Merge remote-tracking branch 'origin/topic/johanna/config'

Closes BIT-1900.

* origin/topic/johanna/config:
  Use port_mgr->Get() in the input framework config changes.
  Allow the empty field separator to be empty; use in config framework.
  Fix small bug in config reader.
  Fix segmentation fault when parsing sets containing invalid elements.
  Add config framework.

CHANGES

@@ -1,5 +1,13 @@
 
-2.5-437 | 2018-02-06 16:56:00 -0800
+2.5-444 | 2018-02-06 17:11:26 -0800
+
+  * Add new configuration framework for dynamically changing script
+    options at runtime. See NEWS for more. (Corelight)
+
+  * Allow the empty field separator to be empty when reading through
+    the input frameworkk. (Corelight)
+
+2.5-435 | 2018-02-06 08:40:38 -0800
 
   * BIT-1854: Improve reassembly overlap checking. (Corelight)
 

NEWS

@@ -11,6 +11,93 @@ Bro 2.6 (in progress)
 New Functionality
 -----------------
 
+- Bro now comes with a new "configuration framework" that allows
+  updating script options dynamically at runtime. This functionality
+  consists of three larger pieces working together:
+
+  - Option variables: The new "option" keyword allows variables to be
+    declared as runtime options. Such variables cannot be changed
+    using normal assignments. Instead, they can be changed using the
+    new function Option::set.
+
+    It is possible to "subscribe" to option through
+    Option::set_change_handler, which will trigger a handler callback
+    when an option changes. Change handlers can optionally modify
+    values before they are applied by returning the desired value, or
+    reject updates by returning the old value. Priorities can be
+    specified if there are several handlers for one option.
+
+    Example script:
+
+        option testbool: bool = T;
+
+        function option_changed(ID: string, new_value: bool): bool
+            {
+            print fmt("Value of %s changed from %s to %s", ID, testbool, new_value);
+            return new_value;
+            }
+
+        event bro_init()
+            {
+            print "Old value", testbool;
+            Option::set_change_handler("testbool", option_changed);
+            Option::set("testbool", F);
+            print "New value", testbool;
+            }
+
+  - Script-level configuration framework: The new script framework
+    base/framework/config facilitates reading in new option values
+    from external files at runtime. The format for these files looks
+    like this:
+
+        [option name][tab/spaces][new variable value]
+
+    Configuration files to read can be specified by adding them to
+    Config::config_files.
+
+    Usage example:
+
+        redef Config::config_files += { "/path/to/config.dat" };
+
+        module TestConfig;
+
+        export {
+            option testbool: bool = F;
+        }
+
+    The specified file will now monitored contionoulsy for changes, so
+    that writing "testbool T" into /path/to/config.dat will
+    automatically update the option's value accordingly.
+
+    The configutation framework creates a config.log that shows all
+    value changes that took place.
+
+  - Config reader: Internally, the configuration framework use a new
+    type of input reader to read such configuration files into Bro.
+    The reader uses the option name to look up the type that variable
+    has, converts the read value to the correct type, and then updates
+    the option's value. Example script use:
+
+    type Idx: record {
+        option_name: string;
+    };
+
+    type Val: record {
+        option_val: string;
+    };
+
+    global currconfig: table[string] of string = table();
+
+    event InputConfig::new_value(name: string, source: string, id: string, value: any)
+        {
+        print id, value;
+        }
+
+    event bro_init()
+        {
+        Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
+        }
+
 - Support for OCSP and Signed Certificate Timestamp. This adds the
   following events and BIFs:
 

VERSION

@@ -1 +1 @@
-2.5-437
+2.5-444

doc/script-reference/log-files.rst

@@ -14,6 +14,8 @@ Network Protocols
 +============================+=======================================+=================================+
 | conn.log                   | TCP/UDP/ICMP connections              | :bro:type:`Conn::Info`          |
 +----------------------------+---------------------------------------+---------------------------------+
+| config.log                 | Configuration option changes          | :bro:type:`Config::Info`        |
++----------------------------+---------------------------------------+---------------------------------+
 | dce_rpc.log                | Distributed Computing Environment/RPC | :bro:type:`DCE_RPC::Info`       |
 +----------------------------+---------------------------------------+---------------------------------+
 | dhcp.log                   | DHCP leases                           | :bro:type:`DHCP::Info`          |

scripts/base/frameworks/config/README

@@ -0,0 +1,2 @@
+The configuration famework provides a way to change the Bro configuration
+in "option" values at run-time.

scripts/base/frameworks/config/__load__.bro

@@ -0,0 +1,2 @@
+@load ./main
+@load ./input

scripts/base/frameworks/config/input.bro

@@ -0,0 +1,75 @@
+##! File input for the configuration framework using the input framework.
+
+@load ./main
+@load base/frameworks/cluster
+
+module Config;
+
+export {
+	## Configuration files that will be read off disk. Files are reread
+	## every time they are updated so updates should be atomic with "mv"
+	## instead of writing the file in place.
+	##
+	## If the same configuration option is defined in several files with
+	## different values, behavior is unspecified.
+	const config_files: set[string] = {} &redef;
+
+	## Read specified configuration file and apply values; updates to file
+	## are not tracked.
+	global read_config: function(filename: string);
+}
+
+global current_config: table[string] of string = table();
+
+type ConfigItem: record {
+	option_nv: string;
+};
+
+type EventFields: record {
+	option_name: string;
+	option_val: string;
+};
+
+event config_line(description: Input::EventDescription, tpe: Input::Event, p: EventFields)
+	{
+	}
+
+event bro_init() &priority=5
+	{
+	if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+		return;
+
+	for ( fi in config_files )
+		Input::add_table([$reader=Input::READER_CONFIG,
+			$mode=Input::REREAD,
+			$source=fi,
+			$name=cat("config-", fi),
+			$idx=ConfigItem,
+			$val=ConfigItem,
+			$want_record=F,
+			$destination=current_config]);
+	}
+
+event InputConfig::new_value(name: string, source: string, id: string, value: any)
+	{
+	if ( sub_bytes(name, 1,  15) != "config-oneshot-" && source !in config_files )
+		return;
+	
+	Option::set(id, value, source);
+	}
+
+function read_config(filename: string)
+	{
+	if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+		return;
+
+	local iname = cat("config-oneshot-", filename);
+
+	Input::add_event([$reader=Input::READER_CONFIG,
+		$mode=Input::MANUAL,
+		$source=filename,
+		$name=iname,
+		$fields=EventFields,
+		$ev=config_line]);
+	Input::remove(iname);
+	}

scripts/base/frameworks/config/main.bro

@@ -0,0 +1,77 @@
+##! The configuration framework provides a way to change Bro options
+##! (as specified by the option keyword) at runtime. It also logs runtime changes
+##! to options to config.log.
+
+module Config;
+
+export {
+	## The config logging stream identifier.
+	redef enum Log::ID += { LOG };
+
+	## Represents the data in config.log.
+	type Info: record {
+		## Timestamp at which the configuration change occured.
+		ts: time &log;
+		## ID of the value that was changed.
+		id: string &log;
+		## Value before the change.
+		old_value: string &log;
+		## Value after the change.
+		new_value: string &log;
+		## Optional location that triggered the change.
+		location: string &optional &log;
+	};
+
+	## Event that can be handled to access the :bro:type:`Config::Info`
+	## record as it is sent on to the logging framework.
+	global log_config: event(rec: Info);
+}
+
+function format_value(value: any) : string
+	{
+	local tn = type_name(value);
+	local part: string_vec = vector();
+	if ( /^set/ in tn )
+		{
+		local it: set[bool] = value;
+		for ( sv in it )
+			part[|part|] = cat(sv);
+		return join_string_vec(part, ",");
+		}
+	else if ( /^vector/ in tn )
+		{
+		local vit: vector of any = value;
+		for ( i in vit )
+			part[|part|] = cat(vit[i]);
+		return join_string_vec(part, ",");
+		}
+	else if ( tn == "string" )
+		return value;
+
+	return cat(value);
+	}
+
+function config_option_changed(ID: string, new_value: any, location: string): any
+	{
+	local log = Info($ts=network_time(), $id=ID, $old_value=format_value(lookup_ID(ID)), $new_value=format_value(new_value));
+	if ( location != "" )
+		log$location = location;
+	Log::write(LOG, log);
+	return new_value;
+	}
+
+event bro_init() &priority=10
+	{
+	Log::create_stream(LOG, [$columns=Info, $ev=log_config, $path="config"]);
+
+	# Iterate over all existing options and add ourselves as change handlers with
+	# a low priority so that we can log the changes.
+	local gids = global_ids();
+	for ( i in gids )
+		{
+		if ( ! gids[i]$option_value )
+			next;
+
+		Option::set_change_handler(i, config_option_changed, -100);
+		}
+	}

scripts/base/frameworks/input/__load__.bro

@@ -3,4 +3,5 @@
 @load ./readers/raw
 @load ./readers/benchmark
 @load ./readers/binary
+@load ./readers/config
 @load ./readers/sqlite

scripts/base/frameworks/input/readers/ascii.bro

@@ -9,7 +9,7 @@ export {
 	## Please note that the separator has to be exactly one character long.
 	const separator = Input::separator &redef;
 
-	## Separator between set elements.
+	## Separator between set and vector elements.
 	## Please note that the separator has to be exactly one character long.
 	const set_separator = Input::set_separator &redef;
 

scripts/base/frameworks/input/readers/config.bro

@@ -0,0 +1,44 @@
+##! Interface for the config input reader.
+
+module InputConfig;
+
+export {
+	## Separator between set and vector elements.
+	## Please note that the separator has to be exactly one character long.
+	const set_separator = Input::set_separator &redef;
+
+	## String to use for empty fields.
+	## By default this is the empty string, meaning that an empty input field
+	## will result in an empty set.
+	const empty_field = "" &redef;
+
+	## Fail on file read problems. If set to true, the config
+	## input reader will fail when encountering any problems
+	## while reading a file different from invalid lines.
+	## Examples of such problems are permission problems, or
+	## missing files.
+	## When set to false, these problems will be ignored. This
+	## has an especially big effect for the REREAD mode, which will
+	## seamlessly recover from read errors when a file is
+	## only temporarily inaccessible. For MANUAL or STREAM files,
+	## errors will most likely still be fatal since no automatic
+	## re-reading of the file is attempted.
+	## Individual readers can use a different value using
+	## the $config table.
+	const fail_on_file_problem = F &redef;
+
+	## Event that is called when a config option is added or changes.
+	##
+	## Note - this does not track the reason for a change (new, changed),
+	## and also does not track removals. If you need this, combine the event
+	## with a table reader.
+	##
+	## name: name of the input stream.
+	##
+	## source: source of the input stream.
+	##
+	## id: ID of the configuration option being set.
+	##
+	## value: new value of the configuration option being set.
+	global new_value: event(name: string, source: string, id: string, value: any);
+}

scripts/base/init-bare.bro

@@ -631,6 +631,7 @@ type script_id: record {
 	exported: bool;	##< True if the identifier is exported.
 	constant: bool;	##< True if the identifier is a constant.
 	enum_constant: bool;	##< True if the identifier is an enum value.
+	option_value: bool;	##< True if the identifier is an option.
 	redefinable: bool;	##< True if the identifier is declared with the :bro:attr:`&redef` attribute.
 	value: any &optional;	##< The current value of the identifier.
 };

scripts/base/init-default.bro

@@ -36,6 +36,7 @@
 @load base/frameworks/control
 @load base/frameworks/cluster
 @load base/frameworks/intel
+@load base/frameworks/config
 @load base/frameworks/reporter
 @load base/frameworks/sumstats
 @load base/frameworks/tunnels

src/CMakeLists.txt

@@ -124,6 +124,7 @@ set(BIF_SRCS
     types.bif
     strings.bif
     reporter.bif
+    option.bif
 )
 
 foreach (bift ${BIF_SRCS})

src/Expr.cc

@@ -283,6 +283,9 @@ Expr* NameExpr::MakeLvalue()
 	if ( id->IsConst() && ! in_const_init )
 		ExprError("const is not a modifiable lvalue");
 
+	if ( id->IsOption() && ! in_const_init )
+		ExprError("option is not a modifiable lvalue");
+
 	return new RefExpr(this);
 	}
 

src/Func.cc

@@ -647,11 +647,13 @@ void builtin_error(const char* msg, BroObj* arg)
 #include "stats.bif.func_h"
 #include "reporter.bif.func_h"
 #include "strings.bif.func_h"
+#include "option.bif.func_h"
 
 #include "bro.bif.func_def"
 #include "stats.bif.func_def"
 #include "reporter.bif.func_def"
 #include "strings.bif.func_def"
+#include "option.bif.func_def"
 
