- Looser coupling between these analyzers.
- New ntlm.log (still pretty early)
- Improved string handling for NTLM (convert UTF16 to UTF8)
- SMB2 analyzer now supports GSSAPI.
- Improved abstraction of DCE_RPC operations (still not finished)
- Lots of whitespace cleanup.
There were some cases where the log would be missing a field
or data wouldn't get sent to file analysis. At least some of
this is fixed now and I get confused a bit less when I look
at the logs now.
Also, I made the default handling "FILE" so that things like
FILE_UNKNOWN wouldn't show up in the logs so regularly. It's
technically correct that way, but it doesn't look good and it's
correct as FILE often enough that it make sense to make it the
default I think.
- Add beginning of infrastructure for pipe support in SMB2.
- Improve identification of non-file tree mappings.
- Stop passing pipe data to the file analysis framework.
- Reduce log volume in smb_files.log by watching for repeated
files being seen so that you don't end up with nearly
the exact same log line over and over and over.
- Lots of little whitespace and indentation changes.
