* origin/topic/jsiwek/gridftp:
Add memory leak unit test for GridFTP.
Enable GridFTP detection by default. Track/log SSL client certs.
Add analyzer for GSI mechanism of GSSAPI FTP AUTH method.
Add an example of a GridFTP data channel detection script.
* origin/fastpath:
...and forgotten debug-output, sorry (was already merged in some other internal repositories before I noticed)
and another bug in the input framework: config table does not work (is not transmitted to the readers) because the initialization was done the wrong way round.
* origin/fastpath:
Small but important fix for the input framework. BroStrings were constructed without a final \0 - which means that strings read by the input framework are unusable by basically all internal functions (like to_count).
* origin/fastpath:
Fix the "-=" operator for intervals
Fix "!=" operator for subnets
Add sleeps to configuration_update test for better reliability.
Fix a segfault when iterating over a set
* origin/fastpath:
Remove automatic use of gperftools on non-Linux systems.
Fix uninitialized value for 'is_partial' in TCP analyzer.
parse 64-bit consts correctly.
on 32-bit machines only unsigned long longs are 64-bits long. Not just unsigned longs...
* remotes/origin/topic/bernhard/input-warn-on-invalid-numbers:
...and another small change to error handling -> now errors in single lines do not kill processing, but simply ignore the line, log it, and continue.
Ok, this one was a little bit sneaky.
ok, this one might really be a bit too big for 2.1
* origin/fastpath:
Ok, this one is not really necessary for 2.1 and more of a nice-to-have
another small bug found while searching for something else...
Fix two little bugs:
sorry. the patch for the set_separator.
make set_separators different from , work for input framework.
Bug found bei Keith & Seth: input framework was not handling counts and ints out of 32-bit-range correctly.
* origin/fastpath:
Update documentation for builtin types
Adding an identifier to the SMTP blocklist notices for duplicate suppression.
Doc fixes for signature 'eval' conditions.
Remove orphaned unit tests.
Add type checking for signature 'eval' condition functions.
* origin/topic/bernhard/input-allow_invalid_types:
to be sure - add a small assertion
add an option to the input framework that allows the user to chose to not die upon encountering files/functions.
That's the last feature for 2.1!
* origin/fastpath:
Add test serialization to "leak" unit tests that use communication.
Change to metrics/basic-cluster unit test for reliability.
Minor tweak to coverage.bare-mode-errors unit test.
Fixed ack tracking which could overflow quickly in some situations.
* origin/fastpath:
single-line documentation addition to main input framework script.
add testcase for input of set. Sets can be imported by not specifying $val in the add_table call.
* origin/fastpath:
Add the Stream record to Log:active_streams to make more dynamic logging possible.
Fix portability of printing to files returned by open("/dev/stderr").
Fix mime type diff canonifier to also skip mime_desc columns
Unit test tweaks/fixes.
Fix memory leak of serialized IDs when compiled with --enable-debug.
One tweak to the open() change: make sure we don't try to rotate the
special files.
There are now two FinishedRotation() methods, one that triggers
post-processing and one that doesn't. There's also insurance built in
against a writer not calling either (or both), in which case we abort
with an internal error.
Also reenabling the logs-to-elasticsearch.bro script in
test-all-policy.bro, that seems to work now.
* origin/fastpath:
Reworked how the logs-to-elasticsearch scripts works to stop abusing the logging framework.
* origin/fastpath:
Small (potential performance) improvement for logging framework.
Script-level rotation postprocessor fix.
update input framework documentation to reflect want_record change.
Fix crash when encountering an InterpreterException in a predicate in logging or input Framework.
make want_record=T the default for events
failure.
Once a writer/reader Do* method has returned false, no further ones
will be executed anymore. This is primarily a safety mechanism to make
it easier for writer/reader authors as otherwise they would often need
to track the failure state themselves (because with the now delayed
termination from the earlier commit, furhter messages can now still
arrive for a little bit).
* origin/fastpath:
and remove superflous print.
add testcase for subrecords and events add missing binary testcase (Baseline is in master, testcase is missing for some reason) make error output for nonmatching event types much more verbose
Add more error handling for close() calls.
add testcase for subrecords to input framework tests
* origin/fastpath:
Fix complaint from valgrind about uninitialized memory usage.
Fix differing log filters of streams from writing to same writer/path.
Fix tests and error message for to_double BIF
