* origin/topic/robin/file-analysis-fixes:
Adding test with command line that used to trigger a crash.
Cleaning up a couple of comments.
Fix delay in disabling file analyzers.
Fix file analyzer memory management.
The merge changes around functionality a bit again - instead of having
a list of done analyzers, analyzers are simply set to skipping when they
are removed, and cleaned up later on destruction of the AnalyzerSet.
BIT-1782 #merged
If connection flipping occured in Sessions.cc code (invoked e.g. when
the original SYN is missing), layer 2 flipping was not performed. This
change switches to always use the connection flipping code in Conn.cc
which performs the switch correctly.
When a file analyzer signaled being done with data delivery, the
analyzer would only be scheduled for removal at that poing, meaning it
could still receive more data until that action actually took effect.
Now we make sure to not send any more data to an analyzer.
File analyzers got deleted immediately once the queue with the
corresponding removal operation got drained. That however can happen
while the analyzer is still doing stuff: the queue is drained whenever
any the "special" file analysis events needing immediate attention has
been executed. This fix now only schedules the analyzer for deletion
at that time, but postpones the actual operation until file object
itself is being destroyed.
- New fields: extracted_cutoff and extracted_size.
These fields will be null if the file isn't extracted.
- Extended the extraction test to test the files log too.
* origin/topic/dnthayer/ticket1516:
Remove wordexp functionality from broxygen
Fix a failing test on OpenBSD
Fix compiler warnings on OpenBSD
Fix a build failure on OpenBSD
Fix test core.pcap.dumper to work on OpenBSD
BIT-1516 #merged
Broxygen no longer attempts to do tilde expansion of PATH
components when trying to get the mtime of Bro (this involved removing
the wordexp functionality, which doesn't exist on OpenBSD). In the
very unlikely event that this causes problems for someone (this could
occur by running "bro -X configfile" if bro is located in a PATH
component which starts with a tilde, such as "~/bin"), the error
message text has been improved so that a user knows the workaround
for this (just run bro with a relative or absolute path).
Broxygen also no longer attempts to get the mtime of the bro executable
when bro wasn't invoked with the "-X" option.
The wordexp function doesn't exist in OpenBSD. Skipping this
functionality only affects users who have bro installed in a directory
in the PATH and the directory name as it appears in PATH starts with
a tilde (e.g. "~/bin"). A simple workaround for affected users
would be to change the PATH environment variable to not contain any
tildes.
At one place in the code, we do not check the correct return code. This
makes it possible for a reply to get a response of "good", when the ocsp
reply is not actually signed by the responder in question.
This also instructs ocsp verication to skip certificate chain
validation, which we do ourselves earlier because the OCSP verify
function cannot do it correctly (no way to pass timestamp).
The definition of a "struct pcap_pkthdr" on OpenBSD contains a member
of type "struct bpf_timeval" instead of "struct timeval" used on other
systems.
Also, on OpenBSD the header netinet/if_ether.h does not #include
net/if_arp.h as it does on other systems.
KerberosString formatting for principal name to be compliant with RFC 4120 section 5.2.2, which states that there can be a few components (and in practice we have seen 3, more than the 1 or 2 that is typical)