 #include "__all__.bif.cc" // Autogenerated for compiling in the bif_target() code.
 #include "__all__.bif.register.cc" // Autogenerated for compiling in the bif_target() code.
@@ -676,6 +678,7 @@ void init_builtin_funcs()
 #include "stats.bif.func_init"
 #include "reporter.bif.func_init"
 #include "strings.bif.func_init"
+#include "option.bif.func_init"
 
 	did_builtin_init = true;
 	}

src/ID.cc

@@ -21,12 +21,13 @@ ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export)
 	name = copy_string(arg_name);
 	scope = arg_scope;
 	is_export = arg_is_export;
+	is_option = false;
 	type = 0;
 	val = 0;
 	attrs = 0;
-	is_const = 0;
-	is_enum_const = 0;
-	is_type = 0;
+	is_const = false;
+	is_enum_const = false;
+	is_type = false;
 	offset = 0;
 
 	infer_return_type = false;
@@ -41,6 +42,9 @@ ID::~ID()
 	Unref(type);
 	Unref(attrs);
 
+	for ( auto element : option_handlers )
+		Unref(element.second);
+
 	if ( ! weak_ref )
 		Unref(val);
 	}
@@ -772,3 +776,18 @@ void ID::UpdateValID()
 	}
 #endif
 
+void ID::AddOptionHandler(Func* callback, int priority)
+	{
+	option_handlers.insert({priority, callback});
+	}
+
+vector<Func*> ID::GetOptionHandlers() const
+	{
+	// multimap is sorted
+	// It might be worth caching this if we expect it to be called
+	// a lot...
+	vector<Func*> v;
+	for ( auto& element : option_handlers )
+		v.push_back(element.second);
+	return std::move(v);
+	}

src/ID.h

@@ -11,6 +11,7 @@
 
 class Val;
 class SerialInfo;
+class Func;
 
 typedef enum { INIT_NONE, INIT_FULL, INIT_EXTRA, INIT_REMOVE, } init_class;
 typedef enum { SCOPE_FUNCTION, SCOPE_MODULE, SCOPE_GLOBAL } IDScope;
@@ -34,7 +35,7 @@ public:
 	BroType* Type()			{ return type; }
 	const BroType* Type() const	{ return type; }
 
-	void MakeType()			{ is_type = 1; }
+	void MakeType()			{ is_type = true; }
 	BroType* AsType()		{ return is_type ? Type() : 0; }
 	const BroType* AsType() const	{ return is_type ? Type() : 0; }
 
@@ -51,21 +52,24 @@ public:
 	void SetVal(Val* v, init_class c);
 	void SetVal(Expr* ev, init_class c);
 
-	int HasVal() const		{ return val != 0; }
+	bool HasVal() const		{ return val != 0; }
 	Val* ID_Val()			{ return val; }
 	const Val* ID_Val() const	{ return val; }
 	void ClearVal();
 
-	void SetConst()			{ is_const = 1; }
-	int IsConst() const		{ return is_const; }
+	void SetConst()			{ is_const = true; }
+	bool IsConst() const		{ return is_const; }
 
-	void SetEnumConst()		{ is_enum_const = 1; }
-	int IsEnumConst() const		{ return is_enum_const; }
+	void SetOption()			{ is_option = true; }
+	bool IsOption() const		{ return is_option; }
+
+	void SetEnumConst()		{ is_enum_const = true; }
+	bool IsEnumConst() const		{ return is_enum_const; }
 
 	void SetOffset(int arg_offset)	{ offset = arg_offset; }
 	int Offset() const		{ return offset; }
 
-	int IsRedefinable() const	{ return FindAttr(ATTR_REDEF) != 0; }
+	bool IsRedefinable() const	{ return FindAttr(ATTR_REDEF) != 0; }
 
 	// Returns true if ID is one of those internal globally unique IDs
 	// to which MutableVals are bound (there name start with a '#').
@@ -97,12 +101,20 @@ public:
 	bool Serialize(SerialInfo* info) const;
 	static ID* Unserialize(UnserialInfo* info);
 
-	bool DoInferReturnType()        { return infer_return_type; }
+	bool DoInferReturnType() const
+		{ return infer_return_type; }
 	void SetInferReturnType(bool infer)
 		{ infer_return_type = infer; }
 
 	virtual TraversalCode Traverse(TraversalCallback* cb) const;
 
+	bool HasOptionHandlers() const
+		{ return !option_handlers.empty(); }
+
+	// Takes ownership of callback.
+	void AddOptionHandler(Func* callback, int priority);
+	vector<Func*> GetOptionHandlers() const;
+
 protected:
 	ID()	{ name = 0; type = 0; val = 0; attrs = 0; }
 
@@ -119,10 +131,12 @@ protected:
 	IDScope scope;
 	bool is_export;
 	BroType* type;
-	int is_const, is_enum_const, is_type;
+	bool is_const, is_enum_const, is_type, is_option;
 	int offset;
 	Val* val;
 	Attributes* attrs;
+	// contains list of functions that are called when an option changes
+	std::multimap<int, Func*> option_handlers;
 
 	bool infer_return_type;
 	bool weak_ref;

src/Var.cc

@@ -139,7 +139,12 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init,
 		{
 		if ( dt == VAR_CONST )
 			{
-			id->Error("&persistant/synchronized with constant");
+			id->Error("&persistent/synchronized with constant");
+			return;
+			}
+		else if ( dt == VAR_OPTION )
+			{
+			id->Error("&persistent/synchronized with option");
 			return;
 			}
 
@@ -207,6 +212,14 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init,
 		id->SetConst();
 		}
 
+	if ( dt == VAR_OPTION )
+		{
+		if ( ! init )
+			id->Error("option variable must be initialized");
+
+		id->SetOption();
+		}
+
 	id->UpdateValAttrs();
 
 	if ( t && t->Tag() == TYPE_FUNC &&

src/Var.h

@@ -10,7 +10,7 @@
 class Func;
 class EventHandlerPtr;
 
-typedef enum { VAR_REGULAR, VAR_CONST, VAR_REDEF, } decl_type;
+typedef enum { VAR_REGULAR, VAR_CONST, VAR_REDEF, VAR_OPTION, } decl_type;
 
 extern void add_global(ID* id, BroType* t, init_class c, Expr* init,
 			attr_list* attr, decl_type dt);

src/bro.bif

@@ -1799,13 +1799,14 @@ function global_ids%(%): id_table
 		rec->Assign(1, new Val(id->IsExport(), TYPE_BOOL));
 		rec->Assign(2, new Val(id->IsConst(), TYPE_BOOL));
 		rec->Assign(3, new Val(id->IsEnumConst(), TYPE_BOOL));
-		rec->Assign(4, new Val(id->IsRedefinable(), TYPE_BOOL));
+		rec->Assign(4, new Val(id->IsOption(), TYPE_BOOL));
+		rec->Assign(5, new Val(id->IsRedefinable(), TYPE_BOOL));
 
 		if ( id->HasVal() )
 			{
 			Val* val = id->ID_Val();
 			Ref(val);
-			rec->Assign(5, val);
+			rec->Assign(6, val);
 			}
 
 		Val* id_name = new StringVal(id->Name());

src/broxygen/ScriptInfo.cc

@@ -160,7 +160,7 @@ ScriptInfo::ScriptInfo(const string& arg_name, const string& arg_path)
       name(arg_name), path(arg_path),
       is_pkg_loader(SafeBasename(name).result == PACKAGE_LOADER),
       dependencies(), module_usages(), comments(), id_info(),
-      options(), constants(), state_vars(), types(), events(), hooks(),
+      redef_options(), constants(), state_vars(), types(), events(), hooks(),
       functions(), redefs()
 	{
 	}
@@ -219,9 +219,9 @@ void ScriptInfo::DoInitPostScript()
 			{
 			if ( id->FindAttr(ATTR_REDEF) )
 				{
-				DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as an option",
+				DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a redef_option",
 				        id->Name(), name.c_str());
-				options.push_back(info);
+				redef_options.push_back(info);
 				}
 			else
 				{
@@ -232,6 +232,14 @@ void ScriptInfo::DoInitPostScript()
 
 			continue;
 			}
+		else if ( id->IsOption() )
+			{
+			DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as an runtime option",
+							id->Name(), name.c_str());
+			options.push_back(info);
+
+			continue;
+			}
 
 		if ( id->Type()->Tag() == TYPE_ENUM )
 			// Enums are always referenced/documented from the type's
@@ -309,7 +317,8 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const
 	rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str());
 	rval += "\n";
 	rval += broxygen::make_heading("Summary", '~');
-	rval += make_summary("Options", '#', '=', options);
+	rval += make_summary("Runtime Options", '#', '=', options);
+	rval += make_summary("Redefinable Options", '#', '=', redef_options);
 	rval += make_summary("Constants", '#', '=', constants);
 	rval += make_summary("State Variables", '#', '=', state_vars);
 	rval += make_summary("Types", '#', '=', types);
@@ -319,7 +328,8 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const
 	rval += make_summary("Functions", '#', '=', functions);
 	rval += "\n";
 	rval += broxygen::make_heading("Detailed Interface", '~');
-	rval += make_details("Options", '#', options);
+	rval += make_details("Runtime Options", '#', options);
+	rval += make_details("Redefinable Options", '#', redef_options);
 	rval += make_details("Constants", '#', constants);
 	rval += make_details("State Variables", '#', state_vars);
 	rval += make_details("Types", '#', types);

src/broxygen/ScriptInfo.h

@@ -108,6 +108,7 @@ private:
 	string_set module_usages;
 	std::vector<std::string> comments;
 	id_info_map id_info;
+	id_info_list redef_options;
 	id_info_list options;
 	id_info_list constants;
 	id_info_list state_vars;

src/input/Manager.cc

@@ -711,7 +711,7 @@ bool Manager::CreateTableStream(RecordVal* fval)
 	return true;
 	}
 
-bool Manager::CheckErrorEventTypes(std::string stream_name, Func* ev, bool table)
+bool Manager::CheckErrorEventTypes(std::string stream_name, const Func* ev, bool table) const
 	{
 	if ( ev == nullptr )
 		return true;
@@ -899,7 +899,7 @@ bool Manager::RemoveStreamContinuation(ReaderFrontend* reader)
 	}
 
 bool Manager::UnrollRecordType(vector<Field*> *fields, const RecordType *rec,
-			       const string& nameprepend, bool allow_file_func)
+			       const string& nameprepend, bool allow_file_func) const
 	{
 	for ( int i = 0; i < rec->NumFields(); i++ )
 		{
@@ -1007,7 +1007,7 @@ bool Manager::ForceUpdate(const string &name)
 }
 
 
-Val* Manager::RecordValToIndexVal(RecordVal *r)
+Val* Manager::RecordValToIndexVal(RecordVal *r) const
 	{
 	Val* idxval;
 
@@ -1032,7 +1032,7 @@ Val* Manager::RecordValToIndexVal(RecordVal *r)
 	}
 
 
-Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType *type, const Value* const *vals, bool& have_error)
+Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType *type, const Value* const *vals, bool& have_error) const
 	{
 	Val* idxval;
 	int position = 0;
@@ -1810,7 +1810,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals)
 	return success;
 	}
 
-bool Manager::CallPred(Func* pred_func, const int numvals, ...)
+bool Manager::CallPred(Func* pred_func, const int numvals, ...) const
 	{
 	bool result = false;
 	val_list vl(numvals);
@@ -1835,7 +1835,7 @@ bool Manager::CallPred(Func* pred_func, const int numvals, ...)
 // Raise everything in here as warnings so it is passed to scriptland without
 // looking "fatal". In addition to these warnings, ReaderBackend will queue
 // one reporter message.
-bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, Value* *vals)
+bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, Value* *vals) const
 	{
 	Stream *i = FindStream(reader);
 	if ( i == 0 )
@@ -1871,7 +1871,15 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu
 
 	val_list* vl = new val_list;
 	for ( int j = 0; j < num_vals; j++)
-		vl->append(ValueToVal(i, vals[j], type->FieldType(j), convert_error));
+		{
+		Val* v = ValueToVal(i, vals[j], convert_error);
+		vl->append(v);
+		if ( v && ! convert_error && ! same_type(type->FieldType(j), v->Type()) )
+			{
+			convert_error = true;
+			type->FieldType(j)->Error("SendEvent types do not match", v->Type());
+			}
+		}
 
 	delete_value_ptr_array(vals, num_vals);
 
@@ -1886,7 +1894,7 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu
 	return true;
 }
 
-void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...)
+void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...) const
 	{
 	val_list* vl = new val_list;
 
@@ -1905,7 +1913,7 @@ void Manager::SendEvent(EventHandlerPtr ev, const int numvals, ...)
 	mgr.QueueEvent(ev, vl, SOURCE_LOCAL);
 	}
 
-void Manager::SendEvent(EventHandlerPtr ev, list<Val*> events)
+void Manager::SendEvent(EventHandlerPtr ev, list<Val*> events) const
 	{
 	val_list* vl = new val_list;
 
@@ -1924,7 +1932,7 @@ void Manager::SendEvent(EventHandlerPtr ev, list<Val*> events)
 
 // Convert a bro list value to a bro record value.
 // I / we could think about moving this functionality to val.cc
-RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type, int* position)
+RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type, int* position) const
 	{
 	assert(position != 0 ); // we need the pointer to point to data;
 
@@ -1954,7 +1962,7 @@ RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type,
 
 // Convert a threading value to a record value
 RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *vals,
-	                             RecordType *request_type, int* position, bool& have_error)
+	                             RecordType *request_type, int* position, bool& have_error) const
 	{
 	assert(position != 0); // we need the pointer to point to data.
 
