- Removed the ProtocolViolation notice. I'd like to hear
if someone actually used that notice for something.
- Folded the dyn-disable functionality into the dpd/base script.
- Other small cleanup.
Added an additional master TOC index for Bro script packages that
automatically gets filled in at ``make doc`` time. The master TOC
links to per-package indexes which contains links to all the scripts
contained within it along with their summary. The per-package index
is also now automatically generated/derived from the path component
of the script passed into the rest_target() macro.
- Fixed a pretty major eternal looping bug in the SSL analyzer and
a few other parsing problems.
- New core scripts and log for SSL connection analysis.
- New known-certs script for logging certificate assets.
Added an arg to the search_for_files() util function that can return
the subpath of BROPATH's policy/ dir in which the loaded file is found.
This subpath is then used in both the the reST file's document title
(so that script's named e.g. "base.bro" actually have some context) and
in figuring out how to interlink with other generated docs of other
scripts that are found in @load directives.
I still need to overhaul things so the loading of "packages" is
documented in a meaningful way and that the CMake targets are able
to generate indexes for packages.
- core.load-unload: scripts that get loaded by default changed, so to
make the test insensitive to that in the future, I changed the test
to just check that the stdout is empty (the @unload'd script would have
had output there)
- policy.frameworks.logging.rotate-custom: I saw that the ordering of
the log postprocessor output caused a failure for me even though the
overall content was the same, so it now sorts that part before diff'ing
- core.print-bpf-filters-ipv[4|6]: packet-filter log file name changed
- policy.protocols.conn.known-services: logging file names changes and
local_nets is now in the Site module
Caused by changes made while working on the way loaded scripts are tracked
(commit 9de6e9170c to master branch) that
didn't take into account an unmerged commit on the policy-scripts-new branch
(56a946568a).
(re-added warning comments that were removed in the former commit since they
still seem relevant now)
- Fixed problem where notices were logged even if they
didn't have the ACTION_FILE action applied.
- New PolicyItem element, $halt. It's used for halting
the policy processing if a predicate returns T.
This replaces the ACTION_STOP action.
- Initial hacky email extension mechanism.
- Removed the IDMEF line. When that added back later
it will likely be done more modularly.
* origin/topic/seth/net-stats-bif:
Removing a stray print statement.
Changed netstats (packet loss) handling to script-land.
Nice idea to pass the old data into a regular scheduled event!
Conflicts:
src/event.bif
* origin/fastpath:
Raise internal error when failing to read contents of state file with -x option
I've changed this to use error() instead of internal_error(). The
latter should only be used for logic errors that indicate a bug in
Bro. In this case, the message flags a problem that's more likely to
be external.
- When ACTION_EMAIL_ADMIN_ORIG or ACTION_EMAIL_ADMIN_RESP
is applied to a notice,
the email addresses associated with the address
are collected from the new local_admins table
and the email is sent to all discovered email addresses.
- The site.bro script is now in the Site module.
- Some other small cleanup.
- When ACTION_EMAIL_ADMIN is applied to a notice,
the email addresses associated with the address
are collected from the new local_admins table
and the email is sent to all discovered email addresses.
- The site.bro script is now in the Site module.
- Some other small cleanup.
