* 'topic/christian/inputframework-reporter-filenames' of https://github.com/ckreibich/zeek:
Add input file name to additional ASCII reader warning messages
The ASCII reader had a few messages that did not indicate in which
file it notices a problem. With the input framework it simplifies
troubleshooting when that file is spelled out, because you may have
multiple such files on your system.
Includes test baseline updates.
Due to string representation of Broker vectors changing (they now
use parentheses instead of square brackets).
Related to https://github.com/zeek/broker/issues/43
* origin/topic/timw/173-port-ranges:
GH-173: Support ranges of values for value_list elements in the signature parser
GH-173: Modify the signature parser so ID components (such as variable names) can't start with numbers
* origin/topic/johanna/clone:
Add leak-checks for new copy operations
Finish implementation of copy method.
Checkpoint - all non-opaque-types can be cloned.
Reimplement copy().
Fixed a couple leaks during merge.
All types (besides EntropyVal) now support a native copy operation,
which uses primitives of the underlying datatypes to perform a quick
copy, without serialization.
EntropyVal is the one exception - since that type is rather complex
(many members) and will probably not be copied a lot, if at all, it
makes sense to just use the serialization function.
This will have to be slightly re-written in the near-term-future to use
the new serialization function for that opaque type.
This change also introduces a new x509_from_der bif, which allows to
parse a der into an opaque of x509.
This change removes the d2i_X509_ wrapper function; this was a remnant
when d2i_X509 took non-const arguments. We directly use d2i_X509 at
several places assuming const-ness, so there does not seem to ba a
reason to keep the wrapper.
This change also exposed a problem in the File cache - cases in which an
object was brought back into the cache, and writing occurred in the
file_open event were never correctly handeled as far as I can tell.
For backward compatibility when reading values, we first check
the ZEEK-prefixed value, and if not set, then check the corresponding
BRO-prefixed value.
To be more exact: &encrypt, &mergeable, &rotate_interval, &rotate_size
Also removes no longer used redef-able constants:
log_rotate_interval, log_max_size, log_encryption_key
GH-243
Most of these changes are either cmake-related or plugin-related.
Added a new test "plugins/legacy.zeek" to test that legacy Bro plugins
still work.
Also added a symlink bro-path-dev.in because some legacy Bro packages
won't install without it.
Otherwise, setting Reporter::errors_to_stderr=F causes important
error messages to be lost (and this setting is the default for
ZeekCtl). E.g. now that we terminate if there's errors during
zeek_init, GH-369 shows that the only error message given was
"fatal error: errors occurred while initializing", which is not
helpful in determining the actual issue.
This is needed to track name changes for the documentation.
With this things, which do not need val-cloning, generally seem to work
again. There are a whole bunch of test failures at the moment.
The KRB parser allowed for the following types/fields to be left
uninitialized, so an &optional attribute was added to reflect that:
- KRB::Error_Msg
- pvno
- msg_type
- server_time
- service_realm
- service_name
- KRB::KDC_Request
- kdc_options
- service_realm
- till
- nonce
- encryption_types
Usages have also been adapted to perform existence checks.
Broker::subscribe() after Broker::peer() may result in losing messages,
always best to do the reverse order.
Also possibly improved chance of unstable unit test output order.
* origin/topic/jsiwek/dns-mgr-fixes:
Fix timing out DNS lookups that were already resolved
Remove an unhelpful/optimistic DNS_Mgr optimization
Fix DNS_Mgr priority_queue usage
Remove dead code from DNS_Mgr
Improve DNS_Mgr I/O loop: prevent starvation due to busy Broker
Fix a ref counnting bug in DNS_Mgr