@@ -1991,7 +1999,8 @@ RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *v
 
 // Count the length of the values used to create a correct length buffer for
 // hashing later
-int Manager::GetValueLength(const Value* val) {
+int Manager::GetValueLength(const Value* val) const
+	{
 	assert( val->present ); // presence has to be checked elsewhere
 	int length = 0;
 
@@ -2081,7 +2090,7 @@ int Manager::GetValueLength(const Value* val) {
 
 // Given a threading::value, copy the raw data bytes into *data and return how many bytes were copied.
 // Used for hashing the values for lookup in the bro table
-int Manager::CopyValue(char *data, const int startpos, const Value* val)
+int Manager::CopyValue(char *data, const int startpos, const Value* val) const
 	{
 	assert( val->present ); // presence has to be checked elsewhere
 
@@ -2205,7 +2214,7 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val)
 	}
 
 // Hash num_elements threading values and return the HashKey for them. At least one of the vals has to be ->present.
-HashKey* Manager::HashValues(const int num_elements, const Value* const *vals)
+HashKey* Manager::HashValues(const int num_elements, const Value* const *vals) const
 	{
 	int length = 0;
 
@@ -2251,19 +2260,19 @@ HashKey* Manager::HashValues(const int num_elements, const Value* const *vals)
 // have_error is a reference to a boolean which is set to true as soon as an error occured.
 // When have_error is set to true at the beginning of the function, it is assumed that
 // an error already occured in the past and processing is aborted.
-Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_type, bool& have_error)
+Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_type, bool& have_error) const
 	{
 	if ( have_error )
-		return 0;
+		return nullptr;
 
 	if ( request_type->Tag() != TYPE_ANY && request_type->Tag() != val->type )
 		{
 		reporter->InternalError("Typetags don't match: %d vs %d in stream %s", request_type->Tag(), val->type, i->name.c_str());
-		return 0;
+		return nullptr;
 		}
 
 	if ( !val->present )
-		return 0; // unset field
+		return nullptr; // unset field
 
 	switch ( val->type ) {
 	case TYPE_BOOL:
@@ -2312,7 +2321,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
 
 	case TYPE_SUBNET:
 		{
-		IPAddr* addr = 0;
+		IPAddr* addr = nullptr;
 		switch ( val->val.subnet_val.prefix.family ) {
 		case IPv4:
 			addr = new IPAddr(val->val.subnet_val.prefix.in.in4);
@@ -2359,7 +2368,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
 		VectorVal* v = new VectorVal(vt);
 		for ( int j = 0; j < val->val.vector_val.size; j++ )
 			{
-			v->Assign(j, ValueToVal(i, val->val.set_val.vals[j], type, have_error));
+			v->Assign(j, ValueToVal(i, val->val.vector_val.vals[j], type, have_error));
 			}
 
 		Unref(vt);
@@ -2384,7 +2393,7 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
 			                        enum_string.c_str(), i->name.c_str());
 
 			have_error = true;
-			return 0;
+			return nullptr;
 			}
 
 		return new EnumVal(index, request_type->Ref()->AsEnumType());
@@ -2398,9 +2407,178 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ
 	return NULL;
 	}
 
-Manager::Stream* Manager::FindStream(const string &name)
+Val* Manager::ValueToVal(const Stream* i, const Value* val, bool& have_error) const
 	{
-	for ( map<ReaderFrontend*, Stream*>::iterator s = readers.begin(); s != readers.end(); ++s )
+	if ( have_error )
+		return nullptr;
+
+	if ( ! val->present )
+		return nullptr; // unset field
+
+	switch ( val->type ) {
+	case TYPE_BOOL:
+	case TYPE_INT:
+		return new Val(val->val.int_val, val->type);
+		break;
+
+	case TYPE_COUNT:
+	case TYPE_COUNTER:
+		return new Val(val->val.uint_val, val->type);
+
+	case TYPE_DOUBLE:
+	case TYPE_TIME:
+	case TYPE_INTERVAL:
+		return new Val(val->val.double_val, val->type);
+
+	case TYPE_STRING:
+		{
+		BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 1);
+		return new StringVal(s);
+		}
+
+	case TYPE_PORT:
+		return port_mgr->Get(val->val.port_val.port, val->val.port_val.proto);
+
+	case TYPE_ADDR:
+		{
+		IPAddr* addr = 0;
+		switch ( val->val.addr_val.family ) {
+		case IPv4:
+			addr = new IPAddr(val->val.addr_val.in.in4);
+			break;
+
+		case IPv6:
+			addr = new IPAddr(val->val.addr_val.in.in6);
+			break;
+
+		default:
+			assert(false);
+		}
+
+		AddrVal* addrval = new AddrVal(*addr);
+		delete addr;
+		return addrval;
+		}
+
+	case TYPE_SUBNET:
+		{
+		IPAddr* addr = nullptr;
+		switch ( val->val.subnet_val.prefix.family ) {
+		case IPv4:
+			addr = new IPAddr(val->val.subnet_val.prefix.in.in4);
+			break;
+
+		case IPv6:
+			addr = new IPAddr(val->val.subnet_val.prefix.in.in6);
+			break;
+
+		default:
+			assert(false);
+		}
+
+		SubNetVal* subnetval = new SubNetVal(*addr, val->val.subnet_val.length);
+		delete addr;
+		return subnetval;
+		}
+
+	case TYPE_TABLE:
+		{
+		TypeList* set_index;
+		if ( val->val.set_val.size == 0 && val->subtype == TYPE_VOID )
+			// don't know type - unspecified table.
+			set_index = new TypeList();
+		else
+			{
+			// all entries have to have the same type...
+			TypeTag stag = val->subtype;
+			if ( stag == TYPE_VOID )
+				TypeTag stag = val->val.set_val.vals[0]->type;
+
+			set_index = new TypeList(base_type(stag)->Ref());
+			set_index->Append(base_type(stag)->Ref());
+			}
+
+		SetType* s = new SetType(set_index, 0);
+		TableVal* t = new TableVal(s);
+		for ( int j = 0; j < val->val.set_val.size; j++ )
+			{
+			Val* assignval = ValueToVal(i, val->val.set_val.vals[j], have_error);
+
+			t->Assign(assignval, 0);
+			Unref(assignval); // index is not consumed by assign.
+			}
+
+		Unref(s);
+		return t;
+		}
+
+	case TYPE_VECTOR:
+		{
+		BroType* type;
+		if ( val->val.vector_val.size == 0  && val->subtype == TYPE_VOID )
+			// don't know type - unspecified table.
+			type = base_type(TYPE_ANY);
+		else
+			{
+			// all entries have to have the same type...
+			if ( val->subtype == TYPE_VOID )
+				type = base_type(val->val.vector_val.vals[0]->type);
+			else
+				type = base_type(val->subtype);
+			}
+
+		VectorType* vt = new VectorType(type->Ref());
+		VectorVal* v = new VectorVal(vt);
+		for ( int j = 0; j < val->val.vector_val.size; j++ )
+			{
+			v->Assign(j, ValueToVal(i, val->val.vector_val.vals[j], have_error));
+			}
+
+		Unref(vt);
+		return v;
+		}
+
+	case TYPE_ENUM: {
+		// Convert to string first to not have to deal with missing
+		// \0's...
+		string enum_string(val->val.string_val.data, val->val.string_val.length);
+
+		// let's try looking it up by global ID.
+		ID* id = lookup_ID(enum_string.c_str(), GLOBAL_MODULE_NAME);
+		if ( ! id || ! id->IsEnumConst() )
+			{
+			Warning(i, "Value '%s' for stream '%s' is not a valid enum.",
+			                        enum_string.c_str(), i->name.c_str());
+
+			have_error = true;
+			return nullptr;
+			}
+
+		EnumType* t = id->Type()->AsEnumType();
+		int intval = t->Lookup(id->ModuleName(), id->Name());
+		if ( intval < 0 )
+			{
+			Warning(i, "Enum value '%s' for stream '%s' not found.",
+			                        enum_string.c_str(), i->name.c_str());
+
+			have_error = true;
+			return nullptr;
+			}
+
+		return new EnumVal(intval, t);
+		}
+
+	default:
+		reporter->InternalError("Unsupported type for input_read in stream %s", i->name.c_str());
+	}
+
+	assert(false);
+	return NULL;
+	}
+
+Manager::Stream* Manager::FindStream(const string &name) const
+	{
+	for ( auto s = readers.begin(); s != readers.end(); ++s )
 		{
 		if ( (*s).second->name  == name )
 			return (*s).second;
@@ -2409,9 +2587,9 @@ Manager::Stream* Manager::FindStream(const string &name)
 	return 0;
 	}
 
-Manager::Stream* Manager::FindStream(ReaderFrontend* reader)
+Manager::Stream* Manager::FindStream(ReaderFrontend* reader) const
 	{
-	map<ReaderFrontend*, Stream*>::iterator s = readers.find(reader);
+	auto s = readers.find(reader);
 	if ( s != readers.end() )
 		return s->second;
 
@@ -2433,7 +2611,7 @@ void Manager::Terminate()
 
 	}
 
-void Manager::Info(ReaderFrontend* reader, const char* msg)
+void Manager::Info(ReaderFrontend* reader, const char* msg) const
 	{
 	Stream *i = FindStream(reader);
 	if ( !i )
@@ -2445,7 +2623,7 @@ void Manager::Info(ReaderFrontend* reader, const char* msg)
 	ErrorHandler(i, ErrorType::INFO, false, "%s", msg);
 	}
 
-void Manager::Warning(ReaderFrontend* reader, const char* msg)
+void Manager::Warning(ReaderFrontend* reader, const char* msg) const
 	{
 	Stream *i = FindStream(reader);
 	if ( !i )
@@ -2457,7 +2635,7 @@ void Manager::Warning(ReaderFrontend* reader, const char* msg)
 	ErrorHandler(i, ErrorType::WARNING, false, "%s", msg);
 	}
 
-void Manager::Error(ReaderFrontend* reader, const char* msg)
+void Manager::Error(ReaderFrontend* reader, const char* msg) const
 	{
 	Stream *i = FindStream(reader);
 	if ( !i )
@@ -2469,7 +2647,7 @@ void Manager::Error(ReaderFrontend* reader, const char* msg)
 	ErrorHandler(i, ErrorType::ERROR, false, "%s", msg);
 	}
 
-void Manager::Info(const Stream* i, const char* fmt, ...)
+void Manager::Info(const Stream* i, const char* fmt, ...) const
 	{
 	va_list ap;
 	va_start(ap, fmt);
@@ -2477,7 +2655,7 @@ void Manager::Info(const Stream* i, const char* fmt, ...)
 	va_end(ap);
 	}
 
-void Manager::Warning(const Stream* i, const char* fmt, ...)
+void Manager::Warning(const Stream* i, const char* fmt, ...) const
 	{
 	va_list ap;
 	va_start(ap, fmt);
@@ -2485,7 +2663,7 @@ void Manager::Warning(const Stream* i, const char* fmt, ...)
 	va_end(ap);
 	}
 
-void Manager::Error(const Stream* i, const char* fmt, ...)
+void Manager::Error(const Stream* i, const char* fmt, ...) const
 	{
 	va_list ap;
 	va_start(ap, fmt);
@@ -2493,7 +2671,7 @@ void Manager::Error(const Stream* i, const char* fmt, ...)
 	va_end(ap);
 	}
 
-void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, ...)
+void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, ...) const
 	{
 	va_list ap;
 	va_start(ap, fmt);
@@ -2501,7 +2679,7 @@ void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, co
 	va_end(ap);
 	}
 
-void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, va_list ap)
+void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, va_list ap) const
 	{
 	char* buf;
 

src/input/Manager.h

@@ -98,6 +98,21 @@ public:
 	 */
 	void Terminate();
 
+	/**
+	 * Checks if a Bro type can be used for data reading. Note that
+	 * this function only applies to input streams; the logging framework
+	 * has an equivalent function; however we support logging of a wider
+	 * variety of types (e.g. functions).
+	 *
+	 * @param t The type to check.
+	 *
+	 * @param atomic_only Set to true to forbid non-atomic types
+	 *        (records/sets/vectors).
+	 *
+	 * @return True if the type is compatible with the input framework.
+	 */
+	static bool IsCompatibleType(BroType* t, bool atomic_only=false);
+
 protected:
 	friend class ReaderFrontend;
 	friend class PutMessage;
@@ -130,7 +145,7 @@ protected:
 	// Allows readers to directly send Bro events. The num_vals and vals
 	// must be the same the named event expects. Takes ownership of
 	// threading::Value fields.
-	bool SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, threading::Value* *vals);
+	bool SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, threading::Value* *vals) const;
 
