xE4\xA0\x5D\x0B\x5C\xE0\x57\x07\x2A\x30\xF5\xCD\xC4\x37\x77\x28\x4D\x18\x91\xE6\xBF\xD5\x52\xFD\x71\x2D\x70\x3E\xE7\xC6\xC4\x8A\xE3\xF0\x28\x0B\xF4\x76\x98\xA1\x8B\x87\x55\xB2\x3A\x13\xFC\xB7\x3E\x27\x37\x8E\x22\xE3\xA8\x4F\x2A\xEF\x60\xBB\x3D\xB7\x39\xC3\x0E\x01\x47\x99\x5D\x12\x4F\xDB\x43\xFA\x57\xA1\xED\xF9\x9D\xBE\x11\x47\x26\x5B\x13\x98\xAB\x5D\x16\x8A\xB0\x37\x1C\x57\x9D\x45\xFF\x88\x96\x36\xBF\xBB\xCA\x07\x7B\x6F\x87\x63\xD7\xD0\x32\x6A\xD6\x5D\x6C\x0C\xF1\xB3\x6E\x39\xE2\x6B\x31\x2E\x39\x00\x27\x14\xDE\x38\xC0\xEC\x19\x66\x86\x12\xE8\x9D\x72\x16\x13\x64\x52\xC7\xA9\x37\x1C\xFD\x82\x30\xED\x84\x18\x1D\xF4\xAE\x5C\xFF\x70\x13\x00\xEB\xB1\xF5\x33\x7A\x4B\xD6\x55\xF8\x05\x8D\x4B\x69\xB0\xF5\xB3\x28\x36\x5C\x14\xC4\x51\x73\x4D\x6B\x0B\xF1\x34\x07\xDB\x17\x39\xD7\xDC\x28\x7B\x6B\xF5\x9F\xF3\x2E\xC1\x4F\x17\x2A\x10\xF3\xCC\xCA\xE8\xEB\xFD\x6B\xAB\x2E\x9A\x9F\x2D\x82\x6E\x04\xD4\x52\x01\x93\x2D\x3D\x86\xFC\x7E\xFC\xDF\xEF\x42\x1D\xA6\x6B\xEF\xB9\x20\xC6\xF7\xBD\xA0\xA7\x95\xFD\xA7\xE6\x89\x24\xD8\xCC\x8C\x34\x6C\xE2\x23\x2F\xD9\x12\x1A\x21\xB9\x55\x91\x6F\x0B\x91\x79\x19\x0C\xAD\x40\x88\x0B\x70\xE2\x7A\xD2\x0E\xD8\x68\x48\xBB\x82\x13\x39\x10\x58\xE9\xD8\x2A\x07\xC6\x12\xDB\x58\xDB\xD2\x3B\x55\x10\x47\x05\x15\x67\x62\x7E\x18\x63\xA6\x46\x3F\x09\x0E\x54\x32\x5E\xBF\x0D\x62\x7A\x27\xEF\x80\xE8\xDB\xD9\x4B\x06\x5A\x37\x5A\x25\xD0\x08\x12\x77\xD4\x6F\x09\x50\x97\x3D\xC8\x1D\xC3\xDF\x8C\x45\x30\x56\xC6\xD3\x64\xAB\x66\xF3\xC0\x5E\x96\x9C\xC3\xC4\xEF\xC3\x7C\x6B\x8B\x3A\x79\x7F\xB3\x49\xCF\x3D\xE2\x89\x9F\xA0\x30\x4B\x85\xB9\x9C\x94\x24\x79\x8F\x7D\x6B\xA9\x45\x68\x0F\x2B\xD0\xF1\xDA\x1C\xCB\x69\xB8\xCA\x49\x62\x6D\xC8\xD0\x63\x62\xDD\x60\x0F\x58\xAA\x8F\xA1\xBC\x05\xA5\x66\xA2\xCF\x1B\x76\xB2\x84\x64\xB1\x4C\x39\x52\xC0\x30\xBA\xF0\x8C\x4B\x02\xB0\xB6\xB7\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x47\xB8\xCD\xFF\xE5\x6F\xEE\xF8\xB2\xEC\x2F\x4E\x0E\xF9\x25\xB0\x8E\x3C\x6B\xC3\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x00\x20\x23\x41\x35\x04\x90\xC2\x40\x62\x60\xEF\xE2\x35\x4C\xD7\x3F\xAC\xE2\x34\x90\xB8\xA1\x6F\x76\xFA\x16\x16\xA4\x48\x37\x2C\xE9\x90\xC2\xF2\x3C\xF8\x0A\x9F\xD8\x81\xE5\xBB\x5B\xDA\x25\x2C\xA4\xA7\x55\x71\x24\x32\xF6\xC8\x0B\xF2\xBC\x6A\xF8\x93\xAC\xB2\x07\xC2\x5F\x9F\xDB\xCC\xC8\x8A\xAA\xBE\x6A\x6F\xE1\x49\x10\xCC\x31\xD7\x80\xBB\xBB\xC8\xD8\xA2\x0E\x64\x57\xEA\xA2\xF5\xC2\xA9\x31\x15\xD2\x20\x6A\xEC\xFC\x22\x01\x28\xCF\x86\xB8\x80\x1E\xA9\xCC\x11\xA5\x3C\xF2\x16\xB3\x47\x9D\xFC\xD2\x80\x21\xC4\xCB\xD0\x47\x70\x41\xA1\xCA\x83\x19\x08\x2C\x6D\xF2\x5D\x77\x9C\x8A\x14\x13\xD4\x36\x1C\x92\xF0\xE5\x06\x37\xDC\xA6\xE6\x90\x9B\x38\x8F\x5C\x6B\x1B\x46\x86\x43\x42\x5F\x3E\x01\x07\x53\x54\x5D\x65\x7D\xF7\x8A\x73\xA1\x9A\x54\x5A\x1F\x29\x43\x14\x27\xC2\x85\x0F\xB5\x88\x7B\x1A\x3B\x94\xB7\x1D\x60\xA7\xB5\x9C\xE7\x29\x69\x57\x5A\x9B\x93\x7A\x43\x30\x1B\x03\xD7\x62\xC8\x40\xA6\xAA\xFC\x64\xE4\x4A\xD7\x91\x53\x01\xA8\x20\x88\x6E\x9C\x5F\x44\xB9\xCB\x60\x81\x34\xEC\x6F\xD3\x7D\xDA\x48\x5F\xEB\xB4\x90\xBC\x2D\xA9\x1C\x0B\xAC\x1C\xD5\xA2\x68\x20\x80\x04\xD6\xFC\xB1\x8F\x2F\xBB\x4A\x31\x0D\x4A\x86\x1C\xEB\xE2\x36\x29\x26\xF5\xDA\xD8\xC4\xF2\x75\x61\xCF\x7E\xAE\x76\x63\x4A\x7A\x40\x65\x93\x87\xF8\x1E\x80\x8C\x86\xE5\x86\xD6\x8F\x0E\xFC\x53\x2C\x60\xE8\x16\x61\x1A\xA2\x3E\x43\x7B\xCD\x39\x60\x54\x6A\xF5\xF2\x89\x26\x01\x68\x83\x48\xA2\x33\xE8\xC9\x04\x91\xB2\x11\x34\x11\x3E\xEA\xD0\x43\x19\x1F\x03\x93\x90\x0C\xFF\x51\x3D\x57\xF4\x41\x6E\xE1\xCB\xA0\xBE\xEB\xC9\x63\xCD\x6D\xCC\xE4\xF8\x36\xAA\x68\x9D\xED\xBD\x5D\x97\x70\x44\x0D\xB6\x0E\x35\xDC\xE1\x0C\x5D\xBB\xA0\x51\x94\xCB\x7E\x16\xEB\x11\x2F\xA3\x92\x45\xC8\x4C\x71\xD9\xBC\xC9\x99\x52\x57\x46\x2F\x50\xCF\xBD\x35\x69\xF4\x3D\x15\xCE\x06\xA5\x2C\x0F\x3E\xF6\x81\xBA\x94\xBB\xC3\xBB\xBF\x65\x78\xD2\x86\x79\xFF\x49\x3B\x1A\x83\x0C\xF0\xDE\x78\xEC\xC8\xF2\x4D\x4C\x1A\xDE\x82\x29\xF8\xC1\x5A\xDA\xED\xEE\xE6\x27\x5E\xE8\x45\xD0\x9D\x1C\x51\xA8\x68\xAB\x44\xE3\xD0\x8B\x6A\xE3\xF8\x3B\xBB\xDC\x4D\xD7\x64\xF2\x51\xBE\xE6\xAA\xAB\x5A\xE9\x31\xEE\x06\xBC\x73\xBF\x13\x62\x0A\x9F\xC7\xB9\x97", ["CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE"] = "\x30\x82\x03\xC3\x30\x82\x02\xAB\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x30\x1E\x17\x0D\x30\x38\x31\x30\x30\x31\x31\x30\x32\x39\x35\x36\x5A\x17\x0D\x33\x33\x31\x30\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x81\x82\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x2B\x30\x29\x06\x03\x55\x04\x0A\x0C\x22\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x45\x6E\x74\x65\x72\x70\x72\x69\x73\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x20\x47\x6D\x62\x48\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x0C\x16\x54\x2D\x53\x79\x73\x74\x65\x6D\x73\x20\x54\x72\x75\x73\x74\x20\x43\x65\x6E\x74\x65\x72\x31\x25\x30\x23\x06\x03\x55\x04\x03\x0C\x1C\x54\x2D\x54\x65\x6C\x65\x53\x65\x63\x20\x47\x6C\x6F\x62\x61\x6C\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBD\x75\x93\xF0\x62\x22\x6F\x24\xAE\xE0\x7A\x76\xAC\x7D\xBD\xD9\x24\xD5\xB8\xB7\xFC\xCD\xF0\x42\xE0\xEB\x78\x88\x56\x5E\x9B\x9A\x54\x1D\x4D\x0C\x8A\xF6\xD3\xCF\x70\xF4\x52\xB5\xD8\x93\x04\xE3\x46\x86\x71\x41\x4A\x2B\xF0\x2A\x2C\x55\x03\xD6\x48\xC3\xE0\x39\x38\xED\xF2\x5C\x3C\x3F\x44\xBC\x93\x3D\x61\xAB\x4E\xCD\x0D\xBE\xF0\x20\x27\x58\x0E\x44\x7F\x04\x1A\x87\xA5\xD7\x96\x14\x36\x90\xD0\x49\x7B\xA1\x75\xFB\x1A\x6B\x73\xB1\xF8\xCE\xA9\x09\x2C\xF2\x53\xD5\xC3\x14\x44\xB8\x86\xA5\xF6\x8B\x2B\x39\xDA\xA3\x33\x54\xD9\xFA\x72\x1A\xF7\x22\x15\x1C\x88\x91\x6B\x7F\x66\xE5\xC3\x6A\x80\xB0\x24\xF3\xDF\x86\x45\x88\xFD\x19\x7F\x75\x87\x1F\x1F\xB1\x1B\x0A\x73\x24\x5B\xB9\x65\xE0\x2C\x54\xC8\x60\xD3\x66\x17\x3F\xE1\xCC\x54\x33\x73\x91\x02\x3A\xA6\x7F\x7B\x76\x39\xA2\x1F\x96\xB6\x38\xAE\xB5\xC8\x93\x74\x1D\x9E\xB9\xB4\xE5\x60\x9D\x2F\x56\xD1\xE0\xEB\x5E\x5B\x4C\x12\x70\x0C\x6C\x44\x20\xAB\x11\xD8\xF4\x19\xF6\xD2\x9C\x52\x37\xE7\xFA\xB6\xC2\x31\x3B\x4A\xD4\x14\x99\xAD\xC7\x1A\xF5\x5D\x5F\xFA\x07\xB8\x7C\x0D\x1F\xD6\x83\x1E\xB3\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB5\x03\xF7\x76\x3B\x61\x82\x6A\x12\xAA\x18\x53\xEB\x03\x21\x94\xBF\xFE\xCE\xCA\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x56\x3D\xEF\x94\xD5\xBD\xDA\x73\xB2\x58\xBE\xAE\x90\xAD\x98\x27\x97\xFE\x01\xB1\xB0\x52\x00\xB8\x4D\xE4\x1B\x21\x74\x1B\x7E\xC0\xEE\x5E\x69\x2A\x25\xAF\x5C\xD6\x1D\xDA\xD2\x79\xC9\xF3\x97\x29\xE0\x86\x87\xDE\x04\x59\x0F\xF1\x59\xD4\x64\x85\x4B\x99\xAF\x25\x04\x1E\xC9\x46\xA9\x97\xDE\x82\xB2\x1B\x70\x9F\x9C\xF6\xAF\x71\x31\xDD\x7B\x05\xA5\x2C\xD3\xB9\xCA\x47\xF6\xCA\xF2\xF6\xE7\xAD\xB9\x48\x3F\xBC\x16\xB7\xC1\x6D\xF4\xEA\x09\xAF\xEC\xF3\xB5\xE7\x05\x9E\xA6\x1E\x8A\x53\x51\xD6\x93\x81\xCC\x74\x93\xF6\xB9\xDA\xA6\x25\x05\x74\x79\x5A\x7E\x40\x3E\x82\x4B\x26\x11\x30\x6E\xE1\x3F\x41\xC7\x47\x00\x35\xD5\xF5\xD3\xF7\x54\x3E\x81\x3D\xDA\x49\x6A\x9A\xB3\xEF\x10\x3D\xE6\xEB\x6F\xD1\xC8\x22\x47\xCB\xCC\xCF\x01\x31\x92\xD9\x18\xE3\x22\xBE\x09\x1E\x1A\x3E\x5A\xB2\xE4\x6B\x0C\x54\x7A\x7D\x43\x4E\xB8\x89\xA5\x7B\xD7\xA2\x3D\x96\x86\xCC\xF2\x26\x34\x2D\x6A\x92\x9D\x9A\x1A\xD0\x30\xE2\x5D\x4E\x04\xB0\x5F\x8B\x20\x7E\x77\xC1\x3D\x95\x82\xD1\x46\x9A\x3B\x3C\x78\xB8\x6F\xA1\xD0\x0D\x64\xA2\x78\x1E\x29\x4E\x93\xC3\xA4\x54\x14\x5B", ["emailAddress=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE"] = "\x30\x82\x04\x03\x30\x82\x02\xEB\xA0\x03\x02\x01\x02\x02\x10\x54\x80\xF9\xA0\x73\xED\x3F\x00\x4C\xCA\x89\xD8\xE3\x71\xE6\x4A\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x0C\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x45\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x72\x65\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x30\x22\x18\x0F\x32\x30\x31\x30\x31\x30\x33\x30\x31\x30\x31\x30\x33\x30\x5A\x18\x0F\x32\x30\x33\x30\x31\x32\x31\x37\x32\x33\x35\x39\x35\x39\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x45\x31\x22\x30\x20\x06\x03\x55\x04\x0A\x0C\x19\x41\x53\x20\x53\x65\x72\x74\x69\x66\x69\x74\x73\x65\x65\x72\x69\x6D\x69\x73\x6B\x65\x73\x6B\x75\x73\x31\x28\x30\x26\x06\x03\x55\x04\x03\x0C\x1F\x45\x45\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x72\x65\x20\x52\x6F\x6F\x74\x20\x43\x41\x31\x18\x30\x16\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x09\x70\x6B\x69\x40\x73\x6B\x2E\x65\x65\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xC8\x20\xC0\xEC\xE0\xC5\x4B\xAB\x07\x78\x95\xF3\x44\xEE\xFB\x0B\x0C\xFF\x74\x8E\x61\xBB\xB1\x62\xEA\x23\xD8\xAB\xA1\x65\x32\x7A\xEB\x8E\x17\x4F\x96\xD8\x0A\x7B\x91\xA2\x63\x6C\xC7\x8C\x4C\x2E\x79\xBF\xA9\x05\xFC\x69\x5C\x95\x8D\x62\xF9\xB9\x70\xED\xC3\x51\x7D\xD0\x93\xE6\x6C\xEB\x30\x4B\xE1\xBC\x7D\xBF\x52\x9B\xCE\x6E\x7B\x65\xF2\x38\xB1\xC0\xA2\x32\xEF\x62\xB2\x68\xE0\x61\x53\xC1\x36\x95\xFF\xEC\x94\xBA\x36\xAE\x9C\x1C\xA7\x32\x0F\xE5\x7C\xB4\xC6\x6F\x74\xFD\x7B\x18\xE8\xAC\x57\xED\x06\x20\x4B\x32\x30\x58\x5B\xFD\xCD\xA8\xE6\xA1\xFC\x70\xBC\x8E\x92\x73\xDB\x97\xA7\x7C\x21\xAE\x3D\xC1\xF5\x48\x87\x6C\x27\xBD\x9F\x25\x74\x81\x55\xB0\xF7\x75\xF6\x3D\xA4\x64\x6B\xD6\x4F\xE7\xCE\x40\xAD\x0F\xDD\x32\xD3\xBC\x8A\x12\x53\x98\xC9\x89\xFB\x10\x1D\x4D\x7E\xCD\x7E\x1F\x56\x0D\x21\x70\x85\xF6\x20\x83\x1F\xF6\xBA\x1F\x04\x8F\xEA\x77\x88\x35\xC4\xFF\xEA\x4E\xA1\x8B\x4D\x3F\x63\x1B\x44\xC3\x44\xD4\x25\x76\xCA\xB7\x8D\xD7\x1E\x4A\x66\x64\xCD\x5C\xC5\x9C\x83\xE1\xC2\x08\x88\x9A\xEC\x4E\xA3\xF1\x3E\x1C\x2C\xD9\x6C\x1D\xA1\x4B\x02\x03\x01\x00\x01\xA3\x81\x8A\x30\x81\x87\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x12\xF2\x5A\x3E\xEA\x56\x1C\xBF\xCD\x06\xAC\xF1\xF1\x25\xC9\xA9\x4B\xD4\x14\x99\x30\x45\x06\x03\x55\x1D\x25\x04\x3E\x30\x3C\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x03\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x04\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x08\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x7B\xF6\xE4\xC0\x0D\xAA\x19\x47\xB7\x4D\x57\xA3\xFE\xAD\xBB\xB1\x6A\xD5\x0F\x9E\xDB\xE4\x63\xC5\x8E\xA1\x50\x56\x93\x96\xB8\x38\xC0\x24\x22\x66\xBC\x53\x14\x61\x95\xBF\xD0\xC7\x2A\x96\x39\x3F\x7D\x28\xB3\x10\x40\x21\x6A\xC4\xAF\xB0\x52\x77\x18\xE1\x96\xD8\x56\x5D\xE3\xDD\x36\x5E\x1D\xA7\x50\x54\xA0\xC5\x2A\xE4\xAA\x8C\x94\x8A\x4F\x9D\x35\xFF\x76\xA4\x06\x13\x91\xA2\xA2\x7D\x00\x44\x3F\x55\xD3\x82\x3C\x1A\xD5\x5B\xBC\x56\x4C\x22\x2E\x46\x43\x8A\x24\x40\x2D\xF3\x12\xB8\x3B\x70\x1A\xA4\x96\xB9\x1A\xAF\x87\x41\x1A\x6A\x18\x0D\x06\x4F\xC7\x3E\x6E\xB9\x29\x4D\x0D\x49\x89\x11\x87\x32\x5B\xE6\x4B\x04\xC8\xE4\x5C\xE6\x74\x73\x94\x5D\x16\x98\x13\x95\xFE\xFB\xDB\xB1\x44\xE5\x3A\x70\xAC\x37\x6B\xE6\xB3\x33\x72\x28\xC9\xB3\x57\xA0\xF6\x02\x16\x88\x06\x0B\xB6\xA6\x4B\x20\x28\xD4\xDE\x3D\x8B\xAD\x37\x05\x53\x74\xFE\x6E\xCC\xBC\x43\x17\x71\x5E\xF9\xC5\xCC\x1A\xA9\x61\xEE\xF7\x76\x0C\xF3\x72\xF4\x72\xAD\xCF\x72\x02\x36\x07\x47\xCF\xEF\x19\x50\x89\x60\xCC\xE9\x24\x95\x0F\xC2\xCB\x1D\xF2\x6F\x76\x90\xC7\xCC\x75\xC1\x96\xC5\x9D", + ["O=T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E. (c) Aral\C4\B1k 2007,L=Ankara,C=TR,CN=T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1"] = "\x30\x82\x04\x3D\x30\x82\x03\x25\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xBF\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x5E\x30\x5C\x06\x03\x55\x04\x0A\x0C\x55\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x20\x28\x63\x29\x20\x41\x72\x61\x6C\xC4\xB1\x6B\x20\x32\x30\x30\x37\x30\x1E\x17\x0D\x30\x37\x31\x32\x32\x35\x31\x38\x33\x37\x31\x39\x5A\x17\x0D\x31\x37\x31\x32\x32\x32\x31\x38\x33\x37\x31\x39\x5A\x30\x81\xBF\x31\x3F\x30\x3D\x06\x03\x55\x04\x03\x0C\x36\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x45\x6C\x65\x6B\x74\x72\x6F\x6E\x69\x6B\x20\x53\x65\x72\x74\x69\x66\x69\x6B\x61\x20\x48\x69\x7A\x6D\x65\x74\x20\x53\x61\xC4\x9F\x6C\x61\x79\xC4\xB1\x63\xC4\xB1\x73\xC4\xB1\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x54\x52\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x0C\x06\x41\x6E\x6B\x61\x72\x61\x31\x5E\x30\x5C\x06\x03\x55\x04\x0A\x0C\x55\x54\xC3\x9C\x52\x4B\x54\x52\x55\x53\x54\x20\x42\x69\x6C\x67\x69\x20\xC4\xB0\x6C\x65\x74\x69\xC5\x9F\x69\x6D\x20\x76\x65\x20\x42\x69\x6C\x69\xC5\x9F\x69\x6D\x20\x47\xC3\xBC\x76\x65\x6E\x6C\x69\xC4\x9F\x69\x20\x48\x69\x7A\x6D\x65\x74\x6C\x65\x72\x69\x20\x41\x2E\xC5\x9E\x2E\x20\x28\x63\x29\x20\x41\x72\x61\x6C\xC4\xB1\x6B\x20\x32\x30\x30\x37\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\xB7\x3E\x0A\x8C\xC8\xA5\x58\x15\xE6\x8A\xEF\x27\x3D\x4A\xB4\xE8\x25\xD3\xCD\x33\xC2\x20\xDC\x19\xEE\x88\x3F\x4D\x62\xF0\xDD\x13\x77\x8F\x61\xA9\x2A\xB5\xD4\xF2\xB9\x31\x58\x29\x3B\x2F\x3F\x6A\x9C\x6F\x73\x76\x25\xEE\x34\x20\x80\xEE\xEA\xB7\xF0\xC4\x0A\xCD\x2B\x86\x94\xC9\xE3\x60\xB1\x44\x52\xB2\x5A\x29\xB4\x91\x97\x83\xD8\xB7\xA6\x14\x2F\x29\x49\xA2\xF3\x05\x06\xFB\xB4\x4F\xDA\xA1\x6C\x9A\x66\x9F\xF0\x43\x09\xCA\xEA\x72\x8F\xEB\x00\xD7\x35\x39\xD7\x56\x17\x47\x17\x30\xF4\xBE\xBF\x3F\xC2\x68\xAF\x36\x40\xC1\xA9\xF4\xA9\xA7\xE8\x10\x6B\x08\x8A\xF7\x86\x1E\xDC\x9A\x2A\x15\x06\xF6\xA3\xF0\xF4\xE0\xC7\x14\xD4\x51\x7F\xCF\xB4\xDB\x6D\xAF\x47\x96\x17\x9B\x77\x71\xD8\xA7\x71\x9D\x24\x0C\xF6\x94\x3F\x85\x31\x12\x4F\xBA\xEE\x4E\x82\xB8\xB9\x3E\x8F\x23\x37\x5E\xCC\xA2\xAA\x75\xF7\x18\x6F\x09\xD3\xAE\xA7\x54\x28\x34\xFB\xE1\xE0\x3B\x60\x7D\xA0\xBE\x79\x89\x86\xC8\x9F\x2D\xF9\x0A\x4B\xC4\x50\xA2\xE7\xFD\x79\x16\xC7\x7A\x0B\x18\xCF\xCE\x4C\xEF\x7D\xD6\x07\x6F\x98\xF1\xAF\xB1\xC1\x7A\xD7\x81\x35\xB8\xAA\x17\xB4\xE0\xCB\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x29\xC5\x90\xAB\x25\xAF\x11\xE4\x61\xBF\xA3\xFF\x88\x61\x91\xE6\x0E\xFE\x9C\x81\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x10\x0D\xDA\xF8\x3A\xEC\x28\xD1\x14\x95\x82\xB1\x12\x2C\x51\x7A\x41\x25\x36\x4C\x9F\xEC\x3F\x1F\x84\x9D\x65\x54\x5C\xA8\x16\x02\x40\xFA\x6E\x1A\x37\x84\xEF\x72\x9D\x86\x0A\x55\x9D\x56\x28\xAC\x66\x2C\xD0\x3A\x56\x93\x34\x07\x25\xAD\x08\xB0\x8F\xC8\x0F\x09\x59\xCA\x9D\x98\x1C\xE5\x54\xF8\xB9\x45\x7F\x6A\x97\x6F\x88\x68\x4D\x4A\x06\x26\x37\x88\x02\x0E\xB6\xC6\xD6\x72\x99\xCE\x6B\x77\xDA\x62\x31\xA4\x56\x1F\xAE\x5F\x8D\x77\xDA\x5D\xF6\x88\xFC\x1A\xD9\x9E\xB5\x81\xF0\x32\xB8\xE3\x88\xD0\x9C\xF3\x6A\xA0\xB9\x9B\x14\x59\x35\x36\x4F\xCF\xF3\x8E\x5E\x5D\x17\xAD\x15\x95\xD8\xDD\xB2\xD5\x15\x6E\x00\x4E\xB3\x4B\xCF\x66\x94\xE4\xE0\xCD\xB5\x05\xDA\x63\x57\x8B\xE5\xB3\xAA\xDB\xC0\x2E\x1C\x90\x44\xDB\x1A\x5D\x18\xA4\xEE\xBE\x04\x5B\x99\xD5\x71\x5F\x55\x65\x64\x62\xD5\xA2\x9B\x04\x59\x86\xC8\x62\x77\xE7\x7C\x82\x45\x6A\x3D\x17\xBF\xEC\x9D\x75\x0C\xAE\xA3\x6F\x5A\xD3\x2F\x98\x36\xF4\xF0\xF5\x19\xAB\x11\x5D\xC8\xA6\xE3\x2A\x58\x6A\x42\x09\xC3\xBD\x92\x26\x66\x32\x0D\x5D\x08\x55\x74\xFF\x8C\x98\xD0\x0A\xA6\x84\x6A\xD1\x39\x7D", + ["CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE"] = "\x30\x82\x04\x33\x30\x82\x03\x1B\xA0\x03\x02\x01\x02\x02\x03\x09\x83\xF3\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x32\x30\x30\x39\x30\x1E\x17\x0D\x30\x39\x31\x31\x30\x35\x30\x38\x33\x35\x35\x38\x5A\x17\x0D\x32\x39\x31\x31\x30\x35\x30\x38\x33\x35\x35\x38\x5A\x30\x4D\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x27\x30\x25\x06\x03\x55\x04\x03\x0C\x1E\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x32\x30\x30\x39\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xD3\xB2\x4A\xCF\x7A\x47\xEF\x75\x9B\x23\xFA\x3A\x2F\xD6\x50\x45\x89\x35\x3A\xC6\x6B\xDB\xFE\xDB\x00\x68\xA8\xE0\x03\x11\x1D\x37\x50\x08\x9F\x4D\x4A\x68\x94\x35\xB3\x53\xD1\x94\x63\xA7\x20\x56\xAF\xDE\x51\x78\xEC\x2A\x3D\xF3\x48\x48\x50\x3E\x0A\xDF\x46\x55\x8B\x27\x6D\xC3\x10\x4D\x0D\x91\x52\x43\xD8\x87\xE0\x5D\x4E\x36\xB5\x21\xCA\x5F\x39\x40\x04\x5F\x5B\x7E\xCC\xA3\xC6\x2B\xA9\x40\x1E\xD9\x36\x84\xD6\x48\xF3\x92\x1E\x34\x46\x20\x24\xC1\xA4\x51\x8E\x4A\x1A\xEF\x50\x3F\x69\x5D\x19\x7F\x45\xC3\xC7\x01\x8F\x51\xC9\x23\xE8\x72\xAE\xB4\xBC\x56\x09\x7F\x12\xCB\x1C\xB1\xAF\x29\x90\x0A\xC9\x55\xCC\x0F\xD3\xB4\x1A\xED\x47\x35\x5A\x4A\xED\x9C\x73\x04\x21\xD0\xAA\xBD\x0C\x13\xB5\x00\xCA\x26\x6C\xC4\x6B\x0C\x94\x5A\x95\x94\xDA\x50\x9A\xF1\xFF\xA5\x2B\x66\x31\xA4\xC9\x38\xA0\xDF\x1D\x1F\xB8\x09\x2E\xF3\xA7\xE8\x67\x52\xAB\x95\x1F\xE0\x46\x3E\xD8\xA4\xC3\xCA\x5A\xC5\x31\x80\xE8\x48\x9A\x9F\x94\x69\xFE\x19\xDD\xD8\x73\x7C\x81\xCA\x96\xDE\x8E\xED\xB3\x32\x05\x65\x84\x34\xE6\xE6\xFD\x57\x10\xB5\x5F\x76\xBF\x2F\xB0\x10\x0D\xC5\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xFD\xDA\x14\xC4\x9F\x30\xDE\x21\xBD\x1E\x42\x39\xFC\xAB\x63\x23\x49\xE0\xF1\x84\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\xD3\x06\x03\x55\x1D\x1F\x04\x81\xCB\x30\x81\xC8\x30\x81\x80\xA0\x7E\xA0\x7C\x86\x7A\x6C\x64\x61\x70\x3A\x2F\x2F\x64\x69\x72\x65\x63\x74\x6F\x72\x79\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x4E\x3D\x44\x2D\x54\x52\x55\x53\x54\x25\x32\x30\x52\x6F\x6F\x74\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x32\x25\x32\x30\x32\x30\x30\x39\x2C\x4F\x3D\x44\x2D\x54\x72\x75\x73\x74\x25\x32\x30\x47\x6D\x62\x48\x2C\x43\x3D\x44\x45\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x72\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x6C\x69\x73\x74\x30\x43\xA0\x41\xA0\x3F\x86\x3D\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x63\x72\x6C\x2F\x64\x2D\x74\x72\x75\x73\x74\x5F\x72\x6F\x6F\x74\x5F\x63\x6C\x61\x73\x73\x5F\x33\x5F\x63\x61\x5F\x32\x5F\x32\x30\x30\x39\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x7F\x97\xDB\x30\xC8\xDF\xA4\x9C\x7D\x21\x7A\x80\x70\xCE\x14\x12\x69\x88\x14\x95\x60\x44\x01\xAC\xB2\xE9\x30\x4F\x9B\x50\xC2\x66\xD8\x7E\x8D\x30\xB5\x70\x31\xE9\xE2\x69\xC7\xF3\x70\xDB\x20\x15\x86\xD0\x0D\xF0\xBE\xAC\x01\x75\x84\xCE\x7E\x9F\x4D\xBF\xB7\x60\x3B\x9C\xF3\xCA\x1D\xE2\x5E\x68\xD8\xA3\x9D\x97\xE5\x40\x60\xD2\x36\x21\xFE\xD0\xB4\xB8\x17\xDA\x74\xA3\x7F\xD4\xDF\xB0\x98\x02\xAC\x6F\x6B\x6B\x2C\x25\x24\x72\xA1\x65\xEE\x25\x5A\xE5\xE6\x32\xE7\xF2\xDF\xAB\x49\xFA\xF3\x90\x69\x23\xDB\x04\xD9\xE7\x5C\x58\xFC\x65\xD4\x97\xBE\xCC\xFC\x2E\x0A\xCC\x25\x2A\x35\x04\xF8\x60\x91\x15\x75\x3D\x41\xFF\x23\x1F\x19\xC8\x6C\xEB\x82\x53\x04\xA6\xE4\x4C\x22\x4D\x8D\x8C\xBA\xCE\x5B\x73\xEC\x64\x54\x50\x6D\xD1\x9C\x55\xFB\x69\xC3\x36\xC3\x8C\xBC\x3C\x85\xA6\x6B\x0A\x26\x0D\xE0\x93\x98\x60\xAE\x7E\xC6\x24\x97\x8A\x61\x5F\x91\x8E\x66\x92\x09\x87\x36\xCD\x8B\x9B\x2D\x3E\xF6\x51\xD4\x50\xD4\x59\x28\xBD\x83\xF2\xCC\x28\x7B\x53\x86\x6D\xD8\x26\x88\x70\xD7\xEA\x91\xCD\x3E\xB9\xCA\xC0\x90\x6E\x5A\xC6\x5E\x74\x65\xD7\x5C\xFE\xA3\xE2", + ["CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE"] = "\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x03\x09\x83\xF4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x45\x56\x20\x32\x30\x30\x39\x30\x1E\x17\x0D\x30\x39\x31\x31\x30\x35\x30\x38\x35\x30\x34\x36\x5A\x17\x0D\x32\x39\x31\x31\x30\x35\x30\x38\x35\x30\x34\x36\x5A\x30\x50\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x44\x45\x31\x15\x30\x13\x06\x03\x55\x04\x0A\x0C\x0C\x44\x2D\x54\x72\x75\x73\x74\x20\x47\x6D\x62\x48\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x0C\x21\x44\x2D\x54\x52\x55\x53\x54\x20\x52\x6F\x6F\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x43\x41\x20\x32\x20\x45\x56\x20\x32\x30\x30\x39\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x99\xF1\x84\x34\x70\xBA\x2F\xB7\x30\xA0\x8E\xBD\x7C\x04\xCF\xBE\x62\xBC\x99\xFD\x82\x97\xD2\x7A\x0A\x67\x96\x38\x09\xF6\x10\x4E\x95\x22\x73\x99\x8D\xDA\x15\x2D\xE7\x05\xFC\x19\x73\x22\xB7\x8E\x98\x00\xBC\x3C\x3D\xAC\xA1\x6C\xFB\xD6\x79\x25\x4B\xAD\xF0\xCC\x64\xDA\x88\x3E\x29\xB8\x0F\x09\xD3\x34\xDD\x33\xF5\x62\xD1\xE1\xCD\x19\xE9\xEE\x18\x4F\x4C\x58\xAE\xE2\x1E\xD6\x0C\x5B\x15\x5A\xD8\x3A\xB8\xC4\x18\x64\x1E\xE3\x33\xB2\xB5\x89\x77\x4E\x0C\xBF\xD9\x94\x6B\x13\x97\x6F\x12\xA3\xFE\x99\xA9\x04\xCC\x15\xEC\x60\x68\x36\xED\x08\x7B\xB7\xF5\xBF\x93\xED\x66\x31\x83\x8C\xC6\x71\x34\x87\x4E\x17\xEA\xAF\x8B\x91\x8D\x1C\x56\x41\xAE\x22\x37\x5E\x37\xF2\x1D\xD9\xD1\x2D\x0D\x2F\x69\x51\xA7\xBE\x66\xA6\x8A\x3A\x2A\xBD\xC7\x1A\xB1\xE1\x14\xF0\xBE\x3A\x1D\xB9\xCF\x5B\xB1\x6A\xFE\xB4\xB1\x46\x20\xA2\xFB\x1E\x3B\x70\xEF\x93\x98\x7D\x8C\x73\x96\xF2\xC5\xEF\x85\x70\xAD\x29\x26\xFC\x1E\x04\x3E\x1C\xA0\xD8\x0F\xCB\x52\x83\x62\x7C\xEE\x8B\x53\x95\x90\xA9\x57\xA2\xEA\x61\x05\xD8\xF9\x4D\xC4\x27\xFA\x6E\xAD\xED\xF9\xD7\x51\xF7\x6B\xA5\x02\x03\x01\x00\x01\xA3\x82\x01\x24\x30\x82\x01\x20\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xD3\x94\x8A\x4C\x62\x13\x2A\x19\x2E\xCC\xAF\x72\x8A\x7D\x36\xD7\x9A\x1C\xDC\x67\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x81\xDD\x06\x03\x55\x1D\x1F\x04\x81\xD5\x30\x81\xD2\x30\x81\x87\xA0\x81\x84\xA0\x81\x81\x86\x7F\x6C\x64\x61\x70\x3A\x2F\x2F\x64\x69\x72\x65\x63\x74\x6F\x72\x79\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x43\x4E\x3D\x44\x2D\x54\x52\x55\x53\x54\x25\x32\x30\x52\x6F\x6F\x74\x25\x32\x30\x43\x6C\x61\x73\x73\x25\x32\x30\x33\x25\x32\x30\x43\x41\x25\x32\x30\x32\x25\x32\x30\x45\x56\x25\x32\x30\x32\x30\x30\x39\x2C\x4F\x3D\x44\x2D\x54\x72\x75\x73\x74\x25\x32\x30\x47\x6D\x62\x48\x2C\x43\x3D\x44\x45\x3F\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x72\x65\x76\x6F\x63\x61\x74\x69\x6F\x6E\x6C\x69\x73\x74\x30\x46\xA0\x44\xA0\x42\x86\x40\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x64\x2D\x74\x72\x75\x73\x74\x2E\x6E\x65\x74\x2F\x63\x72\x6C\x2F\x64\x2D\x74\x72\x75\x73\x74\x5F\x72\x6F\x6F\x74\x5F\x63\x6C\x61\x73\x73\x5F\x33\x5F\x63\x61\x5F\x32\x5F\x65\x76\x5F\x32\x30\x30\x39\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x34\xED\x7B\x5A\x3C\xA4\x94\x88\xEF\x1A\x11\x75\x07\x2F\xB3\xFE\x3C\xFA\x1E\x51\x26\xEB\x87\xF6\x29\xDE\xE0\xF1\xD4\xC6\x24\x09\xE9\xC1\xCF\x55\x1B\xB4\x30\xD9\xCE\x1A\xFE\x06\x51\xA6\x15\xA4\x2D\xEF\xB2\x4B\xBF\x20\x28\x25\x49\xD1\xA6\x36\x77\x34\xE8\x64\xDF\x52\xB1\x11\xC7\x73\x7A\xCD\x39\x9E\xC2\xAD\x8C\x71\x21\xF2\x5A\x6B\xAF\xDF\x3C\x4E\x55\xAF\xB2\x84\x65\x14\x89\xB9\x77\xCB\x2A\x31\xBE\xCF\xA3\x6D\xCF\x6F\x48\x94\x32\x46\x6F\xE7\x71\x8C\xA0\xA6\x84\x19\x37\x07\xF2\x03\x45\x09\x2B\x86\x75\x7C\xDF\x5F\x69\x57\x00\xDB\x6E\xD8\xA6\x72\x22\x4B\x50\xD4\x75\x98\x56\xDF\xB7\x18\xFF\x43\x43\x50\xAE\x7A\x44\x7B\xF0\x79\x51\xD7\x43\x3D\xA7\xD3\x81\xD3\xF0\xC9\x4F\xB9\xDA\xC6\x97\x86\xD0\x82\xC3\xE4\x42\x6D\xFE\xB0\xE2\x64\x4E\x0E\x26\xE7\x40\x34\x26\xB5\x08\x89\xD7\x08\x63\x63\x38\x27\x75\x1E\x33\xEA\x6E\xA8\xDD\x9F\x99\x4F\x74\x4D\x81\x89\x80\x4B\xDD\x9A\x97\x29\x5C\x2F\xBE\x81\x41\xB9\x8C\xFF\xEA\x7D\x60\x06\x9E\xCD\xD7\x3D\xD3\x2E\xA3\x15\xBC\xA8\xE6\x26\xE5\x6F\xC3\xDC\xB8\x03\x21\xEA\x9F\x16\xF1\x2C\x54\xB5", + ["CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,emailAddress=contacto@procert.net.ve"] = "\x30\x82\x09\x86\x30\x82\x07\x6E\xA0\x03\x02\x01\x02\x02\x01\x0B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x82\x01\x1E\x31\x3E\x30\x3C\x06\x03\x55\x04\x03\x13\x35\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x52\x61\x69\x7A\x20\x64\x65\x6C\x20\x45\x73\x74\x61\x64\x6F\x20\x56\x65\x6E\x65\x7A\x6F\x6C\x61\x6E\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x56\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x43\x61\x72\x61\x63\x61\x73\x31\x19\x30\x17\x06\x03\x55\x04\x08\x13\x10\x44\x69\x73\x74\x72\x69\x74\x6F\x20\x43\x61\x70\x69\x74\x61\x6C\x31\x36\x30\x34\x06\x03\x55\x04\x0A\x13\x2D\x53\x69\x73\x74\x65\x6D\x61\x20\x4E\x61\x63\x69\x6F\x6E\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x43\x30\x41\x06\x03\x55\x04\x0B\x13\x3A\x53\x75\x70\x65\x72\x69\x6E\x74\x65\x6E\x64\x65\x6E\x63\x69\x61\x20\x64\x65\x20\x53\x65\x72\x76\x69\x63\x69\x6F\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x25\x30\x23\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x16\x61\x63\x72\x61\x69\x7A\x40\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x30\x1E\x17\x0D\x31\x30\x31\x32\x32\x38\x31\x36\x35\x31\x30\x30\x5A\x17\x0D\x32\x30\x31\x32\x32\x35\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xD1\x31\x26\x30\x24\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x17\x63\x6F\x6E\x74\x61\x63\x74\x6F\x40\x70\x72\x6F\x63\x65\x72\x74\x2E\x6E\x65\x74\x2E\x76\x65\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x43\x68\x61\x63\x61\x6F\x31\x10\x30\x0E\x06\x03\x55\x04\x08\x13\x07\x4D\x69\x72\x61\x6E\x64\x61\x31\x2A\x30\x28\x06\x03\x55\x04\x0B\x13\x21\x50\x72\x6F\x76\x65\x65\x64\x6F\x72\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x64\x6F\x73\x20\x50\x52\x4F\x43\x45\x52\x54\x31\x36\x30\x34\x06\x03\x55\x04\x0A\x13\x2D\x53\x69\x73\x74\x65\x6D\x61\x20\x4E\x61\x63\x69\x6F\x6E\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x56\x45\x31\x13\x30\x11\x06\x03\x55\x04\x03\x13\x0A\x50\x53\x43\x50\x72\x6F\x63\x65\x72\x74\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xD5\xB7\xF4\xA3\x94\x33\xA1\x46\xA9\x55\x61\x49\x0D\xA8\x87\x73\x5E\x91\x2D\x70\xC1\x06\x1A\x94\xDA\x3D\xEC\x15\x42\xC1\xF5\x8C\xAE\x6A\x17\xF1\x8A\xAD\xFC\x80\x95\xEA\x83\x44\xA2\x5B\x7A\x55\xCE\x4F\xA7\xA5\xD5\xBA\xB8\x1F\xA0\x27\xC0\x50\x53\x3E\x8D\xB9\xC0\x0E\xB8\x15\xDC\xD6\x6C\xF8\x9E\xF8\x04\x25\xDF\x80\x8F\x10\x85\xDD\x7D\x2F\x7B\x80\xDD\x57\x00\x64\x23\xF8\x6E\xC9\xBE\x95\x4F\xE1\x75\xEC\xE0\x7E\x5E\x95\xCD\xB1\xEF\xBE\x7A\x42\xD8\xC9\x2C\xD3\xEB\x1A\x1A\x22\x8B\xB7\x7F\x06\x89\xE5\x3C\xF5\x12\xC0\xBB\xD3\x0B\x99\x5F\x90\x7C\x8E\x2D\x2F\x77\x33\x92\x4A\x21\x46\xA8\xA9\x08\xAC\xF1\xF6\x11\x02\xD9\x95\x16\x9E\x8D\x2F\x96\xE6\x02\xDD\x75\xC2\x14\x2A\x5A\xD6\xC9\x7D\x25\xC2\xC1\xFC\xAA\x67\x85\xE2\xEC\xBE\xD1\x7C\x3C\xFA\xAF\xD5\x6E\xFF\x53\x41\xD4\xF5\x32\x38\xB1\xE2\x5F\xC4\xF9\x8E\x10\xEF\x06\xA9\x02\x89\xFF\xE3\x0C\x6E\x97\xE0\xDF\x9D\xDB\x21\xD0\xF4\x3E\x08\x69\x6C\xD8\xD4\xE4\x36\xF8\x83\xB6\xB2\x36\x8F\x9C\xEF\x3A\x37\x16\x7D\xBF\xA2\x69\xD7\x3B\x5B\x72\xD0\xAF\xAA\x3F\x5C\x66\x93\xAC\x0A\x22\x61\xB6\xD2\xA0\x99\xC8\x54\x93\x5D\xA8\xB6\xD1\xBD\x5D\x0A\x5E\x77\x94\xA2\x2D\xC0\x82\x8E\xBC\xCA\x03\x2A\x34\xAE\x73\xF1\xD4\xB5\x0C\xBD\xBE\x67\x9B\x54\xEB\xE1\xFA\xA0\x5A\xEC\x38\x7E\x3E\xC1\xCC\xA2\xC7\x44\x31\x75\xEA\x3F\xE5\x07\xD2\xAB\xA1\x25\x96\xF6\xE6\xE4\xA0\x5D\x37\x18\x39\x61\x00\x33\x5D\x46\xD4\x00\xC4\xB4\xCA\x3C\xF1\xA2\xA3\x3E\xF3\x3A\xFF\x69\x30\x2E\x40\xDD\xF6\x9F\x9C\x26\xC9\x96\x37\xAD\xE7\x39\xA2\xBF\xEA\x69\xDB\x55\x22\x95\x53\x2A\x94\xB5\xDF\xAD\x16\x38\x81\x75\x66\xE3\xC7\x2C\x1B\x93\x9C\xAA\x8C\xA3\xCA\xD9\x6C\x3C\x17\x6D\x9C\xDC\x7C\x53\xE0\x20\x27\x43\x36\xF9\x12\xE1\x3C\x5C\xBD\x66\xBF\xA2\x69\x23\x38\xB8\x99\x60\x99\x0E\x56\x53\x3A\x9C\x7E\x14\x8C\xB0\x06\x6F\xF1\x86\x76\x90\xAF\xFD\xAF\xFE\x90\xC6\x8F\x9F\x7F\x8B\x92\x23\x9C\xE7\x15\x76\x8F\xD5\x8B\x94\x13\x72\x69\xFB\x2B\x61\x63\x88\xEF\xE6\xA4\x5E\xE6\xA3\x17\x6A\x58\x47\xCB\x71\x4F\x14\x0B\x5E\xC8\x02\x08\x26\xA2\xCB\xE9\xAF\x6B\x8A\x19\xC7\xCB\x14\x56\xF5\xE1\xDA\xB5\xD9\xFC\xBF\x73\x38\xDA\xF9\xE7\xAF\x6E\xA4\x37\xE2\x07\x27\x02\x03\x01\x00\x01\xA3\x82\x03\x17\x30\x82\x03\x13\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x01\x30\x37\x06\x03\x55\x1D\x12\x04\x30\x30\x2E\x82\x0F\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\xA0\x1B\x06\x05\x60\x86\x5E\x02\x02\xA0\x12\x0C\x10\x52\x49\x46\x2D\x47\x2D\x32\x30\x30\x30\x34\x30\x33\x36\x2D\x30\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x41\x0F\x19\x38\xAA\x99\x7F\x42\x0B\xA4\xD7\x27\x98\x54\xA2\x17\x4C\x2D\x51\x54\x30\x82\x01\x50\x06\x03\x55\x1D\x23\x04\x82\x01\x47\x30\x82\x01\x43\x80\x14\xAD\xBB\x22\x1D\xC6\xE0\xD2\x01\xA8\xFD\x76\x50\x52\x93\xED\x98\xC1\x4D\xAE\xD3\xA1\x82\x01\x26\xA4\x82\x01\x22\x30\x82\x01\x1E\x31\x3E\x30\x3C\x06\x03\x55\x04\x03\x13\x35\x41\x75\x74\x6F\x72\x69\x64\x61\x64\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x52\x61\x69\x7A\x20\x64\x65\x6C\x20\x45\x73\x74\x61\x64\x6F\x20\x56\x65\x6E\x65\x7A\x6F\x6C\x61\x6E\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x56\x45\x31\x10\x30\x0E\x06\x03\x55\x04\x07\x13\x07\x43\x61\x72\x61\x63\x61\x73\x31\x19\x30\x17\x06\x03\x55\x04\x08\x13\x10\x44\x69\x73\x74\x72\x69\x74\x6F\x20\x43\x61\x70\x69\x74\x61\x6C\x31\x36\x30\x34\x06\x03\x55\x04\x0A\x13\x2D\x53\x69\x73\x74\x65\x6D\x61\x20\x4E\x61\x63\x69\x6F\x6E\x61\x6C\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x43\x30\x41\x06\x03\x55\x04\x0B\x13\x3A\x53\x75\x70\x65\x72\x69\x6E\x74\x65\x6E\x64\x65\x6E\x63\x69\x61\x20\x64\x65\x20\x53\x65\x72\x76\x69\x63\x69\x6F\x73\x20\x64\x65\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x63\x69\x6F\x6E\x20\x45\x6C\x65\x63\x74\x72\x6F\x6E\x69\x63\x61\x31\x25\x30\x23\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01\x16\x16\x61\x63\x72\x61\x69\x7A\x40\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x82\x01\x0A\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x4D\x06\x03\x55\x1D\x11\x04\x46\x30\x44\x82\x0E\x70\x72\x6F\x63\x65\x72\x74\x2E\x6E\x65\x74\x2E\x76\x65\xA0\x15\x06\x05\x60\x86\x5E\x02\x01\xA0\x0C\x0C\x0A\x50\x53\x43\x2D\x30\x30\x30\x30\x30\x32\xA0\x1B\x06\x05\x60\x86\x5E\x02\x02\xA0\x12\x0C\x10\x52\x49\x46\x2D\x4A\x2D\x33\x31\x36\x33\x35\x33\x37\x33\x2D\x37\x30\x76\x06\x03\x55\x1D\x1F\x04\x6F\x30\x6D\x30\x46\xA0\x44\xA0\x42\x86\x40\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x2F\x6C\x63\x72\x2F\x43\x45\x52\x54\x49\x46\x49\x43\x41\x44\x4F\x2D\x52\x41\x49\x5A\x2D\x53\x48\x41\x33\x38\x34\x43\x52\x4C\x44\x45\x52\x2E\x63\x72\x6C\x30\x23\xA0\x21\xA0\x1F\x86\x1D\x6C\x64\x61\x70\x3A\x2F\x2F\x61\x63\x72\x61\x69\x7A\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x30\x37\x06\x08\x2B\x06\x01\x05\x05\x07\x01\x01\x04\x2B\x30\x29\x30\x27\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01\x86\x1B\x68\x74\x74\x70\x3A\x2F\x2F\x6F\x63\x73\x70\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x30\x41\x06\x03\x55\x1D\x20\x04\x3A\x30\x38\x30\x36\x06\x06\x60\x86\x5E\x03\x01\x02\x30\x2C\x30\x2A\x06\x08\x2B\x06\x01\x05\x05\x07\x02\x01\x16\x1E\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x73\x75\x73\x63\x65\x72\x74\x65\x2E\x67\x6F\x62\x2E\x76\x65\x2F\x64\x70\x63\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x2B\x59\xEB\x22\x99\xBB\x84\xAA\x4F\xDE\x90\xC6\xD1\x86\x71\x23\x9E\x4B\x03\x91\x47\x70\xBB\xC0\x92\x60\xEC\xE0\xD4\xE7\x6D\xC6\xD3\xED\x67\x83\x77\x52\xD5\xF2\xE5\x77\xA7\x36\xB2\xE3\x54\xBE\xD9\xBB\x0A\x9B\x11\xEF\x61\xF4\xC6\x99\x33\x99\xF5\xAF\x00\x39\x8D\x83\xBF\xA6\xBD\x35\x7E\x2C\x5C\x31\x34\x6F\x6C\xDB\xF3\x64\x01\x98\xAA\x94\x2C\x41\xDD\x15\x86\xCA\x6B\x29\x4E\x16\xC0\x49\xFC\xD7\x83\x48\x13\x07\x51\x84\x31\x52\x88\xBB\x86\x17\xC7\x6B\x2F\x8A\x20\xAD\xC5\x0B\x8F\x70\x3E\x2A\xBB\x1B\x71\x8F\xB9\xA4\xA0\xFD\xD8\x95\xD9\xAF\x59\xBF\x25\x2B\x98\xE9\x63\x93\x2F\x60\x1E\xC4\xAA\xF8\x77\xF5\x8B\x6C\x2F\xED\x7E\x2E\xB5\x4F\x40\x0D\xEE\xBC\x57\x77\xE7\xD9\xB6\xD4\x3F\x95\x27\x3A\x20\xD5\xE5\xAE\xAB\x6C\x35\x9F\xC1\xA1\x1D\x59\xDC\x84\x81\xEE\x4D\x07\xE2\x48\xB6\x9E\x4B\x95\x2D\x41\xB1\xE1\xE8\xDE\x7E\x2F\x05\x1E\x68\xEE\xBF\xBB\x90\x65\x3A\xC8\xEE\xEA\xB1\x18\x37\x1C\x62\x93\xA4\xA0\x31\xEC\x71\x6C\x91\xE6\xA4\x79\x89\x5A\x14\xA7\x14\x50\x05\x4C\xA4\x00\x57\x30\x2C\xC1\xB5\x61\x96\xDC\x3E\x1E\x84\xAF\x39\x42\xCF\xE5\xD0\x2C\xB1\x24\xBC\xDF\x40\xC3\xED\x7F\x63\x4A\xBD\xE1\x4F\x12\x64\x86\x95\xF3\xB0\xE7\xC8\xB7\xE1\x53\xBD\x92\xE6\xF3\x0C\x96\xB9\xEB\xE8\xE6\x92\xED\xA7\x81\x09\x14\x0B\xFC\x95\x7A\xCF\x8F\xD6\x34\x4F\x36\x12\xDC\x5E\xD1\x34\x75\xC6\x46\x80\x2F\x95\x04\x8C\xC7\x86\xC4\xA8\x26\x89\xA8\x3F\x19\x9B\x81\xBB\x51\xA4\x4A\x86\xAB\x0B\x11\x0F\xB1\xAE\x63\x53\x6D\x28\xEA\xDD\x33\x56\x38\x1C\xB2\xAD\x80\xD3\xD7\x72\xBD\x9A\x6C\x99\x63\xE8\x00\xBB\x41\x76\x05\xB7\x5B\x99\x18\x8A\xC3\xB8\x12\x5C\x56\xCF\x56\x0C\x7D\xE8\xE2\xCF\xED\xBC\x74\x47\xFB\xEE\xD3\x17\x4E\x22\x4F\x56\xFF\x50\xF3\x2E\xE6\x39\xA6\x82\xD6\x71\xCA\xDE\xB7\xD5\xBA\x68\x08\xED\x99\xCC\xFD\xA2\x92\xCB\x69\xB8\x9D\xF9\x0A\xA4\xA6\x3E\x4F\x93\x28\x2A\x61\x6C\x07\x26\x00\xFF\x96\x5F\x68\x86\xB8\xB8\xCE\xCA\x55\xE0\xAB\xB1\x3D\x7F\x98\xD7\x33\x0E\x5A\x3D\xD8\x78\xC2\xC4\x60\x2F\xC7\x62\xF0\x61\x91\xD2\x38\xB0\xF6\x9E\x55\xDB\x40\x80\x05\x12\x33\xCE\x1D\x92\x9B\xD1\x69\xB3\xFF\xBF\xF1\x92\x0A\x61\x35\x3F\xDD\xFE\x86\xF4\xBC\xE0\x1A\x71\xB3\x62\xA6", + ["CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN"] = "\x30\x82\x03\xF7\x30\x82\x02\xDF\xA0\x03\x02\x01\x02\x02\x04\x48\x9F\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x32\x30\x30\x06\x03\x55\x04\x0A\x0C\x29\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x31\x47\x30\x45\x06\x03\x55\x04\x03\x0C\x3E\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x20\x45\x56\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x31\x30\x30\x38\x33\x31\x30\x37\x31\x31\x32\x35\x5A\x17\x0D\x33\x30\x30\x38\x33\x31\x30\x37\x31\x31\x32\x35\x5A\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x32\x30\x30\x06\x03\x55\x04\x0A\x0C\x29\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x31\x47\x30\x45\x06\x03\x55\x04\x03\x0C\x3E\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x20\x45\x56\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x9B\x7E\x73\xEE\xBD\x3B\x78\xAA\x64\x43\x41\xF5\x50\xDF\x94\xF2\x2E\xB2\x8D\x4A\x8E\x46\x54\xD2\x21\x12\xC8\x39\x32\x42\x06\xE9\x83\xD5\x9F\x52\xED\xE5\x67\x03\x3B\x54\xC1\x8C\x99\x99\xCC\xE9\xC0\x0F\xFF\x0D\xD9\x84\x11\xB2\xB8\xD1\xCB\x5B\xDC\x1E\xF9\x68\x31\x64\xE1\x9B\xFA\x74\xEB\x68\xB9\x20\x95\xF7\xC6\x0F\x8D\x47\xAC\x5A\x06\xDD\x61\xAB\xE2\xEC\xD8\x9F\x17\x2D\x9C\xCA\x3C\x35\x97\x55\x71\xCD\x43\x85\xB1\x47\x16\xF5\x2C\x53\x80\x76\xCF\xD3\x00\x64\xBD\x40\x99\xDD\xCC\xD8\xDB\xC4\x9F\xD6\x13\x5F\x41\x83\x8B\xF9\x0D\x87\x92\x56\x34\x6C\x1A\x10\x0B\x17\xD5\x5A\x1C\x97\x58\x84\x3C\x84\x1A\x2E\x5C\x91\x34\x6E\x19\x5F\x7F\x17\x69\xC5\x65\xEF\x6B\x21\xC6\xD5\x50\x3A\xBF\x61\xB9\x05\x8D\xEF\x6F\x34\x3A\xB2\x6F\x14\x63\xBF\x16\x3B\x9B\xA9\x2A\xFD\xB7\x2B\x38\x66\x06\xC5\x2C\xE2\xAA\x67\x1E\x45\xA7\x8D\x04\x66\x42\xF6\x8F\x2B\xEF\x88\x20\x69\x8F\x32\x8C\x14\x73\xDA\x2B\x86\x91\x63\x22\x9A\xF2\xA7\xDB\xCE\x89\x8B\xAB\x5D\xC7\x14\xC1\x5B\x30\x6A\x1F\xB1\xB7\x9E\x2E\x81\x01\x02\xED\xCF\x96\x5E\x63\xDB\xA8\xE6\x38\xB7\x02\x03\x01\x00\x01\xA3\x63\x30\x61\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x7C\x72\x4B\x39\xC7\xC0\xDB\x62\xA5\x4F\x9B\xAA\x18\x34\x92\xA2\xCA\x83\x82\x59\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x7C\x72\x4B\x39\xC7\xC0\xDB\x62\xA5\x4F\x9B\xAA\x18\x34\x92\xA2\xCA\x83\x82\x59\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x2A\xC3\xC7\x43\x37\x8F\xDD\xAD\xA4\xB2\x0C\xEE\xDC\x14\x6D\x8F\x28\xA4\x98\x49\xCB\x0C\x80\xEA\xF3\xED\x23\x66\x75\x7D\xC5\xD3\x21\x67\x79\xD1\x73\xC5\xB5\x03\xB7\x58\xAC\x0C\x54\x2F\xC6\x56\x13\x0F\x31\xDA\x06\xE7\x65\x3B\x1D\x6F\x36\xDB\xC8\x1D\xF9\xFD\x80\x06\xCA\xA3\x3D\x66\x16\xA8\x9D\x4C\x16\x7D\xC0\x95\x46\xB5\x51\xE4\xE2\x1F\xD7\xEA\x06\x4D\x63\x8D\x96\x8C\xEF\xE7\x33\x57\x42\x3A\xEB\x8C\xC1\x79\xC8\x4D\x76\x7D\xDE\xF6\xB1\xB7\x81\xE0\xA0\xF9\xA1\x78\x46\x17\x1A\x56\x98\xF0\x4E\x3D\xAB\x1C\xED\xEC\x39\xDC\x07\x48\xF7\x63\xFE\x06\xAE\xC2\xA4\x5C\x6A\x5B\x32\x88\xC5\xC7\x33\x85\xAC\x66\x42\x47\xC2\x58\x24\x99\xE1\xE5\x3E\xE5\x75\x2C\x8E\x43\xD6\x5D\x3C\x78\x1E\xA8\x95\x82\x29\x50\xD1\xD1\x16\xBA\xEF\xC1\xBE\x7A\xD9\xB4\xD8\xCC\x1E\x4C\x46\xE1\x77\xB1\x31\xAB\xBD\x2A\xC8\xCE\x8F\x6E\xA1\x5D\x7F\x03\x75\x34\xE4\xAD\x89\x45\x54\x5E\xBE\xAE\x28\xA5\xBB\x3F\x78\x79\xEB\x73\xB3\x0A\x0D\xFD\xBE\xC9\xF7\x56\xAC\xF6\xB7\xED\x2F\x9B\x21\x29\xC7\x38\xB6\x95\xC4\x04\xF2\xC3\x2D\xFD\x14\x2A\x90\x99\xB9\x07\xCC\x9F", + ["CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch"] = "\x30\x82\x05\xD9\x30\x82\x03\xC1\xA0\x03\x02\x01\x02\x02\x10\x1E\x9E\x28\xE8\x48\xF2\xE5\xEF\xC3\x7C\x4A\x1E\x5A\x18\x67\xB6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x31\x31\x30\x36\x32\x34\x30\x38\x33\x38\x31\x34\x5A\x17\x0D\x33\x31\x30\x36\x32\x35\x30\x37\x33\x38\x31\x34\x5A\x30\x64\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\x95\x42\x4E\x84\x9D\x51\xE6\xD3\x09\xE8\x72\x5A\x23\x69\xDB\x78\x70\x8E\x16\xF1\x2B\x8F\x0D\x03\xCE\x93\xCC\x2E\x00\x08\x7B\xAB\x33\x8C\xF4\xE9\x40\xE6\x17\x4C\xAB\x9E\xB8\x47\x14\x32\x77\x32\xDD\x28\x0C\xDE\x18\x4B\x5F\x76\x9F\xF8\x39\x3B\xFC\x4E\x89\xD8\x7C\xC5\x67\xEF\xAB\xD2\xB9\x34\x5F\x6B\x3A\xF3\x64\x36\xCE\xC2\xB0\xCF\x13\x68\xCA\xC8\xCB\xEB\xB5\xE2\x3D\x2E\x21\xDF\xEA\x2C\xD4\xE0\xF9\x70\x96\x4C\xFF\x6A\x58\x98\xB7\x17\xE4\x1B\x52\xE5\x7E\x07\x00\x1D\x5F\xDA\xE6\x3E\x95\x04\xB7\x69\x88\x39\xA1\x41\x60\x25\x61\x4B\x95\x39\x68\x62\x1C\xB1\x0B\x05\x89\xC0\x36\x82\x14\x21\x3F\xAE\xDB\xA1\xFD\xBC\x6F\x1C\x60\x86\xB6\x53\x94\x49\xB9\x2B\x46\xC5\x4F\x00\x2B\xBF\xA1\xBB\xCB\x3F\xE0\xC7\x57\x1C\x57\xE8\xD6\x69\xF8\xC1\x24\x52\x9D\x88\x55\xDD\xC2\x87\x2E\x74\x23\xD0\x14\xFD\x2A\x47\x5A\xBB\xA6\x9D\xFD\x94\xE4\xD1\x8A\xA5\x5F\x86\x63\x76\x85\xCB\xAF\xFF\x49\x28\xFC\x80\xED\x4C\x79\xD2\xBB\xE4\xC0\xEF\x01\xEE\x50\x41\x08\x35\x23\x70\x2B\xA9\x16\xB4\x8C\x6E\x85\xE9\xB6\x11\xCF\x31\xDD\x53\x26\x1B\xDF\x2D\x5A\x4A\x02\x40\xFC\xC4\xC0\xB6\xE9\x31\x1A\x08\x28\xE5\x60\xC3\x1F\xC4\x90\x8E\x10\x62\x60\x44\x0D\xEC\x0A\xBE\x55\x18\x71\x2C\xA5\xF4\xB2\xBC\x15\x62\xFF\x1C\xE3\xBE\x1D\xDA\x1E\x57\xB3\x3C\x7E\xCD\x82\x1D\x91\xE3\x4B\xEB\x2C\x52\x34\xB0\x8A\xFD\x12\x4E\x96\xB0\xEB\x70\x7F\x9E\x39\xF7\x66\x42\xB1\xAB\xAC\x52\xDA\x76\x40\x57\x7B\x2A\xBD\xE8\x6E\x03\xB2\x0B\x80\x85\x88\x9D\x0C\xC7\xC2\x77\xB0\x9A\x9A\x57\xF4\xB8\xFA\x13\x5C\x68\x93\x3A\x67\xA4\x97\xD0\x1B\x99\xB7\x86\x32\x4B\x60\xD8\xCE\xEF\xD0\x0C\x7F\x95\x9F\x6F\x87\x4F\x87\x8A\x8E\x5F\x08\x7C\xAA\x5B\xFC\x5A\xBE\xA1\x91\x9F\x55\x7D\x4E\xB0\x0B\x69\xCC\xB0\x94\xA8\xA7\x87\xF2\xD3\x4A\x50\xDC\x5F\x72\xB0\x16\x75\x1E\xCB\xB4\x18\x62\x9A\xB0\xA7\x39\xAA\x9B\x9F\x66\xD8\x8D\xA6\x6C\x96\x15\xE3\xE6\xF2\xF8\xF1\x83\x62\x6C\xBB\x55\xE9\x61\x93\xA3\x3D\xF5\xB1\x57\x8B\x4F\x23\xB0\x9B\xE5\x94\x6A\x2F\xDF\x8C\xDF\x95\x51\x29\x60\xA1\x0B\x29\xE4\x5C\x55\x58\xB7\xA8\xFC\x99\xEE\x25\x4D\x4C\x0E\xB3\xD3\x4C\x8F\x84\xE8\x29\x0F\xFD\x10\x54\x02\x85\xC8\xF9\xE5\xC3\x8B\xCF\xE7\x0F\x02\x03\x01\x00\x01\xA3\x81\x86\x30\x81\x83\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x02\x01\x06\x07\x60\x85\x74\x01\x53\x02\x01\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x07\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x4D\x26\x20\x22\x89\x4B\xD3\xD5\xA4\x0A\xA1\x6F\xDE\xE2\x12\x81\xC5\xF1\x3C\x2E\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x4D\x26\x20\x22\x89\x4B\xD3\xD5\xA4\x0A\xA1\x6F\xDE\xE2\x12\x81\xC5\xF1\x3C\x2E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x32\x0A\xB2\xA4\x1B\xCB\x7D\xBE\x82\x57\x89\xB9\x6A\x7F\xF3\xF4\xC1\x2E\x11\x7D\xB8\x19\x3E\x79\xB7\xA8\xA8\x72\x37\x66\x9B\x1A\xED\xAC\x13\x3B\x0E\xBF\x62\xF0\x9C\xDF\x9E\x7B\xA1\x53\x48\x0E\x41\x7A\xCA\x20\xA7\x17\x1B\xB6\x78\xEC\x40\x91\xF3\x42\xAD\x10\xC3\x5C\xEF\xFF\x60\x59\x7F\xCD\x85\xA3\x8B\x3D\x48\x1C\x25\x02\x3C\x67\x7D\xF5\x32\xE9\x2F\x30\xE5\x7D\xA5\x7A\x38\xD0\xF3\x66\x2A\x66\x1E\x8D\x33\x83\x8A\x6F\x7C\x6E\xA8\x5A\x75\x9A\xB8\xD7\xDA\x58\x48\x44\x47\xA8\x4C\xFA\x4C\x49\x0A\x4A\xC2\x12\x37\xA8\x40\x0C\xC3\xC8\xE1\xD0\x57\x0D\x97\x32\x95\xC7\x3A\x9F\x97\xD3\x57\xF8\x0B\xDE\xE5\x72\xF3\xA3\xDB\xFF\xB5\xD8\x59\xB2\x73\xDD\x4D\x2A\x71\xB2\xBA\x49\xF5\xCB\x1C\xD5\xF5\x79\xC8\x99\xB3\xFC\xC1\x4C\x74\xE3\xB4\xBD\x29\x37\x15\x04\x28\x1E\xDE\x45\x46\x70\xEC\xAF\xBA\x78\x0E\x8A\x2A\xCE\x00\x79\xDC\xC0\x5F\x19\x67\x2C\x6B\x4B\xEF\x68\x68\x0B\x43\xE3\xAC\xC1\x62\x09\xEF\xA6\xDD\x65\x61\xA0\xAF\x84\x55\x48\x91\x52\x1C\xC6\x25\x91\x2A\xD0\xC1\x22\x23\x61\x59\xAF\x45\x11\x85\x1D\x01\x24\x34\x8F\xCF\xB3\xFF\x17\x72\x20\x13\xC2\x80\xAA\x21\x2C\x71\x39\x0E\xD0\x8F\x5C\xC1\xD3\xD1\x8E\x22\x72\x46\x4C\x1D\x96\xAE\x4F\x71\xB1\xE1\x05\x29\x96\x59\xF4\xBB\x9E\x75\x3D\xCF\x0D\x37\x0D\x62\xDB\x26\x8C\x63\xA9\x23\xDF\x67\x06\x3C\x7C\x3A\xDA\x34\x42\xE1\x66\xB4\x46\x04\xDE\xC6\x96\x98\x0F\x4B\x48\x7A\x24\x32\x75\x91\x9F\xAC\xF7\x68\xE9\x2A\xB9\x55\x65\xCE\x5D\x61\xD3\x27\x70\xD8\x37\xFE\x9F\xB9\xAF\xA0\x2E\x56\xB7\xA3\x65\x51\xED\x3B\xAB\x14\xBF\x4C\x51\x03\xE8\x5F\x8A\x05\x9B\xEE\x8A\x6E\x9C\xEF\xBF\x68\xFA\xC8\xDA\x0B\xE3\x42\xC9\xD0\x17\x14\x9C\xB7\x4A\xE0\xAF\x93\x27\x21\x55\x26\xB5\x64\x2F\x8D\xF1\xFF\xA6\x40\x05\x85\x05\x5C\xCA\x07\x19\x5C\x0B\x13\x28\x4C\x58\x7F\xC2\xA5\xEF\x45\xDA\x60\xD3\xAE\x65\x61\x9D\x53\x83\x74\xC2\xAE\xF2\x5C\xC2\x16\xED\x92\x3E\x84\x3E\x73\x60\x88\xBC\x76\xF4\x2C\xCF\xD0\x7D\x7D\xD3\xB8\x5E\xD1\x91\x12\x10\xE9\xCD\xDD\xCA\x25\xE3\xD5\xED\x99\x2F\xBE\x75\x81\x4B\x24\xF9\x45\x46\x94\xC9\x29\x21\x53\x9C\x26\x45\xAA\x13\x17\xE4\xE7\xCD\x78\xE2\x39\xC1\x2B\x12\x9E\xA6\x9E\x1B\xC5\xE6\x0E\xD9\x31\xD9", + ["CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch"] = "\x30\x82\x05\xE0\x30\x82\x03\xC8\xA0\x03\x02\x01\x02\x02\x11\x00\xF2\xFA\x64\xE2\x74\x63\xD3\x8D\xFD\x10\x1D\x04\x1F\x76\xCA\x58\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x45\x56\x20\x43\x41\x20\x32\x30\x1E\x17\x0D\x31\x31\x30\x36\x32\x34\x30\x39\x34\x35\x30\x38\x5A\x17\x0D\x33\x31\x30\x36\x32\x35\x30\x38\x34\x35\x30\x38\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x63\x68\x31\x11\x30\x0F\x06\x03\x55\x04\x0A\x13\x08\x53\x77\x69\x73\x73\x63\x6F\x6D\x31\x25\x30\x23\x06\x03\x55\x04\x0B\x13\x1C\x44\x69\x67\x69\x74\x61\x6C\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73\x31\x1E\x30\x1C\x06\x03\x55\x04\x03\x13\x15\x53\x77\x69\x73\x73\x63\x6F\x6D\x20\x52\x6F\x6F\x74\x20\x45\x56\x20\x43\x41\x20\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xC4\xF7\x1D\x2F\x57\xEA\x57\x6C\xF7\x70\x5D\x63\xB0\x71\x52\x09\x60\x44\x28\x33\xA3\x7A\x4E\x0A\xFA\xD8\xEA\x6C\x8B\x51\x16\x1A\x55\xAE\x54\x26\xC4\xCC\x45\x07\x41\x4F\x10\x79\x7F\x71\xD2\x7A\x4E\x3F\x38\x4E\xB3\x00\xC6\x95\xCA\x5B\xCD\xC1\x2A\x83\xD7\x27\x1F\x31\x0E\x23\x16\xB7\x25\xCB\x1C\xB4\xB9\x80\x32\x5E\x1A\x9D\x93\xF1\xE8\x3C\x60\x2C\xA7\x5E\x57\x19\x58\x51\x5E\xBC\x2C\x56\x0B\xB8\xD8\xEF\x8B\x82\xB4\x3C\xB8\xC2\x24\xA8\x13\xC7\xA0\x21\x36\x1B\x7A\x57\x29\x28\xA7\x2E\xBF\x71\x25\x90\xF3\x44\x83\x69\x50\xA4\xE4\xE1\x1B\x62\x19\x94\x09\xA3\xF3\xC3\xBC\xEF\xF4\xBD\xEC\xDB\x13\x9D\xCF\x9D\x48\x09\x52\x67\xC0\x37\x29\x11\x1E\xFB\xD2\x11\xA7\x85\x18\x74\x79\xE4\x4F\x85\x14\xEB\x52\x37\xE2\xB1\x45\xD8\xCC\x0D\x43\x7F\xAE\x13\xD2\x6B\x2B\x3F\xA7\xC2\xE2\xA8\x6D\x76\x5B\x43\x9F\xBE\xB4\x9D\xB3\x26\x86\x3B\x1F\x7F\xE5\xF2\xE8\x66\x28\x16\x25\xD0\x4B\x97\x38\xA7\xE4\xCF\x09\xD1\x36\xC3\x0B\xBE\xDA\x3B\x44\x58\x8D\xBE\xF1\x9E\x09\x6B\x3E\xF3\x32\xC7\x2B\x87\xC6\xEC\x5E\x9C\xF6\x87\x65\xAD\x33\x29\xC4\x2F\x89\xD9\xB9\xCB\xC9\x03\x9D\xFB\x6C\x94\x51\x97\x10\x1B\x86\x0B\x1A\x1B\x3F\xF6\x02\x7E\x7B\xD4\xC5\x51\x64\x28\x9D\xF5\xD3\xAC\x83\x81\x88\xD3\x74\xB4\x59\x9D\xC1\xEB\x61\x33\x5A\x45\xD1\xCB\x39\xD0\x06\x6A\x53\x60\x1D\xAF\xF6\xFB\x69\xBC\x6A\xDC\x01\xCF\xBD\xF9\x8F\xD9\xBD\x5B\xC1\x3A\x5F\x8E\xDA\x0F\x4B\xA9\x9B\x9D\x2A\x28\x6B\x1A\x0A\x7C\x3C\xAB\x22\x0B\xE5\x77\x2D\x71\xF6\x82\x35\x81\xAE\xF8\x7B\x81\xE6\xEA\xFE\xAC\xF4\x1A\x9B\x74\x5C\xE8\x8F\x24\xF6\x5D\x9D\x46\xC4\x2C\xD2\x1E\x2B\x21\x6A\x83\x27\x67\x55\x4A\xA4\xE3\xC8\x32\x97\x66\x90\x72\xDA\xE3\xD4\x64\x2E\x5F\xE3\xA1\x6A\xF6\x60\xD4\xE7\x35\xCD\xCA\xC4\x68\x8D\xD7\x71\xC8\xD3\x24\x33\x73\xB1\x6C\xF9\x6A\xE1\x28\xDB\x5F\xC6\x3D\xE8\xBE\x55\xE6\x37\x1B\xED\x24\xD9\x0F\x19\x8F\x5F\x63\x18\x58\x50\x81\x51\x65\x6F\xF2\x9F\x7E\x6A\x04\xE7\x34\x24\x71\xBA\x76\x4B\x58\x1E\x19\xBD\x15\x60\x45\xAA\x0C\x12\x40\x01\x9D\x10\xE2\xC7\x38\x07\x72\x0A\x65\xC0\xB6\xBB\x25\x29\xDA\x16\x9E\x8B\x35\x8B\x61\xED\xE5\x71\x57\x83\xB5\x3C\x71\x9F\xE3\x4F\xBF\x7E\x1E\x81\x9F\x41\x97\x02\x03\x01\x00\x01\xA3\x81\x86\x30\x81\x83\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x86\x30\x1D\x06\x03\x55\x1D\x21\x04\x16\x30\x14\x30\x12\x06\x07\x60\x85\x74\x01\x53\x02\x02\x06\x07\x60\x85\x74\x01\x53\x02\x02\x30\x12\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x08\x30\x06\x01\x01\xFF\x02\x01\x03\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x45\xD9\xA5\x81\x6E\x3D\x88\x4D\x8D\x71\xD2\x46\xC1\x6E\x45\x1E\xF3\xC4\x80\x9D\x30\x1F\x06\x03\x55\x1D\x23\x04\x18\x30\x16\x80\x14\x45\xD9\xA5\x81\x6E\x3D\x88\x4D\x8D\x71\xD2\x46\xC1\x6E\x45\x1E\xF3\xC4\x80\x9D\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x94\x3A\x73\x06\x9F\x52\x4B\x30\x5C\xD4\xFE\xB1\x5C\x25\xF9\xD7\x8E\x6F\xF5\x87\x64\x9F\xED\x14\x8E\xB8\x04\x8E\x28\x4B\x8F\xAA\x7B\x8E\x39\xB4\xD9\x58\xF6\x7B\xA1\x35\x0A\xA1\x9D\x8A\xF7\x63\xE5\xEB\xBD\x39\x82\xD4\xE3\x7A\x2D\x6F\xDF\x13\x3C\xBA\xFE\x7E\x56\x98\x0B\xF3\x54\x9F\xCD\x44\x4E\x6E\x3C\xE1\x3E\x15\xBF\x06\x26\x9D\xE4\xF0\x90\xB6\xD4\xC2\x9E\x30\x2E\x1F\xEF\xC7\x7A\xC4\x50\xC7\xEA\x7B\xDA\x50\xCB\x7A\x26\xCB\x00\xB4\x5A\xAB\xB5\x93\x1F\x80\x89\x84\x04\x95\x8D\x8D\x7F\x09\x93\xBF\xD4\xA8\xA8\xE4\x63\x6D\xD9\x64\xE4\xB8\x29\x5A\x08\xBF\x50\xE1\x84\x0F\x55\x7B\x5F\x08\x22\x1B\xF5\xBD\x99\x1E\x14\xF6\xCE\xF4\x58\x10\x82\xB3\x0A\x3D\x19\xC1\xBF\x5B\xAB\xAA\x99\xD8\xF2\x31\xBD\xE5\x38\x66\xDC\x58\x05\xC7\xED\x63\x1A\x2E\x0A\x97\x7C\x87\x93\x2B\xB2\x8A\xE3\xF1\xEC\x18\xE5\x75\xB6\x29\x87\xE7\xDC\x8B\x1A\x7E\xB4\xD8\xC9\xD3\x8A\x17\x6C\x7D\x29\x44\xBE\x8A\xAA\xF5\x7E\x3A\x2E\x68\x31\x93\xB9\x6A\xDA\x9A\xE0\xDB\xE9\x2E\xA5\x84\xCD\x1C\x0A\xB8\x4A\x08\xF9\x9C\xF1\x61\x26\x98\x93\xB7\x7B\x66\xEC\x91\x5E\xDD\x51\x3F\xDB\x73\x0F\xAD\x04\x58\x09\xDD\x04\x02\x95\x0A\x3E\xD3\x76\xDF\xA6\x10\x1E\x80\x3D\xE8\xCD\xA4\x64\xD1\x33\xC7\x92\xC7\xE2\x4E\x44\xE3\x09\xC9\x4E\xC2\x5D\x87\x0E\x12\x9E\xBF\x0F\xC9\x05\x10\xDE\x7A\xA3\xB1\x3C\xF2\x3F\xA5\xAA\x27\x79\xAD\x31\x7D\x1F\xFD\xFC\x19\x69\xC5\xDD\xB9\x3F\x7C\xCD\xC6\xB4\xC2\x30\x1E\x7E\x6E\x92\xD7\x7F\x61\x76\x5A\x8F\xEB\x95\x4D\xBC\x11\x6E\x21\x7C\x59\x37\x99\xD0\x06\xBC\xF9\x06\x6D\x32\x16\xA5\xD9\x69\xA8\xE1\xDC\x3C\x80\x1E\x60\x51\xDC\xD7\x54\x21\x1E\xCA\x62\x77\x4F\xFA\xD8\x8F\xB3\x2B\x3A\x0D\x78\x72\xC9\x68\x41\x5A\x47\x4A\xC2\xA3\xEB\x1A\xD7\x0A\xAB\x3C\x32\x55\xC8\x0A\x11\x9C\xDF\x74\xD6\xF0\x40\x15\x1D\xC8\xB9\x8F\xB5\x36\xC5\xAF\xF8\x22\xB8\xCA\x1D\xF3\xD6\xB6\x19\x0F\x9F\x61\x65\x6A\xEA\x74\xC8\x7C\x8F\xC3\x4F\x5D\x65\x82\x1F\xD9\x0D\x89\xDA\x75\x72\xFB\xEF\xF1\x47\x67\x13\xB3\xC8\xD1\x19\x88\x27\x26\x9A\x99\x79\x7F\x1E\xE4\x2C\x3F\x7B\xEE\xF1\xDE\x4D\x8B\x96\x97\xC3\xD5\x3F\x7C\x1B\x23\xED\xA4\xB3\x1D\x16\x72\x43\x4B\x20\xE1\x59\x7E\xC2\xE8\xAD\x26\xBF\xA2\xF7", + ["CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK"] = "\x30\x82\x05\x69\x30\x82\x03\x51\xA0\x03\x02\x01\x02\x02\x09\x00\xC3\x03\x9A\xEE\x50\x90\x6E\x28\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x31\x30\x1E\x17\x0D\x31\x32\x30\x37\x31\x39\x30\x39\x30\x36\x35\x36\x5A\x17\x0D\x34\x32\x30\x37\x31\x39\x30\x39\x30\x36\x35\x36\x5A\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x31\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xAA\xC3\x78\xF7\xDC\x98\xA3\xA7\x5A\x5E\x77\x18\xB2\xDD\x04\x64\x0F\x63\xFD\x9B\x96\x09\x80\xD5\xE8\xAA\xA5\xE2\x9C\x26\x94\x3A\xE8\x99\x73\x8C\x9D\xDF\xD7\xDF\x83\xF3\x78\x4F\x40\xE1\x7F\xD2\xA7\xD2\xE5\xCA\x13\x93\xE7\xED\xC6\x77\x5F\x36\xB5\x94\xAF\xE8\x38\x8E\xDB\x9B\xE5\x7C\xBB\xCC\x8D\xEB\x75\x73\xE1\x24\xCD\xE6\xA7\x2D\x19\x2E\xD8\xD6\x8A\x6B\x14\xEB\x08\x62\x0A\xD8\xDC\xB3\x00\x4D\xC3\x23\x7C\x5F\x43\x08\x23\x32\x12\xDC\xED\x0C\xAD\xC0\x7D\x0F\xA5\x7A\x42\xD9\x5A\x70\xD9\xBF\xA7\xD7\x01\x1C\xF6\x9B\xAB\x8E\xB7\x4A\x86\x78\xA0\x1E\x56\x31\xAE\xEF\x82\x0A\x80\x41\xF7\x1B\xC9\xAE\xAB\x32\x26\xD4\x2C\x6B\xED\x7D\x6B\xE4\xE2\x5E\x22\x0A\x45\xCB\x84\x31\x4D\xAC\xFE\xDB\xD1\x47\xBA\xF9\x60\x97\x39\xB1\x65\xC7\xDE\xFB\x99\xE4\x0A\x22\xB1\x2D\x4D\xE5\x48\x26\x69\xAB\xE2\xAA\xF3\xFB\xFC\x92\x29\x32\xE9\xB3\x3E\x4D\x1F\x27\xA1\xCD\x8E\xB9\x17\xFB\x25\x3E\xC9\x6E\xF3\x77\xDA\x0D\x12\xF6\x5D\xC7\xBB\x36\x10\xD5\x54\xD6\xF3\xE0\xE2\x47\x48\xE6\xDE\x14\xDA\x61\x52\xAF\x26\xB4\xF5\x71\x4F\xC9\xD7\xD2\x06\xDF\x63\xCA\xFF\x21\xE8\x59\x06\xE0\x08\xD5\x84\x15\x53\xF7\x43\xE5\x7C\xC5\xA0\x89\x98\x6B\x73\xC6\x68\xCE\x65\xDE\xBD\x7F\x05\xF7\xB1\xEE\xF6\x57\xA1\x60\x95\xC5\xCC\xEA\x93\x3A\xBE\x99\xAE\x9B\x02\xA3\xAD\xC9\x16\xB5\xCE\xDD\x5E\x99\x78\x7E\x1A\x39\x7E\xB2\xC0\x05\xA4\xC0\x82\xA5\xA3\x47\x9E\x8C\xEA\x5C\xB6\xBC\x67\xDB\xE6\x2A\x4D\xD2\x04\xDC\xA3\xAE\x45\xF7\xBC\x8B\x9C\x1C\xA7\xD6\xD5\x03\xDC\x08\xCB\x2E\x16\xCA\x5C\x40\x33\xE8\x67\xC3\x2E\xE7\xA6\x44\xEA\x11\x45\x1C\x35\x65\x2D\x1E\x45\x61\x24\x1B\x82\x2E\xA5\x9D\x33\x5D\x65\xF8\x41\xF9\x2E\xCB\x94\x3F\x1F\xA3\x0C\x31\x24\x44\xED\xC7\x5E\xAD\x50\xBA\xC6\x41\x9B\xAC\xF0\x17\x65\xC0\xF8\x5D\x6F\x5B\xA0\x0A\x34\x3C\xEE\xD7\xEA\x88\x9F\x98\xF9\xAF\x4E\x24\xFA\x97\xB2\x64\x76\xDA\xAB\xF4\xED\xE3\xC3\x60\xEF\xD5\xF9\x02\xC8\x2D\x9F\x83\xAF\x67\x69\x06\xA7\x31\x55\xD5\xCF\x4B\x6F\xFF\x04\x05\xC7\x58\xAC\x5F\x16\x1B\xE5\xD2\xA3\xEB\x31\xDB\x1F\x33\x15\x4D\xD0\xF2\xA5\x53\xF5\xCB\xE1\x3D\x4E\x68\x2D\xD8\x12\xDD\xAA\xF2\xE6\x4D\x9B\x49\xE5\xC5\x28\xA1\xBA\xB0\x5A\xC6\xA0\xB5\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x89\x0A\xB4\x38\x93\x1A\xE6\xAB\xEE\x9B\x91\x18\xF9\xF5\x3C\x3E\x35\xD0\xD3\x82\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x32\x8B\xF6\x9D\x4A\xC9\xBE\x14\xE5\x8C\xAC\x38\xCA\x3A\x09\xD4\x1B\xCE\x86\xB3\xDD\xEB\xD4\xBA\x28\xBE\x12\xAE\x45\x2C\x04\x74\xAC\x13\x51\xC5\x58\x18\x66\x4D\x82\xDA\xD5\xDC\x93\xC0\x27\xE1\xBE\x7C\x9F\x52\x9E\x12\x56\xF6\xD5\x9C\xA9\xF4\x75\x9C\xFA\x37\x12\x8F\x1C\x93\xEC\x57\xFE\x07\x0F\xAB\xD5\x12\xF7\x0F\xAE\x61\x5E\x56\x80\x49\xF5\xFC\x30\xF5\x9B\x4F\x1F\x41\x2F\x1C\x84\xD3\x89\xC7\xE2\xDA\x02\x76\xED\x09\xCF\x6C\xC1\xB8\x1C\x83\x1C\x16\xFA\x94\xCD\x7D\xA0\xC8\x18\xD2\xC8\x9D\x6E\xF5\xBD\x69\xD4\x6D\x3D\x35\xE8\x1E\xA2\x4F\x60\xD7\x07\x29\xFC\xB2\xA3\xA4\x9D\x6E\x15\x92\x56\x19\x4C\x0A\xB0\xE9\x7C\xD2\x19\x4D\x42\x46\xEC\xBD\xFD\xF6\x57\x5B\xDD\x98\x7E\xA4\x4D\xCC\x72\x03\x83\x58\x5D\xEF\x93\x3A\x41\x7A\x63\xAA\x7C\x3A\xA8\xF5\xAC\xA4\xD1\xDD\xA2\x2D\xB6\x2A\xFC\x9F\x01\x8E\xE2\x10\xB1\xC4\xCA\xE4\x67\xDB\x55\x25\x19\x3F\xFD\xE8\x36\x7E\xB3\xE1\xE1\x81\xAF\x11\x16\x8B\x50\x97\x60\x19\x82\x00\xC0\x6B\x4D\x73\xB8\xD1\x13\x07\x3E\xEA\xB6\x31\x4F\xF0\x42\x9A\x6D\xE2\x11\x74\xE5\x94\xAC\x8D\x84\x95\x3C\x21\xAF\xC5\xDA\x47\xC8\xDF\x39\x62\x62\xCB\x5B\x50\x0B\xD7\x81\x40\x05\x9C\x9B\xED\xBA\xB6\x8B\x1E\x04\x6F\x96\x20\x39\xED\xA4\x7D\x29\xDB\x48\xCE\x82\xDC\xD4\x02\x8D\x1D\x04\x31\x5A\xC7\x4B\xF0\x6C\x61\x52\xD7\xB4\x51\xC2\x81\x6C\xCD\xE1\xFB\xA7\xA1\xD2\x92\x76\xCF\xB1\x0F\x37\x58\xA4\xF2\x52\x71\x67\x3F\x0C\x88\x78\x80\x89\xC1\xC8\xB5\x1F\x92\x63\xBE\xA7\x7A\x8A\x56\x2C\x1A\xA8\xA6\x9C\xB5\x5D\xB3\x63\xD0\x13\x20\xA1\xEB\x91\x6C\xD0\x8D\x7D\xAF\xDF\x0B\xE4\x17\xB9\x86\x9E\x38\xB1\x94\x0C\x58\x8C\xE0\x55\xAA\x3B\x63\x6D\x9A\x89\x60\xB8\x64\x2A\x92\xC6\x37\xF4\x7E\x43\x43\xB7\x73\xE8\x01\xE7\x7F\x97\x0F\xD7\xF2\x7B\x19\xFD\x1A\xD7\x8F\xC9\xFA\x85\x6B\x7A\x9D\x9E\x89\xB6\xA6\x28\x99\x93\x88\x40\xF7\x3E\xCD\x51\xA3\xCA\xEA\xEF\x79\x47\x21\xB5\xFE\x32\xE2\xC7\xC3\x51\x6F\xBE\x80\x74\xF0\xA4\xC3\x3A\xF2\x4F\xE9\x5F\xDF\x19\x0A\xF2\x3B\x13\x43\xAC\x31\xA4\xB3\xE7\xEB\xFC\x18\xD6\x01\xA9\xF3\x2A\x8F\x36\x0E\xEB\xB4\xB1\xBC\xB7\x4C\xC9\x6B\xBF\xA1\xF3\xD9\xF4\xED\xE2\xF0\xE3\xED\x64\x9E\x3D\x2F\x96\x52\x4F\x80\x53\x8B", + ["CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK"] = "\x30\x82\x05\x69\x30\x82\x03\x51\xA0\x03\x02\x01\x02\x02\x09\x00\x92\xB8\x88\xDB\xB0\x8A\xC1\x63\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x32\x30\x1E\x17\x0D\x31\x32\x30\x37\x31\x39\x30\x39\x31\x35\x33\x30\x5A\x17\x0D\x34\x32\x30\x37\x31\x39\x30\x39\x31\x35\x33\x30\x5A\x30\x52\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x4B\x31\x13\x30\x11\x06\x03\x55\x04\x07\x13\x0A\x42\x72\x61\x74\x69\x73\x6C\x61\x76\x61\x31\x13\x30\x11\x06\x03\x55\x04\x0A\x13\x0A\x44\x69\x73\x69\x67\x20\x61\x2E\x73\x2E\x31\x19\x30\x17\x06\x03\x55\x04\x03\x13\x10\x43\x41\x20\x44\x69\x73\x69\x67\x20\x52\x6F\x6F\x74\x20\x52\x32\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xA2\xA3\xC4\x00\x09\xD6\x85\x5D\x2D\x6D\x14\xF6\xC2\xC3\x73\x9E\x35\xC2\x71\x55\x7E\x81\xFB\xAB\x46\x50\xE0\xC1\x7C\x49\x78\xE6\xAB\x79\x58\x3C\xDA\xFF\x7C\x1C\x9F\xD8\x97\x02\x78\x3E\x6B\x41\x04\xE9\x41\xBD\xBE\x03\x2C\x45\xF6\x2F\x64\xD4\xAB\x5D\xA3\x47\x3D\x64\x9B\xE9\x68\x9A\xC6\xCC\x1B\x3F\xBA\xBE\xB2\x8B\x34\x02\x2E\x98\x55\x19\xFC\x8C\x6F\xAA\x5F\xDA\x4C\xCE\x4D\x03\x21\xA3\xD8\xD2\x34\x93\x56\x96\xCB\x4C\x0C\x00\x16\x3C\x5F\x1A\xCD\xC8\xC7\x6C\xA6\xAD\xD3\x31\xA7\xBC\xE8\xE5\xE1\x66\xD6\xD2\xFB\x03\xB4\x41\x65\xC9\x10\xAE\x0E\x05\x63\xC6\x80\x6A\x69\x30\xFD\xD2\xEE\x90\xEF\x0D\x27\xDF\x9F\x95\x73\xF4\xE1\x25\xDA\x6C\x16\xDE\x41\x38\x34\xEA\x8B\xFC\xD1\xE8\x04\x14\x61\x2D\x41\x7E\xAC\xC7\x77\x4E\xCB\x51\x54\xFB\x5E\x92\x18\x1B\x04\x5A\x68\xC6\xC9\xC4\xFA\xB7\x13\xA0\x98\xB7\x11\x2B\xB7\xD6\x57\xCC\x7C\x9E\x17\xD1\xCB\x25\xFE\x86\x4E\x24\x2E\x56\x0C\x78\x4D\x9E\x01\x12\xA6\x2B\xA7\x01\x65\x6E\x7C\x62\x1D\x84\x84\xDF\xEA\xC0\x6B\xB5\xA5\x2A\x95\x83\xC3\x53\x11\x0C\x73\x1D\x0B\xB2\x46\x90\xD1\x42\x3A\xCE\x40\x6E\x95\xAD\xFF\xC6\x94\xAD\x6E\x97\x84\x8E\x7D\x6F\x9E\x8A\x80\x0D\x49\x6D\x73\xE2\x7B\x92\x1E\xC3\xF3\xC1\xF3\xEB\x2E\x05\x6F\xD9\x1B\xCF\x37\x76\x04\xC8\xB4\x5A\xE4\x17\xA7\xCB\xDD\x76\x1F\xD0\x19\x76\xE8\x2C\x05\xB3\xD6\x9C\x34\xD8\x96\xDC\x61\x87\x91\x05\xE4\x44\x08\x33\xC1\xDA\xB9\x08\x65\xD4\xAE\xB2\x36\x0D\xEB\xBA\x38\xBA\x0C\xE5\x9B\x9E\xEB\x8D\x66\xDD\x99\xCF\xD6\x89\x41\xF6\x04\x92\x8A\x29\x29\x6D\x6B\x3A\x1C\xE7\x75\x7D\x02\x71\x0E\xF3\xC0\xE7\xBD\xCB\x19\xDD\x9D\x60\xB2\xC2\x66\x60\xB6\xB1\x04\xEE\xC9\xE6\x86\xB9\x9A\x66\x40\xA8\xE7\x11\xED\x81\x45\x03\x8B\xF6\x67\x59\xE8\xC1\x06\x11\xBD\xDD\xCF\x80\x02\x4F\x65\x40\x78\x5C\x47\x50\xC8\x9B\xE6\x1F\x81\x7B\xE4\x44\xA8\x5B\x85\x9A\xE2\xDE\x5A\xD5\xC7\xF9\x3A\x44\x66\x4B\xE4\x32\x54\x7C\xE4\x6C\x9C\xB3\x0E\x3D\x17\xA2\xB2\x34\x12\xD6\x7E\xB2\xA8\x49\xBB\xD1\x7A\x28\x40\xBE\xA2\x16\x1F\xDF\xE4\x37\x1F\x11\x73\xFB\x90\x0A\x65\x43\xA2\x0D\x7C\xF8\x06\x01\x55\x33\x7D\xB0\x0D\xB8\xF4\xF5\xAE\xA5\x42\x57\x7C\x36\x11\x8C\x7B\x5E\xC4\x03\x9D\x8C\x79\x9D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xB5\x99\xF8\xAF\xB0\x94\xF5\xE3\x20\xD6\x0A\xAD\xCE\x4E\x56\xA4\x2E\x6E\x42\xED\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x02\x01\x00\x26\x06\x5E\x70\xE7\x65\x33\xC8\x82\x6E\xD9\x9C\x17\x3A\x1B\x7A\x66\xB2\x01\xF6\x78\x3B\x69\x5E\x2F\xEA\xFF\x4E\xF9\x28\xC3\x98\x2A\x61\x4C\xB4\x24\x12\x8A\x7D\x6D\x11\x14\xF7\x9C\xB5\xCA\xE6\xBC\x9E\x27\x8E\x4C\x19\xC8\xA9\xBD\x7A\xC0\xD7\x36\x0E\x6D\x85\x72\x6E\xA8\xC6\xA2\x6D\xF6\xFA\x73\x63\x7F\xBC\x6E\x79\x08\x1C\x9D\x8A\x9F\x1A\x8A\x53\xA6\xD8\xBB\xD9\x35\x55\xB1\x11\xC5\xA9\x03\xB3\x56\x3B\xB9\x84\x93\x22\x5E\x7E\xC1\xF6\x12\x52\x8B\xEA\x2C\x67\xBC\xFE\x36\x4C\xF5\xB8\xCF\xD1\xB3\x49\x92\x3B\xD3\x29\x0E\x99\x1B\x96\xF7\x61\xB8\x3B\xC4\x2B\xB6\x78\x6C\xB4\x23\x6F\xF0\xFD\xD3\xB2\x5E\x75\x1F\x99\x95\xA8\xAC\xF6\xDA\xE1\xC5\x31\x7B\xFB\xD1\x46\xB3\xD2\xBC\x67\xB4\x62\x54\xBA\x09\xF7\x63\xB0\x93\xA2\x9A\xF9\xE9\x52\x2E\x8B\x60\x12\xAB\xFC\xF5\x60\x56\xEF\x10\x5C\x8B\xC4\x1A\x42\xDC\x83\x5B\x64\x0E\xCB\xB5\xBC\xD6\x4F\xC1\x7C\x3C\x6E\x8D\x13\x6D\xFB\x7B\xEB\x30\xD0\xDC\x4D\xAF\xC5\xD5\xB6\xA5\x4C\x5B\x71\xC9\xE8\x31\xBE\xE8\x38\x06\x48\xA1\x1A\xE2\xEA\xD2\xDE\x12\x39\x58\x1A\xFF\x80\x0E\x82\x75\xE6\xB7\xC9\x07\x6C\x0E\xEF\xFF\x38\xF1\x98\x71\xC4\xB7\x7F\x0E\x15\xD0\x25\x69\xBD\x22\x9D\x2B\xED\x05\xF6\x46\x47\xAC\xED\xC0\xF0\xD4\x3B\xE2\xEC\xEE\x96\x5B\x90\x13\x4E\x1E\x56\x3A\xEB\xB0\xEF\x96\xBB\x96\x23\x11\xBA\xF2\x43\x86\x74\x64\x95\xC8\x28\x75\xDF\x1D\x35\xBA\xD2\x37\x83\x38\x53\x38\x36\x3B\xCF\x6C\xE9\xF9\x6B\x0E\xD0\xFB\x04\xE8\x4F\x77\xD7\x65\x01\x78\x86\x0C\x7A\x3E\x21\x62\xF1\x7F\x63\x71\x0C\xC9\x9F\x44\xDB\xA8\x27\xA2\x75\xBE\x6E\x81\x3E\xD7\xC0\xEB\x1B\x98\x0F\x70\x5C\x34\xB2\x8A\xCC\xC0\x85\x18\xEB\x6E\x7A\xB3\xF7\x5A\xA1\x07\xBF\xA9\x42\x92\xF3\x60\x22\x97\xE4\x14\xA1\x07\x9B\x4E\x76\xC0\x8E\x7D\xFD\xA4\x25\xC7\x47\xED\xFF\x1F\x73\xAC\xCC\xC3\xA5\xE9\x6F\x0A\x8E\x9B\x65\xC2\x50\x85\xB5\xA3\xA0\x53\x12\xCC\x55\x87\x61\xF3\x81\xAE\x10\x46\x61\xBD\x44\x21\xB8\xC2\x3D\x74\xCF\x7E\x24\x35\xFA\x1C\x07\x0E\x9B\x3D\x22\xCA\xEF\x31\x2F\x8C\xAC\x12\xBD\xEF\x40\x28\xFC\x29\x67\x9F\xB2\x13\x4F\x66\x24\xC4\x53\x19\xE9\x1E\x29\x15\xEF\xE6\x6D\xB0\x7F\x2D\x67\xFD\xF3\x6C\x1B\x75\x46\xA3\xE5\x4A\x17\xE9\xA4\xD7\x0B", }; From 78ef31577b3a6d6f478f74f28743a1c5efe2e145 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 19 Sep 2013 16:16:09 -0500 Subject: [PATCH 024/287] Add links to Intelligence Framework documentation --- doc/frameworks/intel.rst | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/doc/frameworks/intel.rst b/doc/frameworks/intel.rst index 616de3b858..f90092aac3 100644 --- a/doc/frameworks/intel.rst +++ b/doc/frameworks/intel.rst @@ -59,15 +59,15 @@ intelligence framework has distribution mechanisms which will push data out to all of the nodes that need it. Here is an example of the intelligence data format. Note that all -whitespace separators are literal tabs and fields containing only a -hyphen are considered to be null values.:: +whitespace field separators are literal tabs and fields containing only a +hyphen are considered to be null values. :: #fields indicator indicator_type meta.source meta.desc meta.url 1.2.3.4 Intel::ADDR source1 Sending phishing email http://source1.com/badhosts/1.2.3.4 a.b.com Intel::DOMAIN source2 Name used for data exfiltration - -For more examples of built in `indicator_type` values, please refer to the -autogenerated documentation for the intelligence framework. +For a list of all built-in `indicator_type` values, please refer to the +documentation of :bro:see:`Intel::Type`. To load the data once files are created, use the following example code to define files to load with your own file names of course:: @@ -87,7 +87,7 @@ When some bit of data is extracted (such as an email address in the "From" header in a message over SMTP), the Intelligence Framework needs to be informed that this data was discovered and it's presence should be checked within the intelligence data set. This is -accomplished through the Intel::seen function. +accomplished through the :bro:see:`Intel::seen` function. Typically users won't need to work with this function due to built in hook scripts that Bro ships with that will "see" data and send it into @@ -95,8 +95,8 @@ the intelligence framework. A user may only need to load the entire package of hook scripts as a module or pick and choose specific scripts to load. Keep in mind that as more data is sent into the intelligence framework, the CPU load consumed by Bro will increase -depending on how many times the Intel::seen function is being called -which is heavily traffic dependent. +depending on how many times the :bro:see:`Intel::seen` function is +being called which is heavily traffic dependent. The full package of hook scripts that Bro ships with for sending this "seen" data into the intelligence framework can be loading by adding @@ -110,12 +110,12 @@ Intelligence Matches Against all hopes, most networks will eventually have a hit on intelligence data which could indicate a possible compromise or other unwanted activity. The Intelligence Framework provides an event that -is generated whenever a match is discovered named Intel::match (TODO: -make a link to inline docs). Due to design restrictions placed upon +is generated whenever a match is discovered named :bro:see:`Intel::match`. +Due to design restrictions placed upon the intelligence framework, there is no assurance as to where this event will be generated. It could be generated on the worker where -the data was seen or on the manager. When the Intel::match event is +the data was seen or on the manager. When the ``Intel::match`` event is handled, only the data given as event arguments to the event can be assured since the host where the data was seen may not be where -Intel::match is handled. +``Intel::match`` is handled. From fe3c14c9faf1627905635c88afc66380b4705a3b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 19 Sep 2013 15:14:53 -0700 Subject: [PATCH 025/287] Updating submodule(s). [nomail] --- aux/binpac | 2 +- aux/bro-aux | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/binpac b/aux/binpac index 75e6906efb..eeb19daacc 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 75e6906efb23036ea5a11936487498761a5f7eab +Subproject commit eeb19daacc9f12bc4e7c885fa70e71f856a90b1f diff --git a/aux/bro-aux b/aux/bro-aux index 3e1c8bf5f3..eb24e62864 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 3e1c8bf5f34868759d578f2afc6707fd1797f958 +Subproject commit eb24e628648c7d7b931bdb57d38ab32c28296e72 From 1e21fc177c9b3245f6652711f1f926112169a5af Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 19 Sep 2013 15:22:30 -0700 Subject: [PATCH 026/287] Updating submodule(s). [nomail] --- aux/btest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/btest b/aux/btest index 13a7718b47..3918bd9f5f 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 13a7718b475d670ae22c1914ac1c26bd11be46b6 +Subproject commit 3918bd9f5f99863faec2501e5bc7839ffb17bdc9 From bfbf1f7305e150bd3f4b2c62bfec4bbd81bb98ec Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 19 Sep 2013 17:34:07 -0500 Subject: [PATCH 027/287] Add more links in the GeoLocation document --- doc/frameworks/geoip.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/frameworks/geoip.rst b/doc/frameworks/geoip.rst index 3c3883a607..f54ea03096 100644 --- a/doc/frameworks/geoip.rst +++ b/doc/frameworks/geoip.rst @@ -67,8 +67,8 @@ functionality: function lookup_location(a:addr): geo_location -There is also the ``geo_location`` data structure that is returned -from the ``lookup_location`` function: +There is also the :bro:see:`geo_location` data structure that is returned +from the :bro:see:`lookup_location` function: .. code:: bro From e5a4123b4e1bb901b9ff495f0d4c4171915d7360 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Sep 2013 09:38:52 -0500 Subject: [PATCH 028/287] Kill raw input reader's child by process group. This should help on systems where the default shell (e.g. dash on Ubuntu) fork-execs in order to run commands. In that case, we were just killing the shell and the shell would exit without killing the actual process corresponding to command that was requested. Setting a process group for the shell exec'd from Bro and killing by process group should help clean everything up since process group will be inherited by any procs that shell fork-execs. --- src/input/readers/Raw.cc | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 64c29d632c..34408b79d2 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -73,15 +73,15 @@ void Raw::DoClose() if ( execute && childpid > 0 && kill(childpid, 0) == 0 ) { - // kill child process - kill(childpid, SIGTERM); + // kill child process group + kill(-childpid, SIGTERM); if ( forcekill ) { usleep(200); // 200 msecs should be enough for anyone ;) if ( kill(childpid, 0) == 0 ) // perhaps it is already gone - kill(childpid, SIGKILL); + kill(-childpid, SIGKILL); } } } @@ -146,6 +146,11 @@ bool Raw::Execute() else if ( childpid == 0 ) { // we are the child. + + // Obtain a process group w/ child's PID. + if ( setpgid(0, 0) == -1 ) + _exit(251); + close(pipes[stdout_in]); if ( dup2(pipes[stdout_out], stdout_fileno) == -1 ) _exit(252); @@ -180,6 +185,15 @@ bool Raw::Execute() else { // we are the parent + + // Parent also sets child process group immediately to avoid a race. + if ( setpgid(childpid, childpid) == -1 ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + Warning(Fmt("Could not set child process group: %s", buf)); + } + if ( ! UnlockForkMutex() ) return false; From 17bc3955f90b62659f55a85ad11dfc710be2a484 Mon Sep 17 00:00:00 2001 From: Scott Runnels Date: Fri, 20 Sep 2013 11:43:45 -0400 Subject: [PATCH 029/287] Update the lines included from events.bif.bro. Previously listed connection_established and connection_finished which are no longer in place in events.bif.bro. --- doc/scripting/index.rst | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index 197180241e..aca1a9472e 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -197,13 +197,8 @@ such, there are events defined for the primary parts of the connection life-cycle as you'll see from the small selection of connection-related events below. -.. todo:: - - Update the line numbers, this isn't pulling in the right events - anymore but I don't know which ones it were. - .. btest-include:: ${BRO_SRC_ROOT}/build/scripts/base/bif/event.bif.bro - :lines: 135-138,154,204-208,218,255-256,266,335-340,351 + :lines: 69-72,88,106-109,129,132-137,148 Of the events listed, the event that will give us the best insight into the connection record data type will be From 5fede2f73e6d7758bbb27a73440a01efba04731c Mon Sep 17 00:00:00 2001 From: Scott Runnels Date: Fri, 20 Sep 2013 12:22:12 -0400 Subject: [PATCH 030/287] Spelling corrections. Apparently I am unable to spell "separate". --- doc/scripting/index.rst | 44 ++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index aca1a9472e..b01165a5bc 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -33,7 +33,7 @@ are invalid. This entire process is setup by telling Bro that should it see a server or client issue an SSL ``HELLO`` message, we want to know about the information about that connection. -It's often the easiest to understand Bro's scripting language by +It's often easiest to understand Bro's scripting language by looking at a complete script and breaking it down into its identifiable components. In this example, we'll take a look at how Bro queries the `Team Cymru Malware hash registry @@ -76,7 +76,7 @@ this level of granularity might not be entirely necessary though. The export section redefines an enumerable constant that describes the type of notice we will generate with the logging framework. Bro -allows for redefinable constants, which at first, might seem +allows for re-definable constants, which at first, might seem counter-intuitive. We'll get more in-depth with constants in a later chapter, for now, think of them as variables that can only be altered before Bro starts running. The notice type listed allows for the use @@ -84,7 +84,7 @@ of the :bro:id:`NOTICE` function to generate notices of type ``Malware_Hash_Registry_Match`` as done in the next section. Notices allow Bro to generate some kind of extra notification beyond its default log types. Often times, this extra notification comes in the -form of an email generated and sent to a pre-configured address. +form of an email generated and sent to a preconfigured address. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro :lines: 26-44 @@ -112,9 +112,9 @@ The ``when`` block performs a DNS TXT lookup and stores the result in the local variable ``MHR_result``. Effectively, processing for this event continues and upon receipt of the values returned by :bro:id:`lookup_hostname_txt`, the ``when`` block is executed. The -``when`` block splits the string returned into two seperate values and +``when`` block splits the string returned into two separate values and checks to ensure an expected format. If the format is invalid, the -script assumes that the hash wasn't found in the respository and +script assumes that the hash wasn't found in the repository and processing is concluded. If the format is as expected and the detection rate is above the threshold set by ``MHR_threshold``, two new local variables are created and used in the notice issued by @@ -168,7 +168,7 @@ the event, and a concise explanation of the functions use. :lines: 29-54 Above is a segment of the documentation for the event -:bro:id:`dns_request` (and the preceeding link points to the +:bro:id:`dns_request` (and the preceding link points to the documentation generated out of that). It's organized such that the documentation, commentary, and list of arguments precede the actual event definition used by Bro. As Bro detects DNS requests being @@ -240,7 +240,7 @@ information gleaned from the analysis of a connection as a complete unit. To break down this collection of information, you will have to make use of use Bro's field delimiter ``$``. For example, the originating host is referenced by ``c$id$orig_h`` which if given a -narritive relates to ``orig_h`` which is a member of ``id`` which is +narrative relates to ``orig_h`` which is a member of ``id`` which is a member of the data structure referred to as ``c`` that was passed into the event handler." Given that the responder port (``c$id$resp_p``) is ``53/tcp``, it's likely that Bro's base DNS scripts @@ -338,7 +338,7 @@ Constants Bro also makes use of constants, which are denoted by the ``const`` keyword. Unlike globals, constants can only be set or altered at parse time if the ``&redef`` attribute has been used. Afterwards (in -runtime) the constants are unalterable. In most cases, redefinable +runtime) the constants are unalterable. In most cases, re-definable constants are used in Bro scripts as containers for configuration options. For example, the configuration option to log password decrypted from HTTP streams is stored in @@ -354,7 +354,7 @@ following line to our ``site/local.bro`` file before firing up Bro. .. btest-include:: ${DOC_ROOT}/scripting/data_type_const_simple.bro -While the idea of a redefinable constant might be odd, the constraint +While the idea of a re-definable constant might be odd, the constraint that constants can only be altered at parse-time remains even with the ``&redef`` attribute. In the code snippet below, a table of strings indexed by ports is declared as a constant before two values are added @@ -412,7 +412,7 @@ The table below shows the atomic types used in Bro, of which the first four should seem familiar if you have some scripting experience, while the remaining six are less common in other languages. It should come as no surprise that a scripting language for a Network Security -Monitoring platform has a fairly robust set of network centric data +Monitoring platform has a fairly robust set of network-centric data types and taking note of them here may well save you a late night of reinventing the wheel. @@ -474,7 +474,7 @@ the ``for`` loop, the next element is chosen. Since sets are not an ordered data type, you cannot guarantee the order of the elements as the ``for`` loop processes. -To test for membership in a set the ``in`` statment can be combined +To test for membership in a set the ``in`` statement can be combined with an ``if`` statement to return a true or false value. If the exact element in the condition is already in the set, the condition returns true and the body executes. The ``in`` statement can also be @@ -541,7 +541,7 @@ iterate over, say, the directors; we have to iterate with the exact format as the keys themselves. In this case, we need squared brackets surrounding four temporary variables to act as a collection for our iteration. While this is a contrived example, we could easily have -had keys containin IP addresses (``addr``), ports (``port``) and even a ``string`` +had keys containing IP addresses (``addr``), ports (``port``) and even a ``string`` calculated as the result of a reverse hostname lookup. .. btest-include:: ${DOC_ROOT}/scripting/data_struct_table_complex.bro @@ -642,7 +642,7 @@ subnet ~~~~~~ Bro has full support for CIDR notation subnets as a base data type. -There is no need to manage the IP and the subnet mask as two seperate +There is no need to manage the IP and the subnet mask as two separate entities when you can provide the same information in CIDR notation in your scripts. The following example below uses a Bro script to determine if a series of IP addresses are within a set of subnets @@ -802,7 +802,7 @@ composite type. We have, in fact, already encountered a a complex example of the ``record`` data type in the earlier sections, the :bro:type:`connection` record passed to many events. Another one, :bro:type:`Conn::Info`, which corresponds to the fields logged into -``conn.log``, is shown by the exerpt below. +``conn.log``, is shown by the excerpt below. .. btest-include:: ${BRO_SRC_ROOT}/scripts/base/protocols/conn/main.bro :lines: 10-12,16,17,19,21,23,25,28,31,35,37,56,62,68,90,93,97,100,104,108,109,114 @@ -813,7 +813,7 @@ definition is within the confines of an export block, what is defined is, in fact, ``Conn::Info``. The formatting for a declaration of a record type in Bro includes the -descriptive name of the type being defined and the seperate fields +descriptive name of the type being defined and the separate fields that make up the record. The individual fields that make up the new record are not limited in type or number as long as the name for each field is unique. @@ -829,7 +829,7 @@ string, a set of ports, and a count to define a service type. Also included is a function to print each field of a record in a formatted fashion and a :bro:id:`bro_init` event handler to show some functionality of working with records. The definitions of the DNS and -HTTP services are both done inline using squared brackets before being +HTTP services are both done in-line using squared brackets before being passed to the ``print_service`` function. The ``print_service`` function makes use of the ``$`` dereference operator to access the fields within the newly defined Service record type. @@ -846,7 +846,7 @@ record. @TEST-EXEC: btest-rst-cmd bro ${DOC_ROOT}/scripting/data_struct_record_02.bro The example above includes a second record type in which a field is -used as the data type for a set. Records can be reapeatedly nested +used as the data type for a set. Records can be repeatedly nested within other records, their fields reachable through repeated chains of the ``$`` dereference operator. @@ -1123,7 +1123,7 @@ which we will cover shortly. +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ | policy_items | set[count] | &log &optional | Policy items that have been applied | +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ -| email_body_sections | vector | &optinal | Body of the email for email notices. | +| email_body_sections | vector | &optional | Body of the email for email notices. | +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ | email_delay_tokens | set[string] | &optional | Delay functionality for email notices. | +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ @@ -1137,7 +1137,7 @@ has been heuristically detected and the originating hostname is one that would raise suspicion. Effectively, the script attempts to define a list of hosts from which you would never want to see SSH traffic originating, like DNS servers, mail servers, etc. To -accomplish this, the script adhere's to the seperation of detection +accomplish this, the script adheres to the separation of detection and reporting by detecting a behavior and raising a notice. Whether or not that notice is acted upon is decided by the local Notice Policy, but the script attempts to supply as much information as @@ -1221,7 +1221,7 @@ Bro. In the :doc:`/scripts/policy/protocols/ssl/expiring-certs` script which identifies when SSL certificates are set to expire and raises -notices when it crosses a pre-defined threshold, the call to +notices when it crosses a predefined threshold, the call to ``NOTICE`` above also sets the ``$identifier`` entry by concatenating the responder IP, port, and the hash of the certificate. The selection of responder IP, port and certificate hash fits perfectly @@ -1257,7 +1257,7 @@ In short, there will be notice policy considerations where a broad decision can be made based on the ``Notice::Type`` alone. To facilitate these types of decisions, the Notice Framework supports Notice Policy shortcuts. These shortcuts are implemented through the -means of a group of data structures that map specific, pre-defined +means of a group of data structures that map specific, predefined details and actions to the effective name of a notice. Primarily implemented as a set or table of enumerables of :bro:type:`Notice::Type`, Notice Policy shortcuts can be placed as a single directive in your @@ -1303,5 +1303,3 @@ Notice::emailed_types set while the shortcut below alters the length of time for which those notices will be suppressed. .. btest-include:: ${DOC_ROOT}/scripting/framework_notice_shortcuts_02.bro - - From dbbbea312c9a1b133c90fb74b1f37364e9c01ee6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Sep 2013 11:37:19 -0500 Subject: [PATCH 031/287] Fix DNS_Mgr iterator mismatch. But not really since the global dns_mgr should be equal to "this" while in all the member funcs. Still, better that they always refer to their own instance instead of the global one. --- src/DNS_Mgr.cc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index e57714a047..5880a02c57 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -928,7 +928,7 @@ void DNS_Mgr::Save(FILE* f, const HostMap& m) const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr) { - AddrMap::iterator it = dns_mgr->addr_mappings.find(addr); + AddrMap::iterator it = addr_mappings.find(addr); if ( it == addr_mappings.end() ) return 0; @@ -937,7 +937,7 @@ const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr) if ( d->Expired() ) { - dns_mgr->addr_mappings.erase(it); + addr_mappings.erase(it); delete d; return 0; } @@ -949,10 +949,10 @@ const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr) TableVal* DNS_Mgr::LookupNameInCache(string name) { - HostMap::iterator it = dns_mgr->host_mappings.find(name); - if ( it == dns_mgr->host_mappings.end() ) + HostMap::iterator it = host_mappings.find(name); + if ( it == host_mappings.end() ) { - it = dns_mgr->host_mappings.begin(); + it = host_mappings.begin(); return 0; } @@ -964,7 +964,7 @@ TableVal* DNS_Mgr::LookupNameInCache(string name) if ( d4->Expired() || d6->Expired() ) { - dns_mgr->host_mappings.erase(it); + host_mappings.erase(it); delete d4; delete d6; return 0; @@ -979,15 +979,15 @@ TableVal* DNS_Mgr::LookupNameInCache(string name) const char* DNS_Mgr::LookupTextInCache(string name) { - TextMap::iterator it = dns_mgr->text_mappings.find(name); - if ( it == dns_mgr->text_mappings.end() ) + TextMap::iterator it = text_mappings.find(name); + if ( it == text_mappings.end() ) return 0; DNS_Mapping* d = it->second; if ( d->Expired() ) { - dns_mgr->text_mappings.erase(it); + text_mappings.erase(it); delete d; return 0; } From 9033b0384be630b28f00a7b4f58b6f710796d162 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Sep 2013 12:11:10 -0500 Subject: [PATCH 032/287] Fix invalidated iterator usage. --- src/DbgBreakpoint.