Commit graph

16 commits

Author SHA1 Message Date
Jon Siwek
27e47f0a57 FileAnalysis: replace script-layer IRC file analysis. 2013-03-27 14:02:20 -05:00
Jon Siwek
84a0c2fdac FileAnalysis: file handles now set from events.
Versus from synchronous function calls, which doesn't work well because
the function call can see a script-layer state that doesn't reflect
the state as it will be in terms of the event/network stream.
2013-03-25 15:37:58 -05:00
Jon Siwek
661677d452 FileAnalysis: separating IRC/FTP data analyzers.
It simplifies the file handle string callbacks.
2013-03-20 11:12:06 -05:00
Jon Siwek
59ed5c75f1 FileAnalysis: add unit tests covering current protocol integration.
And had to make various fixes/refinements after scrutinizing results.
2013-03-19 15:50:05 -05:00
Jon Siwek
878dfff2f2 FileAnalysis: decentralize unique file handle generator callbacks.
The framework now cycles through callbacks based on a table indexed
by analyzer tags, or the special case of service strings if a given
analyzer is overloaded for multiple protocols (FTP/IRC data).  This
lets each protocol script bundle implement the callback locally and
reduces the FAF's external dependencies.
2013-03-13 10:48:26 -05:00
Vlad Grigorescu
f43576cff3 Fix some Info:Record field documentation. 2012-07-13 14:04:24 -04:00
Matthias Vallentin
6c255d13ff Merge remote-tracking branch 'origin/master' into topic/bif_cleanup
Conflicts:
	src/bro.bif
2012-01-18 14:56:53 -08:00
Seth Hall
3be1222532 Documentation updates for HTTP & IRC scripts.
Closes #733
2012-01-08 02:22:52 -05:00
Jon Siwek
cc1459ef35 Fix some malformed Broxygen xref roles. 2011-12-16 14:30:36 -06:00
Matthias Vallentin
3814313b0b Merge branch 'master' into topic/bif_cleanup 2011-12-11 18:47:19 -08:00
Seth Hall
70004cb04d Small updates to address the "globals" ticket.
Fixes #633
2011-11-30 11:35:53 -05:00
Matthias Vallentin
0325b5ea32 to_port() now parses a string instead of a count.
Addresses #684.
2011-11-20 21:41:41 -08:00
Seth Hall
6d67f7830d Added to the likely_server_ports set for protocols with analyzers.
- Updated some tests since Bro is getting the direction
  correct now.

- Updated BPF filter test since I added a few ports to IRC
  as well.
2011-10-07 13:44:28 -04:00
Seth Hall
11c437faa3 Logging framework update and mass Log::ID renaming.
- Log path's are generated in the scripting land
  now.  The default Log stream ID to path string
  mapping works like this:
    - Notice::LOG -> "notice"
    - Notice::POLICY_LOG -> "notice_policy"
    - TestModule::LOG -> "test_module"

- Logging streams updated across all of the shipped
  scripts to be more user friendly.  Instead of
  the logging stream ID HTTP::HTTP, we now have
  HTTP::LOG, etc.

- The priorities on some bro_init handlers have
  been adjusted to make the process of applying
  filters or disabling streams easier for users.
2011-09-03 01:10:17 -04:00
Jon Siwek
47500ceef4 Add a test that checks each individual script can be loaded in bare-mode.
Fixed most @load dependency issues in the process.  The test is still
failing in a "known" way due to hot.conn.bro and scan.bro.

Adressess #545
2011-08-10 15:38:21 -05:00
Seth Hall
597a4d6704 Hopefully the last major script reorganization.
- policy/ renamed to scripts/

- By default BROPATH now contains:
	- scripts/
	- scripts/policy
	- scripts/site

- *Nearly* all tests pass.

- All of scripts/base/ is loaded by main.cc
	- Can be disabled by setting $BRO_NO_BASE_SCRIPTS
	- Scripts in scripts/base/ don't use relative path loading to ease use of BRO_NO_BASE_SCRIPTS (to copy and paste that script).

- The scripts in scripts/base/protocols/ only (or soon will only) do logging and state building.

- The scripts in scripts/base/frameworks/ add functionality without causing any additional overhead.

- All "detection" activity happens through scripts in scripts/policy/.

- Communications framework modified temporarily to need an environment variable to actually enable (ENABLE_COMMUNICATION=1)
	- This is so the communications framework can be loaded as part
	  of the base without causing trouble when it's not needed.
	- This will be removed once a resolution to ticket #540 is reached.
2011-08-05 23:09:53 -04:00