BIT-1955 #merged
* origin/topic/jsiwek/source-tree-independence:
Support building plugins from Bro installation root
Install binpac
Move bifcl to a separate repo
BIT-1958 #merged
* origin/topic/johanna/config-cluster:
Add vector to read_config_cluster test.
Fix special-case-bug for vectors in UnaryExpr.
Config: another cluster test-case, this time reading in a file.
Add sending of values to nodes that dropped out.
Continue work on config framework clusterization.
Teach Option::set to unwrap Broker::Data values
Start clusterizing configuration framework.
In some cases one can get the Type() of unaryexpr to be ANY. Vectors so
far did not deal gracefully with this and crashed because trying to
convert any to a vectortype.
This patch fixes this by just using the original vector-type in this
case.
* origin/topic/vern/case-insensitive-patterns:
use PCRE syntax instead of the beautiful new (?i ...) syntax
nitlet in NEWS entry
test suite update for case-insensitive patterns
document use of double quotes to escape case-insensitivity
bug fix for recent memory leak patch
documentation updates for case-insensitive patterns
d'oh there's isalpha. I looked earlier for isletter :-P
fix for handling [:(lower|upper):] in case-insensitive patterns
implemented /re/i for case-insensitive patterns
As opposed to plugins depending on a Bro source/build tree. This
required installing various Bro headers, BinPAC and it's headers,
bifcl, and Bro's custom CMake modules.
* 'x509_ext_san_dns_optional' of https://github.com/liviuvalsan/bro:
Added support for making optional the extraction of DNS entries from X509 SAN as Intel::seen records.
Mostly trying to standardize the way tests sleep for arbitrary amounts
of time to make it easier to tell at which particular point the
unit test actually may need the timeout interval increased (or else
debugged further).
This test-case has actually revealed an interesting issue - it works as
is, but as soon as one adds a vector, one gets the fun error-message
fatal error in any: BroType::AsVectorType (any/vector) (any)
This will require a bit more digging :).
* origin/topic/dnthayer/ticket1947:
Fix some typos and formatting in NEWS
Add pattern operators to the documentation of operators
Fix minor typos in broker reference documentation
Fix a broken link and some typos in broker documentation
Fix reST formatting in documentation of "count" type
Add documentation for some new Bro features
In the following example, the republication of "arg" would result in
literally sending it as a Broker::Data record instead of the broker data
that it was already wrapping.
Sender:
Broker::publish("topic", my_event, "hello")
Receiver:
event my_event(arg: any)
{
Broker::publish("topic", my_event, arg)
}
