This prevented one from writing a packet-wise analyzer that needs access
to IP headers and can be attached to a connection via signature match.
None of the analyzers currently shipping are affected. And maybe it's
unlikely there will be many that ever would be, but it's awkward for the
API to omit IP headers in this special case (i.e. packets buffer for use
with DPD signature matching).
Addresses BIT-1298
Allows for catching more invalid assignments at parse-time instead of
aborting at runtime after realizing an assignment won't work.
Addresses BIT-1295.
BIT-1293 #merged
* origin/topic/johanna/ssl-fail-earlier:
and just to be safe - also require the &if check in binpac
make the SSL analyzer skip further processing once encountering situations which are very probably non-recoverable.
situations which are very probably non-recoverable.
Current behavior could lead to us jumping in in the middle of an old
443 stream and interpreting some data as ssl before failing again.
* origin/fastpath:
make sslv2 protocol tests more strict - in its current state they triggered on http traffic over port 443 sometimes.
Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs.
These logs aren't generally useful to build everytime, just when working
on and debugging one of the various grammars and at least I haven't
needed to look at them in years. Also, Ninja builds don't seem to work
because of them (can probably improve the related CMake macros so the
verbose logs do play nice with Ninja, but doesn't seem worth effort
right now, see previous comment).
- I've changed/extended the URI record fields a bit:
- path is always the full path including the full file name
- if there's no path, the field still still be set set "/".
- file_name is the full name including extenstion, and
file_base and file_ext split it out.
- Adding a test exercising a bunch of URLs.
* origin/fastpath:
for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
* origin/topic/vladg/mysql:
Update baselines.
Fix a logic bug with handling quits after the cleanup.
Integrate MySQL with the software framework
A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
Move MySQL analyzer to the new plugin architecture.
Add a btest for the Wireshark sample MySQL PCAP
Add support for more commands, and support quit
Redo the response handling..
Whitespace/readability fixes.
Add memleak and auth btests.
Update baselines.
Get MySQL to compile and add basic v9 support.
MySQL analyzer
