- If mail between the MUA and mail server is seen, no
received from headers will be there. This situations
is dealt with by setting the two hosts involved in the
mail transfer as the last two hosts in the path.
- Scripts now deal with host headers containing the port value.
- build_url function copes with missing the request now
(only seeing the response for some reason).
If 'use_conn_size_analyzer' is true, the event engine tracks number of
packets and raw IP bytes per connection. If report_conn_size_analyzer
is true, these values are included as four new columns into conn.log
I changed conn.bro so that the value of report_conn_size_analyzer
follows that of use_conn_size_analyzer. For the new conn.log, we
probably want to get rid of report_conn_size_analyzer anyway.
This is obviously a change that break backwards-compatibility. I hope
I caught all cases where vectors are used ...
I've completely removed the VECTOR_MIN constant. Turns out that was
already not working: some code pieces were nevertheless hard-coding
the 1-based indexing ...
filter. (Seth Hall and Robin Sommer)
- Merging in the patch from #264, which provides support for mixed
VLAN and MPLS traffic.
- Changing Bro's default filter from being built dynamically to being
a static "ip or not ip". To get the old behaviour back (i.e., the
dynamically built filter), redef "all_packets" to false.
- print-filter.bro now always prints the filter that Bro is actually
using, even if overriden from the command line.
* origin/topic/robin/conn-ids:
Moving uid from conn_id to connection, and making output determistic if a hash seed is given.
Extending conn_id with a globally unique identifiers.
- When Bro is given a PRNG seed, it now uses its own internal random
number generator that produces consistent results across sytems.
Note that this internal generator isn't very good, so it should only
be used for testing purposes.
- The BTest configuration now sets the environemnt variables TZ=UTC
and LANG=C to ensure consistent results.
- Fixing doc markup in logging.bro.
- Updating baselines.
