addresses. Rather than crashing, we warn the user once and then
always time out the call. This addresses #291, and a #355 is new
ticket scheduling fixing the actual problem to later.
* origin/topic/jsiwek/packaging:
Changes for packaging
Changes to CMake logic for binary packaging
Changes for CPack binary packaging
Fix package configuration macro returning from sub-project too early
Add warning when building and installing are done by different users
Fix for PackageMaker not accepting non-numeric versions
Fix for OS X 10.5 compile error wrt llabs()
Prefer static libraries for some dependencies on OS X
Added OS X configures options for SDK & minimum version
Changes to allow source packaging via CPack
- Added 'dist' target to top-level Makefile for doing source packages
- Added 'make-*-packages' scripts for generating binary packages
- Fixes for the ConfigurePackaging CMake script
- No longer fails when package version doesn't include a patch-level
- Now considers the case when a package doesn't install any
config files and the INSTALLED_CONFIG_FILES var is empty
- pre/post install scripts now track configuration files that may
be clobbered on package install/upgrade through the
INSTALLED_CONFIG_FILES CMake variable and attempts to make backups
when the distribution's file differs from the existing file.
The TCP Reassembler does not deliver any data to analyzers after the
first 2GB due to signed integer overflow (Actually it will deliver again
between 4--6GB, etc.) This happens silently, i.e., without content_gap
events or Undelivered calls.
See Comments in TCP_Reassembler.cc for more details.
As a hotfix that seems to work I disabled the seq_to_skip features. It
wasn't used by any analyzer or policy script (Note, that seq_to_skip is
different from skip_deliveries).
See also ticket #348
Closes#207. From there:
When files are rotated they lose their buffered flag, this is
because File::Open only does a SetBuf? when it opens the file
itself, but Rotate calls rotate_file to open the file.
- Refactored all packaging related stuff into a single CMake module
- Build should no longer fail when optional sources (e.g. broctl)
do not exist in the source directory, instead a warning is issued
- Additional configure options to change packaging behavior
From ticket #339http://tracker.icir.org/bro/ticket/339 :
* Fixing a couple of minor issues in the HTTP analyzer, that made the
analyzer raise a ProtocolViolation() on strange but seemingly legal
HTTP traffic. Well, the traffic might not necessarily be adhering the
RFC, but the server has understood it.
* Also stops parsing when the message is interrupted to prevent further
parsing and ProtocolViolation() generation.
* skip_http_entity_data: check return value of FindAnalyzer, since it
can be NULL
In addition:
* http-headers.bro now loads http.bro
Testsuite changes:
* Added a new weird (empty_http_request). This shows up once in the medium
testsuite.
* no change when running short testsuite
The expire timeout for the http_sessions table is unnecessary and it
actually breaks http session semantics for long-lived sessions. The
connection_state_remove() event can take care of cleaning up unanswered
sessions.
If a HTTP transfer exceeds the expire timer, then once the expire timer
fires we get an "unanswered" HTTP request in http.log and once the
reply is done (http_reply_done event), it fails to locate the associated
request (because it expired) and thus results in an "unsolicited" HTTP
reply being logged (althoug they should be one http session).
There was a comment in the expire_function mentioning that without the
expire timer some requests don't show up with the test-suite. However,
after checking back with Robin, I could not reproduce this behavior.
(Actually there's one fewer request in the output without the
expire-timer, but this can be explained by the above observation, so
this is not an error but the way it should be).
This patch results in changes to test-suite output:
* Timestamps for unanswered HTTP replies differ for unanswered request
in the "short" test.
* Medium testcase (note: lines are sorted, they are not in the order)::
-902189670.828700 <unknown request> (0 "" [40880 (interrupted)])
-902189670.828700 GET /1998/b142.ps <no reply>
-902189670.828700 start <<IP>>:<<port>> <<IP>>:80
+902189670.828700 GET /1998/b142.ps (200 "OK" [40880 (interrupted)] <<a.host.name>>)