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/DbgBreakpoint.cc b/src/DbgBreakpoint.cc index 11847fc4dc..f1ad551a00 100644 --- a/src/DbgBreakpoint.cc +++ b/src/DbgBreakpoint.cc @@ -85,10 +85,17 @@ void DbgBreakpoint::RemoveFromGlobalMap() pair p; p = g_debugger_state.breakpoint_map.equal_range(at_stmt); - for ( BPMapType::iterator i = p.first; i != p.second; ++i ) + for ( BPMapType::iterator i = p.first; i != p.second; ) { if ( i->second == this ) + { + BPMapType::iterator next = i; + ++next; g_debugger_state.breakpoint_map.erase(i); + i = next; + } + else + ++i; } } From 8e3c6ada0fc0249fece2864faaa04dfd1b330c2c Mon Sep 17 00:00:00 2001 From: Scott Runnels Date: Fri, 20 Sep 2013 13:25:49 -0400 Subject: [PATCH 033/287] Rewrite the MHR detection description. Now that the MHR script uses the file analysis framework, the description needed to be rewritten to reflect the changes. Robin commented that he didn't feel the MHR script was a good introductory script and he might be right, however, I couldn't find one that was easier to explain. --- doc/scripting/index.rst | 95 ++++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 44 deletions(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index b01165a5bc..077d5a9c45 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -10,13 +10,6 @@ Writing Bro Scripts Understanding Bro Scripts ========================= -.. todo:: - - The MHR integration has changed significantly since the text was - written. We need to update it, however I'm actually not sure this - script is a good introductory example anymore unfortunately. - -Robin - Bro includes an event-driven scripting language that provides the primary means for an organization to extend and customize Bro's functionality. Virtually all of the output generated by Bro @@ -51,82 +44,96 @@ appropriate DNS lookup and parsing the response. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro Visually, there are three distinct sections of the script. A base -level with no indentation followed by an indented and formatted -section explaining the custom variables being provided (``export``) and another -indented and formatted section describing the instructions for a -specific event (``event log_http``). Don't get discouraged if you don't +level with no indentation where libraries are included in the script through ``@load`` +and a namespace is defined with ``module``. This is followed by an indented and formatted +section explaining the custom variables being provided (``export``) as part of the script's namespace. +Finally there is a second indented and formatted section describing the instructions to take for a +specific event (``event file_hash``). Don't get discouraged if you don't understand every section of the script; we'll cover the basics of the script and much more in following sections. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro - :lines: 7-11 + :lines: 4-6 Lines 7 and 8 of the script process the ``__load__.bro`` script in the respective directories being loaded. The ``@load`` directives are often considered good practice or even just good manners when writing -Bro scripts to make sure they can be -used on their own. While it's unlikely that in a +Bro scripts to make sure they can be used on their own. While it's unlikely that in a full production deployment of Bro these additional resources wouldn't already be loaded, it's not a bad habit to try to get into as you get more experienced with Bro scripting. If you're just starting out, -this level of granularity might not be entirely necessary though. +this level of granularity might not be entirely necessary. The ``@load`` directives +are ensuring the Files framework, the Notice framework and the script to hash all files has +been loaded by Bro. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro - :lines: 12-24 + :lines: 10-31 The export section redefines an enumerable constant that describes the -type of notice we will generate with the logging framework. Bro +type of notice we will generate with the Notice framework. Bro allows for re-definable constants, which at first, might seem counter-intuitive. We'll get more in-depth with constants in a later chapter, for now, think of them as variables that can only be altered before Bro starts running. The notice type listed allows for the use of the :bro:id:`NOTICE` function to generate notices of type -``Malware_Hash_Registry_Match`` as done in the next section. Notices +``TeamCymruMalwareHashRegistry::Match`` as done in the next section. Notices allow Bro to generate some kind of extra notification beyond its default log types. Often times, this extra notification comes in the -form of an email generated and sent to a preconfigured address. +form of an email generated and sent to a preconfigured address, but can be altered +depending on the needs of the deployment. The export section is finished off with +the definition of two constants that list the kind of files we want to match against and +the minimum percentage of detection threshold in which we are interested. + +Up until this point, the script has merely done some basic setup. With the next section, +the script starts to define instructions to take in a given event. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro - :lines: 26-44 + :lines: 33-57 The workhorse of the script is contained in the event handler for -``log_http``. The ``log_http`` event is defined as an event-hook in -the :doc:`/scripts/base/protocols/http/main` script and allows scripts -to handle a connection as it is being passed to the logging framework. -The event handler is passed an :bro:type:`HTTP::Info` data structure -which will be referred to as ``rec`` in body of the event handler. +``file_hash``. The ``file_hash`` event is defined in the +:doc:`/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro` script and allows scripts to access +the information associated with a file for which Bro's file analysis framework has +generated a hash. The event handler is passed the file itself as ``f``, the type of digest +algorithm used as ``kind`` and the hash generated as ``hash``. -An ``if`` statement is used to check for the existence of a data structure -named ``md5`` nested within the ``rec`` data structure. Bro uses the ``$`` as -a deference operator and as such, and it is employed in this script to -check if ``rec$md5`` is present by including the ``?`` operator within the -path. If the ``rec`` data structure includes a nested data structure -named ``md5``, the statement is processed as true and a local variable -named ``hash_domain`` is provisioned and given a format string based on -the contents of ``rec$md5`` to produce a valid DNS lookup. +On line 35, an ``if`` statement is used to check for the correct type of hash, in this case +a SHA1 hash. It also checks for a mime type we've defined as being of interest as defined in the +constant ``match_file_types``. The comparison is made against the variable ``f$mime_type`` which uses +the ``$`` dereference operator to check the value ``mime_type`` inside the variable ``f``. Once both +values resolve to true, a local variable is defined to hold a string comprised of the SHA1 hash concatenated +with ".malware.hash.cymru.com"; this value will be the domain queried in the malware hash registry. The rest of the script is contained within a ``when`` block. In short, a ``when`` block is used when Bro needs to perform asynchronous -actions, such a DNS lookup, to ensure that performance isn't effected. +actions, such as a DNS lookup, to ensure that performance isn't effected. The ``when`` block performs a DNS TXT lookup and stores the result in the local variable ``MHR_result``. Effectively, processing for this event continues and upon receipt of the values returned by :bro:id:`lookup_hostname_txt`, the ``when`` block is executed. The -``when`` block splits the string returned into two separate values and -checks to ensure an expected format. If the format is invalid, the -script assumes that the hash wasn't found in the repository and -processing is concluded. If the format is as expected and the -detection rate is above the threshold set by ``MHR_threshold``, two -new local variables are created and used in the notice issued by -:bro:id:`NOTICE`. +``when`` block splits the string returned into a portion for the date on which +the malware was first detected and the detection rate by splitting on an text space +and storing the values returned in a local table variable. In line 42, if the table +returned by ``split1`` has two entries, indicating a sucessful split, we store the detection +date in ``mhr_first_detect`` and the rate in ``mhr_detect_rate`` on lines 45 and 45 respectively +using the appropriate conversion functions. From this point on, Bro knows it has seen a file +transmitted which has a hash that has been seen by the Team Cymru Malware Hash Registry, the rest +of the script is dedicated to producing a notice. -In approximately 15 lines of actual code, Bro provides an amazing +On line 47, the detection time is processed into a string representation and stored in +``readable_first_detected``. The script then compares the detection rate against the +``notice_threshold`` that was defined on line 30. If the detection rate is high enough, the script +creates a concise description of the notice on line 50, a possible URL to check the sample against +virustotal.com's database, and makes the call to :bro:id:`NOTICE` to hand the relevant information +off to the Notice framework. + +In approximately 25 lines of code, Bro provides an amazing utility that would be incredibly difficult to implement and deploy -with other products. In truth, claiming that Bro does this in 15 +with other products. In truth, claiming that Bro does this in 25 lines is a misdirection; there is a truly massive number of things going on behind-the-scenes in Bro, but it is the inclusion of the scripting language that gives analysts access to those underlying -layers in a succinct and well defined manner. +layers in a succinct and well defined manner. The Event Queue and Event Handlers ================================== From 89090ec34af8e2bba63d069fd077825080962103 Mon Sep 17 00:00:00 2001 From: Scott Runnels Date: Fri, 20 Sep 2013 13:33:44 -0400 Subject: [PATCH 034/287] Include a better description for detect-MHR.bro I added a better more concise and accurate description of what is going on behind the scenes of detect-MHR.bro to not only bring it into line with the Files framework but to help make it a bit more clear as to where the various responsibilities lie. --- doc/scripting/index.rst | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index 077d5a9c45..aeaeac1726 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -29,17 +29,16 @@ about the information about that connection. It's often easiest to understand Bro's scripting language by looking at a complete script and breaking it down into its identifiable components. In this example, we'll take a look at how -Bro queries the `Team Cymru Malware hash registry -`_ for downloads via -HTTP. Part of the Team Cymru Malware Hash registry includes the -ability to do a host lookup on a domain with the format -``MALWARE_HASH.malware.hash.cymru.com`` where ``MALWARE_HASH`` is the MD5 or -SHA1 hash of a file. Team Cymru also populates the TXT record of -their DNS responses with both a "last seen" timestamp and a numerical -"detection rate". The important aspect to understand is Bro already -generates hashes for files it can parse from HTTP streams, but the -script ``detect-MHR.bro`` is responsible for generating the -appropriate DNS lookup and parsing the response. +Bro checks the SHA1 hash of various files extracted from network traffic +against the `Team Cymru Malware hash registry +`_. Part of the Team Cymru Malware +Hash registry includes the ability to do a host lookup on a domain with the format +``MALWARE_HASH.malware.hash.cymru.com`` where ``MALWARE_HASH`` is the SHA1 hash of a file. +Team Cymru also populates the TXT record of their DNS responses with both a "first seen" +timestamp and a numerical "detection rate". The important aspect to understand is Bro already +generating hashes for files via the Files framework, but it is the +script ``detect-MHR.bro`` that is responsible for generating the +appropriate DNS lookup, parsing the response, and generating a notice if appropriate. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro From 261b9e1e9747631bd5b0ae8f4bbfcc3b4cda9f0a Mon Sep 17 00:00:00 2001 From: Scott Runnels Date: Fri, 20 Sep 2013 13:36:56 -0400 Subject: [PATCH 035/287] Spelling corrections. --- doc/scripting/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index aeaeac1726..7c484af7e9 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -113,7 +113,7 @@ this event continues and upon receipt of the values returned by ``when`` block splits the string returned into a portion for the date on which the malware was first detected and the detection rate by splitting on an text space and storing the values returned in a local table variable. In line 42, if the table -returned by ``split1`` has two entries, indicating a sucessful split, we store the detection +returned by ``split1`` has two entries, indicating a successful split, we store the detection date in ``mhr_first_detect`` and the rate in ``mhr_detect_rate`` on lines 45 and 45 respectively using the appropriate conversion functions. From this point on, Bro knows it has seen a file transmitted which has a hash that has been seen by the Team Cymru Malware Hash Registry, the rest From 4e2e690bffa1dd348016f08c78ebcef53da23720 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Sep 2013 14:21:03 -0500 Subject: [PATCH 036/287] Fix unintentional always-false condition. --- src/logging/Manager.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 87d3be9f13..8d833ddbc6 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -791,7 +791,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( ! v ) return false; - if ( ! v->Type()->Tag() == TYPE_STRING ) + if ( v->Type()->Tag() != TYPE_STRING ) { reporter->Error("path_func did not return string"); Unref(v); From 1750e351c4fec8b9f9e51fbca279de25cfa2e171 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Sep 2013 16:36:00 -0500 Subject: [PATCH 037/287] Prevent division/modulo by zero in scripts. Integral/floating-point division/modulo by zero in C++ is undefined behavior, so to prevent such cases in a script from crashing Bro, they're now reported as an error (with script location information) and the event handler in which it occurred returns immediately. --- src/Expr.cc | 43 ++++++++++++++++++++- testing/btest/Baseline/core.div-by-zero/out | 5 +++ testing/btest/core/div-by-zero.bro | 36 +++++++++++++++++ 3 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/core.div-by-zero/out create mode 100644 testing/btest/core/div-by-zero.bro diff --git a/src/Expr.cc b/src/Expr.cc index f060b98602..5447999dd9 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -779,9 +779,48 @@ Val* BinaryExpr::Fold(Val* v1, Val* v2) const case EXPR_SUB: DO_FOLD(-); break; case EXPR_REMOVE_FROM: DO_FOLD(-); break; case EXPR_TIMES: DO_FOLD(*); break; - case EXPR_DIVIDE: DO_FOLD(/); break; + case EXPR_DIVIDE: + { + if ( is_integral ) + { + if ( i2 == 0 ) + reporter->ExprRuntimeError(this, "division by zero"); + i3 = i1 / i2; + } + else if ( is_unsigned ) + { + if ( u2 == 0 ) + reporter->ExprRuntimeError(this, "division by zero"); + u3 = u1 / u2; + } + else + { + if ( d2 == 0 ) + reporter->ExprRuntimeError(this, "division by zero"); + d3 = d1 / d2; + } + } + break; + + case EXPR_MOD: + { + if ( is_integral ) + { + if ( i2 == 0 ) + reporter->ExprRuntimeError(this, "modulo by zero"); + i3 = i1 % i2; + } + else if ( is_unsigned ) + { + if ( u2 == 0 ) + reporter->ExprRuntimeError(this, "modulo by zero"); + u3 = u1 % u2; + } + else + Internal("bad type in BinaryExpr::Fold"); + } + break; - case EXPR_MOD: DO_INT_FOLD(%); break; case EXPR_AND: DO_INT_FOLD(&&); break; case EXPR_OR: DO_INT_FOLD(||); break; diff --git a/testing/btest/Baseline/core.div-by-zero/out b/testing/btest/Baseline/core.div-by-zero/out new file mode 100644 index 0000000000..f5524b0cbf --- /dev/null +++ b/testing/btest/Baseline/core.div-by-zero/out @@ -0,0 +1,5 @@ +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 6: division by zero [a / b] +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 11: division by zero [a / b] +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 16: division by zero [a / b] +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 21: modulo by zero [a % b] +expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.div-by-zero/div-by-zero.bro, line 26: modulo by zero [a % b] diff --git a/testing/btest/core/div-by-zero.bro b/testing/btest/core/div-by-zero.bro new file mode 100644 index 0000000000..d1221638d6 --- /dev/null +++ b/testing/btest/core/div-by-zero.bro @@ -0,0 +1,36 @@ +# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +event div_int(a: int, b: int) + { + print a / b; + } + +event div_count(a: count, b: count) + { + print a / b; + } + +event div_double(a: double, b: double) + { + print a / b; + } + +event mod_int(a: int, b: int) + { + print a % b; + } + +event mod_count(a: count, b: count) + { + print a % b; + } + +event bro_init() + { + event div_int(10, 0); + event div_count(10, 0); + event div_double(10.0, 0.0); + event mod_int(10, 0); + event mod_count(10, 0); + } From d070b018286b4d78e6968066f390a870250c68cb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Sep 2013 14:38:15 -0700 Subject: [PATCH 038/287] Updating baselines for doc changes. --- CHANGES | 2 +- VERSION | 2 +- .../output | 32 ++++++++----------- .../output | 8 ++--- .../output | 9 ++++++ .../output | 20 ++++++++---- 6 files changed, 41 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index aca5882f6c..9ff7b2368c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.1-1376 | 2013-09-20 14:18:30 -0700 +2.1-1377 | 2013-09-20 14:38:15 -0700 * Updates to the scripting introduction. (Scott Runnels) diff --git a/VERSION b/VERSION index 174fa556a3..326b107a34 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-1376 +2.1-1377 diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output index fc14c86399..0d981e7fc0 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output @@ -2,24 +2,20 @@ -- event.bif.bro +## Generated for every new connection. This event is raised with the first +## packet of a previously unknown connection. Bro uses a flow-based definition +## of "connection" here that includes not only TCP sessions but also UDP and +## ICMP flows. +global new_connection: event(c: connection ); +## Generated when a TCP connection timed out. This event is raised when +## no activity was seen for an interval of at least +## :bro:id:`tcp_connection_linger`, and either one endpoint has already +## closed the connection or one side never became active. +global connection_timeout: event(c: connection ); +## Generated when a connection's internal state is about to be removed from +## memory. Bro generates this event reliably once for every connection when it +## is about to delete the internal state. As such, the event is well-suited for ## script-level cleanup that needs to be performed for every connection. This ## event is generated not only for TCP sessions but also for UDP and ICMP ## flows. -## -## -global connection_external: event(c: connection , tag: string ); - - -## Generated when a UDP session for a supported protocol has finished. Some of -## Bro's application-layer UDP analyzers flag the end of a session by raising -## Generated when a connection is seen that is marked as being expected. - - -global ipv6_ext_headers: event(c: connection , p: pkt_hdr ); -## their specifics differ slightly. Often, however, both will be raised for -## the same connection if some of its data is missing. We should eventually -## merge the two. -global ack_above_hole: event(c: connection ); - - -## +global connection_state_remove: event(c: connection ); diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output index 8d26caba6c..656abf3ba1 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output @@ -2,8 +2,6 @@ -- detect-MHR.bro - -module TeamCymruMalwareHashRegistry; - -export { - redef enum Notice::Type += { +@load base/frameworks/files +@load base/frameworks/notice +@load frameworks/files/hash-all-files diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output index ace6e79c5e..75d94f6990 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output @@ -2,6 +2,8 @@ -- detect-MHR.bro +export { + redef enum Notice::Type += { ## The hash value of a file transferred over HTTP matched in the ## malware hash registry. Match @@ -15,3 +17,10 @@ /application\/x-java-applet/ | /application\/jar/ | /video\/mp4/ &redef; + + ## The malware hash registry runs each malware sample through several A/V engines. + ## Team Cymru returns a percentage to indicate how many A/V engines flagged the + ## sample as malicious. This threshold allows you to require a minimum detection + ## rate. + const notice_threshold = 10 &redef; +} diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output index 6f4cda878c..7e3e1b0a11 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output @@ -2,13 +2,6 @@ -- detect-MHR.bro - ## The malware hash registry runs each malware sample through several A/V engines. - ## Team Cymru returns a percentage to indicate how many A/V engines flagged the - ## sample as malicious. This threshold allows you to require a minimum detection - ## rate. - const notice_threshold = 10 &redef; -} - event file_hash(f: fa_file, kind: string, hash: string) { if ( kind=="sha1" && match_file_types in f$mime_type ) @@ -21,3 +14,16 @@ event file_hash(f: fa_file, kind: string, hash: string) if ( |MHR_answer| == 2 ) { local mhr_first_detected = double_to_time(to_double(MHR_answer[1])); + local mhr_detect_rate = to_count(MHR_answer[2]); + + local readable_first_detected = strftime("%Y-%m-%d %H:%M:%S", mhr_first_detected); + if ( mhr_detect_rate >= notice_threshold ) + { + local message = fmt("Malware Hash Registry Detection rate: %d%% Last seen: %s", mhr_detect_rate, readable_first_detected); + local virustotal_url = fmt("https://www.virustotal.com/en/file/%s/analysis/", hash); + NOTICE([$note=Match, $msg=message, $sub=virustotal_url, $f=f]); + } + } + } + } + } From 8d7b9f0627b080e7cadaf0b276af219a8e3b951d Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Sep 2013 14:52:58 -0700 Subject: [PATCH 039/287] Updating submodule(s). [nomail] --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/btest | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/aux/binpac b/aux/binpac index eeb19daacc..c066a3ecbe 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit eeb19daacc9f12bc4e7c885fa70e71f856a90b1f +Subproject commit c066a3ecbe733916a1b0902d1f8e1a6a95e2a734 diff --git a/aux/bro-aux b/aux/bro-aux index eb24e62864..ca8db41e05 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit eb24e628648c7d7b931bdb57d38ab32c28296e72 +Subproject commit ca8db41e05e3198e4d6fccb00b1a56acbdb22d71 diff --git a/aux/broccoli b/aux/broccoli index 5bcee43070..dc596253a5 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 5bcee430700f714b19a9e794de75cb42408c9ecf +Subproject commit dc596253a5cb0dd3be34d915536c4ecb8f1db138 diff --git a/aux/broctl b/aux/broctl index d842372655..dbd2d48454 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit d84237265557779f02d65ac65aa5e122b35391b6 +Subproject commit dbd2d48454c924d5a0c0d926c5ad4d444bb2b03f diff --git a/aux/btest b/aux/btest index 3918bd9f5f..6e940b7315 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 3918bd9f5f99863faec2501e5bc7839ffb17bdc9 +Subproject commit 6e940b73152a14ae63a4405f6a4bc23cf6cbeec1 From c7fe809ee5de6aa3364e714f7554be1e2e42a071 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Sep 2013 14:55:29 -0700 Subject: [PATCH 040/287] Updating submodule(s). [nomail] --- aux/bro-aux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/bro-aux b/aux/bro-aux index ca8db41e05..11d346ba99 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit ca8db41e05e3198e4d6fccb00b1a56acbdb22d71 +Subproject commit 11d346ba992b17f0106271b28da5183937819e22 From 7c1bead09a7ed673d702c9ffe17e1d140d6a6c11 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Sep 2013 15:10:52 -0700 Subject: [PATCH 041/287] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index dbd2d48454..5c6052bf5e 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit dbd2d48454c924d5a0c0d926c5ad4d444bb2b03f +Subproject commit 5c6052bf5e2340410fa579dbc6d531a4febf98d9 From b8504a565404ac90f21ea9ae267857ab8cf7e178 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 20 Sep 2013 15:37:37 -0700 Subject: [PATCH 042/287] Updating submodule(s). [nomail] --- aux/bro-aux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/bro-aux b/aux/bro-aux index 11d346ba99..045e25e660 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 11d346ba992b17f0106271b28da5183937819e22 +Subproject commit 045e25e660003ea61b5e4ca7d909870d08ea553f From 2049025288dfb3652e96d5bf85d2decc92778841 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Sep 2013 13:16:13 -0500 Subject: [PATCH 043/287] Change submodules to fixed URL. --- .gitmodules | 16 ++++++++-------- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.gitmodules b/.gitmodules index afac9bfc6b..87826d2ef6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,24 +1,24 @@ [submodule "aux/bro-aux"] path = aux/bro-aux - url = ../bro-aux + url = git://git.bro.org/bro-aux [submodule "aux/binpac"] path = aux/binpac - url = ../binpac + url = git://git.bro.org/binpac [submodule "aux/broccoli"] path = aux/broccoli - url = ../broccoli + url = git://git.bro.org/broccoli [submodule "aux/broctl"] path = aux/broctl - url = ../broctl + url = git://git.bro.org/broctl [submodule "aux/btest"] path = aux/btest - url = ../btest + url = git://git.bro.org/btest [submodule "cmake"] path = cmake - url = ../cmake + url = git://git.bro.org/cmake [submodule "magic"] path = magic - url = ../bromagic + url = git://git.bro.org/bromagic [submodule "src/3rdparty"] path = src/3rdparty - url = ../bro-3rdparty + url = git://git.bro.org/bro-3rdparty diff --git a/aux/binpac b/aux/binpac index c066a3ecbe..5f9d4afe82 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit c066a3ecbe733916a1b0902d1f8e1a6a95e2a734 +Subproject commit 5f9d4afe8274b1c1125757ca0e971f66d6d35384 diff --git a/aux/bro-aux b/aux/bro-aux index 045e25e660..387e26609a 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 045e25e660003ea61b5e4ca7d909870d08ea553f +Subproject commit 387e26609a923f5abd10be593ae127690f7a6b72 diff --git a/aux/broccoli b/aux/broccoli index dc596253a5..baf003ac16 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit dc596253a5cb0dd3be34d915536c4ecb8f1db138 +Subproject commit baf003ac1648f63cd871942b20f8da82184af784 diff --git a/aux/broctl b/aux/broctl index 5c6052bf5e..629e155c71 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 5c6052bf5e2340410fa579dbc6d531a4febf98d9 +Subproject commit 629e155c712deea170330842ad7bfa9ae666f325 From 09b7ccba231c857681dd961d5b8f8b4a2bfb4d18 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 11:48:38 -0700 Subject: [PATCH 044/287] Fix required for compiling with clang 3.3. --- src/Expr.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Expr.cc b/src/Expr.cc index e64172675e..0eaa7ce918 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2403,7 +2403,7 @@ RefExpr::RefExpr(Expr* arg_op) : UnaryExpr(EXPR_REF, arg_op) if ( IsError() ) return; - if ( ! is_assignable(op->Type()) ) + if ( ! ::is_assignable(op->Type()) ) ExprError("illegal assignment target"); else SetType(op->Type()->Ref()); From 601cdbc6cfa75fe46cbf67c4923b1988dae43ee0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 11:48:56 -0700 Subject: [PATCH 045/287] Fixing an always false condition. Reported by clang. --- src/logging/Manager.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 79e23fb63f..0de41fb642 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -792,7 +792,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) if ( ! v ) return false; - if ( ! v->Type()->Tag() == TYPE_STRING ) + if ( v->Type()->Tag() != TYPE_STRING ) { reporter->Error("path_func did not return string"); Unref(v); From ed2798ae73f021d5af0ee925b98956766138fd2b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 11:49:22 -0700 Subject: [PATCH 046/287] Updating NEWS. --- NEWS | 334 ++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 207 insertions(+), 127 deletions(-) diff --git a/NEWS b/NEWS index dba45c279d..e192c52380 100644 --- a/NEWS +++ b/NEWS @@ -1,53 +1,147 @@ This document summarizes the most important changes in the current Bro -release. For a complete list of changes, see the ``CHANGES`` file +release. For an exhaustive list of changes, see the ``CHANGES`` file (note that submodules, such as BroControl and Broccoli, come with -their own CHANGES.) +their own ``CHANGES``.) -Bro 2.2 (Work In Progress) -========================== +Bro 2.2 Beta +============ New Functionality ----------------- +- A new file analysis framework moves most of the processing of file + content from script-land into the core, where it belongs. See + ``doc/file-analysis.rst``, or the online documentation, for more + information. + + Much of this is an internal change, but the framework also comes + with the following user-visible functionality (some of that was + already available before but is done differently, and more + efficiently, now): + + - HTTP: + * Identify MIME type of messages. + * Extract messages to disk. + * Compute MD5 for messages. + + - SMTP: + * Identify MIME type of messages. + * Extract messages to disk. + * Compute MD5 for messages. + * Provide access to start of entity data. + + - FTP data transfers: + * Identify MIME types of data. + * Record to disk. + + - IRC DCC transfers: Record to disk. + + - Support for analyzing data transfered via HTTP range requests. + + - A binary input reader interfaces the input framework with the + file analysis, allowing to inject files on disk into Bro's + content processing. + +- A new framework for computing a wide array of summary statistics, + such as counters and thresholds checks, standard deviation and mean, + set cardinality, top K, and more. The framework operates in + real-time, independent of the underlying data, and can aggregate + information from many independent monitoring points (including + clusters). It provides a transparent, easy-to-use user interface, + and can optionally deploy a set of probabilistic data structures for + memory-efficient operation. The framework is located in + ``scripts/base/frameworks/sumstats``. + + A number of new applications now ship with Bro that are built on top + of the summary statistics framework: + + * Scan detection: Detectors for port and address scans. See + ``policy/misc/scan.bro`` (these scan detectors used to exist in + Bro versions <2.0; it's now back, but quite different). + + * Tracerouter detector: ``policy/misc/detect-traceroute.bro`` + + * Web application detection/measurement: + ``policy/misc/app-stats/*`` + + * FTP and SSH brute-forcing detector: + ``policy/protocols/ftp/detect-bruteforcing.bro``, + ``policy/protocols/ssh/detect-bruteforcing.bro`` + + * HTTP-based SQL injection detector: + ``policy/protocols/http/detect-sqli.bro`` (existed before, but + now ported to the new framework) + +- GridFTP support. This is an extension to the standard FTP analyzer + and includes: + + - An analyzer for the GSI mechanism of GSSAPI FTP AUTH method. + GSI authentication involves an encoded TLS/SSL handshake over + the FTP control session. For FTP sessions that attempt GSI + authentication, the ``service`` field of the connection log + will include ``gridftp`` (as well as also ``ftp`` and + ``ssl``). + + - An example of a GridFTP data channel detection script. It + relies on the heuristics of GridFTP data channels commonly + default to SSL mutual authentication with a NULL bulk cipher + and that they usually transfer large datasets (default + threshold of script is 1 GB). For identified GridFTP data + channels, the ``services`` fields of the connection log will + include ``gridftp-data``. + +- Modbus and DNP3 support. Script-level support is only basic at this + point but see ``src/analyzer/protocol/{modbus,dnp3}/events.bif``, or + the online documentation, for the events Bro generates. For Modbus, + there are also some example policies in + ``policy/protocols/modbus/*``. + +- The documentation now includes a new introduction to writing Bro + scripts. See ``doc/scripting/index.rst`` or, much better, the online + version. There's also the beginning of a chapter on "Using Bro" in + ``doc/using/index.rst``. + - GPRS Tunnelling Protocol (GTPv1) decapsulation. -- GridFTP support. TODO: Extend. +- The scripting language now provide "hooks", a new flavor of + functions that share characteristics of both standard functions and + events. They are like events in that multiple bodies can be defined + for the same hook identifier. They are more like functions in the + way they are invoked/called, because, unlike events, their execution + is immediate and they do not get scheduled through an event queue. + Also, a unique feature of a hook is that a given hook handler body + can short-circuit the execution of remaining hook handlers simply by + exiting from the body as a result of a ``break`` statement (as + opposed to a ``return`` or just reaching the end of the body). See + ``doc/scripts/builtins.rst``, or the online documentation, for more + informatin. -- Modbus support. TODO: Extend. +- Bro's language now has a working ``switch`` statement that generally + behaves like C-style switches (except that case labels can be + comprised of multiple literal constants delimited by commas). Only + atomic types are allowed for now. Case label bodies that don't + execute a ``return`` or ``break`` statement will fall through to + subsequent cases. A ``default`` case label is supported. -- DNP3 support. TODO: Extend. - -- ssl.log now also records the subject client and issuer certificates. - -- Hooks: TODO: Briefly summarize the documention from - doc/scripts/builtins.rst here. - -- The ASCII writer can now output CSV files on a per filter basis. - -- Bro's language now has a working "switch" statement that generally - behaves like C-style switches except case labels can be comprised of - multiple literal constants delimited by commas. Only atomic types - are allowed for now. Case label bodies that don't execute a - "return" or "break" statement will fall through to subsequent cases. - A default case label is allowed. - -- Bro's language now has a new set of types "opaque of X". Opaque +- Bro's language now has a new set of types ``opaque of X``. Opaque values can be passed around like other values but they can only be manipulated with BiF functions, not with other operators. Currently, - the following opaque types are supported: + the following opaque types are supported:: - - opaque of md5 - - opaque of sha1 - - opaque of sha256 - - opaquey of entropy. + opaque of md5 + opaque of sha1 + opaque of sha256 + opaque of cardinality + opaque of topk + opaque of bloomfilter - They go along with the corrsponding BiF functions md5_*, sha1_*, - sha256_*, and entropy_*, respectively. Note that these functions - have changed their signatures to work with opaques types rather - than global state as it was before. + These go along with the corrsponding BiF functions ``md5_*``, + ``sha1_*``, ``sha256_*``, ``entropy_*``, etc. . Note that where + these functions existed before, they have changed their signatures + to work with opaques types rather than global state. -- The scripting language now supports a constructing sets, tables, +- The scripting language now supports constructing sets, tables, vectors, and records by name:: type MyRecordType: record { @@ -61,57 +155,33 @@ New Functionality global s = MySet([$c=1], [$c=2]); - Strings now support the subscript operator to extract individual - characters and substrings (e.g., s[4], s[1,5]). The index expression - can take up to two indices for the start and end index of the - substring to return (e.g. "mystring[1,3]"). + characters and substrings (e.g., ``s[4]``, ``s[1,5]``). The index + expression can take up to two indices for the start and end index of + the substring to return (e.g. ``mystring[1,3]``). -- Functions now support default parameters, e.g.: +- Functions now support default parameters, e.g.:: - global foo: function(s: string, t: string &default="abc", u: count &default=0); + global foo: function(s: string, t: string &default="abc", u: count &default=0); -- Scripts can now use two new "magic constants" @DIR and @FILENAME - that expand to the directory path of the current script and just the - script file name without path, respectively. (Jon Siwek) +- Scripts can now use two new "magic constants" ``@DIR`` and + ``@FILENAME`` that expand to the directory path of the current + script and just the script file name without path, respectively. -- The new file analysis framework moves most of the processing of file - content from script-land into the core, where it belongs. See - doc/file-analysis.rst for more information. +- ``ssl.log`` now also records the subject client and issuer + certificates. - Much of this is an internal change, but the framework also comes - with the following user-visibible functionality (some of that was - already available before, but done differently): +- The ASCII writer can now output CSV files on a per filter basis. - [TODO: Update with changes from 984e9793db56.] +- New SQLite reader and writer plugins for the logging framework allow + to read/write persistent data from on disk SQLite databases. - - A binary input reader interfaces the input framework with file - analysis, allowing to inject files on disk into Bro's - processing. - - - Supports for analyzing data transfereed via HTTP range - requests. - - - HTTP: - * Identify MIME type of message. - * Extract message to disk. - * Compute MD5 for messages. - - - SMTP: - * Identify MIME type of message. - * Extract message to disk. - * Compute MD5 for messages. - * Provide access to start of entity data. - - - FTP data transfers: Identify MIME type; record to disk. - - - IRC DCC transfers: Record to disk. - -- New packet filter framework supports BPF-based load-balancing, +- A new packet filter framework supports BPF-based load-balancing, shunting, and sampling; plus plugin support to customize filters dynamically. - Bro now provides Bloom filters of two kinds: basic Bloom filters supporting membership tests, and counting Bloom filters that track - the frequency of elements. The corresponding functions are: + the frequency of elements. The corresponding functions are:: bloomfilter_basic_init(fp: double, capacity: count, name: string &default=""): opaque of bloomfilter bloomfilter_basic_init2(k: count, cells: count, name: string &default=""): opaque of bloomfilter @@ -121,10 +191,11 @@ New Functionality bloomfilter_merge(bf1: opaque of bloomfilter, bf2: opaque of bloomfilter): opaque of bloomfilter bloomfilter_clear(bf: opaque of bloomfilter) - See for full documentation. + See ``src/probabilistic/bloom-filter.bif``, or the online + documentation, for full documentation. - Bro now provides a probabilistic data structure for computing - "top k" elements. The corresponding functions are: + "top k" elements. The corresponding functions are:: topk_init(size: count): opaque of topk topk_add(handle: opaque of topk, value: any) @@ -136,73 +207,82 @@ New Functionality topk_merge(handle1: opaque of topk, handle2: opaque of topk) topk_merge_prune(handle1: opaque of topk, handle2: opaque of topk) - See for full documentation. + See ``src/probabilistic/top-k.bif``, or the online documentation, + for full documentation. -- base/utils/exec.bro provides a module to start external processes - asynchronously and retrieve their output on termination. - base/utils/dir.bro uses it to monitor a directory for changes, and - base/utils/active-http.bro for providing an interface for querying - remote web servers. +- Bro now provides a probabilistic data structure for computing set + cardinality, using the HyperLogLog algorithm. The corresponding + functions are:: -- Summary statistics framework. [Extend] + hll_cardinality_init(err: double, confidence: double): opaque of cardinality + hll_cardinality_add(handle: opaque of cardinality, elem: any): bool + hll_cardinality_merge_into(handle1: opaque of cardinality, handle2: opaque of cardinality): bool + hll_cardinality_estimate(handle: opaque of cardinality): double + hll_cardinality_copy(handle: opaque of cardinality): opaque of cardinality -- A number of new applications build on top of the summary statistics - framework: + See ``src/probabilistic/cardinality-counter.bif``, or the online + documentation, for full documentation. - * Scan detection: Detectors for port and address scans return. See - policy/misc/scan.bro. +- ``base/utils/exec.bro`` provides a module to start external + processes asynchronously and retrieve their output on termination. + ``base/utils/dir.bro`` uses it to monitor a directory for changes, + and ``base/utils/active-http.bro`` for providing an interface for + querying remote web servers. - * Tracerouter detector: policy/misc/detect-traceroute +- BroControl can now pin Bro processes to CPUs on supported platforms: + To use CPU pinning, a new per-node option ``pin_cpus`` can be + specified in node.cfg if the OS is either Linux or FreeBSD. - * Web application detection/measurement: policy/misc/app-metrics.bro +- BroControl comes with its own test-suite now. ``make test`` in + ``aux/broctl`` will run it. - * FTP brute-forcing detector: policy/protocols/ftp/detect-bruteforcing.bro - - * HTTP-based SQL injection detector: policy/protocols/http/detect-sqli.bro - (existed before, but now ported to the new framework) - - * SSH brute-forcing detector feeding the intelligence framework: - policy/protocols/ssh/detect-bruteforcing.bro +In addition to these, Bro 2.2 comes with a large set of smaller +extensions, tweaks, and fixes across the whole code base, including +most submodules. Changed Functionality --------------------- -- We removed the following, already deprecated, functionality: +- The interface to extracting content from application-layer protocols + (including HTTP, SMTP, FTP) has changed significantly due to the + introduction of the new file analysis framework (see above). + +- Removed the following, already deprecated, functionality: * Scripting language: - - &disable_print_hook attribute. + - ``&disable_print_hook attribute``. * BiF functions: - - parse_dotted_addr(), dump_config(), - make_connection_persistent(), generate_idmef(), - split_complete() + - ``parse_dotted_addr()``, ``dump_config()``, + ``make_connection_persistent()``, ``generate_idmef()``, + ``split_complete()`` - - md5_*, sha1_*, sha256_*, and entropy_* have all changed - their signatures to work with opaque types (see above). + - ``md5_*``, ``sha1_*``, ``sha256_*``, and ``entropy_*`` have + all changed their signatures to work with opaque types (see + above). +- Removed a now unused argument from ``do_split`` helper function. -- Removed a now unused argument from "do_split" helper function. +- ``this`` is no longer a reserved keyword. -- "this" is no longer a reserved keyword. - -- The Input Framework's update_finished event has been renamed to - end_of_data. It will now not only fire after table-reads have been - completed, but also after the last event of a whole-file-read (or - whole-db-read, etc.). +- The Input Framework's ``update_finished`` event has been renamed to + ``end_of_data``. It will now not only fire after table-reads have + been completed, but also after the last event of a whole-file-read + (or whole-db-read, etc.). - Renamed the option defining the frequency of alarm summary mails to - 'Logging::default_alarm_mail_interval'. When using BroControl, the + ``Logging::default_alarm_mail_interval``. When using BroControl, the value can now be set with the new broctl.cfg option - "MailAlarmsInterval". + ``MailAlarmsInterval``. -- We have completely reworded the "notice_policy" mechanism. It now no - linger uses a record of policy items but a "hook", a new language - element that's roughly equivalent to a function with multiple - bodies. The documentation [TODO: insert link] describes how to use - the new notice policy. For existing code, the two main changes are: +- We have completely rewritten the ``notice_policy`` mechanism. It now + no longer uses a record of policy items but a ``hook``, a new + language element that's roughly equivalent to a function with + multiple bodies (see above). For existing code, the two main changes + are: - - What used to be a "redef" of "Notice::policy" now becomes a hook - implementation. Example: + - What used to be a ``redef`` of ``Notice::policy`` now becomes a + hook implementation. Example: Old:: @@ -221,9 +301,9 @@ Changed Functionality add n$actions[Notice::ACTION_EMAIL]; } - - notice() is now likewise a hook, no longer an event. If you have - handlers for that event, you'll likely just need to change the - type accordingly. Example: + - notice() is now likewise a hook, no longer an event. If you + have handlers for that event, you'll likely just need to change + the type accordingly. Example: Old:: @@ -233,17 +313,17 @@ Changed Functionality hook notice(n: Notice::Info) { ... } -- The notice_policy.log is gone. That's a result of the new notice +- The ``notice_policy.log`` is gone. That's a result of the new notice policy setup. -- Removed the byte_len() and length() bif functions. Use the ``|...|`` - operator instead. +- Removed the ``byte_len()`` and ``length()`` bif functions. Use the + ``|...|`` operator instead. -- The SSH::Login notice has been superseded by an corresponding - intelligence framework observation (SSH::SUCCESSFUL_LOGIN). +- The ``SSH::Login`` notice has been superseded by an corresponding + intelligence framework observation (``SSH::SUCCESSFUL_LOGIN``). -- PacketFilter::all_packets has been replaced with - PacketFilter::enable_auto_protocol_capture_filters. +- ``PacketFilter::all_packets`` has been replaced with + ``PacketFilter::enable_auto_protocol_capture_filters``. - We removed the BitTorrent DPD signatures pending further updates to that analyzer. From 00a3ad03dd73ac3058be16a56c1f8a8368ecc4f0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 11:54:48 -0700 Subject: [PATCH 047/287] Updating submodule(s). [nomail] --- CHANGES | 10 ++++++++++ VERSION | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 9ff7b2368c..00cd9b9176 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,14 @@ +2.1-1387 | 2013-09-23 11:54:48 -0700 + + * Change submodules to fixed URL. (Jon Siwek) + + * Updating NEWS. (Robin Sommer) + + * Fixing an always false condition. (Robin Sommer) + + * Fix required for compiling with clang 3.3. (Robin Sommer) + 2.1-1377 | 2013-09-20 14:38:15 -0700 * Updates to the scripting introduction. (Scott Runnels) diff --git a/VERSION b/VERSION index 326b107a34..deed660f20 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-1377 +2.1-1387 diff --git a/aux/broccoli b/aux/broccoli index baf003ac16..2a886a31f2 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit baf003ac1648f63cd871942b20f8da82184af784 +Subproject commit 2a886a31f23ebecd17274af1af581f9e40f1810d diff --git a/aux/broctl b/aux/broctl index 629e155c71..f80ddc95cd 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 629e155c712deea170330842ad7bfa9ae666f325 +Subproject commit f80ddc95cdfae6c6a4f20169de60767271b240e1 From 6e71c97bfe09d3b3c19cc0b137ecc784da4f7eeb Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Sep 2013 14:44:50 -0500 Subject: [PATCH 048/287] Update 'make dist' target. --- Makefile | 13 +++++++------ aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index d915050b6b..cbc44c6780 100644 --- a/Makefile +++ b/Makefile @@ -44,13 +44,14 @@ broxygenclean: configured dist: @rm -rf $(VERSION_FULL) $(VERSION_FULL).tgz @rm -rf $(VERSION_MIN) $(VERSION_MIN).tgz - @mkdir $(VERSION_FULL) - @tar --exclude=$(VERSION_FULL)* --exclude=$(VERSION_MIN)* --exclude=.git -cf - . | ( cd $(VERSION_FULL) && tar -xpf - ) - @( cd $(VERSION_FULL) && cp -R ../.git . && git reset -q --hard HEAD && git clean -xdfq && rm -rf .git ) + @git clone --recursive . $(VERSION_FULL) >/dev/null 2>&1 + @find $(VERSION_FULL) -name .git\* | xargs rm -rf @tar -czf $(VERSION_FULL).tgz $(VERSION_FULL) && echo Package: $(VERSION_FULL).tgz && rm -rf $(VERSION_FULL) - @$(HAVE_MODULES) && mkdir $(VERSION_MIN) || exit 0 - @$(HAVE_MODULES) && tar --exclude=$(VERSION_FULL)* --exclude=$(VERSION_MIN)* --exclude=.git `git submodule | awk '{print "--exclude="$$2}' | grep -v cmake | tr '\n' ' '` -cf - . | ( cd $(VERSION_MIN) && tar -xpf - ) || exit 0 - @$(HAVE_MODULES) && ( cd $(VERSION_MIN) && cp -R ../.git . && git reset -q --hard HEAD && git clean -xdfq && rm -rf .git ) || exit 0 + @$(HAVE_MODULES) && git clone . $(VERSION_MIN) >/dev/null 2>&1 || exit 0 + @$(HAVE_MODULES) && (cd $(VERSION_MIN) && git submodule update --init cmake >/dev/null 2>&1) || exit 0 + @$(HAVE_MODULES) && (cd $(VERSION_MIN) && git submodule update --init src/3rdparty >/dev/null 2>&1) || exit 0 + @$(HAVE_MODULES) && (cd $(VERSION_MIN) && git submodule update --init magic >/dev/null 2>&1) || exit 0 + @$(HAVE_MODULES) && find $(VERSION_MIN) -name .git\* | xargs rm -rf || exit 0 @$(HAVE_MODULES) && tar -czf $(VERSION_MIN).tgz $(VERSION_MIN) && echo Package: $(VERSION_MIN).tgz && rm -rf $(VERSION_MIN) || exit 0 bindist: diff --git a/aux/binpac b/aux/binpac index 5f9d4afe82..3c29b917e5 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 5f9d4afe8274b1c1125757ca0e971f66d6d35384 +Subproject commit 3c29b917e59e8d8200f669d3d9729d36c34b9245 diff --git a/aux/bro-aux b/aux/bro-aux index 387e26609a..ee2d64928e 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 387e26609a923f5abd10be593ae127690f7a6b72 +Subproject commit ee2d64928edc38b10e508bd577a22f52b024c992 diff --git a/aux/broccoli b/aux/broccoli index 2a886a31f2..c0d5345bf2 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 2a886a31f23ebecd17274af1af581f9e40f1810d +Subproject commit c0d5345bf25d25f6965f3201048344687bacc860 diff --git a/aux/broctl b/aux/broctl index f80ddc95cd..3582f494de 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit f80ddc95cdfae6c6a4f20169de60767271b240e1 +Subproject commit 3582f494de247784fc7634b319ddf99aef44b6e1 From e4e7c78925e8c3a049f16875fdc33faf4312ec5d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Sep 2013 16:57:31 -0500 Subject: [PATCH 049/287] Remove unused variable assignments, dead code. --- src/CompHash.cc | 1 - src/Debug.cc | 3 +-- src/PersistenceSerializer.cc | 2 -- src/Stmt.cc | 3 +-- src/Val.cc | 6 ++---- 5 files changed, 4 insertions(+), 11 deletions(-) diff --git a/src/CompHash.cc b/src/CompHash.cc index e793a104e0..b2eb08c589 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -207,7 +207,6 @@ char* CompositeHash::SingleValHash(int type_check, char* kp0, unsigned int* kp = AlignAndPadType(kp0); VectorVal* vv = v->AsVectorVal(); VectorType* vt = v->Type()->AsVectorType(); - vector* indices = v->AsVector(); *kp = vv->Size(); kp1 = reinterpret_cast(kp+1); for ( unsigned int i = 0; i < vv->Size(); ++i ) diff --git a/src/Debug.cc b/src/Debug.cc index 8cf2e38596..b5aaf91f9f 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -194,8 +194,7 @@ static void parse_function_name(vector& result, return; } - FuncType* ftype; - if ( ! (ftype = id->Type()->AsFuncType()) ) + if ( ! id->Type()->AsFuncType() ) { debug_msg("Function %s not declared.\n", id->Name()); plr.type = plrUnknown; diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc index d9baad05bb..4c6f72d815 100644 --- a/src/PersistenceSerializer.cc +++ b/src/PersistenceSerializer.cc @@ -400,8 +400,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status) while ( (id = status->ids->NextEntry(status->id_cookie)) ) { - ID* g = global_scope()->Lookup(id->Name()); - if ( ! DoIDSerialization(status, id) ) return false; diff --git a/src/Stmt.cc b/src/Stmt.cc index 28f29aba0b..d879c598d2 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1218,9 +1218,8 @@ Val* ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const const PDict(TableEntryVal)* loop_vals = tv->AsTable(); HashKey* k; - TableEntryVal* iter_val; IterCookie* c = loop_vals->InitForIteration(); - while ( (iter_val = loop_vals->NextEntry(k, c)) ) + while ( loop_vals->NextEntry(k, c) ) { ListVal* ind_lv = tv->RecoverIndex(k); delete k; diff --git a/src/Val.cc b/src/Val.cc index 9d1b27b333..30c3797253 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1656,8 +1656,7 @@ int TableVal::RemoveFrom(Val* val) const IterCookie* c = tbl->InitForIteration(); HashKey* k; - TableEntryVal* v; - while ( (v = tbl->NextEntry(k, c)) ) + while ( tbl->NextEntry(k, c) ) { Val* index = RecoverIndex(k); @@ -1955,8 +1954,7 @@ ListVal* TableVal::ConvertToList(TypeTag t) const IterCookie* c = tbl->InitForIteration(); HashKey* k; - TableEntryVal* v; - while ( (v = tbl->NextEntry(k, c)) ) + while ( tbl->NextEntry(k, c) ) { ListVal* index = table_hash->RecoverVals(k); From f89b62684f4b02e5e83dc279edc8aabeab4ec55f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 20:18:14 -0700 Subject: [PATCH 050/287] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 3582f494de..9eb0ab28f8 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 3582f494de247784fc7634b319ddf99aef44b6e1 +Subproject commit 9eb0ab28f85f0de2ed4c85017160d9d1d0a64f3f From abba39c261eb2a94de8584f17c4f3af6e7178734 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 20:31:28 -0700 Subject: [PATCH 051/287] Updating submodule(s). [nomail] --- CHANGES | 4 ++++ VERSION | 2 +- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/btest | 2 +- 7 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 00cd9b9176..b5c1c83937 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.2-beta | 2013-09-23 20:31:28 -0700 + + * Update 'make dist' target. (Jon Siwek) + 2.1-1387 | 2013-09-23 11:54:48 -0700 * Change submodules to fixed URL. (Jon Siwek) diff --git a/VERSION b/VERSION index deed660f20..bd5bc6105b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-1387 +2.2-beta diff --git a/aux/binpac b/aux/binpac index 3c29b917e5..8156c9eb58 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 3c29b917e59e8d8200f669d3d9729d36c34b9245 +Subproject commit 8156c9eb581324de90b6f0e6a00bf5c79c56651c diff --git a/aux/bro-aux b/aux/bro-aux index ee2d64928e..044f83b8bb 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit ee2d64928edc38b10e508bd577a22f52b024c992 +Subproject commit 044f83b8bb933eeaa8c47cac0579f25bcd18e096 diff --git a/aux/broccoli b/aux/broccoli index c0d5345bf2..261dd2365d 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit c0d5345bf25d25f6965f3201048344687bacc860 +Subproject commit 261dd2365d4877106940f70070de4f4a914b2b0b diff --git a/aux/broctl b/aux/broctl index 9eb0ab28f8..c7210af732 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 9eb0ab28f85f0de2ed4c85017160d9d1d0a64f3f +Subproject commit c7210af732fff03a18737de12db9a5ec9101124e diff --git a/aux/btest b/aux/btest index 6e940b7315..d01422b9c8 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 6e940b73152a14ae63a4405f6a4bc23cf6cbeec1 +Subproject commit d01422b9c8022ce787b157eb59580f5be169d060 From a5a6e35d5ebc9c4b86d3cba4eb2811903bd1bf41 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Sep 2013 20:57:48 -0700 Subject: [PATCH 052/287] Updating submodule(s). [nomail] --- CHANGES | 2 +- aux/binpac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index b5c1c83937..61ec42c3e4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.2-beta | 2013-09-23 20:31:28 -0700 +2.2-beta | 2013-09-23 20:57:48 -0700 * Update 'make dist' target. (Jon Siwek) diff --git a/aux/binpac b/aux/binpac index 8156c9eb58..d5d8ce30c5 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 8156c9eb581324de90b6f0e6a00bf5c79c56651c +Subproject commit d5d8ce30c596acb1408618e1f88dec59c1c96bab From 66a6ec490ab62398b113c55efb56e25587b3bba5 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Sep 2013 13:16:51 -0700 Subject: [PATCH 053/287] Removing :doc: roles so that we can render this with docutils directly. --- NEWS | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index e192c52380..41b29358ba 100644 --- a/NEWS +++ b/NEWS @@ -559,8 +559,8 @@ with the new version. The two rules of thumb are: if you need help. Below we summarize changes from 1.x to 2.x in more detail. This list -isn't complete, see the ``CHANGES`` file in the distribution or -:doc:`here ` for the full story. +isn't complete, see the ``CHANGES`` file in the distribution. +for the full story. Script Organization ------------------- @@ -648,8 +648,7 @@ Logging Framework endpoint. - The new logging framework makes it possible to extend, customize, - and filter logs very easily. See the :doc:`logging framework - ` for more information on usage. + and filter logs very easily. - A common pattern found in the new scripts is to store logging stream records for protocols inside the ``connection`` records so that @@ -672,8 +671,7 @@ Notice Framework The way users interact with "notices" has changed significantly in order to make it easier to define a site policy and more extensible for adding -customized actions. See the :doc:`notice framework -`. +customized actions. New Default Settings From 5408931870365b2a68f9484125b373fab3cdd32b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Sep 2013 13:17:34 -0700 Subject: [PATCH 054/287] Whitespace fix. --- doc/scripting/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index 9f98c43a5f..4181704d63 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -1129,7 +1129,7 @@ which we will cover shortly. +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ | policy_items | set[count] | &log &optional | Policy items that have been applied | +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ -| email_body_sections | vector | &optional | Body of the email for email notices. | +| email_body_sections | vector | &optional | Body of the email for email notices. | +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ | email_delay_tokens | set[string] | &optional | Delay functionality for email notices. | +---------------------+------------------------------------------------------------------+----------------+----------------------------------------+ From 7706ba1b2f2766e29d8a52e4b7e6c4e9c11e0981 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Sep 2013 13:22:56 -0700 Subject: [PATCH 055/287] Fix for setting REPO in Makefile. The basename wasn't sufficient as it could leave the repo URL in. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index cbc44c6780..4984f6db31 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ # BUILD=build -REPO=`basename \`git config --get remote.origin.url\`` +REPO=`basename \`git config --get remote.origin.url | sed 's/^[^:]*://g'\`` VERSION_FULL=$(REPO)-`cat VERSION` VERSION_MIN=$(REPO)-`cat VERSION`-minimal HAVE_MODULES=git submodule | grep -v cmake >/dev/null From bb4b26281374ba3051b22293d22145907a0653c4 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Sep 2013 13:23:30 -0700 Subject: [PATCH 056/287] Updating submodule(s). [nomail] --- CHANGES | 9 +++++++++ VERSION | 2 +- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 6 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 61ec42c3e4..3ee13d6b94 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,13 @@ +2.2-beta-4 | 2013-09-24 13:23:30 -0700 + + * Fix for setting REPO in Makefile. (Robin Sommer) + + * Whitespace fix. (Robin Sommer) + + * Removing :doc: roles so that we can render this with docutils + directly. (Robin Sommer) + 2.2-beta | 2013-09-23 20:57:48 -0700 * Update 'make dist' target. (Jon Siwek) diff --git a/VERSION b/VERSION index bd5bc6105b..24fbd69410 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2-beta +2.2-beta-4 diff --git a/aux/binpac b/aux/binpac index d5d8ce30c5..d4331881f9 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit d5d8ce30c596acb1408618e1f88dec59c1c96bab +Subproject commit d4331881f91068da9a7a7d6639559ce752e178ad diff --git a/aux/bro-aux b/aux/bro-aux index 044f83b8bb..c09d0d81a1 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 044f83b8bb933eeaa8c47cac0579f25bcd18e096 +Subproject commit c09d0d81a15f69d22274d472ba9345e5e691caa2 diff --git a/aux/broccoli b/aux/broccoli index 261dd2365d..e0f34599cb 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 261dd2365d4877106940f70070de4f4a914b2b0b +Subproject commit e0f34599cb11f0df37ae1cc036d87c1794b1c0b2 diff --git a/aux/broctl b/aux/broctl index c7210af732..bec9c66064 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit c7210af732fff03a18737de12db9a5ec9101124e +Subproject commit bec9c6606414438655a3298db76e1e43464c8d44 From 4ec641990614ba5e8b979c26c4b2d14dc6121685 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Sep 2013 13:41:33 -0700 Subject: [PATCH 057/287] Updating submodule(s). [nomail] --- aux/bro-aux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/bro-aux b/aux/bro-aux index c09d0d81a1..de33d520c6 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit c09d0d81a15f69d22274d472ba9345e5e691caa2 +Subproject commit de33d520c6f7957aafcce30d86b170306a1c0c49 From daf5d0d098a589dcdc593c21f91fa8c3592710ef Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 24 Sep 2013 17:38:22 -0500 Subject: [PATCH 058/287] Improve return value checking and error handling. --- src/Expr.cc | 2 +- src/Obj.cc | 13 ++++++++----- src/PolicyFile.cc | 8 +++++++- src/SerialObj.h | 9 +++++++-- src/Serializer.cc | 7 ++++++- src/Type.cc | 3 ++- src/Val.cc | 19 +++++++++++++++---- src/input/readers/Raw.cc | 25 ++++++++++++++++++++++--- src/input/readers/Raw.h | 1 + src/logging/WriterBackend.h | 11 ----------- src/logging/writers/Ascii.cc | 11 ++++++++++- src/logging/writers/DataSeries.cc | 11 ++++++++++- src/main.cc | 5 ++++- src/util.cc | 9 ++++++++- 14 files changed, 101 insertions(+), 33 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index e78a7145e6..e49150f3ac 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -5435,7 +5435,7 @@ TraversalCode ListExpr::Traverse(TraversalCallback* cb) const loop_over_list(exprs, i) { - exprs[i]->Traverse(cb); + tc = exprs[i]->Traverse(cb); HANDLE_TC_EXPR_PRE(tc); } diff --git a/src/Obj.cc b/src/Obj.cc index 0b82695f3d..33aaa8f44e 100644 --- a/src/Obj.cc +++ b/src/Obj.cc @@ -28,11 +28,14 @@ bool Location::DoSerialize(SerialInfo* info) const { DO_SERIALIZE(SER_LOCATION, SerialObj); info->s->WriteOpenTag("Location"); - SERIALIZE(filename); - SERIALIZE(first_line); - SERIALIZE(last_line); - SERIALIZE(first_column); - SERIALIZE(last_column); + + if ( ! (SERIALIZE(filename) && + SERIALIZE(first_line) && + SERIALIZE(last_line) && + SERIALIZE(first_column) && + SERIALIZE(last_column)) ) + return false; + info->s->WriteCloseTag("Location"); return true; } diff --git a/src/PolicyFile.cc b/src/PolicyFile.cc index 9f67ee88a1..369d8c18f4 100644 --- a/src/PolicyFile.cc +++ b/src/PolicyFile.cc @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -80,7 +81,12 @@ bool LoadPolicyFileText(const char* policy_filename) policy_files.insert(PolicyFileMap::value_type(policy_filename, pf)); struct stat st; - fstat(fileno(f), &st); + if ( fstat(fileno(f), &st) != 0 ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + reporter->InternalError("fstat failed on %s: %s", policy_filename, buf); + } pf->lmtime = st.st_mtime; off_t size = st.st_size; diff --git a/src/SerialObj.h b/src/SerialObj.h index c3dc65684c..4794f2bf20 100644 --- a/src/SerialObj.h +++ b/src/SerialObj.h @@ -319,7 +319,8 @@ public: \ if ( has_it ) \ { \ - info->s->Read(&dst, 0, "has_" #dst); \ + if ( ! info->s->Read(&dst, 0, "has_" #dst) ) \ + return false; \ if ( ! dst ) \ return false; \ } \ @@ -339,7 +340,11 @@ public: \ if ( has_it ) \ { \ - info->s->Read(&dst, 0, "has_" #dst); \ + if ( ! info->s->Read(&dst, 0, "has_" #dst) ) \ + { \ + delete del; \ + return 0; \ + } \ if ( ! dst ) \ { \ delete del; \ diff --git a/src/Serializer.cc b/src/Serializer.cc index f7544765fa..bd1be77a2d 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -136,7 +136,12 @@ bool Serializer::Serialize(SerialInfo* info, const char* func, val_list* args) Write(network_time, "time"); Write(a, "len"); - loop_over_list(*args, i) (*args)[i]->Serialize(info); + loop_over_list(*args, i) + if ( ! (*args)[i]->Serialize(info) ) + { + Error("failed"); + return false; + } WriteCloseTag("call"); WriteSeparator(); diff --git a/src/Type.cc b/src/Type.cc index 2b9faa8018..706a15aea2 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -179,7 +179,8 @@ unsigned int BroType::MemoryAllocation() const bool BroType::Serialize(SerialInfo* info) const { // We always send full types (see below). - SERIALIZE(true); + if ( ! SERIALIZE(true) ) + return false; bool ret = SerialObj::Serialize(info); return ret; diff --git a/src/Val.cc b/src/Val.cc index 30c3797253..ffe98ab7bc 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -81,7 +81,9 @@ Val* Val::Clone() const SerialInfo sinfo(&ss); sinfo.cache = false; - this->Serialize(&sinfo); + if ( ! this->Serialize(&sinfo) ) + return 0; + char* data; uint32 len = form->EndWrite(&data); form->StartRead(data, len); @@ -2326,7 +2328,7 @@ bool TableVal::DoSerialize(SerialInfo* info) const else reporter->InternalError("unknown continuation state"); - HashKey* k; + HashKey* k = 0; int count = 0; assert((!info->cont.ChildSuspended()) || state->v); @@ -2339,12 +2341,21 @@ bool TableVal::DoSerialize(SerialInfo* info) const if ( ! state->c ) { // No next one. - SERIALIZE(false); + if ( ! SERIALIZE(false) ) + { + delete k; + return false; + } + break; } // There's a value coming. - SERIALIZE(true); + if ( ! SERIALIZE(true) ) + { + delete k; + return false; + } if ( state->v->Value() ) state->v->Ref(); diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 7b3f0595b5..70c24eed76 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -95,6 +95,18 @@ void Raw::ClosePipeEnd(int i) pipes[i] = -1; } +bool Raw::SetFDFlags(int fd, int cmd, int flags) + { + if ( fcntl(fd, cmd, flags) != -1 ) + return true; + + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + Error(Fmt("failed to set fd flags: %s", buf)); + return false; + } + + bool Raw::LockForkMutex() { int res = pthread_mutex_lock(&fork_mutex); @@ -200,11 +212,13 @@ bool Raw::Execute() ClosePipeEnd(stdout_out); if ( Info().mode == MODE_STREAM ) - fcntl(pipes[stdout_in], F_SETFL, O_NONBLOCK); + if ( ! SetFDFlags(pipes[stdout_in], F_SETFL, O_NONBLOCK) ) + return false; ClosePipeEnd(stdin_in); if ( stdin_towrite ) + { // Ya, just always set this to nonblocking. we do not // want to block on a program receiving data. Note // that there is a small gotcha with it. More data is @@ -213,14 +227,19 @@ bool Raw::Execute() // mode_manual where the first write cannot write // everything, the rest will be stuck in a queue that // is never emptied. - fcntl(pipes[stdin_out], F_SETFL, O_NONBLOCK); + if ( ! SetFDFlags(pipes[stdin_out], F_SETFL, O_NONBLOCK) ) + return false; + } else ClosePipeEnd(stdin_out); ClosePipeEnd(stderr_out); if ( use_stderr ) - fcntl(pipes[stderr_in], F_SETFL, O_NONBLOCK); // true for this too. + { + if ( ! SetFDFlags(pipes[stderr_in], F_SETFL, O_NONBLOCK) ) + return false; + } else ClosePipeEnd(stderr_in); diff --git a/src/input/readers/Raw.h b/src/input/readers/Raw.h index ae6f72524d..c549125174 100644 --- a/src/input/readers/Raw.h +++ b/src/input/readers/Raw.h @@ -31,6 +31,7 @@ protected: private: void ClosePipeEnd(int i); + bool SetFDFlags(int fd, int cmd, int flags); bool LockForkMutex(); bool UnlockForkMutex(); diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index b326366b72..f5c74e582c 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -242,17 +242,6 @@ public: * Note: Exactly one of the two FinishedRotation() methods must be * called by a writer's implementation of DoRotate() once rotation * has finished. - * - * @param new_name The filename of the rotated file. - * - * @param old_name The filename of the original file. - * - * @param open: The timestamp when the original file was opened. - * - * @param close: The timestamp when the origina file was closed. - * - * @param terminating: True if the original rotation request occured - * due to the main Bro process shutting down. */ bool FinishedRotation(); diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index ddb63db36f..1a9cc5c4cd 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -261,7 +261,16 @@ bool Ascii::DoRotate(const char* rotated_path, double open, double close, bool t CloseFile(close); string nname = string(rotated_path) + "." + LogExt(); - rename(fname.c_str(), nname.c_str()); + + if ( rename(fname.c_str(), nname.c_str()) != 0 ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + Error(Fmt("failed to rename %s to %s: %s", fname.c_str(), + nname.c_str(), buf)); + FinishedRotation(); + return false; + } if ( ! FinishedRotation(nname.c_str(), fname.c_str(), open, close, terminating) ) { diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index bc15c6f5b9..087a7061ea 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -423,7 +423,16 @@ bool DataSeries::DoRotate(const char* rotated_path, double open, double close, b string dsname = string(Info().path) + ".ds"; string nname = string(rotated_path) + ".ds"; - rename(dsname.c_str(), nname.c_str()); + + if ( rename(dsname.c_str(), nname.c_str()) != 0 ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + Error(Fmt("failed to rename %s to %s: %s", dsname.c_str(), + nname.c_str(), buf)); + FinishedRotation(); + return false; + } if ( ! FinishedRotation(nname.c_str(), dsname.c_str(), open, close, terminating) ) { diff --git a/src/main.cc b/src/main.cc index 313e1a40b0..0f60a4c70f 100644 --- a/src/main.cc +++ b/src/main.cc @@ -782,7 +782,10 @@ int main(int argc, char** argv) bro_init_magic(&magic_desc_cookie, MAGIC_NONE); bro_init_magic(&magic_mime_cookie, MAGIC_MIME); - sqlite3_initialize(); + int r = sqlite3_initialize(); + + if ( r != SQLITE_OK ) + reporter->Error("Failed to initialize sqlite3: %s", sqlite3_errstr(r)); // FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't // seed the PRNG. We should do this here (but at least Linux, FreeBSD diff --git a/src/util.cc b/src/util.cc index aeb8fdeef8..a2a21c7bc6 100644 --- a/src/util.cc +++ b/src/util.cc @@ -935,7 +935,7 @@ static const char* check_for_dir(const char* filename, bool load_pkgs) return copy_string(filename); } -FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs) +static FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs) { filename = check_for_dir(filename, load_pkgs); @@ -944,6 +944,13 @@ FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs FILE* f = fopen(filename, "r"); + if ( ! f ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + reporter->Error("Failed to open file %s: %s", filename, buf); + } + delete [] filename; return f; From 3c37e818ce1cd78a8de128b6632077f6f95986b8 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 25 Sep 2013 11:16:46 -0500 Subject: [PATCH 059/287] A couple null ptr checks. --- src/BroDoc.cc | 26 ++++++++++++++++++++++---- src/Debug.cc | 2 +- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/BroDoc.cc b/src/BroDoc.cc index 6953680df0..dd0e8ff37c 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -504,17 +504,35 @@ static void WritePluginComponents(FILE* f, const plugin::Plugin* p) { switch ( (*it)->Type() ) { case plugin::component::ANALYZER: - WriteAnalyzerComponent(f, - dynamic_cast(*it)); + { + const analyzer::Component* c = + dynamic_cast(*it); + + if ( c ) + WriteAnalyzerComponent(f, c); + else + reporter->InternalError("component type mismatch"); + } break; + case plugin::component::FILE_ANALYZER: - WriteAnalyzerComponent(f, - dynamic_cast(*it)); + { + const file_analysis::Component* c = + dynamic_cast(*it); + + if ( c ) + WriteAnalyzerComponent(f, c); + else + reporter->InternalError("component type mismatch"); + } break; + case plugin::component::READER: reporter->InternalError("docs for READER component unimplemented"); + case plugin::component::WRITER: reporter->InternalError("docs for WRITER component unimplemented"); + default: reporter->InternalError("docs for unknown component unimplemented"); } diff --git a/src/Debug.cc b/src/Debug.cc index b5aaf91f9f..d3cf042ccc 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -721,7 +721,7 @@ static char* get_prompt(bool reset_counter = false) string get_context_description(const Stmt* stmt, const Frame* frame) { ODesc d; - const BroFunc* func = frame->GetFunction(); + const BroFunc* func = frame ? frame->GetFunction() : 0; if ( func ) func->DescribeDebug(&d, frame->GetFuncArgs()); From 2203600e0523c70815d69512a5c00a2e5a0d5b2a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 25 Sep 2013 12:04:07 -0500 Subject: [PATCH 060/287] Fix logic for failed DNS TXT lookups. A failed request should not evict a previous result from the local cache/mapping. --- src/DNS_Mgr.cc | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 5880a02c57..08e8889a10 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -711,17 +711,19 @@ void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) if ( dr->ReqIsTxt() ) { TextMap::iterator it = text_mappings.find(dr->ReqHost()); + if ( it == text_mappings.end() ) text_mappings[dr->ReqHost()] = new_dm; else { - if ( new_dm->Failed() && prev_dm && prev_dm->Valid() ) - ++keep_prev; - else - { - prev_dm = it->second; - it->second = new_dm; - } + prev_dm = it->second; + it->second = new_dm; + } + + if ( new_dm->Failed() && prev_dm && prev_dm->Valid() ) + { + text_mappings[dr->ReqHost()] = prev_dm; + ++keep_prev; } } else From 4072afb363b24cfa5e783f293d0c3864b905d296 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 25 Sep 2013 12:49:46 -0500 Subject: [PATCH 061/287] Remove dead/unfinished code in unary not expr. The code that looks like it was intended to make it apply to a vector operand couldn't be reached and making it reachable would still require changes to other methods for it to work so just removing for now. --- src/Expr.cc | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index e49150f3ac..2bd06054d6 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -1129,15 +1129,10 @@ NotExpr::NotExpr(Expr* arg_op) : UnaryExpr(EXPR_NOT, arg_op) return; BroType* t = op->Type(); - if ( IsVector(t->Tag()) ) - t = t->AsVectorType()->YieldType(); - TypeTag bt = t->Tag(); if ( ! IsIntegral(bt) && bt != TYPE_BOOL ) ExprError("requires an integral or boolean operand"); - else if ( IsVector(bt) ) - SetType(new VectorType(base_type(TYPE_BOOL))); else SetType(base_type(TYPE_BOOL)); } @@ -1151,7 +1146,7 @@ Expr* NotExpr::DoSimplify() // !!x == x return ((NotExpr*) op)->Op()->Ref(); - if ( op->IsConst() && ! is_vector(op->ExprVal()) ) + if ( op->IsConst() ) return new ConstExpr(Fold(op->ExprVal())); return this; From 64f3bef96da548bc5e13112dbd090b064d940d03 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 25 Sep 2013 13:37:46 -0500 Subject: [PATCH 062/287] Remove logically dead code. --- src/RemoteSerializer.cc | 2 +- src/Val.cc | 2 +- src/analyzer/protocol/ayiya/ayiya-analyzer.pac | 2 +- src/input/Manager.cc | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index bc006b4b1f..e36686b487 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -1247,7 +1247,7 @@ bool RemoteSerializer::SendCapabilities(Peer* peer) caps |= Peer::PID_64BIT; caps |= Peer::NEW_CACHE_STRATEGY; - return caps ? SendToChild(MSG_CAPS, peer, 3, caps, 0, 0) : true; + return SendToChild(MSG_CAPS, peer, 3, caps, 0, 0); } bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl, diff --git a/src/Val.cc b/src/Val.cc index ffe98ab7bc..bd065f0d8f 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2162,7 +2162,7 @@ void TableVal::DoExpire(double t) else if ( v->ExpireAccessTime() + expire_time < t ) { - Val* val = v ? v->Value() : 0; + Val* val = v->Value(); if ( expire_expr ) { diff --git a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac index 7a151453c1..56fcc794bc 100644 --- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac +++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac @@ -79,7 +79,7 @@ flow AYIYA_Flow sessions->DoNextInnerPacket(network_time(), 0, inner, e, ec); - return (result == 0) ? true : false; + return true; %} }; diff --git a/src/input/Manager.cc b/src/input/Manager.cc index d739a96809..f76ab67f0d 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -1153,7 +1153,6 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) { // just quit and delete everything we created. delete idxhash; - delete h; return stream->num_val_fields + stream->num_idx_fields; } From 706363a295ca484db0b9d5840736b98e66903494 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 25 Sep 2013 16:44:39 -0400 Subject: [PATCH 063/287] Fixes for the 2.2 beta. --- scripts/base/frameworks/software/main.