- It's ok to always load the framework. If you don't
specifiy the CLUSTER_NODE environment variable it doesn't
ultimately do anything.
- The $CLUSTER_NODE variable causes the framework to try and
load a script named cluster-layout.bro which must be located
somewhere in your $BROPATH. The value of the $CLUSTER_NODE
variable is a count that indicates a node in the Cluster::nodes
variable that is set in the cluster-layout.bro script.
- The Cluster::nodes variable is a flat configuration because
it's assumed that it would be automatically generated by a
utility such as BroControl. This will facilitate the tiered or
"deep" clustering that is coming.
It had some conceptual problems because notices aren't
always logged and in some cases are fairly infrequently
logged which resulted in a lot of notice tags being
attached to connections where the notice didn't show
up in a log file. Also, the rule of thumb here is that
frameworks should never load protocols. It's just bad
practice and probably indicates incorrect design somewhere.
The link between the conn log and the notice log should
now be made with the connections unique ID which is logged
in both logs and is more reliable.
- The Makefiles now run btest with "-f diag.log" so that diangnostics
output will always be written into that file.
- Makefiles now hardcode path to btest to avoid picking up the wrong version
if in PATH.
- The canonifier scripts now live in testing/scripts, and they are
used from both btest/ and external/.
- There's a new diff-remove-uids scripts that removed connection UIDs
for diffing. The external/* tests now use that by default.
- Timestamp removal now has its own script: diff-remove-timestamps.
diff-canonifier calls that.
- All Makefile have a "brief" target that runs btest with -b.
- The higher-level directories have Makefile to call the subdirs.
* remotes/origin/topic/policy-scripts-new:
Fixed another SSL analyzer memory leak.
Attempting to fix another SSL bug.
Fixing a ref counting bug in the SSL analyzer that I just introduced.
Fixing memory leaks in SSL analyzer.
Fixed a parsing bug in the SSL analyzer thanks to tracefile from Aashish Sharma.
Removing my fix from earlier. This is indicating the script-land generated events priority problem.
Updates to the DPD framework.
Fixed a bug in the auth-addl DNS script.
Conflicts:
src/bro.bif
* origin/topic/robin/reporting:
Syslog BiF now goes through the reporter as well.
Avoiding infinite loops when an error message handlers triggers errors itself.
Renaming the Logger to Reporter.
Overhauling the internal reporting of messages to the user.
Updating a bunch of tests/baselines as well.
Conflicts:
aux/broccoli
policy.old/alarm.bro
policy/all.bro
policy/bro.init
policy/frameworks/notice/weird.bro
policy/notice.bro
src/SSL-binpac.cc
src/bro.bif
src/main.cc
- Removed the ProtocolViolation notice. I'd like to hear
if someone actually used that notice for something.
- Folded the dyn-disable functionality into the dpd/base script.
- Other small cleanup.
This is for testing only. There are also two test: one that checks
that test-all.bro loads correctly, and one that ensures that test-all
is actually loading all scripts found in policy/*.
traces and more complex Bro configurations.
That's "Type 2" in the terminology of
http://www-new.bro-ids.org/devel/projects/testing.html
This leverages btest as well and will replace the set of scripts that
the old private test-suite is using. It can accomodate tests with both
public and private traces.
This is a checkpoint commmit, not much there yet in terms of actual
testing. Also still need to figure out a mechanmism to allow for
different baselines based on which branch we're testing.
* remotes/origin/topic/policy-scripts-new:
Add RPC/SSL scripts to doc generation target.
Update the generated script doc organization.
Changing back the last commit. It made things worse.
Trying a different method of record parsing for SSL analyzer.
Moved the RPC script into the right place.
More SSL script cleanup.
Fixed a segfault from empty strings in the SSL analyzer.
Removing what I believe is the last stray print statement from the SSL analyzer.
Fixed more eternal looping bugs in the SSL analyzer.
Updates and fixes for the SSL analyzer.
Changes to make generated script docs understand new policy/ hierarchy.
