BIT-1293 #merged
* origin/topic/johanna/ssl-fail-earlier:
and just to be safe - also require the &if check in binpac
make the SSL analyzer skip further processing once encountering situations which are very probably non-recoverable.
situations which are very probably non-recoverable.
Current behavior could lead to us jumping in in the middle of an old
443 stream and interpreting some data as ssl before failing again.
* origin/fastpath:
make sslv2 protocol tests more strict - in its current state they triggered on http traffic over port 443 sometimes.
Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs.
These logs aren't generally useful to build everytime, just when working
on and debugging one of the various grammars and at least I haven't
needed to look at them in years. Also, Ninja builds don't seem to work
because of them (can probably improve the related CMake macros so the
verbose logs do play nice with Ninja, but doesn't seem worth effort
right now, see previous comment).
- I've changed/extended the URI record fields a bit:
- path is always the full path including the full file name
- if there's no path, the field still still be set set "/".
- file_name is the full name including extenstion, and
file_base and file_ext split it out.
- Adding a test exercising a bunch of URLs.
* origin/fastpath:
for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
The openflow framework now supports multiple
controllers. The design now looks a bit object
oriented and a new() function creates a controller
record.
Moved the JSON script from the JSON namespace into a
openflow specific OpenflowJSON namespace
* origin/topic/vladg/mysql:
Update baselines.
Fix a logic bug with handling quits after the cleanup.
Integrate MySQL with the software framework
A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
Move MySQL analyzer to the new plugin architecture.
Add a btest for the Wireshark sample MySQL PCAP
Add support for more commands, and support quit
Redo the response handling..
Whitespace/readability fixes.
Add memleak and auth btests.
Update baselines.
Get MySQL to compile and add basic v9 support.
MySQL analyzer
Added a function to receive status from the switch through the
openflow controller. (not yet implemented anywhere)
The flow_mod and flow_stats function now have default values which
report that the function is not implemented when they're called but
no plugin has registered its functions for them.
- Remove all of the x-c detections. Nearly all false
positives.
- Remove the back up TAR detections. Not very helpful.
- Remove one of the x-elc detections that was too loose
and caused many false positives.