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro index fefc465e1a..83002481c1 100644 --- a/scripts/base/frameworks/software/main.bro +++ b/scripts/base/frameworks/software/main.bro @@ -436,7 +436,7 @@ function found(id: conn_id, info: Info): bool { Reporter::error("No unparsed version string present in Info record with version in Software::found"); return F; - } + } local sw = parse(info$unparsed_version); info$unparsed_version = sw$unparsed_version; info$name = sw$name; From 9264e2e7d3f1eda8a408db3da777afbd8b1f5f51 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Wed, 25 Sep 2013 22:21:56 -0700 Subject: [PATCH 064/287] add new tls cipher suites --- scripts/base/protocols/ssl/consts.bro | 228 ++++++++++++++++++++++++++ 1 file changed, 228 insertions(+) diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 42989a4cb9..94416c5ad1 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -303,6 +303,122 @@ export { const TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039; const TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A; const TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B; + # RFC 6209 + const TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C; + const TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D; + const TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E; + const TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F; + const TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040; + const TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041; + const TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042; + const TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043; + const TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044; + const TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045; + const TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046; + const TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047; + const TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048; + const TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049; + const TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A; + const TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B; + const TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C; + const TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D; + const TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E; + const TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F; + const TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050; + const TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051; + const TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052; + const TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053; + const TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054; + const TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055; + const TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056; + const TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057; + const TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058; + const TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059; + const TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A; + const TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B; + const TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C; + const TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D; + const TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E; + const TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F; + const TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060; + const TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061; + const TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062; + const TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063; + const TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064; + const TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065; + const TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066; + const TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067; + const TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068; + const TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069; + const TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A; + const TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B; + const TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C; + const TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D; + const TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E; + const TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F; + const TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070; + const TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071; + # RFC 6367 + const TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072; + const TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073; + const TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074; + const TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075; + const TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076; + const TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077; + const TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078; + const TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079; + const TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A; + const TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B; + const TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C; + const TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D; + const TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E; + const TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F; + const TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080; + const TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081; + const TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082; + const TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083; + const TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084; + const TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085; + const TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086; + const TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087; + const TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088; + const TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089; + const TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A; + const TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B; + const TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C; + const TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D; + const TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E; + const TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F; + const TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090; + const TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091; + const TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092; + const TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093; + const TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094; + const TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095; + const TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096; + const TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097; + const TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098; + const TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099; + const TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A; + const TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B; + # RFC 6655 + const TLS_RSA_WITH_AES_128_CCM = 0xC09C; + const TLS_RSA_WITH_AES_256_CCM = 0xC09D; + const TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E; + const TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F; + const TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0; + const TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1; + const TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2; + const TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3; + const TLS_PSK_WITH_AES_128_CCM = 0xC0A4; + const TLS_PSK_WITH_AES_256_CCM = 0xC0A5; + const TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6; + const TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7; + const TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8; + const TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9; + const TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA; + const TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB; + const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE; const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF; const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1; @@ -535,6 +651,118 @@ export { [TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA", [TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256", [TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384", + [TLS_RSA_WITH_ARIA_128_CBC_SHA256] = "TLS_RSA_WITH_ARIA_128_CBC_SHA256", + [TLS_RSA_WITH_ARIA_256_CBC_SHA384] = "TLS_RSA_WITH_ARIA_256_CBC_SHA384", + [TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", + [TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384] = "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", + [TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256] = "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", + [TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384] = "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", + [TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", + [TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384] = "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", + [TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", + [TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384] = "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", + [TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256] = "TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256", + [TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384] = "TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384", + [TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", + [TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", + [TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", + [TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", + [TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", + [TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", + [TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", + [TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", + [TLS_RSA_WITH_ARIA_128_GCM_SHA256] = "TLS_RSA_WITH_ARIA_128_GCM_SHA256", + [TLS_RSA_WITH_ARIA_256_GCM_SHA384] = "TLS_RSA_WITH_ARIA_256_GCM_SHA384", + [TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", + [TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", + [TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256] = "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", + [TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384] = "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", + [TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", + [TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", + [TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256] = "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", + [TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384] = "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", + [TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256] = "TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256", + [TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384] = "TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384", + [TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", + [TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", + [TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", + [TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", + [TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", + [TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", + [TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", + [TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", + [TLS_PSK_WITH_ARIA_128_CBC_SHA256] = "TLS_PSK_WITH_ARIA_128_CBC_SHA256", + [TLS_PSK_WITH_ARIA_256_CBC_SHA384] = "TLS_PSK_WITH_ARIA_256_CBC_SHA384", + [TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", + [TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", + [TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", + [TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", + [TLS_PSK_WITH_ARIA_128_GCM_SHA256] = "TLS_PSK_WITH_ARIA_128_GCM_SHA256", + [TLS_PSK_WITH_ARIA_256_GCM_SHA384] = "TLS_PSK_WITH_ARIA_256_GCM_SHA384", + [TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", + [TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", + [TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", + [TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", + [TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", + [TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", + [TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", + [TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", + [TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", + [TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", + [TLS_RSA_WITH_AES_128_CCM] = "TLS_RSA_WITH_AES_128_CCM", + [TLS_RSA_WITH_AES_256_CCM] = "TLS_RSA_WITH_AES_256_CCM", + [TLS_DHE_RSA_WITH_AES_128_CCM] = "TLS_DHE_RSA_WITH_AES_128_CCM", + [TLS_DHE_RSA_WITH_AES_256_CCM] = "TLS_DHE_RSA_WITH_AES_256_CCM", + [TLS_RSA_WITH_AES_128_CCM_8] = "TLS_RSA_WITH_AES_128_CCM_8", + [TLS_RSA_WITH_AES_256_CCM_8] = "TLS_RSA_WITH_AES_256_CCM_8", + [TLS_DHE_RSA_WITH_AES_128_CCM_8] = "TLS_DHE_RSA_WITH_AES_128_CCM_8", + [TLS_DHE_RSA_WITH_AES_256_CCM_8] = "TLS_DHE_RSA_WITH_AES_256_CCM_8", + [TLS_PSK_WITH_AES_128_CCM] = "TLS_PSK_WITH_AES_128_CCM", + [TLS_PSK_WITH_AES_256_CCM] = "TLS_PSK_WITH_AES_256_CCM", + [TLS_DHE_PSK_WITH_AES_128_CCM] = "TLS_DHE_PSK_WITH_AES_128_CCM", + [TLS_DHE_PSK_WITH_AES_256_CCM] = "TLS_DHE_PSK_WITH_AES_256_CCM", + [TLS_PSK_WITH_AES_128_CCM_8] = "TLS_PSK_WITH_AES_128_CCM_8", + [TLS_PSK_WITH_AES_256_CCM_8] = "TLS_PSK_WITH_AES_256_CCM_8", + [TLS_PSK_DHE_WITH_AES_128_CCM_8] = "TLS_PSK_DHE_WITH_AES_128_CCM_8", + [TLS_PSK_DHE_WITH_AES_256_CCM_8] = "TLS_PSK_DHE_WITH_AES_256_CCM_8", [SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA", [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", [SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2", From 497ada12e8597d842a4ccb73a60169198b9058d9 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Thu, 26 Sep 2013 10:03:17 -0700 Subject: [PATCH 065/287] ...and a few more ciphers. --- scripts/base/protocols/ssl/consts.bro | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 94416c5ad1..5a7522c159 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -178,6 +178,21 @@ export { const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B; const TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C; const TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D; + # draft-ietf-tls-openpgp-keys-06 + const TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD = 0x0072; + const TLS_DHE_DSS_WITH_AES_128_CBC_RMD = 0x0073; + const TLS_DHE_DSS_WITH_AES_256_CBC_RMD = 0x0074; + const TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD = 0x0077; + const TLS_DHE_RSA_WITH_AES_128_CBC_RMD = 0x0078; + const TLS_DHE_RSA_WITH_AES_256_CBC_RMD = 0x0079; + const TLS_RSA_WITH_3DES_EDE_CBC_RMD = 0x007C; + const TLS_RSA_WITH_AES_128_CBC_RMD = 0x007D; + const TLS_RSA_WITH_AES_256_CBC_RMD = 0x007E; + # draft-chudov-cryptopro-cptls-04 + const TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080; + const TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081; + const TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082; + const TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083; const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084; const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085; const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086; @@ -244,6 +259,7 @@ export { const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3; const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4; const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5; + # RFC 4492 const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001; const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002; const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003; @@ -526,6 +542,19 @@ export { [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", [TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256", [TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256", + [TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD", + [TLS_DHE_DSS_WITH_AES_128_CBC_RMD] = "TLS_DHE_DSS_WITH_AES_128_CBC_RMD", + [TLS_DHE_DSS_WITH_AES_256_CBC_RMD] = "TLS_DHE_DSS_WITH_AES_256_CBC_RMD", + [TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD", + [TLS_DHE_RSA_WITH_AES_128_CBC_RMD] = "TLS_DHE_RSA_WITH_AES_128_CBC_RMD", + [TLS_DHE_RSA_WITH_AES_256_CBC_RMD] = "TLS_DHE_RSA_WITH_AES_256_CBC_RMD", + [TLS_RSA_WITH_3DES_EDE_CBC_RMD] = "TLS_RSA_WITH_3DES_EDE_CBC_RMD", + [TLS_RSA_WITH_AES_128_CBC_RMD] = "TLS_RSA_WITH_AES_128_CBC_RMD", + [TLS_RSA_WITH_AES_256_CBC_RMD] = "TLS_RSA_WITH_AES_256_CBC_RMD", + [TLS_GOSTR341094_WITH_28147_CNT_IMIT] = "TLS_GOSTR341094_WITH_28147_CNT_IMIT", + [TLS_GOSTR341001_WITH_28147_CNT_IMIT] = "TLS_GOSTR341001_WITH_28147_CNT_IMIT", + [TLS_GOSTR341094_WITH_NULL_GOSTR3411] = "TLS_GOSTR341094_WITH_NULL_GOSTR3411", + [TLS_GOSTR341001_WITH_NULL_GOSTR3411] = "TLS_GOSTR341001_WITH_NULL_GOSTR3411", [TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", [TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", [TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", From 97503dafe509e512fc24d65050d9e1e3445e09d0 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 26 Sep 2013 15:32:14 -0500 Subject: [PATCH 066/287] Fix a "make doc" warning --- doc/scripting/index.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index 4181704d63..5c85781300 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -90,8 +90,7 @@ the script starts to define instructions to take in a given event. :lines: 33-57 The workhorse of the script is contained in the event handler for -``file_hash``. The ``file_hash`` event is defined in the -:doc:`/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro` script and allows scripts to access +``file_hash``. The :bro:see:`file_hash` event allows scripts to access the information associated with a file for which Bro's file analysis framework has generated a hash. The event handler is passed the file itself as ``f``, the type of digest algorithm used as ``kind`` and the hash generated as ``hash``. From 775ec6795e7d078fff37a882740523f455dfdaeb Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 27 Sep 2013 10:13:52 -0500 Subject: [PATCH 067/287] Fix uninitialized (or unused) fields. --- src/Anon.cc | 2 + src/Attr.h | 2 +- src/BPF_Program.cc | 3 +- src/ChunkedIO.cc | 4 +- src/ChunkedIO.h | 5 ++- src/CompHash.cc | 1 + src/Conn.cc | 1 + src/DFA.cc | 1 + src/DNS_Mgr.cc | 12 +++++- src/DbgBreakpoint.cc | 2 + src/Debug.cc | 1 + src/Dict.cc | 4 ++ src/Expr.cc | 11 +++++- src/Expr.h | 5 +-- src/File.h | 1 - src/FlowSrc.cc | 1 - src/FlowSrc.h | 3 -- src/RemoteSerializer.cc | 4 ++ src/Rule.h | 1 + src/RuleMatcher.h | 2 +- src/SerialInfo.h | 1 + src/SerializationFormat.cc | 3 +- src/Serializer.cc | 1 + src/Serializer.h | 1 + src/Sessions.h | 7 +--- src/SmithWaterman.cc | 2 +- src/SmithWaterman.h | 4 +- src/Stats.cc | 1 + src/Stats.h | 12 +----- src/Type.cc | 4 +- src/Val.cc | 1 + src/Val.h | 2 +- src/analyzer/Analyzer.cc | 3 +- src/analyzer/protocol/conn-size/ConnSize.cc | 3 +- src/analyzer/protocol/dns/DNS.cc | 3 +- src/analyzer/protocol/dns/DNS.h | 1 - src/analyzer/protocol/http/HTTP.cc | 1 + src/analyzer/protocol/icmp/ICMP.cc | 5 +-- src/analyzer/protocol/login/Login.cc | 2 +- src/analyzer/protocol/login/NVT.cc | 11 ++---- src/analyzer/protocol/login/RSH.cc | 3 ++ src/analyzer/protocol/mime/MIME.cc | 5 ++- src/analyzer/protocol/mime/MIME.h | 1 - src/analyzer/protocol/netbios/NetbiosSSN.cc | 2 +- src/analyzer/protocol/pia/PIA.cc | 3 +- src/analyzer/protocol/pop3/POP3.cc | 3 ++ src/analyzer/protocol/rpc/RPC.cc | 5 +-- src/analyzer/protocol/smb/SMB.cc | 3 ++ src/analyzer/protocol/tcp/TCP.cc | 3 +- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 3 ++ src/bif_arg.cc | 1 + .../analyzer/unified2/Unified2.h | 1 - src/input/Manager.cc | 37 ++++++++----------- src/input/ReaderBackend.cc | 2 + src/input/readers/Ascii.cc | 3 +- src/input/readers/Benchmark.cc | 2 + src/input/readers/Raw.cc | 3 ++ src/input/readers/SQLite.cc | 4 +- src/logging/WriterFrontend.cc | 3 ++ src/logging/writers/DataSeries.cc | 4 ++ src/logging/writers/SQLite.cc | 6 +-- src/threading/SerialTypes.h | 2 +- 62 files changed, 135 insertions(+), 98 deletions(-) diff --git a/src/Anon.cc b/src/Anon.cc index f58057b2fc..87791501a4 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -147,7 +147,9 @@ void AnonymizeIPAddr_A50::init() special_nodes[0].input = special_nodes[0].output = 0; special_nodes[1].input = special_nodes[1].output = 0xFFFFFFFF; + method = 0; before_anonymization = 1; + new_mapping = 0; } int AnonymizeIPAddr_A50::PreservePrefix(ipaddr32_t input, int num_bits) diff --git a/src/Attr.h b/src/Attr.h index c3e05d4762..7becbb27eb 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -96,7 +96,7 @@ public: bool operator==(const Attributes& other) const; protected: - Attributes() { type = 0; attrs = 0; } + Attributes() : type(), attrs(), in_record() { } void CheckAttr(Attr* attr); DECLARE_SERIAL(Attributes); diff --git a/src/BPF_Program.cc b/src/BPF_Program.cc index a6d3d80c05..5260429eb0 100644 --- a/src/BPF_Program.cc +++ b/src/BPF_Program.cc @@ -58,9 +58,8 @@ int pcap_compile_nopcap(int snaplen_arg, int linktype_arg, } #endif -BPF_Program::BPF_Program() +BPF_Program::BPF_Program() : m_compiled(), m_program() { - m_compiled = false; } BPF_Program::~BPF_Program() diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index 7e666ee198..22489bbb0c 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -14,9 +14,8 @@ #include "NetVar.h" #include "RemoteSerializer.h" -ChunkedIO::ChunkedIO() +ChunkedIO::ChunkedIO() : stats(), tag(), pure() { - pure = false; } void ChunkedIO::Stats(char* buffer, int length) @@ -656,6 +655,7 @@ SSL_CTX* ChunkedIOSSL::ctx; ChunkedIOSSL::ChunkedIOSSL(int arg_socket, bool arg_server) { socket = arg_socket; + last_ret = 0; eof = false; setup = false; server = arg_server; diff --git a/src/ChunkedIO.h b/src/ChunkedIO.h index 56b5656945..6ee79cd3c4 100644 --- a/src/ChunkedIO.h +++ b/src/ChunkedIO.h @@ -292,8 +292,9 @@ private: // Wrapper class around a another ChunkedIO which the (un-)compresses data. class CompressedChunkedIO : public ChunkedIO { public: - CompressedChunkedIO(ChunkedIO* arg_io) - : io(arg_io) {} // takes ownership + CompressedChunkedIO(ChunkedIO* arg_io) // takes ownership + : io(arg_io), zin(), zout(), error(), compress(), uncompress(), + uncompressed_bytes_read(), uncompressed_bytes_written() {} virtual ~CompressedChunkedIO() { delete io; } virtual bool Init(); // does *not* call arg_io->Init() diff --git a/src/CompHash.cc b/src/CompHash.cc index b2eb08c589..5a972f6016 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -11,6 +11,7 @@ CompositeHash::CompositeHash(TypeList* composite_type) { type = composite_type; Ref(type); + singleton_tag = TYPE_INTERNAL_ERROR; // If the only element is a record, don't treat it as a // singleton, since it needs to be evaluated specially. diff --git a/src/Conn.cc b/src/Conn.cc index 2e5aa0513e..e221bb20e0 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -141,6 +141,7 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id, suppress_event = 0; record_contents = record_packets = 1; + record_current_packet = record_current_content = 0; timers_canceled = 0; inactivity_timeout = 0; diff --git a/src/DFA.cc b/src/DFA.cc index 3bdc444f9e..ad9521709e 100644 --- a/src/DFA.cc +++ b/src/DFA.cc @@ -20,6 +20,7 @@ DFA_State::DFA_State(int arg_state_num, const EquivClass* ec, nfa_states = arg_nfa_states; accept = arg_accept; mark = 0; + centry = 0; SymPartition(ec); diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 08e8889a10..c1036accdd 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -47,8 +47,14 @@ extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); class DNS_Mgr_Request { public: DNS_Mgr_Request(const char* h, int af, bool is_txt) - { host = copy_string(h); fam = af; qtype = is_txt ? 16 : 0; } - DNS_Mgr_Request(const IPAddr& a) { addr = a; host = 0; fam = 0; } + : host(copy_string(h)), fam(af), qtype(is_txt ? 16 : 0), addr(), + request_pending() + { } + + DNS_Mgr_Request(const IPAddr& a) + : host(), fam(), qtype(), addr(a), request_pending() + { } + ~DNS_Mgr_Request() { delete [] host; } // Returns nil if this was an address request. @@ -192,6 +198,8 @@ DNS_Mapping::DNS_Mapping(FILE* f) init_failed = 1; req_host = 0; + req_ttl = 0; + creation_time = 0; char buf[512]; diff --git a/src/DbgBreakpoint.cc b/src/DbgBreakpoint.cc index f1ad551a00..9000d89077 100644 --- a/src/DbgBreakpoint.cc +++ b/src/DbgBreakpoint.cc @@ -49,6 +49,8 @@ DbgBreakpoint::DbgBreakpoint() repeat_count = hit_count = 0; description[0] = 0; + source_filename = 0; + source_line = 0; } DbgBreakpoint::~DbgBreakpoint() diff --git a/src/Debug.cc b/src/Debug.cc index d3cf042ccc..f4ac8c2fdf 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -40,6 +40,7 @@ DebuggerState::DebuggerState() next_bp_id = next_watch_id = next_display_id = 1; BreakBeforeNextStmt(false); curr_frame_idx = 0; + already_did_list = false; BreakFromSignal(false); // ### Don't choose this arbitrary size! Extend Frame. diff --git a/src/Dict.cc b/src/Dict.cc index c71cf4c417..cd7792b539 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -64,6 +64,10 @@ Dictionary::Dictionary(dict_order ordering, int initial_size) SetDensityThresh(DEFAULT_DENSITY_THRESH); delete_func = 0; + tbl_next_ind = 0; + + num_buckets2 = num_entries2 = max_num_entries2 = thresh_entries2 = 0; + den_thresh2 = 0; } Dictionary::~Dictionary() diff --git a/src/Expr.cc b/src/Expr.cc index 2bd06054d6..a8aab865ca 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2472,6 +2472,7 @@ AssignExpr::AssignExpr(Expr* arg_op1, Expr* arg_op2, int arg_is_init, : BinaryExpr(EXPR_ASSIGN, arg_is_init ? arg_op1 : arg_op1->MakeLvalue(), arg_op2) { + val = 0; is_init = arg_is_init; if ( IsError() ) @@ -3345,14 +3346,14 @@ bool HasFieldExpr::DoSerialize(SerialInfo* info) const { DO_SERIALIZE(SER_HAS_FIELD_EXPR, UnaryExpr); - // Serialize the former "bool is_attr" first for backwards compatibility. + // Serialize former "bool is_attr" member first for backwards compatibility. return SERIALIZE(false) && SERIALIZE(field_name) && SERIALIZE(field); } bool HasFieldExpr::DoUnserialize(UnserialInfo* info) { DO_UNSERIALIZE(UnaryExpr); - // Unserialize the former "bool is_attr" first for backwards compatibility. + // Unserialize former "bool is_attr" member for backwards compatibility. bool not_used; return UNSERIALIZE(¬_used) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field); } @@ -3361,6 +3362,8 @@ RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list, BroType* arg_type) : UnaryExpr(EXPR_RECORD_CONSTRUCTOR, constructor_list) { + ctor_type = 0; + if ( IsError() ) return; @@ -3501,6 +3504,8 @@ TableConstructorExpr::TableConstructorExpr(ListExpr* constructor_list, attr_list* arg_attrs, BroType* arg_type) : UnaryExpr(EXPR_TABLE_CONSTRUCTOR, constructor_list) { + attrs = 0; + if ( IsError() ) return; @@ -3625,6 +3630,8 @@ SetConstructorExpr::SetConstructorExpr(ListExpr* constructor_list, attr_list* arg_attrs, BroType* arg_type) : UnaryExpr(EXPR_SET_CONSTRUCTOR, constructor_list) { + attrs = 0; + if ( IsError() ) return; diff --git a/src/Expr.h b/src/Expr.h index ba173feae0..26f20fcbe9 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -331,12 +331,10 @@ protected: BinaryExpr() { op1 = op2 = 0; } BinaryExpr(BroExprTag arg_tag, Expr* arg_op1, Expr* arg_op2) - : Expr(arg_tag) + : Expr(arg_tag), op1(arg_op1), op2(arg_op2) { if ( ! (arg_op1 && arg_op2) ) return; - op1 = arg_op1; - op2 = arg_op2; if ( op1->IsError() || op2->IsError() ) SetError(); } @@ -749,7 +747,6 @@ protected: DECLARE_SERIAL(HasFieldExpr); - bool is_attr; const char* field_name; int field; }; diff --git a/src/File.h b/src/File.h index a37b7fe0a6..dc56c5a3fe 100644 --- a/src/File.h +++ b/src/File.h @@ -147,7 +147,6 @@ protected: Timer* rotate_timer; double open_time; - bool dont_rotate; // See InstallRotateTimer() bool print_hook; bool raw_output; diff --git a/src/FlowSrc.cc b/src/FlowSrc.cc index f5fb0bd1e6..7a79e9063b 100644 --- a/src/FlowSrc.cc +++ b/src/FlowSrc.cc @@ -64,7 +64,6 @@ void FlowSrc::Close() FlowSocketSrc::~FlowSocketSrc() { - delete [] listenparms; } int FlowSocketSrc::ExtractNextPDU() diff --git a/src/FlowSrc.h b/src/FlowSrc.h index 7b0b14ad15..03dda2761d 100644 --- a/src/FlowSrc.h +++ b/src/FlowSrc.h @@ -67,9 +67,6 @@ public: virtual ~FlowSocketSrc(); int ExtractNextPDU(); - -protected: - char* listenparms; }; class FlowFileSrc : public FlowSrc { diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index e36686b487..43a963ab21 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -541,6 +541,10 @@ RemoteSerializer::RemoteSerializer() in_sync = 0; last_flush = 0; received_logs = 0; + current_id = 0; + current_msgtype = 0; + current_args = 0; + source_peer = 0; } RemoteSerializer::~RemoteSerializer() diff --git a/src/Rule.h b/src/Rule.h index 959008fbf9..e5ae703d39 100644 --- a/src/Rule.h +++ b/src/Rule.h @@ -28,6 +28,7 @@ public: idx = rule_counter++; location = arg_location; active = true; + next = 0; } ~Rule(); diff --git a/src/RuleMatcher.h b/src/RuleMatcher.h index 351c3c30bf..0d7a2fbf7c 100644 --- a/src/RuleMatcher.h +++ b/src/RuleMatcher.h @@ -103,7 +103,7 @@ private: friend class RuleMatcher; struct PatternSet { - PatternSet() {} + PatternSet() : re() {} // If we're above the 'RE_level' (see RuleMatcher), this // expr contains all patterns on this node. If we're on diff --git a/src/SerialInfo.h b/src/SerialInfo.h index aa4c382349..de2d9eeb61 100644 --- a/src/SerialInfo.h +++ b/src/SerialInfo.h @@ -20,6 +20,7 @@ public: SerialInfo(const SerialInfo& info) { + chunk = info.chunk; s = info.s; may_suspend = info.may_suspend; cache = info.cache; diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index 10dd4f29ea..eb8462521e 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -6,8 +6,9 @@ #include "Reporter.h" SerializationFormat::SerializationFormat() + : output(), output_size(), output_pos(), input(), input_len(), input_pos(), + bytes_written(), bytes_read() { - output = 0; } SerializationFormat::~SerializationFormat() diff --git a/src/Serializer.cc b/src/Serializer.cc index bd1be77a2d..66ff98ec5d 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -1037,6 +1037,7 @@ void ConversionSerializer::GotPacket(Packet* p) } EventPlayer::EventPlayer(const char* file) + : stream_time(), replay_time(), ne_time(), ne_handler(), ne_args() { if ( ! OpenFile(file, true) || fd < 0 ) Error(fmt("event replayer: cannot open %s", file)); diff --git a/src/Serializer.h b/src/Serializer.h index 72e0723880..30095ff4fc 100644 --- a/src/Serializer.h +++ b/src/Serializer.h @@ -403,6 +403,7 @@ public: hdr_size = 0; free = arg_free; tag = arg_tag; + link_type = 0; } ~Packet() diff --git a/src/Sessions.h b/src/Sessions.h index 27b052ba2d..1788541f45 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -55,15 +55,12 @@ struct SessionStats { class TimerMgrExpireTimer : public Timer { public: TimerMgrExpireTimer(double t, TimerMgr* arg_mgr) - : Timer(t, TIMER_TIMERMGR_EXPIRE) - { - mgr = arg_mgr; - } + : Timer(t, TIMER_TIMERMGR_EXPIRE), mgr(arg_mgr) + { } virtual void Dispatch(double t, int is_expire); protected: - double interval; TimerMgr* mgr; }; diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index e051032756..5f2786caa0 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -11,7 +11,7 @@ #include "Reporter.h" BroSubstring::BroSubstring(const BroSubstring& bst) -: BroString((const BroString&) bst), _new(bst._new) +: BroString((const BroString&) bst), _num(), _new(bst._new) { for ( BSSAlignVecCIt it = bst._aligns.begin(); it != bst._aligns.end(); ++it ) _aligns.push_back(*it); diff --git a/src/SmithWaterman.h b/src/SmithWaterman.h index 6ea191f5d9..190ecda597 100644 --- a/src/SmithWaterman.h +++ b/src/SmithWaterman.h @@ -42,10 +42,10 @@ public: typedef BSSAlignVec::const_iterator BSSAlignVecCIt; BroSubstring(const string& string) - : BroString(string), _new(false) { } + : BroString(string), _num(), _new(false) { } BroSubstring(const BroString& string) - : BroString(string), _new(false) { } + : BroString(string), _num(), _new(false) { } BroSubstring(const BroSubstring& bst); diff --git a/src/Stats.cc b/src/Stats.cc index 9b839ec672..c4b0ed45b1 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -399,6 +399,7 @@ PacketProfiler::PacketProfiler(unsigned int mode, double freq, last_Utime = last_Stime = last_Rtime = 0.0; last_timestamp = time = 0.0; pkt_cnt = byte_cnt = 0; + last_mem = 0; file->Write("time dt npkts nbytes dRtime dUtime dStime dmem\n"); } diff --git a/src/Stats.h b/src/Stats.h index 8137ad16cf..1bcc2e18dc 100644 --- a/src/Stats.h +++ b/src/Stats.h @@ -29,26 +29,18 @@ public: // The constructor takes some way of identifying the segment. SegmentProfiler(SegmentStatsReporter* arg_reporter, const char* arg_name) + : reporter(arg_reporter), name(arg_name), loc(), initial_rusage() { - reporter = arg_reporter; if ( reporter ) - { - name = arg_name; - loc = 0; Init(); - } } SegmentProfiler(SegmentStatsReporter* arg_reporter, const Location* arg_loc) + : reporter(arg_reporter), name(), loc(arg_loc), initial_rusage() { - reporter = arg_reporter; if ( reporter ) - { - name = 0; - loc = arg_loc; Init(); - } } ~SegmentProfiler() diff --git a/src/Type.cc b/src/Type.cc index 706a15aea2..a6d8b90c6c 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1564,10 +1564,8 @@ bool EnumType::DoUnserialize(UnserialInfo* info) } VectorType::VectorType(BroType* element_type) -: BroType(TYPE_VECTOR) + : BroType(TYPE_VECTOR), yield_type(element_type) { - if ( element_type ) - yield_type = element_type; } VectorType::~VectorType() diff --git a/src/Val.cc b/src/Val.cc index bd065f0d8f..d791ff195d 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2572,6 +2572,7 @@ unsigned int TableVal::MemoryAllocation() const RecordVal::RecordVal(RecordType* t) : MutableVal(t) { + origin = 0; record_type = t; int n = record_type->NumFields(); val_list* vl = val.val_list_val = new val_list(n); diff --git a/src/Val.h b/src/Val.h index a7088313d6..33bd89c0d5 100644 --- a/src/Val.h +++ b/src/Val.h @@ -466,7 +466,7 @@ public: protected: MutableVal(BroType* t) : Val(t) { props = 0; id = 0; last_modified = SerialObj::ALWAYS; } - MutableVal() { id = 0; last_modified = SerialObj::ALWAYS; } + MutableVal() { props = 0; id = 0; last_modified = SerialObj::ALWAYS; } ~MutableVal(); friend class ID; diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 7a71c2e0d4..03734f1a22 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -20,7 +20,7 @@ public: void Dispatch(double t, int is_expire); protected: - AnalyzerTimer() {} + AnalyzerTimer() : analyzer(), timer(), do_expire() {} void Init(Analyzer* analyzer, analyzer_timer_func timer, int do_expire); @@ -124,6 +124,7 @@ void Analyzer::CtorInit(const Tag& arg_tag, Connection* arg_conn) tag = arg_tag; id = ++id_counter; protocol_confirmed = false; + timers_canceled = false; skip = false; finished = false; removing = false; diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index ad08c78c4f..227a4b1be2 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -11,7 +11,8 @@ using namespace analyzer::conn_size; ConnSize_Analyzer::ConnSize_Analyzer(Connection* c) -: Analyzer("CONNSIZE", c) + : Analyzer("CONNSIZE", c), + orig_bytes(), resp_bytes(), orig_pkts(), resp_pkts() { } diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 4901df4417..806cb9ae75 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -894,6 +894,7 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query) answer_type = DNS_QUESTION; skip_event = 0; + tsig = 0; } DNS_MsgInfo::~DNS_MsgInfo() @@ -1002,7 +1003,7 @@ Contents_DNS::Contents_DNS(Connection* conn, bool orig, interp = arg_interp; msg_buf = 0; - buf_n = msg_size = 0; + buf_n = buf_len = msg_size = 0; state = DNS_LEN_HI; } diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index 373250e8f4..af4b8de22f 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -144,7 +144,6 @@ public: // More values for spesific DNS types. // struct EDNS_ADDITIONAL* edns; - int tsig_init; struct TSIG_DATA* tsig; }; diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 71c0052b4b..4bb2385c27 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -534,6 +534,7 @@ HTTP_Message::HTTP_Message(HTTP_Analyzer* arg_analyzer, top_level = new HTTP_Entity(this, 0, expect_body); BeginEntity(top_level); + buffer_offset = buffer_size = 0; data_buffer = 0; total_buffer_size = 0; diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index a851ebe8ee..048c6e51ce 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -17,11 +17,10 @@ using namespace analyzer::icmp; ICMP_Analyzer::ICMP_Analyzer(Connection* c) -: TransportLayerAnalyzer("ICMP", c) + : TransportLayerAnalyzer("ICMP", c), + icmp_conn_val(), type(), code(), request_len(-1), reply_len(-1) { - icmp_conn_val = 0; c->SetInactivityTimeout(icmp_inactivity_timeout); - request_len = reply_len = -1; } void ICMP_Analyzer::Done() diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 335b855f1d..de2445d81f 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -25,7 +25,7 @@ static RE_Matcher* re_login_timeouts; static RE_Matcher* init_RE(ListVal* l); Login_Analyzer::Login_Analyzer(const char* name, Connection* conn) -: tcp::TCP_ApplicationAnalyzer(name, conn) + : tcp::TCP_ApplicationAnalyzer(name, conn), user_text() { state = LOGIN_STATE_AUTHENTICATE; num_user_lines_seen = lines_scanned = 0; diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 62e4d0c050..752ce54df2 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -364,14 +364,11 @@ void TelnetBinaryOption::InconsistentOption(unsigned int /* type */) NVT_Analyzer::NVT_Analyzer(Connection* conn, bool orig) -: tcp::ContentLine_Analyzer("NVT", conn, orig) + : tcp::ContentLine_Analyzer("NVT", conn, orig), + peer(), pending_IAC(), IAC_pos(), is_suboption(), last_was_IAC(), + binary_mode(), encrypting_mode(), authentication_has_been_accepted(), + auth_name(), options(), num_options() { - peer = 0; - is_suboption = last_was_IAC = pending_IAC = 0; - IAC_pos = 0; - num_options = 0; - authentication_has_been_accepted = encrypting_mode = binary_mode = 0; - auth_name = 0; } NVT_Analyzer::~NVT_Analyzer() diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index e70fae1b8c..8aebb89116 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -22,7 +22,10 @@ Contents_Rsh_Analyzer::Contents_Rsh_Analyzer(Connection* conn, bool orig, if ( orig ) state = save_state = RSH_FIRST_NULL; else + { state = RSH_LINE_MODE; + save_state = RSH_UNKNOWN; + } } Contents_Rsh_Analyzer::~Contents_Rsh_Analyzer() diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 5748bece86..c66a0b9be7 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1257,7 +1257,7 @@ TableVal* MIME_Message::BuildHeaderTable(MIME_HeaderList& hlist) } MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, int buf_size) -: MIME_Message(mail_analyzer) + : MIME_Message(mail_analyzer), md5_hash() { analyzer = mail_analyzer; @@ -1280,12 +1280,13 @@ MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, int buf_size) if ( mime_content_hash ) { compute_content_hash = 1; - content_hash_length = 0; md5_init(&md5_hash); } else compute_content_hash = 0; + content_hash_length = 0; + top_level = new MIME_Entity(this, 0); // to be changed to MIME_Mail BeginEntity(top_level); } diff --git a/src/analyzer/protocol/mime/MIME.h b/src/analyzer/protocol/mime/MIME.h index 4d7a89f37a..8d83609cc1 100644 --- a/src/analyzer/protocol/mime/MIME.h +++ b/src/analyzer/protocol/mime/MIME.h @@ -247,7 +247,6 @@ protected: int max_chunk_length; int buffer_start; int data_start; - int buffer_offset; int compute_content_hash; int content_hash_length; MD5_CTX md5_hash; diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index bed906135e..4d6ed8e1f1 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -346,7 +346,7 @@ Contents_NetbiosSSN::Contents_NetbiosSSN(Connection* conn, bool orig, interp = arg_interp; type = flags = msg_size = 0; msg_buf = 0; - buf_n = msg_size = 0; + buf_n = buf_len = msg_size = 0; state = NETBIOS_SSN_TYPE; } diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 81c7251820..e94053b8a5 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -7,9 +7,8 @@ using namespace analyzer::pia; PIA::PIA(analyzer::Analyzer* arg_as_analyzer) + : state(INIT), as_analyzer(arg_as_analyzer), conn(), current_packet() { - current_packet.data = 0; - as_analyzer = arg_as_analyzer; } PIA::~PIA() diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index ccbbb8df04..52f9eb8445 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -43,6 +43,9 @@ POP3_Analyzer::POP3_Analyzer(Connection* conn) multiLine = false; backOff = false; + lastRequiredCommand = 0; + authLines = 0; + mail = 0; AddSupportAnalyzer(new tcp::ContentLine_Analyzer(conn, true)); diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index ea037c227f..559e629e57 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -679,10 +679,9 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) RPC_Analyzer::RPC_Analyzer(const char* name, Connection* conn, RPC_Interpreter* arg_interp) -: tcp::TCP_ApplicationAnalyzer(name, conn) + : tcp::TCP_ApplicationAnalyzer(name, conn), + interp(arg_interp), orig_rpc(), resp_rpc() { - interp = arg_interp; - if ( Conn()->ConnTransport() == TRANSPORT_UDP ) ADD_ANALYZER_TIMER(&RPC_Analyzer::ExpireTimer, network_time + rpc_timeout, 1, TIMER_RPC_EXPIRE); diff --git a/src/analyzer/protocol/smb/SMB.cc b/src/analyzer/protocol/smb/SMB.cc index 798e2bfd1f..4393626217 100644 --- a/src/analyzer/protocol/smb/SMB.cc +++ b/src/analyzer/protocol/smb/SMB.cc @@ -100,6 +100,9 @@ static int lookup_IPC_name(BroString* name) SMB_Session::SMB_Session(analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; + req_cmd = 0; + smb_mailslot_prot = false; + smb_pipe_prot = false; dce_rpc_session = 0; init_SMB_command_name(); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index c9cd8ed8d1..4631833dca 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -2043,7 +2043,8 @@ RecordVal* TCPStats_Endpoint::BuildStats() } TCPStats_Analyzer::TCPStats_Analyzer(Connection* c) -: TCP_ApplicationAnalyzer("TCPSTATS", c) + : TCP_ApplicationAnalyzer("TCPSTATS", c), + orig_stats(), resp_stats() { } diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 3beafdeb8a..144d4598dd 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -25,12 +25,15 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig) window_scale = 0; window_seq = window_ack_seq = 0; contents_start_seq = 0; + FIN_seq = 0; SYN_cnt = FIN_cnt = RST_cnt = 0; did_close = 0; contents_file = 0; tcp_analyzer = arg_analyzer; is_orig = arg_is_orig; + hist_last_SYN = hist_last_FIN = hist_last_RST = 0; + src_addr = is_orig ? tcp_analyzer->Conn()->RespAddr() : tcp_analyzer->Conn()->OrigAddr(); dst_addr = is_orig ? tcp_analyzer->Conn()->OrigAddr() : diff --git a/src/bif_arg.cc b/src/bif_arg.cc index 64b0cb131a..92e228032b 100644 --- a/src/bif_arg.cc +++ b/src/bif_arg.cc @@ -28,6 +28,7 @@ BuiltinFuncArg::BuiltinFuncArg(const char* arg_name, int arg_type) name = arg_name; type = arg_type; type_str = ""; + attr_str = ""; } BuiltinFuncArg::BuiltinFuncArg(const char* arg_name, const char* arg_type_str, diff --git a/src/file_analysis/analyzer/unified2/Unified2.h b/src/file_analysis/analyzer/unified2/Unified2.h index bd172d2b6b..c2ee9e00da 100644 --- a/src/file_analysis/analyzer/unified2/Unified2.h +++ b/src/file_analysis/analyzer/unified2/Unified2.h @@ -30,7 +30,6 @@ private: binpac::Unified2::Unified2_Analyzer* interp; string filename; - int fd; }; } // namespace file_analysis diff --git a/src/input/Manager.cc b/src/input/Manager.cc index f76ab67f0d..e2562338c8 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -84,16 +84,16 @@ public: RecordVal* description; - Stream(); virtual ~Stream(); + +protected: + Stream(StreamType t); }; -Manager::Stream::Stream() +Manager::Stream::Stream(StreamType t) + : name(), removed(), stream_type(t), type(), reader(), config(), + description() { - type = 0; - reader = 0; - description = 0; - removed = false; } Manager::Stream::~Stream() @@ -154,24 +154,17 @@ public: ~AnalysisStream(); }; -Manager::TableStream::TableStream() : Manager::Stream::Stream() +Manager::TableStream::TableStream() + : Manager::Stream::Stream(TABLE_STREAM), + num_idx_fields(), num_val_fields(), want_record(), tab(), rtype(), + itype(), currDict(), lastDict(), pred(), event() { - stream_type = TABLE_STREAM; - - tab = 0; - itype = 0; - rtype = 0; - - currDict = 0; - lastDict = 0; - - pred = 0; } -Manager::EventStream::EventStream() : Manager::Stream::Stream() +Manager::EventStream::EventStream() + : Manager::Stream::Stream(EVENT_STREAM), + event(), fields(), num_fields(), want_record() { - fields = 0; - stream_type = EVENT_STREAM; } Manager::EventStream::~EventStream() @@ -204,9 +197,9 @@ Manager::TableStream::~TableStream() } } -Manager::AnalysisStream::AnalysisStream() : Manager::Stream::Stream() +Manager::AnalysisStream::AnalysisStream() + : Manager::Stream::Stream(ANALYSIS_STREAM), file_id() { - stream_type = ANALYSIS_STREAM; } Manager::AnalysisStream::~AnalysisStream() diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc index 0aaadc3cdc..abf369dd54 100644 --- a/src/input/ReaderBackend.cc +++ b/src/input/ReaderBackend.cc @@ -163,6 +163,8 @@ ReaderBackend::ReaderBackend(ReaderFrontend* arg_frontend) : MsgThread() disabled = true; // disabled will be set correcty in init. frontend = arg_frontend; info = new ReaderInfo(frontend->Info()); + num_fields = 0; + fields = 0; SetName(frontend->Name()); } diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 687d37c96f..8f61e17fc0 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -18,7 +18,7 @@ using threading::Value; using threading::Field; FieldMapping::FieldMapping(const string& arg_name, const TypeTag& arg_type, int arg_position) - : name(arg_name), type(arg_type) + : name(arg_name), type(arg_type), subtype(TYPE_ERROR) { position = arg_position; secondary_position = -1; @@ -49,6 +49,7 @@ FieldMapping FieldMapping::subType() Ascii::Ascii(ReaderFrontend *frontend) : ReaderBackend(frontend) { file = 0; + mtime = 0; separator.assign( (const char*) BifConst::InputAscii::separator->Bytes(), BifConst::InputAscii::separator->Len()); diff --git a/src/input/readers/Benchmark.cc b/src/input/readers/Benchmark.cc index 3e53dfb35f..ec6b382ebb 100644 --- a/src/input/readers/Benchmark.cc +++ b/src/input/readers/Benchmark.cc @@ -18,6 +18,7 @@ using threading::Field; Benchmark::Benchmark(ReaderFrontend *frontend) : ReaderBackend(frontend) { + num_lines = 0; multiplication_factor = double(BifConst::InputBenchmark::factor); autospread = double(BifConst::InputBenchmark::autospread); spread = int(BifConst::InputBenchmark::spread); @@ -25,6 +26,7 @@ Benchmark::Benchmark(ReaderFrontend *frontend) : ReaderBackend(frontend) autospread_time = 0; stopspreadat = int(BifConst::InputBenchmark::stopspreadat); timedspread = double(BifConst::InputBenchmark::timedspread); + heartbeatstarttime = 0; heartbeat_interval = double(BifConst::Threading::heartbeat_interval); ascii = new AsciiFormatter(this, AsciiFormatter::SeparatorInfo()); diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 70c24eed76..1947a907cb 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -34,6 +34,9 @@ Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(frontend) { file = 0; stderrfile = 0; + execute = false; + firstrun = true; + mtime = 0; forcekill = false; separator.assign( (const char*) BifConst::InputRaw::record_separator->Bytes(), BifConst::InputRaw::record_separator->Len()); diff --git a/src/input/readers/SQLite.cc b/src/input/readers/SQLite.cc index 84b57e2509..abb155e3bc 100644 --- a/src/input/readers/SQLite.cc +++ b/src/input/readers/SQLite.cc @@ -17,7 +17,9 @@ using namespace input::reader; using threading::Value; using threading::Field; -SQLite::SQLite(ReaderFrontend *frontend) : ReaderBackend(frontend) +SQLite::SQLite(ReaderFrontend *frontend) + : ReaderBackend(frontend), + fields(), num_fields(), mode(), started(), query(), db(), st() { set_separator.assign( (const char*) BifConst::LogSQLite::set_separator->Bytes(), diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 1e254bfc83..09490ce3d1 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -112,6 +112,9 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, EnumVa write_buffer_pos = 0; info = new WriterBackend::WriterInfo(arg_info); + num_fields = 0; + fields = 0; + const char* w = arg_writer->Type()->AsEnumType()->Lookup(arg_writer->InternalInt()); name = copy_string(fmt("%s/%s", arg_info.path, w)); diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 087a7061ea..1073e31a08 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -233,6 +233,10 @@ DataSeries::DataSeries(WriterFrontend* frontend) : WriterBackend(frontend) ds_set_separator = ","; ascii = new AsciiFormatter(this, AsciiFormatter::SeparatorInfo()); + + compress_type = Extent::compress_none; + log_file = 0; + log_output = 0; } DataSeries::~DataSeries() diff --git a/src/logging/writers/SQLite.cc b/src/logging/writers/SQLite.cc index 81c52fe198..c1614f1aed 100644 --- a/src/logging/writers/SQLite.cc +++ b/src/logging/writers/SQLite.cc @@ -16,7 +16,9 @@ using namespace writer; using threading::Value; using threading::Field; -SQLite::SQLite(WriterFrontend* frontend) : WriterBackend(frontend) +SQLite::SQLite(WriterFrontend* frontend) + : WriterBackend(frontend), + fields(), num_fields(), db(), st() { set_separator.assign( (const char*) BifConst::LogSQLite::set_separator->Bytes(), @@ -33,9 +35,7 @@ SQLite::SQLite(WriterFrontend* frontend) : WriterBackend(frontend) BifConst::LogSQLite::empty_field->Len() ); - db = 0; io = new AsciiFormatter(this, AsciiFormatter::SeparatorInfo(set_separator, unset_field, empty_field)); - st = 0; } SQLite::~SQLite() diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 8a4f46a15c..e056f6c170 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -81,7 +81,7 @@ private: friend class ::RemoteSerializer; // Force usage of constructor above. - Field() {}; + Field() {} }; /** From 29740ae070e64d6c4de982537bfeb155e5aed0fc Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sat, 28 Sep 2013 11:18:12 -0700 Subject: [PATCH 068/287] Updating submodule(s). [nomail] --- aux/bro-aux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/bro-aux b/aux/bro-aux index de33d520c6..aab939632c 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit de33d520c6f7957aafcce30d86b170306a1c0c49 +Subproject commit aab939632c856dc5de672422b937f2abb14c07fa From eeaf3e9baf25265633da5219fa3a6b0e5d792e57 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Sep 2013 10:49:48 -0500 Subject: [PATCH 069/287] Updating submodule(s). [nomail] --- aux/broccoli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broccoli b/aux/broccoli index e0f34599cb..1aef055802 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit e0f34599cb11f0df37ae1cc036d87c1794b1c0b2 +Subproject commit 1aef055802f842502d701ad152305bcd74bba632 From 945051582182af6fc4e514c9a1f9c4ad3126e3f3 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Tue, 1 Oct 2013 13:11:35 -0500 Subject: [PATCH 070/287] Fix getopt() usage. Using 'char' versus 'int' to store the return value is a problem since 'char' varies in signedness depending on platform/implementation (works some places, others not). --- src/builtin-func.l | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/builtin-func.l b/src/builtin-func.l index c70b99b6c8..b032fd1d9c 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -275,7 +275,7 @@ void finish_alternative_mode() int main(int argc, char* argv[]) { - char opt; + int opt; while ( (opt = getopt(argc, argv, "p:s")) != -1 ) { From 6c8cbef997d5a4bed987c0a56f48d76b937fbd0e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 1 Oct 2013 11:31:55 -0700 Subject: [PATCH 071/287] Updating bifcl usage message. --- CHANGES | 6 ++++++ VERSION | 2 +- src/builtin-func.l | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 718df3fff8..f7e68bab3f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.2-beta-13 | 2013-10-01 11:31:55 -0700 + + * Updating bifcl usage message. (Robin Sommer) + + * Fix bifcl getopt() usage. (Jon Siwek) + 2.2-beta-8 | 2013-09-28 11:16:29 -0700 * Fix a "make doc" warning. (Daniel Thayer) diff --git a/VERSION b/VERSION index 0432695703..b96a4b7109 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2-beta-8 +2.2-beta-13 diff --git a/src/builtin-func.l b/src/builtin-func.l index b032fd1d9c..3e5f7bce0a 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -180,7 +180,7 @@ FILE* open_output_file(const char* surfix) void usage() { - fprintf(stderr, "usage: bifcl [-p] *.bif\n"); + fprintf(stderr, "usage: bifcl [-p | -s] *.bif\n"); exit(1); } From b59b5ca59b84dd609c37c1bdd2eb6ceb07c908ce Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 1 Oct 2013 11:42:33 -0700 Subject: [PATCH 072/287] Updating submodule(s). [nomail] --- aux/broccoli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broccoli b/aux/broccoli index e0f34599cb..1aef055802 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit e0f34599cb11f0df37ae1cc036d87c1794b1c0b2 +Subproject commit 1aef055802f842502d701ad152305bcd74bba632 From ea766d71bba4e771b6d6320c3867679a73ed77e1 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Tue, 1 Oct 2013 16:01:37 -0700 Subject: [PATCH 073/287] add ciphers to cipher_desc table that were already present but apparently forgotten. --- scripts/base/protocols/ssl/consts.bro | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 5a7522c159..5e3b9ec019 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -796,6 +796,11 @@ export { [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", [SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2", [SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2", + [SSL_RSA_WITH_RC2_CBC_MD5] = "SSL_RSA_WITH_RC2_CBC_MD5", + [SSL_RSA_WITH_IDEA_CBC_MD5] = "SSL_RSA_WITH_IDEA_CBC_MD5", + [SSL_RSA_WITH_DES_CBC_MD5] = "SSL_RSA_WITH_DES_CBC_MD5", + [SSL_RSA_WITH_3DES_EDE_CBC_MD5] = "SSL_RSA_WITH_3DES_EDE_CBC_MD5", + [TLS_EMPTY_RENEGOTIATION_INFO_SCSV] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", } &default=function(i: count):string { return fmt("unknown-%d", i); }; ## Mapping between the constants and string values for SSL/TLS errors. From aa08d359cdbceac061cc03c04baf9efffc665ec5 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 2 Oct 2013 11:05:58 -0700 Subject: [PATCH 074/287] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index bec9c66064..a43f3d8fc7 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit bec9c6606414438655a3298db76e1e43464c8d44 +Subproject commit a43f3d8fc7868ba2666e37ed53d012241e86bdc5 From 6734260136804560ba08b88a7a2317031eb2f0bd Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 2 Oct 2013 11:32:03 -0700 Subject: [PATCH 075/287] Fixing merge relict. --- src/analyzer/protocol/rpc/RPC.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index c1736a8384..fd76bf551b 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -680,7 +680,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) RPC_Analyzer::RPC_Analyzer(const char* name, Connection* conn, RPC_Interpreter* arg_interp) : tcp::TCP_ApplicationAnalyzer(name, conn), - nterp(arg_interp), orig_rpc(), resp_rpc() + interp(arg_interp), orig_rpc(), resp_rpc() { if ( Conn()->ConnTransport() == TRANSPORT_UDP ) ADD_ANALYZER_TIMER(&RPC_Analyzer::ExpireTimer, From 5a857a6dfc809a23237f983d8e19c559dc382331 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 3 Oct 2013 10:42:04 -0500 Subject: [PATCH 076/287] Initial skeleton of new Broxygen infrastructure. Doesn't generate any docs, but it's hooked in to all places needed to gather the necessary stuff w/ significantly less coupling than before. The gathering now always occurs unconditionally to make documentation available at runtime and a command line switch (-X) only toggles whether to output docs to disk (reST format). Should also improve the treatment of type name aliasing which wasn't a big problem in practice before, but I think it's more correct now: there's now a distinct BroType for each alias, but extensible types (record/enum) will automatically update the types for aliases on redef. Other misc refactoring of note: - Removed a redundant/unused way of declaring event types. - Changed type serialization format/process to preserve type name information and remove compatibility code (since broccoli will have be updated anyway). --- src/BroDoc.cc | 2 + src/Brofiler.h | 2 + src/CMakeLists.txt | 2 + src/Expr.cc | 1 + src/ID.cc | 6 +- src/Serializer.h | 2 +- src/Type.cc | 260 +++++++-------------- src/Type.h | 68 ++---- src/Var.cc | 67 ++---- src/Var.h | 2 +- src/broxygen/Manager.cc | 88 ++++++++ src/broxygen/Manager.h | 43 ++++ src/main.cc | 41 ++-- src/parse.y | 411 ++++++++-------------------------- src/plugin/ComponentManager.h | 4 +- src/scan.l | 221 +++--------------- src/util.cc | 8 +- src/util.h | 3 +- 18 files changed, 393 insertions(+), 838 deletions(-) create mode 100644 src/broxygen/Manager.cc create mode 100644 src/broxygen/Manager.h diff --git a/src/BroDoc.cc b/src/BroDoc.cc index 6953680df0..5733c586bf 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -556,6 +556,7 @@ static void WritePluginBifItems(FILE* f, const plugin::Plugin* p, static void WriteAnalyzerTagDefn(FILE* f, EnumType* e, const string& module) { + /* TODO string tag_id= module + "::Tag"; e = new CommentedEnumType(e); e->SetTypeID(copy_string(tag_id.c_str())); @@ -570,6 +571,7 @@ static void WriteAnalyzerTagDefn(FILE* f, EnumType* e, const string& module) BroDocObj bdo(dummy_id, r, true); bdo.WriteReST(f); + */ } static bool ComponentsMatch(const plugin::Plugin* p, plugin::component::Type t, diff --git a/src/Brofiler.h b/src/Brofiler.h index 22e5808bf6..88ce434070 100644 --- a/src/Brofiler.h +++ b/src/Brofiler.h @@ -78,4 +78,6 @@ private: }; }; +extern Brofiler brofiler; + #endif /* BROFILER_H_ */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c881cc4df1..4145984f3b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -370,6 +370,8 @@ set(bro_SRCS plugin/Plugin.cc plugin/Macros.h + broxygen/Manager.cc + nb_dns.c digest.h ) diff --git a/src/Expr.cc b/src/Expr.cc index 0eaa7ce918..303b3cf5c7 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -5111,6 +5111,7 @@ BroType* ListExpr::InitType() const types->append(td); } + return new RecordType(types); } diff --git a/src/ID.cc b/src/ID.cc index a6e592146b..ed561016ff 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -619,6 +619,7 @@ void ID::DescribeExtended(ODesc* d) const void ID::DescribeReSTShort(ODesc* d) const { + /* TODO if ( is_type ) d->Add(":bro:type:`"); else @@ -668,6 +669,7 @@ void ID::DescribeReSTShort(ODesc* d) const d->SP(); attrs->DescribeReST(d); } + */ } void ID::DescribeReST(ODesc* d, bool is_role) const @@ -697,10 +699,10 @@ void ID::DescribeReST(ODesc* d, bool is_role) const { d->Add(":Type: "); - if ( ! is_type && type->GetTypeID() ) + if ( ! is_type && ! type->GetName().empty() ) { d->Add(":bro:type:`"); - d->Add(type->GetTypeID()); + d->Add(type->GetName()); d->Add("`"); } else diff --git a/src/Serializer.h b/src/Serializer.h index 72e0723880..c1af1a2c4f 100644 --- a/src/Serializer.h +++ b/src/Serializer.h @@ -125,7 +125,7 @@ protected: // This will be increased whenever there is an incompatible change // in the data format. - static const uint32 DATA_FORMAT_VERSION = 23; + static const uint32 DATA_FORMAT_VERSION = 24; ChunkedIO* io; diff --git a/src/Type.cc b/src/Type.cc index 2b9faa8018..a659dc473b 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -8,13 +8,12 @@ #include "Scope.h" #include "Serializer.h" #include "Reporter.h" +#include "broxygen/Manager.h" #include #include #include -extern int generate_documentation; - // Note: This function must be thread-safe. const char* type_name(TypeTag t) { @@ -47,7 +46,6 @@ BroType::BroType(TypeTag t, bool arg_base_type) tag = t; is_network_order = 0; base_type = arg_base_type; - type_id = 0; switch ( tag ) { case TYPE_VOID: @@ -110,10 +108,26 @@ BroType::BroType(TypeTag t, bool arg_base_type) } -BroType::~BroType() +BroType* BroType::Clone() const { - if ( type_id ) - delete [] type_id; + SerializationFormat* form = new BinarySerializationFormat(); + form->StartWrite(); + CloneSerializer ss(form); + SerialInfo sinfo(&ss); + sinfo.cache = false; + + this->Serialize(&sinfo); + char* data; + uint32 len = form->EndWrite(&data); + form->StartRead(data, len); + + UnserialInfo uinfo(&ss); + uinfo.cache = false; + BroType* rval = this->Unserialize(&uinfo); + + delete [] data; + + return rval; } int BroType::MatchesIndex(ListExpr*& index) const @@ -222,9 +236,21 @@ BroType* BroType::Unserialize(UnserialInfo* info, TypeTag want) if ( ! t ) return 0; - // For base types, we return our current instance - // if not in "documentation mode". - if ( t->base_type && ! generate_documentation ) + if ( ! t->name.empty() ) + { + // Avoid creating a new type if it's known by name. + // Also avoids loss of base type name alias (from condition below). + ID* id = global_scope()->Lookup(t->name.c_str()); + BroType* t2 = id ? id->AsType() : 0; + + if ( t2 ) + { + Unref(t); + return t2->Ref(); + } + } + + if ( t->base_type ) { BroType* t2 = ::base_type(TypeTag(t->tag)); Unref(t); @@ -247,21 +273,10 @@ bool BroType::DoSerialize(SerialInfo* info) const if ( ! (SERIALIZE(char(tag)) && SERIALIZE(char(internal_tag))) ) return false; - if ( ! (SERIALIZE(is_network_order) && SERIALIZE(base_type) && - // Serialize the former "bool is_global_attributes_type" for - // backwards compatibility. - SERIALIZE(false)) ) + if ( ! (SERIALIZE(is_network_order) && SERIALIZE(base_type)) ) return false; - // Likewise, serialize the former optional "RecordType* attributes_type" - // for backwards compatibility. - void* null = NULL; - SERIALIZE(null); - - if ( generate_documentation ) - { - SERIALIZE_OPTIONAL_STR(type_id); - } + SERIALIZE_STR(name.c_str(), name.size()); info->s->WriteCloseTag("Type"); @@ -279,24 +294,15 @@ bool BroType::DoUnserialize(UnserialInfo* info) tag = (TypeTag) c1; internal_tag = (InternalTypeTag) c2; - bool not_used; - - if ( ! (UNSERIALIZE(&is_network_order) && UNSERIALIZE(&base_type) - // Unerialize the former "bool is_global_attributes_type" for - // backwards compatibility. - && UNSERIALIZE(¬_used)) ) + if ( ! (UNSERIALIZE(&is_network_order) && UNSERIALIZE(&base_type)) ) return 0; - BroType* not_used_either; + const char* n; + if ( ! UNSERIALIZE_STR(&n, 0) ) + return false; - // Likewise, unserialize the former optional "RecordType* - // attributes_type" for backwards compatibility. - UNSERIALIZE_OPTIONAL(not_used_either, BroType::Unserialize(info, TYPE_RECORD)); - - if ( generate_documentation ) - { - UNSERIALIZE_OPTIONAL_STR(type_id); - } + name = n; + delete [] n; return true; } @@ -470,10 +476,10 @@ void IndexType::DescribeReST(ODesc* d) const const BroType* t = (*IndexTypes())[i]; - if ( t->GetTypeID() ) + if ( ! t->GetName().empty() ) { d->Add(":bro:type:`"); - d->Add(t->GetTypeID()); + d->Add(t->GetName()); d->Add("`"); } else @@ -486,10 +492,10 @@ void IndexType::DescribeReST(ODesc* d) const { d->Add(" of "); - if ( yield_type->GetTypeID() ) + if ( ! yield_type->GetName().empty() ) { d->Add(":bro:type:`"); - d->Add(yield_type->GetTypeID()); + d->Add(yield_type->GetName()); d->Add("`"); } else @@ -781,10 +787,10 @@ void FuncType::DescribeReST(ODesc* d) const { d->AddSP(" :"); - if ( yield->GetTypeID() ) + if ( ! yield->GetName().empty() ) { d->Add(":bro:type:`"); - d->Add(yield->GetTypeID()); + d->Add(yield->GetName()); d->Add("`"); } else @@ -873,6 +879,17 @@ TypeDecl::TypeDecl(BroType* t, const char* i, attr_list* arg_attrs, bool in_reco id = i; } +TypeDecl::TypeDecl(const TypeDecl& other) + { + type = other.type->Ref(); + attrs = other.attrs; + + if ( attrs ) + ::Ref(attrs); + + id = copy_string(other.id); + } + TypeDecl::~TypeDecl() { Unref(type); @@ -914,10 +931,10 @@ void TypeDecl::DescribeReST(ODesc* d) const d->Add(id); d->Add(": "); - if ( type->GetTypeID() ) + if ( ! type->GetName().empty() ) { d->Add(":bro:type:`"); - d->Add(type->GetTypeID()); + d->Add(type->GetName()); d->Add("`"); } else @@ -930,37 +947,6 @@ void TypeDecl::DescribeReST(ODesc* d) const } } -CommentedTypeDecl::CommentedTypeDecl(BroType* t, const char* i, - attr_list* attrs, bool in_record, std::list* cmnt_list) - : TypeDecl(t, i, attrs, in_record) - { - comments = cmnt_list; - } - -CommentedTypeDecl::~CommentedTypeDecl() - { - if ( comments ) delete comments; - } - -void CommentedTypeDecl::DescribeReST(ODesc* d) const - { - TypeDecl::DescribeReST(d); - - if ( comments ) - { - d->PushIndent(); - std::list::const_iterator i; - - for ( i = comments->begin(); i != comments->end(); ++i) - { - if ( i != comments->begin() ) d->NL(); - d->Add(i->c_str()); - } - - d->PopIndentNoNL(); - } - } - RecordType::RecordType(type_decl_list* arg_types) : BroType(TYPE_RECORD) { types = arg_types; @@ -1328,38 +1314,12 @@ bool OpaqueType::DoUnserialize(UnserialInfo* info) return true; } -EnumType::EnumType(const string& arg_name) -: BroType(TYPE_ENUM) - { - name = arg_name; - counter = 0; - } - -EnumType::EnumType(EnumType* e) -: BroType(TYPE_ENUM) - { - name = e->name; - counter = e->counter; - - for ( NameMap::iterator it = e->names.begin(); it != e->names.end(); ++it ) - names[copy_string(it->first)] = it->second; - } - EnumType::~EnumType() { for ( NameMap::iterator iter = names.begin(); iter != names.end(); ++iter ) delete [] iter->first; } -CommentedEnumType::~CommentedEnumType() - { - for ( CommentMap::iterator iter = comments.begin(); iter != comments.end(); ++iter ) - { - delete [] iter->first; - delete iter->second; - } - } - // Note, we use reporter->Error() here (not Error()) to include the current script // location in the error message, rather than the one where the type was // originally defined. @@ -1372,7 +1332,7 @@ void EnumType::AddName(const string& module_name, const char* name, bool is_expo SetError(); return; } - AddNameInternal(module_name, name, counter, is_export); + CheckAndAddName(module_name, name, counter, is_export); counter++; } @@ -1386,32 +1346,12 @@ void EnumType::AddName(const string& module_name, const char* name, bro_int_t va return; } counter = -1; - AddNameInternal(module_name, name, val, is_export); + CheckAndAddName(module_name, name, val, is_export); } -void CommentedEnumType::AddComment(const string& module_name, const char* name, - std::list* new_comments) +void EnumType::CheckAndAddName(const string& module_name, const char* name, + bro_int_t val, bool is_export) { - if ( ! new_comments ) - return; - - string fullname = make_full_var_name(module_name.c_str(), name); - - CommentMap::iterator it = comments.find(fullname.c_str()); - - if ( it == comments.end() ) - comments[copy_string(fullname.c_str())] = new_comments; - else - { - list* prev_comments = comments[fullname.c_str()]; - prev_comments->splice(prev_comments->end(), *new_comments); - delete new_comments; - } - } - -void EnumType::AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export) - { - ID *id; if ( Lookup(val) ) { reporter->Error("enumerator value in enumerated type definition already exists"); @@ -1419,12 +1359,14 @@ void EnumType::AddNameInternal(const string& module_name, const char* name, bro_ return; } - id = lookup_ID(name, module_name.c_str()); + ID* id = lookup_ID(name, module_name.c_str()); + if ( ! id ) { id = install_ID(name, module_name.c_str(), true, is_export); id->SetType(this->Ref()); id->SetEnumConst(); + broxygen_mgr->Identifier(id); } else { @@ -1433,11 +1375,19 @@ void EnumType::AddNameInternal(const string& module_name, const char* name, bro_ return; } - string fullname = make_full_var_name(module_name.c_str(), name); - names[copy_string(fullname.c_str())] = val; + AddNameInternal(module_name, name, val, is_export); + + set types = type_aliases[GetName()]; + set::const_iterator it; + + for ( it = types.begin(); it != types.end(); ++it ) + if ( *it != this ) + (*it)->AsEnumType()->AddNameInternal(module_name, name, val, + is_export); } -void CommentedEnumType::AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export) +void EnumType::AddNameInternal(const string& module_name, const char* name, + bro_int_t val, bool is_export) { string fullname = make_full_var_name(module_name.c_str(), name); names[copy_string(fullname.c_str())] = val; @@ -1466,54 +1416,8 @@ const char* EnumType::Lookup(bro_int_t value) void EnumType::DescribeReST(ODesc* d) const { - d->Add(":bro:type:`"); - d->Add(name.c_str()); - d->Add("`"); - } - -void CommentedEnumType::DescribeReST(ODesc* d) const - { - // create temporary, reverse name map so that enums can be documented - // in ascending order of their actual integral value instead of by name - typedef std::map< bro_int_t, const char* > RevNameMap; - RevNameMap rev; - for ( NameMap::const_iterator it = names.begin(); it != names.end(); ++it ) - rev[it->second] = it->first; - - d->Add(":bro:type:`"); - d->Add(type_name(Tag())); - d->Add("`"); - d->PushIndent(); - d->NL(); - - for ( RevNameMap::const_iterator it = rev.begin(); it != rev.end(); ++it ) - { - if ( it != rev.begin() ) - { - d->NL(); - d->NL(); - } - - d->Add(".. bro:enum:: "); - d->AddSP(it->second); - d->Add(GetTypeID()); - - CommentMap::const_iterator cmnt_it = comments.find(it->second); - if ( cmnt_it != comments.end() ) - { - d->PushIndent(); - d->NL(); - std::list::const_iterator i; - const std::list* cmnt_list = cmnt_it->second; - for ( i = cmnt_list->begin(); i != cmnt_list->end(); ++i) - { - if ( i != cmnt_list->begin() ) d->NL(); - d->Add(i->c_str()); - } - d->PopIndentNoNL(); - } - } - d->PopIndentNoNL(); + // TODO: this probably goes away + d->Add(":bro:type:`enum`"); } IMPLEMENT_SERIAL(EnumType, SER_ENUM_TYPE); diff --git a/src/Type.h b/src/Type.h index a6163d5152..be27426546 100644 --- a/src/Type.h +++ b/src/Type.h @@ -4,7 +4,7 @@ #define type_h #include -#include +#include #include #include "Obj.h" @@ -73,7 +73,9 @@ const int MATCHES_INDEX_VECTOR = 2; class BroType : public BroObj { public: BroType(TypeTag tag, bool base_type = false); - ~BroType(); + ~BroType() { } + + BroType* Clone() const; TypeTag Tag() const { return tag; } InternalTypeTag InternalType() const { return internal_tag; } @@ -232,11 +234,11 @@ public: bool Serialize(SerialInfo* info) const; static BroType* Unserialize(UnserialInfo* info, TypeTag want = TYPE_ANY); - void SetTypeID(const char* id) { type_id = id; } - const char* GetTypeID() const { return type_id; } + void SetName(const string& arg_name) { name = arg_name; } + string GetName() const { return name; } protected: - BroType() { type_id = 0; } + BroType() { } void SetError(); @@ -247,10 +249,7 @@ private: InternalTypeTag internal_tag; bool is_network_order; bool base_type; - - // This type_id field is only used by the documentation framework to - // track the names of declared types. - const char* type_id; + string name; }; class TypeList : public BroType { @@ -408,6 +407,7 @@ protected: class TypeDecl { public: TypeDecl(BroType* t, const char* i, attr_list* attrs = 0, bool in_record = false); + TypeDecl(const TypeDecl& other); virtual ~TypeDecl(); const Attr* FindAttr(attr_tag a) const @@ -423,17 +423,6 @@ public: const char* id; }; -class CommentedTypeDecl : public TypeDecl { -public: - CommentedTypeDecl(BroType* t, const char* i, attr_list* attrs = 0, - bool in_record = false, std::list* cmnt_list = 0); - virtual ~CommentedTypeDecl(); - - void