* origin/topic/dnthayer/language-tests:
Update language tests for recent bug fixes
Add more language tests
Add more language tests
Add more language tests
Update language tests
Add more language tests
Add tests of the Bro scripting language
* origin/fastpath:
Fix construction of ip6_ah (Authentication Header) record values.
Update compile/dependency docs for OS X.
Adjusting Mac binary packaging script.
Unit test reliability adjustment.
Adjusting some unit tests that do cluster communication.
Small change to non-blocking DNS initialization.
reorder a few statements in scan.l to make 1.5msecs etc work.
Authentication Headers with a Payload Len field set to zero would cause
a crash due to invalid memory allocation because the previous code
assumed Payload Len would always be great enough to contain all
mandatory fields of the header. This changes it so the length of
the header is explicitly checked before attempting to extract fields
located past the minimum length (8 bytes) of an Authentication Header.
Crashes due to this are only possible when handling script-layer events
ipv6_ext_headers, new_packet, esp_packet, or teredo_*. Or also when
implementing one of the discarder_check_* family of functions.
Otherwise, Bro correctly parses past such a header.
- Renamed many data structures to align with most recent standard.
- Reworked modbus events to make them more canonically "Bro".
- Converted the Modbus analyzer to a simpler style for easier maintenance.
- Modbus coil related events still don't work (I haven't finished the
function for converting the data structures).
- Modbus file record events remain incomplete.
Setting CMAKE_PREFIX_PATH helps link against standard system libs
instead of ones that come from other package manager (e.g. MacPorts).
Changed to allow only more recent CMake versions to create packages
due to poorer clang compiler support in older versions, important
since clang is now the default compiler instead of gcc on Macs.
Sometimes manager node was shutting everything down before others had
a chance to generate output. It now waits for all nodes to fully
connect with each other.
The trailing dot on "localhost." circumvents use of /etc/hosts in
some environments (I saw it on FreeBSD 9.0-RELEASE-p3) and so emits
an actual DNS query. When running the test suite, that would be
hundreds of useless queries.
* origin/fastpath:
Fix the "-=" operator for intervals
Fix "!=" operator for subnets
Add sleeps to configuration_update test for better reliability.
Fix a segfault when iterating over a set
Not the greatest solution, but makes the 3 bro processes more likely to
run sequentially so that the controller2 process doesn't happen to be
scheduled before the controller process. In that case, the controllee
gets the shutdown request before the configuration update. FreeBSD
especially seemed to schedule them the unintended way frequently.
When iterating over a set with a "for" loop, bro would segfault
when the number of index variables was less than required.
Example: for ( [c1,c2] in s1 ) ...
where s1 is defined as set[addr,port,count].
* origin/master:
Two fixes.
Updating CHANGES and VERSION.
Updating CHANGES and VERSION.
Remove automatic use of gperftools on non-Linux systems.
Set VERSION to 2.1-rc3 so that we don't get confused.
Fix uninitialized value for 'is_partial' in TCP analyzer.
parse 64-bit consts correctly.
on 32-bit machines only unsigned long longs are 64-bits long. Not just unsigned longs...
* origin/topic/dina/modbus:
put some make-up on Modbus analyser
Modbus analyser, added support: FC=20,21
Modbus analyzer,added support: FC=1,2,15,24
Modbus analyzer, current support: FC=3,4,5,6,7,16,22,23
I cleaned up the code a bit, mainly layout style.
I did not include the *.bro scripts for now, but a test script
../testing/btest/scripts/base/protocols/modbus/events.bro that prints
out the value for each event.
Merged the Modbus traces from the ics repository into a single trace
as input for the test. They currently trigger 20 of the 34 events.
Addresses #870.
Added tests for the conditional operator, operator precedence,
modules ("module" and "export" keywords, and the "::" operator), and
for the "copy" keyword.
Also improved tests of max/min values of int, count, and double constants.
* origin/fastpath:
Remove automatic use of gperftools on non-Linux systems.
Fix uninitialized value for 'is_partial' in TCP analyzer.
parse 64-bit consts correctly.
on 32-bit machines only unsigned long longs are 64-bits long. Not just unsigned longs...
--enable-perftools must now explicity be supplied to ./configure on
non-Linux systems to link against the tcmalloc library that a
gperftools installation provides. Linux systems still automatically
link it if it's found. The rationale is that gperftools was developed
and most throroughly tested on Linux so it's safer there.
There especially seems to be potential problems with gperftools on OS X
(e.g. see http://code.google.com/p/gperftools/issues/detail?id=413),
and Bro currently doesn't work with gpertools there using clang or gcc.
This led to non-deterministic behavior in cases where the first packet
analyzed wasn't from the originator side (see the conditionals in
TCP_Analyzer::CheckFlagCombos()).
The 'short' test in private test suite showed this behavior most often.
