Disabling this option allows one to read pcaps, but still initiate
Broker peerings and automatically exit when done processing the pcap
file. The default behavior would normally cause Broker::peer() to
prevent shutting the process down even after done reading the pcap.
* origin/rtd-test:
Disable RTD pdf format due to exceeded capacity
Add RTD pdf format
Add RTD yaml config file
Remove some Bro usages in main TOC entries
Remove "contents" Sphinx directive usages
Add a `make livehtml` target
Use sourcecode Sphinx directive more widely
Use Sphinx RTD theme for user manual
Replace some code-block Sphinx directives
Remove unused Sphinx extensions
Remove broxygen Sphinx integration
Remove Sphinx btest integrations and tests
Fix a Sphinx deprecation
These are all changes required to build documentation from a static
Sphinx tree (e.g. on Read the Docs)
- Move notice index wrapper doc to doc/script-reference -- doc/scripts
no longer contains any static documentation because that location
will be managed by Bro to generate per-script docs.
- :doc: references for generated per-script docs now need the ".bro"
suffix. (IMO this is better since it directly mirrors the actual
script's file name and can't be confused w/ a package).
Add a "broxygen" domain Sphinx extension w/ directives to allow
on-the-fly documentation to be generated w/ Bro and included in files.
This means all autogenerated reST docs are now done by Bro. The odd
CMake/Python glue scipts which used to generate some portions are now
gone. Bro and the Sphinx extension handle checking for outdated docs
themselves.
Parallel builds of `make doc` target should now work (mostly because
I don't think there's any tasks that can be done in parallel anymore).
Overall, this seems to simplify things and make the Broxygen-generated
portions of the documentation visible/traceable from the main Sphinx
source tree. The one odd thing still is that per-script documentation
is rsync'd in to a shadow copy of the Sphinx source tree within the
build dir. This is less elegant than using the new broxygen extension
to make per-script docs, but rsync is faster and simpler. Simpler as in
less code because it seems like, in the best case, I'd need to write a
custom Sphinx Builder to be able to get that to even work.
This is used to display short summaries for things based on the first
sentence in the comments for it, but wouldn't work well when e.g. a
filename is used there.
This cleans up most of the warnings from sphinx (broken :doc: links,
broxygen role misuses, etc.). The remaining ones should be harmless,
but not quick to silence.
I found that the README for each component was a copy from the actual
repo, so I turned those in to symlinks so they don't get out of date.
I'm merging in the documentation branch to avoid that it keeps getting
out of sync. We still need to work on this a bit more, I'll summarize
in a mail.
* origin/topic/documentation: (68 commits)
Going over initial parts of the scripting overview.
Adding lines in scripting/index.txt. No other change.
Updating submodule.
Pass over the Using Bro section.
Applying doc updates from BIT-1063. (Anthony Verez)
Breaking lines in using/*.
More doc reorg, and a light pass over the first 3 sections.
Starting to put a new structure in place.
Updating submodule(s).
Updating submodule(s).
Adding some temporary testing/demonstration to front page.
Switching btest to topic/robin/parts branch.
Basic cross-referencing UIDs between files, btests, and baselines.
A truly embarassing number of spelling corrections.
Using redirection with bro-cut. Include initial btests for this document.
Corrected a mis-typed RST include.
Initial start for "Using Bro".
Spelling corrections.
Include Notice Policy shortcuts in the Scripting User Manual.
Notice::policy hooks and tests.
...
Conflicts:
src/3rdparty
- Default extraction limit of 100MB now provided via a tuning script
loaded in local.bro so that command-line Bro is unlimited by default.
- Extraction directory is now created on request of file extraction
rather than unconditionally in bro_init().
Includes a bit more docs/comments cleanup. We should eventually
document the events further but it should suffice for now.
* topic/robin/dnp3-merge-v3:
Tiny bit of cleanup and adapting the new test.
added a test case for dnp3 packets with only link layer
added condition to check DNP3 packet without app layer data
Fixing well-known port.
Pluginizing the DNP3 analyzer, plus a basic script logging requests and replies.
* origin/topic/jsiwek/exec-module:
Exec module changes/fixes.
Coverage test fixes and whitespace/doc tweaks.
Update to make Dir::monitor watch inodes instead of file names.
Updates to use new input framework mechanism to execute command line programs.
Added Exec, Dir, and ActiveHTTP modules.
BIT-1046 #merged.
Conflicts:
magic
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
* origin/topic/seth/faf-updates: (27 commits)
Undoing the FTP tests I updated earlier.
Update the last two btest FAF tests.
File analysis fixes and test updates.
Fix a bug with getting analyzer tags.
A few test updates.
Some tests work now (at least they all don't fail anymore!)
Forgot a file.
Added protocol description functions that provide a super compressed log representation.
Fix a bug where orig file information in http wasn't working right.
Added mime types to http.log
Clean up queued but unused file_over_new_connections event args.
Add jar files to the default MHR lookups.
Adding CAB files for MHR checking.
Improve malware hash registry script.
Fix a small issue with finding smtp entities.
Added support for files to the notice framework.
Make the custom libmagic database a git submodule.
Add an is_orig parameter to file_over_new_connection event.
Make magic for emitting application/msword mime type less strict.
Disable more libmagic builtin checks that override the magic database.
...
Conflicts:
doc/scripts/DocSourcesList.cmake
scripts/base/init-bare.bro
scripts/test-all-policy.bro
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
- Fix examples/references in the file analysis how-to/usage doc.
- Add Broxygen-generated docs for file analyzer plugins.
- Break FTP::Info type declaration out in to its own file to get
rid of some circular dependencies (between s/b/p/ftp/main and
s/b/p/ftp/utils).
- policy/frameworks/intel/seen is the new location for the scripts
that push data into the intel framework for checking.
- The new policy/frameworks/intel/do_notice script adds an example
mechanism for data driven notices.
- Several places were just using old variable names or not loading
scripts correctly after they'd been renamed/moved.
- Revert/adjust a change in how HTTP file handles are generated that
broke partial content responses.
- Turn some libmagic builtin checks back on; seems some are actually
useful (e.g. text detection seems to be a builtin). The rule going
forward probably will be only to turn off a builtin if we confirm it
causes issues.
- Removed some tests that are redundant or not necessary anymore because
the generic file analysis tests cover them.
- A couple FTP tests still fail that I think need an actual solution via
script changes.
Closes#983.
* origin/topic/jsiwek/983:
Add named constructor examples to docs.
Allow named vector constructors. Addresses #983.
Allow named table constructors. Addresses #983.
Improve set constructor argument coercion.
Allow named set constructors. Addresses #983.
Allow named record constructors. Addresses #983.