DescribeReST(ODesc* d) const; - - std::list* comments; -}; - class RecordType : public BroType { public: RecordType(type_decl_list* types); @@ -522,8 +511,7 @@ protected: class EnumType : public BroType { public: - EnumType(const string& arg_name); - EnumType(EnumType* e); + EnumType() : BroType(TYPE_ENUM) { counter = 0; } ~EnumType(); // The value of this name is next internal counter value, starting @@ -539,17 +527,17 @@ public: bro_int_t Lookup(const string& module_name, const char* name); const char* Lookup(bro_int_t value); // Returns 0 if not found - string Name() const { return name; } - void DescribeReST(ODesc* d) const; protected: - EnumType() { counter = 0; } DECLARE_SERIAL(EnumType) - virtual void AddNameInternal(const string& module_name, + void AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export); + void CheckAndAddName(const string& module_name, + const char* name, bro_int_t val, bool is_export); + typedef std::map< const char*, bro_int_t, ltstr > NameMap; NameMap names; @@ -560,31 +548,6 @@ protected: // as a flag to prevent mixing of auto-increment and explicit // enumerator specifications. bro_int_t counter; - - // The name of the enum type is stored for documentation purposes. - string name; -}; - -class CommentedEnumType: public EnumType { -public: - CommentedEnumType(const string& arg_name) : EnumType(arg_name) {} - CommentedEnumType(EnumType* e) : EnumType(e) {} - ~CommentedEnumType(); - - void DescribeReST(ODesc* d) const; - void AddComment(const string& module_name, const char* name, - std::list* comments); - -protected: - // This overriden method does not install the given ID name into a - // scope and it also does not do any kind of checking that the - // provided name already exists. - void AddNameInternal(const string& module_name, const char* name, - bro_int_t val, bool is_export); - - // Comments are only filled when in "documentation mode". - typedef std::map< const char*, std::list*, ltstr > CommentMap; - CommentMap comments; }; class VectorType : public BroType { @@ -609,6 +572,9 @@ protected: BroType* yield_type; }; +typedef std::map > TypeAliasMap; +extern TypeAliasMap type_aliases; + extern OpaqueType* md5_type; extern OpaqueType* sha1_type; extern OpaqueType* sha256_type; diff --git a/src/Var.cc b/src/Var.cc index d384fedc74..821c9e207b 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -10,8 +10,6 @@ #include "RemoteSerializer.h" #include "EventRegistry.h" -extern int generate_documentation; - static Val* init_val(Expr* init, const BroType* t, Val* aggr) { return init->InitVal(t, aggr); @@ -261,61 +259,26 @@ extern Expr* add_and_assign_local(ID* id, Expr* init, Val* val) return new AssignExpr(new NameExpr(id), init, 0, val); } -void add_type(ID* id, BroType* t, attr_list* attr, int /* is_event */) +void add_type(ID* id, BroType* t, attr_list* attr) { - BroType* tnew = t; + string new_type_name(id->Name()); + string old_type_name(t->GetName()); + BroType* tnew = 0; - // In "documentation mode", we'd like to to be able to associate - // an identifier name with a declared type. Dealing with declared - // types that are "aliases" to a builtin type requires that the BroType - // is cloned before setting the identifier name that resolves to it. - // And still this is not enough to document cases where the declared type - // is an alias for another declared type -- but that's not a natural/common - // practice. If documenting that corner case is desired, one way - // is to add an ID* to class ID that tracks aliases and set it here if - // t->GetTypeID() is true. - if ( generate_documentation ) - { - switch ( t->Tag() ) { - // Only "shallow" copy types that may contain records because - // we want to be able to see additions to the original record type's - // list of fields - case TYPE_RECORD: - tnew = new RecordType(t->AsRecordType()->Types()); - break; - case TYPE_TABLE: - tnew = new TableType(t->AsTableType()->Indices(), - t->AsTableType()->YieldType()); - break; - case TYPE_VECTOR: - tnew = new VectorType(t->AsVectorType()->YieldType()); - break; - case TYPE_FUNC: - tnew = new FuncType(t->AsFuncType()->Args(), - t->AsFuncType()->YieldType(), - t->AsFuncType()->Flavor()); - break; - default: - SerializationFormat* form = new BinarySerializationFormat(); - form->StartWrite(); - CloneSerializer ss(form); - SerialInfo sinfo(&ss); - sinfo.cache = false; + if ( (t->Tag() == TYPE_RECORD || t->Tag() == TYPE_ENUM) && + ! old_type_name.empty() ) + // Clone the type to preserve type name aliasing. + tnew = t->Clone(); + else + // An extensible types (record/enum) being declared for first time. + tnew = t; - t->Serialize(&sinfo); - char* data; - uint32 len = form->EndWrite(&data); - form->StartRead(data, len); + type_aliases[new_type_name].insert(tnew); - UnserialInfo uinfo(&ss); - uinfo.cache = false; - tnew = t->Unserialize(&uinfo); + if ( new_type_name != old_type_name && ! old_type_name.empty() ) + type_aliases[old_type_name].insert(tnew); - delete [] data; - } - - tnew->SetTypeID(copy_string(id->Name())); - } + tnew->SetName(id->Name()); id->SetType(tnew); id->MakeType(); diff --git a/src/Var.h b/src/Var.h index 8b9866ed2d..bcdd45dad2 100644 --- a/src/Var.h +++ b/src/Var.h @@ -18,7 +18,7 @@ extern Stmt* add_local(ID* id, BroType* t, init_class c, Expr* init, attr_list* attr, decl_type dt); extern Expr* add_and_assign_local(ID* id, Expr* init, Val* val = 0); -extern void add_type(ID* id, BroType* t, attr_list* attr, int is_event); +extern void add_type(ID* id, BroType* t, attr_list* attr); extern void begin_func(ID* id, const char* module_name, function_flavor flavor, int is_redef, FuncType* t); diff --git a/src/broxygen/Manager.cc b/src/broxygen/Manager.cc new file mode 100644 index 0000000000..30c9008787 --- /dev/null +++ b/src/broxygen/Manager.cc @@ -0,0 +1,88 @@ +#include "Manager.h" + +using namespace broxygen; + +Manager::Manager(const std::string& config) + { + // TODO + } + +void Manager::GenerateDocs() const + { + // TODO + + // may be a no-op if no config + + // does the old canon_doc_func_param stuff happen here now on the fly + // for functions we're about to document? + } + +void Manager::File(const std::string& path) + { + // TODO + // determine bropath subpath + // can be a file or directory? + } + +void Manager::ScriptDependency(const std::string& path, const std::string& dep) + { + // TODO: + // need anything from BroDoc::AddImport? + // warn about unconsumed comments (and discard any) + } + +void Manager::ModuleUsage(const std::string& path, const std::string& module) + { + // TODO lookup script and add module to a set + } + +void Manager::Identifier(const ID *id) + { + // TODO: lookup script to associate w/ by GetLocationInfo()->filename + // do different things depending on Type? (eg function flavor versus state) + // do different things based on redef attr + const ? + // consume any buffered comments and associate w/ id + // deal w/ type aliasing + // special enum or record handing? + // if it's a function we may already have added it (decl versus impl) + } + +void Manager::RecordField(const ID *id, const TypeDecl *field, + const std::string& path) + { + // TODO: consume comments + // redef is implicit -- script path of field will differ from ID/type's + } + +void Manager::Redef(const ID* id, const string& path) + { + // TODO: lookup script w/ 'path' to associate the id in as redef'd + // consume any buffered comments and associate w/ redef'd id + // can sort notices here + } + +void Manager::SummaryComment(const std::string& script, + const std::string& comment) + { + // TODO + // canon_doc_comment ? + } + +void Manager::PreComment(const std::string& comment) + { + // TODO + // canon_doc_comment + } + +void Manager::PostComment(const std::string& comment) + { + // TODO this gets associated with the last thing registered + // canon_doc_comment + } + + +// TODO: "canon_doc_comment" means treat "##Text" and "## Text" the same +// so that a single space doesn't generate an indentation level. + + +// TODO: creating proto/file analyzer docs diff --git a/src/broxygen/Manager.h b/src/broxygen/Manager.h new file mode 100644 index 0000000000..d0665c307d --- /dev/null +++ b/src/broxygen/Manager.h @@ -0,0 +1,43 @@ +#ifndef BROXYGEN_MANAGER_H +#define BROXYGEN_MANAGER_H + +#include + +#include "ID.h" +#include "Type.h" + +namespace broxygen { + +class Manager { + +public: + + Manager(const std::string& config); + + void GenerateDocs() const; + + void File(const std::string& path); + + void ScriptDependency(const std::string& path, const std::string& dep); + + void ModuleUsage(const std::string& path, const std::string& module); + + void Identifier(const ID* id); + + void RecordField(const ID* id, const TypeDecl* field, + const std::string& path); + + void Redef(const ID* id, const std::string& path); + + void SummaryComment(const std::string& path, const std::string& comment); + + void PreComment(const std::string& comment); + + void PostComment(const std::string& comment); +}; + +} // namespace broxygen + +extern broxygen::Manager* broxygen_mgr; + +#endif diff --git a/src/main.cc b/src/main.cc index 313e1a40b0..bdb6499445 100644 --- a/src/main.cc +++ b/src/main.cc @@ -61,8 +61,8 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void); #include "analyzer/Manager.h" #include "analyzer/Tag.h" #include "plugin/Manager.h" - #include "file_analysis/Manager.h" +#include "broxygen/Manager.h" #include "binpac_bro.h" @@ -100,6 +100,7 @@ input::Manager* input_mgr = 0; plugin::Manager* plugin_mgr = 0; analyzer::Manager* analyzer_mgr = 0; file_analysis::Manager* file_mgr = 0; +broxygen::Manager* broxygen_mgr = 0; Stmt* stmts; EventHandlerPtr net_done = 0; RuleMatcher* rule_matcher = 0; @@ -116,7 +117,6 @@ int signal_val = 0; int optimize = 0; int do_notice_analysis = 0; int rule_bench = 0; -int generate_documentation = 0; SecondaryPath* secondary_path = 0; extern char version[]; char* command_line_policy = 0; @@ -124,6 +124,8 @@ vector params; char* proc_status_file = 0; int snaplen = 0; // this gets set from the scripting-layer's value +TypeAliasMap type_aliases; + OpaqueType* md5_type = 0; OpaqueType* sha1_type = 0; OpaqueType* sha256_type = 0; @@ -132,8 +134,6 @@ OpaqueType* cardinality_type = 0; OpaqueType* topk_type = 0; OpaqueType* bloomfilter_type = 0; -extern std::list docs_generated; - // Keep copy of command line int bro_argc; char** bro_argv; @@ -203,7 +203,7 @@ void usage() fprintf(stderr, " -T|--re-level | set 'RE_level' for rules\n"); fprintf(stderr, " -U|--status-file | Record process status in file\n"); fprintf(stderr, " -W|--watchdog | activate watchdog timer\n"); - fprintf(stderr, " -Z|--doc-scripts | generate documentation for all loaded scripts\n"); + fprintf(stderr, " -X|--broxygen | generate documentation based on config file\n"); #ifdef USE_PERFTOOLS_DEBUG fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n"); @@ -373,6 +373,7 @@ void terminate_bro() plugin_mgr->FinishPlugins(); + delete broxygen_mgr; delete timer_mgr; delete dns_mgr; delete persistence_serializer; @@ -473,7 +474,7 @@ int main(int argc, char** argv) {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, {"iface", required_argument, 0, 'i'}, - {"doc-scripts", no_argument, 0, 'Z'}, + {"broxygen", required_argument, 0, 'X'}, {"prefix", required_argument, 0, 'p'}, {"readfile", required_argument, 0, 'r'}, {"flowfile", required_argument, 0, 'y'}, @@ -532,7 +533,7 @@ int main(int argc, char** argv) if ( p ) add_to_name_list(p, ':', prefixes); - string active_file; + string broxygen_config; #ifdef USE_IDMEF string libidmef_dtd_path = "idmef-message.dtd"; @@ -545,7 +546,7 @@ int main(int argc, char** argv) opterr = 0; char opts[256]; - safe_strncpy(opts, "B:D:e:f:I:i:K:l:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGLNOPSWbdghvZ", + safe_strncpy(opts, "B:D:e:f:I:i:K:l:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGLNOPSWbdghv", sizeof(opts)); #ifdef USE_PERFTOOLS_DEBUG @@ -727,8 +728,8 @@ int main(int argc, char** argv) break; #endif - case 'Z': - generate_documentation = 1; + case 'X': + broxygen_config = optarg; break; #ifdef USE_IDMEF @@ -760,6 +761,7 @@ int main(int argc, char** argv) reporter = new Reporter(); thread_mgr = new threading::Manager(); + broxygen_mgr = new broxygen::Manager(broxygen_config); #ifdef DEBUG if ( debug_streams ) @@ -888,23 +890,6 @@ int main(int argc, char** argv) } #endif - if ( generate_documentation ) - { - CreateProtoAnalyzerDoc("proto-analyzers.rst"); - CreateFileAnalyzerDoc("file-analyzers.rst"); - - std::list::iterator it; - - for ( it = docs_generated.begin(); it != docs_generated.end(); ++it ) - (*it)->WriteDocFile(); - - for ( it = docs_generated.begin(); it != docs_generated.end(); ++it ) - delete *it; - - terminate_bro(); - return 0; - } - if ( reporter->Errors() > 0 ) { delete dns_mgr; @@ -915,6 +900,8 @@ int main(int argc, char** argv) init_general_global_var(); + broxygen_mgr->GenerateDocs(); + if ( user_pcap_filter ) { ID* id = global_scope()->Lookup("cmd_line_bpf_filter"); diff --git a/src/parse.y b/src/parse.y index 98df0de2a3..ed79808c78 100644 --- a/src/parse.y +++ b/src/parse.y @@ -2,7 +2,7 @@ // See the file "COPYING" in the main distribution directory for copyright. %} -%expect 85 +%expect 75 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF @@ -28,8 +28,6 @@ %token TOK_DEBUG -%token TOK_DOC TOK_POST_DOC - %token TOK_NO_TEST %nonassoc TOK_HOOK @@ -47,8 +45,7 @@ %left '$' '[' ']' '(' ')' TOK_HAS_FIELD TOK_HAS_ATTR %type opt_no_test opt_no_test_block -%type TOK_ID TOK_PATTERN_TEXT single_pattern TOK_DOC TOK_POST_DOC -%type opt_doc_list opt_post_doc_list +%type TOK_ID TOK_PATTERN_TEXT single_pattern %type local_id global_id def_global_id event_id global_or_event_id resolve_id begin_func %type local_id_list %type init_class @@ -83,17 +80,13 @@ #include "RE.h" #include "Scope.h" #include "Reporter.h" -#include "BroDoc.h" -#include "BroDocObj.h" #include "Brofiler.h" +#include "broxygen/Manager.h" -#include +#include #include -extern Brofiler brofiler; -extern BroDoc* current_reST_doc; -extern int generate_documentation; -extern std::list* reST_doc_comments; +extern const char* filename; // Absolute path of file currently being parsed. YYLTYPE GetCurrentLocation(); extern int yyerror(const char[]); @@ -127,24 +120,13 @@ bool defining_global_ID = false; ID* func_id = 0; EnumType *cur_enum_type = 0; -CommentedEnumType *cur_enum_type_doc = 0; -const char* cur_enum_elem_id = 0; - -type_decl_list* fake_type_decl_list = 0; -TypeDecl* last_fake_type_decl = 0; - static ID* cur_decl_type_id = 0; static void parser_new_enum (void) { /* Starting a new enum definition. */ assert(cur_enum_type == NULL); - cur_enum_type = new EnumType(cur_decl_type_id->Name()); - - // For documentation purposes, a separate type object is created - // in order to avoid overlap that can be caused by redefs. - if ( generate_documentation ) - cur_enum_type_doc = new CommentedEnumType(cur_decl_type_id->Name()); + cur_enum_type = new EnumType(); } static void parser_redef_enum (ID *id) @@ -160,53 +142,75 @@ static void parser_redef_enum (ID *id) if ( ! cur_enum_type ) id->Error("not an enum"); } - - if ( generate_documentation ) - cur_enum_type_doc = new CommentedEnumType(id->Name()); } -static void add_enum_comment (std::list* comments) +static type_decl_list* copy_type_decl_list(type_decl_list* tdl) { - cur_enum_type_doc->AddComment(current_module, cur_enum_elem_id, comments); - } + if ( ! tdl ) + return 0; -static ID* create_dummy_id (ID* id, BroType* type) - { - ID* fake_id = new ID(copy_string(id->Name()), (IDScope) id->Scope(), - is_export); + type_decl_list* rval = new type_decl_list(); - fake_id->SetType(type->Ref()); - - if ( id->AsType() ) + loop_over_list(*tdl, i) { - type->SetTypeID(copy_string(id->Name())); - fake_id->MakeType(); + TypeDecl* td = (*tdl)[i]; + rval->append(new TypeDecl(*td)); } - return fake_id; + return rval; } -static std::list* concat_opt_docs (std::list* pre, - std::list* post) +static attr_list* copy_attr_list(attr_list* al) { - if ( ! pre && ! post ) return 0; + if ( ! al ) + return 0; - if ( pre && ! post ) return pre; + attr_list* rval = new attr_list(); - if ( ! pre && post ) return post; + loop_over_list(*al, i) + { + Attr* a = (*al)[i]; + ::Ref(a); + rval->append(a); + } - pre->splice(pre->end(), *post); - delete post; - - return pre; + return rval; } +static void extend_record(ID* id, type_decl_list* fields, attr_list* attrs) + { + set types = type_aliases[id->Name()]; + + if ( types.empty() ) + { + id->Error("failed to redef record: no types found in alias map"); + return; + } + + for ( set::const_iterator it = types.begin(); it != types.end(); ) + { + RecordType* add_to = (*it)->AsRecordType(); + const char* error = 0; + ++it; + + if ( it == types.end() ) + error = add_to->AddFields(fields, attrs); + else + error = add_to->AddFields(copy_type_decl_list(fields), + copy_attr_list(attrs)); + + if ( error ) + { + id->Error(error); + break; + } + } + } %} %union { bool b; char* str; - std::list* str_l; ID* id; id_list* id_l; init_class ic; @@ -699,46 +703,24 @@ single_pattern: ; enum_body: - enum_body_list opt_post_doc_list + enum_body_list { $$ = cur_enum_type; - - if ( generate_documentation ) - { - add_enum_comment($2); - cur_enum_elem_id = 0; - } - cur_enum_type = NULL; } - | enum_body_list ',' opt_post_doc_list + | enum_body_list ',' { $$ = cur_enum_type; - - if ( generate_documentation ) - { - add_enum_comment($3); - cur_enum_elem_id = 0; - } - cur_enum_type = NULL; } ; enum_body_list: - enum_body_elem opt_post_doc_list - { - if ( generate_documentation ) - add_enum_comment($2); - } + enum_body_elem - | enum_body_list ',' opt_post_doc_list - { - if ( generate_documentation ) - add_enum_comment($3); - } enum_body_elem -; + | enum_body_list ',' enum_body_elem + ; enum_body_elem: /* TODO: We could also define this as TOK_ID '=' expr, (or @@ -746,25 +728,19 @@ enum_body_elem: error messages if someboy tries to use constant variables as enumerator. */ - opt_doc_list TOK_ID '=' TOK_CONSTANT + TOK_ID '=' TOK_CONSTANT { - set_location(@2, @4); + set_location(@1, @3); assert(cur_enum_type); - if ( $4->Type()->Tag() != TYPE_COUNT ) + if ( $3->Type()->Tag() != TYPE_COUNT ) reporter->Error("enumerator is not a count constant"); else - cur_enum_type->AddName(current_module, $2, $4->InternalUnsigned(), is_export); - - if ( generate_documentation ) - { - cur_enum_type_doc->AddName(current_module, $2, $4->InternalUnsigned(), is_export); - cur_enum_elem_id = $2; - add_enum_comment($1); - } + cur_enum_type->AddName(current_module, $1, + $3->InternalUnsigned(), is_export); } - | opt_doc_list TOK_ID '=' '-' TOK_CONSTANT + | TOK_ID '=' '-' TOK_CONSTANT { /* We only accept counts as enumerator, but we want to return a nice error message if users triy to use a negative integer (will also @@ -773,18 +749,11 @@ enum_body_elem: reporter->Error("enumerator is not a count constant"); } - | opt_doc_list TOK_ID + | TOK_ID { - set_location(@2); + set_location(@1); assert(cur_enum_type); - cur_enum_type->AddName(current_module, $2, is_export); - - if ( generate_documentation ) - { - cur_enum_type_doc->AddName(current_module, $2, is_export); - cur_enum_elem_id = $2; - add_enum_comment($1); - } + cur_enum_type->AddName(current_module, $1, is_export); } ; @@ -872,12 +841,11 @@ type: } | TOK_RECORD '{' - { ++in_record; do_doc_token_start(); } + { ++in_record; } type_decl_list { --in_record; } '}' { - do_doc_token_stop(); set_location(@1, @5); $$ = new RecordType($4); } @@ -889,9 +857,8 @@ type: $$ = 0; } - | TOK_ENUM '{' { set_location(@1); parser_new_enum(); do_doc_token_start(); } enum_body '}' + | TOK_ENUM '{' { set_location(@1); parser_new_enum(); } enum_body '}' { - do_doc_token_stop(); set_location(@1, @5); $4->UpdateLocationEndInfo(@5); $$ = $4; @@ -983,45 +950,21 @@ type_decl_list: type_decl_list type_decl { $1->append($2); - - if ( generate_documentation && last_fake_type_decl ) - { - fake_type_decl_list->append(last_fake_type_decl); - last_fake_type_decl = 0; - } } | { $$ = new type_decl_list(); - - if ( generate_documentation ) - fake_type_decl_list = new type_decl_list(); } ; type_decl: - opt_doc_list TOK_ID ':' type opt_attr ';' opt_post_doc_list + TOK_ID ':' type opt_attr ';' { - set_location(@2, @6); + set_location(@1, @4); + $$ = new TypeDecl($3, $1, $4, (in_record > 0)); - if ( generate_documentation ) - { - // TypeDecl ctor deletes the attr list, so make a copy - attr_list* a = $5; - attr_list* a_copy = 0; - - if ( a ) - { - a_copy = new attr_list; - loop_over_list(*a, i) - a_copy->append((*a)[i]); - } - - last_fake_type_decl = new CommentedTypeDecl( - $4, $2, a_copy, (in_record > 0), concat_opt_docs($1, $7)); - } - - $$ = new TypeDecl($4, $2, $5, (in_record > 0)); + if ( in_record > 0 ) + broxygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1055,9 +998,7 @@ decl: TOK_MODULE TOK_ID ';' { current_module = $2; - - if ( generate_documentation ) - current_reST_doc->AddModule(current_module); + broxygen_mgr->ModuleUsage(::filename, current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1066,171 +1007,43 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REGULAR); - - if ( generate_documentation ) - { - ID* id = $2; - if ( id->Type()->Tag() == TYPE_FUNC ) - { - switch ( id->Type()->AsFuncType()->Flavor() ) { - - case FUNC_FLAVOR_FUNCTION: - current_reST_doc->AddFunction( - new BroDocObj(id, reST_doc_comments)); - break; - - case FUNC_FLAVOR_EVENT: - current_reST_doc->AddEvent( - new BroDocObj(id, reST_doc_comments)); - break; - - case FUNC_FLAVOR_HOOK: - current_reST_doc->AddHook( - new BroDocObj(id, reST_doc_comments)); - break; - - default: - reporter->InternalError("invalid function flavor"); - break; - } - } - - else - { - current_reST_doc->AddStateVar( - new BroDocObj(id, reST_doc_comments)); - } - } + broxygen_mgr->Identifier($2); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_CONST); - - if ( generate_documentation ) - { - if ( $2->FindAttr(ATTR_REDEF) ) - current_reST_doc->AddOption( - new BroDocObj($2, reST_doc_comments)); - else - current_reST_doc->AddConstant( - new BroDocObj($2, reST_doc_comments)); - } + broxygen_mgr->Identifier($2); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); - - if ( generate_documentation && - ! streq("capture_filters", $2->Name()) ) - { - ID* fake_id = create_dummy_id($2, $2->Type()); - BroDocObj* o = new BroDocObj(fake_id, reST_doc_comments, true); - o->SetRole(true); - current_reST_doc->AddRedef(o); - } + broxygen_mgr->Redef($2, ::filename); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO - '{' { parser_redef_enum($3); do_doc_token_start(); } enum_body '}' ';' + '{' { parser_redef_enum($3); } enum_body '}' ';' { - do_doc_token_stop(); - - if ( generate_documentation ) - { - ID* fake_id = create_dummy_id($3, cur_enum_type_doc); - cur_enum_type_doc = 0; - BroDocObj* o = new BroDocObj(fake_id, reST_doc_comments, true); - o->SetRole(true); - - if ( extract_module_name(fake_id->Name()) == "Notice" && - extract_var_name(fake_id->Name()) == "Type" ) - current_reST_doc->AddNotice(o); - else - current_reST_doc->AddRedef(o); - } + // Broxygen already grabbed new enum IDs as the type created them. } - | TOK_REDEF TOK_RECORD global_id TOK_ADD_TO - '{' { ++in_record; do_doc_token_start(); } - type_decl_list - { --in_record; do_doc_token_stop(); } '}' opt_attr ';' + | TOK_REDEF TOK_RECORD global_id { cur_decl_type_id = $3; } TOK_ADD_TO + '{' { ++in_record; } type_decl_list { --in_record; } '}' opt_attr ';' { + cur_decl_type_id = 0; + if ( ! $3->Type() ) $3->Error("unknown identifier"); else - { - RecordType* add_to = $3->Type()->AsRecordType(); - if ( ! add_to ) - $3->Error("not a record type"); - else - { - const char* error = add_to->AddFields($7, $10); - if ( error ) - $3->Error(error); - else if ( generate_documentation ) - { - if ( fake_type_decl_list ) - { - BroType* fake_record = - new RecordType(fake_type_decl_list); - ID* fake = create_dummy_id($3, fake_record); - fake_type_decl_list = 0; - BroDocObj* o = - new BroDocObj(fake, reST_doc_comments, true); - o->SetRole(true); - current_reST_doc->AddRedef(o); - } - else - { - fprintf(stderr, "Warning: doc mode did not process " - "record extension for '%s', CommentedTypeDecl" - "list unavailable.\n", $3->Name()); - } - } - } - } + extend_record($3, $8, $11); } | TOK_TYPE global_id ':' { cur_decl_type_id = $2; } type opt_attr ';' { cur_decl_type_id = 0; - add_type($2, $5, $6, 0); - - if ( generate_documentation ) - { - TypeTag t = $2->AsType()->Tag(); - if ( t == TYPE_ENUM && cur_enum_type_doc ) - { - ID* fake = create_dummy_id($2, cur_enum_type_doc); - cur_enum_type_doc = 0; - current_reST_doc->AddType( - new BroDocObj(fake, reST_doc_comments, true)); - } - - else if ( t == TYPE_RECORD && fake_type_decl_list ) - { - BroType* fake_record = new RecordType(fake_type_decl_list); - ID* fake = create_dummy_id($2, fake_record); - fake_type_decl_list = 0; - current_reST_doc->AddType( - new BroDocObj(fake, reST_doc_comments, true)); - } - - else - current_reST_doc->AddType( - new BroDocObj($2, reST_doc_comments)); - } - } - - | TOK_EVENT event_id ':' type_list opt_attr ';' - { - add_type($2, $4, $5, 1); - - if ( generate_documentation ) - current_reST_doc->AddEvent( - new BroDocObj($2, reST_doc_comments)); + add_type($2, $5, $6); + broxygen_mgr->Identifier($2); } | func_hdr func_body @@ -1258,18 +1071,13 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_FUNCTION, 0, $3); $$ = $3; - if ( generate_documentation ) - current_reST_doc->AddFunction( - new BroDocObj($2, reST_doc_comments)); + broxygen_mgr->Identifier($2); } | TOK_EVENT event_id func_params { begin_func($2, current_module.c_str(), FUNC_FLAVOR_EVENT, 0, $3); $$ = $3; - if ( generate_documentation ) - current_reST_doc->AddEventHandler( - new BroDocObj($2, reST_doc_comments)); } | TOK_HOOK def_global_id func_params { @@ -1278,9 +1086,6 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_HOOK, 0, $3); $$ = $3; - if ( generate_documentation ) - current_reST_doc->AddHookHandler( - new BroDocObj($2, reST_doc_comments)); } | TOK_REDEF TOK_EVENT event_id func_params { @@ -1729,40 +1534,6 @@ resolve_id: } ; -opt_post_doc_list: - opt_post_doc_list TOK_POST_DOC - { - $1->push_back($2); - $$ = $1; - } - | - TOK_POST_DOC - { - $$ = new std::list(); - $$->push_back($1); - delete [] $1; - } - | - { $$ = 0; } - ; - -opt_doc_list: - opt_doc_list TOK_DOC - { - $1->push_back($2); - $$ = $1; - } - | - TOK_DOC - { - $$ = new std::list(); - $$->push_back($1); - delete [] $1; - } - | - { $$ = 0; } - ; - opt_no_test: TOK_NO_TEST { $$ = true; } @@ -1788,10 +1559,6 @@ int yyerror(const char msg[]) else sprintf(msgbuf, "%s, at or near \"%s\"", msg, last_tok); - if ( generate_documentation ) - strcat(msgbuf, "\nDocumentation mode is enabled: " - "remember to check syntax of ## style comments\n"); - if ( in_debug ) g_curr_debug_error = copy_string(msg); diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 16f9d80743..7d90f93bf1 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -130,9 +130,9 @@ template ComponentManager::ComponentManager(const string& arg_module) : module(arg_module) { - tag_enum_type = new EnumType(module + "::Tag"); + tag_enum_type = new EnumType(); ::ID* id = install_ID("Tag", module.c_str(), true, true); - add_type(id, tag_enum_type, 0, 0); + add_type(id, tag_enum_type, 0); } template diff --git a/src/scan.l b/src/scan.l index 636ec5b251..b126b2ee1f 100644 --- a/src/scan.l +++ b/src/scan.l @@ -23,16 +23,15 @@ #include "Debug.h" #include "PolicyFile.h" #include "broparse.h" -#include "BroDoc.h" #include "Reporter.h" #include "RE.h" #include "Net.h" #include "analyzer/Analyzer.h" +#include "broxygen/Manager.h" extern YYLTYPE yylloc; // holds start line and column of token extern int print_loaded_scripts; -extern int generate_documentation; // Track the @if... depth. ptr_compat_int current_depth = 0; @@ -40,10 +39,7 @@ ptr_compat_int current_depth = 0; int_list if_stack; int line_number = 1; -const char* filename = 0; -BroDoc* current_reST_doc = 0; -static BroDoc* last_reST_doc = 0; -string current_scanned_file_path; +const char* filename = 0; // Absolute path of file currently being parsed. char last_tok[128]; @@ -56,41 +52,15 @@ char last_tok[128]; if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \ reporter->Error("read failed with \"%s\"", strerror(errno)); -// reST documents that we've created (or have at least opened so far). -std::list docs_generated; - -// reST comments (those starting with ##) seen so far. -std::list* reST_doc_comments = 0; - -// Print current contents of reST_doc_comments list to stderr. -void print_current_reST_doc_comments(); - -// Delete the reST_doc_comments list object. -void clear_reST_doc_comments(); - -// Adds changes to capture_filter to the current script's reST documentation. -static void check_capture_filter_changes(); - -static const char* canon_doc_comment(const char* comment) +static string get_dirname(const char* path) { - // "##Text" and "## Text" are treated the same in order to be able - // to still preserve indentation level, but not unintentionally - // signify an indentation level for all the text when using - // the "## Text" style. - return ( comment[0] == ' ' ) ? comment + 1 : comment; - } + if ( ! path ) + return ""; -static std::string canon_doc_func_param(const char* id_start) - { - std::string id_name(id_start, strcspn(id_start, ":")); - const char* comment = id_start + id_name.size() + 1; - std::string doc; - - if ( id_name == "Returns" ) - doc.append(":returns:").append(comment); - else - doc.append(":param ").append(id_name).append(":").append(comment); - return doc; + char* tmp = copy_string(path); + string rval = dirname(tmp); + delete[] tmp; + return rval; } static ino_t get_inode_num(FILE* f, const char* filename) @@ -99,7 +69,8 @@ static ino_t get_inode_num(FILE* f, const char* filename) if ( fstat(fileno(f), &b) ) { - reporter->Error("failed to fstat fd of %s\n", filename); + reporter->Error("failed to fstat fd of %s: %s\n", filename, + strerror(errno)); exit(1); } @@ -116,8 +87,6 @@ public: const char* name; int line; int level; - BroDoc* doc; - string path; }; // A stack of input buffers we're scanning. file_stack[len-1] is the @@ -141,7 +110,6 @@ static int load_files(const char* file); %x RE %x IGNORE -%s DOC OWS [ \t]* WS [ \t]+ @@ -159,63 +127,15 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - // Add this format of comments to the script documentation's "summary". - if ( generate_documentation ) - current_reST_doc->AddSummary(canon_doc_comment(yytext + 3)); + broxygen_mgr->SummaryComment(::filename, yytext + 3); } -##<.* { - yylval.str = copy_string(canon_doc_comment(yytext + 3)); - return TOK_POST_DOC; -} - -##{OWS}{ID}:{WS}.* { - const char* id_start = skip_whitespace(yytext + 2); - yylval.str = copy_string(canon_doc_func_param(id_start).c_str()); - return TOK_DOC; -} - -##.* { - if ( yytext[2] != '#' ) - { - yylval.str = copy_string(canon_doc_comment(yytext + 2)); - return TOK_DOC; - } -} - -##{OWS}{ID}:{WS}.* { - if ( generate_documentation ) - { - // Comment is documenting either a function parameter or return type, - // so appropriate reST markup substitutions are automatically made - // in order to distinguish them from other comments. - if ( ! reST_doc_comments ) - reST_doc_comments = new std::list(); - - // always insert a blank line so that this param/return markup - // 1) doesn't show up in the summary section in the case that it's - // the first comment for the function/event - // 2) has a blank line between it and non-field-list reST markup, - // which is required for correct HTML rendering by Sphinx - reST_doc_comments->push_back(""); - const char* id_start = skip_whitespace(yytext + 2); - reST_doc_comments->push_back(canon_doc_func_param(id_start)); - } -} - ##<.* { - if ( generate_documentation && BroDocObj::last ) - BroDocObj::last->AddDocString(canon_doc_comment(yytext + 3)); + broxygen_mgr->PostComment(yytext + 3); } ##.* { - if ( generate_documentation && (yytext[2] != '#') ) - { - if ( ! reST_doc_comments ) - reST_doc_comments = new std::list(); - - reST_doc_comments->push_back(canon_doc_comment(yytext + 2)); - } + broxygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -224,7 +144,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) {WS} /* eat whitespace */ -\n { +\n { ++line_number; ++yylloc.first_line; ++yylloc.last_line; @@ -345,7 +265,7 @@ when return TOK_WHEN; @DEBUG return TOK_DEBUG; // marks input for debugger @DIR { - string rval = current_scanned_file_path; + string rval = get_dirname(::filename); if ( ! rval.empty() && rval[0] == '.' ) { @@ -374,25 +294,15 @@ when return TOK_WHEN; @load{WS}{FILE} { const char* new_file = skip_whitespace(yytext + 5); // Skip "@load". - if ( generate_documentation ) - { - current_reST_doc->AddImport(new_file); - - if ( reST_doc_comments ) - { - fprintf(stderr, "Warning: unconsumed reST documentation is being " - "discarded before doing '@load %s' in %s:\n", - new_file, current_reST_doc->GetSourceFileName()); - clear_reST_doc_comments(); - } - } + broxygen_mgr->ScriptDependency(::filename, new_file); (void) load_files(new_file); } @load-sigs{WS}{FILE} { const char* new_sig_file = skip_whitespace(yytext + 10); const char* full_filename = 0; - FILE* f = search_for_file(new_sig_file, "sig", &full_filename, false, 0); + FILE* f = search_for_file(new_sig_file, "sig", &full_filename, false, 0, + get_dirname(::filename)); if ( f ) { @@ -411,7 +321,8 @@ when return TOK_WHEN; // All we have to do is pretend we've already scanned it. const char* full_filename; - FILE* f = search_for_file(new_file, "bro", &full_filename, true, 0); + FILE* f = search_for_file(new_file, "bro", &full_filename, true, 0, + get_dirname(::filename)); if ( f ) { @@ -603,7 +514,7 @@ static int load_files(const char* orig_file) else { - f = search_for_file(orig_file, "bro", &full_filename, true, &bropath_subpath); + f = search_for_file(orig_file, "bro", &full_filename, true, &bropath_subpath, get_dirname(::filename)); bropath_subpath_delete = bropath_subpath; // This will be deleted. } @@ -666,15 +577,7 @@ static int load_files(const char* orig_file) else file_stack.append(new FileInfo); - char* tmp = copy_string(full_filename); - current_scanned_file_path = dirname(tmp); - delete [] tmp; - - if ( generate_documentation ) - { - current_reST_doc = new BroDoc(bropath_subpath, full_filename); - docs_generated.push_back(current_reST_doc); - } + broxygen_mgr->File(full_filename); delete [] bropath_subpath_delete; @@ -776,28 +679,11 @@ void do_atendif() --current_depth; } -void do_doc_token_start() - { - if ( generate_documentation ) - BEGIN(DOC); - } - -void do_doc_token_stop() - { - if ( generate_documentation ) - BEGIN(INITIAL); - } - // Be careful to never delete things from this list, as the strings // are referred to (in order to save the locations of tokens and statements, // for error reporting and debugging). static name_list input_files; -const char* get_current_input_filename() - { - return ::filename; - } - void add_input_file(const char* file) { if ( ! file ) @@ -852,8 +738,6 @@ int yywrap() // Stack is now empty. while ( input_files.length() > 0 ) { - check_capture_filter_changes(); - if ( load_files(input_files[0]) ) { // Don't delete the filename - it's pointed to by @@ -867,8 +751,6 @@ int yywrap() (void) input_files.remove_nth(0); } - check_capture_filter_changes(); - // For each file scanned so far, and for each @prefix, look for a // prefixed and flattened version of the loaded file in BROPATH. The // flattening involves taking the path in BROPATH in which the @@ -893,7 +775,8 @@ int yywrap() string s; s = dot_canon(it->subpath.c_str(), it->name.c_str(), prefixes[i]); - FILE* f = search_for_file(s.c_str(), "bro", 0, false, 0); + FILE* f = search_for_file(s.c_str(), "bro", 0, false, 0, + get_dirname(::filename)); //printf("====== prefix search ======\n"); //printf("File : %s\n", it->name.c_str()); @@ -977,9 +860,6 @@ int yywrap() return 0; } - if ( generate_documentation ) - clear_reST_doc_comments(); - // Otherwise, we are done. return 1; } @@ -990,8 +870,6 @@ FileInfo::FileInfo(string arg_restore_module) restore_module = arg_restore_module; name = ::filename; line = ::line_number; - doc = ::current_reST_doc; - path = current_scanned_file_path; } FileInfo::~FileInfo() @@ -1002,56 +880,7 @@ FileInfo::~FileInfo() yy_switch_to_buffer(buffer_state); yylloc.filename = filename = name; yylloc.first_line = yylloc.last_line = line_number = line; - last_reST_doc = current_reST_doc; - current_reST_doc = doc; - current_scanned_file_path = path; if ( restore_module != "" ) current_module = restore_module; } - -static void check_capture_filter_changes() - { - if ( ! generate_documentation ) - return; - - // Lookup the "capture_filters" identifier, if it has any defined - // value, add it to the script's reST documentation, and finally - // clear the table so it doesn't taint the documentation for - // subsequent scripts. - - ID* capture_filters = global_scope()->Lookup("capture_filters"); - - if ( capture_filters ) - { - ODesc desc; - desc.SetIndentSpaces(4); - capture_filters->ID_Val()->Describe(&desc); - last_reST_doc->SetPacketFilter(desc.Description()); - capture_filters->ID_Val()->AsTableVal()->RemoveAll(); - } - } - -void print_current_reST_doc_comments() - { - if ( ! reST_doc_comments ) - return; - - std::list::iterator it; - - for ( it = reST_doc_comments->begin(); it != reST_doc_comments->end(); ++it ) - fprintf(stderr, "##%s\n", it->c_str()); - } - -void clear_reST_doc_comments() - { - if ( ! reST_doc_comments ) - return; - - fprintf(stderr, "Warning: %zu unconsumed reST comments:\n", - reST_doc_comments->size()); - - print_current_reST_doc_comments(); - delete reST_doc_comments; - reST_doc_comments = 0; - } diff --git a/src/util.cc b/src/util.cc index f26b3fb0c2..d06c6aff96 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1060,11 +1060,9 @@ void get_script_subpath(const std::string& full_filename, const char** subpath) *subpath = normalize_path(my_subpath.c_str()); } -extern string current_scanned_file_path; - FILE* search_for_file(const char* filename, const char* ext, const char** full_filename, bool load_pkgs, - const char** bropath_subpath) + const char** bropath_subpath, string prepend_to_search_path) { // If the file is a literal absolute path we don't have to search, // just return the result of trying to open it. If the file is @@ -1088,9 +1086,9 @@ FILE* search_for_file(const char* filename, const char* ext, // Prepend the currently loading script's path to BROPATH so that // @loads can be referenced relatively. - if ( current_scanned_file_path != "" && filename[0] == '.' ) + if ( ! prepend_to_search_path.empty() && filename[0] == '.' ) safe_snprintf(path, sizeof(path), "%s:%s", - current_scanned_file_path.c_str(), bro_path()); + prepend_to_search_path.c_str(), bro_path()); else safe_strncpy(path, bro_path(), sizeof(path)); diff --git a/src/util.h b/src/util.h index fcdfd6d499..e7ac4d33af 100644 --- a/src/util.h +++ b/src/util.h @@ -209,7 +209,8 @@ std::string dot_canon(std::string path, std::string file, std::string prefix = " const char* normalize_path(const char* path); void get_script_subpath(const std::string& full_filename, const char** subpath); extern FILE* search_for_file(const char* filename, const char* ext, - const char** full_filename, bool load_pkgs, const char** bropath_subpath); + const char** full_filename, bool load_pkgs, const char** bropath_subpath, + std::string prepend_to_search_path = ""); // Renames the given file to a new temporary name, and opens a new file with // the original name. Returns new file or NULL on error. Inits rotate_info if From 90477df973ae34896e265c4def5547fc6540f6c3 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 7 Oct 2013 15:01:03 -0500 Subject: [PATCH 077/287] Refactor search_for_file() util function. It was getting too bloated and allocated memory in ways that were difficult to understand how to manage. Separated out primarily in to new find_file() and open_file()/open_package() functions. Also renamed other util functions for path-related things. --- src/BroDoc.cc | 2 + src/Debug.cc | 10 +- src/Net.h | 8 +- src/OSFinger.cc | 3 +- src/RuleMatcher.cc | 2 +- src/broxygen/Manager.cc | 2 +- src/scan.l | 252 ++++++++++++++++------------------ src/util.cc | 292 ++++++++++++++++++++-------------------- src/util.h | 64 ++++++++- 9 files changed, 331 insertions(+), 304 deletions(-) diff --git a/src/BroDoc.cc b/src/BroDoc.cc index 05d9d8f562..2c3d6f6d77 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -85,6 +85,7 @@ BroDoc::~BroDoc() void BroDoc::AddImport(const std::string& s) { + /* std::string lname(s); // First strip any .bro extension. size_t ext_pos = lname.find(".bro"); @@ -142,6 +143,7 @@ void BroDoc::AddImport(const std::string& s) delete [] full_filename; delete [] subpath; + */ } void BroDoc::SetPacketFilter(const std::string& s) diff --git a/src/Debug.cc b/src/Debug.cc index f4ac8c2fdf..94b8abf952 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -342,18 +342,16 @@ vector parse_location_string(const string& s) if ( ! sscanf(line_string.c_str(), "%d", &plr.line) ) plr.type = plrUnknown; - FILE* throwaway = search_for_file(filename.c_str(), "bro", - &full_filename, true, 0); - if ( ! throwaway ) + string path(find_file(filename, bro_path(), "bro")); + + if ( path.empty() ) { debug_msg("No such policy file: %s.\n", filename.c_str()); plr.type = plrUnknown; return result; } - fclose(throwaway); - - loc_filename = full_filename; + loc_filename = copy_string(path.c_str()); plr.type = plrFileAndLine; } } diff --git a/src/Net.h b/src/Net.h index 5b959d1688..07c856d1dd 100644 --- a/src/Net.h +++ b/src/Net.h @@ -4,6 +4,7 @@ #define net_h #include "net_util.h" +#include "util.h" #include "BPF_Program.h" #include "List.h" #include "PktSrc.h" @@ -97,15 +98,14 @@ struct ScannedFile { ino_t inode; int include_level; string name; - string subpath; // Path in BROPATH's policy/ containing the file. bool skipped; // This ScannedFile was @unload'd. bool prefixes_checked; // If loading prefixes for this file has been tried. - ScannedFile(ino_t arg_inode, int arg_include_level, string arg_name, - string arg_subpath = "", bool arg_skipped = false, + ScannedFile(ino_t arg_inode, int arg_include_level, const string& arg_name, + bool arg_skipped = false, bool arg_prefixes_checked = false) : inode(arg_inode), include_level(arg_include_level), - name(arg_name), subpath(arg_subpath), skipped(arg_skipped), + name(arg_name), skipped(arg_skipped), prefixes_checked(arg_prefixes_checked) { } }; diff --git a/src/OSFinger.cc b/src/OSFinger.cc index 3368a8e40c..bcb00e324b 100644 --- a/src/OSFinger.cc +++ b/src/OSFinger.cc @@ -294,7 +294,8 @@ void OSFingerprint::load_config(const char* file) uint32 ln=0; char buf[MAXLINE]; char* p; - FILE* c = search_for_file(file, "osf", 0, false, 0); + + FILE* c = open_file(find_file(file, bro_path(), "osf")); if (!c) { diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index ed33db6792..84ff5af774 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -226,7 +226,7 @@ bool RuleMatcher::ReadFiles(const name_list& files) for ( int i = 0; i < files.length(); ++i ) { - rules_in = search_for_file(files[i], "sig", 0, false, 0); + rules_in = open_file(find_file(files[i], bro_path(), "sig")); if ( ! rules_in ) { reporter->Error("Can't open signature file %s", files[i]); diff --git a/src/broxygen/Manager.cc b/src/broxygen/Manager.cc index 30c9008787..ee995d8b4a 100644 --- a/src/broxygen/Manager.cc +++ b/src/broxygen/Manager.cc @@ -20,8 +20,8 @@ void Manager::GenerateDocs() const void Manager::File(const std::string& path) { // TODO - // determine bropath subpath // can be a file or directory? + // determine path within BROPATH } void Manager::ScriptDependency(const std::string& path, const std::string& dep) diff --git a/src/scan.l b/src/scan.l index b126b2ee1f..899fa77b66 100644 --- a/src/scan.l +++ b/src/scan.l @@ -31,7 +31,6 @@ #include "broxygen/Manager.h" extern YYLTYPE yylloc; // holds start line and column of token -extern int print_loaded_scripts; // Track the @if... depth. ptr_compat_int current_depth = 0; @@ -52,31 +51,38 @@ char last_tok[128]; if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \ reporter->Error("read failed with \"%s\"", strerror(errno)); -static string get_dirname(const char* path) +static string find_relative_file(const string& filename, const string& ext) { - if ( ! path ) - return ""; + if ( filename.empty() ) + return string(); - char* tmp = copy_string(path); - string rval = dirname(tmp); - delete[] tmp; - return rval; + if ( filename[0] == '.' ) + return find_file(filename, safe_dirname(::filename), ext); + else + return find_file(filename, bro_path(), ext); } -static ino_t get_inode_num(FILE* f, const char* filename) +static ino_t get_inode_num(FILE* f, const string& path) { struct stat b; if ( fstat(fileno(f), &b) ) - { - reporter->Error("failed to fstat fd of %s: %s\n", filename, - strerror(errno)); - exit(1); - } + reporter->FatalError("fstat of %s failed: %s\n", path.c_str(), + strerror(errno)); return b.st_ino; } +static ino_t get_inode_num(const string& path) + { + FILE* f = open_file(path); + + if ( ! f ) + reporter->FatalError("failed to open %s\n", path.c_str()); + + return get_inode_num(f, path); + } + class FileInfo { public: FileInfo(string restore_module = ""); @@ -265,7 +271,7 @@ when return TOK_WHEN; @DEBUG return TOK_DEBUG; // marks input for debugger @DIR { - string rval = get_dirname(::filename); + string rval(safe_dirname(::filename)); if ( ! rval.empty() && rval[0] == '.' ) { @@ -299,42 +305,29 @@ when return TOK_WHEN; } @load-sigs{WS}{FILE} { - const char* new_sig_file = skip_whitespace(yytext + 10); - const char* full_filename = 0; - FILE* f = search_for_file(new_sig_file, "sig", &full_filename, false, 0, - get_dirname(::filename)); + const char* file = skip_whitespace(yytext + 10); + string path(find_relative_file(file, "sig")); - if ( f ) - { - sig_files.push_back(full_filename); - fclose(f); - delete [] full_filename; - } - else + if ( path.empty() ) reporter->Error("failed to find file associated with @load-sigs %s", - new_sig_file); + file); + else + sig_files.push_back(copy_string(path.c_str())); } @unload{WS}{FILE} { // Skip "@unload". - const char* new_file = skip_whitespace(yytext + 7); - - // All we have to do is pretend we've already scanned it. - const char* full_filename; - FILE* f = search_for_file(new_file, "bro", &full_filename, true, 0, - get_dirname(::filename)); - - if ( f ) - { - ScannedFile sf(get_inode_num(f, full_filename), file_stack.length(), full_filename, "", true); - files_scanned.push_back(sf); - - fclose(f); - delete [] full_filename; - } + const char* file = skip_whitespace(yytext + 7); + string path(find_relative_file(file, "bro")); + if ( path.empty() ) + reporter->Error("failed find file associated with @unload %s", file); else - reporter->Error("failed find file associated with @unload %s", new_file); + { + // All we have to do is pretend we've already scanned it. + ScannedFile sf(get_inode_num(path), file_stack.length(), path, true); + files_scanned.push_back(sf); + } } @prefixes{WS}("+"?)={WS}{PREFIX} { @@ -488,22 +481,35 @@ YYLTYPE GetCurrentLocation() return currloc; } + +static bool already_scanned(ino_t i) + { + list::const_iterator it; + + for ( it = files_scanned.begin(); it != files_scanned.end(); ++it ) + if ( it->inode == i ) + return true; + + return false; + } + +static bool already_scanned(const string& path) + { + return already_scanned(get_inode_num(path)); + } + static int load_files(const char* orig_file) { // Whether we pushed on a FileInfo that will restore the // current module after the final file has been scanned. bool did_module_restore = false; - - const char* full_filename = ""; - const char* bropath_subpath = ""; - const char* bropath_subpath_delete = 0; - FILE* f; + string file_path; + FILE* f = 0; if ( streq(orig_file, "-") ) { f = stdin; - full_filename = ""; - bropath_subpath = ""; + file_path = ""; if ( g_policy_debug ) { @@ -514,90 +520,62 @@ static int load_files(const char* orig_file) else { - f = search_for_file(orig_file, "bro", &full_filename, true, &bropath_subpath, get_dirname(::filename)); - bropath_subpath_delete = bropath_subpath; // This will be deleted. - } + file_path = find_relative_file(orig_file, "bro"); - if ( f ) - { - ino_t i = get_inode_num(f, full_filename); - std::list::const_iterator it; + if ( file_path.empty() ) + reporter->FatalError("can't find %s", orig_file); - for ( it = files_scanned.begin(); it != files_scanned.end(); ++it ) - { - if ( it->inode == i ) - { - if ( f != stdin ) - { - fclose(f); - delete [] full_filename; - delete [] bropath_subpath_delete; - } - return 0; - } - } - - ScannedFile sf(i, file_stack.length(), full_filename, bropath_subpath); - files_scanned.push_back(sf); - - if ( g_policy_debug ) - { - // Add the filename to the file mapping - // table (Debug.h). - Filemap* map = new Filemap; - - // Make sure it wasn't already read in. - HashKey* key = new HashKey(full_filename); - if ( g_dbgfilemaps.Lookup(key) ) - { - // reporter->Warning("Not re-reading policy file; check BRO_PREFIXES:", full_filename); - fclose(f); - delete key; - return 0; - } - else - { - g_dbgfilemaps.Insert(key, map); - } - - if ( full_filename ) - LoadPolicyFileText(full_filename); - } - - // Remember where we were. If this is the first - // file being pushed on the stack, i.e., the *last* - // one that will be processed, then we want to - // restore the module scope in which this @load - // was done when we're finished processing it. - if ( ! did_module_restore ) - { - file_stack.append(new FileInfo(current_module)); - did_module_restore = true; - } + if ( is_dir(file_path.c_str()) ) + f = open_package(file_path); else - file_stack.append(new FileInfo); + f = open_file(file_path); - broxygen_mgr->File(full_filename); - - delete [] bropath_subpath_delete; - - // "orig_file", could be an alias for yytext, which is ephemeral - // and will be zapped after the yy_switch_to_buffer() below. - yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE)); - - yylloc.first_line = yylloc.last_line = line_number = 1; - - // Don't delete the old filename - it's pointed to by - // every BroObj created when parsing it. - yylloc.filename = filename = full_filename; + if ( ! f ) + reporter->FatalError("can't open %s", file_path.c_str()); } - else + ino_t i = get_inode_num(f, file_path); + + if ( already_scanned(i) ) + return 0; + + ScannedFile sf(i, file_stack.length(), file_path); + files_scanned.push_back(sf); + + if ( g_policy_debug && ! file_path.empty() ) { - reporter->Error("can't open %s", full_filename); - exit(1); + // Add the filename to the file mapping table (Debug.h). + Filemap* map = new Filemap; + HashKey* key = new HashKey(file_path.c_str()); + g_dbgfilemaps.Insert(key, map); + LoadPolicyFileText(file_path.c_str()); } + // Remember where we were. If this is the first + // file being pushed on the stack, i.e., the *last* + // one that will be processed, then we want to + // restore the module scope in which this @load + // was done when we're finished processing it. + if ( ! did_module_restore ) + { + file_stack.append(new FileInfo(current_module)); + did_module_restore = true; + } + else + file_stack.append(new FileInfo); + + broxygen_mgr->File(file_path); + + // "orig_file", could be an alias for yytext, which is ephemeral + // and will be zapped after the yy_switch_to_buffer() below. + yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE)); + + yylloc.first_line = yylloc.last_line = line_number = 1; + + // Don't delete the old filename - it's pointed to by + // every BroObj created when parsing it. + yylloc.filename = filename = copy_string(file_path.c_str()); + return 1; } @@ -773,24 +751,22 @@ int yywrap() if ( ! prefixes[i][0] ) continue; - string s; - s = dot_canon(it->subpath.c_str(), it->name.c_str(), prefixes[i]); - FILE* f = search_for_file(s.c_str(), "bro", 0, false, 0, - get_dirname(::filename)); + string sub(find_dir_in_bropath(it->name)); + string flat(flatten_script_name(sub, it->name, prefixes[i])); + string path(find_relative_file(flat, "bro")); + + if ( ! path.empty() ) + { + add_input_file(path.c_str()); + found_prefixed_files = true; + } //printf("====== prefix search ======\n"); //printf("File : %s\n", it->name.c_str()); - //printf("Path : %s\n", it->subpath.c_str()); - //printf("Dotted: %s\n", s.c_str()); + //printf("Path : %s\n", sub.c_str()); + //printf("Dotted: %s\n", flat.c_str()); //printf("Found : %s\n", f ? "T" : "F"); //printf("===========================\n"); - - if ( f ) - { - add_input_file(s.c_str()); - found_prefixed_files = true; - fclose(f); - } } } diff --git a/src/util.cc b/src/util.cc index ad6d0368a4..1f087a697a 100644 --- a/src/util.cc +++ b/src/util.cc @@ -917,90 +917,127 @@ string bro_prefixes() const char* PACKAGE_LOADER = "__load__.bro"; -// If filename is pointing to a directory that contains a file called -// PACKAGE_LOADER, returns the files path. Otherwise returns filename itself. -// In both cases, the returned string is newly allocated. -static const char* check_for_dir(const char* filename, bool load_pkgs) +FILE* open_file(const string& path, const string& mode) { - if ( load_pkgs && is_dir(filename) ) - { - char init_filename_buf[1024]; - safe_snprintf(init_filename_buf, sizeof(init_filename_buf), - "%s/%s", filename, PACKAGE_LOADER); + if ( path.empty() ) + return 0; - if ( access(init_filename_buf, R_OK) == 0 ) - return copy_string(init_filename_buf); - } + FILE* rval = fopen(path.c_str(), mode.c_str()); - return copy_string(filename); - } - -static FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs) - { - filename = check_for_dir(filename, load_pkgs); - - if ( full_filename ) - *full_filename = copy_string(filename); - - FILE* f = fopen(filename, "r"); - - if ( ! f ) + if ( ! rval ) { char buf[256]; strerror_r(errno, buf, sizeof(buf)); reporter->Error("Failed to open file %s: %s", filename, buf); } - delete [] filename; - - return f; + return rval; } -// Canonicalizes a given 'file' that lives in 'path' into a flattened, -// dotted format. If the optional 'prefix' argument is given, it is -// prepended to the dotted-format, separated by another dot. -// If 'file' is __load__.bro, that part is discarded when constructing -// the final dotted-format. -string dot_canon(string path, string file, string prefix) +static bool can_read(const string& path) + { + return access(path.c_str(), R_OK) == 0; + } + +FILE* open_package(string& path, const string& mode) + { + string arg_path(path); + path.append("/").append(PACKAGE_LOADER); + + if ( can_read(path) ) + return open_file(path, mode); + + reporter->Error("Failed to open package '%s': missing '%s' file", + arg_path.c_str(), PACKAGE_LOADER); + return 0; + } + +string safe_dirname(const char* path) + { + if ( ! path ) + return "."; + return safe_dirname(string(path)); + } + +string safe_dirname(const string& path) + { + char* tmp = copy_string(path.c_str()); + string rval(dirname(tmp)); + delete [] tmp; + return rval; + } + +string safe_basename(const char* path) + { + if ( ! path ) + return "."; + return safe_basename(string(path)); + } + +string safe_basename(const string& path) + { + char* tmp = copy_string(path.c_str()); + string rval(basename(tmp)); + delete [] tmp; + return rval; + } + +string flatten_script_name(const string& dir, const string& file, + const string& prefix) { string dottedform(prefix); + if ( prefix != "" ) dottedform.append("."); - dottedform.append(path); - char* tmp = copy_string(file.c_str()); - char* bname = basename(tmp); - if ( ! streq(bname, PACKAGE_LOADER) ) + + dottedform.append(dir); + string bname(safe_basename(file)); + + if ( bname != string(PACKAGE_LOADER) ) { - if ( path != "" ) + if ( dir != "" ) dottedform.append("."); + dottedform.append(bname); } - delete [] tmp; + size_t n; + while ( (n = dottedform.find("/")) != string::npos ) dottedform.replace(n, 1, "."); + return dottedform; } -// returns a normalized version of a path, removing duplicate slashes, -// extraneous dots that refer to the current directory, and pops as many -// parent directories referred to by "../" as possible -const char* normalize_path(const char* path) +static vector* tokenize_string(string input, const string& delim, + vector* rval) + { + if ( ! rval ) + rval = new vector(); + + size_t n; + + while ( (n = input.find(delim)) != string::npos ) + { + rval->push_back(input.substr(0, n)); + input.erase(0, n + 1); + } + + rval->push_back(input); + return rval; + } + + +string normalize_path(const string& path) { size_t n; - string p(path); vector components, final_components; string new_path; - if ( p[0] == '/' ) + if ( path[0] == '/' ) new_path = "/"; - while ( (n = p.find("/")) != string::npos ) - { - components.push_back(p.substr(0, n)); - p.erase(0, n + 1); - } - components.push_back(p); + tokenize_string(path, "/", &components); vector::const_iterator it; for ( it = components.begin(); it != components.end(); ++it ) @@ -1026,125 +1063,86 @@ const char* normalize_path(const char* path) if ( new_path.size() > 1 && new_path[new_path.size() - 1] == '/' ) new_path.erase(new_path.size() - 1); - return copy_string(new_path.c_str()); + return new_path; } -// Returns the subpath of the root Bro script install/source/build directory in -// which the loaded file is located. If it's not under a subpath of that -// directory (e.g. cwd or custom path) then the full path is returned. -void get_script_subpath(const std::string& full_filename, const char** subpath) +string find_dir_in_bropath(const string& path) { size_t p; - std::string my_subpath(full_filename); + string rval(path); // get the parent directory of file (if not already a directory) - if ( ! is_dir(full_filename.c_str()) ) - { - char* tmp = copy_string(full_filename.c_str()); - my_subpath = dirname(tmp); - delete [] tmp; - } + if ( ! is_dir(path.c_str()) ) + rval = safe_dirname(path); // first check if this is some subpath of the installed scripts root path, // if not check if it's a subpath of the script source root path, // then check if it's a subpath of the build directory (where BIF scripts // will get generated). // If none of those, will just use the given directory. - if ( (p = my_subpath.find(BRO_SCRIPT_INSTALL_PATH)) != std::string::npos ) - my_subpath.erase(0, strlen(BRO_SCRIPT_INSTALL_PATH)); - else if ( (p = my_subpath.find(BRO_SCRIPT_SOURCE_PATH)) != std::string::npos ) - my_subpath.erase(0, strlen(BRO_SCRIPT_SOURCE_PATH)); - else if ( (p = my_subpath.find(BRO_BUILD_SOURCE_PATH)) != std::string::npos ) - my_subpath.erase(0, strlen(BRO_BUILD_SOURCE_PATH)); - else if ( (p = my_subpath.find(BRO_BUILD_SCRIPTS_PATH)) != std::string::npos ) - my_subpath.erase(0, strlen(BRO_BUILD_SCRIPTS_PATH)); + if ( (p = rval.find(BRO_SCRIPT_INSTALL_PATH)) != std::string::npos ) + rval.erase(0, strlen(BRO_SCRIPT_INSTALL_PATH)); + else if ( (p = rval.find(BRO_SCRIPT_SOURCE_PATH)) != std::string::npos ) + rval.erase(0, strlen(BRO_SCRIPT_SOURCE_PATH)); + else if ( (p = rval.find(BRO_BUILD_SOURCE_PATH)) != std::string::npos ) + rval.erase(0, strlen(BRO_BUILD_SOURCE_PATH)); + else if ( (p = rval.find(BRO_BUILD_SCRIPTS_PATH)) != std::string::npos ) + rval.erase(0, strlen(BRO_BUILD_SCRIPTS_PATH)); // if root path found, remove path separators until next path component if ( p != std::string::npos ) - while ( my_subpath.size() && my_subpath[0] == '/' ) - my_subpath.erase(0, 1); + while ( rval.size() && rval[0] == '/' ) + rval.erase(0, 1); - *subpath = normalize_path(my_subpath.c_str()); + return normalize_path(rval); } -FILE* search_for_file(const char* filename, const char* ext, - const char** full_filename, bool load_pkgs, - const char** bropath_subpath, string prepend_to_search_path) +static string find_file_in_path(const string& filename, const string& path, + const string& opt_ext = "") { - // If the file is a literal absolute path we don't have to search, - // just return the result of trying to open it. If the file is - // might be a relative path, check first if it's a real file that - // can be referenced from cwd, else we'll try to search for it based - // on what path the currently-loading script is in as well as the - // standard BROPATH paths. - if ( filename[0] == '/' || - (filename[0] == '.' && access(filename, R_OK) == 0) ) + if ( filename.empty() ) + return string(); + + // If file name is an absolute path, searching within *path* is pointless. + if ( filename[0] == '/' ) { - if ( bropath_subpath ) - { - char* tmp = copy_string(filename); - *bropath_subpath = copy_string(dirname(tmp)); - delete [] tmp; - } - return open_file(filename, full_filename, load_pkgs); - } - - char path[1024], full_filename_buf[1024]; - - // Prepend the currently loading script's path to BROPATH so that - // @loads can be referenced relatively. - if ( ! prepend_to_search_path.empty() && filename[0] == '.' ) - safe_snprintf(path, sizeof(path), "%s:%s", - prepend_to_search_path.c_str(), bro_path()); - else - safe_strncpy(path, bro_path(), sizeof(path)); - - char* dir_beginning = path; - char* dir_ending = path; - int more = *dir_beginning != '\0'; - - while ( more ) - { - while ( *dir_ending && *dir_ending != ':' ) - ++dir_ending; - - if ( *dir_ending == ':' ) - *dir_ending = '\0'; + if ( can_read(filename) ) + return filename; else - more = 0; - - safe_snprintf(full_filename_buf, sizeof(full_filename_buf), - "%s/%s.%s", dir_beginning, filename, ext); - if ( access(full_filename_buf, R_OK) == 0 && - ! is_dir(full_filename_buf) ) - { - if ( bropath_subpath ) - get_script_subpath(full_filename_buf, bropath_subpath); - return open_file(full_filename_buf, full_filename, load_pkgs); - } - - safe_snprintf(full_filename_buf, sizeof(full_filename_buf), - "%s/%s", dir_beginning, filename); - if ( access(full_filename_buf, R_OK) == 0 ) - { - if ( bropath_subpath ) - get_script_subpath(full_filename_buf, bropath_subpath); - return open_file(full_filename_buf, full_filename, load_pkgs); - } - - dir_beginning = ++dir_ending; + return string(); } - if ( full_filename ) - *full_filename = copy_string(filename); - if ( bropath_subpath ) - { - char* tmp = copy_string(filename); - *bropath_subpath = copy_string(dirname(tmp)); - delete [] tmp; - } + string abs_path(path + '/' + filename); - return 0; + if ( ! opt_ext.empty() ) + { + string with_ext(abs_path + '.' + opt_ext); + + if ( can_read(with_ext) ) + return with_ext; + } + + if ( can_read(abs_path) ) + return abs_path; + + return string(); + } + +string find_file(const string& filename, const string& path_set, + const string& opt_ext) + { + vector paths; + tokenize_string(path_set, ":", &paths); + + for ( size_t n = 0; n < paths.size(); ++n ) + { + string f = find_file_in_path(filename, paths[n], opt_ext); + + if ( ! f.empty() ) + return f; + } + + return string(); } FILE* rotate_file(const char* name, RecordVal* rotate_info) diff --git a/src/util.h b/src/util.h index e7ac4d33af..e35a1605e5 100644 --- a/src/util.h +++ b/src/util.h @@ -205,12 +205,64 @@ extern int int_list_cmp(const void* v1, const void* v2); extern const char* bro_path(); extern const char* bro_magic_path(); extern std::string bro_prefixes(); -std::string dot_canon(std::string path, std::string file, std::string prefix = ""); -const char* normalize_path(const char* path); -void get_script_subpath(const std::string& full_filename, const char** subpath); -extern FILE* search_for_file(const char* filename, const char* ext, - const char** full_filename, bool load_pkgs, const char** bropath_subpath, - std::string prepend_to_search_path = ""); + +// Wrappers for dirname(3) that won't modify argument. +std::string safe_dirname(const char* path); +std::string safe_dirname(const std::string& path); + +// Wrappers for basename(3) that won't modify argument. +std::string safe_basename(const char* path); +std::string safe_basename(const std::string& path); + +/** + * Flatten a script name by replacing '/' path separators with '.'. + * @param dir A directory containing \a file. + * @param file A path to a Bro script. If it is a __load__.bro, that part + * is discarded when constructing the flattened the name. + * @param prefix A string to prepend to the flattened script name. + * @return The flattened script name. + */ +std::string flatten_script_name(const std::string& dir, + const std::string& file, + const std::string& prefix = ""); + +/** + * Return a canonical/shortened path string by removing superfluous elements + * (path delimiters, dots referring to CWD or parent dir). + * @param path A filesystem path. + * @return A canonical/shortened version of \a path. + */ +std::string normalize_path(const std::string& path); + +/** + * Locate a file/direcotry within BROPATH. + * @param path A file/directory to locate within BROPATH. + * @return The directory within BROPATH that \a path located or an absolute + * path to \a path if it couldn't be located in BROPATH + */ +std::string find_dir_in_bropath(const std::string& path); + +/** + * Locate a file within a given search path. + * @param filename Name of a file to find. + * @param path_set Colon-delimited set of paths to search for the file. + * @param opt_ext A filename extension/suffix to allow. + * @return Path to the found file, or an empty string if not found. + */ +std::string find_file(const std::string& filename, const std::string& path_set, + const std::string& opt_ext = ""); + +// Wrapper around fopen(3). Emits an error when failing to open. +FILE* open_file(const std::string& path, const std::string& mode = "r"); + +/** Opens a Bro script package. + * @param path Location of a Bro script package (a directory). Will be changed + * to the path of the package's loader script. + * @param mode An fopen(3) mode. + * @return The return value of fopen(3) on the loader script or null if one + * doesn't exist. + */ +FILE* open_package(std::string& path, const std::string& mode = "r"); // Renames the given file to a new temporary name, and opens a new file with // the original name. Returns new file or NULL on error. Inits rotate_info if From 0fe474e23278a9c68b1e687cb8c008b3ceeea698 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Oct 2013 15:53:46 -0700 Subject: [PATCH 078/287] Polishing the reference section of the manual. Mostly resorting and renaming a few things. --- doc/index.rst | 2 -- doc/scripts/builtins.rst | 4 ++-- doc/scripts/index.rst | 9 +++++---- doc/scripts/scripts.rst | 6 +++--- src/BroDoc.cc | 12 ++++++++---- src/bro.bif | 5 ++++- src/input.bif | 2 +- src/probabilistic/bloom-filter.bif | 6 +----- src/probabilistic/cardinality-counter.bif | 7 +------ src/probabilistic/top-k.bif | 7 +------ 10 files changed, 26 insertions(+), 34 deletions(-) diff --git a/doc/index.rst b/doc/index.rst index ac667fc089..b79f1b67a6 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -18,8 +18,6 @@ Bro Documentation scripts/index.rst components/index.rst -* `Notice Index `_ (TODO: Move to reference - section, but can't figure out how to include it into toctree) * :ref:`General Index ` * :ref:`search` diff --git a/doc/scripts/builtins.rst b/doc/scripts/builtins.rst index 3605523839..aa1a097683 100644 --- a/doc/scripts/builtins.rst +++ b/doc/scripts/builtins.rst @@ -1,5 +1,5 @@ -Built-in Types and Attributes -============================= +Types and Attributes +==================== Types ----- diff --git a/doc/scripts/index.rst b/doc/scripts/index.rst index 8897504bb0..5a19bd23f0 100644 --- a/doc/scripts/index.rst +++ b/doc/scripts/index.rst @@ -7,13 +7,14 @@ Script Reference .. toctree:: :maxdepth: 1 - builtins - Built-In Functions (BIFs) - scripts packages - internal proto-analyzers file-analyzers + notices + builtins + Built-in Functions (BIFs) + internal + scripts diff --git a/doc/scripts/scripts.rst b/doc/scripts/scripts.rst index d454063002..8aceacf329 100644 --- a/doc/scripts/scripts.rst +++ b/doc/scripts/scripts.rst @@ -1,8 +1,8 @@ .. This is a stub doc to which broxygen appends during the build process -======================== -Index of All Bro Scripts -======================== +=============== +All Bro Scripts +=============== .. toctree:: :maxdepth: 1 diff --git a/src/BroDoc.cc b/src/BroDoc.cc index dd0e8ff37c..93d8a34848 100644 --- a/src/BroDoc.cc +++ b/src/BroDoc.cc @@ -610,8 +610,10 @@ void CreateProtoAnalyzerDoc(const char* filename) { FILE* f = fopen(filename, "w"); - fprintf(f, "Protocol Analyzer Reference\n"); - fprintf(f, "===========================\n\n"); + fprintf(f, "Protocol Analyzers\n"); + fprintf(f, "==================\n\n\n"); + fprintf(f, ".. contents::\n"); + fprintf(f, " :depth: 1\n\n"); WriteAnalyzerTagDefn(f, analyzer_mgr->GetTagEnumType(), "Analyzer"); @@ -640,8 +642,10 @@ void CreateFileAnalyzerDoc(const char* filename) { FILE* f = fopen(filename, "w"); - fprintf(f, "File Analyzer Reference\n"); - fprintf(f, "=======================\n\n"); + fprintf(f, "File Analyzers\n"); + fprintf(f, "==============\n\n"); + fprintf(f, ".. contents::\n"); + fprintf(f, " :depth: 1\n\n"); WriteAnalyzerTagDefn(f, file_mgr->GetTagEnumType(), "Files"); diff --git a/src/bro.bif b/src/bro.bif index 93b0da2dcc..f699c1e162 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1,7 +1,10 @@ ##! A collection of built-in functions that implement a variety of things ##! such as general programming algorithms, string processing, math functions, ##! introspection, type conversion, file/directory manipulation, packet filtering, -##! inter-process communication and controlling protocol analyzer behavior. +##! inter-process communication and controlling protocol analyzer behavior. +##! +##! You'll find most of Bro's built-in functions that aren't protocol-specific in +##! this file. %%{ // C segment #include diff --git a/src/input.bif b/src/input.bif index d6a880d9e9..f7c4d37a67 100644 --- a/src/input.bif +++ b/src/input.bif @@ -1,4 +1,4 @@ -# functions and types for the input framework +##! Internal functions and types used by the input framework. module Input; diff --git a/src/probabilistic/bloom-filter.bif b/src/probabilistic/bloom-filter.bif index a495a603ae..f76a10a900 100644 --- a/src/probabilistic/bloom-filter.bif +++ b/src/probabilistic/bloom-filter.bif @@ -1,8 +1,4 @@ -# =========================================================================== -# -# Bloom Filter Functions -# -# =========================================================================== +##! Functions to create and manipulate Bloom filters. %%{ diff --git a/src/probabilistic/cardinality-counter.bif b/src/probabilistic/cardinality-counter.bif index 3f3f9653e6..f1113d73fc 100644 --- a/src/probabilistic/cardinality-counter.bif +++ b/src/probabilistic/cardinality-counter.bif @@ -1,9 +1,4 @@ -# =========================================================================== -# -# HyperLogLog Functions -# -# =========================================================================== - +##! Functions to create and manipulate probabilistic cardinality counters. %%{ #include "probabilistic/CardinalityCounter.h" diff --git a/src/probabilistic/top-k.bif b/src/probabilistic/top-k.bif index 9ad36cadef..2725fe0422 100644 --- a/src/probabilistic/top-k.bif +++ b/src/probabilistic/top-k.bif @@ -1,9 +1,4 @@ -# =========================================================================== -# -# Top-K Functions -# -# =========================================================================== - +##! Functions to probabilistically determine top-k elements. %%{ #include "probabilistic/Topk.h" From 1bdfa3dff2454b5e38c51150f3cc3fce4744c30b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Oct 2013 16:45:42 -0700 Subject: [PATCH 079/287] Updating Broxygen stylesheet. --- doc/_static/broxygen.css | 52 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/doc/_static/broxygen.css b/doc/_static/broxygen.css index 967dcd6eaa..5259c3adfc 100644 --- a/doc/_static/broxygen.css +++ b/doc/_static/broxygen.css @@ -150,8 +150,14 @@ sup, sub { line-height:0; } -pre { - white-space:pre; +pre, code { + white-space: pre; + overflow: auto; + margin-left: 2em; + margin-right: 2em; + margin-top: .5em; + margin-bottom: 1.5em; + word-wrap: normal; } pre, code, tt { @@ -166,6 +172,10 @@ dl dt { font-weight: bold; } +li dl dt { + font-weight: normal; +} + dd { margin:0 0 20px 20px; } @@ -174,6 +184,16 @@ small { font-size:75%; } +.small-text { + font-size:75%; +} + +.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + a:link, a:visited, a:active @@ -434,4 +454,32 @@ li { padding-bottom: 0em; margin-bottom: .5em; margin-top: 0em; +} + +.btest-cmd .hll { + font-weight: bold; + background: #FFFAE2; + } + +.btest-include .hll { + display: block; + text-align: center; + font-family: Palatino; + background: #FFFAE2; + } + +.btest-include .hll * { + color: #aaa; + } + +.linenodiv pre { + margin-left: 0px; + margin-right: 0px; + width: 1.5em; + text-align: right; + background: #000; +} + +.btest-cmd .code pre, .btest-include .code pre { + margin-left: 0px; } \ No newline at end of file From 364cdb86044409fc998ffbf4fc6538cde874c553 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Oct 2013 16:48:38 -0700 Subject: [PATCH 080/287] Updating Sphinx tests for manual. --- .../btest-doc.sphinx.connection-record-01#1 | 20 +++---- .../btest-doc.sphinx.connection-record-02#1 | 32 +++++------ .../btest-doc.sphinx.data_struct_record_01#1 | 22 ++++---- .../btest-doc.sphinx.data_struct_record_02#1 | 24 +++++---- ...t-doc.sphinx.data_struct_set_declaration#1 | 26 ++++----- ...est-doc.sphinx.data_struct_table_complex#1 | 18 ++++--- ...doc.sphinx.data_struct_table_declaration#1 | 18 ++++--- ...oc.sphinx.data_struct_vector_declaration#1 | 18 ++++--- ...btest-doc.sphinx.data_struct_vector_iter#1 | 16 +++--- .../btest-doc.sphinx.data_type_const.bro#1 | 18 ++++--- .../btest-doc.sphinx.data_type_interval#1 | 44 +++++++-------- .../btest-doc.sphinx.data_type_pattern#1 | 16 +++--- .../btest-doc.sphinx.data_type_pattern_02#1 | 14 ++--- .../btest-doc.sphinx.data_type_subnets#1 | 18 ++++--- .../btest-doc.sphinx.data_type_time#1 | 28 +++++----- ...doc.sphinx.framework_logging_factorial-2#1 | 54 ++++++++++--------- ...doc.sphinx.framework_logging_factorial-3#1 | 46 ++++++++-------- ...t-doc.sphinx.framework_logging_factorial#1 | 30 ++++++----- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../btest-doc.sphinx.using_bro#1 | 48 +++++++++-------- .../btest-doc.sphinx.using_bro#2 | 32 +++++------ .../btest-doc.sphinx.using_bro#3 | 32 +++++------ .../btest-doc.sphinx.using_bro#4 | 22 ++++---- .../btest-doc.sphinx.using_bro#5 | 22 ++++---- .../btest-doc.sphinx.using_bro#6 | 22 ++++---- .../btest-doc.sphinx.using_bro#7 | 20 +++---- .../btest-doc.sphinx.using_bro#8 | 12 +++-- ...c_scripting_connection_record_02_bro.btest | 2 +- ...scripting_connection_record_02_bro@2.btest | 2 +- ..._scripting_data_struct_record_01_bro.btest | 2 +- ..._scripting_data_struct_record_02_bro.btest | 2 +- ...ting_data_struct_set_declaration_bro.btest | 2 +- ...ng_data_struct_set_declaration_bro@2.btest | 2 +- ...ng_data_struct_set_declaration_bro@3.btest | 2 +- ...ng_data_struct_set_declaration_bro@4.btest | 2 +- ...ipting_data_struct_table_complex_bro.btest | 2 +- ...ng_data_struct_table_declaration_bro.btest | 2 +- ...g_data_struct_vector_declaration_bro.btest | 2 +- ...cripting_data_struct_vector_iter_bro.btest | 2 +- ...de-doc_scripting_data_type_const_bro.btest | 2 +- ...scripting_data_type_const_simple_bro.btest | 2 +- ..._scripting_data_type_declaration_bro.btest | 2 +- ...doc_scripting_data_type_interval_bro.btest | 2 +- ...de-doc_scripting_data_type_local_bro.btest | 2 +- ...c_scripting_data_type_pattern_01_bro.btest | 2 +- ...c_scripting_data_type_pattern_02_bro.btest | 2 +- ...