Merge remote-tracking branch 'origin/fastpath'

* origin/fastpath: Remove remaining references to BROMAGIC Fix typos and formatting in event and BiF documentation
2025-10-08 01:28:20 +00:00 · 2014-05-20 10:16:50 -05:00 · 2014-05-20 10:16:50 -05:00 · fb7c3677dc
commit fb7c3677dc
parent a8078b491e 11d2d8e549
15 changed files with 93 additions and 82 deletions
--- a/6
+++ b/6
@ -1,4 +1,10 @@

+2.3-beta-3 | 2014-05-20 10:16:50 -0500
+
+  * Remove remaining references to BROMAGIC (Daniel Thayer)
+
+  * Fix typos and formatting in event and BiF documentation (Daniel Thayer)
+
 2.3-beta | 2014-05-19 16:36:50 -0500

  * Release 2.3-beta
--- a/2
+++ b/2
@ -1 +1 @@
-2.3-beta
+2.3-beta-3
--- a/doc/conf.py.in
+++ b/doc/conf.py.in
@ -38,7 +38,6 @@ extensions += ["broxygen"]
 bro_binary = os.path.abspath("@CMAKE_SOURCE_DIR@/build/src/bro")
 broxygen_cache="@BROXYGEN_CACHE_DIR@"
 os.environ["BROPATH"] = "@BROPATH@"
-os.environ["BROMAGIC"] = "@BROMAGIC@"
 # ----- End of Broxygen configuration. -----

 # -- General configuration -----------------------------------------------------
--- a/doc/quickstart/index.rst
+++ b/doc/quickstart/index.rst
@ -426,7 +426,7 @@ Running Bro Without Installing

 For developers that wish to run Bro directly from the ``build/``
 directory (i.e., without performing ``make install``), they will have
-to first adjust ``BROPATH`` and ``BROMAGIC`` to look for scripts and
+to first adjust ``BROPATH`` to look for scripts and
 additional files inside the build directory.  Sourcing either
 ``build/bro-path-dev.sh`` or ``build/bro-path-dev.csh`` as appropriate
 for the current shell accomplishes this and also augments your
--- a/src/analyzer/protocol/dns/events.bif
+++ b/src/analyzer/protocol/dns/events.bif
@ -367,7 +367,7 @@ event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string,
 ##
 ## ans: The type-independent part of the parsed answer record.
 ##
-## str: The textual information returned by the reply.
+## strs: The textual information returned by the reply.
 ##
 ## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl
 ##    dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply
@ -392,11 +392,17 @@ event dns_TXT_reply%(c: connection, msg: dns_msg, ans: dns_answer, strs: string_
 ##
 ## ans: The type-independent part of the parsed answer record.
 ##
-## priority: Priority of the SRV response.
+## target: Target of the SRV response -- the canonical hostname of the
+##         machine providing the service, ending in a dot.
 ##
-## weight: Weight of the SRV response.
+## priority: Priority of the SRV response -- the priority of the target
+##           host, lower value means more preferred.
 ##
-## p: Port of the SRV response.
+## weight: Weight of the SRV response -- a relative weight for records
+##         with the same priority, higher value means more preferred.
+##
+## p: Port of the SRV response -- the TCP or UDP port on which the
+##    service is to be found.
 ##
 ## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl
 ##    dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply
@ -408,8 +414,7 @@ event dns_TXT_reply%(c: connection, msg: dns_msg, ans: dns_answer, strs: string_
 event dns_SRV_reply%(c: connection, msg: dns_msg, ans: dns_answer, target: string, priority: count, weight: count, p: count%);

