* origin/topic/awelzel/3145-dcerpc-state-clean:
dce-rpc: Test cases for unbounded state growth
dce-rpc: Handle smb2_close_request() in scripts
smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them
dce-rpc: Do not repeatedly register removal hooks
* origin/topic/vern/minor-modernization:
removed use of unnecessary member variable accessors for StmtList methods
migrated some raw pointers to smart pointers
* origin/topic/timw/clang-tidy-fixups:
Remove unused state_label() method from ssl analyzer binpac files
Mark some overridden functions with override keyword
Use emplace_back over push_back where appropriate
packet_analysis: Define all plugin type as final
Use std::make_unique in one place instead of declaring unique_ptr directly
Avoid unnecessary type names in return statements
Simplify type trait usage (remove ::value usage)
A handful of int-to-bool conversions
Replace empty destructor bodies with =default definitions
Reduce amount of files passed to clang-tidy
* origin/topic/timw/funsigned-char-build:
Update binpac, bifcl, and broker submodules for funsigned-char change
Add /J flag on Windows to force unsigned char
Use -funsigned-char flag when building Zeek
Ad-hoc include module names in the global_ids() table. Table values will
have the type_name field set to "module" and their key in the table is
prefixed with "module " to avoid clashes with existing global identifiers
shadowing module names (Management::Node being an existing example).
Closes#3136
Avoids loosing state on a connection value when a connection is flipped.
Fixes up the NTP baseline as well where this was visible: analyzer_confirmation_info()
was raised for a connection value which was immediately forgotten due to
the subsequent connection flipping.
Closed#3028
Roughly 2.5 years ago all events taking the ``icmp_conn`` parameter were
removed with 44ad614094 and the NetVar.cc
type not populated anymore.
Remove the left-overs in script land, too.
This patch does two things:
1) For SMB close requests, tear down any associated DCE-RPC
analyzer if one exists.
2) Protect from fid_to_analyzer_map growing unbounded by introducing a
new SMB::max_dce_rpc_analyzers limit and forcefully wipe the
analyzers if exceeded. Propagate this to script land as event
smb_discarded_dce_rpc_analyzers() for additional cleanup.
This is mostly to fix how the binpac SMB analyzer tracks individual
DCE-RPC analyzers per open fid. Connections that re-open the same or
different pipe may currently allocate unbounded number of analyzers.
Closes#3145.
