This is for older CMakes which don't understand object libraries yet.
We auto-generate a file at the top-level that references all the
global plugin objects. Once they are referenced, the linker includes
them into the final executable and their ctors run to register them
with the plugin manager.
By default this is on. Once we can require more recent CMakes, we can
turn it off (and remove) in src/CMakeLists.txt.
Closes#983.
* origin/topic/jsiwek/983:
Add named constructor examples to docs.
Allow named vector constructors. Addresses #983.
Allow named table constructors. Addresses #983.
Improve set constructor argument coercion.
Allow named set constructors. Addresses #983.
Allow named record constructors. Addresses #983.
Closes#1004. Great job tracking this down!
* origin/fastpath:
Dangling pointer fix. Addresses #1004.
Sorry, that libmagic version actually might have some problems - at least on the linux distribution I have access to. So... it was a bad idea.
accept libmagic starting from 5.03
A bitvector is a vector of bits with underlying block storage. Since C++ has no
notion of lvalues in the context of bits, we use a small wrapper class
Reference that masks the desired bit in the corresponding block.
http.log now has files taken from request and response bodies in
different fields for each, and can now track multiple files per body.
That is, the "extraction_file" field is now "extracted_request_files"
and "extracted_response_files".
- On-demand access to sumstats results through "return from"
functions named SumStats::request and Sumstats::request_key.
Both functions are tested in standalone and clustered modes.
- $name field has returned to SumStats which simplifies cluster
code and makes the on-demand access stuff possible.
- Clustered results can only be collected for 1 minute from their
time of creation now instead of time of last read.
- Thresholds use doubles instead of counts everywhere now.
- Calculation dependency resolution occurs at start up time now
instead of doing it at observation time which provide a minor
cpu performance improvement. A new plugin registration mechanism
was created to support this change.
- AppStats now has a minimal doc string and is broken into hook-based
plugins.
- AppStats and traceroute detection added to local.bro
It was mostly redundant when logged, but still can be useful to
inspect at runtime. In the future, a better field for logging
will be available which will be similar to the "service" field
for connection records (there's not any file-format-specific
analyzers that would currently make use of such a thing).
- Remove script-layer data input interface (will be managed directly
by input framework later).
- Only track files internally by file id hash. Chance of collision
too small to justify also tracking unique file string.
It used to special-case an error message produced in the case that ES
isn't available, however with scripts/test-all-policy.bro now
explicitly disabling ES output, that doesn't seem necessary anymore.
