The ascii formatter already was happy to read ports in the form
"42/tcp"; however it emitted a warning message for each line.
This patch fixes this and adds a bit more testing for the existing
behavior.
* 'master' of https://github.com/chungmin99/bro:
Renamed verify-run to verify_run
Minor edits due to typo and field changes
Added coverage to .PHONY in Makefile due to testing/coverage
Fixing up `make html` target
Refactoring, making error messages nicer, & lcov
Add code coverage for bro source files after btest test suite
* origin/topic/vern/vec-append:
d'oh, still have a (deprecated) string_array rather than string_vector
forgot to update test suite results for v += e
reap the fruits of v += e
test case for v += e
documentation of v += e
v += e implemented
Fixed a mistake in find_ip_addresses()
* origin/topic/vern/set-ops2:
documentation, test suite update
implemented set relationals
bug fix for set intersection
set intersection implemented
mirroring previous topic/vern/set-ops to get branch up to date, since I'm a n00b
Fixed a couple memory leaks and added a leak test
* origin/topic/vern/perf-history:
only generate history threshold events for > 1 instance mention those events in NEWS
a different sort of history update
'W' for zero window implemented; logarithmic 'T'/'C'/'W' history repetitions
I reverted a change that made TCP window tracking unconditional (possibly
accepting out-of-order packets) until further verification of test suite
changes.
* origin/topic/jsiwek/openssl-1.1:
Update install instructions for OpenSSL 1.1 compat
Remove requestorName parameter of ocsp_request event
Adjust x509 unit tests to work around OpenSSL 1.0 vs. 1.1 differences
Fixes for OpenSSL 1.1 support
The generation of weird events, by default, are now rate-limited
according to these tunable options:
- Weird::sampling_whitelist
- Weird::sampling_threshold
- Weird::sampling_rate
- Weird::sampling_duration
The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.
There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:
- Reporter::conn_weird
- Reporter::flow_weird
- Reporter::net_weird
Some of the code was adapted from previous work by Johanna Amann.
BIT-1958 #merged
* origin/topic/johanna/config-cluster:
Add vector to read_config_cluster test.
Fix special-case-bug for vectors in UnaryExpr.
Config: another cluster test-case, this time reading in a file.
Add sending of values to nodes that dropped out.
Continue work on config framework clusterization.
Teach Option::set to unwrap Broker::Data values
Start clusterizing configuration framework.
In some cases one can get the Type() of unaryexpr to be ANY. Vectors so
far did not deal gracefully with this and crashed because trying to
convert any to a vectortype.
This patch fixes this by just using the original vector-type in this
case.
* origin/topic/vern/case-insensitive-patterns:
use PCRE syntax instead of the beautiful new (?i ...) syntax
nitlet in NEWS entry
test suite update for case-insensitive patterns
document use of double quotes to escape case-insensitivity
bug fix for recent memory leak patch
documentation updates for case-insensitive patterns
d'oh there's isalpha. I looked earlier for isletter :-P
fix for handling [:(lower|upper):] in case-insensitive patterns
implemented /re/i for case-insensitive patterns
Mostly trying to standardize the way tests sleep for arbitrary amounts
of time to make it easier to tell at which particular point the
unit test actually may need the timeout interval increased (or else
debugged further).
This field isn't publicly available via the OpenSSL 1.1 API, not used
in the base scripts, and has no example in the test suit, so removing
it is simpler than trying to support manually parsing it out of the
raw data.
This test-case has actually revealed an interesting issue - it works as
is, but as soon as one adds a vector, one gets the fun error-message
fatal error in any: BroType::AsVectorType (any/vector) (any)
This will require a bit more digging :).
In the following example, the republication of "arg" would result in
literally sending it as a Broker::Data record instead of the broker data
that it was already wrapping.
Sender:
Broker::publish("topic", my_event, "hello")
Receiver:
event my_event(arg: any)
{
Broker::publish("topic", my_event, arg)
}
Adds --enable-coverage flag to configure Bro with gcov.
A new directory named /testing/bro-code-coverage/ contains a new
coverage target that as part of `make coverage` in /testing/.
This coverage option creates coverage.log of all important directories in /src/ and
places all generated .gcov files alongside the corresponding source file.
* 'topic/vern/bit-ops' of https://github.com/bro/bro:
documentation clarification for "p1 | p2"
documentation for bitwise operators
document the '|' operator for patterns
test suite for bitwise operators brief NEWS blurb allow for "counter" operands (does anyone still use these?) for one (but not both) of the bitwise operands
bitwise operations for "count" types implemented
Starting branch for supporting bit operations on count's.
Disable broxygen when running unit tests (except for the tests that use
broxygen). On my dual-core MacBook Pro, this change results in the
unit tests taking about 13% less time to finish running.
When encountering an extension unknown to OpenSSL, we would read from
the wrong memory location. Also added a testcase to prevent this specific
case from happening again.