-doc_scripting_data_type_subnets_bro.btest | 2 +- ...ude-doc_scripting_data_type_time_bro.btest | 2 +- ...g_framework_logging_factorial_01_bro.btest | 2 +- ...g_framework_logging_factorial_02_bro.btest | 2 +- ...g_framework_logging_factorial_03_bro.btest | 2 +- ...g_framework_logging_factorial_04_bro.btest | 2 +- ...ripting_framework_notice_hook_01_bro.btest | 2 +- ...ework_notice_hook_suppression_01_bro.btest | 2 +- ...ng_framework_notice_shortcuts_01_bro.btest | 2 +- ...ng_framework_notice_shortcuts_02_bro.btest | 2 +- ...clude-scripts_base_bif_event_bif_bro.btest | 2 +- ...e_bif_plugins_Bro_DNS_events_bif_bro.btest | 2 +- .../include-scripts_base_init-bare_bro.btest | 2 +- ...scripts_base_protocols_conn_main_bro.btest | 2 +- ...scripts_base_protocols_http_main_bro.btest | 2 +- ...licy_frameworks_files_detect-MHR_bro.btest | 2 +- ...cy_frameworks_files_detect-MHR_bro@2.btest | 2 +- ...cy_frameworks_files_detect-MHR_bro@3.btest | 2 +- ...cy_frameworks_files_detect-MHR_bro@4.btest | 2 +- ...olicy_protocols_conn_known-hosts_bro.btest | 2 +- ...tocols_ssh_interesting-hostnames_bro.btest | 2 +- ...icy_protocols_ssl_expiring-certs_bro.btest | 2 +- 108 files changed, 447 insertions(+), 389 deletions(-) diff --git a/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1 b/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1 index d3ba4e3d1c..1deb2583a9 100644 --- a/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1 +++ b/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1 @@ -1,11 +1,13 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -b -r dns-session.trace connection_record_01.bro - [id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={ - - }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={ - - }], extract_orig=F, extract_resp=F] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -b -r dns-session.trace connection_record_01.bro + [id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={ + + }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={ + + }], extract_orig=F, extract_resp=F] diff --git a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 index 8671de3372..42d0a56e21 100644 --- a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 +++ b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 @@ -1,17 +1,19 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -b -r dns-session.trace connection_record_02.bro - [id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={ - - }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={ - - }], extract_orig=F, extract_resp=F, dns=, dns_state=[pending={ - [34798] = [initialized=T, vals={ - - }, settings=[max_len=], top=1, bottom=1, size=0] - }, finished_answers={ - - }]] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -b -r dns-session.trace connection_record_02.bro + [id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={ + + }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, conn=[ts=930613226.067666, uid=CXWv6p3arKYeMETxOg, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={ + + }], extract_orig=F, extract_resp=F, dns=, dns_state=[pending={ + [34798] = [initialized=T, vals={ + + }, settings=[max_len=], top=1, bottom=1, size=0] + }, finished_answers={ + + }]] diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_record_01/btest-doc.sphinx.data_struct_record_01#1 b/testing/btest/Baseline/doc.sphinx.data_struct_record_01/btest-doc.sphinx.data_struct_record_01#1 index 5b8d702333..6bb5fcdefb 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_record_01/btest-doc.sphinx.data_struct_record_01#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_record_01/btest-doc.sphinx.data_struct_record_01#1 @@ -1,12 +1,14 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_struct_record_01.bro - Service: dns(RFC1035) - port: 53/tcp - port: 53/udp - Service: http(RFC2616) - port: 80/tcp - port: 8080/tcp + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_struct_record_01.bro + Service: dns(RFC1035) + port: 53/tcp + port: 53/udp + Service: http(RFC2616) + port: 80/tcp + port: 8080/tcp diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_record_02/btest-doc.sphinx.data_struct_record_02#1 b/testing/btest/Baseline/doc.sphinx.data_struct_record_02/btest-doc.sphinx.data_struct_record_02#1 index b640862c49..69c0e9e217 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_record_02/btest-doc.sphinx.data_struct_record_02#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_record_02/btest-doc.sphinx.data_struct_record_02#1 @@ -1,13 +1,15 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_struct_record_02.bro - System: morlock - Service: dns(RFC1035) - port: 53/tcp - port: 53/udp - Service: http(RFC2616) - port: 80/tcp - port: 8080/tcp + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_struct_record_02.bro + System: morlock + Service: dns(RFC1035) + port: 53/tcp + port: 53/udp + Service: http(RFC2616) + port: 80/tcp + port: 8080/tcp diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_set_declaration/btest-doc.sphinx.data_struct_set_declaration#1 b/testing/btest/Baseline/doc.sphinx.data_struct_set_declaration/btest-doc.sphinx.data_struct_set_declaration#1 index f22481364a..d86aebc894 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_set_declaration/btest-doc.sphinx.data_struct_set_declaration#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_set_declaration/btest-doc.sphinx.data_struct_set_declaration#1 @@ -1,14 +1,16 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_struct_set_declaration.bro - SSL Port: 993/tcp - SSL Port: 22/tcp - SSL Port: 587/tcp - SSL Port: 443/tcp - Non-SSL Port: 143/tcp - Non-SSL Port: 25/tcp - Non-SSL Port: 80/tcp - Non-SSL Port: 23/tcp + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_struct_set_declaration.bro + SSL Port: 993/tcp + SSL Port: 22/tcp + SSL Port: 587/tcp + SSL Port: 443/tcp + Non-SSL Port: 143/tcp + Non-SSL Port: 25/tcp + Non-SSL Port: 80/tcp + Non-SSL Port: 23/tcp diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_table_complex/btest-doc.sphinx.data_struct_table_complex#1 b/testing/btest/Baseline/doc.sphinx.data_struct_table_complex/btest-doc.sphinx.data_struct_table_complex#1 index 415d6b4436..d6f175dda2 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_table_complex/btest-doc.sphinx.data_struct_table_complex#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_table_complex/btest-doc.sphinx.data_struct_table_complex#1 @@ -1,10 +1,12 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -b data_struct_table_complex.bro - Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai - Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai - Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai - Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -b data_struct_table_complex.bro + Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai + Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai + Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai + Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_table_declaration/btest-doc.sphinx.data_struct_table_declaration#1 b/testing/btest/Baseline/doc.sphinx.data_struct_table_declaration/btest-doc.sphinx.data_struct_table_declaration#1 index 0b6efd6166..ec1e66216a 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_table_declaration/btest-doc.sphinx.data_struct_table_declaration#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_table_declaration/btest-doc.sphinx.data_struct_table_declaration#1 @@ -1,10 +1,12 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_struct_table_declaration.bro - Service Name: IMAPS - Common Port: 993/tcp - Service Name: HTTPS - Common Port: 443/tcp - Service Name: SSH - Common Port: 22/tcp - Service Name: SMTPS - Common Port: 587/tcp + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_struct_table_declaration.bro + Service Name: IMAPS - Common Port: 993/tcp + Service Name: HTTPS - Common Port: 443/tcp + Service Name: SSH - Common Port: 22/tcp + Service Name: SMTPS - Common Port: 587/tcp diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_vector_declaration/btest-doc.sphinx.data_struct_vector_declaration#1 b/testing/btest/Baseline/doc.sphinx.data_struct_vector_declaration/btest-doc.sphinx.data_struct_vector_declaration#1 index c282de7c49..d6e63d72ba 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_vector_declaration/btest-doc.sphinx.data_struct_vector_declaration#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_vector_declaration/btest-doc.sphinx.data_struct_vector_declaration#1 @@ -1,10 +1,12 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_struct_vector_declaration.bro - contents of v1: [1, 2, 3, 4] - length of v1: 4 - contents of v1: [1, 2, 3, 4] - length of v2: 4 + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_struct_vector_declaration.bro + contents of v1: [1, 2, 3, 4] + length of v1: 4 + contents of v1: [1, 2, 3, 4] + length of v2: 4 diff --git a/testing/btest/Baseline/doc.sphinx.data_struct_vector_iter/btest-doc.sphinx.data_struct_vector_iter#1 b/testing/btest/Baseline/doc.sphinx.data_struct_vector_iter/btest-doc.sphinx.data_struct_vector_iter#1 index 88634f57a6..4ee9351803 100644 --- a/testing/btest/Baseline/doc.sphinx.data_struct_vector_iter/btest-doc.sphinx.data_struct_vector_iter#1 +++ b/testing/btest/Baseline/doc.sphinx.data_struct_vector_iter/btest-doc.sphinx.data_struct_vector_iter#1 @@ -1,9 +1,11 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -b data_struct_vector_iter.bro - 1.2.0.0/18 - 2.3.0.0/18 - 3.4.0.0/18 + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -b data_struct_vector_iter.bro + 1.2.0.0/18 + 2.3.0.0/18 + 3.4.0.0/18 diff --git a/testing/btest/Baseline/doc.sphinx.data_type_const.bro/btest-doc.sphinx.data_type_const.bro#1 b/testing/btest/Baseline/doc.sphinx.data_type_const.bro/btest-doc.sphinx.data_type_const.bro#1 index 48532cfb84..d1fcd91551 100644 --- a/testing/btest/Baseline/doc.sphinx.data_type_const.bro/btest-doc.sphinx.data_type_const.bro#1 +++ b/testing/btest/Baseline/doc.sphinx.data_type_const.bro/btest-doc.sphinx.data_type_const.bro#1 @@ -1,10 +1,12 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -b data_type_const.bro - { - [6666/tcp] = IRC, - [80/tcp] = WWW - } + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -b data_type_const.bro + { + [6666/tcp] = IRC, + [80/tcp] = WWW + } diff --git a/testing/btest/Baseline/doc.sphinx.data_type_interval/btest-doc.sphinx.data_type_interval#1 b/testing/btest/Baseline/doc.sphinx.data_type_interval/btest-doc.sphinx.data_type_interval#1 index d200467611..cba6436e3d 100644 --- a/testing/btest/Baseline/doc.sphinx.data_type_interval/btest-doc.sphinx.data_type_interval#1 +++ b/testing/btest/Baseline/doc.sphinx.data_type_interval/btest-doc.sphinx.data_type_interval#1 @@ -1,23 +1,25 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -r wikipedia.trace data_type_interval.bro - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118 - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 132.0 msecs 97.0 usecs - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 177.0 usecs - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 2.0 msecs 177.0 usecs - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 33.0 msecs 898.0 usecs - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 35.0 usecs - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 - Time since last connection: 2.0 msecs 532.0 usecs - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2 - Time since last connection: 7.0 msecs 866.0 usecs - 2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128 - Time since last connection: 817.0 msecs 703.0 usecs + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -r wikipedia.trace data_type_interval.bro + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118 + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 + Time since last connection: 132.0 msecs 97.0 usecs + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 + Time since last connection: 177.0 usecs + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 + Time since last connection: 2.0 msecs 177.0 usecs + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 + Time since last connection: 33.0 msecs 898.0 usecs + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 + Time since last connection: 35.0 usecs + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3 + Time since last connection: 2.0 msecs 532.0 usecs + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2 + Time since last connection: 7.0 msecs 866.0 usecs + 2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128 + Time since last connection: 817.0 msecs 703.0 usecs diff --git a/testing/btest/Baseline/doc.sphinx.data_type_pattern/btest-doc.sphinx.data_type_pattern#1 b/testing/btest/Baseline/doc.sphinx.data_type_pattern/btest-doc.sphinx.data_type_pattern#1 index e74a70e576..99281b205e 100644 --- a/testing/btest/Baseline/doc.sphinx.data_type_pattern/btest-doc.sphinx.data_type_pattern#1 +++ b/testing/btest/Baseline/doc.sphinx.data_type_pattern/btest-doc.sphinx.data_type_pattern#1 @@ -1,9 +1,11 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_type_pattern_01.bro - The - brown fox jumped over the - dog. + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_type_pattern_01.bro + The + brown fox jumped over the + dog. diff --git a/testing/btest/Baseline/doc.sphinx.data_type_pattern_02/btest-doc.sphinx.data_type_pattern_02#1 b/testing/btest/Baseline/doc.sphinx.data_type_pattern_02/btest-doc.sphinx.data_type_pattern_02#1 index 3097c85bcd..9c0cfee2d4 100644 --- a/testing/btest/Baseline/doc.sphinx.data_type_pattern_02/btest-doc.sphinx.data_type_pattern_02#1 +++ b/testing/btest/Baseline/doc.sphinx.data_type_pattern_02/btest-doc.sphinx.data_type_pattern_02#1 @@ -1,8 +1,10 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_type_pattern_02.bro - equality and /^?(equal)$?/ are not equal - equality and /^?(equality)$?/ are equal + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_type_pattern_02.bro + equality and /^?(equal)$?/ are not equal + equality and /^?(equality)$?/ are equal diff --git a/testing/btest/Baseline/doc.sphinx.data_type_subnets/btest-doc.sphinx.data_type_subnets#1 b/testing/btest/Baseline/doc.sphinx.data_type_subnets/btest-doc.sphinx.data_type_subnets#1 index 92d18b84ba..f7a3f918fa 100644 --- a/testing/btest/Baseline/doc.sphinx.data_type_subnets/btest-doc.sphinx.data_type_subnets#1 +++ b/testing/btest/Baseline/doc.sphinx.data_type_subnets/btest-doc.sphinx.data_type_subnets#1 @@ -1,10 +1,12 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro data_type_subnets.bro - 172.16.4.56 belongs to subnet 172.16.0.0/20 - 172.16.47.254 belongs to subnet 172.16.32.0/20 - 172.16.22.45 belongs to subnet 172.16.16.0/20 - 172.16.1.1 belongs to subnet 172.16.0.0/20 + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro data_type_subnets.bro + 172.16.4.56 belongs to subnet 172.16.0.0/20 + 172.16.47.254 belongs to subnet 172.16.32.0/20 + 172.16.22.45 belongs to subnet 172.16.16.0/20 + 172.16.1.1 belongs to subnet 172.16.0.0/20 diff --git a/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1 b/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1 index d83f819038..e0f9ca2d11 100644 --- a/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1 +++ b/testing/btest/Baseline/doc.sphinx.data_type_time/btest-doc.sphinx.data_type_time#1 @@ -1,15 +1,17 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -r wikipedia.trace data_type_time.bro - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J - 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J - 2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128^J + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -r wikipedia.trace data_type_time.bro + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J + 2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J + 2011/06/18 19:03:09: New connection established from 141.142.220.235 to 173.192.163.128^J diff --git a/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-2/btest-doc.sphinx.framework_logging_factorial-2#1 b/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-2/btest-doc.sphinx.framework_logging_factorial-2#1 index ed2d0fe653..9edd79d146 100644 --- a/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-2/btest-doc.sphinx.framework_logging_factorial-2#1 +++ b/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-2/btest-doc.sphinx.framework_logging_factorial-2#1 @@ -1,29 +1,33 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro framework_logging_factorial_02.bro + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 -.. code-block:: guess - :linenos: + # bro framework_logging_factorial_02.bro - #separator \x09 - #set_separator , - #empty_field (empty) - #unset_field - - #path factor - #open 2013-09-01-01-08-18 - #fields num factorial_num - #types count count - 1 1 - 2 2 - 3 6 - 4 24 - 5 120 - 6 720 - 7 5040 - 8 40320 - 9 362880 - 10 3628800 - #close 2013-09-01-01-08-18 +.. rst-class:: btest-include + + .. code-block:: guess + :linenos: + + #separator \x09 + #set_separator , + #empty_field (empty) + #unset_field - + #path factor + #open 2013-10-07-23-48-11 + #fields num factorial_num + #types count count + 1 1 + 2 2 + 3 6 + 4 24 + 5 120 + 6 720 + 7 5040 + 8 40320 + 9 362880 + 10 3628800 + #close 2013-10-07-23-48-11 diff --git a/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-3/btest-doc.sphinx.framework_logging_factorial-3#1 b/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-3/btest-doc.sphinx.framework_logging_factorial-3#1 index 0e6c11c04a..cc0f1c1444 100644 --- a/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-3/btest-doc.sphinx.framework_logging_factorial-3#1 +++ b/testing/btest/Baseline/doc.sphinx.framework_logging_factorial-3/btest-doc.sphinx.framework_logging_factorial-3#1 @@ -1,25 +1,29 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro framework_logging_factorial_03.bro + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 -.. code-block:: guess - :linenos: + # bro framework_logging_factorial_03.bro - #separator \x09 - #set_separator , - #empty_field (empty) - #unset_field - - #path factor-mod5 - #open 2013-09-01-01-08-18 - #fields num factorial_num - #types count count - 5 120 - 6 720 - 7 5040 - 8 40320 - 9 362880 - 10 3628800 - #close 2013-09-01-01-08-18 +.. rst-class:: btest-include + + .. code-block:: guess + :linenos: + + #separator \x09 + #set_separator , + #empty_field (empty) + #unset_field - + #path factor-mod5 + #open 2013-10-07-23-48-12 + #fields num factorial_num + #types count count + 5 120 + 6 720 + 7 5040 + 8 40320 + 9 362880 + 10 3628800 + #close 2013-10-07-23-48-12 diff --git a/testing/btest/Baseline/doc.sphinx.framework_logging_factorial/btest-doc.sphinx.framework_logging_factorial#1 b/testing/btest/Baseline/doc.sphinx.framework_logging_factorial/btest-doc.sphinx.framework_logging_factorial#1 index 8a64a2da65..bd6c14f966 100644 --- a/testing/btest/Baseline/doc.sphinx.framework_logging_factorial/btest-doc.sphinx.framework_logging_factorial#1 +++ b/testing/btest/Baseline/doc.sphinx.framework_logging_factorial/btest-doc.sphinx.framework_logging_factorial#1 @@ -1,16 +1,18 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro framework_logging_factorial_01.bro - 1 - 2 - 6 - 24 - 120 - 720 - 5040 - 40320 - 362880 - 3628800 + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro framework_logging_factorial_01.bro + 1 + 2 + 6 + 24 + 120 + 720 + 5040 + 40320 + 362880 + 3628800 diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/output index 20ffe4c686..e4552b8580 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- connection_record_02.bro +connection_record_02.bro @load base/protocols/conn @load base/protocols/dns diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output index 20ffe4c686..e4552b8580 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- connection_record_02.bro +connection_record_02.bro @load base/protocols/conn @load base/protocols/dns diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/output index 12a6515235..ea390412f6 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_record_01.bro +data_struct_record_01.bro type Service: record { name: string; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/output index dedbca8be7..143e6c5672 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_record_02.bro +data_struct_record_02.bro type Service: record { name: string; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/output index 700c7296d0..47aa12030b 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/output index b31b65805f..12020f4b67 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro for ( i in ssl_ports ) print fmt("SSL Port: %s", i); diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/output index c5bddfb7d1..b7a68af4aa 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro # Check for SMTPS if ( 587/tcp !in ssl_ports ) diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/output index 5c87335f06..53b193850c 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/output index 2557adea17..c92d338cec 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_table_complex.bro +data_struct_table_complex.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/output index 8aab992b18..752af3a934 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_table_declaration.bro +data_struct_table_declaration.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/output index 91eaf2432d..575b5a18b4 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_vector_declaration.bro +data_struct_vector_declaration.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/output index 73694157d3..5f16dcc5af 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_vector_iter.bro +data_struct_vector_iter.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/output index f1337275ca..20a4f8d71e 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_const.bro +data_type_const.bro const port_list: table[port] of string &redef; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/output index 807e92573f..29844f2b01 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_const_simple.bro +data_type_const_simple.bro @load base/protocols/http diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/output index 56ac2c5fc4..a153f3066c 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_declaration.bro +data_type_declaration.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/output index fd6d831e8b..25076f3e8e 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_interval.bro +data_type_interval.bro # Store the time the previous connection was established. global last_connection_time: time; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/output index 93f84cc059..0e034dddd2 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_local.bro +data_type_local.bro function add_two(i: count): count { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/output index 55f68d9e45..f108efb795 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_pattern_01.bro +data_type_pattern_01.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/output index ed09de2be0..4e4d8992df 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_pattern_02.bro +data_type_pattern_02.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/output index f23f3427ed..75600794ec 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_subnets.bro +data_type_subnets.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/output index fa04f56021..00a3e20813 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_time.bro +data_type_time.bro event connection_established(c: connection) { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/output index 762e8a1651..e542572647 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_01.bro +framework_logging_factorial_01.bro module Factor; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output index 6972c285f9..ce2a9106cd 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_02.bro +framework_logging_factorial_02.bro module Factor; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output index 9e7846eb59..631875ba2a 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_03.bro +framework_logging_factorial_03.bro event bro_init() { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output index b2e85f0c90..035f8d90bc 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_04.bro +framework_logging_factorial_04.bro module Factor; diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/output index 632efc9b90..96a3b5a921 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_hook_01.bro +framework_notice_hook_01.bro @load policy/protocols/ssh/interesting-hostnames.bro diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/output index 0d5eb7e25f..b51bd2eebe 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_hook_suppression_01.bro +framework_notice_hook_suppression_01.bro @load policy/protocols/ssl/expiring-certs.bro diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/output index 80e464f312..0202fa3a28 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_shortcuts_01.bro +framework_notice_shortcuts_01.bro @load policy/protocols/ssh/interesting-hostnames.bro @load base/protocols/ssh/ diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/output index 0418955ab2..266a2e1fbb 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_shortcuts_02.bro +framework_notice_shortcuts_02.bro @load policy/protocols/ssh/interesting-hostnames.bro @load base/protocols/ssh/ diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output index 0d981e7fc0..c77e08c5a1 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- event.bif.bro +event.bif.bro ## Generated for every new connection. This event is raised with the first ## packet of a previously unknown connection. Bro uses a flow-based definition diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/output index b393c0580b..6e15ece5e0 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- Bro_DNS.events.bif.bro +Bro_DNS.events.bif.bro ## Generated for DNS requests. For requests with multiple queries, this event ## is raised once for each. diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/output index c42a63f6ad..0057a78cc4 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- init-bare.bro +init-bare.bro type string_array: table[count] of string; type string_set: set[string]; diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output index ddbe628009..9966341119 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- main.bro +main.bro module Conn; diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/output index 0acb7a17e8..c2e558bac8 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- main.bro +main.bro module HTTP; diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output index 9220e6abf7..26911a534c 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro ##! Detect file downloads that have hash values matching files in Team ##! Cymru's Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output index 656abf3ba1..4ce4383efb 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro @load base/frameworks/files @load base/frameworks/notice diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output index 75d94f6990..b8a0abf363 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro export { redef enum Notice::Type += { diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output index 7e3e1b0a11..57d2d7ee50 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro event file_hash(f: fa_file, kind: string, hash: string) { diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/output index db7f3d355b..150de38f35 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- known-hosts.bro +known-hosts.bro module Known; diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output index 2a395ab20e..2ff1a711be 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- interesting-hostnames.bro +interesting-hostnames.bro ##! This script will generate a notice if an apparent SSH login originates ##! or heads to a host with a reverse hostname that looks suspicious. By diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/output index 6a630796c0..aff7dffff7 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/output @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- expiring-certs.bro +expiring-certs.bro NOTICE([$note=Certificate_Expires_Soon, $msg=fmt("Certificate %s is going to expire at %T", cert$subject, cert$not_valid_after), diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1 index ee6f8a7a03..65c802ccf2 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1 @@ -1,26 +1,30 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro -r wikipedia.trace + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 -.. code-block:: guess - :linenos: + # bro -r wikipedia.trace - #separator \x09 - #set_separator , - #empty_field (empty) - #unset_field - - #path conn - #open 2013-09-01-01-08-21 - #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents - #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] - 1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty) - 1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 (empty) - 1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 (empty) - 1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty) - 1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty) - 1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty) - 1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty) - [...] +.. rst-class:: btest-include + + .. code-block:: guess + :linenos: + + #separator \x09 + #set_separator , + #empty_field (empty) + #unset_field - + #path conn + #open 2013-10-07-23-48-15 + #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents + #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] + 1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty) + 1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 (empty) + 1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 (empty) + 1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty) + 1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty) + 1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty) + 1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty) + [...] diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#2 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#2 index b455b9a8e8..2b060fc2ff 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#2 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#2 @@ -1,17 +1,19 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # cat conn.log | bro-cut id.orig_h id.orig_p id.resp_h duration - 141.142.220.202 5353 224.0.0.251 - - fe80::217:f2ff:fed7:cf65 5353 ff02::fb - - 141.142.220.50 5353 224.0.0.251 - - 141.142.220.118 43927 141.142.2.2 0.000435 - 141.142.220.118 37676 141.142.2.2 0.000420 - 141.142.220.118 40526 141.142.2.2 0.000392 - 141.142.220.118 32902 141.142.2.2 0.000317 - 141.142.220.118 59816 141.142.2.2 0.000343 - 141.142.220.118 59714 141.142.2.2 0.000375 - 141.142.220.118 58206 141.142.2.2 0.000339 - [...] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # cat conn.log | bro-cut id.orig_h id.orig_p id.resp_h duration + 141.142.220.202 5353 224.0.0.251 - + fe80::217:f2ff:fed7:cf65 5353 ff02::fb - + 141.142.220.50 5353 224.0.0.251 - + 141.142.220.118 43927 141.142.2.2 0.000435 + 141.142.220.118 37676 141.142.2.2 0.000420 + 141.142.220.118 40526 141.142.2.2 0.000392 + 141.142.220.118 32902 141.142.2.2 0.000317 + 141.142.220.118 59816 141.142.2.2 0.000343 + 141.142.220.118 59714 141.142.2.2 0.000375 + 141.142.220.118 58206 141.142.2.2 0.000339 + [...] diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#3 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#3 index 8492053976..92378e6c08 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#3 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#3 @@ -1,17 +1,19 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # awk '/^[^#]/ {print $3, $4, $5, $6, $9}' conn.log - 141.142.220.202 5353 224.0.0.251 5353 - - fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 - - 141.142.220.50 5353 224.0.0.251 5353 - - 141.142.220.118 43927 141.142.2.2 53 0.000435 - 141.142.220.118 37676 141.142.2.2 53 0.000420 - 141.142.220.118 40526 141.142.2.2 53 0.000392 - 141.142.220.118 32902 141.142.2.2 53 0.000317 - 141.142.220.118 59816 141.142.2.2 53 0.000343 - 141.142.220.118 59714 141.142.2.2 53 0.000375 - 141.142.220.118 58206 141.142.2.2 53 0.000339 - [...] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # awk '/^[^#]/ {print $3, $4, $5, $6, $9}' conn.log + 141.142.220.202 5353 224.0.0.251 5353 - + fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 - + 141.142.220.50 5353 224.0.0.251 5353 - + 141.142.220.118 43927 141.142.2.2 53 0.000435 + 141.142.220.118 37676 141.142.2.2 53 0.000420 + 141.142.220.118 40526 141.142.2.2 53 0.000392 + 141.142.220.118 32902 141.142.2.2 53 0.000317 + 141.142.220.118 59816 141.142.2.2 53 0.000343 + 141.142.220.118 59714 141.142.2.2 53 0.000375 + 141.142.220.118 58206 141.142.2.2 53 0.000339 + [...] diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#4 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#4 index a41a275d32..511e8f18f5 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#4 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#4 @@ -1,12 +1,14 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro-cut -d ts uid host uri < http.log - 2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css - 2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png - 2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png - 2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png - 2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png - [...] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro-cut -d ts uid host uri < http.log + 2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css + 2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png + 2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png + 2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png + 2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png + [...] diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#5 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#5 index 1d3caa52b9..e743720247 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#5 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#5 @@ -1,12 +1,14 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro-cut -u ts uid host uri < http.log - 2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css - 2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png - 2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png - 2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png - 2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png - [...] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro-cut -u ts uid host uri < http.log + 2011-03-18T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css + 2011-03-18T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png + 2011-03-18T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png + 2011-03-18T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png + 2011-03-18T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png + [...] diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#6 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#6 index e53883ceb0..be00724ab3 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#6 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#6 @@ -1,12 +1,14 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # bro-cut -D %d-%m-%YT%H:%M:%S%z ts uid host uri < http.log - 18-03-2011T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css - 18-03-2011T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png - 18-03-2011T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png - 18-03-2011T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png - 18-03-2011T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png - [...] + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro-cut -D %d-%m-%YT%H:%M:%S%z ts uid host uri < http.log + 18-03-2011T19:06:08+0000 CRJuHdVW0XPVINV8a bits.wikimedia.org /skins-1.5/monobook/main.css + 18-03-2011T19:06:08+0000 CJ3xTn1c4Zw9TmAE05 upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png + 18-03-2011T19:06:08+0000 C7XEbhP654jzLoe3a upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png + 18-03-2011T19:06:08+0000 C3SfNE4BWaU4aSuwkc upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png + 18-03-2011T19:06:08+0000 CyAhVIzHqb7t7kv28 upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png + [...] diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#7 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#7 index 4ec7817003..cf990652be 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#7 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#7 @@ -1,11 +1,13 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # cat conn.log | bro-cut uid resp_bytes | sort -nrk2 | head -5 - CyAhVIzHqb7t7kv28 734 - CkDsfG2YIeWJmXWNWj 734 - CJ3xTn1c4Zw9TmAE05 734 - C3SfNE4BWaU4aSuwkc 734 - CzA03V1VcgagLjnO92 733 + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # cat conn.log | bro-cut uid resp_bytes | sort -nrk2 | head -5 + CyAhVIzHqb7t7kv28 734 + CkDsfG2YIeWJmXWNWj 734 + CJ3xTn1c4Zw9TmAE05 734 + C3SfNE4BWaU4aSuwkc 734 + CzA03V1VcgagLjnO92 733 diff --git a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#8 b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#8 index 72c290affb..b4ce9dfc87 100644 --- a/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#8 +++ b/testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#8 @@ -1,7 +1,9 @@ -.. code-block:: none - :linenos: - :emphasize-lines: 1,1 +.. rst-class:: btest-cmd - # cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a - CRJuHdVW0XPVINV8a 208.80.152.118 GET 304 bits.wikimedia.org /skins-1.5/monobook/main.css + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a + CRJuHdVW0XPVINV8a 208.80.152.118 GET 304 bits.wikimedia.org /skins-1.5/monobook/main.css diff --git a/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro.btest index 20ffe4c686..e4552b8580 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- connection_record_02.bro +connection_record_02.bro @load base/protocols/conn @load base/protocols/dns diff --git a/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest b/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest index 20ffe4c686..e4552b8580 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- connection_record_02.bro +connection_record_02.bro @load base/protocols/conn @load base/protocols/dns diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_01_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_01_bro.btest index 12a6515235..ea390412f6 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_01_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_01_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_record_01.bro +data_struct_record_01.bro type Service: record { name: string; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_02_bro.btest index dedbca8be7..143e6c5672 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_02_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_02_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_record_02.bro +data_struct_record_02.bro type Service: record { name: string; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro.btest index 700c7296d0..47aa12030b 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@2.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@2.btest index b31b65805f..12020f4b67 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@2.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@2.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro for ( i in ssl_ports ) print fmt("SSL Port: %s", i); diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@3.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@3.btest index c5bddfb7d1..b7a68af4aa 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@3.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@3.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro # Check for SMTPS if ( 587/tcp !in ssl_ports ) diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@4.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@4.btest index 5c87335f06..53b193850c 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@4.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@4.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_set_declaration.bro +data_struct_set_declaration.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_complex_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_complex_bro.btest index 2557adea17..c92d338cec 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_complex_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_complex_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_table_complex.bro +data_struct_table_complex.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_declaration_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_declaration_bro.btest index 8aab992b18..752af3a934 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_declaration_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_declaration_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_table_declaration.bro +data_struct_table_declaration.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_declaration_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_declaration_bro.btest index 91eaf2432d..575b5a18b4 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_declaration_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_declaration_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_vector_declaration.bro +data_struct_vector_declaration.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_iter_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_iter_bro.btest index 73694157d3..5f16dcc5af 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_iter_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_iter_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_struct_vector_iter.bro +data_struct_vector_iter.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_bro.btest index f1337275ca..20a4f8d71e 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_const.bro +data_type_const.bro const port_list: table[port] of string &redef; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_simple_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_simple_bro.btest index 807e92573f..29844f2b01 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_simple_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_const_simple_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_const_simple.bro +data_type_const_simple.bro @load base/protocols/http diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_declaration_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_declaration_bro.btest index 56ac2c5fc4..a153f3066c 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_declaration_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_declaration_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_declaration.bro +data_type_declaration.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_interval_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_interval_bro.btest index fd6d831e8b..25076f3e8e 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_interval_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_interval_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_interval.bro +data_type_interval.bro # Store the time the previous connection was established. global last_connection_time: time; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_local_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_local_bro.btest index 93f84cc059..0e034dddd2 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_local_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_local_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_local.bro +data_type_local.bro function add_two(i: count): count { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_01_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_01_bro.btest index 55f68d9e45..f108efb795 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_01_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_01_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_pattern_01.bro +data_type_pattern_01.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_02_bro.btest index ed09de2be0..4e4d8992df 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_02_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_pattern_02_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_pattern_02.bro +data_type_pattern_02.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_subnets_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_subnets_bro.btest index f23f3427ed..75600794ec 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_subnets_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_subnets_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_subnets.bro +data_type_subnets.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_data_type_time_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_data_type_time_bro.btest index fa04f56021..00a3e20813 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_data_type_time_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_data_type_time_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- data_type_time.bro +data_type_time.bro event connection_established(c: connection) { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_01_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_01_bro.btest index 762e8a1651..e542572647 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_01_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_01_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_01.bro +framework_logging_factorial_01.bro module Factor; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest index 6972c285f9..ce2a9106cd 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_02.bro +framework_logging_factorial_02.bro module Factor; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest index 9e7846eb59..631875ba2a 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_03.bro +framework_logging_factorial_03.bro event bro_init() { diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest index b2e85f0c90..035f8d90bc 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_logging_factorial_04.bro +framework_logging_factorial_04.bro module Factor; diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_01_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_01_bro.btest index 632efc9b90..96a3b5a921 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_01_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_01_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_hook_01.bro +framework_notice_hook_01.bro @load policy/protocols/ssh/interesting-hostnames.bro diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_suppression_01_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_suppression_01_bro.btest index 0d5eb7e25f..b51bd2eebe 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_suppression_01_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_hook_suppression_01_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_hook_suppression_01.bro +framework_notice_hook_suppression_01.bro @load policy/protocols/ssl/expiring-certs.bro diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_01_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_01_bro.btest index 80e464f312..0202fa3a28 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_01_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_01_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_shortcuts_01.bro +framework_notice_shortcuts_01.bro @load policy/protocols/ssh/interesting-hostnames.bro @load base/protocols/ssh/ diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_02_bro.btest index 0418955ab2..266a2e1fbb 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_02_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_notice_shortcuts_02_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- framework_notice_shortcuts_02.bro +framework_notice_shortcuts_02.bro @load policy/protocols/ssh/interesting-hostnames.bro @load base/protocols/ssh/ diff --git a/testing/btest/doc/sphinx/include-scripts_base_bif_event_bif_bro.btest b/testing/btest/doc/sphinx/include-scripts_base_bif_event_bif_bro.btest index 0d981e7fc0..c77e08c5a1 100644 --- a/testing/btest/doc/sphinx/include-scripts_base_bif_event_bif_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_base_bif_event_bif_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- event.bif.bro +event.bif.bro ## Generated for every new connection. This event is raised with the first ## packet of a previously unknown connection. Bro uses a flow-based definition diff --git a/testing/btest/doc/sphinx/include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.btest b/testing/btest/doc/sphinx/include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.btest index b393c0580b..6e15ece5e0 100644 --- a/testing/btest/doc/sphinx/include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- Bro_DNS.events.bif.bro +Bro_DNS.events.bif.bro ## Generated for DNS requests. For requests with multiple queries, this event ## is raised once for each. diff --git a/testing/btest/doc/sphinx/include-scripts_base_init-bare_bro.btest b/testing/btest/doc/sphinx/include-scripts_base_init-bare_bro.btest index c42a63f6ad..0057a78cc4 100644 --- a/testing/btest/doc/sphinx/include-scripts_base_init-bare_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_base_init-bare_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- init-bare.bro +init-bare.bro type string_array: table[count] of string; type string_set: set[string]; diff --git a/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest b/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest index ddbe628009..9966341119 100644 --- a/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_base_protocols_conn_main_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- main.bro +main.bro module Conn; diff --git a/testing/btest/doc/sphinx/include-scripts_base_protocols_http_main_bro.btest b/testing/btest/doc/sphinx/include-scripts_base_protocols_http_main_bro.btest index 0acb7a17e8..c2e558bac8 100644 --- a/testing/btest/doc/sphinx/include-scripts_base_protocols_http_main_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_base_protocols_http_main_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- main.bro +main.bro module HTTP; diff --git a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro.btest index 9220e6abf7..26911a534c 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro ##! Detect file downloads that have hash values matching files in Team ##! Cymru's Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). diff --git a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@2.btest b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@2.btest index 656abf3ba1..4ce4383efb 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@2.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@2.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro @load base/frameworks/files @load base/frameworks/notice diff --git a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest index 75d94f6990..b8a0abf363 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro export { redef enum Notice::Type += { diff --git a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@4.btest b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@4.btest index 7e3e1b0a11..57d2d7ee50 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@4.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@4.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- detect-MHR.bro +detect-MHR.bro event file_hash(f: fa_file, kind: string, hash: string) { diff --git a/testing/btest/doc/sphinx/include-scripts_policy_protocols_conn_known-hosts_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_protocols_conn_known-hosts_bro.btest index db7f3d355b..150de38f35 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_conn_known-hosts_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_conn_known-hosts_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- known-hosts.bro +known-hosts.bro module Known; diff --git a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest index 2a395ab20e..2ff1a711be 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- interesting-hostnames.bro +interesting-hostnames.bro ##! This script will generate a notice if an apparent SSH login originates ##! or heads to a host with a reverse hostname that looks suspicious. By diff --git a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssl_expiring-certs_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssl_expiring-certs_bro.btest index 6a630796c0..aff7dffff7 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssl_expiring-certs_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssl_expiring-certs_bro.btest @@ -1,6 +1,6 @@ # @TEST-EXEC: cat %INPUT >output && btest-diff output --- expiring-certs.bro +expiring-certs.bro NOTICE([$note=Certificate_Expires_Soon, $msg=fmt("Certificate %s is going to expire at %T", cert$subject, cert$not_valid_after), From f30b527581999712aa8cb07b3dee04b315e552bb Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Oct 2013 16:59:09 -0700 Subject: [PATCH 081/287] Line numbers in scripting introduction were off now. I don't quite like yet how line numbers are shown but it has to work for now. --- aux/btest | 2 +- doc/scripting/index.rst | 38 +++++++++++++++++++------------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/aux/btest b/aux/btest index d01422b9c8..e79c3e2cf3 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit d01422b9c8022ce787b157eb59580f5be169d060 +Subproject commit e79c3e2cf3efab51fee3c6b77dc8beb4d6af2ee7 diff --git a/doc/scripting/index.rst b/doc/scripting/index.rst index 5c85781300..8e503fcc97 100644 --- a/doc/scripting/index.rst +++ b/doc/scripting/index.rst @@ -54,7 +54,7 @@ script and much more in following sections. .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/frameworks/files/detect-MHR.bro :lines: 4-6 -Lines 7 and 8 of the script process the ``__load__.bro`` script in the +Lines 3 to 5 of the script process the ``__load__.bro`` script in the respective directories being loaded. The ``@load`` directives are often considered good practice or even just good manners when writing Bro scripts to make sure they can be used on their own. While it's unlikely that in a @@ -95,7 +95,7 @@ the information associated with a file for which Bro's file analysis framework h generated a hash. The event handler is passed the file itself as ``f``, the type of digest algorithm used as ``kind`` and the hash generated as ``hash``. -On line 35, an ``if`` statement is used to check for the correct type of hash, in this case +On line 3, an ``if`` statement is used to check for the correct type of hash, in this case a SHA1 hash. It also checks for a mime type we've defined as being of interest as defined in the constant ``match_file_types``. The comparison is made against the expression ``f$mime_type``, which uses the ``$`` dereference operator to check the value ``mime_type`` inside the variable ``f``. Once both @@ -111,18 +111,18 @@ this event continues and upon receipt of the values returned by :bro:id:`lookup_hostname_txt`, the ``when`` block is executed. The ``when`` block splits the string returned into a portion for the date on which the malware was first detected and the detection rate by splitting on an text space -and storing the values returned in a local table variable. In line 42, if the table +and storing the values returned in a local table variable. In line 12, if the table returned by ``split1`` has two entries, indicating a successful split, we store the detection -date in ``mhr_first_detect`` and the rate in ``mhr_detect_rate`` on lines 45 and 45 respectively +date in ``mhr_first_detected`` and the rate in ``mhr_detect_rate`` on lines 14 and 15 respectively using the appropriate conversion functions. From this point on, Bro knows it has seen a file transmitted which has a hash that has been seen by the Team Cymru Malware Hash Registry, the rest of the script is dedicated to producing a notice. -On line 47, the detection time is processed into a string representation and stored in +On line 17, the detection time is processed into a string representation and stored in ``readable_first_detected``. The script then compares the detection rate against the -``notice_threshold`` that was defined on line 30. If the detection rate is high enough, the script -creates a concise description of the notice on line 50, a possible URL to check the sample against -virustotal.com's database, and makes the call to :bro:id:`NOTICE` to hand the relevant information +``notice_threshold`` that was defined earlier. If the detection rate is high enough, the script +creates a concise description of the notice on line 22, a possible URL to check the sample against +``virustotal.com``'s database, and makes the call to :bro:id:`NOTICE` to hand the relevant information off to the Notice framework. In approximately 25 lines of code, Bro provides an amazing @@ -509,16 +509,16 @@ values don't have to be unique, each key in the table must be unique to preserve a one-to-one mapping of keys to values. In the example below, we've compiled a table of SSL-enabled services and their common ports. The explicit declaration and constructor for the table on -lines 3 and 4 lay out the data types of the keys (strings) and the +lines 5 and 7 lay out the data types of the keys (strings) and the data types of the yields (ports) and then fill in some sample key and -yield pairs. Line 5 shows how to use a table accessor to insert one +yield pairs. Line 8 shows how to use a table accessor to insert one key-yield pair into the table. When using the ``in`` operator on a table, you are effectively working with the keys of the table. In the case of an ``if`` statement, the ``in`` operator will check for membership among -the set of keys and return a true or false value. As seen on line 7, +the set of keys and return a true or false value. As seen on line 10, we are checking if ``SMTPS`` is not in the set of keys for the ssl_services table and if the condition holds true, we add the -key-yield pair to the table. Line 12 shows the use of a ``for`` statement +key-yield pair to the table. Line 13 shows the use of a ``for`` statement to iterate over each key currently in the table. .. btest-include:: ${DOC_ROOT}/scripting/data_struct_table_declaration.bro @@ -780,7 +780,7 @@ inequality operators through the ``==`` and ``!=`` operators respectively. When used in this manner however, the string must match entirely to resolve to true. For example, the script below uses two ternary conditional statements to illustrate the use of the ``==`` -operators with patterns. On lines 5 and 8 the output is altered based +operators with patterns. On lines 8 and 11 the output is altered based on the result of the comparison between the pattern and the string. .. btest-include:: ${DOC_ROOT}/scripting/data_type_pattern_02.bro @@ -934,12 +934,12 @@ method and produce a logfile. As we are working within a namespace and informing an outside entity of workings and data internal to the namespace, we use an ``export`` block. First we need to inform Bro that we are going to be adding another Log Stream by adding a value to -the :bro:type:`Log::ID` enumerable. In line 3 of the script, we append the +the :bro:type:`Log::ID` enumerable. In line 6 of the script, we append the value ``LOG`` to the ``Log::ID`` enumerable, however due to this being in an export block the value appended to ``Log::ID`` is actually ``Factor::Log``. Next, we need to define the name and value pairs -that make up the data of our logs and dictate its format. Lines 5 -through 9 define a new datatype called an ``Info`` record (actually, +that make up the data of our logs and dictate its format. Lines 8 +through 11 define a new datatype called an ``Info`` record (actually, ``Factor::Info``) with two fields, both unsigned integers. Each of the fields in the ``Factor::Log`` record type include the ``&log`` attribute, indicating that these fields should be passed to the @@ -948,7 +948,7 @@ any name value pairs without the ``&log`` attribute, those fields would simply be ignored during logging but remain available for the lifespan of the variable. The next step is to create the logging stream with :bro:id:`Log::create_stream` which takes a Log::ID and a -record as its arguments. In this example, on line 28, we call the +record as its arguments. In this example, on line 25, we call the ``Log::create_stream`` method and pass ``Factor::LOG`` and the ``Factor::Info`` record as arguments. From here on out, if we issue the ``Log::write`` command with the correct ``Log::ID`` and a properly @@ -1153,12 +1153,12 @@ possible while staying concise. While much of the script relates to the actual detection, the parts specific to the Notice Framework are actually quite interesting in -themselves. On line 12 the script's ``export`` block adds the value +themselves. On line 18 the script's ``export`` block adds the value ``SSH::Interesting_Hostname_Login`` to the enumerable constant ``Notice::Type`` to indicate to the Bro core that a new type of notice is being defined. The script then calls ``NOTICE`` and defines the ``$note``, ``$msg``, ``$sub`` and ``$conn`` fields of the -:bro:type:`Notice::Info` record. Line 39 also includes a ternary if +:bro:type:`Notice::Info` record. Line 42 also includes a ternary if statement that modifies the ``$msg`` text depending on whether the host is a local address and whether it is the client or the server. This use of :bro:id:`fmt` and a ternary operators is a concise way to From 138d5707d4540acf9799b7c2841d5ce7d606d068 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Oct 2013 17:06:38 -0700 Subject: [PATCH 082/287] Updating copyright notice. --- COPYING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/COPYING b/COPYING index 7b0a94a03b..2c66f98113 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (c) 1995-2012, The Regents of the University of California +Copyright (c) 1995-2013, The Regents of the University of California through the Lawrence Berkeley National Laboratory and the International Computer Science Institute. All rights reserved. From 541f9121f0d1d9a84d26eaf818f267f931af2041 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 7 Oct 2013 17:13:13 -0700 Subject: [PATCH 083/287] Fixing the historical CHANGES record. Some entries were duplicated, while others were missing. --- CHANGES | 9787 ++++++++------------------------------------------ aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/btest | 2 +- 6 files changed, 1522 insertions(+), 8275 deletions(-) diff --git a/CHANGES b/CHANGES index 1fd1222e7c..4acb9d06eb 100644 --- a/CHANGES +++ b/CHANGES @@ -4496,30 +4496,67 @@ - ClamAV support has been removed, which has been non-functional for a while already. -1.5.2.7 Sun Sep 12 19:39:49 PDT 2010 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -- Addressed a number of lint nits (Vern Paxson). +1.5.3 Thu Mar 3 08:55:11 PST 2011 +- Removing aux/broctl/policy/cluster-addrs.hot.bro from the + distribution. The script is no longer needed and could in fact break + an installation because it redefines an old variable that has went + away. (Robin Sommer) -1.5.2.6 Sun Sep 12 17:00:13 PDT 2010 +- Smarter way to increase the communication module's pipe's socket + buffer size, resulting in a value closer to the allowed maximum. + (Craig Leres) + +- BroControl now also maintains links from the log archive to the + current set of logs when running in standalone mode. (Robin Sommer) + +- Bug fix for a file descriptor leak in the remote communication + module. (Scott Campbell) + +- Bug fix for BroControl to now activate trace-summary's sampling in + cluster mode, but not anymore in standalone mode. (Robin Sommer) + +- Broccoli updates: + + * Accept empty strings ("") as values in the configuration file. + (Craig Leres) + + * Support for specifying a separate host key for SSL-enabled + operation, with documentation update. (Craig Leres) + +1.5.2 Wed Jan 12 17:34:55 PST 2011 + +- Portability fixes for --enable-int64 (Vern Paxson). + +- Bug fix for Active Mapping support (Kevin Lo). + +- Broccoli compiler warning fixes (Kevin Lo). + +- Bug fixes for --enable-int64 and for avoiding bogus statistics / + bad memory references when generating profiling information upon + exit (Vern Paxson). + +- Bug fixes for terminating connections (Tyler Schoenke and Vern Paxson). + +- Removed now-quite-stale SSHv1 overflow detection, as it's more prone + to false positives than useful detection (Vern Paxson). - The SWIG file now explicitly lists those pieces from broccoli.h which it wants to wrap, rather than just including all of broccoli.h (Robin Sommer). - This fixes the problem that the SWIG bindings depend on what configure - finds out about the availability of libpcap even though the corresponding - functions don't need to be wrapped anyway. -- http-header.bro now includes a global include_header: set[string] - (Robin Sommer). If it contains any strings, then only those headers - will be processed. If left empty, then you continue to get the current - behavior of processing all headers. +- http-header.bro now includes a global "include_header: set[string]" If it + contains any strings, then only those headers will be processed. If left + empty, then you continue to get the current behavior of processing all + headers. (Robin Sommer). - Several changes to drop.bro (Robin Sommer): - * If true, the new flag Drop::dont_drop_locals indicates that + * If True, the new flag Drop::dont_drop_locals indicates that local hosts should never be dropped. On by default. - * If true, the new flag Drop::debugging activates extensive debugging + * If True, the new flag Drop::debugging activates extensive debugging output for the catch-and-release logic. Off by default. * The timeout for tracking dropping information is now 1 day @@ -4533,14 +4570,14 @@ Sommer). - The HTTP analyzer no longer attempts to track Server/User-Agent - versions, as these are hugely voluminous (Seth Hall). Ideally this - would still be available as an option for someone who truly wants - the full set. + versions, as these are hugely voluminous (Seth Hall). - HTTP and SMTP no longer have extra-short inactivity timeouts, as these were too often leading to premature expiration of a connection (Robin Sommer). +- Tracking of HTTP refer[r]er's by setting log_referrer. (Vern Paxson). + - The "rst" tool (aux/rst/) now takes an optional "-I " argument that instructs it to inject as payload rather than sending a RST packet (Vern Paxson). must be NUL-terminated, and the NUL is not @@ -4549,39 +4586,113 @@ - Bug fix for crashes in the DNS analyzer when processing replies for which no request was seen (Robin Sommer). +- Addressed a number of lint nits (Vern Paxson). -1.5.2.5 Mon Jul 19 16:20:58 PDT 2010 +- Rotation post-processors are now passed an additional argument + indicating whether Bro is terminating (Robin Sommer). -- Removed now-quite-stale SSHv1 overflow detection, as it's more prone - to false positives than useful detection (Vern Paxson). +- Bro now consistently generates a file_opened event for all fopen() calls. + (Robin Sommer). +- The "cf" utility now ignores a leading "t=" prefix, for compatibility + with Bro's "tagged" logging format (Robin Sommer). -1.5.2.4 Fri Jun 4 16:02:11 PDT 2010 +- You can now redefine the email_notice_to function (Robin Sommer). -- Bug fixes for terminating connections (Tyler Schoenke and Vern Paxson). +- Fix for packet processing resumption when a remote Bro dies during + state synchronization (Robin Sommer). +- OpenSSL/X509 portability fix, at long last (Gregor Maier & Christian + Kreibich). -1.5.2.3 Wed Mar 24 18:23:57 PDT 2010 +- Fix for compatibility with newer versions of autoconf (Gregor Maier). -- Bug fixes for --enable-int64 and for avoiding bogus statistics / - bad memory references when generating profiling information upon - exit (Vern Paxson). +- A larger BroControl update (Robin Sommer, if not marked otherwise): + o Increasing default timeouts for scan detector significantly. -1.5.2.2 Tue Jan 12 12:33:42 PST 2010 + o Increasing the manager's max_remote_events_processed to + something large, as it would slow down the process too much + otherwise and there's no other work to be interleaved with it + anyway. -- Broccoli compiler warning fixes (Kevin Lo). + o Adding debug output to cluster's part of catch-and-release + (extends the debugging already present in policy/debug.bro) + o Fixing typo in util.py. Closes #223. -1.5.2.1 Sun Jan 10 16:59:01 PST 2010 + o Added note to README pointing to HTML version. -- Bug fix for Active Mapping support (Kevin Lo). + o Disabling print_hook for proxies' remote.log. + o broctl's capstats now reports a total as well, and stats.log + tracks these totals. Closes #160. -1.5.2 Sat Dec 26 18:38:37 PST 2009 + o Avoiding spurious "waiting for lock" messages in cron mode. + Closes #206. -- Portability fixes for --enable-int64 (Vern Paxson). + o Bug fixes for installation on NFS. + o Bug fix for top command on FreeBSD 8. + + o crash-diag now checks whether gdb is available. + + o trace-summary reports the sample factor in use in its output, + and now also applies it to the top-local-networks output (not + doing the latter was a bug). + + o Removed the default twice-a-day rotation for conn.log. The + default rotation for conn.log now is now once every 24h, just + like for all other logs with the exception of mail.log (which is + still rotated twice a day, and thus the alarms are still mailed + out twice a day). + + o Fixed the problem of logs sometimes being filed into the wrong + directory (see the (now gone) FAQ entry in the README). + + o One can now customize the archive naming scheme. See the + corresponding FAQ entry in the README. + + o Cleaned up, and extended, collection of cluster statistics. + + ${logdir}/stats now looks like this: + + drwxr-xr-x 4 bro wheel 59392 Apr 5 17:55 . + drwxr-xr-x 96 bro wheel 2560 Apr 6 12:00 .. + -rw-r--r-- 1 bro wheel 576 Apr 6 16:40 meta.dat + drwxr-xr-x 2 bro wheel 2048 Apr 6 16:40 profiling + -rw-r--r-- 1 bro wheel 771834825 Apr 6 16:40 stats.log + drwxr-xr-x 2 bro wheel 2048 Apr 6 16:25 www + + stats.log accumulates cluster statistics collected every time + "cron" is called. + + - profiling/ keeps the nodes' prof.logs. + + - www/ keeps a subset of stats.log in CSV format for easy plotting. + + - meta.dat contains meta information about the current cluster + state (in particular which nodes we have, and when the last + stats update was done). + + Note that there is no Web setup yet to actually visualize the data in + www/. + + o BroControl now automatically maintains links inside today's log + archive directory pointing to the current live version of the + corresponding log file (if Bro is running). For example: + + smtp.log.11:52:18-current -> /usr/local/cluster/spool/manager/smtp.log + + o Alarms mailed out by BroControl now (1) have the notice msg in the + subject; and (2) come with the full mail.log entry in the body. + + o Fixing broctl's top output. (Seth Hall). + + o Fixing broctl's df output in certain situations. + + o BroControl fix for dealing with large vsize values reported by + "top" (Craig Leres). 