* origin/topic/jsiwek/ipv6-comm:
Enable Bro to communicate with peers over non-global IPv6 addresses.
Add unit tests for Broccoli SSL and Broccoli IPv6 connectivity.
Remove AI_ADDRCONFIG getaddrinfo hints flag for listening sockets.
Undo communication protocol version bump.
Add support to Bro for connecting with peers over IPv6.
Closes#820.
Conflicts:
src/bro.bif
* origin/topic/robin/dataseries:
Moving trace for rotation test into traces directory.
Fixing a rotation race condition at termination.
Portability fixes.
Extending DS docs with some examples.
Updating doc.
Fixing pack_scale and time-as-int.
Adding format specifier to DS spec to print out double as %.6f.
DataSeries updates and fixes.
DataSeries tuning.
Tweaking DataSeries support.
Extending log post-processor call to include the name of the writer.
Removing an unnecessary const cast.
DataSeries TODO list with open issues/questions.
Starting DataSeries HowTo.
Additional test output canonification for ds2txt's timestamps.
In threads, an internal error now immediately aborts.
DataSeries cleanup.
Working on DataSeries support.
Merging in DataSeries support from topic/gilbert/logging.
Fixing threads' DoFinish() method.
This usually requires specifying an additional zone identifier
(see RFC 4007). The connect() and listen() BIFs have been
changed to accept this zone identifier as an argument.
- Communication::listen_ipv6 needs to be redef'd to true in order
for IPv6 listening sockets to be opened.
- Added Communication::listen_retry option as an interval at which
to retry binding to socket addresses that were already in use.
- Added some explicit baselines to check in the istate.events
and istate.events-ssl tests -- the SSL test was incorrectly
passing because it compared two empty files. (The files being
empty because "http/base" was given as an argument to Bro which
it couldn't handle because that script doesn't exist anymore).
- SSL related files and classes renamed to remove the "binpac" term.
- A small fix for DPD scripts to make the DPD log more helpful if
there are multiple continued failures. Also, fixed the SSL
analyzer to make it stop doing repeated violation messages for
some handshake failures.
- Added a $issuer_subject to the SSL log.
- Created a basic test for SSL.
conn.log now sets a field indicating all the parent tunnel UIDs over
which a connection operated and cross reference the UIDs found in
the tunnel.log.
Also some renaming of tunnel related types at the scripting layer.
- Packet loss interval changed to 5 minutes by default. Users
were getting too many notices from this.
- BPF load balancing (ipv4 and ipv6). This will tie in with
upcoming BroControl support for configuring this.
- BPF based connection sampling.
- Small improvements to how and when filters are installed.
- AYIYA works.
- AYIYA analyzed connections are still labelled wrong in conn.log (logged as syslog)
- Some clean up for left over code.
- Small refactoring to pass packets back from analyzers to core.
- $uid is now optional in conn logs since ip-in-ip tunnel parent's
won't have an actual connection.
- The option to use integers insteads of double was ignored.
- Renaming script-level options to remove the ds_ prefix.
- Log rotation didn't work.
- A set of simple unit tests.
I copied the code over manually, no merging, because (1) it needed to
be adapted to the new threading API, and (2) there's more stuff in the
branch that I haven't ported yet.
The DS output generally seems to work, but it has seen no further
testing yet.
Not unit tests yet either.
- New script measures a couple of aspects of SMTP traffic.
- Existing metrics scripts had a small amount of work done
to make them work with changes to metrics framework.
- Metrics:ID enum has been replaced with strings.
- Uniqueness can now be measured with the Metrics::add_unique function.
- Filters can change the index value with the $normalize_func field.
compiles, not really tested.
basic test works 70% of the time, coredumps in the other 30 - but was not easy to debug on a first glance (most interestingly the crash happens in the logging framework - I wonder how that works).
Other tests are not adjusted to the new interface yet.
Seems to work -- all test pass.
But there are thread-safety issues at the moment, because the constructors of IPAddr and IPPrefix are not thread-safe, but needed by workers.
Conflicts:
src/logging/Manager.cc
* change internal reader interface again
* remove some quite embarassing bugs that must have been in the interface for rather long
* add different read methods to script & internal interface (like normal, streaming, etc). Not implemented in ascii reader yet.
- Large rework on packet filter framework to make many things easier.
- Removed the PacketFilter::all_packets variable because it was confusing.
- New variable (PacketFilter::enable_auto_protocol_capture_filters) to re-enable the old filtering model of only sniffing ports for analyzed protocols.
- In progress plugin model for adding filtering mechanisms.
- New default single item for capture_filters = { ["default"] = PacketFilter::default_capture_filter };
- Mechanism and helper functions to "shunt" traffic with filters.
- Created the Protocols framework to assist with reworking how base protocol scripts are registered with DPD and other things.
- Protocols framework creates BPF filters for registered analyzers. (if using PacketFilter framework in that mode).