 	// Instantiates a new ReaderBackend of the given type (note that
 	// doing so creates a new thread!).
@@ -147,9 +162,9 @@ protected:
 	// Signal Informational messages, warnings and errors. These will be
 	// passed to the error function in scriptland. Note that the messages
 	// are not passed to reporter - this is done in ReaderBackend.
-	void Info(ReaderFrontend* reader, const char* msg);
-	void Warning(ReaderFrontend* reader, const char* msg);
-	void Error(ReaderFrontend* reader, const char* msg);
+	void Info(ReaderFrontend* reader, const char* msg) const;
+	void Warning(ReaderFrontend* reader, const char* msg) const;
+	void Error(ReaderFrontend* reader, const char* msg) const;
 
 	/**
 	 * Deletes an existing input stream.
@@ -176,7 +191,7 @@ private:
 	// Check if the types of the error_ev event are correct. If table is
 	// true, check for tablestream type, otherwhise check for eventstream
 	// type.
-	bool CheckErrorEventTypes(std::string stream_name, Func* error_event, bool table);
+	bool CheckErrorEventTypes(std::string stream_name, const Func* error_event, bool table) const;
 
 	// SendEntry implementation for Table stream.
 	int SendEntryTable(Stream* i, const threading::Value* const *vals);
@@ -187,63 +202,63 @@ private:
 	// SendEntry and Put implementation for Event stream.
 	int SendEventStreamEvent(Stream* i, EnumVal* type, const threading::Value* const *vals);
 
-	// Checks that a Bro type can be used for data reading. The
-	// equivalend in threading cannot be used, because we have support
-	// different types from the log framework
-	bool IsCompatibleType(BroType* t, bool atomic_only=false);
 	// Check if a record is made up of compatible types and return a list
 	// of all fields that are in the record in order. Recursively unrolls
 	// records
-	bool UnrollRecordType(vector<threading::Field*> *fields, const RecordType *rec, const string& nameprepend, bool allow_file_func);
+	bool UnrollRecordType(vector<threading::Field*> *fields, const RecordType *rec, const string& nameprepend, bool allow_file_func) const;
 
 	// Send events
-	void SendEvent(EventHandlerPtr ev, const int numvals, ...);
-	void SendEvent(EventHandlerPtr ev, list<Val*> events);
+	void SendEvent(EventHandlerPtr ev, const int numvals, ...) const;
+	void SendEvent(EventHandlerPtr ev, list<Val*> events) const;
 
 	// Implementation of SendEndOfData (send end_of_data event).
 	void SendEndOfData(const Stream *i);
 
 	// Call predicate function and return result.
-	bool CallPred(Func* pred_func, const int numvals, ...);
+	bool CallPred(Func* pred_func, const int numvals, ...) const;
 
 	// Get a hashkey for a set of threading::Values.
-	HashKey* HashValues(const int num_elements, const threading::Value* const *vals);
+	HashKey* HashValues(const int num_elements, const threading::Value* const *vals) const;
 
 	// Get the memory used by a specific value.
-	int GetValueLength(const threading::Value* val);
+	int GetValueLength(const threading::Value* val) const;
 
 	// Copies the raw data in a specific threading::Value to position
 	// startpos.
-	int CopyValue(char *data, const int startpos, const threading::Value* val);
+	int CopyValue(char *data, const int startpos, const threading::Value* val) const;
 
 	// Convert Threading::Value to an internal Bro Type (works also with
 	// Records).
-	Val* ValueToVal(const Stream* i, const threading::Value* val, BroType* request_type, bool& have_error);
+	Val* ValueToVal(const Stream* i, const threading::Value* val, BroType* request_type, bool& have_error) const;
 
-	// Convert Threading::Value to an internal Bro List type.
-	Val* ValueToIndexVal(const Stream* i, int num_fields, const RecordType* type, const threading::Value* const *vals, bool& have_error);
+	// Convert Threading::Value to an internal Bro type just using the information given in the threading::Value.
+	// This allows more flexibility, especially given structures in script-land that contain any types.
+	Val* ValueToVal(const Stream* i, const threading::Value* val, bool& have_error) const;
+
+	// Convert Threading::Value to an internal Bro list type.
+	Val* ValueToIndexVal(const Stream* i, int num_fields, const RecordType* type, const threading::Value* const *vals, bool& have_error) const;
 
 	// Converts a threading::value to a record type. Mostly used by
 	// ValueToVal.
-	RecordVal* ValueToRecordVal(const Stream* i, const threading::Value* const *vals, RecordType *request_type, int* position, bool& have_error);
+	RecordVal* ValueToRecordVal(const Stream* i, const threading::Value* const *vals, RecordType *request_type, int* position, bool& have_error) const;
 
-	Val* RecordValToIndexVal(RecordVal *r);
+	Val* RecordValToIndexVal(RecordVal *r) const;
 
 	// Converts a Bro ListVal to a RecordVal given the record type.
-	RecordVal* ListValToRecordVal(ListVal* list, RecordType *request_type, int* position);
+	RecordVal* ListValToRecordVal(ListVal* list, RecordType *request_type, int* position) const;
 
 	// Internally signal errors, warnings, etc.
 	// These are sent on to input scriptland and reporter.log
-	void Info(const Stream* i, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
-	void Warning(const Stream* i, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
-	void Error(const Stream* i, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
+	void Info(const Stream* i, const char* fmt, ...) const __attribute__((format(printf, 3, 4)));
+	void Warning(const Stream* i, const char* fmt, ...) const __attribute__((format(printf, 3, 4)));
+	void Error(const Stream* i, const char* fmt, ...) const __attribute__((format(printf, 3, 4)));
 
 	enum class ErrorType { INFO, WARNING, ERROR };
-	void ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, ...) __attribute__((format(printf, 5, 6)));
-	void ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, va_list ap) __attribute__((format(printf, 5, 0)));
+	void ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, ...) const __attribute__((format(printf, 5, 6)));
+	void ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, const char* fmt, va_list ap) const __attribute__((format(printf, 5, 0)));
 
-	Stream* FindStream(const string &name);
-	Stream* FindStream(ReaderFrontend* reader);
+	Stream* FindStream(const string &name) const;
+	Stream* FindStream(ReaderFrontend* reader) const;
 
 	enum StreamType { TABLE_STREAM, EVENT_STREAM, ANALYSIS_STREAM };
 

src/input/readers/CMakeLists.txt

@@ -2,5 +2,6 @@
 add_subdirectory(ascii)
 add_subdirectory(benchmark)
 add_subdirectory(binary)
+add_subdirectory(config)
 add_subdirectory(raw)
 add_subdirectory(sqlite)

src/input/readers/benchmark/Benchmark.cc

@@ -125,7 +125,7 @@ bool Benchmark::DoUpdate()
 
 threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
 	{
-	Value* val = new Value(type, true);
+	Value* val = new Value(type, subtype, true);
 
 	// basically construct something random from the fields that we want.
 

src/input/readers/config/CMakeLists.txt

@@ -0,0 +1,9 @@
+
+include(BroPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+
+bro_plugin_begin(Bro ConfigReader)
+bro_plugin_cc(Config.cc Plugin.cc)
+bro_plugin_bif(config.bif)
+bro_plugin_end()

src/input/readers/config/Config.cc

@@ -0,0 +1,311 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include <sstream>
+#include <unordered_set>
+#include <regex>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "Config.h"
+#include "config.bif.h"
+
+#include "input/Manager.h"
+#include "threading/SerialTypes.h"
+
+using namespace input::reader;
+using namespace threading;
+using threading::Value;
+using threading::Field;
+
+Config::Config(ReaderFrontend *frontend) : ReaderBackend(frontend)
+	{
+	mtime = 0;
+	suppress_warnings = false;
+	fail_on_file_problem = false;
+
+	// find all option names and their types.
+	auto globals = global_scope()->Vars();
+	auto c = globals->InitForIteration();
+
+	while ( auto id = globals->NextEntry(c) )
+		{
+		if ( id->IsInternalGlobal() || ! id->IsOption() )
+			continue;
+
+		if ( id->Type()->Tag() == TYPE_RECORD ||
+			 ! input::Manager::IsCompatibleType(id->Type()) )
+			{
+			option_types[id->Name()] = std::make_tuple(TYPE_ERROR, id->Type()->Tag());
+			continue;
+			}
+
+		TypeTag primary = id->Type()->Tag();
+		TypeTag secondary = TYPE_VOID;
+		if ( primary == TYPE_TABLE )
+			secondary = id->Type()->AsSetType()->Indices()->PureType()->Tag();
+		else if ( primary == TYPE_VECTOR )
+			secondary = id->Type()->AsVectorType()->YieldType()->Tag();
+
+		option_types[id->Name()] = std::make_tuple(primary, secondary);
+		}
+	}
+
+Config::~Config()
+	{
+	}
+
+void Config::DoClose()
+	{
+	}
+
+bool Config::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields)
+	{
+	fail_on_file_problem = BifConst::InputConfig::fail_on_file_problem;
+
+	set_separator.assign( (const char*) BifConst::InputConfig::set_separator->Bytes(),
+	                     BifConst::InputConfig::set_separator->Len());
+
+	empty_field.assign( (const char*) BifConst::InputConfig::empty_field->Bytes(),
+	                   BifConst::InputConfig::empty_field->Len());
+
+	formatter::Ascii::SeparatorInfo sep_info("\t", set_separator, "", empty_field);
+	formatter = unique_ptr<threading::formatter::Formatter>(new formatter::Ascii(this, sep_info));
+
+	return DoUpdate();
+	}
+
+bool Config::OpenFile()
+	{
+	if ( file.is_open() )
+		return true;
+
+	file.open(Info().source);
+
+	if ( ! file.is_open() )
+		{
+		FailWarn(fail_on_file_problem, Fmt("Init: cannot open %s", Info().source), true);
+		return ! fail_on_file_problem;
+		}
+
+	suppress_warnings = false;
+	return true;
+	}
+
+void Config::FailWarn(bool is_error, const char *msg, bool suppress_future)
+	{
+	if ( is_error )
+		Error(msg);
+	else
+		{
+		// suppress error message when we are already in error mode.
+		// There is no reason to repeat it every second.
+		if ( ! suppress_warnings )
+			Warning(msg);
+
+		if ( suppress_future )
+			suppress_warnings = true;
+		}
+	}
+
+bool Config::GetLine(string& str)
+	{
+	while ( getline(file, str) )
+		{
+		if ( ! str.size() )
+			continue;
+
+		if ( str.back() == '\r' ) // deal with \r\n by removing \r
+			str.pop_back();
+
+		if ( str[0] != '#' )
+			return true;
+		}
+
+	return false;
+	}
+
+// read the entire file and send appropriate thingies back to InputMgr
+bool Config::DoUpdate()
+	{
+	if ( ! OpenFile() )
+		return ! fail_on_file_problem;
+
+	switch ( Info().mode ) {
+		case MODE_REREAD:
+			{
+			// check if the file has changed
+			struct stat sb;
+			if ( stat(Info().source, &sb) == -1 )
+				{
+				FailWarn(fail_on_file_problem, Fmt("Could not get stat for %s", Info().source), true);
+
+				file.close();
+				return ! fail_on_file_problem;
+				}
+
+			if ( sb.st_mtime <= mtime ) // no change
+				return true;
+
+			mtime = sb.st_mtime;
+			// file changed. reread.
+
+			// fallthrough
+			}
+
+		case MODE_MANUAL:
+		case MODE_STREAM:
+			{
+			// dirty, fix me. (well, apparently after trying seeking, etc
+			// - this is not that bad)
+			if ( file.is_open() )
+				{
+				if ( Info().mode == MODE_STREAM )
+					{
+					file.clear(); // remove end of file evil bits
+					break;
+					}
+
+				file.close();
+				}
+
+			OpenFile();
+
+			break;
+			}
+
+		default:
+			assert(false);
+		}
+
+	string line;
+	file.sync();
+
+	// keep a list of options to remove because they were no longer in the input file.
+	// Start out with all element and removes while going along
+	std::unordered_set<std::string> unseen_options;
+	for ( auto i : option_values )
+		{
+		unseen_options.insert(i.first);
+		}
+
+	while ( GetLine(line) )
+		{
+		static std::regex re("^(.*?)\\s+(.*)$");
+		std::smatch match;
+		if ( ! std::regex_search(line, match, re) )
+			{
+			Warning(Fmt("Could not parse '%s'; line has invalid format. Ignoring line.", line.c_str()));
+			continue;
+			}
+
+		string key = match[1];
+		string value = match[2];
+
+		auto typeit = option_types.find(key);
+		if ( typeit == option_types.end() )
+			{
+			Warning(Fmt("Option '%s' does not exist. Ignoring line.", key.c_str()));
+			continue;
+			}
+
+		if ( std::get<0>((*typeit).second) == TYPE_ERROR )
+			{
+			Warning(Fmt("Option '%s' has type '%s', which is not supported for file input. Ignoring line.", key.c_str(), type_name(std::get<1>((*typeit).second))));
+			continue;
+			}
+
+		Value* eventval = formatter->ParseValue(value, key, std::get<0>((*typeit).second), std::get<1>((*typeit).second));
+		if ( ! eventval )
+			{
+			Warning(Fmt("Could not convert line '%s' to value. Ignoring line.", line.c_str()));
+			continue;
+			}
+		else if ( ! eventval->present )
+			{
+			Warning(Fmt("Line '%s' has no value. Ignoring line.", line.c_str()));
+			delete eventval;
+			continue;
+			}
+
+		unseen_options.erase(key);
+
+		// we only send the event if the underlying value has changed. Let's check that.
+		// (Yes, this means we keep all configuration options in memory twice - once here in
+		// the reader and once in memory in Bro; that is difficult to change.
+		auto search = option_values.find(key);
+		if ( search != option_values.end() && search->second == value )
+			{
+			delete eventval;
+			continue;
+			}
+
+		option_values[key] = value;
+
+			{
+			Value** fields = new Value*[2];
+			Value* keyval = new threading::Value(TYPE_STRING, true);
+			keyval->val.string_val.length = key.size();
+			keyval->val.string_val.data = copy_string(key.c_str());
+			fields[0] = keyval;
+			Value* val = new threading::Value(TYPE_STRING, true);
+			val->val.string_val.length = value.size();
+			val->val.string_val.data = copy_string(value.c_str());
+			fields[1] = val;
+
+			if ( Info().mode  == MODE_STREAM )
+				Put(fields);
+			else
+				SendEntry(fields);
+			}
+
+			{
+			Value** vals = new Value*[4];
+			vals[0] = new Value(TYPE_STRING, true);
+			vals[0]->val.string_val.data = copy_string(Info().name);
+			vals[0]->val.string_val.length = strlen(Info().name);
+			vals[1] = new Value(TYPE_STRING, true);
+			vals[1]->val.string_val.data = copy_string(Info().source);
+			vals[1]->val.string_val.length = strlen(Info().source);
+			vals[2] = new Value(TYPE_STRING, true);
+			vals[2]->val.string_val.data = copy_string(key.c_str());
+			vals[2]->val.string_val.length = key.size();
+			vals[3] = eventval;
+
+			SendEvent("InputConfig::new_value", 4, vals);
+			}
+		}
+
+	if ( Info().mode != MODE_STREAM )
+		EndCurrentSend();
+
+	// clean up all options we did not see
+	for ( auto i : unseen_options )
+		option_values.erase(i);
+
+	return true;
+	}
+
+bool Config::DoHeartbeat(double network_time, double current_time)
+	{
+	switch ( Info().mode )
+		{
+		case MODE_MANUAL:
+			// yay, we do nothing :)
+			break;
+
+		case MODE_REREAD:
+		case MODE_STREAM:
+			Update(); // call update and not DoUpdate, because update
+				  // checks disabled.
+			break;
+
+		default:
+			assert(false);
+		}
+
+	return true;
+	}
+