 ## Generated on DNS reply resource records when the type of record is not one
-## that Bro knows how to parse and generate another more specific specific
-## event.
+## that Bro knows how to parse and generate another more specific event.
 ##
 ## c: The connection, which may be UDP or TCP depending on the type of the
 ##    transport-layer session being analyzed.
--- a/src/analyzer/protocol/pop3/events.bif
+++ b/src/analyzer/protocol/pop3/events.bif
@ -105,8 +105,8 @@ event pop3_unexpected%(c: connection, is_orig: bool,
 ##
 ## c: The connection.
 ##
-## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply pop3_request
-##    pop3_unexpected
+## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply
+##    pop3_request pop3_unexpected
 ##
 ## .. todo:: Bro's current default configuration does not activate the protocol
 ##    analyzer that generates this event; the corresponding script has not yet
--- a/src/analyzer/protocol/radius/events.bif
+++ b/src/analyzer/protocol/radius/events.bif
@ -3,10 +3,9 @@
 ## See `Wikipedia <http://en.wikipedia.org/wiki/RADIUS>`__ for more
 ## information about RADIUS.
 ##
-## c: The connection
-## msg_type: The value of the code field (1 == Access-Request, 2 == Access-Accept, etc.)
-## trans_id: The RADIUS transaction identifier
-## authenticator: The value of the authenticator field
+## c: The connection.
+##
+## result: A record containing fields parsed from a RADIUS packet.
 ##
 event radius_message%(c: connection, result: RADIUS::Message%);

@ -15,9 +14,11 @@ event radius_message%(c: connection, result: RADIUS::Message%);
 ## See `Wikipedia <http://en.wikipedia.org/wiki/RADIUS>`__ for more
 ## information about RADIUS.
 ##
-## c: The connection
-## attr_type: The value of the code field (1 == User-Name, 2 == User-Password, etc.)
-## authenticator: The value of the authenticator field
+## c: The connection.
+##
+## attr_type: The value of the code field (1 == User-Name, 2 == User-Password, etc.).
+##
+## value: The data/value bound to the attribute.
 ##
 event radius_attribute%(c: connection, attr_type: count, value: string%);

--- a/src/analyzer/protocol/smtp/events.bif
+++ b/src/analyzer/protocol/smtp/events.bif
@ -99,10 +99,10 @@ event smtp_data%(c: connection, is_orig: bool, data: string%);
 ## .. bro:see:: smtp_data  smtp_request smtp_reply
 event smtp_unexpected%(c: connection, is_orig: bool, msg: string, detail: string%);

-## Generated if a connection switched to using TLS using STARTTLS. After this event
-## no more SMTP events will be raised for the connection. See the SSL analyzer for
-## related SSL events, which will now be generated.
+## Generated if a connection switched to using TLS using STARTTLS. After this
+## event no more SMTP events will be raised for the connection. See the SSL
+## analyzer for related SSL events, which will now be generated.
 ##
-## c: The connection
+## c: The connection.
 ##
 event smtp_starttls%(c: connection%);
--- a/src/analyzer/protocol/snmp/events.bif
+++ b/src/analyzer/protocol/snmp/events.bif
@ -1,6 +1,6 @@
 ## An SNMP ``GetRequest-PDU`` message from either :rfc:`1157` or :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -14,7 +14,7 @@ event snmp_get_request%(c: connection, is_orig: bool, header: SNMP::Header,
 ## An SNMP ``GetNextRequest-PDU`` message from either :rfc:`1157` or
 ## :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -28,7 +28,7 @@ event snmp_get_next_request%(c: connection, is_orig: bool,
 ## An SNMP ``GetResponse-PDU`` message from :rfc:`1157` or a
 ## ``Response-PDU`` from :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -41,7 +41,7 @@ event snmp_response%(c: connection, is_orig: bool, header: SNMP::Header,

 ## An SNMP ``SetRequest-PDU`` message from either :rfc:`1157` or :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -54,7 +54,7 @@ event snmp_set_request%(c: connection, is_orig: bool, header: SNMP::Header,

 ## An SNMP ``Trap-PDU`` message from :rfc:`1157`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -67,7 +67,7 @@ event snmp_trap%(c: connection, is_orig: bool, header: SNMP::Header,

 ## An SNMP ``GetBulkRequest-PDU`` message from :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -80,7 +80,7 @@ event snmp_get_bulk_request%(c: connection, is_orig: bool,

