* origin/topic/johanna/remove-serializer:
Fix memory leak introduced by removing opaque of ocsp_resp.
Change return value of OpaqueVal::DoSerialize.
Add missing ShallowClone implementation for SetType
Remove opaque of ocsp_resp.
Remove remnants of event serializer.
Fix cardinalitycounter deserialization.
Smaller compile fixes for the new opaque serialization.
Reimplement serialization infrastructure for OpaqueVals.
Couple of compile fixes.
Remove const from ShallowClone.
Remove test-case for removed functionality
Implement a Shallow Clone operation for types.
Remove value serialization.
Various changes I made:
- Fix memory leak in type-checker for opaque vals wrapped in broker::data
- Noticed the two "copy-all" leak tests weren't actually checking for
memory leaks because the heap checker isn't active until after zeek_init()
is evaluated.
- Change OpaqueVal::DoClone to use the clone caching mechanism
- Improve copy elision for broker::expected return types in the various
OpaqueVal serialize methods
- Not all compilers end up properly treating the return of
local/automatic variable as an rvalue that can be moved, and ends up
copying it instead.
- Particularly, until GCC 8, this pattern ends up copying instead of
moving, and we still support platforms whose default compiler
pre-dates that version.
- Generally seems it's something that wasn't addressed until C++14.
See http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#1579
- Change OpaqueVal::SerializeType to return broker::expected
- Change probabilistic DoSerialize methods to return broker::expected
* origin/topic/timw/393-vector-slicing:
Fix memory leak in vector slice assignment
Misc. tweaks to vector slicing implementation
Add ability to grow/shrink a vector using slicing, also adds Insert/Remove methods for VectorVal
Allow assignment for vectors using slices
Check for integral slice indexes, add extra test for [:]
Return an empty vector if the indices for slicing don't make sense
GH-393: Add slice notation for vectors
Two parts to this:
* Only allow vector slice assignment in statement contexts, not in
arbitrary assignment expressions. E.g. it's not clear what the
resulting value of `(v[1:2] = vector(1))` is for further expression
chaining. For reference, Python doesn't allow it either.
* Add a subclass of AssignExpr to specialize the behavior for index
slice assignments (because its behavior regarding expression
chaining is different per the previous point) and Unref the RHS
of things like `v[1:2] = vector(1)` after IndexExpr::Assign is
finished inserting it (since no one else takes ownership of it).
Instead of using an Expr subclass, IndexSliceAssignExpr, we could
use a proper Stmt, since that's the only context we currently use it
for, but if we did ever to decide on allowing its use in arbitrary
expression contexts, then I expect we'll need it this way anyway
(just with a different IndexSliceAssignExpr::Eval implementation).
* 'ntp-rewrite' of https://github.com/mauropalumbo75/zeek: (25 commits)
update tests baseline
Apply requested changes: - file dpd.sig and TODO comments for signature protocol detection removed - missing doc field filled in events.bif - rename OpCode and ReqCode fields into op_code and req_code respectively - removed unnecessary child method in NTP.h/.cc - main.zeek and ntp-protocol.pac reformatted
minor changes in the documentation
fix some initializations
fix wrong assignment of control key_id/crypto_checksum
code clean up
add extension fields parsing
add extended mac field with 20 byte digest (+4 byte key id)
update tests and add a new one for key_id and mac
fix auth field (key_id and mac) in standard and control msg
remove old NTP record in init-bare.zeek
fix key_id and digest (WIP)
fix wrong Assign with reference_id
add tests for ntp protocol (finished)
add tests for ntp protocol (WIP)
fix problem with time vals
add ntp records to init-bare.zeek
update ntp analyzer to val_mgr
extend and refact script-side of NTP analyzer
extend and refactor several fields
...
* 'master' of https://github.com/ZekeMedley/zeek:
Use the right delete and improve the leak test. Increases the size of the table being loaded in the pattern leak test and uses the right delete method.
Fix formatting.
Fix memory leak and add test.
Add pattern support to input framework.
For backward compatibility when reading values, we first check
the ZEEK-prefixed value, and if not set, then check the corresponding
BRO-prefixed value.
This also installs symlinks from "zeek" and "bro-config" to a wrapper
script that prints a deprecation warning.
The btests pass, but this is still WIP. broctl renaming is still
missing.