src/input/readers/config/Config.h

@@ -0,0 +1,67 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#ifndef INPUT_READERS_CONFIG_H
+#define INPUT_READERS_CONFIG_H
+
+#include <iostream>
+#include <vector>
+#include <fstream>
+#include <memory>
+#include <unordered_map>
+
+#include "input/ReaderBackend.h"
+#include "threading/formatters/Ascii.h"
+
+namespace input { namespace reader {
+
+/**
+ * Reader for Configuration files.
+ */
+class Config : public ReaderBackend {
+public:
+	explicit Config(ReaderFrontend* frontend);
+	~Config();
+
+	// prohibit copying and moving
+	Config(const Config&) = delete;
+	Config(Config&&) = delete;
+	Config& operator=(const Config&) = delete;
+	Config& operator=(Config&&) = delete;
+
+	static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Config(frontend); }
+
+protected:
+	bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override;
+	void DoClose() override;
+	bool DoUpdate() override;
+	bool DoHeartbeat(double network_time, double current_time) override;
+
+private:
+	bool GetLine(string& str);
+	bool OpenFile();
+	// Call Warning or Error, depending on the is_error boolean.
+	// In case of a warning, setting suppress_future to true will suppress all future warnings
+	// (by setting suppress_warnings to true, until suppress_warnings is set back to false)
+	void FailWarn(bool is_error, const char *msg, bool suppress_future = false);
+
+	ifstream file;
+	time_t mtime;
+
+	bool fail_on_file_problem;
+	// this is an internal indicator in case the read is currently in a failed state
+	// it's used to suppress duplicate error messages.
+	bool suppress_warnings;
+
+	string set_separator;
+	string empty_field;
+
+	std::unique_ptr<threading::formatter::Formatter> formatter;
+	std::unordered_map<std::string, std::tuple<TypeTag, TypeTag>> option_types;
+	std::unordered_map<std::string, std::string> option_values;
+};
+
+
+}
+}
+
+#endif /* INPUT_READERS_CONFIG_H */

src/input/readers/config/Plugin.cc

@@ -0,0 +1,24 @@
+// See the file  in the main distribution directory for copyright.
+
+#include "plugin/Plugin.h"
+
+#include "Config.h"
+
+namespace plugin {
+namespace Bro_ConfigReader {
+
+class Plugin : public plugin::Plugin {
+public:
+	plugin::Configuration Configure()
+		{
+		AddComponent(new ::input::Component("Config", ::input::reader::Config::Instantiate));
+
+		plugin::Configuration config;
+		config.name = "Bro::ConfigReader";
+		config.description = "Configuration file input reader";
+		return config;
+		}
+} plugin;
+
+}
+}

src/input/readers/config/config.bif

@@ -0,0 +1,6 @@
+
+module InputConfig;
+
+const set_separator: string;
+const empty_field: string;
+const fail_on_file_problem: bool;

src/input/readers/sqlite/SQLite.cc

@@ -128,7 +128,7 @@ bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading:
 Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int pos, int subpos)
 	{
 	if ( sqlite3_column_type(st, pos ) == SQLITE_NULL )
-		return new Value(field->type, false);
+		return new Value(field->type, field->subtype, false);
 
 	Value* val = new Value(field->type, true);
 

src/option.bif

@@ -0,0 +1,165 @@
+##! The option built-in functions allow the scripting layer to
+##! change the value of option-values and to be notified when
+##! option values change.
+
+module Option;
+
+%%{
+#include "NetVar.h"
+%%}
+
+## Sets an option to a new value. This change will also cause the option change handlers
+## to be called.
+##
+## ID: The ID of the option to update.
+##
+## val: The new value of the option.
+##
+## location: optional parameter detailing where this change originated from.
+##
+## Returns: true on success, false when an error occured.
+##
+## .. bro:see:: Option::set_change_handler
+function Option::set%(ID: string, val: any, location: string &default=""%): bool
+	%{
+	auto i = global_scope()->Lookup(ID->CheckString());
+	if ( ! i )
+		{
+		builtin_error(fmt("Could not find ID named '%s'", ID->CheckString()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( ! i->HasVal() )
+		{
+		// should be impossible because initialization is enforced
+		builtin_error(fmt("ID '%s' has no value", ID->CheckString()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( ! i->IsOption() )
+		{
+		builtin_error(fmt("ID '%s' is not an option", ID->CheckString()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( ! same_type(i->Type(), val->Type()) )
+		{
+		builtin_error(fmt("Incompatible type for set of ID '%s': got '%s', need '%s'",
+			ID->CheckString(), type_name(val->Type()->Tag()), type_name(i->Type()->Tag())));
+		}
+
+	val->Ref();
+	if ( i->HasOptionHandlers() )
+		{
+		for ( auto handler_function : i->GetOptionHandlers() )
+			{
+			val_list vl(2);
+			vl.append(ID->Ref());
+			vl.append(val);
+			if ( handler_function->FType()->AsFuncType()->ArgTypes()->Types()->length() == 3 )
+				vl.append(location->Ref());
+
+			val = handler_function->Call(&vl); // consumed by next call.
+			if ( ! val )
+				{
+				// Someone messed up, don't change value and just return
+				return new Val(0, TYPE_BOOL);
+				}
+			}
+		}
+
+	// clone to prevent changes
+	i->SetVal(val->Clone());
+	Unref(val); // Either ref'd once or function call result.
+	return new Val(1, TYPE_BOOL);
+	%}
+
+## Set the change handler for the option *ID*. The change handler will be called anytime
+## :bro:id:`Option::set` is called fot *ID*.
+##
+## ID: The ID of the option for which change notifications are desired.
+##
+## on_change: The function that will be called when a change occurs. The function can choose to
+##            receive two or three parameters: the first parameter is a string containing *ID*,
+##            the second parameter is the new option value. The third, optional, parameter is the
+##            location string as passed to Option::set. Note that the global value is not yet changed
+##            when the function is called. The passed function has to return the new value that
+##            it wants the option to be set to. This enables it to reject changes, or change values
+##            that are being set. When several change handlers are set for an option they are chained;
+##            the second change handler will see the return value of the first change handler as the
+##            "new value".
+##
+## priority: The priority of the function that was added; functions with higher priority are
+##           called first, functions with the same priority are called in the order in which
+##           they were added.
+##
+## Returns: true when the change handler was set, false when an error occurred.
+##
+## .. bro:see:: Option::set
+function Option::set_change_handler%(ID: string, on_change: any, priority: int &default=0%): bool
+	%{
+	auto i = global_scope()->Lookup(ID->CheckString());
+	if ( ! i )
+		{
+		builtin_error(fmt("Could not find ID named '%s'", ID->CheckString()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( ! i->IsOption() )
+		{
+		builtin_error(fmt("ID '%s' is not an option", ID->CheckString()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( on_change->Type()->Tag() != TYPE_FUNC )
+		{
+		builtin_error(fmt("Option::on_change needs function argument; got '%s' for ID '%s'",
+			type_name(on_change->Type()->Tag()), ID->CheckString()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( on_change->Type()->AsFuncType()->Flavor() != FUNC_FLAVOR_FUNCTION )
+		{
+		builtin_error("Option::on_change needs function argument; not hook or event");
+		return new Val(0, TYPE_BOOL);
+		}
+
+	const type_list* args = on_change->Type()->AsFuncType()->ArgTypes()->Types();
+	if ( args->length() < 2 || args->length() > 3 )
+		{
+		builtin_error(fmt("Wrong number of arguments for passed function in Option::on_change for ID '%s'; expected 2 or 3, got %d",
+			ID->CheckString(), args->length()));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( (*args)[0]->Tag() != TYPE_STRING )
+		{
+		builtin_error(fmt("First argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'",
+			ID->CheckString(), type_name((*args)[0]->Tag())));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( ! same_type((*args)[1], i->Type()) )
+		{
+		builtin_error(fmt("Second argument of passed function has to be %s in Option::on_change for ID '%s'; got '%s'",
+			type_name(i->Type()->Tag()), ID->CheckString(), type_name((*args)[1]->Tag())));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( args->length() == 3 && (*args)[2]->Tag() != TYPE_STRING )
+		{
+		builtin_error(fmt("Third argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'",
+			ID->CheckString(), type_name((*args)[2]->Tag())));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	if ( ! same_type(on_change->Type()->AsFuncType()->YieldType(), i->Type()) )
+		{
+		builtin_error(fmt("Passed function needs to return type '%s' for ID '%s'; got '%s'",
+			type_name(i->Type()->Tag()), ID->CheckString(), type_name(on_change->Type()->AsFuncType()->YieldType()->Tag())));
+		return new Val(0, TYPE_BOOL);
+		}
+
+	i->AddOptionHandler(on_change->Ref()->AsFunc(), -priority);
+	return new Val(1, TYPE_BOOL);
+	%}

src/parse.y

@@ -6,7 +6,7 @@
 
 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ANY
 %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF
-%token TOK_BOOL TOK_BREAK TOK_CASE TOK_CONST
+%token TOK_BOOL TOK_BREAK TOK_CASE TOK_OPTION TOK_CONST
 %token TOK_CONSTANT TOK_COPY TOK_COUNT TOK_COUNTER TOK_DEFAULT TOK_DELETE
 %token TOK_DOUBLE TOK_ELSE TOK_ENUM TOK_EVENT TOK_EXPORT TOK_FALLTHROUGH
 %token TOK_FILE TOK_FOR TOK_FUNCTION TOK_GLOBAL TOK_HOOK TOK_ID TOK_IF TOK_INT
@@ -1059,6 +1059,12 @@ decl:
 			broxygen_mgr->Identifier($2);
 			}
 
+	|	TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';'
+			{
+			add_global($2, $3, $4, $5, $6, VAR_OPTION);
+			broxygen_mgr->Identifier($2);
+			}
+
 	|	TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';'
 			{
 			add_global($2, $3, $4, $5, $6, VAR_CONST);

src/scan.l

@@ -215,6 +215,7 @@ any	return TOK_ANY;
 bool	return TOK_BOOL;
 break	return TOK_BREAK;
 case	return TOK_CASE;
+option	return TOK_OPTION;
 const	return TOK_CONST;
 copy	return TOK_COPY;
 count	return TOK_COUNT;

src/threading/SerialTypes.cc

@@ -161,12 +161,13 @@ bool Value::IsCompatibleType(BroType* t, bool atomic_only)
 
 bool Value::Read(SerializationFormat* fmt)
 	{
-	int ty;
+	int ty, sty;
 
-	if ( ! (fmt->Read(&ty, "type") && fmt->Read(&present, "present")) )
+	if ( ! (fmt->Read(&ty, "type") && fmt->Read(&sty, "subtype") && fmt->Read(&present, "present")) )
 		return false;
 
 	type = (TypeTag)(ty);
+	subtype = (TypeTag)(sty);
 
 	if ( ! present )
 		return true;
@@ -311,6 +312,7 @@ bool Value::Read(SerializationFormat* fmt)
 bool Value::Write(SerializationFormat* fmt) const
 	{
 	if ( ! (fmt->Write((int)type, "type") &&
+		fmt->Write((int)subtype, "subtype") &&
 		fmt->Write(present, "present")) )
 		return false;
 

src/threading/SerialTypes.h

@@ -26,7 +26,7 @@ struct Field {
 	//! port, one for the type), and this specifies the secondary name.
 	const char* secondary_name;
 	TypeTag type;	//! Type of the field.
-	TypeTag subtype;	//! Inner type for sets.
+	TypeTag subtype;	//! Inner type for sets and vectors.
 	bool optional;	//! True if field is optional.
 
