- Notices are generated in the cases of being unable
to compile or install a new filter.
- A PacketFilter::install() function is now exported
so that external scripts can update the packet
filter.
The output of some versions of `wc` (e.g. MacOS) seems to indent
their output while others don't, causing the baseline diff to fail.
So pipe to sed to get rid of spaces before diffing.
Removed the test's diff against baseline output that contained absolute
paths so that it will work across systems. Also don't redirect anything
to stderr so that failure information shows up in btest diagnostic output.
- Fixed bug with new sessions accidently being created
just after logging which caused a lot of empty records
to be logged.
- Readded the HTTP::MD5 notice for when an MD5 sum is
calculated for HTTP response bodies.
- Fixed bug with extracting value from content-length
headers.
- Flushing values from md5 sum generation more reliably
to avoid leaking memory.
- The all.bro script loads tuning/defaults which is
commonly applied tuning.
- Other less common tuning can be placed in the tuning/
directory directly.
* origin/topic/seth/ssl-binpac:
Fixed bug due to vectors now initially indexed on 0.
Finished core support for new SSL analyzer.
SSL analyzer changes with accompanying BiF.
A table_s_of_s type to get around bifcl type limitation.
Regenerated the Mozilla CA bundle without the untrusted server authentication certs.
Complete rewrite to SSL analyzer.
Conflicts:
src/AnalyzerTags.h
src/CMakeLists.txt
Notes:
- Haven't looked at the script-level, postponed to
policy-scripts-new.
- I renamed X509Extension to X509_extension for consistency.
Note: I didn't merge anything in policy/*. Seems there was some
unrelated stuff in there, and the ticket says that the policy script
was a dummy for now anyway.
* origin/topic/seth/syslog-analyzer:
Updates for syslog analyzer to prepare it for merging.
Added the initial syslog analyzer and policy script.
Adding some of the initial scripts that are going to be merged from my script repository.
- The install_pcap_filter BiF no longer will prevent
a filter from being installed if a -f filter was
provided. This was already causing a problem where
command line supplied filters weren't working.
The pcap.bro script is now where the filter update
limitation is placed making it possible for users
to still update the filter at runtime if they really
want to.
With a directory "foo" somewhere in BROPATH, "@load foo" now checks if
there's a file "foo/__load__.bro". If so, it reads that file in. (If
not, Bro reports the same error as before, complaining that it can't
read a directory).
