This patch fixes a *19 year old* reference-counting bug (which could
lead to a use-after-free, not merely a leak) in the regular expression
code.
Patch by Vern Paxson.
* 'topic/vern/bit-ops' of https://github.com/bro/bro:
documentation clarification for "p1 | p2"
documentation for bitwise operators
document the '|' operator for patterns
test suite for bitwise operators brief NEWS blurb allow for "counter" operands (does anyone still use these?) for one (but not both) of the bitwise operands
bitwise operations for "count" types implemented
Starting branch for supporting bit operations on count's.
Disable broxygen when running unit tests (except for the tests that use
broxygen). On my dual-core MacBook Pro, this change results in the
unit tests taking about 13% less time to finish running.
The former replaces the pcap vs. live versions of the same tuning
option. If a user does not change these, Bro makes some internal
decisions that may help avoid performance problems on systems with high
core counts: the number of CAF threads is capped at 8 and the maximum
sleep duration for under-utilized threads is increased to 64ms (CAF's
default is 10ms).
These may be used to change the number of scheduler threads that the
underlying CAF library creates. In pcap mode, it's currently hardcoded
to the minimal 4 threads due to potentially significant overhead in CAF.
Now manually keeps track of peer count instead of querying Broker for
that information (which would result in waiting upon a blocking request
to the core actor).
When encountering an extension unknown to OpenSSL, we would read from
the wrong memory location. Also added a testcase to prevent this specific
case from happening again.
For fuzzed/damaged/corrupted pcaps, a timestamp of 0 could lead to an
infinite loop in Bro as it interprets that as meaning the packet source
is not ready yet.
* origin/topic/jsiwek/broker-misc:
Add Broker::publish_and_relay BIF
Document variable argument list BIFs using ellipsis
Support unserializing broker data into type 'any'
Fix a bug in broker data type-casting check
Remove dead code in broker data/val conversion function
* origin/topic/vladg/ssh-fix:
#120: Pull in PR, and make a couple small cleanup tweaks.
SSH protocol now assesses the packet length at an earlier stage within binpac. Stops SSH analyzer constantly raising binpac exceptions. Seems to be because a packet continues to go through binpac when empty and only calls the next packet when asked for more data and not on operations.
This environment variable is now set to listen only on IPv4 loopback
when running unit tests (instead of using the default INADDR_ANY).
This also moves some of the @loads out from init-bare.bro into a new
init-frameworks-and-bifs.bro in order to better support calling BIFs
(like `getenv`) from variable initializations in those particular
frameworks.
