* origin/topic/jazoff/notice_file_info:
Include file information in notices
BIT-1113 #merged
I'm wondering if there's a way to test creating these emails ... ?
* origin/topic/jsiwek/libmagic-integration:
Don't use LOG_* options to ExternalProject_Add if not supported.
Integrate libmagic 5.16 via CMake ExternalProject.
BIT-1116 #merged
This includes enhanced GRE headers. GRE tunnels are treated just like
IP-in-IP tunnels by parsing past the GRE header in between the delivery
and payload IP packets.
* origin/fastpath:
Improve GeoIP City database support.
Broxygen init fixes, addresses BIT-1110.
Fix for packet writing to make it use the global snaplength.
Fix for traffic with TCP segmentation offloading with IP header len field being set to zero.
When trying to open a city database, it now considers both the "REV0"
and "REV1" versions of the city database instead of just the former.
The extra fields of the "REV1" version (metro/area code) aren't yet put
in geo_location records, this change just allows this version of the
city database to be opened w/ same functionality as the other version.
This should be convenient because libGeoIP expects either version to
live at the same file system path, it's hard to tell which version
you've got, and current free GeoLite databases seem to be "REV1".
- Don't check mtime of bro binary if BRO_DISABLE_BROXYGEN env var set.
- Fix failure to locate bro binary if invoking from a relative
path and '.' isn't in PATH.
Instead of storing the entire notice in Notice::suppressing,
just store the time the notice should be suppressed until.
This has the same functionality, except that end_suppression can no
longer be generated.
* origin/topic/dnthayer/doc-updates:
Fix typo in Bro 2.2 NEWS
Fixed typo in the Quick Start Guide
Add documentation for event parameters
Fix typos in BIF documentation
Update the documentation of types and attributes
BIT-1109 #merged
lookup_hostname("localhost") occassionally timed out (after allowed 10
secs) when running test suite on some systems. Not sure why, but
changed to use the Exec module for when block conditions instead as the
scope of the test doesn't depend on a particular type of condition, it
just needs something that will work reliably/quickly.
* origin/topic/seth/ie11-software-parsing:
Updated software framework to support parsing IE11 user-agent strings.
Fix the irc_reply event for several server message types.
BIT-1104 #merged
- Internals: move type alias table to private static BroType member.
- Sphinx extension: now uses absolute path to bro binary.
- reST ouput formatting: remove "param" from function desriptions
and change package overview docs so script link+summaries render
consistently.
- First:
Due to architectural constraints, it is very hard for the
input framework to handle optional records. For an optional record,
either the whole record has to be missing, or all non-optional elements
of the record have to be defined. This information is not available
to input readers after the records have been unrolled into the threading
types.
Behavior so far was to treat optional records like they are non-optional,
without warning. The patch changes this behavior to emit an error on stream-
creation (during type-checking) and refusing to open the file. I think this
is a better idea - the behavior so far was undocumented and unintuitive.
- Second:
For table and event streams, reader backend creation was done very early,
before actually checking if all arguments are valid. Initialization is moved
after the checks now - this makes a number of delete statements unnecessary.
Also - I suspect threads of failed input reader instances were not deleted
until shutdown
- Third:
Add a couple more consistency checks, e.g. checking if the destination value
of a table has the same type as we need. We did not check everything in all
instances, instead we just assigned the things without caring (which works,
but is not really desirable).
This change also exposed a few bugs in other testcases where table definitions
were wrong (did not respect $want_record)
- Fourth:
Improve error messages and write testcases for all error messages (I think).