1.5.1 Fri Dec 18 15:17:12 PST 2009 @@ -10513,8314 +10624,1450 @@ a sorted version (Ruoming Pang). It currently uses an N^2 algorithm so shouldn't be used on large arrays. +- The new built-in subst() substitutes all instances of a given pattern + in a given string with another string (Ruoming Pang). For example, + subst("fooboo", /oo/, "xxx") returns "fxxxbxxx". +- The new built-in cut_tail() trims characters from the end of a string + (Ruoming Pang). For example, cut_tail("fooboo", 2) returns "foob". +- sub_bytes() can now take a negative argument, which is with respect to + the end of the string rather than the beginning (Ruoming Pang). -2.1-826 | 2013-07-25 10:12:26 -0700 +- The new built-in md5_hmac() returns an HMAC-MD5 hash of the given string + (Ruoming Pang). The HMAC secret key is generated from available entropy + when Bro starts up, or it can be specified for repeatability using + the new -K flag. - * bif files declared with bif_target() are now automatically - compiled in. No more manual includes to pull them in. (Robin - Sommer) +- The new built-in split_all() is like split() except that the returned + array also includes the parts of the string that match the pattern + used for the splitting (Ruoming Pang). - * Covenience make target in testing/btest to update the three - coverage tests that usually need tweaking when scripts get - added/removed. (Robin Sommer) +- The new built-in split_n() splits up to a given number of instances, + optionally returning the parts matching the split pattern (Ruoming Pang). -2.1-824 | 2013-07-22 14:25:14 -0400 +- The new built-in split_complete() is the most general of the split functions + (the others are written in terms of it). It splits a given string + with separators that appear in either a given pattern or a given set + of strings, optionally including the text matching the separators in + its return value, and optionally limiting the number of matches to + a specified maximum. (Ruoming Pang) - * Fixed a scriptland state issue that manifested especially badly on proxies. (Seth Hall) +- The new built-in to_string_literal() returns an escaped version of a string + suitable to feeding into Bro's parser. For example, calling it on + "foo\nbar" (where '\n' is an embedded newline) returns "foo\x0abar". + (Ruoming Pang) - * Another test fix. (Robin Sommer) +- subst_substring() has been renamed subst_string (Ruoming Pang). - * Canonyfying the output of core.print-bpf-filters. (Robin Sommer) +- unescape_URI() no longer takes the connection as an argument (Ruoming Pang). -2.1-820 | 2013-07-18 12:30:04 -0700 +- config.guess and config.sub updated - * Extending external canonifier to remove fractional values from - capture_loss.log. (Robin Sommer) +- String escape expansion has been refined (Ruoming Pang) and some bugs + fixed. It now supports a format that's consistent with Bro string literals. - * Canonifying internal order for plugins and their components to - make it deterministic. (Robin Sommer) +- Scanning of octal and hex escape sequences now stops after 3 or 2 + characters, respectively. For example, "\0007" now expands to a + NUL followed by the character '7'. (Ruoming Pang) - * Small raw reader tweaks that got left our earlier. (Robin Sommer) - -2.1-814 | 2013-07-15 18:18:20 -0700 +- Bug fixes for handling of bare and 's when expected + (Ruoming Pang), and associated "weird" events. - * Fixing raw reader crash when accessing nonexistant file, and - memory leak when reading from file. Addresses #1038. (Bernhard - Amann) +- A bug in signature matching reassembly has been fixed (Robin Sommer). -2.1-811 | 2013-07-14 08:01:54 -0700 - - * Bump sqlite to 3.7.17. (Bernhard Amann) - - * Small test fixes. (Seth Hall) - - * Fix a bug where the same analyzer tag was reused for two different - analyzers. (Seth Hall) - - * Moved DPD signatures into script specific directories. Left out - the BitTorrent signatures pending further updates to that - analyzer. (Seth Hall) - -2.1-802 | 2013-07-10 10:55:14 -0700 - - * Const adjustment for methods. (Jon Siwek) - -2.1-798 | 2013-07-08 13:05:37 -0700 - - * Rewrite of the packet filter framework. (Seth Hall) - - This includes: - - - Plugin interface for adding filtering mechanisms. - - - Integrated the packet filter framework with the analyzer - framework to retrieve well-known ports from there. - - - Support for BPF-based load balancing (IPv4 and IPv6). This will - tie in with upcoming BroControl support for configuring this. - - - Support for BPF-based connection sampling. - - - Support for "shunting" traffic with BPF filters. - - - Replaced PacketFilter::all_packets with - PacketFilter::enable_auto_protocol_capture_filters. - -2.1-784 | 2013-07-04 22:28:48 -0400 - - * Add a call to lookup_connection in SSH scripts to update connval. (Seth Hall) - - * Updating submodule(s). (Robin Sommer) - -2.1-782 | 2013-07-03 17:00:39 -0700 - - * Remove the SSL log queueing mechanism that was included with the - log delay mechanism. (Seth Hall) - -2.1-780 | 2013-07-03 16:46:26 -0700 - - * Rewrite of the RAW input reader for improved robustness and new - features. (Bernhard Amann) This includes: - - - Send "end_of_data" event for all kind of streams. - - Send "process_finished" event with exit code of child - process at process termination. - - Expose name of input stream to readers. - - Better error handling. - - New "force_kill" option which SIGKILLs processes on reader termination. - - Supports reading from stdout and stderr simultaneously. - - Support sending data to stdin of child process. - - Streaming reads from external commands work without blocking. - -2.1-762 | 2013-07-03 16:33:22 -0700 - - * Fix to correct support for TLS 1.2. Addresses #1020. (Seth Hall, - with help from Rafal Lesniak). - -2.1-760 | 2013-07-03 16:31:36 -0700 - - * Teach broxygen to generate protocol analyzer plugin reference. - (Jon Siwek) - - * Adding 'const' to a number of C++ methods. (Jon Siwek) - -2.1-757 | 2013-07-03 16:28:10 -0700 - - * Fix redef of table index from clearing table. - - `redef foo["x"] = 1` now acts like `redef foo += { ["x"] = 1 }` - instead of `redef foo = { ["x"] = 1 }`. - - Addresses #1013. (Jon Siwek) - - -2.1-755 | 2013-07-03 16:22:43 -0700 - - * Add a general file analysis overview/how-to document. (Jon Siwek) - - * Improve file analysis doxygen comments. (Jon Siwek) - - * Improve tracking of HTTP file extraction. http.log now has files - taken from request and response bodies in different fields for - each, and can now track multiple files per body. That is, the - "extraction_file" field is now "extracted_request_files" and - "extracted_response_files". Addresses #988. (Jon Siwek) - - * Fix HTTP multipart body file analysis. Each part now gets assigned - a different file handle/id. (Jon Siwek) - - * Remove logging of analyzers field of FileAnalysis::Info. (Jon - Siwek) - - * Remove extraction counter in default file extraction scripts. (Jon - Siwek) - - * Remove FileAnalysis::postpone_timeout. - FileAnalysis::set_timeout_interval can now perform same function. - (Jon Siwek) - - * Make default get_file_handle handlers &priority=5 so they're - easier to override. (Jon Siwek) - - * Add input interface to forward data for file analysis. The new - Input::add_analysis function is used to automatically forward - input data on to the file analysis framework. (Jon Siwek) - - * File analysis framework interface simplifications. (Jon Siwek) - - - Remove script-layer data input interface (will be managed directly - by input framework later). - - - Only track files internally by file id hash. Chance of collision - too small to justify also tracking unique file string. - - -2.1-741 | 2013-06-07 17:28:50 -0700 - - * Fixing typo that could cause an assertion to falsely trigger. - (Robin Sommer) - -2.1-740 | 2013-06-07 16:37:32 -0700 - - * Fix for CMake 2.6.x. (Robin Sommer) - -2.1-738 | 2013-06-07 08:38:13 -0700 - - * Remove invalid free on non-allocated pointer in hash function - object. Addresses #1018. (Matthias Vallentin) - -2.1-736 | 2013-06-06 10:05:20 -0700 - - * New "magic constants" @DIR and @FILENAME that expand to the - directory path of the current script and just the script file name - without path, respectively. (Jon Siwek) - -2.1-731 | 2013-06-04 21:19:08 -0700 - - * Reorginization of internal protocol analyzer code. We're moving - them to a modularized structure, based on a plugin model. Along - with this change comes generic plugin infrastructure that we'll - later extend to other Bro component as well. For now all plugins - are compiled in statically, but in the future we plan to also - enable dynamic loading at run time. (Robin Sommer) - - * Ignoring file ids in external tests. (Robin Sommer) - -2.1-675 | 2013-06-02 20:03:19 -0700 - - * Fix a compiler warning. (Robin Sommer) - - * Allow named vector/set/table/record constructors. Addresses #983. - (Jon Siwek) - - * Adding Makefile target test-all that also runs the BroControl test - suite. (Robin Sommer) - -2.1-664 | 2013-05-28 21:37:46 -0700 - - * Dangling pointer fix. Addresses #1004. (Jon Siwek) - -2.1-659 | 2013-05-24 17:24:18 -0700 - - * Fix broken/missing documentation. (Jon Siwek) - - * Fixing test that would fail without ES/curl support. (Robin - Sommer) - -2.1-656 | 2013-05-17 15:58:07 -0700 - - * Fix mutex lock problem for writers. (Bernhard Amann) - -2.1-654 | 2013-05-17 13:49:52 -0700 - - * Tweaks to sqlite3 configuration to address threading issues. - (Bernhard Amann) - -2.1-651 | 2013-05-17 13:37:16 -0700 - - * Fix uninitialized DPM member. (Jon Siwek) - - * Fix issue with transaction ID reuse in a single DNS connection. (Seth Hall) - - * New function added to the queue.bro script to support peeking at - the new gettable item in the queue without removing it. (Seth Hall) - -2.1-647 | 2013-05-17 07:47:14 -0700 - - * Fixing Broxygen generation to have BROMAGIC set. (Robin Sommer) - - * Fix for 'fchmod undeclared here' on FreeBSD. (Robin Sommer) - - * CMake policy fix to avoid errors with older versions. (Robin - Sommer) - -2.1-641 | 2013-05-15 18:15:09 -0700 - - * Test update. (Robin Sommer) - -2.1-640 | 2013-05-15 17:24:09 -0700 - - * Support for cleaning up threads that have terminated. (Bernhard - Amann and Robin Sommer). Includes: - - - Both logging and input frameworks now clean up threads once - they aren't further needed anymnore. - - - New function Log::remove_stream() that removes a logging - stream, stopping all writer threads that are associated with - it. Note, however, that removing a *filter* from a stream - still doesn't clean up any threads. The problem is that - because of the output paths potentially being created - dynamically it's unclear if the writer thread will still be - needed in the future. - -2.1-626 | 2013-05-15 16:09:31 -0700 - - * Add "reservoir" sampler for SumStats framework. This maintains - a set of N uniquely distributed random samples. (Bernhard Amann) - -2.1-619 | 2013-05-15 16:01:42 -0700 - - * SQLite reader and writer combo. This allows to read/write - persistent data from on disk SQLite databases. The current - interface is quite low-level, we'll add higher-level abstractions - in the future. (Bernhard Amann) - -2.1-576 | 2013-05-15 14:29:09 -0700 - - * Initial version of new file analysis framework. This moves most of - the processing of file content from script-land into the core, - where it belongs. Much of this is an internal change, and at this - point the new code has essentially feature-equality with the old - one. More script-level changes to come. (Jon Siwek) - -2.1-502 | 2013-05-10 19:29:37 -0700 - - * Allow default function/hook/event parameters. Addresses #972. (Jon - Siwek) - - * Change the endianness parameter of bytestring_to_count() BIF to - default to false (big endian). (Jon Siwek) - -2.1-500 | 2013-05-10 19:22:24 -0700 - - * Fix to prevent merge-hook of SumStat's unique plugin from damaging - source data. (Bernhard Amann) - -2.1-498 | 2013-05-03 17:44:08 -0700 - - * Table lookups return copy of non-const &default vals. This - prevents unintentional modifications to the &default value itself. - Addresses #981. (Jon Siwek) - -2.1-496 | 2013-05-03 15:54:47 -0700 - - * Fix memory leak and unnecessary allocations in OpaqueVal. - Addresses #986. (Matthias Vallentin) - -2.1-492 | 2013-05-02 12:46:26 -0700 - - * Work-around for sumstats framework not propagating updates after - intermediate check in cluster environments. (Bernhard Amann) - - * Always apply tcp_connection_attempt. Before this change it was - only applied when a connection_attempt() event handler was - defined. (Robin Sommer) - - * Fixing coverage.bare-mode-errors test. (Robin Sommer) - -2.1-487 | 2013-05-01 18:03:22 -0700 - - * Always apply tcp_connection_attempt timer, even if no - connection_attempt() event handler is defined. (Robin Sommer) - -2.1-486 | 2013-05-01 15:28:45 -0700 - - * New framework for computing summary statistics in - base/framework/sumstats. This replaces the metrics frameworks, and - comes with a number of applications build on top, see NEWS. More - documentation to follow. (Seth Hall) - -2.1-397 | 2013-04-29 21:19:00 -0700 - - * Fixing memory leaks in CompHash implementation. Addresses #987. - (Robin Sommer) - -2.1-394 | 2013-04-27 15:02:31 -0700 - - * Fixed a bug in the vulnerable software script and added a test. - (Seth Hall) - - * Fix schedule statements used outside event handlers. Addresses - #974. (Jon Siwek) - - * Fix record coercion for default inner record fields. Addresses - #973. (Jon Siwek) - - * Add bytestring_to_count function to bro.bif. Addresses #968. (Yun - Zheng Hu) - -2.1-386 | 2013-03-22 12:41:50 -0700 - - * Added reverse() function to strings.bif. (Yun Zheng Hu) - -2.1-384 | 2013-03-22 12:10:14 -0700 - - * Fix record constructors in table initializer indices. Addresses - #660. (Jon Siwek) - -2.1-382 | 2013-03-22 12:01:34 -0700 - - * Add support for 802.1ah (Q-in-Q). Addresses #641. (Seth Hall) - -2.1-380 | 2013-03-18 12:18:10 -0700 - - * Fix gcc compile warnings in base64 encoder and benchmark reader. - (Bernhard Amann) - -2.1-377 | 2013-03-17 17:36:09 -0700 - - * Fixing potential leak in DNS error case. (Vlad Grigorescu) - -2.1-375 | 2013-03-17 13:14:26 -0700 - - * Add base64 encoding functionality, including new BiFs - encode_base64() and encode_base64_custom(). (Bernhard Amann) - - * Replace call to external "openssl" in extract-certs-pem.bro with - that encode_base64(). (Bernhard Amann) - - * Adding a test for extract-certs-pem.pem. (Robin Sommer) - - * Renaming Base64Decoder to Base64Converter. (Robin Sommer) - -2.1-366 | 2013-03-17 12:35:59 -0700 - - * Correctly handle DNS lookups for software version ranges. (Seth - Hall) - - * Improvements to vulnerable software detection. (Seth Hall) - - - Add a DNS based updating method. This needs to be tested - still. - - - Vulnerable version ranges are used now instead of only single - versions. This can deal with software with multiple stable - major versions. - - * Update software version parsing and comparison to account for a - third numeric subversion. Also, $addl is now compared numerically - if the value is actually numeric. (Seth Hall) - -2.1-361 | 2013-03-13 07:18:22 -0700 - - * Add check for truncated link frames. Addresses #962. (Jacob - Baines) - - * Fix large memory allocation in IP fragment reassembly. Addresses - #961. (Jacob Baines) - -2.1-357 | 2013-03-08 09:18:35 -0800 - - * Fix race-condition in table-event test. (Bernhard Amann) - - * s/bro-ids.org/bro.org/g. (Robin Sommer) - -2.1-353 | 2013-03-07 13:31:37 -0800 - - * Fix function type-equivalence requiring same parameter names. - Addresses #957. (Jon Siwek) - -2.1-351 | 2013-03-07 13:27:29 -0800 - - * Fix new/delete mismatch. Addresses #958. (Jacob Baines) - - * Fix compiler warnings. (Jon Siwek) - -2.1-347 | 2013-03-06 16:48:44 -0800 - - * Remove unused parameter from vector assignment method. (Bernhard Amann) - - * Remove the byte_len() and length() bifs. (Bernhard Amann) - -2.1-342 | 2013-03-06 15:42:52 -0800 - - * Moved the Notice::notice event and Notice::policy table to both be - hooks. See documentation and NEWS for information. (Seth Hall). - -2.1-338 | 2013-03-06 15:10:43 -0800 - - * Fix init of local sets/vectors via curly brace initializer lists. - (Jon Siwek) - -2.1-336 | 2013-03-06 15:08:06 -0800 - - * Fix memory leaks resulting from 'when' and 'return when' - statements. Addresses #946. (Jon Siwek) - - * Fix three bugs with 'when' and 'return when' statements. Addresses - #946. (Jon Siwek) - -2.1-333 | 2013-03-06 14:59:47 -0800 - - * Add parsing for GTPv1 extension headers and control messages. (Jon Siwek) - - This includes: - - - A new generic gtpv1_message() event generated for any GTP - message type. - - - Specific events for the create/update/delete PDP context - request/response messages. - - Addresses #934. - -2.1-331 | 2013-03-06 14:54:33 -0800 - - * Fix possible null pointer dereference in identify_data BIF. Also - centralized libmagic calls for consistent error handling/output. - (Jon Siwek) - - * Fix build on OpenBSD 5.2. (Jon Siwek) - -2.1-328 | 2013-02-05 01:34:29 -0500 - - * New script to query the ICSI Certificate Notary - (http://notary.icsi.berkeley.edu/) over DNS and add information - to the SSL log at runtime. (Matthias Vallentin) - - * Add delayed logging to SSL base scripts. (Matthias Vallentin) - -2.1-319 | 2013-02-04 09:45:34 -0800 - - * Update input tests to use exit_only_after_terminate. (Bernhard - Amann) - - * New option exit_only_after_terminate to prevent Bro from exiting. - If set, the main loop won't terminate before somebody calls - terminate(). (Robin Sommer) - -2.1-311 | 2013-02-01 08:03:01 -0800 - - * Updating submodule(s). - -2.1-310 | 2013-01-30 20:09:27 -0800 - - * Add an error for record coercions that would orphan a field. (Jon - Siwek) - - * Fixing several scripts where a field in an inlined record was - never removed after a code refactor. (Jon Siwek) - -2.1-307 | 2013-01-25 13:50:57 -0800 - - * Fix runaway reference counting bug in record coercion. (Jon Siwek) - - * Fix memory leak in some reporter messaging cases. (Jon Siwek) - -2.1-304 | 2013-01-23 19:43:27 -0800 - - * Making a test portable. (Robin Sommer) - -2.1-302 | 2013-01-23 16:17:29 -0800 - - * Refactoring ASCII formatting/parsing from loggers/readers into a - separate AsciiFormatter class. (Bernhard Amann) - - * Fix uninitialized locals in event/hook handlers from having a - value. Addresses #932. (Jon Siwek) - - * Add a null value check in CompositeHash::ComputeHash. Addresses - #930. (Jon Siwek) - - * Change reporter messages to more reliably print to stderr. - Addressed #930 (and revisits #836). (Jon Siwek) - - * Changing test=suite's btest call to use "-j" instead of "-j 5". - (Robin Sommer) - - * Require "case" blocks to end with either "break", "return", or a - new "fallthrough" statement that passes control on to the - subsequent case. This gives us the best mix of safety, - readability, and flexibility. Addresses #754. (Jon Siwek) - -2.1-279 | 2013-01-18 17:18:22 -0800 - - * Revert "Trick for parallelizing input framework unit tests." The - old way of doing the tests seems more reliable for now. (Jon - Siwek) - - * Fixing variable size issues with http response code in - ElasticSearch writer. (Gilbert Clark) - - * Removing unused class member. (Robin Sommer) - - * Add opaque type-ignoring for the accept_unsupported_types input - framework option. (Bernhard Amann) - -2.1-271 | 2013-01-08 10:18:57 -0800 - - * Change substring index notation to use a colon. String slice - notation is now written as `s[1:2]`. Addresses #422. (Jon Siwek) - -2.1-268 | 2013-01-07 09:43:44 -0800 - - * Fix memory leak in OpaqueType::DoUnserialize. (Jon Siwek) - -2.1-265 | 2012-12-20 17:38:42 -0800 - - * Add array-style index accessor for strings. Addresses #422. (Jon - Siwek) - - The index expression can take up to two indices for the start and - end index of the substring to return (e.g. "mystring[1,3]"). - Negative indices are allowed, with -1 representing the last - character in the string. The indexing is not cyclic -- if the - starting index is >= the length of the string an empty string is - returned, and if the ending index is >= the length of the string - then it's interpreted as the last index of the string. Assigning - to substrings accessed like this isn't allowed. - -2.1-263 | 2012-12-20 16:22:09 -0800 - - * Bro's language now has a new set of types "opaque of X". (Matthias - Vallentin) - - Opaque values can be passed around like other values but they can - only be manipulated with BiF functions, not with other operators. - Currently, the following opaque types are supported: - - - opaque of md5 - - opaque of sha1 - - opaque of sha256 - - opaquey of entropy. - - They go along with the corrsponding BiF functions md5_*, sha1_*, - sha256_*, and entropy_*, respectively. Note that these functions - have changed their signatures to work with opaques types rather - than global state as it was before. - -2.1-240 | 2012-12-20 15:21:07 -0800 - - * Improve error for invalid use of types as values. Addresses #923. - (Jon Siwek) - -2.1-238 | 2012-12-20 15:11:25 -0800 - - * Finish implementation of script-layer switch statement. Addresses - #754. (Jon Siwek) - - They behave like C-style switches except case labels can be - comprised of multiple literal constants delimited by commas. Only - atomic types are allowed for now. Case label bodies that don't - execute a "return" or "break" statement will fall through to - subsequent cases. A default case label is allowed. - - * Fix a case where c$resp$size is misrepresented. Addresses #730. - (Jon Siwek) - -2.1-234 | 2012-12-20 12:12:19 -0800 - - * Fix return value of hook calls that have no handlers. For this - case, the return value is always true. (Jon Siwek) - - * Fix to_port() BIF for port strings with a port number of zero. - (Jon Siwek) - -2.1-231 | 2012-12-14 14:51:35 -0800 - - * Make const variables actually constant. Both local and global - variables declared with "const" could be modified, but now - expressions that would modify them generate an error message at - parse-time. Addresses #922. (Jon Siwek) - -2.1-229 | 2012-12-14 14:46:12 -0800 - - * Fix memory leak in ASCII reader when encoutering errors in input. - (Bernhard Amann) - - * Improvements for the "bad checksums" detector to make it detect - bad TCP checksums. (Seth Hall) - -2.1-223 | 2012-12-12 14:25:15 -0800 - - * Trick for parallelizing input framework unit tests. Instead of - loading listen.bro to block until files are read, just read a pcap - file in pseudo-realtime. (Jon Siwek) - - * Fix reliability of a unit test that relies on when statements. - (Jon Siwek) - - * Remove unused attributes. (Daniel Thayer) - - Removed attributes &postprocessor and &match from documentation and source code. - - Removed undocumented attribute &attr from source code. - - Removed internal attribute "(&tracked)" from documentation. - -2.1-218 | 2012-12-10 14:45:04 -0800 - - * Add GPRS Tunnelling Protocol (GTPv1) decapsulation. This currently - supports automatic decapsulation of GTP-U packets on UDP port 2152. - The GTPv1 headers for such tunnels can be inspected by handling - the "gtpv1_g_pdu_packet" event, which has a parameter of type - "gtpv1_hdr". Addresses #690. (Jon Siwek; derived from patch by - Carsten Langer) - - * Change BinPAC exceptions in AYIYA/GTP analyzers to do - "protocol_violation". (Jon Siwek) - -2.1-212 | 2012-12-07 19:42:03 -0800 - - * Changing the HTTP parser to accept request methods in alignment - with the RFC. (Robin Sommer) - -2.1-209 | 2012-12-05 16:44:04 -0800 - - * Adapting the HTTP request line parsing to only accept methods - consisting of letters [A-Za-z]. (Robin Sommer) - -2.1-207 | 2012-12-05 15:47:32 -0800 - - * Reporting warnings if kill/waitpid fail in communication system. - (Bill Parker) - - * Replace() bzero with memset(). (Bill Parker) - - * Merge remote-tracking branch 'vlad/topic/vladg/http-verbs' - - * vlad/topic/vladg/http-verbs: - A test for HTTP methods, including some horribly illegal requests. - Remove hardcoded HTTP verbs from the analyzer (#741) - - I added a "bad_HTTP_request" weird for HTTP request lines that don't - have more than a single word. - - Closes #741. (Robin Sommer) - - * A test for HTTP methods, including some horribly illegal requests. (Vlad Grigorescu) - - * Remove hardcoded HTTP verbs from the analyzer (#741) (Vlad Grigorescu) - - -2.1-203 | 2012-12-05 14:36:56 -0800 - - * Fix segfault: Synchronization of state between connecting peers - now skips over identifiers that aren't initialized with a value - yet. Addresses #66. (Jon Siwek) - - * Fix segfault: Delete correct entry in error case in input - framework. (Bernhard Amann) - - * Bad record constructor initializers now give an error. Addresses - #34. (Jon Siwek) - - * Invalid vector indices now generate error message. Addresses #24. - (Jon Siwek) - - * Bump CPack RPM package requirement to Python >= 2.6.0. (Jon Siwek) - - * Interpreter exceptions occurring in "when" blocks are now handled. - Addresses #779 (Jon Siwek) - -2.1-195 | 2012-12-03 14:50:33 -0800 - - * Catching out-of-memory in patricia tree code. (Bill Parker) - -2.1-194 | 2012-12-03 14:36:26 -0800 - - * Renaming ASCII writer filter option 'only_single_header_row' to - 'tsv'. Also clarifying usage. Closes #912. (Robin Sommer) - -2.1-193 | 2012-12-03 14:11:14 -0800 - - * Fix a set of bugs with table/set attributes. (Jon Siwek) - - - Identifiers that are initialized with set()/table() constructor - expressions now inherit attributes from the expression. Before, - statements like - - const i: set[string] = set() &redef; - - associated the attribute with the set() constructor, but not the - "i" identifier, preventing redefinition. Addresses #866. - - - Allow &default attribute to apply to tables initialized as empty - (via either "{ }" or "table()") or if the expression supplied to it - can evaluate to a type that's promotable to the same yield type as - the table. - -2.1-191 | 2012-12-03 14:08:56 -0800 - - * Add test of record() constructor to table initializer unit test. - (Jon Siwek) - - * Fix table(), set(), vector() constructors in table initializer - lists. Also adds type checking of yield values to table() - constructor and fixes the type checking of yield values in - vector() constructor. Addresses #5. (Jon Siwek) - -2.1-188 | 2012-12-03 14:04:29 -0800 - - * Hook functions now callable with "hook" expression (i.e., hook is - no longer a statement). The return value of the call is an - implicit boolean value of T if all hook handlers ran, or F if one - hook handler exited as a result of a break statement and - potentially prevented other handlers from running. - - Scripts don't need to declare hooks with an explicit return type of bool - (internally, that's assumed), and any values given to (optional) return - statements in handler definitions are just ignored. - - Addresses #918. (Jon Siwek) - - * Clarification in hook documentation. (Jon Siwek) - -2.1-184 | 2012-12-03 13:59:50 -0800 - - * Slightly fix up file name extraction from Content-Disposition - headers. (Seth Hall) - - * Adding -b flag to bro in unit tests so they run faster. - - * Fixed a DNS attribute issue. Reported by Matt Thompson. (Seth - Hall) - - * Adding NEWS placeholder for hooks and CSV mode. (Robin Sommer) - -2.1-178 | 2012-11-23 19:35:32 -0800 - - * The ASCII writer now supports a new filter config option - "only_single_header_row" that turns the output into CSV format - when set to "T". (Carsten Langer) - - * Add new function flavor called a "hook". This new flavor of - function behaves like a "synchronous event". See - doc/scripts/builtins.rst more details on usage. (Jon Siwek) - - * Improve auto-generated enum documentation. The names of enum types - are tracked so that variables holding a value of a given enum type - can generate a reference to it instead of just listing the type as - a generic "enum". (Jon Siwek) - -2.1-171 | 2012-11-23 18:24:15 -0800 - - * Fix ambiguity between composite table index and record ctor - expressions. If a table type is "global t = table[conn_id, bool] - of count", then checking membership like "[c$id, is_orig] in t" - now works. Addresses #80. (Jon Siwek) - -2.1-169 | 2012-11-23 18:21:32 -0800 - - * Fix some warnings from sphinx when building docs. (Jon Siwek) - -2.1-167 | 2012-11-14 13:19:17 -0800 - - * Add a new BIF "bytestring_to_double" for converting from a binary - representation of a double. Addresses #908. (Carsten Langer/Daniel - Thayer) - -2.1-162 | 2012-11-13 17:29:00 -0800 - - * Fix modbus register array parsing. (Jon Siwek) - - * Adjustments to modbus test cases. (Jon Siwek) - -2.1-157 | 2012-11-08 16:22:00 -0800 - - * Fix for lookup_hostname BIF. (Jon Siwek) - - * Fix for modbus test portability. (Robin Sommer) - -2.1-152 | 2012-11-05 16:52:34 -0800 - - * Initial version of a completely reworked intelligence framework. - See doc/intel.rst for more information. (Seth Hall) - - * Experimental Modbus analyzer. See policy/protocols/modbus/* for - example policies. (Dina Hadziosmanovic, Seth Hall) - -2.1-112 | 2012-11-05 13:58:20 -0800 - - * New base script for detecting cases of checksum offloading. - Reporter messages will now tell if one has bad checksums. (Seth - Hall) - - * Clarifying ownership rules for BroString constructors. (Robin - Sommer) - -2.1-109 | 2012-11-05 13:39:34 -0800 - - * Add detection rate threshold for MHR. (Vlad Grigorescu) - - * lookup_hostname_txt fixes. (Vlad Grigorescu) - -2.1-104 | 2012-11-01 10:37:50 -0700 - - * A new built-in function lookup_hostname_txt() provides support for - DNS TXT queries. (Vlad Grigorescu) - -2.1-101 | 2012-10-31 14:30:26 -0700 - - * Documentation reorg: The install info has been consolidated into a - single document (INSTALL), the upgrade info has been moved from - the FAQ to a section in the install doc, and the "upgrading from - 1.5 to 2.0" document has been updated (and renamed) to also - include 2.0 to 2.1 upgrade info. (Daniel Thayer) - -2.1-96 | 2012-10-31 14:23:50 -0700 - - * Renaming option defining the frequency of alarm summary mails to - 'Logging::default_alarm_mail_interval'. (Daniel Thayer) - -2.1-91 | 2012-10-24 16:04:47 -0700 - - * Adding PPPoE support to Bro. (Seth Hall) - -2.1-87 | 2012-10-24 15:40:06 -0700 - - * Adding missing &redef for some TCP options. Addresses #905, #906, - #907. (Carsten Langer) - -2.1-86 | 2012-10-24 15:37:11 -0700 - - * Add parsing rules for IPv4/IPv6 subnet literal constants. - Addresses #888. (Jon Siwek) - -2.1-84 | 2012-10-19 15:12:56 -0700 - - * Added a BiF strptime() to wrap the corresponding C function. (Seth - Hall) - -2.1-82 | 2012-10-19 15:05:40 -0700 - - * Add IPv6 support to signature header conditions. (Jon Siwek) - - - "src-ip" and "dst-ip" conditions can now use IPv6 addresses/subnets. - They must be written in colon-hexadecimal representation and enclosed - in square brackets (e.g. [fe80::1]). Addresses #774. - - - "icmp6" is now a valid protocol for use with "ip-proto" and "header" - conditions. This allows signatures to be written that can match - against ICMPv6 payloads. Addresses #880. - - - "ip6" is now a valid protocol for use with the "header" condition. - (also the "ip-proto" condition, but it results in a no-op in that - case since signatures apply only to the inner-most IP packet when - packets are tunneled). This allows signatures to match specifically - against IPv6 packets (whereas "ip" only matches against IPv4 packets). - - - "ip-proto" conditions can now match against IPv6 packets. Before, - IPv6 packets were just silently ignored which meant DPD based on - signatures did not function for IPv6 -- protocol analyzers would only - get attached to a connection over IPv6 based on the well-known ports - set in the "dpd_config" table. - -2.1-80 | 2012-10-19 14:48:42 -0700 - - * Change how "gridftp" gets added to service field of connection - records. In addition to checking for a finished SSL handshake over - an FTP connection, it now also requires that the SSL handshake - occurs after the FTP client requested AUTH GSSAPI, more - specifically identifying the characteristics of GridFTP control - channels. Addresses #891. (Jon Siwek) - - * Allow faster rebuilds in certain cases. Previously, when - rebuilding with a different "--prefix" or "--scriptdir", all Bro - source files were recompiled. With this change, only util.cc is - recompiled. (Daniel Thayer) - -2.1-76 | 2012-10-12 10:32:39 -0700 - - * Add support for recognizing GridFTP connections as an extension to - the standard FTP analyzer. (Jon Siwek) - - This is enabled by default and includes: - - - An analyzer for GSI mechanism of GSSAPI FTP AUTH method. GSI - authentication involves an encoded TLS/SSL handshake over the - FTP control session. For FTP sessions that attempt GSI - authentication, the *service* field of the connection log will - include "gridftp" (as well as also "ftp" and "ssl"). - - - Add an example of a GridFTP data channel detection script. It - relies on the heuristics of GridFTP data channels commonly - default to SSL mutual authentication with a NULL bulk cipher - and that they usually transfer large datasets (default - threshold of script is 1 GB). The script also defaults to - skip_further_processing() after detection to try to save - cycles analyzing the large, benign connection. - - For identified GridFTP data channels, the *services* fields of - the connection log will include "gridftp-data". - - * Add *client_subject* and *client_issuer_subject* as &log'd fields - to SSL::Info record. Also add *client_cert* and - *client_cert_chain* fields to track client cert chain. (Jon Siwek) - - * Add a script in base/protocols/conn/polling that generalizes the - process of polling a connection for interesting features. The - GridFTP data channel detection script depends on it to monitor - bytes transferred. (Jon Siwek) - -2.1-68 | 2012-10-12 09:46:41 -0700 - - * Rename the Input Framework's update_finished event to end_of_data. - It will now not only fire after table-reads have been completed, - but also after the last event of a whole-file-read (or - whole-db-read, etc.). (Bernhard Amann) - - * Fix for DNS log problem when a DNS response is seen with 0 RRs. - (Seth Hall) - -2.1-64 | 2012-10-12 09:36:41 -0700 - - * Teach --disable-dataseries/--disable-elasticsearch to ./configure. - Addresses #877. (Jon Siwek) - - * Add --with-curl option to ./configure. Addresses #877. (Jon Siwek) - -2.1-61 | 2012-10-12 09:32:48 -0700 - - * Fix bug in the input framework: the config table did not work. - (Bernhard Amann) - -2.1-58 | 2012-10-08 10:10:09 -0700 - - * Fix a problem with non-manager cluster nodes applying - Notice::policy. This could, for example, result in duplicate - emails being sent if Notice::emailed_types is redef'd in local.bro - (or any script that gets loaded on all cluster nodes). (Jon Siwek) - -2.1-56 | 2012-10-03 16:04:52 -0700 - - * Add general FAQ entry about upgrading Bro. (Jon Siwek) - -2.1-53 | 2012-10-03 16:00:40 -0700 - - * Add new Tunnel::delay_teredo_confirmation option that indicates - that the Teredo analyzer should wait until it sees both sides of a - connection using a valid Teredo encapsulation before issuing a - protocol_confirmation. Default is on. Addresses #890. (Jon Siwek) - -2.1-50 | 2012-10-02 12:06:08 -0700 - - * Fix a typing issue that prevented the ElasticSearch timeout to - work. (Matthias Vallentin) - - * Use second granularity for ElasticSearch timeouts. (Matthias - Vallentin) - - * Fix compile issues with older versions of libcurl, which don't - offer *_MS timeout constants. (Matthias Vallentin) - -2.1-47 | 2012-10-02 11:59:29 -0700 - - * Fix for the input framework: BroStrings were constructed without a - final \0, which makes them unusable by basically all internal - functions (like to_count). (Bernhard Amann) - - * Remove deprecated script functionality (see NEWS for details). - (Daniel Thayer) - -2.1-39 | 2012-09-29 14:09:16 -0700 - - * Reliability adjustments to istate tests with network - communication. (Jon Siwek) - -2.1-37 | 2012-09-25 14:21:37 -0700 - - * Reenable some tests that previously would cause Bro to exit with - an error. (Daniel Thayer) - - * Fix parsing of large integers on 32-bit systems. (Daniel Thayer) - - * Serialize language.when unit test with the "comm" group. (Jon - Siwek) - -2.1-32 | 2012-09-24 16:24:34 -0700 - - * Fix race condition in language/when.bro test. (Daniel Thayer) - -2.1-26 | 2012-09-23 08:46:03 -0700 - - * Add an item to FAQ page about broctl options. (Daniel Thayer) - - * Add more language tests. We now have tests of all built-in Bro - data types (including different representations of constant - values, and max./min. values), keywords, and operators (including - special properties of certain operators, such as short-circuit - evaluation and associativity). (Daniel Thayer) - - * Fix construction of ip6_ah (Authentication Header) record values. - - Authentication Headers with a Payload Len field set to zero would - cause a crash due to invalid memory allocation because the - previous code assumed Payload Len would always be great enough to - contain all mandatory fields of the header. (Jon Siwek) - - * Update compile/dependency docs for OS X. (Jon Siwek) - - * Adjusting Mac binary packaging script. Setting CMAKE_PREFIX_PATH - helps link against standard system libs instead of ones that come - from other package manager (e.g. MacPorts). (Jon Siwek) - - * Adjusting some unit tests that do cluster communication. (Jon Siwek) - - * Small change to non-blocking DNS initialization. (Jon Siwek) - - * Reorder a few statements in scan.l to make 1.5msecs etc work. - Adresses #872. (Bernhard Amann) - -2.1-6 | 2012-09-06 23:23:14 -0700 - - * Fixed a bug where "a -= b" (both operands are intervals) was not - allowed in Bro scripts (although "a = a - b" is allowed). (Daniel - Thayer) - - * Fixed a bug where the "!=" operator with subnet operands was - treated the same as the "==" operator. (Daniel Thayer) - - * Add sleeps to configuration_update test for better reliability. - (Jon Siwek) - - * Fix a segfault when iterating over a set when using malformed - index. (Daniel Thayer) - -2.1 | 2012-08-28 16:46:42 -0700 - - * Make bif.identify_magic robust against FreeBSD's libmagic config. - (Robin Sommer) - - * Remove automatic use of gperftools on non-Linux systems. - --enable-perftools must now explicity be supplied to ./configure - on non-Linux systems to link against the tcmalloc library. - - * Fix uninitialized value for 'is_partial' in TCP analyzer. (Jon - Siwek) - - * Parse 64-bit consts in Bro scripts correctly. (Bernhard Amann) - - * Output 64-bit counts correctly on 32-bit machines (Bernhard Amann) - - * Input framework fixes, including: (Bernhard Amann) - - - One of the change events got the wrong parameters. - - - Escape commas in sets and vectors that were unescaped before - tokenization. - - - Handling of zero-length-strings as last element in a set was - broken (sets ending with a ,). - - - Hashing of lines just containing zero-length-strings was broken. - - - Make set_separators different from , work for input framework. - - - Input framework was not handling counts and ints out of - 32-bit-range correctly. - - - Errors in single lines do not kill processing, but simply ignore - the line, log it, and continue. - - * Update documentation for builtin types. (Daniel Thayer) - - - Add missing description of interval "msec" unit. - - - Improved description of pattern by clarifying the issue of - operand order and difference between exact and embedded - matching. - - * Documentation fixes for signature 'eval' conditions. (Jon Siwek) - - * Remove orphaned 1.5 unit tests. (Jon Siwek) - - * Add type checking for signature 'eval' condition functions. (Jon - Siwek) - - * Adding an identifier to the SMTP blocklist notices for duplicate - suppression. (Seth Hall) - -2.1-beta-45 | 2012-08-22 16:11:10 -0700 - - * Add an option to the input framework that allows the user to chose - to not die upon encountering files/functions. (Bernhard Amann) - -2.1-beta-41 | 2012-08-22 16:05:21 -0700 - - * Add test serialization to "leak" unit tests that use - communication. (Jon Siwek) - - * Change to metrics/basic-cluster unit test for reliability. (Jon - Siwek) - - * Fixed ack tracking which could overflow quickly in some - situations. (Seth Hall) - - * Minor tweak to coverage.bare-mode-errors unit test to work with a - symlinked 'scripts' dir. (Jon Siwek) - -2.1-beta-35 | 2012-08-22 08:44:52 -0700 - - * Add testcase for input framework reading sets (rather than - tables). (Bernhard Amann) - -2.1-beta-31 | 2012-08-21 15:46:05 -0700 - - * Tweak to rotate-custom.bro unit test. (Jon Siwek) - - * Ignore small mem leak every rotation interval for dataseries logs. - (Jon Siwek) - -2.1-beta-28 | 2012-08-21 08:32:42 -0700 - - * Linking ES docs into logging document. (Robin Sommer) - -2.1-beta-27 | 2012-08-20 20:06:20 -0700 - - * Add the Stream record to Log:active_streams to make more dynamic - logging possible. (Seth Hall) - - * Fix portability of printing to files returned by - open("/dev/stderr"). (Jon Siwek) - - * Fix mime type diff canonifier to also skip mime_desc columns. (Jon - Siwek) - - * Unit test tweaks/fixes. (Jon Siwek) - - - Some baselines for tests in "leaks" group were outdated. - - - Changed a few of the cluster/communication tests to terminate - more explicitly instead of relying on btest-bg-wait to kill - processes. This makes the tests finish faster in the success case - and makes the reason for failing clearer in the that case. - - * Fix memory leak of serialized IDs when compiled with - --enable-debug. (Jon Siwek) - -2.1-beta-21 | 2012-08-16 11:48:56 -0700 - - * Installing a handler for running out of memory in "new". Bro will - now print an error message in that case rather than abort with an - uncaught exception. (Robin Sommer) - -2.1-beta-20 | 2012-08-16 11:43:31 -0700 - - * Fixed potential problems with ElasticSearch output plugin. (Seth - Hall) - -2.1-beta-13 | 2012-08-10 12:28:04 -0700 - - * Reporter warnings and error now print to stderr by default. New - options Reporter::warnings_to_stderr and - Reporter::errors_to_stderr to disable. (Seth Hall) - -2.1-beta-9 | 2012-08-10 12:24:29 -0700 - - * Add more BIF tests. (Daniel Thayer) - -2.1-beta-6 | 2012-08-10 12:22:52 -0700 - - * Fix bug in input framework with an edge case. (Bernhard Amann) - - * Fix small bug in input framework test script. (Bernhard Amann) - -2.1-beta-3 | 2012-08-03 10:46:49 -0700 - - * Merge branch 'master' of ssh://git.bro-ids.org/bro (Robin Sommer) - - * Fix configure script to exit with non-zero status on error (Jon - Siwek) - - * Improve ASCII output performance. (Robin Sommer) - -2.1-beta | 2012-07-30 11:59:53 -0700 - - * Improve log filter compatibility with remote logging. Addresses - #842. (Jon Siwek) - -2.0-907 | 2012-07-30 09:13:36 -0700 - - * Add missing breaks to switch cases in - ElasticSearch::HTTPReceive(). (Jon Siwek) - -2.0-905 | 2012-07-28 16:24:34 -0700 - - * Fix log manager hanging on waiting for pending file rotations, - plus writer API tweak for failed rotations. Addresses #860. (Jon - Siwek and Robin Sommer) - - * Tweaking logs-to-elasticsearch.bro so that it doesn't do anything - if ES server is unset. (Robin Sommer) - -2.0-902 | 2012-07-27 12:42:13 -0700 - - * New variable in logging framework Log::active_streams to indicate - Log:ID enums which are currently active. (Seth Hall) - - * Reworked how the logs-to-elasticsearch scripts works to stop - abusing the logging framework. (Seth Hall) - - * Fix input test for recent default change on fastpath. (Robin - Sommer) - -2.0-898 | 2012-07-27 12:22:03 -0700 - - * Small (potential performance) improvement for logging framework. (Seth Hall) - - * Script-level rotation postprocessor fix. This fixes a problem with - writers that don't have a postprocessor. (Seth Hall) - - * Update input framework documentation to reflect want_record - change. (Bernhard Amann) - - * Fix crash when encountering an InterpreterException in a predicate - in logging or input Framework. (Bernhard Amann) - - * Input framework: Make want_record=T the default for events - (Bernhard Amann) - - * Changing the start/end markers in logs to open/close now - reflecting wall clock. (Robin Sommer) - -2.0-891 | 2012-07-26 17:15:10 -0700 - - * Reader/writer API: preventing plugins from receiving further - messages after a failure. (Robin Sommer) - - * New test for input framework that fails to find a file. (Robin - Sommer) - - * Improving error handling for threads. (Robin Sommer) - - * Tweaking the custom-rotate test to produce stable output. (Robin - Sommer) - -2.0-884 | 2012-07-26 14:33:21 -0700 - - * Add comprehensive error handling for close() calls. (Jon Siwek) - - * Add more test cases for input framework. (Bernhard Amann) - - * Input framework: make error output for non-matching event types - much more verbose. (Bernhard Amann) - -2.0-877 | 2012-07-25 17:20:34 -0700 - - * Fix double close() in FilerSerializer class. (Jon Siwek) - - * Fix build warnings. (Daniel Thayer) - - * Fixes to ElasticSearch plugin to make libcurl handle http - responses correctly. (Seth Hall) - - * Fixing FreeBSD compiler error. (Robin Sommer) - - * Silencing compiler warnings. (Robin Sommer) - -2.0-871 | 2012-07-25 13:08:00 -0700 - - * Fix complaint from valgrind about uninitialized memory usage. (Jon - Siwek) - - * Fix differing log filters of streams from writing to same - writer/path (which now produces a warning, but is otherwise - skipped for the second). Addresses #842. (Jon Siwek) - - * Fix tests and error message for to_double BIF. (Daniel Thayer) - - * Compile fix. (Robin Sommer) - -2.0-866 | 2012-07-24 16:02:07 -0700 - - * Correct a typo in usage message. (Daniel Thayer) - - * Fix file permissions of log files (which were created with execute - permissions after a recent change). (Daniel Thayer) - -2.0-862 | 2012-07-24 15:22:52 -0700 - - * Fix initialization problem in logging class. (Jon Siwek) - - * Input framework now accepts escaped ASCII values as input (\x##), - and unescapes appropiately. (Bernhard Amann) - - * Make reading ASCII logfiles work when the input separator is - different from \t. (Bernhard Amann) - - * A number of smaller fixes for input framework. (Bernhard Amann) - -2.0-851 | 2012-07-24 15:04:14 -0700 - - * New built-in function to_double(s: string). (Scott Campbell) - -2.0-849 | 2012-07-24 11:06:16 -0700 - - * Adding missing include needed on some systems. (Robin Sommer) - -2.0-846 | 2012-07-23 16:36:37 -0700 - - * Fix WriterBackend::WriterInfo serialization, reenable ascii - start/end tags. (Jon Siwek) - -2.0-844 | 2012-07-23 16:20:59 -0700 - - * Reworking parts of the internal threading/logging/input APIs for - thread-safety. (Robin Sommer) - - * Bugfix for SSL version check. (Bernhard Amann) - - * Changing a HTTP DPD from port 3138 to 3128. Addresses #857. (Robin - Sommer) - - * ElasticSearch logging writer. See logging-elasticsearch.rst for - more information. (Vlad Grigorescu and Seth Hall). - - * Give configure a --disable-perftools option to disable Perftools - support even if found. (Robin Sommer) - - * The ASCII log writer now includes "#start " and "#end - lines in the each file. (Robin Sommer) - - * Renamed ASCII logger "header" options to "meta". (Robin Sommer) - - * ASCII logs now escape '#' at the beginning of log lines. Addresses - #763. (Robin Sommer) - - * Fix bug, where in dns.log rcode always was set to 0/NOERROR when - no reply package was seen. (Bernhard Amann) - - * Updating to Mozilla's current certificate bundle. (Seth Hall) - -2.0-769 | 2012-07-13 16:17:33 -0700 - - * Fix some Info:Record field documentation. (Vlad Grigorescu) - - * Fix overrides of TCP_ApplicationAnalyzer::EndpointEOF. (Jon Siwek) - - * Fix segfault when incrementing whole vector values. Also removed - RefExpr::Eval(Val*) method since it was never called. (Jon Siwek) - - * Remove baselines for some leak-detecting unit tests. (Jon Siwek) - - * Unblock SIGFPE, SIGILL, SIGSEGV and SIGBUS for threads, so that - they now propagate to the main thread. Adresses #848. (Bernhard - Amann) - -2.0-761 | 2012-07-12 08:14:38 -0700 - - * Some small fixes to further reduce SOCKS false positive logs. (Seth Hall) - - * Calls to pthread_mutex_unlock now log the reason for failures. - (Bernhard Amann) - -2.0-757 | 2012-07-11 08:30:19 -0700 - - * Fixing memory leak. (Seth Hall) - -2.0-755 | 2012-07-10 16:25:16 -0700 - - * Add sorting canonifier to rotate-custom unit test. Addresses #846. - (Jon Siwek) - - * Fix many compiler warnings. (Daniel Thayer) - - * Fix segfault when there's an error/timeout resolving DNS requests. - Addresses #846. (Jon Siwek) - - * Remove a non-portable test case. (Daniel Thayer) - - * Fix typos in input framework doc. (Daniel Thayer) - - * Fix typos in DataSeries documentation. (Daniel Thayer) - - * Bugfix making custom rotate functions work again. (Robin Sommer) - - * Tiny bugfix for returning writer name. (Robin Sommer) - - * Moving make target update-doc-sources from top-level Makefile to - btest Makefile. (Robin Sommer) - -2.0-733 | 2012-07-02 15:31:24 -0700 - - * Extending the input reader DoInit() API. (Bernhard Amann). It now - provides a Info struct similar to what we introduced for log - writers, including a corresponding "config" key/value table. - - * Fix to make writer-info work when debugging is enabled. (Bernhard - Amann) - -2.0-726 | 2012-07-02 15:19:15 -0700 - - * Extending the log writer DoInit() API. (Robin Sommer) - - We now pass in a Info struct that contains: - - - the path name (as before) - - the rotation interval - - the log_rotate_base_time in seconds - - a table of key/value pairs with further configuration options. - - To fill the table, log filters have a new field "config: table[string] - of strings". This gives a way to pass arbitrary values from - script-land to writers. Interpretation is left up to the writer. - - * Split calc_next_rotate() into two functions, one of which is - thread-safe and can be used with the log_rotate_base_time value - from DoInit(). - - * Updates to the None writer. (Robin Sommer) - - - It gets its own script writers/none.bro. - - - New bool option LogNone::debug to enable debug output. It then - prints out all the values passed to DoInit(). - - - Fixed a bug that prevented Bro from terminating. - -2.0-723 | 2012-07-02 15:02:56 -0700 - - * Extract ICMPv6 NDP options and include in ICMP events. This adds - a new parameter of type "icmp6_nd_options" to the ICMPv6 neighbor - discovery events. Addresses #833. (Jon Siwek) - - * Set input frontend type before starting the thread. This means - that the thread type will be output correctly in the error - message. (Bernhard Amann) - -2.0-719 | 2012-07-02 14:49:03 -0700 - - * Fix inconsistencies in random number generation. The - srand()/rand() interface was being intermixed with the - srandom()/random() one. The later is now used throughout. (Jon - Siwek) - - * Changed the srand() and rand() BIFs to work deterministically if - Bro was given a seed file. Addresses #825. (Jon Siwek) - - * Updating input framework unit tests to make them more reliable and - execute quicker. (Jon Siwek) - - * Fixed race condition in writer and reader initializations. (Jon - Siwek) - - * Small tweak to make test complete quicker. (Jon Siwek) - - * Drain events before terminating log/thread managers. (Jon Siwek) - - * Fix strict-aliasing warning in RemoteSerializer.cc. Addresses - #834. (Jon Siwek) - - * Fix typos in event documentation. (Daniel Thayer) - - * Fix typos in NEWS for Bro 2.1 beta. (Daniel Thayer) - -2.0-709 | 2012-06-21 10:14:24 -0700 - - * Fix exceptions thrown in event handlers preventing others from running. (Jon Siwek) - - * Add another SOCKS command. (Seth Hall) - - * Fixed some problems with the SOCKS analyzer and tests. (Seth Hall) - - * Updating NEWS in preparation for beta. (Robin Sommer) - - * Accepting different AF_INET6 values for loopback link headers. - (Robin Sommer) - -2.0-698 | 2012-06-20 14:30:40 -0700 - - * Updates for the SOCKS analyzer (Seth Hall). - - - A SOCKS log! - - - Now supports SOCKSv5 in the analyzer and the DPD sigs. - - - Added protocol violations. - - * Updates to the tunnels framework. (Seth Hall) - - - Make the uid field optional since it's conceptually incorrect - for proxies being treated as tunnels to have it. - - - Reordered two fields in the log. - - - Reduced the default tunnel expiration interface to something - more reasonable (1 hour). - - * Make Teredo bubble packet parsing more lenient. (Jon Siwek) - - * Fix a crash in NetSessions::ParseIPPacket(). (Jon Siwek) - -2.0-690 | 2012-06-18 16:01:33 -0700 - - * Support for decapsulating tunnels via the new tunnel framework in - base/frameworks/tunnels. - - Bro currently supports Teredo, AYIYA, IP-in-IP (both IPv4 and - IPv6), and SOCKS. For all these, it logs the outher tunnel - connections in both conn.log and tunnel.log, and proceeds to - analyze the inner payload as if it were not tunneled, including - also logging it in conn.log (with a new tunnel_parents column - pointing back to the outer connection(s)). (Jon Siwek, Seth Hall, - Gregor Maier) - - * The options "tunnel_port" and "parse_udp_tunnels" have been - removed. (Jon Siwek) - -2.0-623 | 2012-06-15 16:24:52 -0700 - - * Changing an error in the input framework to a warning. (Robin - Sommer) - -2.0-622 | 2012-06-15 15:38:43 -0700 - - * Input framework updates. (Bernhard Amann) - - - Disable streaming reads from executed commands. This lead to - hanging Bros because pclose apparently can wait for eternity if - things go wrong. - - - Automatically delete disabled input streams. - - - Documentation. - -2.0-614 | 2012-06-15 15:19:49 -0700 - - * Remove an old, unused diff canonifier. (Jon Siwek) - - * Improve an error message in ICMP analyzer. (Jon Siwek) - - * Fix a warning message when building docs. (Daniel Thayer) - - * Fix many errors in the event documentation. (Daniel Thayer) - -2.0-608 | 2012-06-11 15:59:00 -0700 - - * Add more error handling code to logging of enum vals. Addresses - #829. (Jon Siwek) - -2.0-606 | 2012-06-11 15:55:56 -0700 - - * Fix summary lines for BIF documentation and corrected the - description of "fmt" and "floor" BIFs. (Daniel Thayer) - - * Fix val_size BIF tests and improve docs. (Daniel Thayer) - -2.0-602 | 2012-06-07 15:06:19 -0700 - - * Include header for usleep(), caused compile failure on Archlinux. (Jon Siwek) - - * Revert "Fixed a bug with the MIME analyzer not removing whitespace - on wrapped headers." Needs discussion. (Robin Sommer) - -2.0-598 | 2012-06-06 11:47:00 -0700 - - * Add @load-sigs directive for loading signature files (addresses - #551). This can be used to load signatures relative to the current - scripts (e.g., "@load-sigs ./foo.sig"). (Jon Siwek) - - -2.0-596 | 2012-06-06 11:41:00 -0700 - - * Fixes for some BiFs and their documentation. (Daniel Thayer) - - * Many new unit tests for BiFs. (Daniel Thayer) - -2.0-579 | 2012-06-06 11:04:46 -0700 - - * Memory leak fixes for bad usages of VectorVal ctor. (Jon Siwek) - - * Fixed a bug with the MIME analyzer not removing whitespace on - wrapped headers. (Seth Hall) - - * Change Input::update_finished lookup to happen at init time. (Jon Siwek) - - * Fix going through the internal_handler() function which will now - set the event as "used" (i.e. it's marked as being raised - somewhere). Addresses #823. (Jon Siwek) - - * Fix format specifier on RemoteSerializer::Connect. This caused - 32-bit systems to show a warning at compile-time, and fail when - connecting to peers. (Jon Siwek) - - * Fixes for running tests in parallel. (Robin Sommer) - -2.0-571 | 2012-05-30 19:12:43 -0700 - - * Updating submodule(s). - -2.0-570 | 2012-05-30 19:08:18 -0700 - - * A new input framework enables scripts to read in external data - dynamically on the fly as Bro is processing network traffic. - (Bernhard Amann) - - Currently, the framework supports reading ASCII input that's - structured similar as Bro's log files as well as raw blobs of - data. Other formats will come in the future. - - See doc/input.rst for more information (this will be extended - further soon). - -2.0-395 | 2012-05-30 17:03:31 -0700 - - * Remove unnecessary assert in ICMP analyzer which could lead to - aborts. Addresses #822. - - * Improve script debugger backtrace and print commands. (Jon Siwek) - - * Switching default DS compression to gzip. (Robin Sommer) - - * Improve availability of IPv6 flow label in connection records. - This adds a "flow_label" field to the "endpoint" record type, - which is used for both the "orig" and "resp" fields of - "connection" records. The new "connection_flow_label_changed" - event also allows tracking of changes in flow labels: it's raised - each time one direction of the connection starts using a different - label. (Jon Siwek) - - * Add unit tests for Broccoli SSL and Broccoli IPv6 connectivity. - (Jon Siwek) - - * Remove AI_ADDRCONFIG getaddrinfo hints flag for listening sockets. - (Jon Siwek) - - * Undo unnecessary communication protocol version bump. (Jon Siwek) - - * Add support to Bro for connecting with peers over IPv6. (Jon Siwek) - - - Communication::listen_ipv6 needs to be redef'd to true in order - for IPv6 listening sockets to be opened. - - - Added Communication::listen_retry option as an interval at which - to retry binding to socket addresses that were already in use. - - - Added some explicit baselines to check in the istate.events and - istate.events-ssl tests -- the SSL test was incorrectly passing - because it compared two empty files. (The files being empty - because "http/base" was given as an argument to Bro which it - couldn't handle because that script doesn't exist anymore). - - - Support for communication over non-global IPv6 addresses. This - usually requires specifying an additional zone identifier (see - RFC 4007). The connect() and listen() BIFs have been changed to - accept this zone identifier as an argument. - - -2.0-377 | 2012-05-24 16:46:06 -0700 - - * Documentation fixes. (Jon Siwek and Daniel Thayer) - -2.0-372 | 2012-05-17 13:59:45 -0700 - - * Fix compile errors. (Jon Siwek) - - * Linking in the DS docs. (Robin Sommer) - - * Fix mobility checksums unit test. (Jon Siwek) - -2.0-367 | 2012-05-17 12:42:30 -0700 - - * Adding support for binary output via DataSeries. See - logging-dataseries.rst for more information. (Gilbert Clark and - Robin Sommer) - - * Adding target update-doc-sources to top-level Makefile that runs - genDocSourcesList.sh. (Robin Sommer) - - * Moving trace for rotation test into traces directory. (Robin Sommer) - - * Fixing a rotation race condition at termination. (Robin Sommer) - - * Extending log post-processor call to include the name of the - writer. (Robin Sommer) - - * In threads, an internal error now immediately aborts. Otherwise, - the error won't make it back to the main thread for a while and - subsequent code in the thread would still execute. (Robin Sommer) - - * DataSeries cleanup. (Robin Sommer) - - * Fixing threads' DoFinish() method. It wasn't called reliably. Now, - it's always called before the thread is destroyed (assuming - processing has went normally so far). (Robin Sommer) - -2.0-341 | 2012-05-17 09:54:30 -0700 - - * Add a comment to explain the ICMPv6 error message types. (Daniel Thayer) - - * Quieting external test output somehwat. (Robin Sommer) - -2.0-336 | 2012-05-14 17:15:44 -0700 - - * Don't print the various "weird" events to stderr. Address #805. - (Daniel Thayer) - - * Generate icmp_error_message event for ICMPv6 error msgs. - Previously, icmp_sent was being generated, but icmp_error_message - contains more info. - - * Improved documentation comments for icmp-related events. (Daniel - Thayer) - -2.0-330 | 2012-05-14 17:05:56 -0700 - - * Add `addr_to_uri` script-level function that adds brackets to an - address if it's IPv6 and will be included in a URI or when a - ":" needs to be appended to it. (Jon Siwek) - - * Also add a test case for content extraction. (Jon Siwek) - - * Fix typos and improve INSTALL document. (Daniel Thayer) - - * Switching to new btest command TEST-SERIALIZE for communication - tests. (Robin Sommer) - -2.0-323 | 2012-05-04 21:04:34 -0700 - - * Add SHA1 and SHA256 hashing BIFs. Addresses #542. - - * Refactor all internal MD5 stuff to use OpenSSL's. (Jon Siwek) - - * Changes to open-file caching limits and uncached file unserialization. (Jon Siwek) - - - Unserializing files that were previously kicked out of the open-file - cache would cause them to be fopen'd with the original access - permissions which is usually 'w' and causes truncation. They - are now opened in 'a' mode. (addresses #780) - - - Add 'max_files_in_cache' script option to manually set the maximum - amount of opened files to keep cached. Mainly this just helped - to create a simple test case for the above change. - - - Remove unused NO_HAVE_SETRLIMIT preprocessor switch. - - - On systems that don't enforce a limit on number of files opened for - the process, raise default max size of open-file cache from - 32 to 512. - -2.0-319 | 2012-05-03 13:24:44 -0700 - - * SSL bugfixes and cleanup. (Seth Hall) - - - SSL related files and classes renamed to remove the "binpac" term. - - - A small fix for DPD scripts to make the DPD log more helpful if - there are multiple continued failures. - - - Fixed the SSL analyzer to make it stop doing repeated violation - messages for some handshake failures. - - - Added a $issuer_subject to the SSL log. - - - Created a basic test for SSL. - - - Fixed parsing of TLS server extensions. (Seth Hall) - -2.0-315 | 2012-05-03 11:44:17 -0700 - - * Add two more TLS extension values that we see in live traffic. - (Bernhard Amann) - - * Fixed IPv6 link local unicast CIDR and added IPv6 loopback to - private address space. (Seth Hall) - - * Fixed a problem where cluster workers were still processing - notices in some cases. (Seth Hall) - - * Added a configure option to specify the 'etc' directory. Addresses - #801. (Daniel Thayer) - - -2.0-306 | 2012-04-24 14:37:00 -0700 - - * Add further TLS extension values "extended_random" and - "heartbeat". (Seth Hall) - - * Fix problem with extracting FTP passwords and add "ftpuser" as - another anonymous username. (Seth Hall, discovered by Patrik - Lundin). - -2.0-303 | 2012-04-19 10:01:06 -0700 - - * Changes related to ICMPv6 Neighbor Discovery messages. (Jon Siwek) - - - The 'icmp_conn' record now contains an 'hlim' field since hop limit - in the IP header is an interesting field for at least these ND - messages. - - - Fixed and extended 'icmp_router_advertisement' event parameters. - - - Changed 'icmp_neighbor_advertisement' event parameters to add - more of the known boolean flags. - -2.0-301 | 2012-04-17 17:58:55 -0700 - - * Bro now support ICMPv6. (Matti Mantere, Jon Siwek, Robin Sommer, - Daniel Thayer). - - Overall, Bro now raises the following ICMP events for v4 and v6 as - appropiate: - - event icmp_sent(c: connection, icmp: icmp_conn); - event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string); - event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string); - event icmp_error_message(c: connection, icmp: icmp_conn, code: count, context: icmp_context); - event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context); - event icmp_packet_too_big(c: connection, icmp: icmp_conn, code: count, context: icmp_context); - event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context); - event icmp_parameter_problem(c: connection, icmp: icmp_conn, code: count, context: icmp_context); - event icmp_router_solicitation(c: connection, icmp: icmp_conn); - event icmp_router_advertisement(c: connection, icmp: icmp_conn, hop_limit: count, managed: bool, router_lifetime: count, reachable_time: interval, retrans_timer: interval); - event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt:addr); - event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, tgt:addr); - event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr); - - The `icmp_conn` record got a new boolean field 'v6' that indicates - whether the ICMP message is v4 or v6. - - This change also includes further low-level work on existing IP - and ICMP code, including a reorganization of how ICMPv4 is - handled. - -2.0-281 | 2012-04-17 17:40:39 -0700 - - * Small updates for the bittorrent analyzer to support 64bit types - in binpac. (Seth Hall) - - * Removed the attempt at bittorrent resynchronization. (Seth Hall) - -2.0-276 | 2012-04-17 17:35:56 -0700 - - * Add more support for 's that lack some structure - definitions. (Jon Siwek) - -2.0-273 | 2012-04-16 18:08:56 -0700 - - * Removing QR flag from DNS log in response, which should not have - been there in the first place. (Seth Hall) - - * Sync up patricia.c/h with pysubnettree repo. (Daniel Thayer) - - * Adding missing leak groups to a couple tests. Also activating leak - checking for proxy in basic-cluster test. (Robin Sommer) - -2.0-267 | 2012-04-09 17:47:28 -0700 - - * Add support for mobile IPv6 Mobility Header (RFC 6275). (Jon - Siwek) - - - Enabled through a new --enable-mobile-ipv6 configure-time - option. If not enabled, the mobility header (routing type 2) and - Home Address Destination option are ignored. - - - Accessible at script-layer through 'mobile_ipv6_message' event. - - * Refactor IP_Hdr routing header handling, add MobileIPv6 Home - Address handling. Packets that use the Home Address Destination - option use that option's address as the connection's originator. - (Jon Siwek) - - * Revert TCP checksumming to cache common data, like it did before. - (Jon Siwek) - - * Improve handling of IPv6 routing type 0 extension headers. (Jon - Siwek) - - - flow_weird event with name argument value of "routing0_hdr" is raised - for packets containing an IPv6 routing type 0 header because this - type of header is now deprecated according to RFC 5095. - - - Packets with a routing type 0 header and non-zero segments left - now use the last address in that header in order to associate - with a connection/flow and for calculating TCP/UDP checksums. - - - Added a set of IPv4/IPv6 TCP/UDP checksum unit tests (Jon Siwek) - - * Fix table expiry for values assigned in bro_init() when reading - live. (Jon Siwek) - -2.0-257 | 2012-04-05 15:32:43 -0700 - - * Fix CMake from warning about unused ENABLE_PERFTOOLS_DEBUG - variable. (Jon Siwek) - - * Fix handling of IPv6 atomic fragments. (Jon Siwek) - - * Fix that prevents Bro processes that do neither local logging nor - request remote logs from spawning threads. (Robin Sommer) - - * Fixing perftools-debug support. (Robin Sommer) - - * Reverting SocketComm change tuning I/O behaviour. (Robin Sommer) - - * Adding notice_policy.log canonification for external tests. (Robin Sommer) - - -2.0-245 | 2012-04-04 17:25:20 -0700 - - * Internal restructuring of the logging framework: we now spawn - threads doing the I/O. From a user's perspective not much should - change, except that the OS may now show a bunch of Bro threads. - (Gilbert Clark and Robin Sommer). - - * When building Bro, we now always link in tcmalloc if it's found at - configure time. If it's installed but not picked up, - --with-perftools may help. (Robin Sommer) - - * Renaming the configure option --enable-perftools to - --enable-perftool-debug to indicate that the switch is only - relevant for debugging the heap. It's not needed to pick up - tcmalloc for better performance. (Robin Sommer) - -2.0-184 | 2012-03-28 15:11:11 -0700 - - * Improve handling of IPv6 Routing Type 0 headers. (Jon Siwek) - - - For RH0 headers with non-zero segments left, a - "routing0_segleft" flow_weird event is raised (with a - destination indicating the last address in the routing header), - and an "rh0_segleft" event can also be handled if the other - contents of the packet header are of interest. No further - analysis is done as the complexity required to correctly - identify destination endpoints of connections doesn't seem worth - it as RH0 has been deprecated by RFC 5095. - - - For RH0 headers without any segments left, a "routing0_header" - flow_weird event is raised, but further analysis still occurs as - normal. - -2.0-182 | 2012-03-28 15:01:57 -0700 - - * Remove dead tcp_checksum function from net_util. (Jon Siwek) - - * Change routing0_data_to_addrs BIF to return vector of addresses. - The order of addresses in type 0 routing headers is - interesting/important. (Jon Siwek) - - -2.0-179 | 2012-03-23 17:43:31 -0700 - - * Remove the default "tcp or udp or icmp" filter. In default mode, - Bro would load the packet filter script framework which installs a - filter that allows all packets, but in bare mode (the -b option), - this old filter would not follow IPv6 protocol chains and thus - filter out packets with extension headers. (Jon Siwek) - - * Update PacketFilter/Discarder code for IP version independence. - (Jon Siwek) - - * Fix some IPv6 header related bugs. (Jon Siwek) - - * Add IPv6 fragment reassembly. (Jon Siwek) - - * Add handling for IPv6 extension header chains. Addresses #531. - (Jon Siwek) - - - The script-layer 'pkt_hdr' type is extended with a new 'ip6' field - representing the full IPv6 header chain. - - - The 'new_packet' event is now raised for IPv6 packets. Addresses - #523. - - - A new event called 'ipv6_ext_header' is raised for any IPv6 - packet containing extension headers. - - - A new event called 'esp_packet' is raised for any packets using - ESP ('new_packet' and 'ipv6_ext_header' events provide - connection info, but that info can't be provided here since the - upper-layer payload is encrypted). - - - The 'unknown_protocol' weird is now raised more reliably when - Bro sees a transport protocol or IPv6 extension header it can't - handle. Addresses #522. - - * Add unit tests for IPv6 fragment reassembly, ipv6_ext_headers and - esp_packet events. (Jon Siwek) - - * Adapt FreeBSD's inet_ntop implementation for internal use. Now we - get consistent text representations of IPv6 addresses across - platforms. (Jon Siwek) - - * Update documentation for new syntax of IPv6 literals. (Jon Siwek) - - -2.0-150 | 2012-03-13 16:16:22 -0700 - - * Changing the regular expression to allow Site::local_nets in - signatures. (Julien Sentier) - - * Removing a line of dead code. Found by . Closes #786. (Julien - Sentier) - -2.0-146 | 2012-03-13 15:39:38 -0700 - - * Change IPv6 literal constant syntax to require encasing square - brackets. (Jon Siwek) - -2.0-145 | 2012-03-09 15:10:35 -0800 - - * Remove the match expression. 