* origin/topic/jsiwek/file-reassembly-merge:
Add NEWS items related to file analysis changes.
Revert "Workaround race condition in unified2 file module."
Workaround race condition in unified2 file module.
Fix reference counting bug in refactored file reassembly code.
Change file extraction to explicitly NUL-fill gaps
Review/fix/change file reassembly functionality.
Improve TAR file detection and other small changes.
Updates for file mime type identification.
Updates the files event api and brings file reassembly up to master.
More file reassembly work.
Initial commit of file reassembly.
Retrieval of extended alert information from sid-msg.map, gen-msg.map,
and classification.config files uses Bro's input framework, but since
the unified2 file analyzer also relies on the input framework,
coordination is needed to start analysis only after extended info has
been read at least once.
BIT-1293 #merged
* origin/topic/johanna/ssl-fail-earlier:
and just to be safe - also require the &if check in binpac
make the SSL analyzer skip further processing once encountering situations which are very probably non-recoverable.
* origin/fastpath:
make sslv2 protocol tests more strict - in its current state they triggered on http traffic over port 443 sometimes.
Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs.
These logs aren't generally useful to build everytime, just when working
on and debugging one of the various grammars and at least I haven't
needed to look at them in years. Also, Ninja builds don't seem to work
because of them (can probably improve the related CMake macros so the
verbose logs do play nice with Ninja, but doesn't seem worth effort
right now, see previous comment).
- I've changed/extended the URI record fields a bit:
- path is always the full path including the full file name
- if there's no path, the field still still be set set "/".
- file_name is the full name including extenstion, and
file_base and file_ext split it out.
- Adding a test exercising a bunch of URLs.
* origin/fastpath:
for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
* origin/topic/vladg/mysql:
Update baselines.
Fix a logic bug with handling quits after the cleanup.
Integrate MySQL with the software framework
A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
Move MySQL analyzer to the new plugin architecture.
Add a btest for the Wireshark sample MySQL PCAP
Add support for more commands, and support quit
Redo the response handling..
Whitespace/readability fixes.
Add memleak and auth btests.
Update baselines.
Get MySQL to compile and add basic v9 support.
MySQL analyzer
* origin/fastpath:
Fix checking of fwrite return values
Some didn't look quite right so fixed while merging: the return value of
fwrite is in terms of number of objects written, not number of bytes
written and some calls still mixed those up.
* origin/topic/struck/BIT-1277:
[ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests
[ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix.
[ADD] added baseline for the new exec test and added a test to check for the empty files fix.
[FIX] exec should write an empty string when file is empty instead of the filename
[FIX] Add files to result table even if the files are empty
BIT-1277 #merged
* origin/topic/johanna/ssl-resumption:
Update baseline of new SSL policy script for changes
update test baselines
Mark everything below 2048 bit as a weak key (Browsers will stop accepting 1024 bits soon, so we can be of that opinion too).
add information about server chosen protocol to ssl.log, if provided by alpn.
change SSL log to contain a boolean flag signaling if a session was resumed instead of the (usually not really that useful) session ID the client sent.
BIT-1279 #merged
* origin/topic/seth/dnp3-wrong-sizeof-argument:
Fix some Coverity warnings about the DNP3 analyzer.
The for loop seemed wrong, fixed. (Looks like we don't have a test
making sure the times there are (still) correct ...)
BIT-1278 #merged
* origin/topic/jdopheid/BIT-1242:
Improved the log file reference documentation
Added missing log files prof, stderr, stdout
Add a test that detects changes in the list of all Bro log files
Broke down logs into grouped sections based on use & origin
Adding deatils for modbus_register_change.log
More updates to log files page: descriptions
Changing name of file
New page for List of Log files, linked to script-reference
Very nice. I've reorganized slightly more, mostly to shrink down the
"other" category: moved some of that into "Detection" and "Files" (the
latter is small, but will hopefully grow).
BIT-1242 #merged