 ## An SNMP ``InformRequest-PDU`` message from :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -93,7 +93,7 @@ event snmp_inform_request%(c: connection, is_orig: bool, header: SNMP::Header,

 ## An SNMP ``SNMPv2-Trap-PDU`` message from :rfc:`1157`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -106,7 +106,7 @@ event snmp_trapV2%(c: connection, is_orig: bool, header: SNMP::Header,

 ## An SNMP ``Report-PDU`` message from :rfc:`3416`.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -119,7 +119,7 @@ event snmp_report%(c: connection, is_orig: bool, header: SNMP::Header,

 ## An SNMP PDU message of unknown type.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -133,7 +133,7 @@ event snmp_unknown_pdu%(c: connection, is_orig: bool, header: SNMP::Header,
 ## An SNMPv3 ``ScopedPDUData`` of unknown type (neither plaintext or
 ## an encrypted PDU was in the datagram).
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -146,7 +146,7 @@ event snmp_unknown_scoped_pdu%(c: connection, is_orig: bool,

 ## An SNMPv3 encrypted PDU message.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
@ -156,7 +156,7 @@ event snmp_encrypted_pdu%(c: connection, is_orig: bool, header: SNMP::Header%);

 ## A datagram with an unknown SNMP version.
 ##
-## c: The connection overwhich the SNMP datagram is sent.
+## c: The connection over which the SNMP datagram is sent.
 ##
 ## is_orig: The endpoint which sent the SNMP datagram.
 ##
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@ -86,8 +86,8 @@ event ssl_server_hello%(c: connection, version: count, possible_ts: time, server
 event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%);

 ## Generated for an SSL/TLS Elliptic Curves extension. This TLS extension is
-## defined in :rfc:`4492` and sent by the client in the initial handshake. It gives
-## the list of elliptic curves supported by the client.
+## defined in :rfc:`4492` and sent by the client in the initial handshake. It
+## gives the list of elliptic curves supported by the client.
 ##
 ## c: The connection.
 ##
@ -118,13 +118,13 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index
 ##    ssl_extension_server_name ssl_server_curve
 event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_formats: index_vec%);

-## Generated if a named curve is chosen by the server for an SSL/TLS connection. The
-## curve is sent by the server in the ServerKeyExchange message as defined in
-## :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen.
+## Generated if a named curve is chosen by the server for an SSL/TLS connection.
+## The curve is sent by the server in the ServerKeyExchange message as defined
+## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen.
 ##
 ## c: The connection.
 ##
-## point_formats: List of supported point formats.
+## curve: The curve.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
 ##    ssl_session_ticket_handshake ssl_extension
@ -151,7 +151,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%);
 ## Generated for an SSL/TLS Application-Layer Protocol Negotiation extension.
 ## This TLS extension is defined in draft-ietf-tls-applayerprotoneg and sent in
 ## the initial handshake. It contains the list of client supported application
-## protocols by the client or the server, respectovely.
+## protocols by the client or the server, respectively.
 ##
 ## At the moment it is mostly used to negotiate the use of SPDY / HTTP2-drafts.
 ##
@ -169,15 +169,15 @@ event ssl_extension_application_layer_protocol_negotiation%(c: connection, is_or

 ## Generated for an SSL/TLS Server Name extension. This SSL/TLS extension is
 ## defined in :rfc:`3546` and sent by the client in the initial handshake. It
-## contains the name of the server it is contacting. This information can be used
-## by the server to choose the correct certificate for the host the client wants to
-## contact.
+## contains the name of the server it is contacting. This information can be
+## used by the server to choose the correct certificate for the host the client
+## wants to contact.
 ##
 ## c: The connection.
 ##
 ## is_orig: True if event is raised for originator side of the connection.
 ##
-## protocols: List of supported application layer protocols.
+## names: A list of server names (DNS hostnames).
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
 ##    ssl_session_ticket_handshake ssl_extension
@ -244,9 +244,9 @@ event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%);
 ##    ssl_alert
 event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%);