'match' and 'using' are no longer - keywords. Addressed #753. (Jon Siwek) - -2.0-143 | 2012-03-09 15:07:42 -0800 - - * Fix a BRO_PROFILER_FILE/mkstemp portability issue. Addresses #794. - (Jon Siwek) - -2.0-139 | 2012-03-02 09:33:04 -0800 - - * Changes to how script coverage integrates with test suites. (Jon Siwek) - - - BRO_PROFILER_FILE now passes .X* templated filenames to mkstemp - for generating unique coverage state files. - - - Rearranging Makefile targets. The general rule is that if the - all/brief target fails out due to a test failure, then the dependent - coverage target won't run, but can still be invoked directly later. - (e.g. make brief || make coverage) - - * Standardized on the &default function for SSL constants. (Seth - Hall) - - * Adding btest group "leaks" to leak tests. (Robin Sommer) - - * Adding btest group "comm" to communication tests for parallelizing - execution with new btest version. (Robin Sommer) - - * Sorting all output for diffing in the external tests. (Robin - Sommer) - - * Cleaned up dead code from the old SSL analyzers. Reported by - Julien Sentier. (Seth Hall) - - * Update/add tests for broccoli IPv6 addr/subnet support. Addresses - #448. (Jon Siwek) - - * Remove connection compressor. Addresses #559. (Jon Siwek) - - * Refactor IP_Hdr class ctors. Addresses #532. (Jon Siwek) - - -2.0-121 | 2012-02-24 16:34:17 -0800 - - * A number of smaller memory fixes and code cleanups. (Julien - Sentier) - - * Add to_subnet bif. Fixes #782). (Jon Siwek) - - * Fix IPAddr::Mask/ReverseMask not allowing argument of 0. (Jon - Siwek) - - * Refactor IPAddr v4 initialization from string. Fixes #775. (Jon Siwek) - - * Parse the dotted address string directly instead of canonicalizing - and passing to inet_pton. (Jon Siwek) - - -2.0-108 | 2012-02-24 15:21:07 -0800 - - * Refactoring a number of usages of new IPAddr class. (Jon Siwek) - - * Fixed a bug in remask_addr bif. (Jon Siwek) - -2.0-106 | 2012-02-24 15:02:20 -0800 - - * Raise minimum required CMake version to 2.6.3. (Jon Siwek) - -2.0-104 | 2012-02-24 14:59:12 -0800 - - * Add test case for FTP over IPv4. (Daniel Thayer) - - * Fix IPv6 URLs in ftp.log. (Daniel Thayer) - - * Add a test for FTP over IPv6 (Daniel Thayer) - - * Fix parsing of FTP EPRT command and EPSV response. (Daniel Thayer) - -2.0-95 | 2012-02-22 05:27:34 -0800 - - * GeoIP installation documentation update. (Seth Hall) - - * Decrease strictness of parsing IPv4 strings into addrs. Fixes #775. (Jon Siwek) - - * Fix memory leak in DNS manager. Fixes #777. (Jon Siwek) - - * Fix IPAddr/IPPrefix serialization bugs. (Jon Siwek) - - * Fix compile error. (Jon Siwek) - -2.0-86 | 2012-02-17 15:41:06 -0800 - - * Changing ARP detection to always kick in even if no analyzer is - activated. (Robin Sommer) - - * DNS name lookups performed by Bro now also query AAAA records. - DNS_Mgr handles combining the results of the A and AAAA queries - for a given hostname such that at the scripting layer, the name - resolution can yield a set with both IPv4 and IPv6 addresses. (Jon - Siwek) - - * Add counts_to_addr and addr_to_counts conversion BIFs. (Jon Siwek) - - * Change HashKey threshold for using H3 to 36 bytes. (Jon Siwek) - - * Remove mention of --enable-brov6 in docs. (Daniel Thayer) - - * Remove --enable-brov6 from configure usage text (Daniel Thayer) - - * Add a test and baseline for addr_to_ptr_name BiF. (Daniel Thayer) - - * Adding a test and baseline for ptr_name_to_addr BiF. (Seth Hall) - - * Fix the ptr_name_to_addr BiF to work with IPv6 (Daniel Thayer) - - * Fix a memory leak that perftools now complains about. (Jon Siwek) - - * Remove --enable-brov6 flag, IPv6 now supported by default. (Jon Siwek) - - Some script-layer changes of note: - - - dns_AAAA_reply event signature changed: the string representation - of an IPv6 addr is easily derived from the addr value, it doesn't - need to be another parameter. This event also now generated directly - by the DNS analyzer instead of being "faked" into a dns_A_reply event. - - - Removed addr_to_count BIF. It used to return the host-order - count representation of IPv4 addresses only. To make it more - generic, we might later add a BIF to return a vector of counts - in order to support IPv6. - - - Changed the result of enclosing addr variables in vertical pipes - (e.g. |my_addr|) to return the bit-width of the address type which - is 128 for IPv6 and 32 for IPv4. It used to function the same - way as addr_to_count mentioned above. - - - Remove bro_has_ipv6 BIF - -2.0-57 | 2012-02-10 00:02:35 -0800 - - * Fix typos in the documentation. (Daniel Thayer) - - * Fix compiler warning about Brofiler ctor init list order. (Jon Siwek) - - * Fix missing optional field access in webapp signature_match handler. (Jon Siwek) - -2.0-41 | 2012-02-03 04:10:53 -0500 - - * Updates to the Software framework to simplify the API. (Bernhard - Amann) - -2.0-40 | 2012-02-03 01:55:27 -0800 - - * Fix typos in documentation. (Daniel Thayer) - - * Fix sorting of lines in Brofiler coverage.log. (Daniel Thayer) - -2.0-38 | 2012-01-31 11:50:53 -0800 - - * Canonify sorting of lines in Brofiler coverage.log. (Daniel - Thayer) - -2.0-36 | 2012-01-27 10:38:14 -0800 - - * New "Brofiler" mode that tracks and records script statements - executed during runtime. (Jon Siwek) - - Use the BROFILER_FILE environment variable to point to a file in - which statement usage statistics from Bro script-layer can be - output. - - Script statements that should be ignored can be marked with a "# - @no-test" comment. For example: - - print "don't cover"; # @no-test - - if ( F ) - { # @no-test - ... - } - - * Integrated coverage measurement into test-suite. (Jon Siwek) - -2.0-20 | 2012-01-25 16:34:51 -0800 - - * BiF cleanup (Matthias Vallentin) - - - Rename NFS3::mode2string to a more generic file_mode(). - - - Unify do_profiling()/make_connection_persistent()/expect_connection() - to return any (i.e., nothing) instead of bools. - - - Perform type checking on count-to-port conversion. Related to #684. - - - Remove redundant connection_record() BiF. The same - functionality is provided by lookup_connection(). - - - Remove redundant active_connection() BiF. The same - functionality is provided by connection_exists(). - - - exit() now takes the exit code as argument. - - - to_port() now received a string instead of a count. - -2.0-9 | 2012-01-25 13:47:13 -0800 - - * Allow local table variables to be initialized with {} list - expressions. (Jon Siwek) - -2.0-7 | 2012-01-25 13:38:09 -0800 - - * Teach CompHash to allow indexing by records with vector/table/set - fields. Addresses #464. (Jon Siwek) - -2.0-5 | 2012-01-25 13:25:19 -0800 - - * Fixed a bug resulting in over-logging of detected webapps. (Seth Hall) - - * Make communication log baseline test more reliable. (Jon Siwek) - - * Fixed some broken links in documentation. (Daniel Thayer) - -2.0 | 2012-01-11 13:52:22 -0800 - - * Adding script reference documentation. (The Team). - -2.0-beta-194 | 2012-01-10 10:44:32 -0800 - - * Added an option for filtering out URLs before they are turned into - HTTP::Incorrect_File_Type notices. (Seth Hall) - - * Fix ref counting bug in BIFs that call internal_type. Addresses - #740. (Jon Siwek) - - * Adding back the stats.bro file. (Seth Hall) - - -2.0-beta-188 | 2012-01-10 09:49:29 -0800 - - * Change SFTP/SCP log rotators to use 4-digit year in filenames - Fixes #745. (Jon Siwek) - - * Adding back the stats.bro file. Addresses #656. (Seth Hall) - -2.0-beta-185 | 2012-01-09 18:00:50 -0800 - - * Tweaks for OpenBSD support. (Jon Siwek) - -2.0-beta-181 | 2012-01-08 20:49:04 -0800 - - * Add SFTP log postprocessor that transfers logs to remote hosts. - Addresses #737. (Jon Siwek) - - * Add FAQ entry about disabling NIC offloading features. (Jon Siwek) - - * Add a file NEWS with release notes. (Robin Sommer) - -2.0-beta-177 | 2012-01-05 15:01:07 -0800 - - * Replace the --snaplen/-l command line option with a - scripting-layer option called "snaplen" (which can also be - redefined on the command line, e.g. `bro -i eth0 snaplen=65535`). - - * Reduce snaplen default from 65535 to old default of 8192. Fixes - #720. (Jon Siwek) - -2.0-beta-174 | 2012-01-04 12:47:10 -0800 - - * SSL improvements. (Seth Hall) - - - Added the ssl_session_ticket_handshake event back. - - - Fixed a few bugs. - - - Removed the SSLv2.cc file since it's not used. - -2.0-beta-169 | 2012-01-04 12:44:39 -0800 - - * Tuning the pretty-printed alarm mails, which now include the - covered time range into the subject. (Robin Sommer) - - * Adding top-level "test" target to Makefile. (Robin Sommer) - - * Adding SWIG as dependency to INSTALL. (Robin Sommer) - -2.0-beta-155 | 2012-01-03 15:42:32 -0800 - - * Remove dead code related to record type inheritance. (Jon Siwek) - -2.0-beta-152 | 2012-01-03 14:51:34 -0800 - - * Notices now record the transport-layer protocol. (Bernhard Amann) - -2.0-beta-150 | 2012-01-03 14:42:45 -0800 - - * CMake 2.6 top-level 'install' target compat. Fixes #729. (Jon Siwek) - - * Minor fixes to test process. Addresses #298. - - * Increase timeout interval of communication-related btests. (Jon Siwek) - -2.0-beta-145 | 2011-12-19 11:37:15 -0800 - - * Empty fields are now logged as "(empty)" by default. (Robin - Sommer) - - * In log headers, only escape information when necessary. (Robin - Sommer) - -2.0-beta-139 | 2011-12-19 07:06:29 -0800 - - * The hostname notice email extension works now, plus a general - mechanism for adding delayed information to notices. (Seth Hall) - - * Fix &default fields in records not being initialized in coerced - assignments. Addresses #722. (Jon Siwek) - - * Make log headers include the type of data stored inside a set or - vector ("vector[string]"). (Bernhard Amann) - -2.0-beta-126 | 2011-12-18 15:18:05 -0800 - - * DNS updates. (Seth Hall) - - - Fixed some bugs with capturing data in the base DNS script. - - - Answers and TTLs are now vectors. - - - A warning that was being generated (dns_reply_seen_after_done) - from transaction ID reuse is fixed. - - * SSL updates. (Seth Hall) - - - Added is_orig fields to the SSL events and adapted script. - - - Added a field named last_alert to the SSL log. - - - The x509_certificate function has an is_orig field now instead - of is_server and its position in the argument list has moved. - - - A bit of reorganization and cleanup in the core analyzer. (Seth - Hall) - -2.0-beta-121 | 2011-12-18 15:10:15 -0800 - - * Enable warnings for malformed Broxygen xref roles. (Jon Siwek) - - * Fix Broxygen confusing scoped IDs at start of line as function - parameter. (Jon Siwek) - - * Allow Broxygen markup "##<" for more general use. (Jon Siwek) - -2.0-beta-116 | 2011-12-16 02:38:27 -0800 - - * Cleanup some misc Broxygen css/js stuff. (Jon Siwek) - - * Add search box to Broxygen docs. Fixes #726. (Jon Siwek) - - * Fixed major bug with cluster synchronization, which was not - working. (Seth Hall) - - * Fix missing action in notice policy for looking up GeoIP data. - (Jon Siwek) - - * Better persistent state configuration warning messages (fixes - #433). (Jon Siwek) - - * Renaming HTTP::SQL_Injection_Attack_Against to - HTTP::SQL_Injection_Victim. (Seth Hall). - - * Fixed DPD signatures for IRC. Fixes #311. (Seth Hall) - - * Removing Off_Port_Protocol_Found notice. (Seth Hall) - - * Teach Broxygen to more generally reference attribute values by name. (Jon Siwek) - - * SSH::Interesting_Hostname_Login cleanup. Fixes #664. (Seth Hall) - - * Fixed bug that was causing the malware hash registry script to - break. (Seth Hall) - - * Remove remnant of libmagic optionality. (Jon Siwek) - -2.0-beta-98 | 2011-12-07 08:12:08 -0800 - - * Adapting test-suite's diff-all so that it expands globs in both - current and baseline directory. Closes #677. (Robin Sommer) - -2.0-beta-97 | 2011-12-06 11:49:29 -0800 - - * Omit loading local-.bro scripts from base cluster framework. - Addresses #663 (Jon Siwek) - -2.0-beta-94 | 2011-12-03 15:57:19 -0800 - - * Adapting attribute serialization when talking to Broccoli. (Robin - Sommer) - -2.0-beta-92 | 2011-12-03 15:56:03 -0800 - - * Changes to Broxygen master script package index. (Jon Siwek) - - - Now only lists packages as those directories in the script hierarchy - that contain an __load__.bro file. - - - Script packages (dirs with a __load__.bro file), can now include - a README (in reST format) that will automatically be appended - under the link to a specific package in the master package - index. - -2.0-beta-88 | 2011-12-02 17:00:58 -0800 - - * Teach LogWriterAscii to use BRO_LOG_SUFFIX environemt variable. - Addresses #704. (Jon Siwek) - - * Fix double-free of DNS_Mgr_Request object. Addresses #661. - - * Add a remote_log_peer event which comes with an event_peer record - parameter. Addresses #493. (Jon Siwek) - - * Remove example redef of SMTP::entity_excerpt_len from local.bro. - Fixes error emitted when loading local.bro in bare mode. (Jon - Siwek) - - * Add missing doc targets to top Makefile; remove old doc/Makefile. - Fixes #705. (Jon Siwek) - - * Turn some globals into constants. Addresses #633. (Seth Hall) - - * Rearrange packet filter and DPD documentation. (Jon Siwek) - -2.0-beta-72 | 2011-11-30 20:16:09 -0800 - - * Fine-tuning the Sphinx layout to better match www. (Jon Siwek and - Robin Sommer) - -2.0-beta-69 | 2011-11-29 16:55:31 -0800 - - * Fixing ASCII logger to escape the unset-field place holder if - written out literally. (Robin Sommer) - -2.0-beta-68 | 2011-11-29 15:23:12 -0800 - - * Lots of documentation polishing. (Jon Siwek) - - * Teach Broxygen the ".. bro:see::" directive. (Jon Siwek) - - * Teach Broxygen :bro:see: role for referencing any identifier in - the Bro domain. (Jon Siwek) - - * Teach Broxygen to generate an index of Bro notices. (Jon Siwek) - - * Fix order of include directories. (Jon Siwek) - - * Catch if logged vectors do not contain only atomic types. - (Bernhard Amann) - -2.0-beta-47 | 2011-11-16 08:24:33 -0800 - - * Catch if logged sets do not contain only atomic types. (Bernhard - Amann) - - * Promote libz and libmagic to required dependencies. (Jon Siwek) - - * Fix parallel make from top-level to work on more platforms. (Jon - Siwek) - - * Add decode_base64_custom(). Addresses #670 (Jon Siwek) - - * A bunch of Sphinx-doc reorgs and polishing. (Jon Siwek) - -2.0-beta-28 | 2011-11-14 20:09:28 -0800 - - * Binary packaging script tweaks. We now require CMake 2.8.6. (Jon Siwek) - - * More default "weird" tuning for the "SYN_with_data" notice. (Seth - Hall) - - * Tiny bugfix for http file extraction along with test. (Seth Hall) - -2.0-beta-21 | 2011-11-06 19:27:22 -0800 - - * Quickstart doc fixes. (Jon Siwek) - -2.0-beta-19 | 2011-11-03 17:41:00 -0700 - - * Fixing packet filter test. (Robin Sommer) - -2.0-beta-12 | 2011-11-03 15:21:08 -0700 - - * No longer write to the PacketFilter::LOG stream if not reading - traffic. (Seth Hall) - -2.0-beta-10 | 2011-11-03 15:17:08 -0700 - - * Notice framework documentation update. (Seth Hall) - - * Fixing compiler warnings (addresses #388) (Jon Siwek) - -2.0-beta | 2011-10-27 17:46:28 -0700 - - * Preliminary fix for SSH login detection: we need a counted measure - of payload bytes (not ack tracking and not with the IP header - which is what we have now). (Seth Hall) - - * Fixing send_id() problem. We no longer update &redef functions. - Updating code on the fly isn't fully supported. (Robin Sommer) - - * Tuning the format of the pretty-printed alarm summaries. (Robin - Sommer) - -1.6-dev-1508 | 2011-10-26 17:24:50 -0700 - - * Updating submodule(s). (Robin Sommer) - -1.6-dev-1507 | 2011-10-26 15:10:18 -0700 - - * Baseline updates. (Robin Sommer) - -1.6-dev-1506 | 2011-10-26 14:48:43 -0700 - - * Updating submodule(s). (Robin Sommer) - -1.6-dev-1505 | 2011-10-26 14:43:58 -0700 - - * A new base script that pretty-prints alarms in the regular - summary. (Robin Sommer) - - * Adding a dummy log writer WRITER_NONE that just discards - everything. (Robin Sommer) - -1.6-dev-1498 | 2011-10-26 14:30:15 -0700 - - * Adding instructions to local.bro how to do ACTION_ALARM by - default. (Seth Hall) - -1.6-dev-1495 | 2011-10-26 10:15:58 -0500 - - * Updated unit test baselines. (Seth Hall) - -1.6-dev-1491 | 2011-10-25 20:22:56 -0700 - - * Updating submodule(s). (Robin Sommer) - -1.6-dev-1482 | 2011-10-25 19:08:32 -0700 - - * Fixing bug in log managers predicate evaluation. (Robin Sommer) - -1.6-dev-1481 | 2011-10-25 18:17:03 -0700 - - * Fix a problem with DNS servers being logged that aren't actually - servers. (Seth Hall) - - * Changed generated root cert DN format for RFC2253 compliance. (Jon - Siwek) - - * Removed :bro doc directives from notice documentation. (Seth Hall) - - * New notice framework docs. (Seth Hall) - - * Adding sub messages to emails. (Seth Hall) - - * Adding extra fields to smtp and http to track transaction depth. - (Seth Hall) - - * Fix for SSH login detection heuristic. (Seth Hall) - - * Removed some fields from http analysis that weren't commonly - needed or were wrong. (Seth Hall) - - * Updated/fixed MSIE version parsing in the software framework. - (Seth Hall) - - * Update Mozilla trust roots to index certs by subject distinguished - name. (Jon Siwek) - - * weird.bro rewrite. (Seth Hall) - - * More notice email tuning. (Seth Hall) - - * Slightly restructured http file hashing to fix a bug. (Seth Hall) - - * Changed the notice name for interesting ssh logins to correctly - reflect semantics of the notice. (Seth Hall) - - * Field name change to notice framwork. $result -> $action - - - $result is renamed to $action to reflect changes to the notice - framework since there is already another result-like field - ($suppress_for) and there may be more in the future. - - - Slipped in a change to add connection information to notice - emails too. (Seth Hall) - - * Small script refinements and documentation updates. (Seth Hall) - - * Pass over upgrade guide. (Robin Sommer) - - -1.6-dev-1430 | 2011-10-21 10:39:09 -0700 - - * Fixing crash with unknown debug streams. Closes #643. (Robin - Sommer) - - * Code to better handle interpreter errors, which can now be turned - into non-fatal runtime errors rather than immediate aborts. (Robin - Sommer). - - * Remove old make-src-packages script. (Jon Siwek) - - * Fixing a bunch of format strings. Closes #567. (Robin Sommer) - - * Cleaning up some distribution files. (Robin Sommer) - - * Various test, doc, and installation fixes/tweaks. (Seth Hall, Jon - Siwek and Robin Sommer). - - * Varios smaller policy fixes and tweaks (Seth Hall). - - * Moving docs from web server into distribution. (Robin Sommer) - - * Fixing more (small) memory leaks. (Robin Sommer) - - * Profiling support for DNS_Mgr and triggers. With - misc/profiling.bro, both now report a line in prof.log with some - counters on usage. (Robin Sommer) - - * Fixing DNS memory leaks. Closes #534. (Robin Sommer) - - * Fix code for disabling analyzers. Closes #577. (Robin Sommer) - - * Changed communication option from listen_encrypted to listen_ssl. - (Seth Hall) - - * Modification to the Communication framework API. (Seth Hall) - - - Simplified the communication API and made it easier to change - to encrypted connections by not having separate variables to - define encrypted and unencrypted ports. - - - Now, to enable listening without configuring nodes just - load the frameworks/communication/listen script. - - - If encrypted listening is desired set the following: - redef Communication::listen_encrypted=T; - - * Connection compressor now disabled by default. Addresses #559. - (Robin Sommer) - - -1.6-dev-1372 | 2011-10-06 18:09:17 -0700 - - * Filtering some potentially high-volume DNS weirds. (Robin Sommer) - - * DNS now raises DPD events. Closes #577. (Robin Sommer) - - * Fixing a bunch of compiler warnings. (Robin Sommer) - - * Remote logs are auto-flushed if the last write was longer than a - second ago. Addresses #498. (Robin Sommer) - - * Fix missing from previous MIME commit. (Robin Sommer) - -1.6-dev-1366 | 2011-10-06 17:05:21 -0700 - - * Make CompHash computation/recovery for functions deterministic. - Closes #636. (Jon Siwek) - - * Removing unnecessary @load in local.bro. (Robin Sommer) - - * Optimizing some MIME code. (Robin Sommer) - - * Speed improvements in logging code. (Robin Sommer) - - * Consolidating some node-specific functionality from scripts in - broctl repo. (Jon Siwek) - - * Another fix the for 1xx script code. (Robin Sommer) - -1.6-dev-1352 | 2011-10-05 16:20:51 -0700 - - * Fix for optional HTTP::Info status_code. (Jon Siwek) - - * Teaking some external testing scripts. (Jon Siwek) - - * HTTP bug fix reported by Martin Holste. (Seth Hall) - - * More script tuning. (Seth Hall) - - - Moved some of the weird events back to the base/ directory. - - - SSL fixes, updates, and performance optimization. - - * More adjustment to reduce Weird volumes. (Seth Hall) - - * Fixed an error when calculating x509 certificate hashes (reported - by Martin Holste). (Seth Hall) - - * Clean up to cluster framework to make event handling clearer. - (Seth Hall) - - * Fixed a bug in the notice framework. (Seth Hall) - - * Bug fix for FTP analysis script. (Seth Hall) - -1.6-dev-1333 | 2011-09-29 22:29:51 -0700 - - * Fixing a number of memory leaks. (Robin Sommer) - - * Loaded_scripts.log is indented with spaces now and makes more - sense to look at. (Seth Hall) - - * Teach HTTP parser to derive content length of multipart/byteranges - bodies. Addresses #488. (Jon Siwek) - - * Change logging of HTTP 1xx responses to occur in their own - columns. Addresses #411. (Jon Siwek) - - * Fix handling of HTTP 1xx response codes. Addresses #411). - - * Taking advantage of yet another trick to get installed browser - plugins. (Seth Hall) - - - With the software-browser-plugins script you can watch for Omniture - advertising servers to grab the list of installed plugins. - - - I reorganized the plugin detection a bit too to abstract it better. - - - Removed the WEB_ prefix from all of the Software::Type HTTP enums. - They were essentially redundant due to the full name already being - HTTP::SERVER (for example). - -1.6-dev-1316 | 2011-09-28 16:50:05 -0700 - - * Unit test cleanup. Updated README and collected coverage-related - tests in a common dir. (Jon Siwek) - - * Fixes for known-services. (Seth Hall) - - * Ported and 2.0ized the capture-loss script. (Seth Hall) - - * Communication fix and extension.(Robin Sommer) - - - Removing unnecessary log flushing. Closes #498. - - - Adding new BiF disconnect() that shuts a connection to a peer down. - - - terminate_connection() now first flushes any still buffered log - messages. - - * Fix for high SSL memory usage by adding &transient attribute to - top-level SSL pac array type. Closes #574. (Robin Sommer) - - * Fix a small bug in the metrics framework. (Seth Hall) - - * Temporarily removing scripts that aren't ready to be included. - Will return before next release. (Seth Hall) - - * New SSL policy scripts. (Seth Hall) - - - protocols/ssl/expiring-certs uses time based information from - certificates to determine if they will expire soon, have already - expired, or haven't yet become valid. - - - protocols/ssl/extract-certs-pem is a script for taking certs off - the line and converting them to PEM certificates with the openssl - command line tool then dumping them to a file. - - * Notice::type_suppression_intervals: table[Notice::Type] of - interval can be used to modify the suppression intervals for - entire types of notices. (Seth Hall) - - * EOF SSL protocol violations are only generated a single time now. - (Seth Hall) - - * Script level fixes. (Seth Hall) - - - Fixed a type name conflict in the Known namespace. - - - Fixed a DPD framework bug that was causing Reporter messages. - - - Fixed the notice_policy log. - - - Predicate functions are now logged. - - - Predicate functions are now optional. If not given, it's assumed that - the result should always apply. (Seth Hall) - - - Fix a problem with accidental and mistaken HTTP log lines. - -1.6-dev-1293 | 2011-09-22 19:44:37 -0700 - - * Smaller script tweaks. (Seth Hall) - - * Duplicate notice suppression. (Seth Hall) - - - Duplicate notices are discovered with the new Notice::Info - field $identifier. It's a string that is left up to the - notice implementor to define which would indicate a - fundamentally duplicate notice. The field is optional and - if it's not included it's not possible for notice - suppression to take place. - - - Duplicate notices are suppressed by default for the interval - defined by the Notice::default_suppression_interval variable - (1 hour by default). - - - A new notice action was defined ACTION_NO_SUPPRESS to prevent - suppression for a specific notice instance. A convenience set - named not_suppressed_types was also created to not suppress - entire notice types. - - - A new field was added to the PolicyItem type to modify the length - of time a notice should be suppressed if the predicate matches. - The field is named $suppress_for. This name makes the code more - readable like this: $suppress_for = 1day - - - New events were created to give visibility into the notice - framework's suppression activity. - - event Notice::begin_suppression(n: Notice::Info) - - event Notice::suppressed(n: Notice::Info) - - event Notice::end_suppression(n: Notice::Info) - - - The suppression.bro script doesn't have a baseline because - it is causing a segfault in Bro. This one test is the - reason that this is being integrated into a branch instead - of master. (Seth Hall) - - * Fix crash on exit. Addresses #607. (Jon Siwek) - - * Fix PktSrc setting next_timestamp even when no packet available. - (Jon Siwek) - - * Fix lack of NUL-termination in to_upper/to_lower BIF's return val. - (Jon Siwek) - - * Fixing unit tests and some minor bugs. (Jon Siwek) - - * Fix broctl cluster log rotation. Addresses #619. (Jon Siwek) - - * Added session ID to the SSL logging. (Seth Hall) - - * Adding "install-aux" target + updating bro-aux submodule. (Jon - Siwek) - - * Cleaning up INSTALL and README. (Jon Siwek) - - * Remove $Id$ tags. (Jon Siwek) - - * Remove policy.old directory. Addresses #511. (Jon Siwek) - - * Small rework with ssl base script to reduce memory usage. (Seth - Hall) - - * Updated the mozilla root certs. (Seth Hall) - -1.6-dev-1261 | 2011-09-15 17:13:55 -0700 - - * Memory leak fixes. Addresses #574 (Jon Siwek) - - * Add configure options for ruby/bindings integration. (Jon Siwek) - - * Fix filter path_func to allow record argument as a subset of - stream's columns. Addresses #600. (Jon Siwek) - - * Log rotation is now controlled directly through Filter records. (Jon Siwek) - - * Fix indexing for record types with optional fields. Addresses #378 - (Jon Siwek) - -1.6-dev-1248 | 2011-09-15 16:01:32 -0700 - - * Removed custom malloc() implementation for FreeBSD. Closes #557. - (Jon Siwek) - - * Testing/external scripts no longer compute MD5 checksums for SMTP - entities. (Robin Sommer) - - * External tests no longer include the full content of mismatching - files in the diagnostics output. (Robin Sommer) - -1.6-dev-1241 | 2011-09-14 22:51:52 -0400 - - * Fixing a major memory utilization issues with SSL analysis. (Seth - Hall) - - * Enhancements to HTTP analysis: (Seth Hall) - - - More options for the header-names.bro script. - - - New script for logging header names and values. Closes #519. - (Seth Hall) - - - HTTP body size measurement added to http.log. - - - The value of the content-length headers has now been removed - in the default output but it could be added back locally at an - installation by a user. - - - Added fields to indicate if some parsing interruption happened - during the body transfer. Closes #581 (Seth Hall) - - * Misc smaller usability and correctness updates: (Seth Hall) - - - Removed an notice definition from the base SSL scripts. - - - Moved a logging stream ID into the export section for known-services - and bumped priority for creating the stream. - - - Adding configuration knobs for the SQL injection attack detection - script and renaming the HTTP::SQL_Injection_Attack notice to - HTTP::SQL_Injection_Attack_Against - - - Bumped priority when creating Known::CERTS_LOG. - - - Fixing a warning from the cluster framework. (Seth Hall) - - * Bugfix for log writer, which didn't escape binary stuff in some - situations. Closes #585. (Robin Sommer) - - * A larget set of changes to the testing/external infrastructure. - The traces for external test-suites are no longer kept inside the - repositories themselves but downloaded separately via curl. This - is because git is pretty bad at dealing with large files. See the - README for more information. (Robin Sommer) - -1.6-dev-1221 | 2011-09-08 08:41:17 -0700 - - * Updates for documentation framework and script docs. (Jon Siwek) - - * The script level PF_RING support isn't working so removing it. - (Seth Hall) - - * Delete SSL certificates from memory after ssl_established event. - (Seth Hall) - - * Small fixes for SSL analysis. (Seth Hall) - -1.6-dev-1212 | 2011-09-07 16:15:28 -0700 - - * Internally, the UID generation can now return values from - different pool for better reproducability in testing mode. - (Gilbert Clark). - - * Added new BiF unique_id_from(pool: string, prefix: string) that - allows the user to specify a randomness pool. (Gilbert Clark) - -1.6-dev-1198 | 2011-09-07 11:03:36 -0700 - - * Extended header for ASCII log that make it easier for scripts to - parse Bro log files. (Gilbert Clark) - - * Potential fix for rotation crashes. Addresses #588. (Robin Sommer) - - * Added PF_RING load balancing support to the scripting layer, - enabled by loading the misc/pf-ring-load-balancing script. (Seth - Hall) - - * Added a BiF setenv() for setting environment variables. (Seth - Hall) - -1.6-dev-1184 | 2011-09-04 09:34:50 -0700 - - * FindPCAP now links against thread library when necessary (e.g. - PF_RING's libpcap). (Jon Siwek) - - * Install binaries with an RPATH. (Jon Siwek) - - * Fix for a case where nested records weren't coerced even though - possible. (Jon Siwek) - - * Changed ASCII writer to delay creation of log after rotation until - next write. - - * Changed default snaplen to 65535 and added a -l/--snaplen command - line option to set it explicitly. Addresses #447. (Jon Siwek) - - * Various updates to logging framework. (Seth Hall) - - * Changed presentation of enum labels to include namespace. (Jon - Siwek) - - * HTTP analyzer is now enabled with any of the HTTP events. (Seth - Hall) - - * Fixed missing format string that caused some segfaults. (Gregor - Maier) - - * ASCII writer nows prints time interval with 6 decimal places. - (Gregor Maier) - - * Added a Reporter::fatal BIF. (Jon Siwek) - - * Fixes for GeoIP support. Addresses #538. (Jon Siwek) - - * Fixed excessive memory usage of SSL analyzer on connections with - gaps. (Gregor Maier) - - * Added a log postprocessing function that can SCP rotated logs to - remote hosts. (Jon Siwek) - - * Added a BiF for getting the current Bro version string. (Jon - Siwek) - - * Misc. doc/script/test cleanup. (Jon Siwek) - - * Fixed bare-mode @load dependency problems. (Jon Siwek) - - * Fixed check_for_unused_event_handlers option. (Jon Siwek) - - * Fixing some more bare-mode @load dependency issues (Jon Siwek) - - * Reorganizing btest/policy directory to match new scripts/ - organization. Addresses #545 (Jon Siwek) - - * bro scripts generated from bifs now install to - $prefix/share/bro/base. Addresses #545 (Jon Siwek) - - * Changeed/fixed some cluster script error reporting. (Jon Siwek) - - * Various script normalization. (Jon Siwek) - - * Add a test that checks each individual script can be loaded in - bare-mode. Adressess #545. (Jon Siwek) - - * Tune when c$conn is set. Addresses #554. (Gregor Maier) - - * Add ConnSize_Analyzer's fields to conn.log. (Gregor Maier) - - * Fixing bug in "interesting hostnames" detection. (Seth Hall) - - * Adding metrics framework intermediate updates. (Seth Hall) - -1.6-dev-1120 | 2011-08-19 19:00:15 -0700 - - * Fix for the CompHash fix. (Robin Sommer) - -1.6-dev-1118 | 2011-08-18 14:11:55 -0700 - - * Fixing key size calculation in composite hash code. (Robin Sommer) - -1.6-dev-1116 | 2011-08-18 10:05:07 -0700 - - * Remove the 'net' type from Bro (addresses #535). - - * Fix H3 assumption of an 8-bit byte/char. (Jon Siwek) - - * Allow reading from interface without additional script arguments. - Explicitly passing in '-' as an additional command line argument - still allows reading a script from stdin. (Jon Siwek) - - * SSH bruteforcing detection now done with metrics framework. (Seth - Hall) - - * Updates for SQL injection attack detection to match the metrics - framework updates. (Seth Hall) - - * Metrics framework now works on cluster setups. (Seth Hall) - - * Reclassifying more DNS manager errors as non-fatal errors. (Robin - Sommer) - - * Fix ConnSize_Analyzer when used in conjunction with connection - compressor. (Gregor Maier) - - * Fix reporter using part of the actual message as a format string. - (Jon Siwek) - -1.6-dev-1095 | 2011-08-13 11:59:07 -0700 - - * A larger number of script documentation updates. Closes #543. (Jon - Siwek) - - * Workaround for FreeBSD CMake port missing debug flags. (Jon Siwek) - - * piped_exec() can now deal with null bytes. (Seth Hall) - - * Fix vector initialization for lists of records with optional - types. Closes #485. (Jon Siwek) - - * Fix redef'ing records with &default empty set fields. Closes #460. - (Jon Siwek) - - * Fix ConnSize_Analyzer when used in conjunction with the connection - compressor. (Gregor Maier) - - * Fix reporter using part of the actual message as a format string. - (Jon Siwek) - - * Fixing reporter's location tracking. Closes #492. (Robin Sommer) - - * Turning DNS errors into warnings. Closes #255. (Robin Sommer) - - * Logging's path_func now receives the log record as argument. - Closes #555. (Robin Sommer) - - * Functions can now be logged; their full body gets recorded. - Closes #506. (Robin Sommer) - - * Bugfix for hostname notice email extension. (Seth Hall) - - * Updates for notice framework. (Seth Hall) - - - New ACTION_ADD_GEODATA to add geodata to notices in an extension - field named remote_location. - - - Loading extend-email/hostnames by default now that it only does - anything when the ACTION_EMAIL action is applied (finally). - - * Updates to local.bro (Seth Hall) - - * Added the profiling script. (Seth Hall) - - * Updates for SSH scripts. (Seth Hall) - - * ConnSize analyzer is turned on by default now. (Seth Hall) - - * Updates for the build system and site local scripts for cluster. - (Seth Hall) - - * HTTP now uses the extract_filename_from_content_disposition function. (Seth Hall) - - * Major SMTP script refactor. Closes #509. (Jon Siwek and Seth Hall) - - * New variable Site::local_nets_table in utils/site for mapping - address to defined local subnet. - - * Metrics framework updates, more to come. (Seth Hall) - - -1.6-dev-1061 | 2011-08-08 18:25:27 -0700 - - * A set of new/changed tests regarding the new policy script - organisation. (Robin Sommer) - -1.6-dev-1058 | 2011-08-08 16:15:18 -0700 - - * Reorganisation of the scripts that Bro loads by default. (Seth - Hall) - - - policy/ renamed to scripts/ - - - By default BROPATH now contains: - - scripts/ - - scripts/policy - - scripts/site - - - The scripts in scripts/base/protocols/ only do logging and state - building. - - - All of scripts/base/ is loaded by by default. This can however - be disabled by switching Bro into "bare mode" using the new - command-line option --bare-mode (or -b). The cripts in - scripts/base/ don't use relative path loading to ease use of - bare mode (to copy and paste that script). - - - The scripts in scripts/base/frameworks/ add functionality - without causing any additional overhead. - - - All "detection" activity happens through scripts in - scripts/policy/. - - - bro.init was renamed to base/init-bare.bro, and base/all.bro was - renamed to init-default.bro. - - - local.bro now loads more functionality from policy/ and adds - more documentation. (Seth Hall) - - * Adding default_path_func() to the logging framework that makes the - default naming scheme script-level controlled. (Robin Sommer) - - * Reworking logging's postprocessor logic so that postprocessor - commands are no longer run by the log writers themselves, but - instead by a script level function. (Robin Sommer) - - * The communication subsystem is now by default off and must be - enabled explicitly with a new BiF, enable_communication(). Closes - #540. (Robin Sommer) - - * The hostname notice email extension now only add hostnames for - emailed noticed. (Seth Hall) - - * Cleaning up doc generation. (Seth Hall) - -1.6-dev-1044 | 2011-08-05 19:07:32 -0700 - - * Fixing memory (and CPU) leak in log writer. - - * Fixing crash in memory profiling. (Robin Sommer) - - * Fix compiler warning. (Robin Sommer) - - * Fixing missing sync in cluster setup. (Robin Sommer) - - -1.6-dev-1038 | 2011-08-05 18:25:44 -0700 - - * Smaller updates to script docs and their generation. (Jon Siwek) - - * When using a `print` statement to write to a file that has raw output - enabled, NUL characters in string are no longer interpreted into "\0", - no newline is appended afterwards, and each argument to `print` is - written to the file without any additional separation. (Jon Siwek) - - * Test portatibility tweaks. (Jon Siwek) - - * Fixing PktSrc::Statistics() which retured bogus information - offline mode. Closes #500. (Jon Siwek) - - * --with-perftools configure option now assumes --enable-perftools. - Closes #527. (Jon Siwek) - -1.6-dev-1018 | 2011-07-31 21:30:31 -0700 - - * Updating CHANGES. (Robin Sommer) - -1.6-dev-1016 | 2011-07-30 18:34:28 -0700 - - * Install example config files dynamically. They'll only get - installed when the distribution version differs from existing - version on disk. (Jon Siwek) - - * Fixed memory leak in SSL analyzer. (Seth Hall) - - * Beginning rework of metrics interface. (Seth Hall) - - * New/updated unit tests for scripts. (Jon Siwek) - - * New/updated documentstion for scripts. (Jon Siwek) - - * A number of fixes for scripts in utils/. (Jon Siwek) - -1.6-dev.244 Thu Jul 28 17:08:21 PDT 2011 - -- mask_addr() now returns subnet (addresses #512). (Jon Siwek) - -- Normalize Notice::Type identifiers per convention (closes #484). - (Jon Siwek) - -- Fixing default-loaded-scripts test for BSD systems. (Jon Siwek) - -- New piped_exec() BiF for pipeing data into an external command. (Jon - Siwek) - -1.6-dev.242 Mon Jul 25 21:42:39 PDT 2011 - -- Adding a documentation coverage test. (Jon Siwek) - -- The CMake targets for generating reST docs from policy scripts are - now automatically generated via the genDocSourcesList.sh script. - (Jon Siwek) - -- Fixed a number of script error. (Jon Siwek) - -- Fixes to relative @load'ing. (Jon Siwek) - -- Fixes to tests. (Robin Sommer) - -1.6-dev.240 Sun Jul 24 15:14:26 PDT 2011 - -- Updated tests and test baselines. (Jon Siwek) - -- ASCII log writer now prints time values w/ constant 6 digit - precision. (Jon Siwek) - -- Many policy script updates acrsso the board (Seth Hall). - -- Moving devel-tools to bro-aux. (Robin Sommer) - -- BugFix for disable_analyzer(), which could cause crashes with some - analyzers. (Robin Sommer) - -- Bugfix for potential segfault in DebugLogger. (Robin Sommer) - -1.6-dev.226 Thu Jul 21 15:23:39 PDT 2011 - -- Extensions to the @load and @unload process. (Jon Siwek) - - * Make @load statements recognize relative paths. For example a - script can do "@load ./foo" to load a script named foo.bro that - lives in the same directory or "@load ../bar" to load a script - named bar.bro in the parent directory, even if those directories - are not contained in BROPATH. - - * Reimplementation of the @prefixes statement. (Closes #486) - - Any added prefixes are now used *after* all input files have - been parsed to look for a prefixed, flattened version of the - input file somewhere in BROPATH and, if found, load it. For - example, if "lcl" is in @prefixes, and site.bro is loaded, then - a file named "lcl.site.bro" that's in BROPATH would end up being - automatically loaded as well. Packages work similarly, e.g. - loading "protocols/http" means a file named - "lcl.protocols.http.bro" in BROPATH gets loaded automatically. - - * Fix @unload'd files from generating bro_script_loaded event. - - * Updates to tests. - -1.6-dev.225 Wed Jul 20 17:10:41 PDT 2011 - -- IRC improvements (Jon Siwek). Including: - - * Shorten what's displayed in the IRC's log mime_type column for - DCC transfers. - - * Add IRC unit tests. - - * Fix IRC analyzer supplying wrong type to irc_dcc_message event. - - * Removed irc_client and irc_server events. - - * Added is_orig arguments to all other irc events. - - * Fix analyzer not recognizing Turbo DCC extension message format. - - * Fix analyzer not generating irc_dcc_message event when irc_privmsg_message - event doesn't have a handler registered. - -- Fixing tests that need a diff canonifier. (Jon Siwek) - -1.6-dev.223 Tue Jul 19 19:10:36 PDT 2011 - -- Adding a script to update CHANGES and VERSION. (Robin Sommer) - -1.6-dev.218 Tue Jul 19 18:16:44 PDT 2011 - -- Comprehensive policy script overhaul/rewrite. (Seth Hall) - - Changes are too extensive to list individually. - -- Removing undocumented -H command line flag. (Robin Sommer) - -- Fixing many tests. (Everybody) - -- Fixing 0-chunk bug in remote logging. (Robin Sommer) - -- $PATH is now appropriately set by the bro-path-dev.(sh|csh) scripts. - (Seth Hall) - -- Making valgrind a bit more happy. (Robin Sommer) - -- New BiF record_field_vals() that returns the fields of a record in a - table with meta-information. (Robin Sommer) - -- Adding a script in aux/devel-tools that extracts a connection from a - trace based on uid. (Robin Sommer) - -- Fixing bug causing crash when running without arguments. (Robin Sommer) - -- A new event bro_script_loaded() raised for each policy script - loaded. Also removing the -l command-line option as that can now be - done at the script-level. (Robin Sommer) - -- Fixing memory leaks. (Gilbert Clark, Seth Hall, Robin Sommer) - -- Many SSL analysis improvements and fixes. (Seth Hall) - -- Fixing bug with event priorities potentially being ignored for the - handler. (Robin Sommer) - -- Overhauling the internal reporting of messages to the user. The new - Reporter class is now in charge of reporting all errors, warnings, - informational messages, weirds, and syslogs; and it passes - everything through the script layer. (Robin Sommer) - -* Removed the alarm statement and the alarm_hook event. (Robin Sommer) - -- Adding new policy file test-all.bro that loads all other policies. - This is for testing only. (Robin Sommer) - -- A new framework for doing regression testing with larger traces and - more complex Bro configurations in testing/external. (Robin Sommer) - -- Many updates to script doc generation. (Jon Siwek) - -1.6-dev.146 Sat Jun 25 18:12:27 PDT 2011 - -- DNS mapping are now becoming invalid when an entry's TTL expires. - (Thomas Other) - -- Reworking how Bro tracks which scripts are already loaded. Rather - than paths, Bro now tracks inode numbers. (Jon Siwek) - -- New BiF netstats() to query packet capture statistics. The netstats - script now uses the new BiF to periocally report packets drops. The - net_stats_update() event and the heartbeat_interval global went - away. (Seth Hall) - -- Fixing bug with logging &optional records. Closes #476. (Robin - Sommer) - -- Fixing istate.events-ssl test failing because of expired cert. (Jon - Siwek) - -- A large number of improvements and fixes for Bro's doc mode. (Jon - Siwek) - -- Significant updates for RPC and NFS analyzers (Gregor Maier) - - * Unify semantics for UDP and TCP connections. - - * RPC can now log to a log file if desired. - - * Portmapper can now log general activity to a log file and also log - actual port mappings. - - * NFS analyzer now supports significantly more procedure calls as - as file name tracking and file content extraction. - -- NetBIOS fixes. (Jon Siwek) - -- A number of unit tests are more robust and portable. (Jon Siwek) - -- A new BiF unique_id() that returns a string that's unique across Bro - instaces with high probablity. (Robin Sommer) - -- Complete rewrite of the BinPAC SSL analyzer. (Seth Hall) - - * DER certificates are extracted as strings to be used with - corresponding BiFs. - - * x509_verify function to verify single certs and/or full - certificate chains. - - * Removed hand written SSL analyzer. - - * The ssl.bro script is just a place-holder for now. New version - will come with the other new scripts. - -- New syslog analyzer. (Seth Hall) - -- @load now supports loading a directory. With a directory "foo" - somewhere in BROPATH, "@load foo" now checks if there's a file - "foo/__load__.bro". If so, it reads that file in. (Robin Sommer) - -- ASCII logger now escapes non-printable characters. Closes #450. - (Robin Sommer) - -- Packaging tweaks and rewrite of 'dist' target. (Jon Siwek) - -- Changes to allow DEB packaging via CPack, addresses #458. (Jon - Siwek) - -- An extension to the ICMP analyzer to handle redirects. Julien - Sentier - -- Removing old istate test-suite. (Robin Sommer) - -- A hack to report missing GeoIP support only once. This closes #357, - but #455 captures the need for a more general solution. (Robin - Sommer) - -- Bugfix: vectors in records were not initalized. Closes #421. (Robin - Sommer) - -- If IPv6 default is not compiled in, the default BPF filters now - excludes IPv6 packets. (Robin Sommer) - -- New bif bro_has_ipv6() to check whether IPv6 support is compiled in. - (Robin Sommer) - -- Updating btests and a Makefile. "make" now runs all the tests. - (Robin Sommer) - -- Moving the test-scripts from the old test-suite over to btest. - (Robin Sommer) - -- Fix for major bug in POP3 analyzer, which didn't recognize '.' - terminators in multi-line replies if the terminator was bare (no - newline). This caused it to ignore the rest of the session that it's - analyzing. (Vern Paxson) - -- Fix compiler warning with gcc-4.4.4 (Gregor Maier) - -- Adding example documentation for a script's use of logging features. - (Jon Siwek) - -- Adding &log attribute to static attr_names array. (Jon Siwek) - -- Bro can now track packet and byte counts per connection. (Gregor - Maier) - - * If 'use_conn_size_analyzer' is true, the event engine tracks - number of packets and raw IP bytes per connection. If - report_conn_size_analyzer is true, these values are included as - four new columns into conn.log - - * I changed conn.bro so that the value of - report_conn_size_analyzer follows that of - use_conn_size_analyzer. For the new conn.log, we probably want - to get rid of report_conn_size_analyzer anyway. - -- Fixing numerous compiler warnings and portability issues. (All) - -- Switching vectors from being 1-based to 0-based. Note that this is a - change that break backwards-compatibility. (Robin Sommer) - -- Increasing serialization format version for the recent 64-bit - changes. (Robin Sommer) - -- Support for (mixed) MPLS and VLAN traffic, and a new default BPF - filter. (Seth Hall and Robin Sommer) - - * Merging in the patch from #264, which provides support for mixed - VLAN and MPLS traffic. - - * Changing Bro's default filter from being built dynamically to - being a static "ip or not ip". To get the old behaviour back - (i.e., the dynamically built filter), redef "all_packets" to - false. - - * print-filter.bro now always prints the filter that Bro is - actually using, even if overriden from the command line. (Robin - Sommer) - -- Changing the HTTP's analyzers internals to use 64-bit integers. - (Gregor Maier). - -- Fixing bug with deleting still unset record fields of table type. - (Robin Sommer) - -1.6-dev.99 Fri Apr 22 22:10:03 PDT 2011 - -- Extending the connection record with a unique identifier. (Robin - Sommer) - - type connection: record { - [...] - id: string; - }; - - These identifiers very likely unique even across independent Bro - runs. - -- Delete operator for record fields. (Robin Sommer) - - "delete x$y" now resets record field "x" back to its original state - if it is either &optional or has a &default. "delete" may not be - used with non-optional/default fields. - -- Fixing bug with nested record coercions. (Robin Sommer) - -- Fixing a do_split() bug. (Seth Hall) - - -1.6-dev.94 Thu Apr 21 19:51:38 PDT 2011 - -- Fixing generation of config.h. (Jon Siwek) - -- Updates and tests for NetBIOS name BiF. (Seth Hall) - -- Fixing do_split bug(), and adding a test. (Seth Hall) - -- When Bro is given a PRNG seed, it now uses its own internal random - number generator that produces consistent results across sytems. - Note that this internal generator isn't very good, so it should only - be used for testing purpses. (Robin Sommer) - -- The BTest configuration now sets the environemnt variables TZ=UTC - and LANG=C to ensure consistent results. (Robin Sommer) - -- Logging fixes. (Robin Sommer) - -1.6-dev.88 Wed Apr 20 20:43:48 PDT 2011 - -- Implementation of Bro's new logging framework. We will document this - separately. (Robin Sommer) - -- Already defined record types can now be further extended via the - '+=' operator. The added fields must be either &optional or have a - &default value. (Robin Sommer) - - Example: - - type Foo: record { - a: count; - b: count &optional; - }; - - redef record Foo += { - c: count &default=42; - d: count &optional; - }; - - global f: Foo = [$a=21]; - - print f; - - Output: - - [a=21, b=, c=42, d=] - -- Enabling assignment of empty vectors ("vector()"). (Robin Sommer) - -- Fixing attributes to allow &default attributes to be associated with - records fields of type tables/sets/vector. (Robin Sommer) - -- '[]' is now a valid record constructor. (Robin Sommer) - -- A instance of a record type A is now coercable into one of type B if - the fields of type A are a subset of those of type B. (Robin Sommer) - -- A number of bug fixes and enhancements for record/set/table/vector - coercion. (Robin Sommer) - -- Fixing a problem with records that have optional fields when used as - table/set indices. Addresses #367. (Robin Sommer) - -- Fixing an off-by-one error in join_string_vec(). (Seth Hall) - -- Updating to_count() to cope with 64bit ints. (Seth Hall) - -- A new BiF count_to_v4_addr() to turn a count into an IPv4 address. - (Seth Hall) - -1.6-dev.80 Mon Apr 18 14:50:54 PDT 2011 - -- New framework for generating documentation from Bro scripts. (Jon - Siwek) - - This includes: - - * Changes to Bro's scanner/parser to facilitate automatic - generation of Bro policy script documentation in - reStructuredText format. - - * New command line flags -Z/--doc-scripts to enable the new doc - generation mode. - - * Changes to bifcl to pass comments starting with "##" through - into the generated .bro script. - - * A "doc" build target for the top-level Makefile to first - generate reStructuredText for a defined set of Bro policy - scripts, and then run that through Sphinx to create HTML - documentation. - -1.6-dev.78 Mon Apr 18 12:52:55 PDT 2011 - -- Adding files to CMake build targets so they show up in generated IDE - projects. This addresses #413. (Jon Siwek) - -- Fix unnecessary config.h preprocessor (re)definitions. This - addresses #414. (Jon Siwek) - -- Updating istate tests. (Robin Sommer) - -- Adding files to CMake build targets so they show up in generated IDE - projects. - -- Adding new environment variable BRO_SEED_FILE to set the seed file - for the random number generator. (Robin Sommer) - -1.6-dev.71 Fri Apr 1 16:06:33 PDT 2011 - -- Removing code for the following no longer supported functionality. - - * Trace rewriting. - * DFA state expiration in regexp engine. - * Active mapping. - * Unused hash functions. - - (Robin Sommer) - -- Fixing crashes when SSL is not configured correctly. (Robin Sommer) - -1.6-dev.66 Tue Mar 29 21:52:01 PDT 2011 - -- Initial btest setup (Don Appleman and Robin Sommer) - -- Porting the istate tests to btest (not finished) (Robin Sommer) - -1.6-dev.63 Mon Mar 21 16:31:15 PDT 2011 - -- Changes to the way user-modifiable config files are installed (Jon Siwek) - - * Duplicates of the distribution's configuration files are now - always installed with a .example suffix - - * Added --binary-package configure option to toggle configure - logic specific to the creation of binary packages. - - * When not in binary packaging mode, `make install` never - overwrites existing configure files in case they've been - modified. The previous behavior (CMake's default) would only - avoid overwriting modified files if one consistently uses the - same build directory and doesn't reconfigure. - -- Fixed an issue with Mac package's pre-install script not preserving - ACLs. (Jon Siwek) - -- Minor cleanup/refactor of the make-mac/rpm-packages scripts. (Jon - Siwek) - -- Add explicit CMake check for compiler. (Jon Siwek) - -- Add alternative way to set BROPATH for running bro from build/ dir. - (Jon Siwek) - -- Fixing compiler warnings (Gregor Maier) - -- Remvoing leftover local variables that caused compile error on Mac - OS X. (Gregor Maier) - -1.6-dev.53 Fri Feb 25 17:03:05 PST 2011 - -- Fixing file detector leak in remote communication module. (Scott - Campbell) - -- Updating independent-state tests to work with new setup. (Robin - Sommer) - -1.6-dev.49 Fri Feb 25 15:37:28 PST 2011 - -- Enum IDs can have explicitly defined values. (Gregor Maier) - -- Extensions for the built-in function compiler, bifcl. (Gregor Maier) - - * Support for policy-layer namespaces. - * Support for type declarations in bif files (with access them - from C++) - * Extended const declarations in bif files. - - See http://bro.icir.org/devel/bif-doc for more information. - -1.6-dev.48 Fri Feb 25 10:53:04 PST 2011 - -- Preliminary TCP Reassembler fix: deliver data after 2GB by disabling - the unused seq_to_skip feature. (Gregor Maier) - -1.6-dev.47 Fri Feb 25 10:40:22 PST 2011 - -- Fixing endianess error in XDR when data is not 4-byte aligned. - (Gregor Maier) - -- Fix for Val constructor with new int64 typedefs. (Gregor Maier) - -- Updated fix for OS X 10.5 compile error wrt llabs(). (Gregor Maier) - -- Fix more compiler warning wrt printf format strings. (Gregor Maier) - -1.6-dev.45 Tue Feb 8 21:28:01 PST 2011 - -- Fixing a number of compiler warnings. (Seth Hall and Robin Sommer) - -1.6-dev.44 Tue Feb 8 20:11:44 PST 2011 - -- A number of updates to the SSL analyzer, including support for new - ciphers; SSL extensions; and bug fixes. The analyzer does not longer - throw weird for exceeding a predefined cipherspec_size anymore. - (Seth Hall and Rmkml). - -- The various split*() BiFs now handle strings containing null bytes - correctly. (Seth Hall) - -- Adding new aux/btest submodule. This is a framework we will use in - the future for doing unit tests. (Robin Sommer) - -1.6-dev.41 Mon Feb 7 13:43:56 PST 2011 - -- Smarter way to increase the parent/child pipe's socket buffer. - (Craig Leres). - -- Fixing bug with defining bro_int_t and bro_uint_t to be 64 bits wide - on some platforms. (Robin Sommer) - -1.6-dev.39 Mon Jan 31 16:42:23 PST 2011 - -- Login's confused messages now go through weird.bro. (Robin Sommer) - -1.6-dev.36 Mon Jan 31 08:45:35 PST 2011 - -- Adding more configure options for finding dependencies, (Jon Siwek) - - --with-flex=PATH path to flex executable - --with-bison=PATH path to bison executable - --with-perl=PATH path to perl executable - --with-python=PATH path to Python interpreter - --with-python-lib=PATH path to libpython - --with-python-inc=PATH path to Python headers - --with-swig=PATH path to SWIG executable - -- Fixing typo in PCAPTests.cmake (Jon Siwek) - - -1.6-dev.33 Mon Jan 24 15:29:04 PST 2011 - -- Fixing bug in SMB analyzer. (Robin Sommer) - -- Configure wrapper now deletes previous CMake cache (Jon Siwek) - -- Fix for the --with-binpac configure option. (Jon Siwek) - -1.6-dev.30 Thu Jan 20 16:32:43 PST 2011 - -- Changed configure wrapper to create config.status. (Jon Siwek) - -1.6-dev.29 Thu Jan 20 16:29:56 PST 2011 - -- Fixing little problem with initialization of Bro-to-Bro event - communication. (Christian Kreibich) - - -1.6-dev.27 Thu Jan 20 13:52:25 PST 2011 - -- Fine-tuning of the HTTP analyzer in terms of raising protocol - violations and interrupted transfers. (Gregor Maier) - - -1.6-dev.21 Wed Jan 19 17:36:02 PST 2011 - -- Added 4 new BiFs and a new record type for testing the entropy of - strings. (Seth Hall) - - find_entropy(data: string): entropy_test_result - This is a one shot function that accepts a string and - returns the result of the entropy calculations. - - entropy_test_init(index: any): bool - This and the next two functions are for calculating entropy - piece-wise. It only needs an index which can be any type of - variable. It needs to be something that uniquely identifies - the data stream that is currently having it's entropy - calculated. - - entropy_test_add(index: any, data: string): bool - This function is used to add data into the entropy - calculation. It takes the index used in the function above - and the data that you are adding and returns true if - everything seemed to work, false otherwise. - - entropy_test_finish(index: any): entropy_test_result - Calling this function indicates that all of the desired data - has been inserted into the entropy_test_add function and the - entropy should be calculated. This function *must* be called - in order to clean up an internal state tracking variable. - If this is never called on an index, it will result in a - memory leak. - - The entropy_test_result values have several measures of the - entropy, but a good one to work with is the "entropy" attribute. - It's a double and as the value approaches 8.0 it can be considered - more and more random. For example, a value of 7.832 would be - quite random but a value of 4.671 is not very random. - -1.6-dev.20 Wed Jan 19 17:30:11 PST 2011 - -- BRO_DNS_FAKE is now listed in the --help output. (Seth Hall) - - -1.6-dev.18 Wed Jan 19 16:37:13 PST 2011 - -- Removing unnecessary expire timer from http_sessions. (Gregor - Maier) - - -1.6-dev.16 Sat Jan 15 14:14:21 PST 2011 - -- Updates to the build system. (Jonathan Siwek) - - * ``make dist`` is now available to be used with the top-level - Makefile for creating source packages according to #344. - - * ``make-rpm-packages`` and ``make-mac-packages`` scripts can - now generate binary packages according to #295. - - * Additional configure options to change packaging behavior. - - * OS X builds will now prefer to link static libraries of - optional dependencies that don't come with the vanilla - operating system. - - * Fix for OS X 10.5 compile error dealing with the llabs() - function from stdlib. - - * Installing as a different user than the one that - configured/built now works (although, a harmless error message - about not being able to write the install manifest may occur). - - -1.6-dev.3 Wed Dec 8 04:09:38 PST 2010 - -- Merge with Subversion repository as of r7137. Incorporated change: - - * Fix for packet processing resumption when a remote Bro dies - during state synchronization (Robin Sommer). - -1.6-dev.2 Wed Dec 8 03:57:03 PST 2010 - -- Compatibility fix for OpenSSL 1.0.0 (Christian Kreibich, Gregor - Maier). - -1.6-dev.1 Sat Nov 27 12:19:47 PST 2010 - -- Merge with Subversion repository as of r7098. Incorporated changes: - - * Rotation post-processors are now passed an additional argument - indicating whether Bro is terminating (Robin Sommer). - - * Bro now consistently generates a file_opened event for all - fopen() calls. (Robin Sommer). - - * You can now redefine the email_notice_to function (Robin - Sommer). - -1.6-dev.0 Fri Nov 26 13:48:11 PST 2010 - -- The Bro source code is now developed in the new git repositories. - See the developer pages at http://www.bro-ids.org for more - information on the new development process. - -- Bro's build and installation setup has been moved from GNU - autotools to CMake. As a result of that, layout and specifics of - the distribution has changed significantly. - -- Lots of pieces have been removed from the distribution that are - either now unnecessary or are no longer maintained. - -- As part of the cleanup, a numbef of Bro configure options and - their corresponding functionality have been removed, including: - - * --disable-select-loop - * --with-dag - * --disable-nbdns - * --enable-activemapping - * --enable-activemapping - * --enable-shippedpcap - -- The previous configure option --enable-int64 is now enabled by default, - and can no longer be disabled. - -- ClamAV support has been removed, which has been non-functional for - a while already. - -1.5.2.7 Sun Sep 12 19:39:49 PDT 2010 - -- Addressed a number of lint nits (Vern Paxson). - - -1.5.2.6 Sun Sep 12 17:00:13 PDT 2010 - -- The SWIG file now explicitly lists those pieces from broccoli.h which it - wants to wrap, rather than just including all of broccoli.h (Robin Sommer). - This fixes the problem that the SWIG bindings depend on what configure - finds out about the availability of libpcap even though the corresponding - functions don't need to be wrapped anyway. - -- http-header.bro now includes a global include_header: set[string] - (Robin Sommer). If it contains any strings, then only those headers - will be processed. If left empty, then you continue to get the current - behavior of processing all headers. - -- Several changes to drop.bro (Robin Sommer): - - * If true, the new flag Drop::dont_drop_locals indicates that - local hosts should never be dropped. On by default. - - * If true, the new flag Drop::debugging activates extensive debugging - output for the catch-and-release logic. Off by default. - - * The timeout for tracking dropping information is now 1 day - rather than 7 days, to better echo the one-restart-a-day semantics - used in the past. - - * Bug fix for hosts once dropped by later cleared; some state - for them persisted. - -- Portability fix for Broccoli Python bindings on 64-bit platforms (Robin - Sommer). - -- The HTTP analyzer no longer attempts to track Server/User-Agent - versions, as these are hugely voluminous (Seth Hall). Ideally this - would still be available as an option for someone who truly wants - the full set. - -- HTTP and SMTP no longer have extra-short inactivity timeouts, as - these were too often leading to premature expiration of a connection - (Robin Sommer). - -- The "rst" tool (aux/rst/) now takes an optional "-I " argument - that instructs it to inject as payload rather than sending a RST - packet (Vern Paxson). must be NUL-terminated, and the NUL is not - included. - -- Bug fix for crashes in the DNS analyzer when processing replies for - which no request was seen (Robin Sommer). - - -1.5.2.5 Mon Jul 19 16:20:58 PDT 2010 - -- Removed now-quite-stale SSHv1 overflow detection, as it's more prone - to false positives than useful detection (Vern Paxson). - - -1.5.2.4 Fri Jun 4 16:02:11 PDT 2010 - -- Bug fixes for terminating connections (Tyler Schoenke and Vern Paxson). - - -1.5.2.3 Wed Mar 24 18:23:57 PDT 2010 - -- Bug fixes for --enable-int64 and for avoiding bogus statistics / - bad memory references when generating profiling information upon - exit (Vern Paxson). - - -1.5.2.2 Tue Jan 12 12:33:42 PST 2010 - -- Broccoli compiler warning fixes (Kevin Lo). - - -1.5.2.1 Sun Jan 10 16:59:01 PST 2010 - -- Bug fix for Active Mapping support (Kevin Lo). - - -1.5.2 Sat Dec 26 18:38:37 PST 2009 - -- Portability fixes for --enable-int64 (Vern Paxson). - - -1.5.1 Fri Dec 18 15:17:12 PST 2009 - -- Due to a Python configuration problem, the original 1.5 distribution - did not include the BroControl component, which also introduced a - portability problem for CentOS. These issues have now been fixed (Robin - Sommer and Vern Paxson). - - -1.5 Wed Dec 16 21:28:47 PST 2009 - -- Bro now comes with a new framework, BroControl, for managing an - operational Bro setup, including support for installation, configuration, - and maintainance tasks such a log archival and mail notification. The - framework transparently supports both traditional standalone setups as - well as cluster installations in which multiple Bro boxes coordinate to - analyze a high-volume network link. - - See aux/broctl/README for more information about BroControl. - - Note, BroControl supersedes the older BroLite system, which is no longer - supported and has been deprecated for a while now. - -- Numerous adjustments to DPD = dynamic protocol detection (Robin Sommer): - - o The Analyzer::ProtocolViolation?() method can now be passed the - offending data (which POP3, SMTP, and FTP now do). This information - is added to the "reason" string passed to the script level. - - o SMTP now more accurately reports violations. - - o FTP stops processing when client & server successfully negotiate - an AUTH scheme (leading to subsequent encryption). - - o Analyzer::ProtocolViolation() is virtual, and - TCP_ApplicationAnalyzer() overrides it to not report violations - for any partial connections, because very likely these arise just - due to the analyzer getting confused. - - o TCP::IsPartial() returns true if any side did not start with - a SYN packet (used to be just be for the originator). - - o The connection_state_remove handler in conn.bro now has a higher - &priority so that other handlers for the same event can use - determine_service() and see any changes it performs. - - o DynDisable:max_volume specifies a volume limit (default 10K). - Once a connection exceeds this limit, further protocol - limitations will neither raise ProtocolViolation notices nor - cause the analyzer to be disabled. - - o The event engine no longer raises protocol_violation events for - TCP connections which had gaps, as these have proven too unreliable. - (Note that, ideally, the *analyzers* should avoid reporting - protocol_violations when they can't reliably parse a connection - anymore after a gap; but many don't.) - -- A set of new script functions provide support for incrementally computing - MD5 checksums (Seth Hall). - - md5_hash_init(index: any): bool - Initializes an incremental hashing instance. "index" is - a value of arbitrary type, used to identify this particular - instance (you can have multiple concurrent instances by - using different index values). Returns T on success, - F on failure (such as the index is already in use). - - md5_hash_update(index: any, data: string): bool - For the given hashing instance, updates the hash - based on the given data. Returns T on success, F on - failure (such as the index has not been initialized). - - md5_hash_finish(index: any): string - Returns the MD5-printable hash for the given index - and terminates the instance, or the string "" if the - index was not active. - -- Bro now supports a believed-to-be-robust mechanism for estimating the - proportion of traffic that it failed to capture ("measurement drops"), - which can arise due to overload in either Bro itself, the kernel's - packet filter, or problems with the link tapping mechanism (Vern Paxson). - The event engine can generate estimates for either live traffic or what - was previously recorded in a trace file, though traces subject to some - forms of selective omission (such as skipping over parts of a connection - to reduce storage) can lead to erroneous values. - - The estimates are based on observing gaps in TCP data streams, and - come in two forms: the rate at which such gaps appear, and the relative - volume of data missing due to the gaps. (We've found however that the - volume-based estimator is not robust due to occasional packets with - incorrect sequence numbers, so this estimator is off by default.) - - The easy way to get the estimates is to load capture-loss.bro. - By default, it generates a CaptureLossSummary notice upon Bro's exit, - which can look like: - - 1130222759.344066 CaptureLossSummary estimated rate = 0.00089124 / 0.000970997 (events/bytes) - - If the estimated loss is none, however, it suppresses this notice, - unless you redef CaptureLoss::summary_if_none to T. - - You can also get finer-grained access by defining a "gap_report" - event handler and redef'ing gap_report_freq to a non-zero interval - (such as "10 sec"). This event allows you to pinpoint regions in - time that exhibit significant capture loss. See capture-loss.bro - for an example of a handler for this event. - - Finally, these changes include a number of fixes to Bro's - ack_above_hole/content_gap analysis, which is now significantly - more robust. - -- GeoIP support now supports ASN lookups via the built-in - function lookup_asn(a: addr): count (Scott Campbell and Seth Hall). - -- The GeoIP built-in's lookup_location() and lookup_asn() now - support IPv6 (Seth Hall). Note, the current GeoIP distribution - doesn't include any IPv6 databases, so for now these won't succeed, - but the hooks are in place for when databases become available. - -- lookup_location() now falls back back to the country database if - the city database isn't available (Seth Hall). - -- The new SuccessfulPasswordGuessing Notice is generated when a host - has been seen attempting password guessing (currently only for FTP - sessions) and then successfully logs in (Royal Chan). You can control the - threshold for such reports in terms of how many attempts the host must - have made by redef'ing the variable password_guessing_success_threshhold, - which defaults to 20. - -- The new script http-detect-passwd.bro analyzes the Web items returned - for fetches that appear to be accessing the passwd file (Akhil Dhar). - It generates a PasswordFullFetch Notice if it appears that the item - includes a full password file, and PasswordShadowFetch if it looks like - a shadowed password file. - -- The new built-in - - system_env(cmd: string, env: table[string] of string) - - works like system(), but puts the table entries into the environment - before invoking the command (Robin Sommer). Each in the table - creates an environment variable of the form "BRO_ARG_", whose - value is the corresponding table entry. - -- The new script function - - execute_with_notice(cmd: string, notice_info) - - executes "cmd" with an environment containing the fields of the - notice_info, i.e., the information associated with a Notice (Robin Sommer). - Per the new system_env() function above, the environment variables appear - as "BRO_ARG_", where is the field tag as it appears in - notice.log when you enable use_tagging. - -- The new built-in enable_raw_output(file) acts the same as - the attribute &raw_output (Seth Hall). - -- The new built-in file_opened(f: file) event is generated any time Bro - opens a script-level file (Justin Azoff). You can use this, for example, - if you want to ensure that a given file has a prelude in it such as - human-readable headers, even when the file is rotated. - -- The notice_info record has a new field - - aux: table[string] of string &optional - - which you can use for information specific to a given type of notice - (Robin Sommer). Entries in $aux appear as "aux_" tags in notice.log. - -- Another new notice_info record field is the boolean do_alarm (default=T), - which, if set to F, overides a notice action otherwise specifying to - generate an alarm (Robin Sommer). In other words, if do_alarm is F, no - alarm will be generated independent of the notice action. - - This is a work-around for the fact that we can't specify more than one - action. In particular, we couldn't NOTICE_DROP but then *not* alarm, - which we now can by returning NOTICE_DROP yet setting do_alarm to F. - -- The notice_info record field $dropped now appears in the tagged output - format if true (Robin Sommer). - -- NOTICEs relating to scan detection now no longer include the connection - that triggered the notice, as it really doesn't contain any useful - information, given that the particular trigger simply depends on the - detection algorithm and its parameters (Robin Sommer). However, we do - explicitly set $p (port number) in the notice, and also $n with the - number of attempts. - -- drop.bro now hardwires a Catch-and-Release redrop after seeing one - connection from a previously-dropped-but-already-released host - (Robin Sommer). - -- drop.bro now provides some new hooks (Robin Sommer): - - event address_dropped(a: addr) - Generated when an address has been dropped. - - event address_restored(a: addr) - Generated when connectivity to an address has been restored, - such as using the Catch-and-Release mechanism. - - event address_cleared(a: addr) - Generated when an address that was dropped in the past is - no longer being monitored looking for new connections - (as part of the Catch-and-Release mechanism). - -- The new built-in function - - hexdump(data_str: string) : string - - returns a hex dump representation of the given input data (Christian - Kreibich). The dump renders 16 bytes per line, with hex on the left and - ASCII (where printable) on the right. - -- Bro's notion of when a TCP connection begins now dastes to the first - instance of an initial SYN packet seen, rather than the last (Gregor Maier). - -- The Time Machine script tm-contents.bro now generates - - event contents_saved: event(c: connection, orig_file: string, - resp_file: string) - - when the content of a connection has been completely saved to disk - (Robin Sommer). - -- The mime.bro script now exports the MIME header callback table, and also - marks it as &redef'able so you can modify its entries (Matthias Vallentin). - The mime_log file is also now exported. - -- A new signature file, policy/sigs/http-bots.sig, contains signatures - to detect some of the current HTTP based controlled bot families (Seth Hall). - -- The signature engine's HTTP pattern matching has been fixed (Seth Hall) - to align with the documentation at: - - http://www.bro-ids.org/wiki/index.php/Reference_Manual:_Signatures#Content_conditions - - In particular, the content condition "http" is now referred to as - "http-request" (though "http" still works for backward compatibility), - "http-request-header" and "http-reply-header" now provide access to - headers seen in only one direction, and similarly for "http-request-body" - and "http-reply-body". (This latter is still accessible as "http-body" - for backwards compatibility.) - -- The new script variable max_remote_events_processed: count (default 10) - sets a limit on the number of remote events processed in each round, - before tending to other inputs (Robin Sommer). - -- If you set the new script variable dump_used_event_handlers to T, - then on startup Bro dumps out all of the event handlers that the - loaded set of scripts can invoke (Matthias Vallenti). - -- Summaries for DNS PTR scanning now use a separate Notice, - DNS_PTR_Scan_Summary, rather than overloading DNS_PTR_Scan (Robin Sommer). - -- scan.bro now provides a table skip_dest_server_ports: set[addr, port] - which lists servers (defined as an address and a port) excluded from - scan detection computations (Craig Leres and Jay Krous). - -- When redefining values on the command line directly (using var=value), - quotation marks are now implicit only if "var" is a variable of type - string (Christian Kreibich). This allows other string-like values - (such as enum's) to be passed as well. - -- scan.bro now explicitly loads conn.bro so that it can itself - be loaded independently (Robin Sommer). - -- login.bro depends on scan.bro (because of tracking authentication - "scans"), so now it explicitly loads it (Vern Paxson). - -- UDP_datagram_length_mismatch is now by default flagged just once per - originating host rather than once per connection, as it can generate - tons of messages (Vern Paxson). - -- Removed now-long-boring flagging of access to Solaris "listen" - service as "hot" (Vern Paxson). - -- Removal of libedit, since libreadline provides similar functionality - (Christian Kreibich). - -- Added scripts missing from distribution: dce.bro, ncp.bro, and smb.bro - (Vern Paxson). - -- ssh.bro now exports ssh_ports (Seth Hall) - -- A number of improvements to inter-Bro communication (Robin Sommer). - - (1) Remote communication now no longer includes location information for - serialized objects; that removes quite a bit of redundacy from the network - traffic. - - (2) The new option 'remote_check_sync_consistency" disables the cross-check - on the receiving side of &synchronized state of whether the current value - of a variable has the value expected by the sender. Transmitting the - original values in addition to the updates generates quite a bit CPU & - network load in some cases (in particular, a table of tables). The default - for remote_check_sync_consistency is off, and so far that in particular - seems to reduce the proxy's load quite a bit. - - (3) Complete overhaul of the internal caching of serialized objects. The - objective of the caching is avoid retransmitting already sent values over - and over again. It turns out, however, that some objects are very stable - and hardly change or get replaced (e.g., Bro types); while other change - all the time and are hardly reused some time later (e.g., Vals). Now - we maintain *two* caches independently for these types of objects; one - with a low turn-over one and another with a high one. This should reduce - CPU load on both sender and receiver sides. - - The new scheme is only used if both communicating Bros support it; with - older Bros, as well as with Broccoli, we continue using the old scheme. - -- Some reworking of remote printing (Robin Sommer), as follows. Bro now - uses a new interprocess message rather than print_hook events, to better - manage buffering and associated load (these can produce failures depending - on system configuration; see remote.log). A number of timeouts and - buffer sizes have been tuned. Internally, EINTR errors are now treated - separately from EAGAIN. Finally, even with remote_check_sync_consistency=F, - one type of consistency check was still being done; this is no longer - the case. - -- The DNS analyzer now generates events (dns_query_reply/dns_rejected) - for replies with zero questions (Robin Sommer). - -- Perftools support for incompatible changes in the 1.0 API (Robin Sommer). - -- Rearranged (generally reducing, though not always) some state timeouts - associated with scan detection (Robin Sommer). In addition, when a - scanning address crosses ignore_scanners_threshold (meaning that it will - be ignored from now on anyway), it gets discarded from all state-tracking - tables. Finally, the ignore_scanners_threshold now applies all kinds - of scans, not just address scans. - -- Substantial Broccoli updates, including a new initialization requirement - that breaks backward compatibility, support for enqueueing serialized - event data for transmission, and OpenSSL threadsafe initialization. - See aux/broccoli/ChangeLog for details (Christian Kreibich, Robin - Sommer, and Matthias Vallentin). - -- Broccoli hashtable optimisation. See aux/broccoli/ChangeLog for - details (Christian Kreibich & Matthias Vallentin). - -- Broccoli memory leak fixed, see aux/broccoli/ChangeLog for details - (Christian Kreibich). - -- Broccoli: updates to bropipe tool (Steve Chan and Robin Sommer). - -- Bug fixes for Broccoli Python bindings (Robin Sommer and Matthias Vallentin). - -- Fixed nasty bug due to module scoping that completely kept stepping-stone - detection from working (Vern Paxson). - -- A serious bug in the packet sorter has been fixed (Robin Sommer). - -- Bug fix for extra NULs getting embedded in escaped strings (Seth Hall). - -- Bug fix for HTTP messages that use "Connection: close" rather than length - headers, which yielded erroneous reassembled messages with \r\n's when - only \n's were present (Bernhard Ager). - -- Fix for reporting on ICMP flows that are expired from the flow table - (Vern Paxson). Previously there was a race condition if the flow - was flushed prior to its summary timer expiring. - -- The -l option (list the scripts that Bro loads) now correctly prints - scripts loaded by the prefix mechanism, and uses indentation to indicate - the load hierarchy (Robin Sommer). - -- A bug has been fixed (really, worked around) in drop.bro that prevented - dropped addresses from being properly restored (Robin Sommer). - -- Fixes for deadlocking problems in the Broccoli protocol. See - aux/broccoli/ChangeLog for details (Christian Kreibich & Robin Sommer). - -- Bug fix for DNS analyzer on 64-bit machines (Gregor Maier). - -- Bug fix for asynchronous DNS lookups to prevent some successful lookups - being reported as timed out (Robin Sommer). - -- Bug fix for tracking line numbers associated with compound statements - (Po-Ching Lin). - -- Fix for a rare condition in which the main Bro process couldn't kill - its child process (Robin Sommer). - -- Fix for file rotation when the underlying file is deleted before the - timer expires (Robin Sommer). - -- Fix for potential crash when communication connections break down, - and also for releasing cached objects (Robin Sommer). - -- Fix for default table entries computed by function invocation to not - cache previous results (Robin Sommer). - -- Fix for Bro's internal DNS resolution (Scott Campbell and Robin Sommer). - -- Portability fix for DAG packet capture (Gregor Maier). - -- Portability fix for --enable-brov6 (Robin Sommer). - -- Portability fixes for FreeBSD (Vern Paxson). - -- A work around for new_packet() crashing on IPv6 packets (Vern Paxson). - For now, IPv6 packets are skipped. Also, for fragments the event handler - is now only called for the fully reassembled packet. - -- The new configuration option --disable-nbdns supports disabling non-blocking - DNS at configure time (Sean McCreary). Note, there are some known problems - with it in some environments. - -- A number of configuration fixes and enhancements (Christian Kreibich - and Robin Sommer). - -- Consistency nit for the configuration process (Seth Hall). - -- A number of reference-counting and other memory management fixes - (Robin Sommer). - -- Bug fix for inter-Bro communication lockup (Seth Hall and Robin Sommer). - -- Bug fix for computing TCP payload length in new_packet event (Lothar Braun). - -- Bug fix for sending boolean True values via Broccoli (Seth Hall). - -- make distcheck fix to clean up .bif.bro files (Christian Kreibich). - -- Bug fix for DPD's recognition of SSLv2 connections (Seth Hall). - -- Bug fix for &default for tables indexed by subnets (Seth Hall). - -- A bug has been fixed that could crash Bro when you called get_event_peer() - after a remote connection had already disppeared (Robin Sommer). - -- Introduced a work-around for crashes that occur when Bro exits - due to handling a signal (Robin Sommer). - -- Bug fix for checkpoint.bro - don't schedule timers for times that - aren't actually in the future (Robin Sommer). - -- Hostname formatting fix for anon.bro (Fabian Schneider). - -- Bug fix for redundant .log extension in Time Machine log file - (reported by CS Lee). - -- Removed now-outdated special-casing of Linux reporting of packet filter - statistics (Peter Wurzinger and Robin Sommer). - -- A number of memory leaks fixed (Robin Sommer). - -- Addressed warnings from newer versions of g++ (Robin Sommer and Vern Paxson). - -- Fixed an invocation issue in the ca-create script that prevented it from - working with recent OpenSSL versions (Craig Leres & Christian Kreibich). - -- Comment fixed in drop-adapt (Justin Azoff). - -- Duplicate code removed from Val (Seth Hall). - - -1.4 Fri Oct 17 11:08:52 PDT 2008 - -- We are no longer supporting a previous Bro release as the "stable" - version. Rather, the model now is that the current public release will - aim for increasing stability (occasionally updated with fixes), and those - who wish to use a "bleeding-edge" snapshot can do so via access to the - public SVN source code repository, as explained at - - http://bro-ids.org/wiki/index.php/Subversion#Public_Access - - Note that all previous releases remain available from the download page; - what is changing is that we no longer commit to support for the most - recent of these. - -- We have clarified the copyright statement that covers most of the - code to remove the "advertising clause" that derived from older - BSD licenses, and we have removed copyright wording from most source - code files. See COPYING for the current wording and a list of - files that retain their own copyright notices. - -- Bro now supports analyzing NetFlow v5 data, i.e., from Cisco routers - (Bernhard Ager). NetFlow can be useful for intrusion detection as it - allows analysis of traffic from many different points in the network. - Bro can now read NetFlow data from a UDP socket, as well as (mostly - for debugging purposes) from a file in a specialized format. You can - create these files with the programs given in aux/nftools. - - Command line switches: - - -Y|--netflow :[=] | read flow from socket - - This is the usual way of getting NetFlow data into Bro by - opening a UDP socket on : and reading all incoming - packets. Setting the to 0.0.0.0 should work on most - platforms. Optionally you may set an identifier for the - source - useful if there are many different sources you want - to analyze in parallel. This might also be necessary if you - want to use this feature with a clustered Bro. - - Examples: - bro -Y 0.0.0.0:5555 netflow - bro -i eth0 -Y 10.0.0.1:1234=src1 brolite netflow - - -y|--flowfile [=] - - Used to read from a file. You can optionally include an - identifier for the source. - - Examples: - bro -y myflowfile netflow - bro -y myflowfile=src1 otherflowfile=src2 netflow - - Netflow Events: - - event netflow_v5_header(h: nf_v5_header) - - Generated upon reading a new NetFlow PDU, as summarized in the - argument. The field h_id gives the flow source identifier and - a serial number. You can use this field to associate subsequent - netflow_v5_record events with their header. - - event netflow_v5_record (r: nf_v5_record) - - Every record within a NFv5 PDU generates a corresponding - netflow_v5_record() event. The relatively complex timestamp - format of NFv5 is already converted to Bro's time type, and - the TCP header flags are separated into bools. - - The distribution includes an example analysis script, netflow.bro. - It simply dumps received NetFlow records. If netflow_restitch is T - (the default), then Bro performs flow restitching as well, and two - script variables become relevant: - - global netflow_finished_conn_expire = 310 sec &redef; - - specifies how long to wait for additional flow records after - a RST or FIN for - - const netflow_table_expire = 31 min; - - Its setting only affects table declarations, and therefore - cannot be usefully redef'd. - - Auxiliary programs: - - Bro uses a custom format for flow data stored in files, - to enable preserving timestamps of the PDU arrivals and the - exporter's IP address. The tools nfcollector and ftwire2bro - in aux/nftools/ provide ways to manipulate the Bro NF file - format. The first dumps NetFlow data from a UDP socket to - stdout or to a file in Bro format. The second converts NetFlow - data in "wire" format to Bro format, and, while doing so, - fakes up the exporter's IP address and timestamp. You can get - "wire" format from normal flow-tools files, e.g., by using - 'flow-export -f 4'. Please note that the Bro format is just - a hack to allow for easier debugging. Therefore the format - is not in fact platform independent, and not suitable for data - storage. - -- A new DHCP analyzer generates the following events (Po-Ching Lin): - - event dhcp_discover(c: connection, msg: dhcp_msg, req_addr: addr) - event dhcp_offer(c: connection, msg: dhcp_msg, mask: addr, - event dhcp_request(c: connection, msg: dhcp_msg, - event dhcp_decline(c: connection, msg: dhcp_msg) - event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, - event dhcp_nak(c: connection, msg: dhcp_msg) - event dhcp_release(c: connection, msg: dhcp_msg) - event dhcp_inform(c: connection, msg: dhcp_msg) - - where dhcp_msg values look like: - - type dhcp_msg: record { - op: count; # 1 = BOOTREQUEST, 2 = BOOTREPLY - m_type: count; # the type of DHCP message - xid: count; # transaction ID of a DHCP session - h_addr: string; # hardware address of the client - ciaddr: addr; # original IP address of the client - yiaddr: addr; # IP address assigned to the client - }; - - See dhcp.bro for the corresponding analysis script (which could - probably use some refinements). - - Note, this analyzer is implemented using BinPAC, so you will need - to specify --use-binpac to activate it. - -- A BitTorrent analyzer is now available (Nadi Sarrar). See the policy - scripts bittorrent.bro and bt-tracker.bro for the events generated for - analyzing transfers and tracker dialogs, respectively. - -- The "Bro Lite" configuration is now deprecated and will not in - general be supported (Robin Sommer & Vern Paxson). - -- "make install" now only installs a core set of files (Robin Sommer). - Policy files are now installed in /share/bro/* (or whatever - configure determines $datadir to be), which is now in Bro's default - search path. It creates a directory /share/bro/site for local - policy files, and the default BROPATH is extended to include this. The - default path no longer includes policy/local. You can install the - additional files used by the (now deprecated) "Bro Lite" configuration - using "make install-brolite". - -- Substantial updates to Broccoli, including support for container - types (tables and sets) as well as a new metadata structure for event - callbacks, facilitating truly generic event handler implementations - (Christian Kreibich, Seth Hall and Robin Sommer). See aux/broccoli/ChangeLog - for details. - -- Extensive changes to allow Bro to process packets captured in the - past intermingled with those captured in real-time (Matthias Vallentin - and Robin Sommer). This operation reflects combining Bro with use of - "Time Machine" functionality for packet capture. - -- We have unfortunately had to disable support for configuring Bro - to use ClamAV, since it turns out that the key interface we need - for processing blocks of memory directly rather than whole files - is no longer supported by the package, and in fact was buggy even - when it was (Robin Sommer). - -- The new signature option "http-body //" matches - on the body data of HTTP entities (Robin Sommer). The matching is - done after decompressing the body, if necessary. - -- The new built-in function identify_data(data: string, return_mime: bool) - analyzes the string "data" and returns its type according to libmagic, - if installed (Seth Hall). The second argument controls whether it should - be returned as a MIME-type or just an identifying string. For example, - identify_data("MZpofigu", F) returns the string "MS-DOS executable", and - print identify_data("MZpofigu", T) returns "application/x-dosexec". - -- The new analysis script http-identified-files.bro identifies the - type of items returned by Web servers using libMagic (if available) - and generates notices for interesting types and mismatches between - URLs and types (Seth Hall). - - You configure it using two variables. watched_mime_types is a pattern - (default /application\/x-dosexec/ | /application\/x-executable/ ) for - which any MIME type matching the pattern generates a HTTP_WatchedMIMEType - notice. - - mime_types_extensions is a table mapping strings to patterns specifying - how URLs for the given MIME type should appear. (Ideally, this would - be a table mapping patterns to patterns, but Bro doesn't currently support - that.) It defaults to: - - ["application/x-dosexec"] = /\.