The advantage of using docker containers is to build and test Bro in
an environment that more closely resembles the environment where Bro
will actually be used. The docker containers currently used enable
testing Bro with all the major versions of gcc (versions 4 through 8),
as well as both python 2 and 3.
The "travis-job" script now takes a second parameter which specifies
a Linux distro to use (specifying "travis" will build and test bro
without using docker).
Improved readability of the output by adding more error checking
and better error and informational messages, and by moving the
unit test diag.log output to just before any external tests are run.
For pull request builds, skip the private tests instead of failing.
Prevent timeouts after 10 minutes of no output by not using the
btest "-b" option.
Decrease build time by not building unneeded components.
This patch fixes a *19 year old* reference-counting bug (which could
lead to a use-after-free, not merely a leak) in the regular expression
code.
Patch by Vern Paxson.
* 'topic/vern/bit-ops' of https://github.com/bro/bro:
documentation clarification for "p1 | p2"
documentation for bitwise operators
document the '|' operator for patterns
test suite for bitwise operators brief NEWS blurb allow for "counter" operands (does anyone still use these?) for one (but not both) of the bitwise operands
bitwise operations for "count" types implemented
Starting branch for supporting bit operations on count's.
Disable broxygen when running unit tests (except for the tests that use
broxygen). On my dual-core MacBook Pro, this change results in the
unit tests taking about 13% less time to finish running.
The former replaces the pcap vs. live versions of the same tuning
option. If a user does not change these, Bro makes some internal
decisions that may help avoid performance problems on systems with high
core counts: the number of CAF threads is capped at 8 and the maximum
sleep duration for under-utilized threads is increased to 64ms (CAF's
default is 10ms).
These may be used to change the number of scheduler threads that the
underlying CAF library creates. In pcap mode, it's currently hardcoded
to the minimal 4 threads due to potentially significant overhead in CAF.
Now manually keeps track of peer count instead of querying Broker for
that information (which would result in waiting upon a blocking request
to the core actor).
When encountering an extension unknown to OpenSSL, we would read from
the wrong memory location. Also added a testcase to prevent this specific
case from happening again.
For fuzzed/damaged/corrupted pcaps, a timestamp of 0 could lead to an
infinite loop in Bro as it interprets that as meaning the packet source
is not ready yet.
* origin/topic/jsiwek/broker-misc:
Add Broker::publish_and_relay BIF
Document variable argument list BIFs using ellipsis
Support unserializing broker data into type 'any'
Fix a bug in broker data type-casting check
Remove dead code in broker data/val conversion function
* origin/topic/vladg/ssh-fix:
#120: Pull in PR, and make a couple small cleanup tweaks.
SSH protocol now assesses the packet length at an earlier stage within binpac. Stops SSH analyzer constantly raising binpac exceptions. Seems to be because a packet continues to go through binpac when empty and only calls the next packet when asked for more data and not on operations.