#239
Scripting errors/mistakes now consistently generate a runtime error
which have the behavior of unwinding the call stack all the way out of
the current event handler.
Before, such errors were not treated consistently and either aborted
the process entirely or emitted a message while continuing to execute
subsequent statements without well-defined behavior (possibly causing
a cascade of errors).
The previous behavior also would only unwind out of the current
function (if within a function body), not out the current event
handler, which is especially problematic for functions that return
a value: the caller is essentially left a mess with no way to deal
with it.
This also changes the behavior of the startup/initialization process
to abort if there's errors during bro_init() rather than continue one
to the main run loop. The `allow_init_errors` option may change this
new, default behavior.
* 'fatemabw/bro' of https://github.com/fatemabw/bro:
DNSSEC support in Bro
I made several changes:
- renamed event/record types
- reformatted the info added to dns.log
- removed the "addl" scripts that added extended dnssec info to dns.log
- simplifications/improvements to the internal parsing logic
* origin/topic/vern/vec-append:
d'oh, still have a (deprecated) string_array rather than string_vector
forgot to update test suite results for v += e
reap the fruits of v += e
test case for v += e
documentation of v += e
v += e implemented
Fixed a mistake in find_ip_addresses()
* origin/topic/vern/set-ops2:
documentation, test suite update
implemented set relationals
bug fix for set intersection
set intersection implemented
mirroring previous topic/vern/set-ops to get branch up to date, since I'm a n00b
Fixed a couple memory leaks and added a leak test
* origin/topic/vern/case-insensitive-patterns:
use PCRE syntax instead of the beautiful new (?i ...) syntax
nitlet in NEWS entry
test suite update for case-insensitive patterns
document use of double quotes to escape case-insensitivity
bug fix for recent memory leak patch
documentation updates for case-insensitive patterns
d'oh there's isalpha. I looked earlier for isletter :-P
fix for handling [:(lower|upper):] in case-insensitive patterns
implemented /re/i for case-insensitive patterns
Mostly trying to standardize the way tests sleep for arbitrary amounts
of time to make it easier to tell at which particular point the
unit test actually may need the timeout interval increased (or else
debugged further).
When Bro was compiled with broker disabled, then some Bro scripts
were referencing functions and types that were not defined. Fixed
by adding @ifdefs to several scripts. Removed one @ifdef because
it was causing several unit tests to fail.
Also fixed the @TEST-REQUIRES check in tests that rely on broker so
that such tests are skipped when broker is disabled.
Simplified some function names, fixed some names of broker script wrappers,
reorder some broker function calls to avoid potential race conditions, and
don't have bro read a trace file when it will not be used.
* origin/topic/vladg/sip:
Update NEWS.
Update baselines.
Spruce up SIP events.bif documentation a bit.
Register SIP analyzer to well known port.
Fix indenting issue in main.bro
Add SIP btests.
Small update for the SIP logs and DPD sig.
SIP: Fix up DPD and the TCP analyzer a bit.
SIP: Move to the new string BIFs
SIP: Move to new analyzer format.
Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes.
Rely on content inspection and not just is_orig to determine client/server.
Enable SIP in CMakeLists.txt
Merge topic/seth/faf-updates.
BIT-1370 #merged
* origin/topic/vladg/kerberos: (27 commits)
Add Kerberos to NEWS.
Add Kerberos memleak btest.
Add Kerberos analyzer btest.
Update baselines for Kerberos analyzer.
Add known ports to krb/main.bro
KRB: Clean up krb.log a bit.
Kerberos: Remove debugging output.
Kerberos: Fix a memleak.
Kerberos: A couple small tweaks.
Kerberos: Fix parsing of the cipher in tickets, and add it to the log.
Kerberos: A couple more formatting fixes.
Change krb Info string to success bool
Clean up formatting.
Documentation update, and rework events a bit.
Add support for the SAFE message type.
Add support for AP_REQ, AP_REP, PRIV, and CRED message types.
Fix parsing error for KRB_Ticket_Sequence
Continue clean-up. Some reformatting, removing hard-coded values, documentation, etc.
Kerberos analyzer updates: - Split up the (quite length) krb-protocol.pac into krb-protocol, krb-defs, krb-types and krb-padata - Add some supporting types to get rid of awkward and difficult to read case true/false statements - Clean up the conversion code in krb-analyzer.pac
Improve Kerberos DPD and fix a few parse errors.
...
BIT-1369 #merged
