This analyzer generates three logs to fully display what is happening over the MQTT connection.
- mqtt_connect.log
- mqtt_subscribe.log
- mqtt_publish.log
At this time it only supports MQTT 3.1 and 3.1.1
* origin/topic/timw/cleaner-utf8:
GHI-486: Switch over to using LLVM utf8-checking code to better validate characters
I addressed a buffer over-read during the merge and added test-cases for
it.
* origin/topic/jsiwek/ub-fixes:
Fix undefined behavior via casting file analyzers to protocol analyzers
Fix undefined behavior via hrw_weight BIF signed int overflow
Fix undefined behavior via invalid TCP analyzer cast
The field is populated in this order of preference:
(1) Use a client-identifier option sent by client
(2) Use the server's CHADDR field
(3) Use the client's CHADDR field
Case (3) did not exist before this patch.
When generating some events for PE and X509 file analyzers, there's
an invalid cast from file_analysis::Analyzer to analyzer::Analyzer
and subsequent invalid member access via analyzer::Analyzer::GetID()
called on what is really a pointer to a file analyzer.
* origin/topic/zeke/expire-func:
Ignore abs-path in test.
Report argument # type check failed on.
Update test baseline.
Improve func arg type checking.
&expire_func(table, arg1, arg2, ...) + type checking.
* topic/timw/algorithms:
Remove List::append deprecation
Mark List::append/insert deprecated in favor of push_back/push_front for consistency with Queue
Mark List::sort as deprecated, remove List::sortedinsert
Change container iterators to just use pointers directly into the container elements
* origin/topic/jsiwek/gh-475-no-default-tcmalloc:
GH-475: Require --enable-perftools to link in tcmalloc
I added an error message is --enable-perftools is given, but perftools
is not found - it does not seem great to not abort in these cases.
Before, Linux systems would automatically use tcmalloc if found.
Remove --disable-perftools since there's no longer any case where
it's used by default.
This allows one to tune the number of protocol violations to tolerate
from any given analyzer type before just disabling a given instance
of it.
Also removes the "disabled_aids" field from the DPD::Info record
since it serves no purpose: in this case, calling disable_analyzer
multiple times for the same analyzer is a no-op.