 	/**
@@ -92,6 +92,7 @@ private:
  */
 struct Value {
 	TypeTag type;	//! The type of the value.
+	TypeTag subtype;	//! Inner type for sets and vectors.
 	bool present;	//! False for optional record fields that are not set.
 
 	struct set_t { bro_int_t size; Value** vals; };
@@ -146,7 +147,20 @@ struct Value {
 	* that is not set.
 	 */
 	Value(TypeTag arg_type = TYPE_ERROR, bool arg_present = true)
-		: type(arg_type), present(arg_present)	{}
+		: type(arg_type), subtype(TYPE_VOID), present(arg_present)	{}
+
+	/**
+	* Constructor.
+	*
+	* arg_type: The type of the value.
+	*
+	* arg_type: The subtype of the value for sets and vectors.
+	*
+	* arg_present: False if the value represents an optional record field
+	* that is not set.
+	 */
+	Value(TypeTag arg_type, TypeTag arg_subtype, bool arg_present = true)
+		: type(arg_type), subtype(arg_subtype), present(arg_present)	{}
 
 	/**
 	 * Destructor.
@@ -185,4 +199,4 @@ private:
 
 }
 
-#endif /* THREADING_SERIALIZATIONTZPES_H */
+#endif /* THREADING_SERIALIZATIONTYPES_H */

src/threading/formatters/Ascii.cc

@@ -207,13 +207,14 @@ bool Ascii::Describe(ODesc* desc, threading::Value* val, const string& name) con
 
 threading::Value* Ascii::ParseValue(const string& s, const string& name, TypeTag type, TypeTag subtype) const
 	{
-	if ( s.compare(separators.unset_field) == 0 )  // field is not set...
+	if ( ! separators.unset_field.empty() && s.compare(separators.unset_field) == 0 )  // field is not set...
 		return new threading::Value(type, false);
 
-	threading::Value* val = new threading::Value(type, true);
+	threading::Value* val = new threading::Value(type, subtype, true);
 	const char* start = s.c_str();
 	char* end = 0;
 	errno = 0;
+	size_t pos;
 
 	switch ( type ) {
 	case TYPE_ENUM:
@@ -260,11 +261,21 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, TypeTag
 		break;
 
 	case TYPE_PORT:
+		val->val.port_val.proto = TRANSPORT_UNKNOWN;
+		pos = s.find('/');
+		if ( pos != std::string::npos && s.length() > pos + 1 )
+			{
+			auto proto = s.substr(pos+1);
+			if ( strtolower(proto) == "tcp" )
+				val->val.port_val.proto = TRANSPORT_TCP;
+			else if ( strtolower(proto) == "udp" )
+				val->val.port_val.proto = TRANSPORT_UDP;
+			else if ( strtolower(proto) == "icmp" )
+				val->val.port_val.proto = TRANSPORT_ICMP;
+			}
 		val->val.port_val.port = strtoull(start, &end, 10);
 		if ( CheckNumberError(start, end) )
 			goto parse_error;
-
-		val->val.port_val.proto = TRANSPORT_UNKNOWN;
 		break;
 
 	case TYPE_SUBNET:
@@ -318,6 +329,9 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, TypeTag
 		if ( separators.empty_field.size() > 0 && s.compare(separators.empty_field) == 0 )
 			length = 0;
 
+		if ( separators.empty_field.empty() && s.empty() )
+			length = 0;
+
 		threading::Value** lvals = new threading::Value* [length];
 
 		if ( type == TYPE_TABLE )
@@ -389,6 +403,9 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, TypeTag
 			for ( unsigned int i = 0; i < pos; i++ )
 				delete lvals[i];
 
+			// and set the length of the set to 0, otherwhise the destructor will crash.
+			val->val.vector_val.size = 0;
+
 			goto parse_error;
 		}
 

testing/btest/Baseline/core.check-unused-event-handlers/.stderr

@@ -1,2 +1,3 @@
 warning in <params>, line 1: event handler never invoked: this_is_never_used
+warning in <params>, line 1: event handler never invoked: InputConfig::new_value
 warning in <params>, line 1: event handler never invoked: InputRaw::process_finished

testing/btest/Baseline/core.option-errors-2/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-2/option-errors.bro, line 2: option variable must be initialized (testbool)

testing/btest/Baseline/core.option-errors-3/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-3/option-errors.bro, line 3: option is not a modifiable lvalue (testopt)

testing/btest/Baseline/core.option-errors-4/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-4/option-errors.bro, line 2 and /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors-4/option-errors.bro, line 3: already defined (testopt)

testing/btest/Baseline/core.option-errors/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-errors/option-errors.bro, line 4: no type given (testbool)

testing/btest/Baseline/core.option-priorities/.stdout

@@ -0,0 +1,6 @@
+Old value, T
+Higher prio - Value of testbool changed from T to F at location ''
+Value of testbool changed from T to T
+Higher prio - Value of testbool changed from T to F at location 'here'
+Value of testbool changed from T to T
+New value, T

testing/btest/Baseline/core.option-redef/.stdout

@@ -0,0 +1 @@
+6

testing/btest/Baseline/core.option-runtime-errors-10/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-10/option-runtime-errors.bro, line 7: ID 'A' is not an option (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-11/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-11/option-runtime-errors.bro, line 4: Option::on_change needs function argument; got 'count' for ID 'A' (Option::set_change_handler(A, A, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-12/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-12/option-runtime-errors.bro, line 7: Third argument of passed function has to be string in Option::on_change for ID 'A'; got 'count' (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-13/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-13/option-runtime-errors.bro, line 7: Wrong number of arguments for passed function in Option::on_change for ID 'A'; expected 2 or 3, got 4 (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-2/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-2/option-runtime-errors.bro, line 3: Incompatible type for set of ID 'A': got 'string', need 'count' (Option::set(A, hi, ))

testing/btest/Baseline/core.option-runtime-errors-3/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-3/option-runtime-errors.bro, line 3: ID 'A' is not an option (Option::set(A, 6, ))

testing/btest/Baseline/core.option-runtime-errors-4/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-4/option-runtime-errors.bro, line 7: Second argument of passed function has to be count in Option::on_change for ID 'A'; got 'bool' (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-5/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-5/option-runtime-errors.bro, line 7: Wrong number of arguments for passed function in Option::on_change for ID 'A'; expected 2 or 3, got 1 (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-6/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-6/option-runtime-errors.bro, line 7: Passed function needs to return type 'count' for ID 'A'; got 'bool' (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-7/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-7/option-runtime-errors.bro, line 7: Option::on_change needs function argument; not hook or event (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-8/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-8/option-runtime-errors.bro, line 7: Option::on_change needs function argument; not hook or event (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors-9/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors-9/option-runtime-errors.bro, line 5: Could not find ID named 'A' (Option::set_change_handler(A, option_changed, (coerce 0 to int)))

testing/btest/Baseline/core.option-runtime-errors/.stderr

@@ -0,0 +1 @@
+error in /Users/johanna/corelight/bro/testing/btest/.tmp/core.option-runtime-errors/option-runtime-errors.bro, line 8: Could not find ID named 'B' (Option::set(B, 6, ))

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -38,6 +38,7 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/input/readers/raw.bro
     scripts/base/frameworks/input/readers/benchmark.bro
     scripts/base/frameworks/input/readers/binary.bro
+    scripts/base/frameworks/input/readers/config.bro
     scripts/base/frameworks/input/readers/sqlite.bro
   scripts/base/frameworks/analyzer/__load__.bro
     scripts/base/frameworks/analyzer/main.bro
@@ -51,6 +52,7 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/files/magic/__load__.bro
   build/scripts/base/bif/__load__.bro
     build/scripts/base/bif/stats.bif.bro
+    build/scripts/base/bif/option.bif.bro
     build/scripts/base/bif/broxygen.bif.bro
     build/scripts/base/bif/pcap.bif.bro
     build/scripts/base/bif/bloom-filter.bif.bro
@@ -163,6 +165,7 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro
     build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro
     build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro
+    build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro
     build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro
     build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
     build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -38,6 +38,7 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/input/readers/raw.bro
     scripts/base/frameworks/input/readers/benchmark.bro
     scripts/base/frameworks/input/readers/binary.bro
+    scripts/base/frameworks/input/readers/config.bro
     scripts/base/frameworks/input/readers/sqlite.bro
   scripts/base/frameworks/analyzer/__load__.bro
     scripts/base/frameworks/analyzer/main.bro
@@ -51,6 +52,7 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/files/magic/__load__.bro
   build/scripts/base/bif/__load__.bro
     build/scripts/base/bif/stats.bif.bro
+    build/scripts/base/bif/option.bif.bro
     build/scripts/base/bif/broxygen.bif.bro
     build/scripts/base/bif/pcap.bif.bro
     build/scripts/base/bif/bloom-filter.bif.bro
@@ -163,6 +165,7 @@ scripts/base/init-bare.bro
     build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro
     build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro
     build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro
+    build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro
     build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro
     build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
     build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
@@ -240,6 +243,9 @@ scripts/base/init-default.bro
     scripts/base/frameworks/intel/main.bro
     scripts/base/frameworks/intel/files.bro
     scripts/base/frameworks/intel/input.bro
+  scripts/base/frameworks/config/__load__.bro
+    scripts/base/frameworks/config/main.bro
+    scripts/base/frameworks/config/input.bro
   scripts/base/frameworks/sumstats/__load__.bro
     scripts/base/frameworks/sumstats/main.bro
     scripts/base/frameworks/sumstats/plugins/__load__.bro

testing/btest/Baseline/coverage.find-bro-logs/out

@@ -2,6 +2,7 @@ barnyard2
 capture_loss
 cluster
 communication
+config
 conn
 dce__r_pc
 dhcp

testing/btest/Baseline/doc.broxygen.example/example.rst

@@ -32,8 +32,8 @@ And a custom directive does the equivalent references:
 
 Summary
 ~~~~~~~
-Options
-#######
+Redefinable Options
+###################
 ==================================================================================== =======================================================
 :bro:id:`BroxygenExample::an_option`: :bro:type:`set` :bro:attr:`&redef`             Add documentation for "an_option" here.
 :bro:id:`BroxygenExample::option_with_init`: :bro:type:`interval` :bro:attr:`&redef` Default initialization will be generated automatically.
@@ -81,8 +81,8 @@ Functions
 
 Detailed Interface
 ~~~~~~~~~~~~~~~~~~
-Options
-#######
+Redefinable Options
+###################
 .. bro:id:: BroxygenExample::an_option
 
