pass yet.
Changes:
- Gave IPAddress/IPPrefix methods AsString() so that one doesn't need
to cast to get a string represenation.
- Val::AsAddr()/AsSubnet() return references rather than pointers. I
find that more intuitive.
- ODesc/Serializer/SerializationFormat get methods to support
IPAddress/IPPrefix directly.
- Reformatted the comments in IPAddr.h from /// to /** style.
- Given IPPrefix a Contains() method.
- A bit of cleanup.
- non-binpac DNS analyzer now also generates dns_a6_reply event
- ExpectedConn class refactored to use IPAddr's
- BinaryExpr::AddrFold simplified
- IP_Hdr src/dst address accessor methods changed to construct IPAddr
objects on the fly from ip4/ip6 members.
Addresses #770.
DNS_Mgr handles combining the results of the A and AAAA queries
for a given hostname such that at the scripting layer, the name
resolution can yield a set with both IPv4 and IPv6 addresses.
This would usually manifest in raising truncated_IP weirds, which is
misleading because it wasn't actually an IP packet in the first place.
Now unknown_packet_type weird is raised instead.
Internally, all BROv6 preprocessor switches were removed and
addr/subnet representations wrapped in the new IPAddr/IPPrefix classes.
Some script-layer changes of note:
- dns_AAAA_reply event signature changed: the string representation
of an IPv6 addr is easily derived from the addr value, it doesn't
need to be another parameter. This event also now generated directly
by the DNS analyzer instead of being "faked" into a dns_A_reply event.
- removed addr_to_count BIF. It used to return the host-order
count representation of IPv4 addresses only. To make it more
generic, we might later add a BIF to return a vector of counts
in order to support IPv6.
- changed the result of enclosing addr variables in vertical pipes
(e.g. |my_addr|) to return the bit-width of the address type which
is 128 for IPv6 and 32 for IPv4. It used to function the same
way as addr_to_count mentioned above.
- remove bro_has_ipv6 BIF
* origin/topic/bernhard/software:
change software framework interface again. At the moment everything should worl.
start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...
after talking to seth - change host_a field in record back to host.
forgotten policy files.
Software framework stores ports for server software.
Lines with a range were being output with text "lines", and so were
being listed after all other lines belonging to the same Bro script
(e.g., "lines 123-125" was listed after "line 492"). Fixed by using
the text "line" instead of "lines".
Line numbers with fewer digits were being listed after line numbers
with more digits (e.g., "line 85" was listed after "line 237").
Fixed by sorting on a reformatted string (this string does not appear
in the output) where line numbers are right justified (padded on left
with spaces) so that sorting produces the expected results.
