- Some (all?) of the DNS servers aren't being detected
anymore because the test tracefile isn't long enough.
Logging servers is delayed a 5 minutes in case a better
result comes in.
* origin/topic/robin/interpreter-exceptions:
Adding test for new error handling.
Experimental code to better handle interpreter errors.
This seems to work fine and it catches some potentially nasty crashes
so I'm merging it in even though it's not the final word on error
handling yet. #646 tracks the work scheduled for later.
Some of the changes only clean up at termination to make perftools
happt, but there were some "real" leaks as well.
This fixes all DNS leaks I could reproducem, including most likely
what's reported in #534. Closing #534.
I'm also adding a new btest subdir core/leaks with tests requiring
perftools support. These don't compare against base lines but abort
whenever perftools reports a leak (with stack information to track it
down). Right now, these are passing.
- Simplified the communication API and made it easier to change
to encrypted connections by not having separate variables to
define encrypted and unencrypted ports.
- Now, to enable listening without configuring nodes just
load the frameworks/communication/listen script.
- If encrypted listening is desired set the following:
redef Communication::listen_encrypted=T;
- Accompanying test updates.
Functions are now assigned a unique integer on construction which
CompositeHash can base hashes on. Recovery then just involves
looking up the function pointer associated with that unique number.
- The absolute path canonifier was overzealously canonifying relevant
log fields, so it's no longer generally applied to diffing all
baselines. I don't think there's any logs that require local
filesystem path names that aren't already tested by a unit test,
but if any show up in the future, they can be canonified on a
case-by-case basis.
- Removed some logs from being diff'd in the diff-all script
because they're either already covered by a unit test
(load_scripts.log) or because of difficulty/maintainenance
tradeoff (prof.log).
Baselines for the external bro-testing repo still need updating.
* origin/topic/jsiwek/http-1xx-replies:
Change logging of HTTP 1xx responses to occur in their own columns.
Fix handling of HTTP 1xx response codes (addresses #411).
Updated README and collected coverage-related tests in a common dir.
There are still coverage failures resulting from either the following
scripts not being @load'd in the default bro mode:
base/frameworks/time-machine/notice.bro
base/protocols/http/partial-content.bro
base/protocols/rpc/main.bro
Or the following result in errors when @load'd:
policy/protocols/conn/scan.bro
policy/hot.conn.bro
If these are all scripts-in-progress, can we move them all to live
outside the main scripts/ directory until they're ready?
Changed the parser to not treat 1xx response codes as a final answer
to an unanswered request -- a later response is still expected.
The scripting layer will also not finish a request-reply pair when
seeing 1xx's, instead it logs both the 1xx and final response messages
with associated information of the current request as they're seen.
- Removing unnecessary log flushing. Closes#498.
- Adding new BiF disconnect() that shuts a connection to a peer down.
- terminate_connection() now first flushes any still buffered log
messages.
* origin/topic/seth/notice-suppression:
Updated a notice related baseline and added a necessary @load line.
Notice suppression clean up and notice/cluster integrtion fixes.
Updates for notice suppression to use the &create_expire attribute
Small, mostly cosmetic updates and fixing a test.
Fix crash on exit (addresses #607).
Duplicate notice suppression.
Closes#623.
- Worker raised notices are printed a single time by the manager now.
- Cluster/notices integration cleaned up.
- New tests for cluster/notice integration.
- Notice suppression fixes and tests.
- The table tracking notice suppressions is now done with a table
attribute instead of "manually" with scheduled events.
- The $suppress_for field can be set within PolicyItem's now too to
affect the suppression interval through the notice policy.
* origin/topic/jsiwek/path-func-record-demote:
Fix filter path_func to allow record argument as a subset of stream's columns.
Conflicts:
src/LogMgr.cc
Closes#600.
* origin/topic/jsiwek/filter-rotation:
Remove Log::rotation_control (addresses #572).
Add an optional Log::RotationControl to Log::Filter records.
Closes#572.
entities.
Before, whether they did depended on libmagic. To do that,
smpt/entities.bro gets a new option `never_calc_md5`.
Also restructuring the tests a bit so that load a common
testing-setup.bro scripts that can set a global configuration.
- The test needed to append the second notice the event queue so that
the notice would be suppressed correctly.
- Setting $suppress_for manually in apply_policy since it doesn't pick
up the &default when directly creating the record inside the NOTICE call.