    :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`]

testing/btest/Baseline/plugins.hooks/output

@@ -172,6 +172,7 @@
 0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=communication, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=config, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=conn, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dce_rpc, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dhcp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
@@ -215,6 +216,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
@@ -256,9 +258,10 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1517966765.39294, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (DCE_RPC::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (DHCP::LOG)) -> <no result>
@@ -302,6 +305,7 @@
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (mysql::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
@@ -345,6 +349,7 @@
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Cluster::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Communication::LOG, default)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Config::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Conn::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (DCE_RPC::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (DHCP::LOG, default)) -> <no result>
@@ -388,6 +393,7 @@
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
@@ -429,7 +435,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1517966765.39294, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -458,6 +464,7 @@
 0.000000   MetaHookPost  CallFunction(current_time, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
+0.000000   MetaHookPost  CallFunction(global_ids, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(network_time, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(reading_live_traffic, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(reading_traces, <frame>, ()) -> <no result>
@@ -474,6 +481,7 @@
 0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_BitTorrent.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_ConfigReader.config.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_ConnSize.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_ConnSize.functions.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.bro) -> -1
@@ -595,6 +603,7 @@
 0.000000   MetaHookPost  LoadFile(0, .<...>/cardinality-counter.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/catch-and-release.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/comm.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(0, .<...>/config.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/const-dos-error.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/const-nt-status.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/const.bif.bro) -> -1
@@ -633,6 +642,7 @@
 0.000000   MetaHookPost  LoadFile(0, .<...>/non-cluster.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/none.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/openflow.bro) -> -1
+0.000000   MetaHookPost  LoadFile(0, .<...>/option.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/packetfilter.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/page.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, .<...>/patterns.bro) -> -1
@@ -682,6 +692,7 @@
 0.000000   MetaHookPost  LoadFile(0, base<...>/cluster) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/comm.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/communication) -> -1
+0.000000   MetaHookPost  LoadFile(0, base<...>/config) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/conn) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/conn-ids.bro) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/const.bif.bro) -> -1
@@ -952,6 +963,7 @@
 0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=communication, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=config, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=conn, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dce_rpc, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dhcp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
@@ -995,6 +1007,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
@@ -1036,9 +1049,10 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1517966765.39294, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (DCE_RPC::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (DHCP::LOG))
@@ -1082,6 +1096,7 @@
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (mysql::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
@@ -1125,6 +1140,7 @@
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Cluster::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Communication::LOG, default))
+0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Config::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Conn::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (DCE_RPC::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (DHCP::LOG, default))
@@ -1168,6 +1184,7 @@
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]))
@@ -1209,7 +1226,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1517966765.39294, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -1238,6 +1255,7 @@
 0.000000   MetaHookPre   CallFunction(current_time, <frame>, ())
 0.000000   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (CLUSTER_NODE))
+0.000000   MetaHookPre   CallFunction(global_ids, <frame>, ())
 0.000000   MetaHookPre   CallFunction(network_time, <frame>, ())
 0.000000   MetaHookPre   CallFunction(reading_live_traffic, <frame>, ())
 0.000000   MetaHookPre   CallFunction(reading_traces, <frame>, ())
@@ -1254,6 +1272,7 @@
 0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_BenchmarkReader.benchmark.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_BinaryReader.binary.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_BitTorrent.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_ConfigReader.config.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_ConnSize.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_ConnSize.functions.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/Bro_DCE_RPC.consts.bif.bro)
@@ -1375,6 +1394,7 @@
 0.000000   MetaHookPre   LoadFile(0, .<...>/cardinality-counter.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/catch-and-release.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/comm.bif.bro)
+0.000000   MetaHookPre   LoadFile(0, .<...>/config.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/const-dos-error.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/const-nt-status.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/const.bif.bro)
@@ -1413,6 +1433,7 @@
 0.000000   MetaHookPre   LoadFile(0, .<...>/non-cluster.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/none.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/openflow.bro)
+0.000000   MetaHookPre   LoadFile(0, .<...>/option.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/packetfilter.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/page.bro)
 0.000000   MetaHookPre   LoadFile(0, .<...>/patterns.bro)
@@ -1462,6 +1483,7 @@
 0.000000   MetaHookPre   LoadFile(0, base<...>/cluster)
 0.000000   MetaHookPre   LoadFile(0, base<...>/comm.bif.bro)
 0.000000   MetaHookPre   LoadFile(0, base<...>/communication)
+0.000000   MetaHookPre   LoadFile(0, base<...>/config)
 0.000000   MetaHookPre   LoadFile(0, base<...>/conn)
 0.000000   MetaHookPre   LoadFile(0, base<...>/conn-ids.bro)
 0.000000   MetaHookPre   LoadFile(0, base<...>/const.bif.bro)
@@ -1731,6 +1753,7 @@
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
 0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=communication, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=config, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=conn, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dce_rpc, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=dhcp, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
@@ -1774,6 +1797,7 @@
 0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
 0.000000 | HookCallFunction Log::__create_stream(Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])
+0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])
 0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
 0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])
 0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
@@ -1815,9 +1839,10 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1517966765.39294, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(DCE_RPC::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(DHCP::LOG)
@@ -1861,6 +1886,7 @@
 0.000000 | HookCallFunction Log::add_default_filter(mysql::LOG)
 0.000000 | HookCallFunction Log::add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
@@ -1904,6 +1930,7 @@
 0.000000 | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_stream_filters(Cluster::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Communication::LOG, default)
+0.000000 | HookCallFunction Log::add_stream_filters(Config::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Conn::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(DCE_RPC::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(DHCP::LOG, default)
@@ -1947,6 +1974,7 @@
 0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default)
 0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])
 0.000000 | HookCallFunction Log::create_stream(Communication::LOG, [columns=<no value description>, ev=<uninitialized>, path=communication])
+0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])
 0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])
 0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])
 0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])
@@ -1988,7 +2016,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1517966765.39294, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@@ -2017,6 +2045,7 @@
 0.000000 | HookCallFunction current_time()
 0.000000 | HookCallFunction filter_change_tracking()
 0.000000 | HookCallFunction getenv(CLUSTER_NODE)
+0.000000 | HookCallFunction global_ids()
 0.000000 | HookCallFunction network_time()
 0.000000 | HookCallFunction reading_live_traffic()
 0.000000 | HookCallFunction reading_traces()
@@ -2033,6 +2062,7 @@
 0.000000 | HookLoadFile  .<...>/Bro_BenchmarkReader.benchmark.bif.bro
 0.000000 | HookLoadFile  .<...>/Bro_BinaryReader.binary.bif.bro
 0.000000 | HookLoadFile  .<...>/Bro_BitTorrent.events.bif.bro
+0.000000 | HookLoadFile  .<...>/Bro_ConfigReader.config.bif.bro
 0.000000 | HookLoadFile  .<...>/Bro_ConnSize.events.bif.bro
 0.000000 | HookLoadFile  .<...>/Bro_ConnSize.functions.bif.bro
 0.000000 | HookLoadFile  .<...>/Bro_DCE_RPC.consts.bif.bro
@@ -2156,6 +2186,7 @@
 0.000000 | HookLoadFile  .<...>/cardinality-counter.bif.bro
 0.000000 | HookLoadFile  .<...>/catch-and-release.bro
 0.000000 | HookLoadFile  .<...>/comm.bif.bro
+0.000000 | HookLoadFile  .<...>/config.bro
 0.000000 | HookLoadFile  .<...>/const-dos-error.bro
 0.000000 | HookLoadFile  .<...>/const-nt-status.bro
 0.000000 | HookLoadFile  .<...>/const.bif.bro
@@ -2200,6 +2231,7 @@
 0.000000 | HookLoadFile  .<...>/non-cluster.bro
 0.000000 | HookLoadFile  .<...>/none.bro
 0.000000 | HookLoadFile  .<...>/openflow.bro
+0.000000 | HookLoadFile  .<...>/option.bif.bro
 0.000000 | HookLoadFile  .<...>/packetfilter.bro
 0.000000 | HookLoadFile  .<...>/page.bro
 0.000000 | HookLoadFile  .<...>/patterns.bro
@@ -2250,6 +2282,7 @@
 0.000000 | HookLoadFile  base<...>/cluster
 0.000000 | HookLoadFile  base<...>/comm.bif.bro
 0.000000 | HookLoadFile  base<...>/communication
+0.000000 | HookLoadFile  base<...>/config
 0.000000 | HookLoadFile  base<...>/conn
 0.000000 | HookLoadFile  base<...>/conn-ids.bro
 0.000000 | HookLoadFile  base<...>/const.bif.bro
@@ -2333,7 +2366,7 @@
 0.000000 | HookLoadFile  base<...>/x509
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1517869617.717274, node=bro, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1517966765.392940, node=bro, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()

testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log

@@ -0,0 +1,23 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	config
+#open	2017-10-11-20-23-11
+#fields	ts	id	old_value	new_value	location
+#types	time	string	string	string	string
+1507753391.587107	testbool	T	F	../configfile
+1507753391.587107	testcount	0	1	../configfile
+1507753391.587107	testcount	1	2	../configfile
+1507753391.587107	testint	0	-1	../configfile
+1507753391.587107	testenum	SSH::LOG	Conn::LOG	../configfile
+1507753391.587107	testport	42/tcp	45/unknown	../configfile
+1507753391.587107	testaddr	127.0.0.1	127.0.0.1	../configfile
+1507753391.587107	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1507753391.587107	testinterval	1.0 sec	60.0	../configfile
+1507753391.587107	testtime	0.0	1507321987.0	../configfile
+1507753391.587107	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1507753391.587107	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1507753391.587107	test_set	b,c,a,d,erdbeerschnitzel	(empty)	../configfile
+1507753391.587107	test_set	(empty)	\x2d	../configfile
+#close	2017-10-11-20-23-11

testing/btest/Baseline/scripts.base.frameworks.config.read_config/bro.config.log

@@ -0,0 +1,23 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	config
+#open	2017-10-11-20-47-09
+#fields	ts	id	old_value	new_value	location
+#types	time	string	string	string	string
+1507754829.092788	testbool	T	F	../configfile
+1507754829.092788	testcount	0	1	../configfile
+1507754829.092788	testcount	1	2	../configfile
+1507754829.092788	testint	0	-1	../configfile
+1507754829.092788	testenum	SSH::LOG	Conn::LOG	../configfile
+1507754829.092788	testport	42/tcp	45/unknown	../configfile
+1507754829.092788	testaddr	127.0.0.1	127.0.0.1	../configfile
+1507754829.092788	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1507754829.092788	testinterval	1.0 sec	60.0	../configfile
+1507754829.092788	testtime	0.0	1507321987.0	../configfile
+1507754829.092788	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1507754829.092788	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1507754829.092788	test_set	b,c,a,d,erdbeerschnitzel	(empty)	../configfile
+1507754829.092788	test_set	(empty)	\x2d	../configfile
+#close	2017-10-11-20-47-09

testing/btest/Baseline/scripts.base.frameworks.config.several-files/bro.config.log

@@ -0,0 +1,19 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	config
+#open	2017-10-11-21-01-26
+#fields	ts	id	old_value	new_value	location
+#types	time	string	string	string	string
+1507755686.516466	testbool	T	F	../configfile1
+1507755686.516466	testcount	0	2	../configfile1
+1507755686.516466	testint	0	-1	../configfile1
+1507755686.516466	testenum	SSH::LOG	Conn::LOG	../configfile1
+1507755686.516466	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile1
+1507755686.516466	test_vector	(empty)	1,2,3,4,5,6	../configfile1
+1507755686.516466	testport	42/tcp	45/unknown	../configfile2
+1507755686.516466	testaddr	127.0.0.1	127.0.0.1	../configfile2
+1507755686.516466	testinterval	1.0 sec	60.0	../configfile2
+1507755686.516466	testtime	0.0	1507321987.0	../configfile2
+#close	2017-10-11-21-01-26

testing/btest/Baseline/scripts.base.frameworks.config.updates/bro.config.log

@@ -0,0 +1,27 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	config
+#open	2018-01-18-23-16-41
+#fields	ts	id	old_value	new_value	location
+#types	time	string	string	string	string
+1516317401.889929	testbool	T	F	../configfile
+1516317401.889929	testcount	0	1	../configfile
+1516317401.889929	testcount	1	2	../configfile
+1516317401.889929	testint	0	-1	../configfile
+1516317401.889929	testenum	SSH::LOG	Conn::LOG	../configfile
+1516317401.889929	testport	42/tcp	45/unknown	../configfile
+1516317401.889929	testaddr	127.0.0.1	127.0.0.1	../configfile
+1516317401.889929	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1516317401.889929	testinterval	1.0 sec	60.0	../configfile
+1516317401.889929	testtime	0.0	1507321987.0	../configfile
+1516317401.889929	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1516317401.889929	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1516317405.093522	testcount	2	1	../configfile
+1516317405.093522	testcount	1	2	../configfile
+1516317405.093522	testaddr	2607:f8b0:4005:801::200e	127.0.0.1	../configfile
+1516317405.093522	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1516317405.093522	test_vector	1,2,3,4,5,6	1,2,3,4,5,9	../configfile
+1516317409.199572	test_vector	1,2,3,4,5,9	1,2,3,4,5,9	../configfile
+#close	2018-01-18-23-16-49

testing/btest/Baseline/scripts.base.frameworks.input.basic/out

@@ -1,5 +1,5 @@
 {
-[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
+[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, pp=5/icmp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
 2,
 4,
 1,

