- Moved the Notice::notice event and Notice::policy table to both be hooks.
- Renamed the old Notice::policy to Notice::policy_table and documented it as deprecated.
Added a generic gtpv1_message event generated for any GTP message type.
Added specific events for the create/update/delete PDP context
request/response messages.
Addresses #934.
These cases should be avoidable by fixing scripts where they occur and
they can also help catch typos that would lead to unintentional runtime
behavior.
Adding this already revealed several scripts where a field in an inlined
record was never removed after a code refactor.
* origin/topic/jsiwek/ticket-930:
Add a null value check in CompositeHash::ComputeHash.
Change reporter messages to more reliably print to stderr.
Closes#930.
* origin/topic/jsiwek/no-switch-fallthrough:
Add "fallthrough" keyword, require a flow statement to end case blocks.
Disable automatic case fallthrough in switch stmts. Addresses #754.
I've added a test for the error case where no break/fallthrough/return
is given.
Closes#754.
Moved this functionality to be internal instead of in the script-layer
event handlers. The issue with the later is that bad things can happen
between the time a reporter event handler is dispatched and the time it
is executed, and if bro crashes in that time, the message may never be
seen/logged.
Addressed #930 (and revisits #836).
Since values for local variables are referenced by offset within a Frame
(not by identifier name), and event/hook handler bodies share a common
Frame, the value offsets for local variables in different handlers may
overlap. This meant locals in a handler without an initialization may
actually end up referring to the value of a previous handler's local
that has the same Frame offset. When executing the body, that can
possibly result in a type-conflict error or give give unexpected
results instead of a "use of uninitialized value" error.
This patch makes it so uninitialized locals do always refer to a null
value before executing the body of a event/hook handler, so that using
them without assigning a value within the body will connsistently give
a "use of uninitialized value" error.
Addresses #932.
Sadly there also seems to be another deadlock issue which I am currently
not really able to figure out - on shutdown sometimes (too often) the main
thread + all sqlite threads wait for semaphores or mutexes.
Case blocks in switch statements now must end in a break, return, or
fallthrough statement to give best mix of safety, readability, and
flexibility.
The new fallthrough keyword explicitly allows control to be passed to the
next case block in a switch statement.
Addresses #754.
Case bodies now don't require a "break" statement to prevent fallthrough
to case bodies below. Empty case bodies generate an error message at
parse-time to help indicate the absence of automatic fallthrough; to
associate multiple values with a case, use "case 1, 2:" instead of
"case 1: case 2:".
* origin/topic/matthias/opaque:
Add new unit test for opaque serialization.
Migrate entropy testing to opaque.
C++ify RandTest.*
Fix a hard-to-spot bug.
Use more descriptive error message.
Fix the fix :-/.
Fix initialization of hash values.
Be clearer about delegation.
Implement serialization of opaque types.
Update hash BiF documentation.
Migrate free SHA* functions to SHA*Val::digest().
Add missing type name that caused failing tests.
Update base scripts and unit tests.
Simplify hash function BiFs.
Add support for opaque hash values.
Adapt BiF & Bro parser to handle opaque types.
More lexer/parser work.
Implement equivalence relation for opaque types.
Support basic serialization of opaque.
Add opaque type to lexer, parser, and BroType.
Closes#925
Conflicts:
aux/broccoli
The index expression can take up to two indices for the start and end
index of the substring to return (e.g. "mystring[1,3]"). Negative
indices are allowed, with -1 representing the last character in the
string. The indexing is not cyclic -- if the starting index is >= the
length of the string an empty string is returned, and if the ending
index is >= the length of the string then it's interpreted as the last
index of the string. Assigning to substrings accessed like this isn't
allowed.
They behave like C-style switches except case labels can be comprised
of multiple literal constants delimited by commas. Only atomic types
are allowed for now. Case label bodies that don't execute a "return"
or "break" statement will fall through to subsequent cases. A default
case label is allowed.
- Removed default logging. Now a function is available for the new
$period_finished filter field to get the same behavior for logging
named Metrics::write_log.
- Added index rollups for getting multiple metrics result values
as the same time.
That field is based on TCP sequence numbers and on seeing a SYN followed
by a failed RST injection response, the initial sequence number tracked
the value in the injection (most likely zero) instead of value in
subsequent SYN response. This could make c$resp$size be set to large
values when it's not really.
Also removed some dead code paths.