-## Generated for SSL/TLS heartbeat messages that are sent before session encryption
-## starts. Generally heartbeat messages should rarely be seen in normal TLS traffic.
-## Heartbeats are described in :rfc:`6520`.
+## Generated for SSL/TLS heartbeat messages that are sent before session
+## encryption starts. Generally heartbeat messages should rarely be seen in
+## normal TLS traffic. Heartbeats are described in :rfc:`6520`.
 ##
 ## c: The connection.
 ##
@ -254,12 +254,13 @@ event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count,
 ##
 ## length: length of the entire heartbeat message.
 ##
-## heartbeat_type: type of the heartbeat message. Per RFC, 1 = request, 2 = response
+## heartbeat_type: type of the heartbeat message. Per RFC, 1 = request, 2 = response.
 ##
-## payload_length: length of the payload of the heartbeat message, according to packet field
+## payload_length: length of the payload of the heartbeat message, according to
+##                 packet field.
 ##
-## payload: payload contained in the heartbeat message. Size can differ from payload_length,
-##          if payload_length and actual packet length disagree.
+## payload: payload contained in the heartbeat message. Size can differ from
+##          payload_length, if payload_length and actual packet length disagree.
 ##
 ## .. bro:see::  ssl_client_hello ssl_established ssl_extension ssl_server_hello
 ##    ssl_alert ssl_encrypted_data
@ -269,13 +270,13 @@ event ssl_heartbeat%(c: connection, is_orig: bool, length: count, heartbeat_type
 ## started.
 ##
 ## Note that :bro:id:`SSL::disable_analyzer_after_detection` has to be changed
-## from its default to false for this this event to be generated.  
+## from its default to false for this event to be generated.  
 ##
 ## c: The connection.
 ##
 ## is_orig: True if event is raised for originator side of the connection.
 ##
-## content type: message type as reported by TLS session layer
+## content_type: message type as reported by TLS session layer.
 ##
 ## length: length of the entire heartbeat message.
 ##
@ -284,8 +285,8 @@ event ssl_heartbeat%(c: connection, is_orig: bool, length: count, heartbeat_type
 event ssl_encrypted_data%(c: connection, is_orig: bool, content_type: count, length: count%);

 ## This event contains the OCSP response contained in a Certificate Status Request
-## message, when the client requested OCSP stapling and the server supports it. See
-## description in :rfc:`6066`
+## message, when the client requested OCSP stapling and the server supports it.
+## See description in :rfc:`6066`.
 ##
 ## c: The connection.
 ##
--- a/src/event.bif
+++ b/src/event.bif
@ -360,9 +360,9 @@ event content_gap%(c: connection, is_orig: bool, seq: count, length: count%);
 ##
 ## .. note::
 ##
-##    Bro comes with a script :doc:`/scripts/policy/misc/capture-loss.bro` that uses
-##    this event to estimate packet loss and report when a predefined threshold
-##    is exceeded.
+##    Bro comes with a script :doc:`/scripts/policy/misc/capture-loss.bro` that
+##    uses this event to estimate packet loss and report when a predefined
+##    threshold is exceeded.
 event gap_report%(dt: interval, info: gap_info%);

 ## Generated when a protocol analyzer confirms that a connection is indeed
@ -1011,8 +1011,8 @@ event dns_mapping_lost_name%(dm: dns_mapping%);
 ##    dns_mapping_valid
 event dns_mapping_altered%(dm: dns_mapping, old_addrs: addr_set, new_addrs: addr_set%);

-## A meta event generated for events that Bro raises. This will report all events
-## for which at least one handler is defined.
+## A meta event generated for events that Bro raises. This will report all
+## events for which at least one handler is defined.
 ##
 ## Note that handling this meta event is expensive and should be limited to
 ## debugging purposes.
--- a/src/file_analysis/analyzer/x509/events.bif
+++ b/src/file_analysis/analyzer/x509/events.bif
@ -43,9 +43,9 @@ event x509_extension%(f: fa_file, ext: X509::Extension%);
 event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%);

