* topic/johanna/openssl-1.1:
Fix recently introduced double free in OpenSSL code.
Adjust coding style & fix test failures.
Adapt most of the X509 support to OpenSSL 1.1
* origin/topic/feature/logging-filter-list:
Logging: implement get_filter_names and small fixes.
Removed some superfluous existence checks before deleting table indices.
BIT-1890 #merged
get_filter_names(id: ID) : set[string] returns the names of the current
list of filters for a specified log stream.
Furthermore this commit makes a number of logging functions more robust
by checking existence of values before trying to modify them. This
commit also really implements (and tests) the enable_stream function.
This makes conn.logs a bit prettier (and smaller) because all lines that
do not use a tunnel will now have a "-" instead of the "(empty)" for
tunnel_parents.
The file used a relative path which leads to problems if it is included
by an external Plugin. This commit changes this to an absolute path,
like everywhere else.
* remotes/origin/topic/jsiwek/prealloc-ports:
Clean up PortManager class, mark PortVal ctors deprecated.
Add BRO_DEPRECATED macro.
Preallocate all possible PortVals.
BIT-1881 #merged
The "coverage/init-default.test" will always fail if there is a
path component named "build" anywhere before the bro install
directory (for example, if the tests are run from home dir of a user
named "build"). Fixed this by making a regex more specific so that
it matches the correct lines in loaded_scripts.log.
There are two new script level functions to query and lookup files
from the core by their IDs. These are adding feature parity for
similarly named functions for files. The function prototypes are
as follows:
Files::file_exists(fuid: string): bool
Files::lookup_File(fuid: string): fa_file
These have been lingering for a while and they generally annoy
everyone because of the sheer volume. They also don't really add
any useful information for debugging and they were generated differently
than most other weirds anyway (which was a little weird...).
This change doubles the performance of for loops over empty tables.
A bro binary that prints out this size shows for
testing/external/bro-testing/2009-M57-day11-18.trace, for loops are run
over tables of size:
11477 for size 0
8371 for size 1
1227 for size 3
239 for size 2
141 for size 6
57 for size 5
10 for size 4
5 for size 7
2 for size 13
2 for size 8
2 for size 11
1 for size 9
~53% of the for loops were across an empty table. These loops come from
things like the for loop in the http script over c$http_state$pending
This change prevents the creation of an iteration cookie entirely if the
table is empty.
Using this test script:
const scan_ports: table[port] of count = { };
local x = 0;
while ( x < 20000000 ) {
for(p in scan_ports) {
}
++x;
}
$ time bro.orig -b ___bench.bro
real 0m10.732s
user 0m10.415s
sys 0m0.113s
$ time bro.nocookie -b ___bench.bro
real 0m4.694s
user 0m4.464s
sys 0m0.086s
Warning is:
/home/johanna/bro/master/src/Type.cc: In member function 'virtual bool IndexType::DoUnserialize(UnserialInfo*)':
/home/johanna/bro/master/src/Type.cc:548:60: warning: enum constant in boolean context [-Wint-in-bool-context]
indices = (TypeList*) BroType::Unserialize(info, TYPE_LIST);
^
/home/johanna/bro/master/src/Type.cc: In member function 'virtual bool FuncType::DoUnserialize(UnserialInfo*)':
/home/johanna/bro/master/src/Type.cc:868:61: warning: enum constant in boolean context [-Wint-in-bool-context]
args = (RecordType*) BroType::Unserialize(info, TYPE_RECORD);
^
/home/johanna/bro/master/src/Type.cc:872:62: warning: enum constant in boolean context [-Wint-in-bool-context]
arg_types = (TypeList*) BroType::Unserialize(info, TYPE_LIST);
This one is a really nice catch in my opinion. GCC is completely correct
- the 2nd argument to Unserialize is a bool. This means that all these
calls always evaluate to Unserialize(info, true). Which is equivalent
with the default, so I just removed the type from the call.
This was probably caused by someone thinking of BroVal::Unserialize,
which needs the type as the 2nd argument.
/home/johanna/bro/master/src/Sessions.cc: In member function 'void NetSessions::DoNextPacket(double, const Packet*, const IP_Hdr*, const EncapsulationStack*)':
/home/johanna/bro/master/src/Sessions.cc:343:18: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if ( ip_hdr_len > len )
~~~~~~~~~~~^~~~~
/home/johanna/bro/master/src/Sessions.cc:349:18: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if ( ip_hdr_len > caplen )
~~~~~~~~~~~^~~~~~~~
/home/johanna/bro/master/src/Sessions.cc:399:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if ( ip_hdr_len > len )
~~~~~~~~~~~^~~~~
In file included from /usr/include/machine/endian.h:6:0,
from /usr/include/sys/types.h:44,
from /usr/include/unistd.h:37,
from /home/johanna/bro/master/src/Anon.cc:2:
/home/johanna/bro/master/src/Anon.cc: In member function 'virtual ipaddr32_t AnonymizeIPAddr_Seq::anonymize(ipaddr32_t)':
/home/johanna/bro/master/src/Anon.cc:85:18: warning: operation on '((AnonymizeIPAddr_Seq*)this)->AnonymizeIPAddr_Seq::seq' may be undefined [-Wsequence-point]
return htonl(seq++);
^
This introduces a new option, SOCKS::default_capture_password which can
be used to specify if Socks passwords are logged by default
Like fot FTP/HTTP, this option is set to false by default.
Addresses BIT-1791
This just provides a convient way of indicating that ccache should
be used as compiler-wrapper during builds. e.g. when I want dev/debug
builds that (re)compile quickly, I do:
./configure --build-type=debug --generator=Ninja --ccache
This commit fixes a few small issues.
* server key exchange parameters are only parsed when a named curve is
given.
* I removed the ssl-verbose.bro and moved the functionality into the
testcase.
The information that we get with these events is likely irrelevant to
the majority of Bro users; I do not think that we have to ship a
script that uses them by default. A script like this would be
something to publish via the Bro package manager instead; this is the
approach that we have taken with a number of the recent SSL addition.
* I marked the ssl_server_curve event as deprecated. More information is
contained in the new ssl_ecdh_server_params event.
This is an events that is probably seldomly (or never) directly used
by anyone; I plan to completely remove it right after the 2.6 release.
* 'topic/corelight/load-hook' of https://github.com/corelight/bro:
Fix and extend behavior of HookLoadFile
I refactored some parts of scan.l to avoid the ambiguity of some
branches returning 0 and some branches not returning anything.
This just skips over IPv6 nameserver addresses for now and uses the
first IPv4 one in the resolver config. Should be possible to support
IPv6, but that may need more testing (e.g. need to make sure the code
will be portable to various platforms).
