Works like old enable_communication(), but for new broker communication
mechanism. Scripts have to explicitly call this if they want to use the
broker communication functionality. Saves a decent chunk of Bros'
initialization time when one doesn't need communication features.
For now, this is needed when locally cloning Vals. E.g. "when"
statements will clone an entire frame and data store queries use "when"
statements, so it's likely there will be locals of these opaque types
that get cloned.
- Split up the (quite length) krb-protocol.pac into krb-protocol, krb-defs, krb-types and krb-padata
- Add some supporting types to get rid of awkward and difficult to read case true/false statements
- Clean up the conversion code in krb-analyzer.pac
Fixing one missing index adjustment (I believe ...)
BIT-757 #merged
* origin/topic/jsiwek/deprecation:
Fix typo.
Update documentation (broken links, outdated tests).
Update NEWS for deprecated/changed functions.
Deprecate split* family of BIFs.
Improve use of &deprecated on functions.
Add a new attribute: &deprecated.
It now works a bit differently than before: whether to send a remote log
write is now a property of the logging stream, not the logging filter
and it's now up the the receiver side filters to instantiate the desired
writer. i.e. the sender now has no say in what the receiver should use
as the log writer backend.
Under the new style of remote logging, the "Log::enable_remote_logging"
option is repurposed to set the default behavior for new logging
streams. There's also "Comm::{enable,disable}_remote_logging()" to
explicitly set the desired behavior for a given logging stream. To
receive remote logs, one calls "Comm::subscribe_to_logs(<topic>)", where
senders implicitly use topics of the form "bro/log/<stream id>".
A DNP3 packet using a link layer header that specifies a zero length can
trigger an assertion failure if assertions are enabled. Assertions are
enabled unless Bro is compiled with the NDEBUG preprocessor macro
defined. The default configuration of Bro will define this macro and so
disables assertions, but using the --enable-debug option in the
configure script will enable assertions. When assertions are disabled,
or also for certain length values, the DNP3 parser may attempt to pass a
negative value as the third argument to memcpy (number of bytes to copy)
and result in a buffer over-read or overflow.
Reported by Travis Emmert.
Field lengths derived from other data in the input could potentially
lead to reading from outside the bounds of the input buffer.
Reported by John Villamil and Chris Rohlf - Yahoo Paranoids
These functions are now deprecated in favor of alternative versions that
return a vector of strings rather than a table of strings.
Deprecated functions:
- split: use split_string instead.
- split1: use split_string1 instead.
- split_all: use split_string_all instead.
- split_n: use split_string_n instead.
- cat_string_array: see join_string_vec instead.
- cat_string_array_n: see join_string_vec instead.
- join_string_array: see join_string_vec instead.
- sort_string_array: use sort instead instead.
- find_ip_addresses: use extract_ip_addresses instead.
Changed functions:
- has_valid_octets: uses a string_vec parameter instead of string_array.
Addresses BIT-924, BIT-757.
While scripts are parsed, a warning is raised for each usage of an
identifier marked as &deprecated. This also works for BIFs.
Addresses BIT-924, BIT-757.
* origin/topic/robin/dnp3-merge-v4:
add test trace in which DNP3 packets are over UDP; update test scripts and baseline results
A bit more DNP3 tweaking.
remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
Renameing the DNP3 TCP analyzer
quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
Removing the debug printf in DNP3.cc
fixed the bug of deciding the size of object 1 varition 1 in DNP3
Fix some things in DNP3 UDP analyzer.
changed a bug, but still not working
modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
BIT-1231 #merged
- Use a boolean success instead of a result string
- Change the affected_rows response detail string to a "rows" count
- Fix the state tracking to log incomplete commands
