* origin/topic/jsiwek/ipv6-output-format:
Change IPv6 output format to no longer automatically be bracketed.
Change IPv6 address/prefix output format to be bracketed.
Closes#818.
Updated the list of required and optional libraries and tools.
Rewrote the paragraph about the "aux" tools to more accurately
describe what actually gets installed.
Use the (previously unused) icmp_error_message event for ICMPv6 error
messages that don't have a dedicated event. Previously, icmp_sent was
being generated, but icmp_error_message contains more info (icmp_sent
is still being used as a fallback for other icmp messages that don't
have a dedicated event).
Also improved documentation comments for all icmp-related events.
Because, according to RFC 3493, that will cause getaddrinfo to
overlook the ::1 loopback if there's not some other interface with
a global IPv6 address. The rationale being that the flag helps
prevent unnecessary AAAA lookups, but since I set AI_NUMERICHOST,
lookups aren't going to happen anyway.
Also update the IPv6 Bro communication test to get it to work more
reliably.
Looks like it wasn't necessary because no message between remote peers
needed to be changed to support IPv6, just messages between Bro
parent and child processes were changed.
- Communication::listen_ipv6 needs to be redef'd to true in order
for IPv6 listening sockets to be opened.
- Added Communication::listen_retry option as an interval at which
to retry binding to socket addresses that were already in use.
- Added some explicit baselines to check in the istate.events
and istate.events-ssl tests -- the SSL test was incorrectly
passing because it compared two empty files. (The files being
empty because "http/base" was given as an argument to Bro which
it couldn't handle because that script doesn't exist anymore).
Instead, the `addr_to_uri` script-level function can be used to
explicitly add brackets to an address if it's IPv6 and will be
included in a URI or when a ":<port>" needs to be appended to it.
* origin/fastpath:
Add two more TLS extension values that we see in live traffic.
Fixed IPv6 link local unicast CIDR and added IPv6 loopback to private address space.
Fixed a problem where cluster workers were still processing notices in some cases.
Added Carrier Grade NAT CIDR and link local IPv6 to "private_address_space"
- Unserializing files that were previously kicked out of the open-file
cache would cause them to be fopen'd with the original access
permissions which is usually 'w' and causes truncation. They
are now opened in 'a' mode. (addresses #780)
- Add 'max_files_in_cache' script option to manually set the maximum
amount of opened files to keep cached. Mainly this just helped
to create a simple test case for the above change.
- Remove unused NO_HAVE_SETRLIMIT preprocessor switch.
- On systems that don't enforce a limit on number of files opened for
the process, raise default max size of open-file cache from
32 to 512.
- SSL related files and classes renamed to remove the "binpac" term.
- A small fix for DPD scripts to make the DPD log more helpful if
there are multiple continued failures. Also, fixed the SSL
analyzer to make it stop doing repeated violation messages for
some handshake failures.
- Added a $issuer_subject to the SSL log.
- Created a basic test for SSL.
conn.log now sets a field indicating all the parent tunnel UIDs over
which a connection operated and cross reference the UIDs found in
the tunnel.log.
Also some renaming of tunnel related types at the scripting layer.
- Packet loss interval changed to 5 minutes by default. Users
were getting too many notices from this.
- BPF load balancing (ipv4 and ipv6). This will tie in with
upcoming BroControl support for configuring this.
- BPF based connection sampling.
- Small improvements to how and when filters are installed.
* origin/topic/dnthayer/bug801:
Added an option to specify the 'etc' directory
Closes#801.
Note, I've adapted the code in configure a bit to make it independent
of the argument order (same for an older option). Hope that works ...
