On Travis CI, btest was using 32 threads when running with "-j". Reducing
this to "-j 4" seems to make the tests run a bit faster overall and
somewhat reduces the number of test failures.
The test could fail on the order of 100s of iterations, so I bumped to
desired accuracy to actually check for results that are outside the
error margin.
* 'Reporter/MessageFix' of https://github.com/catenacyber/bro:
Better reporter for Brostring with embedded NUL
I slightly changed the code for beautification purposes and added a
testcase. No functional changes.
Remove some output from the Travis CI build log to make it easier
to read.
There is an issue with Travis CI when using encrypted environment
variables. In this case, when btest calls the python function
sys.stdout.isatty() it returns False, which causes btest to output one
line for each test (passed or failed). As a result, it is difficult to
see at a glance which tests failed. Switching to btest brief output to
address this issue.
The way in which TLS 1.3 is negotiated was changed slightly in later
revisions of the standard. The final version is only sent in an
extension - while the version field in the server hello still shows TLS
1.2.
This patch makes ssl.log show the correct version again.
I've moved .travis.job to testing/scripts/travis-job and adapted
.travis.yml accordingly.
* origin/topic/dnthayer/travis-ci-updates:
Fix information leak in the update-traces script
Add coverity scan and private testing to Travis CI
For trace files that require authentication to download, hide
part of the URL in output messages. This avoids leaking potentially
sensitive info when running tests using a continuous integration
service.
Closes BIT-1900.
* origin/topic/johanna/config:
Use port_mgr->Get() in the input framework config changes.
Allow the empty field separator to be empty; use in config framework.
Fix small bug in config reader.
Fix segmentation fault when parsing sets containing invalid elements.
Add config framework.
Closes BIT-1897.
* origin/topic/johanna/ssl_signature_details:
Make parsing of ServerKeyExchange work for D(TLS) < 1.2.
Add more details to ssl_server_signature.
* 'smb-transaction-messages' of https://github.com/jbencteux/bro:
add test for smb1_com_transaction_response event changes
add test for smb1_com_transaction2_secondary_request event changes
add test for smb1_com_transaction2_request event changes
add test for smb1_com_transaction_secondary_request event changes
add test for smb1_com_transaction_request event changes
fix setup field handling in smb1_com_transaction_request messages
fix smb1_com_transaction* messages
add smb1_transaction2_secondary_request event
add smb1_transaction_secondary_request event
add parameters and data to smb1_transaction_request/response messages
add SMB_Parameters.Words to smb1_transaction2_request event
* 'nfs-updates' of https://github.com/dtrejod/bro:
Format print nfs units tests to improve output readability. Add unit tests for new NFS events -- nfs_proc_symlink, nfs_proc_link, nfs_proc_sattr.
Bug fix: nfs3_writeargs didn't properly return filehandle.
Add nfs_proc_symlink, nfs_proc_link, nfs_proc_sattr.
* 'mount-protocol' of https://github.com/dtrejod/bro:
Add unit tests for new MOUNT events -- mount_proc_mnt, mount_proc_umnt, mount_proc_umnt_all, mount_proc_not_implemented.
Add mount_proc_null, mount_proc_mnt, mount_proc_umnt, mount_proc_umnt_all, mount_proc_not_implemented, mount_reply_status.
This small change allows the empty field separator to be empty. This
means that we can represent an empty list by a empty input string, which
was not possible before.
Before, an empty empty field separator meant that there is no empty
field - to get back to this behavior one now has to set the empty field
separator to a string that is guaranteed to not be part of the input
data. Note that we did not use "empty" empty field separators anywhere
and I am not aware of this being used by anyone - the new behavior seems
like it is much more useful in practice.
This also changes the config framework to interpret empty lists as...
empty, instead of interpreting them as lists that have one zero-length
element; this seems like the saner default.
The configure reader had a small bug that caused the tracking of changed
variables to be incorrect after the second update. This resulted in
change-events for unchanged variables.
Currently the destructor would try to free unallocated memory. This
could e.g. be triggered by the input framework reading a set with an
invalid element.
* Add proper namespace scoping to a 'SumStats::process_epoch_result'
scheduled event.
* Fix iterator invalidation within 'SumStats::process_epoch_result'
* Give 'SumStats::process_epoch_result' a copy of the result table so
that the SumStats framework can clear the original and move on to the
next epoch immediately.
* The previous baseline of the basic sumstats unit test did look wrong
to me and probably was actually indicative of the iterator invalidation
problem.
Thanks to Jim Mellander for reporting the issues.
get_filter_names(id: ID) : set[string] returns the names of the current
list of filters for a specified log stream.
Furthermore this commit makes a number of logging functions more robust
by checking existence of values before trying to modify them. This
commit also really implements (and tests) the enable_stream function.
This makes conn.logs a bit prettier (and smaller) because all lines that
do not use a tunnel will now have a "-" instead of the "(empty)" for
tunnel_parents.
The "coverage/init-default.test" will always fail if there is a
path component named "build" anywhere before the bro install
directory (for example, if the tests are run from home dir of a user
named "build"). Fixed this by making a regex more specific so that
it matches the correct lines in loaded_scripts.log.
There are two new script level functions to query and lookup files
from the core by their IDs. These are adding feature parity for
similarly named functions for files. The function prototypes are
as follows:
Files::file_exists(fuid: string): bool
Files::lookup_File(fuid: string): fa_file
These have been lingering for a while and they generally annoy
everyone because of the sheer volume. They also don't really add
any useful information for debugging and they were generated differently
than most other weirds anyway (which was a little weird...).
This introduces a new option, SOCKS::default_capture_password which can
be used to specify if Socks passwords are logged by default
Like fot FTP/HTTP, this option is set to false by default.
Addresses BIT-1791
Now we only parse the SignatureAndHashalgorithm field in cases where it
is present. This change also takes care to respect SCTs, which do
include the SignatureAndHashalgorithm in their digitally-signed struct,
even when used in protocol versions that do not have the
SignatureAndHashalgorithm in the protocols digitally-signed struct.
I also added tests to make sure this does indeed work with TLS 1.1 - it
turns out that so far we did not have a single TLS 1.1 pcap.
The configuration framework consists of three mostly distinct parts:
* option variables
* the config reader
* the script level framework
I will describe the three elements in the following.
Internally, this commit also performs a range of changes to the Input
manager; it marks a lot of functions as const and introduces a new
ValueToVal method (which could in theory replace the already existing
one - it is a bit more powerful).
This also changes SerialTypes to have a subtype for Values, just as
Fields already have it; I think it was mostly an oversight that this was
not introduced from the beginning. This should not necessitate any code
changes for people already using SerialTypes.
option variable
===============
The option keyword allows variables to be specified as run-tine options.
Such variables cannot be changed using normal assignments. Instead, they
can be changed using Option::set. It is possible to "subscribe" to
options and be notified when an option value changes.
Change handlers can also change values before they are applied; this
gives them the opportunity to reject changes. Priorities can be
specified if there are several handlers for one option.
Example script:
option testbool: bool = T;
function option_changed(ID: string, new_value: bool): bool
{
print fmt("Value of %s changed from %s to %s", ID, testbool, new_value);
return new_value;
}
event bro_init()
{
print "Old value", testbool;
Option::set_change_handler("testbool", option_changed);
Option::set("testbool", F);
print "New value", testbool;
}
config reader
=============
The config reader provides a way to read configuration files back into
Bro. Most importantly it automatically converts values to the correct
types. This is important because it is at least inconvenient (and
sometimes near impossible) to perform the necessary type conversions in
Bro scripts themselves. This is especially true for sets/vectors.
Configuration generally look like this:
[option name][tab/spaces][new variable value]
so, for example:
testaddr 2607:f8b0:4005:801::200e
testinterval 60
testtime 1507321987
test_set a b c d erdbeerschnitzel
The reader uses the option name to look up the type that variable has in
the Bro core and automatically converts the value to the correct type.
Example script use:
type Idx: record {
option_name: string;
};
type Val: record {
option_val: string;
};
global currconfig: table[string] of string = table();
event InputConfig::new_value(name: string, source: string, id: string, value: any)
{
print id, value;
}
event bro_init()
{
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
}
Script-level config framework
=============================
The script-level framework ties these two features together and makes
them a bit more convenient to use. Configuration files can simply be
specified by placing them into Config::config_files. The framework also
creates a config.log that shows all value changes that took place.
Usage example:
redef Config::config_files += {configfile};
export {
option testbool : bool = F;
}
The file is now monitored for changes; when a change occurs the
respective option values are automatically updated and the value change
is written to config.log.
This commit fixes a few small issues.
* server key exchange parameters are only parsed when a named curve is
given.
* I removed the ssl-verbose.bro and moved the functionality into the
testcase.
The information that we get with these events is likely irrelevant to
the majority of Bro users; I do not think that we have to ship a
script that uses them by default. A script like this would be
something to publish via the Bro package manager instead; this is the
approach that we have taken with a number of the recent SSL addition.
* I marked the ssl_server_curve event as deprecated. More information is
contained in the new ssl_ecdh_server_params event.
This is an events that is probably seldomly (or never) directly used
by anyone; I plan to completely remove it right after the 2.6 release.
