The problem is that with certain compilers, the order of the file hash
events is reversed (for at this moment unknown reasons).
This fix simply removes all MD5 events from the dump-events test, only
leaving the SHA1 events. This removes this condition during the test.
* 'master' of https://github.com/marktayl/bro:
Better multi-space separator handling.
Also tweak multi-space separator handline some more and add test-case
triggering the new behavior.
Netcontrol log now includes more information; before that, it had not
quite caught up to the new capabilities (like flow modifying and
redirection, as well as mac addresses).
Furthermore, this fixes a number of bugs with cluster mode (like
duplicate events), test failures due to updates in Bro, etc.
Events now generally carry the unique ID of the backend that is given
during initialization; there are a few more functions and other
bugfixes.
A few netcontrol tests are still broken (mostly due to a pcap update in
msater).
* 'master' of https://github.com/marktayl/bro:
Removed duplicate parameter for IRC "QUIT" event handler.
Also add a test-case that checks the output of the quit
event handler.
The change from #49 made it an error to not have a URI. That however
then led requests with an URI yet no version to abort as well.
Instead, we now check if the token following the method is an "HTTP/"
version identifier. If, so accept that the URI is empty (and trigger
a weird) but otherwise keep processing.
Adding test cases for both HTTP requests without URI and without
version.
Cleaned up the surrounding code a bit and also added '[' as another
case (not sure that can happen, but doesn't hurt eihter).
* 'master' of https://github.com/aeppert/bro:
Whitespace
Remove
Remove.
Fix for JSON formatter
A fatal error, especially in DEBUG, should result in a core.
Seems to fix a case where an entry in the table may be null on insert.
The alert in this case is caused by the server name in the SNI not being
recognized by the server, which triggers an alert. Since the server is
an apache, and this might happen reasonably often, the new signature
allows one TLS alert before the server hello is expected.
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.
While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
