The test could fail on the order of 100s of iterations, so I bumped to
desired accuracy to actually check for results that are outside the
error margin.
* origin/topic/seth/smb-pending-fix:
Updating the defined SMB2 dialects to match Microsofts current docs.
On rare occasions the server doesn't return the tree id on read responses.
Fix an issue with pending commands.
BIT-1862 #merged
* jrolli-gssapi-krb-fix:
Cleaned up and moved parsing to binpac.
removed check on kerberos request or response type. allow the kerberos analyzer to handle what it can, gssapi shouldn't check this
modified GSSAPI analyzer to parse NTLM and KRB tokens
Added and verified correct test results
Initial btest structure
Changes proposed in #104
Addresses #110
Good stuff!
Closes BIT-1915
* origin/topic/johanna/cleanup:
Mark one-parameter constructors as explicit & use override where possible
Remove unimplemented & unused functions from header files.
Make data flow more explicit for complilers.
* origin/fastpath:
Fix another warning when building the documentation
Fix a warning when building documentation
Fix the config framework several-files.bro test
Closes BIT-1900.
* origin/topic/johanna/config:
Use port_mgr->Get() in the input framework config changes.
Allow the empty field separator to be empty; use in config framework.
Fix small bug in config reader.
Fix segmentation fault when parsing sets containing invalid elements.
Add config framework.
Includes small readability tweaks, see BIT-1854.
Closes BIT-1854.
* origin/topic/jsiwek/bit-1854-reassembler-improvements:
BIT-1854: improve reassembly overlap checking
BIT-1854: fix the 'tcp_excessive_data_without_further_acks' option
* 'smb-transaction-messages' of https://github.com/jbencteux/bro:
add test for smb1_com_transaction_response event changes
add test for smb1_com_transaction2_secondary_request event changes
add test for smb1_com_transaction2_request event changes
add test for smb1_com_transaction_secondary_request event changes
add test for smb1_com_transaction_request event changes
fix setup field handling in smb1_com_transaction_request messages
fix smb1_com_transaction* messages
add smb1_transaction2_secondary_request event
add smb1_transaction_secondary_request event
add parameters and data to smb1_transaction_request/response messages
add SMB_Parameters.Words to smb1_transaction2_request event
* 'nfs-updates' of https://github.com/dtrejod/bro:
Format print nfs units tests to improve output readability. Add unit tests for new NFS events -- nfs_proc_symlink, nfs_proc_link, nfs_proc_sattr.
Bug fix: nfs3_writeargs didn't properly return filehandle.
Add nfs_proc_symlink, nfs_proc_link, nfs_proc_sattr.
* 'mount-protocol' of https://github.com/dtrejod/bro:
Add unit tests for new MOUNT events -- mount_proc_mnt, mount_proc_umnt, mount_proc_umnt_all, mount_proc_not_implemented.
Add mount_proc_null, mount_proc_mnt, mount_proc_umnt, mount_proc_umnt_all, mount_proc_not_implemented, mount_reply_status.
* topic/johanna/openssl-1.1:
Fix recently introduced double free in OpenSSL code.
Adjust coding style & fix test failures.
Adapt most of the X509 support to OpenSSL 1.1
* origin/topic/feature/logging-filter-list:
Logging: implement get_filter_names and small fixes.
Removed some superfluous existence checks before deleting table indices.
BIT-1890 #merged
* remotes/origin/topic/jsiwek/prealloc-ports:
Clean up PortManager class, mark PortVal ctors deprecated.
Add BRO_DEPRECATED macro.
Preallocate all possible PortVals.
BIT-1881 #merged
This just provides a convient way of indicating that ccache should
be used as compiler-wrapper during builds. e.g. when I want dev/debug
builds that (re)compile quickly, I do:
./configure --build-type=debug --generator=Ninja --ccache
This commit fixes a few small issues.
* server key exchange parameters are only parsed when a named curve is
given.
* I removed the ssl-verbose.bro and moved the functionality into the
testcase.
The information that we get with these events is likely irrelevant to
the majority of Bro users; I do not think that we have to ship a
script that uses them by default. A script like this would be
something to publish via the Bro package manager instead; this is the
approach that we have taken with a number of the recent SSL addition.
* I marked the ssl_server_curve event as deprecated. More information is
contained in the new ssl_ecdh_server_params event.
This is an events that is probably seldomly (or never) directly used
by anyone; I plan to completely remove it right after the 2.6 release.
* 'topic/corelight/load-hook' of https://github.com/corelight/bro:
Fix and extend behavior of HookLoadFile
I refactored some parts of scan.l to avoid the ambiguity of some
branches returning 0 and some branches not returning anything.
This just skips over IPv6 nameserver addresses for now and uses the
first IPv4 one in the resolver config. Should be possible to support
IPv6, but that may need more testing (e.g. need to make sure the code
will be portable to various platforms).