testing/btest/Baseline/scripts.base.frameworks.input.config.basic/out

@@ -0,0 +1,28 @@
+testbool, F
+testcount, 1
+testcount, 2
+testint, -1
+testenum, Conn::LOG
+testport, 45/unknown
+testportandproto, 45/udp
+testaddr, 127.0.0.1
+testaddr, 2607:f8b0:4005:801::200e
+testinterval, 60.0
+testtime, 1507321987.0
+test_set, {
+b,
+c,
+a,
+d,
+erdbeerschnitzel
+}
+test_vector, [1, 2, 3, 4, 5, 6]
+test_set, {
+(empty)
+}
+test_set, {
+
+}
+test_set, {
+-
+}

testing/btest/Baseline/scripts.base.frameworks.input.config.errors/errout

@@ -0,0 +1,14 @@
+warning: ../configfile/Input::READER_CONFIG: Field: testbool Invalid value for boolean: A
+warning: ../configfile/Input::READER_CONFIG: Could not convert line 'testbool A' to value. Ignoring line.
+warning: ../configfile/Input::READER_CONFIG: Could not parse 'testtesttesttesttesttest'; line has invalid format. Ignoring line.
+warning: ../configfile/Input::READER_CONFIG: Field: testbool Invalid value for boolean: A B
+warning: ../configfile/Input::READER_CONFIG: Could not convert line 'testbool A B' to value. Ignoring line.
+warning: ../configfile/Input::READER_CONFIG: String 'A' contained no parseable number
+warning: ../configfile/Input::READER_CONFIG: Could not convert line 'testcount A' to value. Ignoring line.
+warning: Value 'unknown' for stream 'configuration' is not a valid enum.
+error: SendEvent for event InputConfig::new_value failed
+warning: ../configfile/Input::READER_CONFIG: Option 'testbooool' does not exist. Ignoring line.
+warning: ../configfile/Input::READER_CONFIG: Option 'test_any' has type 'any', which is not supported for file input. Ignoring line.
+warning: ../configfile/Input::READER_CONFIG: Option 'test_table' has type 'table', which is not supported for file input. Ignoring line.
+received termination signal
+>>>

testing/btest/Baseline/scripts.base.frameworks.input.invalidset/.stderrwithoutfirstline

@@ -0,0 +1,8 @@
+warning: ../input.log/Input::READER_ASCII: Invalid value for subnet: 127.0.0.1
+warning: ../input.log/Input::READER_ASCII: Error while reading set or vector
+warning: ../input.log/Input::READER_ASCII: Could not convert line 'name	127.0.0.1' to Val. Ignoring line.
+warning: ../input.log/Input::READER_ASCII: Invalid value for subnet: 127.0.0.1
+warning: ../input.log/Input::READER_ASCII: Error while reading set or vector
+warning: ../input.log/Input::READER_ASCII: Could not convert line 'name	127.0.0.1' to Val. Ignoring line.
+received termination signal
+>>>

testing/btest/Baseline/scripts.base.frameworks.input.invalidset/out

@@ -0,0 +1,14 @@
+TableErrorEvent, Invalid value for subnet: 127.0.0.1, Reporter::WARNING
+TableErrorEvent, Error while reading set or vector, Reporter::WARNING
+TableErrorEvent, Could not convert line 'name\x09127.0.0.1' to Val. Ignoring line., Reporter::WARNING
+Event, [s={
+
+}]
+EventErrorEvent, Invalid value for subnet: 127.0.0.1, Reporter::WARNING
+EventErrorEvent, Error while reading set or vector, Reporter::WARNING
+EventErrorEvent, Could not convert line 'name\x09127.0.0.1' to Val. Ignoring line., Reporter::WARNING
+{
+[name] = [s={
+
+}]
+}

testing/btest/core/option-errors.bro

@@ -0,0 +1,18 @@
+# @TEST-EXEC-FAIL: bro %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+
+option testbool;
+
+@TEST-START-NEXT
+
+option testbool : bool;
+
+@TEST-START-NEXT
+
+option testopt = 5;
+testopt = 6;
+
+@TEST-START-NEXT
+
+option testopt = 5;
+redef testopt = 6;

testing/btest/core/option-priorities.bro

@@ -0,0 +1,28 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+export {
+	## Test some documentation here!
+	option testbool: bool = T;
+}
+
+function option_changed(ID: string, new_value: bool): bool {
+	print fmt("Value of %s changed from %s to %s", ID, testbool, new_value);
+	return new_value;
+}
+
+function option_changed_two(ID: string, new_value: bool, location: string): bool {
+	print fmt("Higher prio - Value of %s changed from %s to %s at location '%s'", ID, testbool, new_value, location);
+	return T;
+}
+
+event bro_init()
+	{
+	print "Old value", testbool;
+	Option::set_change_handler("testbool", option_changed);
+	Option::set_change_handler("testbool", option_changed_two, 99);
+	Option::set("testbool", F);
+	Option::set("testbool", F, "here");
+	print "New value", testbool;
+	}
+

testing/btest/core/option-redef.bro

@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+# options are allowed to be redef-able.
+
+option testopt = 5 &redef;
+redef testopt = 6;
+
+event bro_init() {
+	print testopt;
+}
+

testing/btest/core/option-runtime-errors.bro

@@ -0,0 +1,104 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+
+# Errors that happen during runtime. At least at the moment we are not checking these early enough
+# that Bro will bail out during startup. Perhaps we want to change this later.
+
+option A = 5;
+Option::set("B", 6);
+
+@TEST-START-NEXT
+
+option A = 5;
+Option::set("A", "hi");
+
+@TEST-START-NEXT
+
+const A = 5;
+Option::set("A", 6);
+
+@TEST-START-NEXT:
+
+option A = 5;
+
+function option_changed(ID: string, new_value: bool): bool {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+option A = 5;
+
+function option_changed(ID: string): bool {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+option A : count = 5;
+
+function option_changed(ID: string, new_value: count): bool {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+option A : count = 5;
+
+hook option_changed(ID: string, new_value: count) {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+option A : count = 5;
+
+event option_changed(ID: string, new_value: count) {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+function option_changed(ID: string, new_value: count) : count {
+}
+
+Option::set_change_handler("A", option_changed);
+
+
+@TEST-START-NEXT:
+
+const A : count = 5;
+
+function option_changed(ID: string, new_value: count) : count {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+option A : count = 5;
+
+Option::set_change_handler("A", A);
+
+@TEST-START-NEXT:
+
+option A : count = 5;
+
+function option_changed(ID: string, new_value: count, location: count) : count {
+}
+
+Option::set_change_handler("A", option_changed);
+
+@TEST-START-NEXT:
+
+option A : count = 5;
+
+function option_changed(ID: string, new_value: count, location: string, a: count) : count {
+}
+
+Option::set_change_handler("A", option_changed);

testing/btest/scripts/base/frameworks/config/basic.bro

@@ -0,0 +1,52 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef Config::config_files += {"../configfile"};
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+test_set 
+test_set -
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	terminate();
+	}

testing/btest/scripts/base/frameworks/config/read_config.bro

@@ -0,0 +1,57 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef InputConfig::empty_field = "(empty)";
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+test_set (empty)
+test_set -
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	terminate();
+	}
+
+event bro_init()
+	{
+	Config::read_config("../configfile");
+	}

testing/btest/scripts/base/frameworks/config/several-files.bro

@@ -0,0 +1,50 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef Config::config_files += {"../configfile1", "../configfile2"};
+
+@TEST-START-FILE configfile1
+testbool F
+testcount 2
+testint		-1
+testenum Conn::LOG
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+@TEST-END-FILE
+
+@TEST-START-FILE configfile2
+testport 45
+testaddr 127.0.0.1
+testinterval 60
+testtime 1507321987
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	terminate();
+	}

testing/btest/scripts/base/frameworks/config/updates.bro

@@ -0,0 +1,109 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: sleep 2
+# @TEST-EXEC: mv configfile2 configfile
+# @TEST-EXEC: touch configfile
+# @TEST-EXEC: sleep 2
+# @TEST-EXEC: mv configfile3 configfile
+# @TEST-EXEC: touch configfile
+# @TEST-EXEC: sleep 2
+# @TEST-EXEC: mv configfile4 configfile
+# @TEST-EXEC: touch configfile
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+@load base/frameworks/communication  # let network-time run
+
+redef exit_only_after_terminate = T;
+redef Config::config_files += {"../configfile"};
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+@TEST-END-FILE
+
+@TEST-START-FILE configfile2
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,9
+@TEST-END-FILE
+
+@TEST-START-FILE configfile3
+testbool F
+testcount    2
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+@TEST-END-FILE
+
+@TEST-START-FILE configfile4
+testbool F
+testcount    2
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,9
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+global eolcount = 0;
+
+event Input::end_of_data(name: string, source:string)
+	{
+	print "eod";
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	eolcount += 1;
+
+	if ( eolcount == 4 )
+		terminate();
+	}

testing/btest/scripts/base/frameworks/input/basic.bro

@@ -7,9 +7,9 @@ redef exit_only_after_terminate = T;
 @TEST-START-FILE input.log
 #separator \x09
 #path	ssh
-#fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
-#types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
+#fields	b	i	e	c	p	pp	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
+#types	bool	int	enum	count	port	port	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
+T	-42	SSH::LOG	21	123	5/icmp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
 @TEST-END-FILE
 
 @load base/protocols/ssh
@@ -29,6 +29,7 @@ type Val: record {
 	e: Log::ID;
 	c: count;
 	p: port;
+	pp: port;
 	sn: subnet;
 	a: addr;
 	d: double;

testing/btest/scripts/base/frameworks/input/config/basic.bro

@@ -0,0 +1,75 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+redef InputConfig::empty_field = "EMPTY";
+redef InputConfig::set_separator = "\t";
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testportandproto 45/udp
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a	b	c	d	erdbeerschnitzel
+test_vector 1	2	3	4	5	6
+test_set (empty)
+test_set EMPTY
+test_set -
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+global outfile: file;
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testportandproto = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+type Idx: record {
+	option_name: string;
+};
+
+type Val: record {
+	option_val: string;
+};
+
+global currconfig: table[string] of string = table();
+
+event InputConfig::new_value(name: string, source: string, id: string, value: any)
+	{
+	print outfile, id, value;
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	close(outfile);
+	terminate();
+	}
+
+event bro_init()
+	{
+	outfile = open("../out");
+	Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
+	}
+

testing/btest/scripts/base/frameworks/input/config/errors.bro

@@ -0,0 +1,66 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: tail -n +2 .stderr > errout
+# @TEST-EXEC: btest-diff errout
+
+redef exit_only_after_terminate = T;
+
+@TEST-START-FILE configfile
+testbool A
+testtesttesttesttesttest
+testbool A B
+testcount A
+testenum unknown
+testbooool T
+test_any F
+test_table whatever
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+global outfile: file;
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+	option test_any: any = 5;
+	option test_table: table[string] of string = {};
+}
+
+type Idx: record {
+	option_name: string;
+};
+
+type Val: record {
+	option_val: string;
+};
+
+global currconfig: table[string] of string = table();
+
+event InputConfig::new_value(name: string, source: string, id: string, value: any)
+	{
+	print outfile, id, value;
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	close(outfile);
+	terminate();
+	}
+
+event bro_init()
+	{
+	outfile = open("../out");
+	Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
+	}
+

testing/btest/scripts/base/frameworks/input/invalidset.bro

@@ -0,0 +1,65 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
+# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
+
+@TEST-START-FILE input.log
+#separator \x09
+#fields	i	s
+name	-
+name	127.0.0.1
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+redef InputAscii::fail_on_invalid_lines = T;
+
+global outfile: file;
+
+module A;
+
+type Idx: record {
+	i: string;
+};
+
+type Val: record {
+	s: set[subnet];
+};
+
+global endcount: count = 0;
+
+global servers: table[string] of Val = table();
+
+event handle_our_errors(desc: Input::TableDescription, msg: string, level: Reporter::Level)
+	{
+	print outfile, "TableErrorEvent", msg, level;
+	}
+
+event handle_our_errors_event(desc: Input::EventDescription, msg: string, level: Reporter::Level)
+	{
+	print outfile, "EventErrorEvent", msg, level;
+	}
+
+event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
+	{
+	print outfile, "Event", v;
+	}
+
+event bro_init()
+	{
+	outfile = open("../out");
+	# first read in the old stuff into the table...
+	Input::add_table([$source="../input.log", $name="ssh", $error_ev=handle_our_errors, $idx=Idx, $val=Val, $destination=servers]);
+	Input::add_event([$source="../input.log", $name="sshevent", $error_ev=handle_our_errors_event, $fields=Val, $want_record=T, $ev=line]);
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	++endcount;
+
+	if ( endcount == 2 )
+		{
+		print outfile, servers;
+		terminate();
+		}
+	}