Making two changes here:
- Renaming the hook to SetupAnalyzerTree.
- Reverting the reversal of the script load order. Instead, I'm
adding an additional script that Bro looks for to load first,
"__preload__.bro". Also extending the plugin docs to cover this.
- Increasing plugin API version, as I suppose adding a new virtual
function may invalidate binary compatibility.
* 'topic/jswaro/feature/HookAddToAnalyzer-tcprs-support' of https://github.com/jswaro/bro:
Add hook 'HookAddToAnalyzerTree' to support TCPRS plugin
Base64Converter now uses a connection directly, instead of an analyzer
redirecting to the underlying connection for reporting to Weird. The new
built-in functions en-/decode_base64_intern make use of this to send
encoding-errors to Weird instead of Reporter.
According to the documentation, using the empty string as alphabet in
the built-in functions, will use the default alphabet. Therefore the
built-in functions can now use default arguments and
en-/decode_base64_custom is deprecated.
The tests have been updated accordingly.
* 'master' of https://github.com/aaronmbr/bro:
Copy-paste issue
Allow for logging of the VLAN data about a connection in conn.log
Save the inner vlan in the Packet object for Q-in-Q setups
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.
While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
That way it can be reused more easily. This also avoid having to
change the serialization structure for packets, which is a problem as
external sources of packets (via Broccoli) wouldn't have the new
attributes available to send.
Also moving Packet.{h,cc} and Layer2.{h,cc} into iosource/, and
removing header size from properties that packet sources have to
provide, as we can now compute that easily from the link type.
Plus some more cleanup.
* 'topic/rework-packets' of https://github.com/jsbarber/bro:
One more tinker to Packet -- ensure no uninitialized values
Packet::IP()-created IP_Hdr should not free
Make enums work for non-C++11 config
Refactor to make bro use a common Packet object. Do a better job of parsing layer 2 and keeping track of layer 3 proto. Add support for raw packet event, including Layer2 headers.
Conflicts:
aux/plugins
I've worked on this a bit more:
- Added tcp_max_old_segments to init-bare.bro.
- Removed the existing call to Overlap() as that now led to
duplicate events.
- Fixed the code checking for overlaps, as it didn't catch all the
cases.
BIT-1314 #merged
GitHub #31 merged
* topic/yunzheng/bit-1314:
BIT-1314: Added QI test for rexmit_inconsistency
BIT-1314: Add detection for Quantum Insert attacks
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...
* origin/topic/seth/deflate-missing-headers-fix:
Fixes an issue with missing zlib headers on deflated HTTP content.
BIT-1399 #merged
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.
A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
