* origin/topic/dnthayer/ticket1947:
Fix some typos and formatting in NEWS
Add pattern operators to the documentation of operators
Fix minor typos in broker reference documentation
Fix a broken link and some typos in broker documentation
Fix reST formatting in documentation of "count" type
Add documentation for some new Bro features
In the following example, the republication of "arg" would result in
literally sending it as a Broker::Data record instead of the broker data
that it was already wrapping.
Sender:
Broker::publish("topic", my_event, "hello")
Receiver:
event my_event(arg: any)
{
Broker::publish("topic", my_event, arg)
}
* 'topic/vern/bit-ops' of https://github.com/bro/bro:
documentation clarification for "p1 | p2"
documentation for bitwise operators
document the '|' operator for patterns
test suite for bitwise operators brief NEWS blurb allow for "counter" operands (does anyone still use these?) for one (but not both) of the bitwise operands
bitwise operations for "count" types implemented
Starting branch for supporting bit operations on count's.
The former replaces the pcap vs. live versions of the same tuning
option. If a user does not change these, Bro makes some internal
decisions that may help avoid performance problems on systems with high
core counts: the number of CAF threads is capped at 8 and the maximum
sleep duration for under-utilized threads is increased to 64ms (CAF's
default is 10ms).
These may be used to change the number of scheduler threads that the
underlying CAF library creates. In pcap mode, it's currently hardcoded
to the minimal 4 threads due to potentially significant overhead in CAF.
Now manually keeps track of peer count instead of querying Broker for
that information (which would result in waiting upon a blocking request
to the core actor).
For fuzzed/damaged/corrupted pcaps, a timestamp of 0 could lead to an
infinite loop in Bro as it interprets that as meaning the packet source
is not ready yet.
* origin/topic/jsiwek/broker-misc:
Add Broker::publish_and_relay BIF
Document variable argument list BIFs using ellipsis
Support unserializing broker data into type 'any'
Fix a bug in broker data type-casting check
Remove dead code in broker data/val conversion function
References to Input::Reader and Log::Writer enum types no longer emit
warnings as they are now hardcoded to be documented as part of their
associated framework scripts and so links to them now work.
* origin/topic/jsiwek/binpac-fixes:
Update test baseline for binpac changes
Update test baseline for optimized binpac static-size array parsing
Fixes for MySQL and SMB protocol parsers
BIT-1829: add unit test for modbus parser issue
* origin/topic/dnthayer/test-improvements:
Fix the ip-broken-header.bro test on macOS
Improve reliability of the logging rotate.bro test
Improve reliability of missing-file-initially.bro test
BIT-1929 #merged
* origin/topic/seth/dhcp-update:
Rework to the DHCP analyzer.
First step of DHCP analyzer rearchitecture.
Add .btest scripts for dhck_ack and dhcp_discover messages verifying that new options are correctly reported in dhcp.log records.
Extend DHCP protocol analyzer with new options.
BIT-1924 #merged
Additional changes:
* Removed known-hosts.bro as the only thing populating its table was
the already-removed known-hosts-and-devices.bro. So a
known_devices.log will no longer be generated.
* In dhcp-options.pac, the process_relay_agent_inf_option had a memleak
and also process_auto_proxy_config_option looked like it accessed one
byte past the end of the available bytestring, so fixed those.
* Add --toolchain= configure option
* Add --with-bifcl= configure option
* Change --with-binpac= configure option to mean "path to binpac
executable"
* Add an example of how to use the above options for cross compiling
Bro to the docs
* origin/topic/jsiwek/bit-1914:
BIT-1914: comment out &check usages now that they emit warnings
Convert some BinPAC &check expressions to &enforce
Update &check'd fields in various protocol parsers
BIT-1914 #merged
