* origin/topic/feature/logging-filter-list:
Logging: implement get_filter_names and small fixes.
Removed some superfluous existence checks before deleting table indices.
BIT-1890 #merged
* remotes/origin/topic/jsiwek/prealloc-ports:
Clean up PortManager class, mark PortVal ctors deprecated.
Add BRO_DEPRECATED macro.
Preallocate all possible PortVals.
BIT-1881 #merged
This introduces a new option, SOCKS::default_capture_password which can
be used to specify if Socks passwords are logged by default
Like fot FTP/HTTP, this option is set to false by default.
Addresses BIT-1791
This commit fixes a few small issues.
* server key exchange parameters are only parsed when a named curve is
given.
* I removed the ssl-verbose.bro and moved the functionality into the
testcase.
The information that we get with these events is likely irrelevant to
the majority of Bro users; I do not think that we have to ship a
script that uses them by default. A script like this would be
something to publish via the Bro package manager instead; this is the
approach that we have taken with a number of the recent SSL addition.
* I marked the ssl_server_curve event as deprecated. More information is
contained in the new ssl_ecdh_server_params event.
This is an events that is probably seldomly (or never) directly used
by anyone; I plan to completely remove it right after the 2.6 release.
* origin/topic/vladg/bit-1641:
Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641.
Clean up the logic for ssh_auth_failed. Addresses BIT-1641
Update baselines for adding a field to ssh.log as part of BIT-1641
Script-land changes for BIT-1641.
Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641.
Revert "Fixing duplicate SSH authentication failure events."
Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641.
I extended the tests a bit and did some small cleanups. I also moved the
SSH events back to the global namespace for backwards compatibility and
for consistency (the way it was at the moment, some of them were global
some SSH::).
Furthermore, I fixed the ssh_auth_result result event, it was only
raised in the success case. ssh_auth_result is now also checked in the
testcases. I also have a suspicion that the intel integration never
really worked before.
BIT-1641 #merged
* origin/topic/seth/log-framework-ext:
Log extensions: series of small fixes and new tests.
Change the function for log extension to take a path only and update tests.
Final changes to log framework ext code.
Add logging framework metadata mechanism.
Add unrolling separator & field name map to logging framework.
We aren't using them anymore for the packages we distribute. Because
of that, they haven't been supported in a while, and have problems.
BIT-1509 #closed
Addig a new random seed for external tests.
I added a wrapper around the siphash() function to make calling it a
little bit safer at least.
BIT-1612 #merged
* origin/topic/johanna/bit-1612:
HLL: Fix missing typecast in test case.
Remove the -K/-J options for setting keys.
Add test checking the quality of HLL by adding a lot of elements.
Fix serializing probabilistic hashers.
Baseline updates after hash function change.
Also switch BloomFilters from H3 to siphash.
Change Hashing from H3 to Siphash.
HLL: Remove unnecessary comparison.
Hyperloglog: change calculation of Rho
One tweak: I made ts optional and set it to network_time() if not given.
BIT-1578 #merged
* origin/topic/johanna/bit-1578:
Weird: fix potential small issue when ignoring duplicates
Rewrite weird logging.
(Cleaned up some code a little bit.)
* origin/topic/seth/stats-improvement:
Fixing tests for stats improvements
Rename the reporting interval variable for stats.
Removing more broken functionality due to changed stats apis.
Removing some references to resource_usage()
Removing Broker stats, it was broken and incomplete.
Fixing default stats collection interval to every 5 minutes.
Add DNS stats to the stats.log
Small stats script tweaks and beginning broker stats.
Continued stats cleanup and extension.
More stats collection extensions.
More stats improvements
Slight change to Mach API for collecting memory usage.
Fixing some small mistakes.
Updating the cmake submodule for the stats updates.
Fix memory usage collection on Mac OS X.
Cleaned up stats collection.
BIT-1581 #merged
* origin/topic/johanna/xmpp-starttls:
XMPP: Add StartTLS event and update tests
Add xmpp dpd sig and fix a few parsing problems for connections that do not upgrade to TLS.
Add simple XMPP StartTLS analyzer.
BIT-1579 #merged
* origin/topic/dnthayer/broker-namespace:
Split the broker main.bro into two scripts
Rename the BrokerStore namespace to Broker
Rename the BrokerComm namespace to Broker
BIT-1563 #merged
* topic/seth/file-entropy:
Add a file entropy test.
Fixing a test.
Updated tests for file entropy analyzer.
Update and clean up to file entropy measurement.
First commit of file entropy analyzer.
BIT-1550 #merged
* origin/topic/johanna/netcontrol: (72 commits)
Update baselines and news
Move prefixtable back to all IPv6 internal handling.
NetControl: Add functions to search for rules affecting IPs/subnets
Add check_subnet bif that allows exact membership test for subnet tables.
Rewrite internal handling of rules.
Add bif that allows searching for all matching subnets in table.
Add signaling of succesful initialization of plugins to NetControl.
Add rule hooks to the acld plugin.
Add new logfiles for shunting and drops to netcontrol
Extend NetControl logging and fix bugs.
Update OpenFlow API and events.
small acld plugin fix
Revert "introduce &weaken attribute"
Fix crash when printing type of recursive structures.
Testcase for crash when a record contains a function referencing a record.
Rename Pacf to NetControl
fix acld plugin to use address instead of subnet (and add functions for conversion)
implement quarantine
miscelaneous missing bits and pieces
Acld implementation for Pacf - Bro side.
...
