Switching from using the http_all_headers() event to
http_message_done(). That delays it a bit, but is the less expensive
event.
* 'topic/jgras/flash-detection' of https://github.com/J-Gras/bro:
Updated detection of Flash and AdobeAIR.
This commit introduces a new hook, HookAddToAnalyzerTree, which
allows plugins to add a new analyzer to the analyzer tree during
analyzer tree creation. This hook is necessary to support the
TCPRS plugin.
Additionally, the order in which the scripts were loaded has been
changed to address a problem with undefined variable errors due
to load order issues.
Signed-off-by: James Swaro <james.swaro@gmail.com>
* 'master' of https://github.com/aaronmbr/bro:
Copy-paste issue
Allow for logging of the VLAN data about a connection in conn.log
Save the inner vlan in the Packet object for Q-in-Q setups
This means CAF is now a required dependency. For now, I'm keeping a
switch --disable-broker to turn it off, but I'm thinking that
eventually we should remove that as well.
That way it can be reused more easily. This also avoid having to
change the serialization structure for packets, which is a problem as
external sources of packets (via Broccoli) wouldn't have the new
attributes available to send.
Also moving Packet.{h,cc} and Layer2.{h,cc} into iosource/, and
removing header size from properties that packet sources have to
provide, as we can now compute that easily from the link type.
Plus some more cleanup.
* 'topic/rework-packets' of https://github.com/jsbarber/bro:
One more tinker to Packet -- ensure no uninitialized values
Packet::IP()-created IP_Hdr should not free
Make enums work for non-C++11 config
Refactor to make bro use a common Packet object. Do a better job of parsing layer 2 and keeping track of layer 3 proto. Add support for raw packet event, including Layer2 headers.
Conflicts:
aux/plugins
I've worked on this a bit more:
- Added tcp_max_old_segments to init-bare.bro.
- Removed the existing call to Overlap() as that now led to
duplicate events.
- Fixed the code checking for overlaps, as it didn't catch all the
cases.
BIT-1314 #merged
GitHub #31 merged
* topic/yunzheng/bit-1314:
BIT-1314: Added QI test for rexmit_inconsistency
BIT-1314: Add detection for Quantum Insert attacks
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...
* origin/topic/seth/deflate-missing-headers-fix:
Fixes an issue with missing zlib headers on deflated HTTP content.
BIT-1399 #merged