 ## Generated for the X509 subject alternative name extension seen in a certificate.
-## This extension can be used to allow additional entities to be bound to the subject
-## of the certificate. Usually it is used to specify one or multiple DNS names for 
-## which a certificate is valid.
+## This extension can be used to allow additional entities to be bound to the
+## subject of the certificate. Usually it is used to specify one or multiple DNS
+## names for which a certificate is valid.
 ##
 ## f: The file.
 ##
--- a/src/file_analysis/analyzer/x509/functions.bif
+++ b/src/file_analysis/analyzer/x509/functions.bif
@ -106,9 +106,9 @@ STACK_OF(X509)* x509_get_untrusted_stack(VectorVal* certs_vec)

 ## Parses a certificate into an X509::Certificate structure.
 ##
-## cert: The X509 certificicate opaque handle
+## cert: The X509 certificate opaque handle.
 ##
-## Returns: A X509::Certificate structure
+## Returns: A X509::Certificate structure.
 ##
 ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
 ##              x509_ext_subject_alternative_name x509_verify
@ -123,13 +123,13 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate

 ## Returns the string form of a certificate.
 ##
-## cert: The X509 certificate opaque handle
+## cert: The X509 certificate opaque handle.
 ##
 ## pem: A boolean that specifies if the certificate is returned
 ##      in pem-form (true), or as the raw ASN1 encoded binary
 ##      (false).
 ##
-## Returns: X509 certificate as a string
+## Returns: X509 certificate as a string.
 ##
 ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
 ##              x509_ext_subject_alternative_name x509_parse x509_verify
@ -158,14 +158,14 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F
 ##
 ## certs: Specifies the certificate chain to use. Server certificate first.
 ##
-## ocsp_reply: the ocsp reply to validate
+## ocsp_reply: the ocsp reply to validate.
 ##
-## root_certs: A list of root certificates to validate the certificate chain
+## root_certs: A list of root certificates to validate the certificate chain.
 ##
 ## verify_time: Time for the validity check of the certificates.
 ##
-## Returns: A record of type X509::Result containing the result code of the verify
-##          operation.
+## Returns: A record of type X509::Result containing the result code of the
+##          verify operation.
 ##
 ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
 ##              x509_ext_subject_alternative_name x509_parse
@ -377,12 +377,13 @@ x509_ocsp_cleanup:
 ##        the given certificate against the root store given in *root_certs*.
 ##        The host certificate has to be at index 0.
 ##
-## root_certs: A list of root certificates to validate the certificate chain
+## root_certs: A list of root certificates to validate the certificate chain.
 ##
 ## verify_time: Time for the validity check of the certificates.
 ##
-## Returns: A record of type X509::Result containing the result code of the verify
-##          operation. In case of success also returns the full certificate chain.
+## Returns: A record of type X509::Result containing the result code of the
+##          verify operation. In case of success also returns the full
+##          certificate chain.
 ##
 ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
 ##              x509_ext_subject_alternative_name x509_parse
--- a/testing/btest/btest.cfg
+++ b/testing/btest/btest.cfg
@ -8,7 +8,6 @@ PartFinalizer   = btest-diff-rst

 [environment]
 BROPATH=`bash -c %(testbase)s/../../build/bro-path-dev`
-BROMAGIC=%(testbase)s/../../magic/database
 BRO_SEED_FILE=%(testbase)s/random.seed
 TZ=UTC
 LC_ALL=C
--- a/testing/external/subdir-btest.cfg
+++ b/testing/external/subdir-btest.cfg
@ -7,7 +7,6 @@ IgnoreFiles = *.tmp *.swp #* *.trace .gitignore *.skeleton

 [environment]
 BROPATH=`bash -c %(testbase)s/../../../build/bro-path-dev`:%(testbase)s/../scripts
-BROMAGIC=%(testbase)s/../../../magic/database
 BRO_SEED_FILE=%(testbase)s/../random.seed
 TZ=UTC
 LC_ALL=C