The Plugin.cc file is now just a standard class, with the interface
changed a bit to make it more easy to write. However, there're still
some conventions that one must follow to make everything work (like
using the right namespace structure).
This commit also includes the option to compile built-in plugins
dynamically instead of statically by adding
SET(BRO_PLUGIN_BUILD_DYNAMIC TRUE) to their CMake config. This hasn't
been tested much yet, and I'm still undecided if it's somethign we
would want to do by default--but we could now if wanted. :)
Also some minor other cleanup of plugin APIs and built infrastructure.
All tested on MacOS only currently.
* origin/topic/jazoff/notice_file_info:
Include file information in notices
BIT-1113 #merged
I'm wondering if there's a way to test creating these emails ... ?
* origin/topic/jsiwek/libmagic-integration:
Don't use LOG_* options to ExternalProject_Add if not supported.
Integrate libmagic 5.16 via CMake ExternalProject.
BIT-1116 #merged
This includes enhanced GRE headers. GRE tunnels are treated just like
IP-in-IP tunnels by parsing past the GRE header in between the delivery
and payload IP packets.
* origin/fastpath:
Improve GeoIP City database support.
Broxygen init fixes, addresses BIT-1110.
Fix for packet writing to make it use the global snaplength.
Fix for traffic with TCP segmentation offloading with IP header len field being set to zero.
When trying to open a city database, it now considers both the "REV0"
and "REV1" versions of the city database instead of just the former.
The extra fields of the "REV1" version (metro/area code) aren't yet put
in geo_location records, this change just allows this version of the
city database to be opened w/ same functionality as the other version.
This should be convenient because libGeoIP expects either version to
live at the same file system path, it's hard to tell which version
you've got, and current free GeoLite databases seem to be "REV1".
- Don't check mtime of bro binary if BRO_DISABLE_BROXYGEN env var set.
- Fix failure to locate bro binary if invoking from a relative
path and '.' isn't in PATH.
- The reassembly behavior can be modified per-file by enabling or
disabling the reassembler and/or modifying the size of the reassembly
buffer.
- Changed the file extraction analyzer to use the stream to avoid
issues with the chunk based approach not immediately triggering
the file_new event due to mime-type detection delay. Early chunks
frequently ended up lost before.
- Generally things are working now and I'd consider this in testing.
Instead of storing the entire notice in Notice::suppressing,
just store the time the notice should be suppressed until.
This has the same functionality, except that end_suppression can no
longer be generated.
* origin/topic/dnthayer/doc-updates:
Fix typo in Bro 2.2 NEWS
Fixed typo in the Quick Start Guide
Add documentation for event parameters
Fix typos in BIF documentation
Update the documentation of types and attributes
BIT-1109 #merged
Includes:
- Cleanup of the plugin API, in particular generally changing
const char* to std::string
- Renaming environment variable BRO_PLUGINS to BRO_PLUGIN_PATH,
defaulting to <prefix>/lib/bro/plugins
- Reworking how dynamic plugins are searched and activated. See
doc/devel/plugins.rst for details.
- New @load-plugin directive to explicitly activate a plugin
- Support for Darwin. (Linux untested right now)
- The init-plugin updates come with support for "make test", "make
sdist", and "make bdist" (see how-to).
- Test updates.
Notes: The new hook mechanism, which allows plugins to hook into Bro's
core a well-defined points, is still essentially untested.
- Move more functionality into base class.
- Remove cctors and assignment operators (weren't actually needed anymore)
- Switch from const char* to std::string.
A bunch of infrastructure work to move IOSource, IOSourceRegistry (now
iosource::Manager) and PktSrc/PktDumper code into iosource/, and over
to a plugin structure.
Other IOSources aren't touched yet, they are still in src/*.
It compiles and does something with a small trace, but that's all I've
tested so far. There are quite certainly a number of problems left, as
well as various TODOs and cleanup; and nothing's cast in stone yet.
Will continue to work on this.
lookup_hostname("localhost") occassionally timed out (after allowed 10
secs) when running test suite on some systems. Not sure why, but
changed to use the Exec module for when block conditions instead as the
scope of the test doesn't depend on a particular type of condition, it
just needs something that will work reliably/quickly.
