* origin/topic/script-reference: (50 commits)
A few updates for the FAQ.
Fixing some doc warnings.
Forgot to add protocol identifier support for TLS 1.2
Finished SSL & syslog autodocs.
Adding the draft SSL extension type next_protocol_negotiation.
Fix some documentation errors.
Tweaks.
A set of script-reference polishing.
fixed a couple typos in comments
Add summary documentation to bif files.
Add ssl and syslog script documentation
Add Conn and DNS protocol script documentation. (fixes#731)
Small updates to the default local.bro.
Documentation updates for HTTP & IRC scripts.
SSH&FTP Documentation updates.
Fixing a warning from the documentation generation.
This completes framework documentation package 4.
Minor notice documentation tweaks.
Fix some malformed Broxygen xref roles.
Minor doc tweaks to init-bare.bro.
...
Conflicts:
aux/broccoli
aux/broctl
src/bro.bif
src/strings.bif
Includes:
- Updated baselines for autodoc tests.
- Now excluding stats.bro from external texts, it's not stable.
- Added a field named $last_alert to the SSL log. This doesn't even
indicate the direction the alert was sent, but we need to start somewhere.
- The x509_certificate function has an is_orig field now instead of
is_server and it's position in the argument list has moved.
- A bit of reorganization and cleanup in the core analyzer.
- Answers and TTLs are now vectors.
- The warning that was being generated (dns_reply_seen_after_done)
from transaction ID reuse is fixed.
- Updated the single failing btest baseline.
* origin/fastpath:
Binary packaging script tweaks.
More default "weird" tuning for the "SYN_with_data" notice.
Tiny bugfix for http file extraction along with test.
* origin/topic/jsiwek/http-1xx-replies:
Change logging of HTTP 1xx responses to occur in their own columns.
Fix handling of HTTP 1xx response codes (addresses #411).
- A null value no longer fits since if there is no body
a value of zero makes sense. Previously, a null value would
makes sense because the Content-Length header may not have
been sent which would leave the field null.
- scan.bro and hot.conn.bro will be returning soon.
- The rest are going to return as updated protocol analysis
scripts and new/updated frameworks later.
Changed the parser to not treat 1xx response codes as a final answer
to an unanswered request -- a later response is still expected.
The scripting layer will also not finish a request-reply pair when
seeing 1xx's, instead it logs both the 1xx and final response messages
with associated information of the current request as they're seen.
- protocols/ssl/expiring-certs uses time based information from
certificates to determine if they will expire soon, have already
expired, or haven't yet become valid.
- protocols/ssl/extract-certs-pem is a script for taking certs off
the line and converting them to PEM certificates with the openssl
command line tool then dumping them to a file.