([eE][xX][eE]|[dD][lL][lL])/ - - i.e., do Windows executables end in .exe or .dll. - - You can also redef the pattern ignored_urls to specify URLs that should - not generate complaints. It defaults to matching Windows Update. - -- The new script http-extract-items.bro extracts the items from HTTP - traffic into individual files (Vern Paxson). Files are named: - - .._._. - - where is a redef'able prefix (default: "http-item"), is a - number uniquely identifying the item, the next four are describe the - connection tuple, and is "orig" if the item was transferred - from the originator to the responder, "resp" otherwise. - -- The workings of how Bro interfaces to external programs for dropping/ - restoring connectivity of misbehaving hosts has been significantly - reworked (Brian Tierney and Robin Sommer). - - First, dropping decisions used to be made directly by analyzer scripts, - such as scan.bro directly calling drop_address(). Now instead the - scripts generate Notices and then the notice policy can have an - action of NOTICE_DROP to codify that the response to the given Notice - is to drop the source. The new notice_action_filter of drop_source - drops the source of notices, and drop_source_and_terminate both - drops the source and terminates the corresponding connection. - - So, to drop all sources triggering a specific notice, one can now, e.g., - write: - - redef notice_action_filters += { [Hot::SSH_Overflow] = drop_source }; - - Related to this change, notice_info has a new field $dropped, set to - true if the Notice triggered a (successful) drop. - - Second, by redef'ing Drop::use_catch_release to T (default F) you can - activate "catch-and-release" logic. You use this mode when you need to - manage a limited number of possible blocks, or to build in automatic - "forgiveness" in situations where blocked sources might become benign - (such as due to dynamic IP addresses). If a source has been idle for - Drop::drop_time, then it is unblocked. However, if it is again seen as - block-worthy, then it is blocked for an interval of Drop::long_drop_time. - - Third, ICMP scanning is now reported by its own notice, ICMPAddressScan, - rather than Scan::AddressScan. - -- Google's perftools have replaced mpatrol for leak-checking and - heap-profiling (Robin Sommer). If Bro is compiled with --enable-perftools - and configure finds the perftools, there are two command-line options - available: - - -m turns on leak checking of the main packet loop, with some - uninteresting leaks are suppressed. Currently, with one - exception (the RPC analyzer; problem not yet found), it reports - no leaks when running the test suite. - - -M turns on heap profiling: Bro will take a snapshot of the heap - before starting the main packet loop and another one when - finished. These snapshots can then be analyzed with pprof. - - For more information about the perftools see - - http://code.google.com/p/google-perftools - -- Notice tags are now generated in a pseudo-unique fashion that, with high - probability, ensures that tags generated by separate Bro processes don't - clash when logged to a common location, such as for a Bro cluster (Robin - Sommer). Tags are now string's rather than count's, and are associated - with all notices, not just that are connection-related. You can however - redef the string notice_tag_prefix or the function new_notice_tag to - further control how such tags are generated. - -- Four new built-ins for type conversion (Robin Sommer): - - function double_to_interval(d: double): interval - function addr_to_count(a: addr): count - function port_to_count(p: port): count - function count_to_port(c: count, t: transport_proto): port - -- Many policy scripts have been modified to use modules & scoping - (Robin Sommer and Matthias Vallentin), which may require updates to - existing scripts/refinements. - -- The new script variable dpd_conn_logs (default F), if true, changes the - semantics of the service field in connection logs written to conn.log, - as follows (Robin Sommer). It becomes a comma-separated list of analyzers - confirmed by DPD to parse the connection's payload. If no analyzer could - confirm its protocol, but the connection uses a well-known port, the - service is the name of the port with "?" appended (e.g., "http?"), as - long as the corresponding analyzer has not declined the connection. - In addition, ftp-data sessions are labeled "ftp-data" and portmapper - connections are labeled with the specific method-call (just as before). - - dpd_conn_logs defaults to F because the change in semantics may break - scripts that parse conn.logs; but it will likely change to the default - in the future. With dpd_conn_logs turned off, conn logs are generated - as they used to be, with a few rare exceptions (with previous versions, - the service field was sometimes determined while the connection was still - alive; now it's always determined at the time when the conn.log entry - is written out). - -- The SSL analyzer has been rewritten using BinPAC, with a number of - robustness improvements (Tobias Kiesling). It currently is only used - if you execute with --use-binpac. - -- Python bindings for Broccoli are now available in - aux/broccoli/bindings/python/ (Robin Sommer). See README/README.html - in that director for details. - -- The new "auth" option in remote.bro indicates whether a given side is - considered "authoritative" for shared state, in which case it sends its - initial state to &sync'ed peers (Robin Sommer). When two peers synchronize - their state, one side sends its current set of state to the other as - soon as the remote connection is established. The one sending the state - used to be the one who has been running longer; now it can also be - explicitly set via the "auth" flag in the Remote::Destination. - -- Two new tuning parameters for scan.bro (Robin Sommer): - - ignore_scanners_threshold (default 0): - - If a host has scanned more than this many hosts, it is completely - excluded from further scan detection. 0 disables. - - addr_scan_trigger (default 0): - - A host is only tracked for address scanning once it has contacted - this many different hosts. Primarily intended for using a two-stage - scan detection with a Bro cluster: first, each node searches locally - for scanners by looking for hosts contacting more than - addr_scan_trigger destinations. Those hosts which do are then - globally tracked throughout the cluster by &synchronizing the scan - detector tables. - -- When Bro serializes functions, it now does so by default using only - their name, rather than their full value (Robin Sommer). This prevents - propagation of expiration functions associated with tables and sets. - Note, currently there is no mechanism provided to switch from the - default behavior, but the internal hooks are in place to do so. - -- The new built-in variable trace_output_file gives the name of the -w - output trace file (Robin Sommer). - -- Bro no longer installs new file rotation timers when shutting down - (Robin Sommer). - -- The new policy scripts remote-print-id{,-reply}.bro support convenient - access to printing the identifiers of a remote Bro (Robin Sommer). - You use the script remote-print-id.bro to request and receive the - printing; the remote Bro must have loaded remote-print-id-reply.bro - in order to process the request. - - Example use: - - bro -e 'redef PrintID::dst="" PrintID::id=""' - remote-print-id - -- scan.bro has been heavily modified to better support distributed scan - analysis (Matthias Vallentin and Robin Sommer). - -- The check for unused event handlers is now turned off by default - (Robin Sommer). To enable, use "redef check_for_unused_event_handlers = T". - -- The new script drop.bro has been split off from scan.bro to isolate - the logic concerning dropping addresses to block scans (Robin Sommer). - -- The new -l flag lists each script as it is loaded (Robin Sommer). - -- Textual descriptions of identifiers now include their attributes - (Robin Sommer). - -- The new predefined function prefixed_id() returns a session identifier with - its peer-ID prepended if it's associated with a remote Bro (Robin Sommer). - This is now used when generating writing log files. - -- remote.bro now assigns a priority of -10 to its bro_init() event handler - to allow others a chance to modify destinations (Robin Sommer). - -- A large number of BinPAC updates (Ruoming Pang and Robin Sommer). - -- The new built-in type_name(v): string returns the name of the type - of the value v (Vern Paxson). For example, "typename(5.2)" returns - "double". This function is mainly for internal debugging (i.e., - finding mismatches between values generated by the event engine - versus how their type is expected by the script layer). - -- The new built-in str_shell_escape() does some basic escaping on strings - that will be passed to system() (Christian Kreibich). Note, this function - isn't ready (robust enough) for routine use, however. - -- The new built-in disable_print_hook(file) acts the same as - the attribute &disable_print_hook (Robin Sommer). - -- The new script terminate-connection.bro factors out the terminate_connection() - functionality that used to be in conn.bro (Robin Sommer). - -- The new attribute &group= can be associated with event handlers - to group them together into a set that can be manipulated as a whole - (Robin Sommer). is a string reflecting the name given to the group. - - The built-in enable_event_group(group: string) turns on all the analyzers - in a given group, and disable_event_group(group: string) deactivates them. - -- The new attribute &raw_output applies to variables of type file, disabling - escaping of non-printable characters (Seth Hall). - -- You can now iterate over the characters in a string value using - a "for" loop, e.g., "for ( c in str ) ..." (Robin Sommer). - -- The new built-in - - function cat_sep%(sep: string, def: string, ...%): string - - works similarly to cat(), except that it (a) separates the values - by "sep" and (b) substitutes "def" for empty strings (Seth Hall). - -- The function string_escape() now takes a string of characters to escape - rather than a single character (Robin Sommer). Each character in the - string is preceded by '\' in the return value (also any embedded '\'s, - as before). - -- The new built-in function global_ids() returns a table of all global - identifiers along with associated information (Robin Sommer). The - return value has type table[string] of script_id, indexed by the name - of the identifier and yielding records with the following fields: - - type script_id: record { - type_name: string; - exported: bool; - constant: bool; - enum_constant: bool; - redefinable: bool; - value: any &optional; - }; - -- The new script function find_last(str: string, re: pattern) returns - the last occurrence of the given pattern in the given string, or - an empty string if no match (Robin Sommer). Note that this function - returns the match that starts at the largest index in the string, which - is not necessarily the longest match. For example, a pattern of /.*/ - will return just the final character in the string. - -- The new script variable record_all_packets, if redef'd to T (default F), - instructs Bro to record every packet it processes (Robin Sommer). - Prior to introducing this variable, Bro applied a few heuristics to - reduce recording volume. Setting this variable also causes packets - to be recorded very early in processing, which can be helpful for - debugging crashes. - -- If the new script flag ssl_log_ciphers is set to T (default), ssl.bro - logs the ciphers seen (Robin Sommer). - -- Much more expanded Time Machine support, now located in - policy/time-machine/ (Robin Sommer), - -- The new command line option --status-file (alias -U) specifies - the name of a file into which Bro will write an indicator of its current - processing status (Robin Sommer). Possible values include "INITIALIZING", - "RUNNING", "TERMINATING", "TERMINATED". - -- The new policy script targeted-scan.bro looks for repeated access from - the same source to the same server, to detect things like SSH - password-guessing attacks (Jim Mellander). - -- The "alternative" style for printing strings (i.e., a fmt() argument - of "%As") now renders the raw string, other than escape-expanding - embedded NULs (Vern Paxson). This change may be temporary, pending - development of more fine-grained control over string rendering. - -- For now we have removed the %S functionality for fmt() (Robin Sommer). - %S was meant to print "raw" strings, but later processing of such - printing still introduces artifacts. - -- GeoIP information now includes latitude and longitude (Seth Hall). - -- ssh.bro now supports the variable skip_processing_after_handshake - which directs the event engine to omit any further processing of an - SSH connection after its initial handshake (Seth Hall and Robin Sommer). - This can help with performance for large file transfers but precludes - some kinds of analyses (e.g., tracking connection size). This change - also adds a scope of "SSH". - -- Email notification of notices now allows for separate destinations - depending on notice type (in particular, a regular mail destination - versus a pager destination), and also escapes the notice to prevent - injection attacks (Seth Hall and Robin Sommer). - -- The new policy script conn-flood.bro is a simple connection-flooding - detector, mainly meant as a demonstration (Robin Sommer). - -- A large number of additions to the TLS/SSL known-ciphers suite (Seth Hall). - -- Serialization now uses 64-bit IDs to cache items rather than 32-bit, - for robustness during long-running execution (Robin Sommer). - -- The new script variable tcp_max_initial_window specifies, for flows - for which ACKs have never been seen, the maximum volume of initial - data after which Bro will assume that it is seeing only one side - of the connection and will not buffer data for consistency checking - awaiting the later arrival of ACKs (Robin Sommer). It defaults to 4 KB. - (Note, this used to be an internal value, so the behavior is not new.) - Set to 0 to turn off this functionality and have Bro attempt to - track all such flows. - -- The new script variable tcp_max_above_hole_without_any_acks specifies, - for flows for which ACKs have never been seen, the maximum volume of - data above a sequence hole that Bro will tolerate for a connection - before giving up on tracking the flow (Robin Sommer). It defaults to 4 KB. - (Note, this differs from tcp_max_initial_window in that this threshold - applies to sequence holes rather than the beginning of flows. Like - tcp_max_initial_window this used to be an internal value.) Set to 0 to - turn off this functionality. - -- The new script variable tcp_excessive_data_without_further_acks specifies - a threshold similar to tcp_max_above_hole_without_any_acks, but for - flows for which Bro has seen ACKs (Robin Sommer). It defaults to 10 MB. - Set to 0 to turn off the functionality. - -- Equal signs ("=") in text for notices are now escaped when using the - tagged format to keep them unambiguous from the "=" delimiters - (Robin Sommer). - -- The final tallies for notices are now processed as NoticeTally - NOTICE's rather than directly alarm'd (Robin Sommer). - -- WeirdActivity notices now include an associated connection when appropriate - (Robin Sommer). - -- Support for large (> 2^32 bytes) pcap trace files (Po-Ching Lin). - -- Scoped names ("...::...") are now allowed in signature "eval" - constructs (Christian Kreibich). - -- scan.bro is now decoupled from conn.bro, i.e., you can @load the - latter without getting the former (Vern Paxson). As part of this - change, the logic to invoke TRW is now in scan.bro. - -- weird.bro has been updated with a number of missing Weird's (Vern Paxson). - -- If when using inter-Bro communication the child Bro process terminates, - it now also terminates the parent process (Robin Sommer). - -- BinPAC analyzers now interoperate with DPD (Robin Sommer). - -- Some http.bro processing options are now exported so they can be - accessed in other scripts (Robin Sommer). - -- SMTP analysis now applies to port 587/tcp as well as 25/tcp (Robin Sommer). - -- $conn is now set in ServerFound notices (Robin Sommer). - -- You can now create empty sets and tables using set() and table(), - i.e., the usual set/table constructors with no arguments (Vern Paxson). - By themselves, these have an unspecified type - you can't use them - directly other than to assign them. For example, - - local bad_guys: set[addr]; - ... - bad_guys = set(); # start over assuming no bad guys - -- A number of scripts have been (slightly) simplified to use the - new empty set()/table() constructors (Vern Paxson). Note that - these still aren't usable for field assignments in record constructors, - nor for attributes like &default = ... - -- Removed unused syntax for declaring sets based on a list of initial - values (Vern Paxson). - -- set() and table() can now be used as arguments to function calls - (Vern Paxson). - -- The vestigial &match attribute has been removed. - -- POP3 is now recognized using Dynamic Protocol Detection (Seth Hall). - -- The new event expected_connection_seen(c: connection, a: AnalyzerTag) - is generated whenever a connection is seen for which we have previously - scheduled an analyzer via expect_connection() (Robin Sommer). - -- The new built-in capture_state_updates logs all changes applied to - &synchronized variables, in a fashion similar to the capture_events() - built-in (Robin Sommer). An accompanying policy script, - capture-state-updates.bro, turns this on to the file state-updates.bst. - -- If the new script variable suppress_local_output is set (default: F), - Bro suppresses printing to local files if there's a receiver for - print_hook events (Robin Sommer). This option is however ignored - for files with a &disable_print_hook attribute. - -- The new notice action filter function file_if_remote specifies - that notices from sent from remote source addresses should - have an action NOTICE_FILE (Robin Sommer). - -- The new notice action filter function file_local_bro_notices specifies - that notices generated by the local Bro instance (as opposed to a - remote peer) should have an action NOTICE_FILE (Robin Sommer). - -- An arbitrary tag can now be past to post-processors for log rotation - (Robin Sommer). - -- Default inactivity timeouts for interactive services shortened to - 1 hour (Robin Sommer). - -- The scanning variables distinct_{peers,ports,low_ports} are now - redef'able (Robin Sommer). - -- The new -S (--summary-only) option for site-report.pl directs to - only generate connection summaries (Brian Tierney) - -- More useful default config file for edit-brorule.pl (Brian Tierney). - -- Bro now includes a test suite in testing/istate/ for its "independent - state" functionality (Robin Sommer). - -- Support for parallel builds via make -j (Christian Kreibich). - -- Bro's default search path now includes includes policy/sigs/ and - policy/time-machine/ (Robin Sommer). - -- Bro's internal processing of interprocess communication has been - significantly overhauled to prevent potentially fatal race conditions - (Robin Sommer). - -- Bro now checks calls to fmt() at compile-time to ensure that the - correct number of arguments are present (Vern Paxson). This is useful - in addition to Bro's run-time checking for arguments matching their - corresponding format-specifiers in the case of rarely-executed statements - that might not generate such run-time checks in routine testing. - -- The ports associated with Telnet and Rlogin are now redef'able (Robin Sommer). - -- MIME processing now removes leading whitespace from MIME headers - (Sanmeet Bhatia and Robin Sommer). - -- TCP "weird" events reported by the connection compressor now match - (other than a few rare corner-cases) those produced for normal TCP - processing (rmkml and Robin Sommer). - -- Added Scan::suppress_UDP_scan_checks to control false positives - on scan detection in environments with P2P protocols that use UDP - (Vern Paxson). - -- The internal analyzer interface now includes an EndOfData() method that - analyzers can use to report that all of a message has been delivered - (Robin Sommer). - -- Fix for a significant memory leak in processing UDP when using -w - (Robin Sommer). Note: this change turns off by default trace rewriting - for generic UDP traffic. - -- Two serious regular expression bugs fixed (Vern Paxson). In the - first, searching for a regular expression inside a string would - fail if the pattern occurred only after an embedded newline. In - the second, insufficient buffer was allocated when compiling regular - expressions, leading to memory corruption. - -- Base64 decoding bug fixes (Christian Kreibich and Ruoming Pang). - -- Automatic rotation of files is now disabled for contents files written - by the TCP reassembler, which otherwise leads to mangled files - (Robin Sommer). - -- Bro now ships with an updated version of libpcap (0.9.8), which hopefully - fixes problems managing trace files > 4 GB in size. - -- Significant bug fixes for gzip- and deflate-encoded Web items (Robin Sommer). - -- Bug fix for secondary-filter.bro (Vern Paxson). - -- Removed a naming ambiguity regarding TCP states (Vern Paxson). - -- Bug fix for signature scanner not matching all of its input (Vern Paxson). - -- Bug fix for using port values in signatures (Robin Sommer). - -- Minor policy script tweaks: state management for weird's, processing - of Notice tags associated with connections, and dependencies for - irc-bot.bro (Robin Sommer). - -- aux/ portability fixes (Vern Paxson). - -- Workarounds added for a BinPAC deficiency, which is that code in %cleanup - clauses can also be executed during recovery from exceptions when parsing - new data. This means that any delete's or Unref()'s need to also set the - corresponding pointer to nil (Vern Paxson). - -- Bug fix for crashes with the non-BinPAC SSL analyzer (Robin Sommer). - -- Tweak to peer-status.bro since Bro now requires events to be - declared prior to reference in a "schedule" statement (Robin Sommer). - -- The signature keyword "enable" now optionally accepts the syntax - "foo:bar" to specify "activate analyzer bar as a child of analyzer foo" - (Robin Sommer). This is used for example for an XML-over-HTTP analyzer - that's in the works. - -- irc-bot-syslog.bro now uses open_log_file() for its log file (including - the logging suffix) rather than a direct open (Vern Paxson). - -- Bug fix for tracking Blaster across a Bro Cluster (Robin Sommer). - -- Bug fix for the HTTP BinPAC analyzer chopping the trailing character - off of HTTP headers when generating the http_all_headers event (Gregor Maier). - -- Bug fix for HTTP chunked items for which the chunk size line was terminated - by CRLF but the CR and LF came in separate packets (Gregor Maier). - -- A bug has been fixed that would cause partial lines (for line-oriented - protocols) to fail to be processed when a connection terminated - (Robin Sommer). - -- Bro no longer treats a signal arriving before a previous signal has - been processed as fatal, nor does it attempt processing of a termination - signal if seemingly there are no race conditions to worry about - (Robin Sommer). Both of these changes are an attempt to improve - Bro's robustness. - -- Fix for attributes such as &encrypt not working in initial declarations - but only in later redef's (Seth Hall and Robin Sommer). - -- Fixes for memory leaks in SSL processing (Seth Hall and Robin Sommer). - -- Fix for POP3 analyzer to not treat lines like "." as message - terminators (Robin Sommer). - -- Bug fix for crashes arising from nil pointers in list expressions - (Seth Hall and Robin Sommer). - -- Bug fix: a signature's "enable" would activate the corresponding analyzer - even if no event handlers were defined for it (Robin Sommer). - -- Bug fixes to prevent crashes when mixing set_contents_file() with - subsequent explicit close(), and to ensure all data written to - file upon connection tear-down (Gert Doering and Robin Sommer). - -- Configuration support for MacPorts and Fink package management systems - (Christian Kreibich & Vern Paxson). - -- Communication-only Bro's now send out email alarms (Robin Sommer). - -- Writes to a file that fail due are now run-time errors rather than - fatal internal errors, since often these occur due to the disk - being full (Robin Sommer). - -- Byte-order bug fix for lookup_location() (Robin Sommer). - -- BinPAC portability fix for 64-bit machines (Bernhard Ager and Robin Sommer). - -- Portability fixes for newer versions of gcc (Jan Gerrit Goebel and - Robin Sommer). - -- Some support for porting to Solaris (Stephan Toggweiler). - -- Connection compressor bug fix for source and destination having the - same IP address, such as when monitoring loopback (Robin Sommer). - -- Connection compressor bug fix for connections with multiple SYNs - (Robin Sommer). - -- Bug fix for using already-declared local variables for looping - over vectors in a "for" loop (Robin Sommer & Vern Paxson). - -- Bug fix for not processing truncated UDP packets (Tom Kho and Robin Sommer). - -- Bounds-check added to BinPAC-generated code (Tom Kho and Robin Sommer). - -- Bug fix for checking whether an IPv6 address is part of a subnet - (Seth Hall). - -- Bug fixes for crashes relating to asynchronous DNS lookups performed - at start-up (Robin Sommer). These changes also lowered the timeout - before assuming failure from 20 seconds down to 5 seconds. - -- Portability and const-ness fixes (Kevin Lo and Robin Sommer). - -- Suppression of some content-gap complaints when running on traces - that have been filtered down to only TCP control packets (Robin Sommer). - -- Removed unnecessary dependency in notice-action-filters.bro - that led to errors when loading icmp.bro by itself (Vern Paxson). - -- Bug fix for potential infinite loop in client communiation (Robin Sommer). - -- Bug fix in reference counting that could eventually lead to roll-over - (Robin Sommer). - -- Bug fix in communication initialization (Robin Sommer). - -- Internal documentation fix: timers are specified using absolute time, - not relative (Robin Sommer). - -- Performance improvement for built-in find_all() function when running - on large strings (Robin Sommer). - -- Memory leak fixes (Robin Sommer, Bernhard Ager, Christian Kreibich). - -- Bug fix for error recovery when encountering an unknown link layer - (Bernhard Ager). - -- Bug fix for reversing client & server in a connection (Po-Ching Lin). - -- Bug fix for packet_contents when capture length exceeds the IP payload - length due to Ethernet frame padding (Christian Kreibich). - -- Bug fix for tcp_packet event erroneously including Ethernet padding - in its contents (Vern Paxson). - -- Bug fix for lookup_connection built-in (Seth Hall). - -- Portability nit for libedit tarball (Vern Paxson). - -- Broccoli portability fix for NetBSD (Christoph Leuzinger). - -- Type-checking for script-level event invocation was completedly broken - - now fixed (Vern Paxson). - -- Portability fixes for different versions of g++/STL (Nicholas Weaver - and Vern Paxson). - -- Fix for dynamic detection of SSL via DPD (Robin Sommer). - -- IPv6 portability fix for BinPAC-based DNS analyzer (Vern Paxson). - Note, more portability work is needed for it. - -- Bug fix for bifcl error messages (Vern Paxson). - -- Minor bug fix for remote communication, plus some improved communication - logging (Robin Sommer). - -- Bug fix for &printhook (Robin Sommer). - -- Bug fix for error message output (Robin Sommer). - -- Bug fix for termination cleanup (Robin Sommer). - -- Bug fix for some Rlogin corner cases (Robin Sommer & Vern Paxson). - -- Bug fix for bifcl generation of "interval" types (Vern Paxson). - -- Bug fix for getting connection memory statistics when Bro is - exiting (Robin Sommer). - -- Config fix: --enable-debug now turns off -O2 for gcc (Robin Sommer). - -- Bug fixes for "heavy" analysis (Vern Paxson). - -- Broccoli bug fixes for types net and port (Robin Sommer). - -- Bug fixes for Telnet environment options (Robin Sommer). - -- Bug fix for accessing remote peer description (Robin Sommer). - -- A fix for the connection compressor generating new_connection too - late (Robin Sommer). - -- Fixes for DAG support, including configuration and multiple - interfaces (Robin Sommer). - -- Bug fix for serializing time-stamps of table entries (Robin Sommer). - -- Bug fix for dealing with peer IDs for remote communication (Robin Sommer). - -- Bug fix to avoid installing timers when timers have already - been canceled (Robin Sommer). - -- Bug fix for interplay between serializing connections and - connection compressor (Robin Sommer). - -- Memory leak fix for enum's (Robin Sommer). - -- Bug fix for files being closed prior to bro_done() (Vern Paxson). - -- aux/broccoli/contrib was not included in distribution (Robin Sommer). - -- Auto-configuration bug fix for BinPAC (Craig Leres). - -- Bug fix for dynamic protocol detection (Robin Sommer). - -- A number of configuration fixes for installation and portability - (Christian Kreibich, Brian Tierney, Robin Sommer, Dan Kopecek). - - -1.3 Mon Jul 16 22:11:00 PDT 2007 - -- The Bro manual has been wikified at: - - http://www.bro-ids.org/wiki/index.php/User_Manual - - and this is the format in which it will evolve in the future - (Christian Kreibich). - -- Much more extensive support for SMB, NetBIOS and NCP (Chris Grier). - -- The new attribute &priority=n defines the order of execution for handlers - of the same event (Robin Sommer). Handlers with higher priority are - executed first. n is an integer expression that must evaluate to a - constant when the script is loaded. - - Example: - > cat foo.bro - event bro_init() &priority = -5 { print -5; } - event bro_init() &priority = 5 { print 5; } - event bro_init() { print 0; } # default priority=0 - > ./bro foo.bro - 5 - 0 - -5 - - The connection_state_remove() handler in conn.bro now has priority - -10 and therefore executes after all other handlers for this event. - This fixes a long-standing problem of sometimes $addl fields not showing - up in connection summaries. - -- The new expressions record(...), table(...), set(...) and vector(...) - are constructors for the corresponding aggregate types (Vern Paxson). - For example, - - record($foo = "hi", $bar = -6) - - is the same as the existing constructor - - [$foo = "hi", $bar = -6] - - For tables, sets, and vectors, the "..." values within the ()'s have - the same syntax as those that you can list in variable initializations. - For example, - - table([1, T] = "black", [4, F] = "red") - - returns a table of type "table[count, bool] of string". - - set(4, 3, -1) - - is a value of type "set[int]". - -- You can associate attributes with table() and set() constructors - (Robin Sommer). For example: - - local s = set(1.2.3.4) &read_expire = 5 secs; - - associates a 5-second read expiration with the set assigned to s. - -- Bro now explicitly supports port numbers reflecting a transport protocol - type of "unknown" (Christian Kreibich). Currently, this means "not TCP, - UDP or ICMP". The numerical value of such a port is the IP protocol, - so ranges from 0..255. For example: - - global p: port = 0/unknown; - - print fmt("%s", p); - print fmt("p is TCP? %s", get_port_transport_proto(p) == tcp); - print fmt("p is unknown? %s", - get_port_transport_proto(p) == unknown_transport); - - yields - - 0/unknown - p is TCP? F - p is unknown? T - - In comparisons of different protocol types, the following holds: - unknown < TCP < UDP < ICMP. - -- If your system supports "GeoIP" (see http://www.maxmind.com/app/geolitecity - for a corresponding city database), then the new script function - - lookup_location(a: addr): geo_location - - returns a record of geographic information associated with an address - (Seth Hall). The geo_location record has $country_code, $region and - $city fields. If no information is available, each of these will be - set to empty strings. - - If Bro hasn't been configured with GeoIP support, or if the address is - IPv6 that cannot be directly converted to IPv4, then Bro produces a - run-time error and likewise returns empty strings. - -- Signature-matching on HTTP components now processes the URI with - escape sequences expanded (Robin Sommer). Ideally, there would be - two signature keywords, one for decoded URIs (corresponding to this - case) and one that allows matching against the URI as originally - transmitted. - -- The connection compressor is no longer considered experimental, and - is used by default (Robin Sommer). - -- The new function lookup_hostname(host: string): addr_set asychronously - looks up the IPv4 address(es) of the given host via DNS (Robin Sommer). - Like lookup_addr(), this function can only be used within a "when" - statement. - -- The new built-in - - raw_bytes_to_v4_addr(s: string): addr - - takes a string that points to at least 4 bytes, and returns an address - corresponding to interpreting these as being an IPv4 address in network - order (Vern Paxson; suggested by Mike Dopheide). - -- Trace-rewriting support for DNS, SMB (Chris Grier). - -- The new script function find_all(str: string, re: pattern): string_set - returns a string_set giving all occurrences of the pattern "re" in - the string "str" (Robin Sommer). (Note that string_set's are unordered.) - -- The new policy script save-peer-status.bro generates a log - to peer_status.$BRO_LOG_SUFFIX of updates received from - communication peers (Robin Sommer). - -- The policy script print-filter.bro now includes two (scoped) variables, - terminate_bro and to_file, which control whether to exit after printing - the filter (default T) and whether to write to the log file - pcap_filter.$BRO_LOG_SUFFIX or (default) to stdout (Robin Sommer). - -- The new script variable check_for_unused_event_handlers controls whether - Bro checks for unused event handlers (Robin Sommer). It defaults to T, - which was the past behavior (always report). - -- Bro now terminates if the only pending activity is future timers - (Robin Sommer). It used to wait for those timers to expire, but this - can cause fundamental problems if the timers are associated with table - management (since these might never completely drain). - -- Tables and sets inside of records are now initialized to empty - values rather than uninitialized (Vern Paxson). - -- A new variable allow_services_from (in hot.bro) complements the - existing allow_service_to variable (Brian Tierney). It specifies - that access to the given service from the given originator is - allowed. - -- global_sizes() no longer reports internal variables (Robin Sommer). - -- The IRC analyzer is now activated if any of the (many) IRC event - handlers are defined (Robin Sommer). - -- The default value for tcp_close_delay is now 5 sec rather than 0 sec - (Robin Sommer). This prevents some spurious connection events. - -- Improved logic for dealing with "reversed" connections such - as backscatter (Vern Paxson). - -- You can now left-justify fields when using fmt() with "%-" like - in sprintf (Christian Kreibich). - -- Updates to DNS query types (Larry Leviton). - -- Added mechanism to http-header.bro to skip printing some HTTP headers - (Larry Leviton). - -- The IrcHotWord notice now sets the associated connection (Robin Sommer). - -- If a notice has a tag, it's no longer overridden (Robin Sommer). - -- ServerFound notices now set the port field (Robin Sommer). - -- The built-in lookup_ID() now returns the string "" if the - ID does not exist, rather than a run-time error (Robin Sommer). - -- The new tuning option ProtocolDetector::suppress_servers specifies a - set of analyzers for which Bro generates ServerFound notices, but not - ProtocolFound (Robin Sommer). This both reduces log file size and - conserves memory. - -- A new notice_action_filter, tally_notice_type_and_ignore, works the same - as tally_notice_type but returns IGNORE (Robin Sommer) - -- Setting summary_interval == 0 disables the creation of irc-bots.summary.log - (Robin Sommer). - -- If you @load foo and a directory "foo" is in your path, Bro no longer - tries to load it (Robin Sommer). - -- A number of BinPAC fixes and enhancements (Ruoming Pang, Chris Grier - and Vern Paxson). - -- BinPAC now resides in aux/binpac rather than src/binpac (Ruoming Pang - and Christian Kreibich). This reflects a decoupling of it from Bro so - that it can be used to generate protocol analyzers for other projects too. - -- Removed example Inktomi entries from skip_scan_sources initialization, - since they no longer exist (Vern Paxson). - -- The variable make notice_once_per_orig_tally_interval is now - redef'able (Brian Tierney). - -- SIGPROF to the communication child process now logs resource stats to - remote.log (Matthias Vallentin). - -- The new built-in getpid(): count returns Bro's process ID (Robin Sommer). - -- Patterns for detecting IRC-based bots updated (Robin Sommer). - -- irc-bot-syslog now logs just bots, not all IRC client/servers (Robin Sommer). - -- The new variable suppress_notice_actions in notice.bro suppresses - notice_actions events for selected notice types (Robin Sommer). - -- Files opened during operation now rotate just like those opened at - startup (Robin Sommer). - -- ResourceStats now also logs elapsed time and the reported number of - packets-on-the-link (Mark Dedlow). - -- Printing a "file" value now produces its name (Robin Sommer). - -- Removed deliberate truncation of payload in port 80 FIN packets - (Vern Paxson). - -- remote.log now includes received peer_descriptions (Robin Sommer). - -- Significant POP3 analyzer speed-ups (Vern Paxson). - -- Updated README (Vern Paxson). - -- Fix for "@load a" followed by "@load a.bro" not loading the same file - twice (Robin Sommer). - -- Bug fixes for propagating state operations to uninitialized variables - and for spurious state inconsistency messags (Robin Sommer). - -- Bug fix for sending final sync-points during pseudo-realtime mode - (Robin Sommer). - -- Fix for possible buffer overflow (Christian Kreibich). - -- Bug fix for spurious end-of-file's during inter-Bro communication - (Robin Sommer). - -- Bug fix for dpd_match_only_beginning=F (Robin Sommer). - -- Bug fix for updating timestamps (Christian Kreibich). - -- Bug fix for skipping ADU processing in adu.bro (Christian Kreibich - and Zhichun Li). - -- Fix for ICMPs that carry ICMP headers (or non-TCP/UDP/ICMP headers) - within them (Vern Paxson). - -- Fix for files being rotated after the timer queue has been deleted - (Vern Paxson). - -- Bug fix for signature-matching with IPv6 subnets (Vern Paxson). - -- Bug fix for connection compressor setting connection origin (Robin Sommer). - -- Bug fix for interconn.bro when processing peculiar connections (Vern Paxson). - -- Fix for off-by-one buffer in sscanf call (Christian Kreibich). - -- Fixed inefficiency/warning flagged by g++ (Vern Paxson). - -- Bug fix for NUL string termination in SMB processing (Zhichun Li). - -- Fix for over-ref'ing of file Val's (Vern Paxson). - -- Fixes for some g++ warnings (Christian Kreibich, Vern Paxson). - -- gcc 3.4.2 portability fixes (Robin Sommer). - -- Minor build fixes for Broccoli, including a version bump to match that - of Bro. See aux/broccoli/ChangeLog for details. - -- distcheck fixes (Christian Kreibich). - -- Configuration portability fixes (Matthias Vallentin, Jean-philippe Luiggi). - -- OpenBSD portability fixes (Jean-philippe Luiggi, Christian Kreibich). - - -1.2.1 Mon Dec 11 16:22:58 PST 2006 - -- Fixed delayed triggering of new_connection events when using the - connection compressor. - -- Fixed tracking of first packet in TCP analyzer. (Reported by Guohan Lu) - -- The syslog built-in got lost during some previous merge. - -- Fixed crash if local variable is given as timeout value for table. - (Reported by Mike Wood.) - -- Fixed using "time" values as table indices. - -- Added ssh to default brolite DPD configuration. - -- Fixed catching up to real-time in case of lull. - -- Fixed Broccoli "BRO_DATA_FORMAT_VERSION" to match version in Bro. - -- Fixed Makefile problem in doc directory. - -- Fixed Makefile dependency problem in binpac directory. - -- Added Linux tuning to brolite install script. - -- Modified Makefile to include broccoli/contrib. - -- Adding missing initialization to remote serializer. - -- Minor documentation updates for reference manual and Broccoli. - - -1.2 Tue Oct 17 12:09:49 PDT 2006 - -- Bro now supports DPD, dynamic protocol detection (Robin Sommer, Holger - Dreger, and Michael Mai). With DPD, Bro can analyze protocols regardless - of what port numbers they use: it infers the protocol based on which - application analyzers can parse it without error. Adding this functionality - involved extensive changes to Bro's internals, but also now enables - multiple Bro analyzers to work on the same connection, either concurrently - or one nested inside the other (we have not taken much advantage of this - latter capability yet, but see the FTP events discussed below). - - There are a number of new policy scripts, events, and variables associated - with DPD processing, as follows. - - Scripts: - - You activate DPD by @load'ing dpd.bro. It in turn instructs Bro - to load the signature file policy/sigs/dpd.sig. Note that Bro - uses signatures to expedite deciding which analyzers to try on - a given connection; it does *not* simply use the signatures to - make the determination of which protocol is in use, as this is - insufficiently robust. (At this point, Bro provides signatures - for FTP, IRC, HTTP, SMTP, and SSH. In the future we plan to add - other protocols.) - - Along with dpd.bro, you need to @load detect-protocols.bro or - detect-protocols-http.bro. The former enables general detection - of application-layer protocols, while the latter does further - inspection of HTTP sessions to characterize applications running - on top of HTTP such as Gnutella or SOAP. (Loading dpd.bro - is separate from loading one of these scripts because in principle - Bro could use a different means than signatures to activate - the analyzers, although currently it does not.) - - If you @load dyn-disable.bro, then once an analyzer determines - that it does not match a given connection, it is deactivated - (and a Notice is generated). Otherwise, it still proceeds to try - its best to analyze the connection (to possibly be more robust - against evasion). - - The scripts dce.bro and smb.bro enable DPD for the Windows DCE and - SMB protocols, respectively. (Note that analysis of these protocols - is undergoing a major expansion, not yet complete.) - - Events: - - event protocol_confirmation(c: connection, atype: count, aid: count) - Generated when the given connection has been confirmed as - conforming with the application type (protocol) specified - by atype. aid is a globally unique analyzer ID that identifies - a particular analyzer instance. - - The values for atype are symbolic names associated with - each of Bro's analyzers, such as ANALYZER_IRC. See the - initialization at the beginning of Analyzer.cc for the - full set of names. - - The function analyzer_name(atype: count): string translates - these symbolic names into text. For example, - - analyzer_name(ANALYZER_IRC) - - yields "IRC". - - event protocol_violation(c: connection, atype: count, aid: count, - reason: string) - Generated when the given connection has been found to - violate the protocol of the given application type, with - "reason" giving details. - - Variables: - - dpd_buffer_size: count (default 1024) - Specifies how much pending data Bro keeps for connections - that have not been classified yet. Once this fills, the - data is deleted, though classification can still continue - (see below). - - dpd_match_only_beginning: bool (default T) - If set, specifies that Bro should stop signature matching - if it has processed dpd_buffer_size bytes. - - dpd_ignore_ports: bool (default F) - If set, then Bro does not take into consideration the port - numbers associated with connections when attempting to - classify them (which can otherwise help the process in - some cases). - - dpd_reassemble_first_packets: bool (default T) - If set, then Bro does TCP stream reassembly before applying - signature-matching to detect protocols. - - likely_server_ports: set[port] - Specifies a list of ports that Bro will consider as likely - used by servers. For example, if Bro sees a connection - that has already been established (so it does not know - which side sent the initial SYN), and one side uses a port - in this set, then it will assume that that side is the - server (connection responder). The set is empty unless - you populate it or @load server-ports.bro, which specifies - a large number of values. - - dpd_config: table[AnalyzerTag] of dpd_protocol_config - Specifies the DPD configuration associated with each tag. - The type dpd_protocol_config is simply: - - type dpd_protocol_config: record { - ports: set[port] &optional; - }; - - i.e., an optional $ports field specifying a set of ports - associatd with the tag. For example, ftp.bro now includes - the equivalent of: - - redef dpd_config += { - [ANALYZER_FTP] = [$ports = 21/tcp] - }; - - Functions: - - The function - - expect_connection(orig: addr, resp: addr, resp_p: port, - analyzer: count, tout: interval) - - is called to alert Bro that a new connection is expected, initiated - by orig to a server running on resp's port resp_p (note: orig's port - is not specified) which will correspond to the specified analyzer - (e.g., "FILE", which is used to analyze files transferred by FTP - - see next item). "tout" is a timeout to associate with the waiting. - - The function - - function disable_analyzer(cid: conn_id, aid: count) - - instructs Bro to disable the analyzer that generated the current - event, assuming the analyzer is associated with the given connection - ID. This is used by the dyn-disable.bro script discussed above. - -- A much more complete BinPAC compiler, along with new HTTP, DNS, and - RPC/Portmap analyzers in binpac (Ruoming Pang). The flag "--use-binpac" - activates the BinPAC-based analyzers (currently for HTTP and DNS). - See www.cs.princeton.edu/~rpang/binpac-paper.pdf for a description of - BinPAC, and let Ruoming know if you are interested in using BinPAC to build - new analyzers. - -- A new type of analyzer, FILE, analyzes the contents of a connection as - though it were a data file (Robin Sommer). Currently, it can generate - two events: - - event file_transferred(c: connection, prefix: string, descr: string, - mime_type: string) - Indicates that the connection transferred a file. "prefix" - is the beginning of the file's data; "descr" and "mime_type" - are indicators of the file's type, as reported by the - "libmagic" library. - - descr/mime_type are only set if Bro is configured on a - system that includes the "libmagic" library. - - event file_virus(c: connection, virname: string) - Indicates the connection transferred an executable - corresponding to a known virus of the given name. - - This functionality is only available if Bro is configured - on a system that includes the "libclamav" library. - - Note, this analyzer is enabled via a call to expect_connection by - the FTP analyzer. - -- New events relating to IRC analysis (Robin Sommer): - - event irc_client(c: connection, prefix: string, data: string) - Generated upon seing a client message sent over the given - IRC connection. "prefix" is the command's prefix as defined - by the IRC protocol. It is used by servers to indicate the - true origin of the message; it may be empty. "data" contains - the message. - - event irc_server(c: connection, prefix: string, data: string) - Same for server messages. - - event irc_user_message(c: connection, user: string, host: string, - server: string, real_name: string) - Generated upon seeing an IRC "USER" command. - - event irc_password_message(c: connection, password: string) - Generated upon seeing an IRC "PASS" command. - - event irc_channel_topic(c: connection, channel: string, topic: string) - Generated upon seeing an IRC server reply that includes - the channel topic. - - event irc_global_users(c: connection, prefix: string, msg: string) - Generated upon seeing an IRC server reply that includes - a count of the number of IRC users. - -- The new experimental script irc-bot.bro tracks IRC-based bots (Robin Sommer). - The accompanying script irc-bot-syslog.bro syslog's the state of the - bot analysis every IrcBot::summary_interval seconds (default 1 minute). - -- The new script proxy.bro looks for open Web proxies by matching incoming - requests to a server with outgoing requests it makes (Robin Sommer). It - generates HTTPProxyFound Notices when it finds one. - -- Changes to notices.bro (Robin Sommer): - - - notice_policy_item's now have a default $result of - NOTICE_FILE and a default $priority of 1. - - - The new notice_action_filter, notice_alarm_per_orig, alarms - on the first NoticeType from a specific source. Subsequent - instances are tallied. - - - notice_action_filters now reside in the new script - notice-action-filter.bro (automatically loaded by notice.bro). - - - The notice actions NOTICE_ALARM_PER_CONN, NOTICE_ALARM_PER_ORIG, - and NOTICE_ALARM_ONCE have been removed, as they were never - actually implemented. - - - If the notice_policy returns IGNORE or FILE, the action_filters - filters are no longer consulted. - -- A new attribute for tables and sets, &mergeable, changes the semantics - of assignments, as follows (Robin Sommer). Given two &mergeable tables/sets - A and B, an assignment "A = B" becomes actually a join "A = A \cup B" - (i.e., union). The envisoned use is to help avoid race conditions - when doing remote state synchronization. - -- The semantics of &synchronized expire_funcs has changed (Robin Sommer). - Now, when a table entry is expired and the operation is propagated to a - a peer, the peer will call its expire_function. - -- TRW analysis now skips UDP traffic because it currently treats - all UDP connections as failures (Robin Sommer). - -- trw.bro has been split into trw-impl.bro (the algorithm) and - trw.bro (which simply activates the analysis), to facilitate writing - scripts that have hooks into TRW analysis but don't presume it's - active (Robin Sommer). - -- The option report_remote_notices in remote.bro has been replaced - by a new script you include, remote-report-notices.bro (Robin Sommer). - -- The new function connect_peer() explicitly connects to a remote host - (Robin Sommer). - -- The new script remote-send-id.bro sends the current value of an ID - to a remote Bro and then terminates processing (Robin Sommer). It's - intended for use from the command-line, as in - - bro -e "redef dst="" id="" remote-send-id - - The other scripts must set up the connection. is an index into - Remote::destinations corresponding to the destination. - -- New built-ins {suspend,resume}_state_updates() can be called to - temporarily avoid propagating updates to &sync'ed values (Robin Sommer). - This can avoid duplicated activity. - -- The new function terminate_communication() instructs Bro to end its - communication with remote peers (Robin Sommer). - -- The new event remote_state_access_performed is raised when remote state - access has been performed (Robin Sommer). This is primarily for debugging. - -- The log() built-in has been renamed to ln() to avoid conflict (Vern Paxson). - -- bifcl now generates event generation wrapper functions from event.bif - (Ruoming Pang). For example, to generate event http_reply, currently - one writes: - - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(fmt("%.1f", reply_version))); - vl->append(new Val(reply_code, TYPE_COUNT)); - if ( reply_reason_phrase ) - vl->append(reply_reason_phrase); - else - vl->append(new StringVal("")); - ConnectionEvent(http_reply, vl); - - In the future, one will be able to just call bro_event_http_reply(), and - the code generated by bifcl looks like: - - void bro_event_http_reply(Connection* c, StringVal* version, - bro_uint_t code, StringVal* reason) - { - val_list* vl = new val_list; - - vl->append(c->BuildConnVal()); - vl->append(version); - vl->append(new Val(code, TYPE_COUNT)); - vl->append(reason); - - mgr.QueueEvent(http_reply, vl, SOURCE_LOCAL, c); - } - - Accompanying this change is a semantic shift to types "string" and "port" - in .bif files. They used to be translated to C++ types BroString* and - uint32, respectively. Now they are translated to StringVal* and PortVal*. - The functions in bro.bif are changed accordingly, and please be aware - of this change when you write built-in functions in future. - - Also for this change, the parameter 'new' for rsh_request has been renamed - 'new_session', as 'new' is a reserved word for C++. - -- Some ICMP "connections" now have services identified ("icmp-echo", - "icmp-unreach") rather than just listing the service as "other" - (Ruoming Pang). - -- The new option remote_trace_sync_interval specifies an interval after - which each Bro will stop processing its trace and wait for all others - to signal that they have reached the same time (Robin Sommer). The - intent is support for operating Bro in a distributed cluster fashion - (and in particular for debugging such clusters when running off-line - on traces). - - This option only works in pseudo-realtime mode, and requires the new - global remote_trace_sync_peers to give the total number of remote peers - (not including self). Signaling is done via a new communication message - type. - -- Extensions for DNS transformation/anonymization, including introduction - of trace transformation for protocols other than TCP (Jason Lee). - Not yet fully developed/debugged. - -- Extensions for HTTP transformation/anonymization (Martin Casado). - Not yet fully developed/debugged. - -- The $conn field is now included in HTTPProxyFound notices (Robin Sommer). - -- Changed service inference algorithm to favor lower-numbered - likely-servers over higher-numbered ones (Vern Paxson). - -- In pseudo-realtime mode, Bro now uses real-time for deciding which - peer should send state (Robin Sommer). - -- Time synchronization for Bro's running on traces in pseudo-realtime mode - added (Robin Sommer). - -- Avoidance of false content gaps improved when sorting packets with - out-of-order timestamps (Ruoming Pang). - -- Packets from the packet sorter are now more robustly drained upon - termination of input (Ruoming Pang). - -- Documentation for deep-copy updated (Christian Kreibich). - -- Nasty fragment reassembly bug fixed (Vern Paxson). - -- Serious bugs in EDNS0 processing fixed (Vern Paxson). - -- Fixed significant misfeature of interconn.bro that stopped all processing - of a connection once it makes a detection (Vern Paxson). - -- Fixes for &read_expire operation across synchronizes tables (Robin Sommer). - -- Fixes for multiple peers exchanging initial &sync state simultaneously - (Robin Sommer). - -- Improvements to graceful termination of Bro when communicating with - remote peers (Robin Sommer). - -- Fix for ICMP analyzer not always generating icmp_sent events - (Robin Sommer). This appears to still need some work, as now - it generates redundant events. - -- Fix for initial exchange of &sync state which could lead to - referencing unknown IDs (Robin Sommer). - -- Fix to scan detection for differing semantics of connection compressor - vs. non-compressor (Robin Sommer). - -- Bug fix for distinguishing regular expression matches of length 0 from - those of length 1 (Ruoming Pang). - -- Fix for SSH version parsing in the presence of content gaps (Robin Sommer). - -- Bug fix for IRC that could lead to crashes (Robin Sommer). - -- Bug fix to refrain from adding new timers when a connection has - already been removed from the connection table (Robin Sommer). - -- Bug fix for packet_contents not including the transport-layer header - (Robin Sommer). - -- Some memory leaks fixed (Robin Sommer). - -- A bunch of portability and distribution problems fixed (Christian - Kreibich, Robin Sommer, Vern Paxson). - - -1.1 Mon May 15 10:50:33 PDT 2006 - -- Bro now supports a "when" statement for taking action upon something - becoming true asynchronously (Robin Sommer). This provides a powerful - new mechanism with numerous applications. - - Syntax: - - when '(' ')' [timeout '{ '}'] - - where the first can be a single statement or a block enclosed - in {}'s, but the set associated with "timeout" must be enclosed in - {}'s (to reduce ambiguities in Bro's grammar). - - Bro executes the first statement when becomes true. If you give - a timeout and the condition has not been satisfied before it expires, Bro - executes the second statement instead. - - A simple example: - - global t: table[addr] of count; - event connection_established(c: connection) - { - local orig = c$id$orig_h; - if ( orig !in t ) - { - t[orig] = 1; - - when ( t[orig] == 5 ) - print fmt("%s has established 5 connections", orig); - timeout 1 hr - { - print fmt("%s has NOT established 5 connections", orig); - delete t[orig]; - } - } - else - ++t[orig]; - } - - Notes: - - The condition may be evaluated more than once, and at arbitrary - times. - - - When the when-body is executed, the condition is guaranteed to be - still satisfied. - - - Expression reevaluation is primarily triggered by modifications - to globals. However, reevaluations do not take place immediately - but potentially at a later point. This means that if we change a - global to a value which would execute the trigger but then change - it back, the change may go unnoticed. - - - Inside the condition you may introduce new locals. For example, - - when ( (local x = foo()) && x == 42 ) ... - - Such an assignment always yields true as its expression value - (but the assignment might be delayed, for example if foo() is - a delayed function call - see below). - - Delaying function calls - ======================= - - Functions called inside the condition of a when-clause may delay their - results until they're ready. This works for both script-level and built-in - functions. - - For script-level functions, there is a new construct, "return ", - to delay a function's result. When used, the function returns at the - time the when-stmt's condition becomes true, and it yields the value - that the when-stmt's body then returns. Toy example: - - global X: table[string] of count; - - function a() : count - { - # This delays until condition becomes true. - return when ( "a" in X ) - { - return X["a"]; - } - timeout 5 min - { - return 0; - } - } - - event bro_init() - { - # Installs a trigger which fires if a() returns 42. - when ( a() == 42 ) { print "Yippie!"; } - - X["a"] = 42; - } - - There's also a new built-in function which can delay - - lookup_addr(host: addr) - - performs asynchronous DNS address->hostname lookups. Example: - - local h; addr; - [...] - when (local name = lookup_addr(h)) { print h, name; } - - See the function gen_hot_notice_with_hostnames() in conn.bro for - a more worked-out example of using the "when" clause to translate the - local address in SensitiveConnection notices to a hostname (contributed - by Brian Tierney). This functionality is activated by redef'ing - xlate_hot_local_addr to T. - - Here is the full evaluation model of a when's condition: - - - The condition may be evaluated more than once, at arbitrary times. - - - It is always fully evaluated, no matter whether some former - evaluation has been suspended by a delaying function call. - - - All function calls which do not delay are always *fully* executed - each time the condition is evaluated. - - - Function calls which delay are only executed *once*; their result is - cached and re-used in the case the condition is evaluated again. - - - The condition is guaranteed to be true when the body is executed - (potentially using cached function results) - -- By default Bro now uses a configuration similar to what used to be - activated using reduce-memory.bro, along with some additional state - timeouts that are new (Robin Sommer and Vern Paxson). This allows for - better state management out-of-the-box, at the cost of some precision - of analysis and resilience to evasion. In particular, the intent is to - move towards being able to run Bro continuously without inexorably growing - the amount of memory used until exhaustion. - - You can access a configuration similar to the previous default state - management settings by loading heavy-analysis.bro. It turns on a - load-prefix of "heavy", so when you load XXX.bro, a file heavy.XXX.bro - will also be automatically loaded if present. Note that, as was the - case for reduce-memory, you need to load heavy-analysis prior to other - files for it to have effect. - -- The new module clear-passwords.bro monitors login/FTP/IRC/POP traffic - for cleartext passwords (Jason Lee). - -- The new script service-probe.bro looks for remote hosts that repeatedly - connect to the same service on local hosts (for a configurable set of - services and connection sizes) in order to detect brute-forcing attacks - such as password-guessing (Jim Mellander). - -- A new ARP analyzer generates three events: - - event arp_request(mac_src: string, mac_dst: string, - SPA: addr, SHA: string, TPA: addr, THA: string); - - event arp_reply(mac_src: string, mac_dst: string, - SPA: addr, SHA: string, TPA: addr, THA: string); - - event bad_arp(SPA: addr, SHA: string, TPA: addr, THA: string, - explanation: string); - - with a corresponding policy script arp.bro (Chema Gonzalez and Vern Paxson). - It writes logs to arp.$BRO_LOG_SUFFIX. It has not been tested much yet. - -- Bro Lite changes (Jason Lee): - - default user for is now user 'bro' - - now uses the correct sysctl on FreeBSD 6 - - now uses the correct Perl path if site-report.pl not installed - into '/usr/local/bro' - - no longer prompts to encrypt email unless you pick to email reports - -- The default Bro Lite install now only checkpoints Bro once a week - (Brian Tierney). - -- Implicit Bro file extensions (such as .bro for policy scripts and .sig - for signatures) are now searched for first rather than only if the - non-extension-version of the file doesn't exist (Vern Paxson). For - example, running "bro -r trace mt" now first searches $BROPATH for - "mt.bro" before searching for "mt", whereas it used to do these in - the other order. - -- There's now a simpler mechanism for redef'ing variables on the command-line - (Christian Kreibich). Any command line arguments of the form = - are now expanded into policy code of the form "redef var=val;", where - is wrapped in quotation marks if the value appears to be a string - and doesn't have quotation marks already. This works with strings with - whitespace such as foo="Hello World"; however, note that it means you - can't use the mechanism to redef an enum value. - -- The Bro distribution now includes (and builds by default) Christian - Kreibich's Broccoli library (Bro C Client Library), which enables programs - to communicate with running Bro's (Christian Kreibich and Jason Lee). - Configure with --disable-broccoli to turn this off. - -- Built-in functions log(x: double): double and exp(x: double): double - which do natural logarithms and their inverses (Jaeyeon Jung). - -- The new built-in function gethostname() returns the local host's name - (Jason Lee & Robin Sommer). - -- The new built-in function reading_traces() returns true if Bro - is reading trace files (Robin Sommer). - -- The new built-ins suspend_processing() and continue_processing() provide - script-level control for instructing the event engine to stop or resume - processing packets (Robin Sommer). This is useful for coordinating - simultaneous processing by multiple Bro's. - -- Email notices are now by default sent via /bin/mail, with "[Bro Alarm]" - in the subject. - -- redef'ing a function now replaces the existing body rather than - supplementing it (Robin Sommer), which was a bug. - -- You can now configure Bro to process encapsulated IP packets either - by setting, as before, a fixed encap_hdr_size (for VLANs), or setting - parse_udp_tunnels to T (Ruoming Pang). For the latter, you specify a - UDP tunnel port using udp_tunnel_port (the previous variable "tunnel_port" - has gone away); or you can leave it set to its default of 0/udp, in which - case Bro will look for IP encapsulated in UDP packets on any port. - -- Added a simple form of profiling based on sampling the work done - per-packet (Vern Paxson). The event engine generates a - - event load_sample(samples: load_sample_info, CPU: interval, dmem: int) - - event every load_sample_freq packets (roughly; it's randomized), where - load_sample_freq defaults to 20. "samples" is simply a set[string]; it - contains the names of the functions, event handlers, and their source - files that were accessed during the processing of the sampled packet, - along with an estimate of the CPU cost of processing the packet and - (currently broken) memory allocated/freed. - -- Bro now includes experimental support for Endace DAG cards (Gregor Maier - and Robin Sommer). To activate, configure with - - --with-DAG=/path/to/dagtool/installation - - and use "dag0" as the network interface. You may need to configure the - card with the dagtools first. In general, if dagsnap works, Bro should - work as well. - -- Log rotation has changed in a number of ways (Mark Dedlow & Robin Sommer): - - * The new variable log_rotate_base_time: string, if defined, - specifies that logs should be rotated at log_rotate_base_time + - i * rotate_interval intervals. Format is as a string in - 24-hour time, "%H:%M", e.g, "12:00". This format may change - in the future to instead be a Bro time type. - - * RotateLogs::date_format can be redefined to change format of - timestamps in rotated files. - - * RotateLogs::build_name() can be redefined to implement an - arbitrary naming scheme for rotated files. - - Note, this code has not been extensively tested. - -- Bro now by default builds a version of malloc bundled with its - distribution (Vern Paxson & Brian Tierney). - -- The syntax for the clone operator now looks like a function call, - "copy(x)" (Vern Paxson). - -- The new flag DNS::logging (default F), if T, disables generation of - dns.log (which is often uninteresting and very large), though it - still performs analysis leading to NOTICEs (Robin Sommer). - -- A new global, hostile_domain_list, has been added to dns.bro which - lists domains to be flagged if A or MX records are queried (Scott Campbell). - -- Added globals dns_skip_all_{auth,addl} to skip all DNS AUTH/ADDL processing - (Vern Paxson). Skipping these is on (true) by default, because such - processing is quite expensive. - -- backdoor.bro now turns off by default some detectors that from experience - have too many false positives, or (such as for HTTP) too many uninteresting - true positives (Brian Tierney). In addition: - - - the module now generates a BackdoorFound notice for each backdoor - - - the new variable dump_backdoor_packets (default F) if set causes - the packet that triggered the backdoor detection to be written to - backdoor-packets/: