The ascii formatter already was happy to read ports in the form
"42/tcp"; however it emitted a warning message for each line.
This patch fixes this and adds a bit more testing for the existing
behavior.
Improved the travis-job test script so that it works outside of Travis.
This can be useful to test changes to the docker container config before
pushing to master, for testing changes on a branch, or for debugging
some problem with the tests running on Travis. This required the
following changes:
-The script no longer requires the TRAVIS env. variable to be set.
-Added an "all" command as a more convenient way to run all steps in a
build.
-Added a "coverity" command-line option to do a coverity build.
-Before building Bro or downloading coverity tools, do a cleanup from any
previous build.
Also other minor improvements (code comments, reorganization, etc.).
* 'master' of https://github.com/chungmin99/bro:
Renamed verify-run to verify_run
Minor edits due to typo and field changes
Added coverage to .PHONY in Makefile due to testing/coverage
Fixing up `make html` target
Refactoring, making error messages nicer, & lcov
Add code coverage for bro source files after btest test suite
* origin/topic/vern/vec-append:
d'oh, still have a (deprecated) string_array rather than string_vector
forgot to update test suite results for v += e
reap the fruits of v += e
test case for v += e
documentation of v += e
v += e implemented
Fixed a mistake in find_ip_addresses()
* origin/topic/vern/set-ops2:
documentation, test suite update
implemented set relationals
bug fix for set intersection
set intersection implemented
mirroring previous topic/vern/set-ops to get branch up to date, since I'm a n00b
Fixed a couple memory leaks and added a leak test
* origin/topic/vern/perf-history:
only generate history threshold events for > 1 instance mention those events in NEWS
a different sort of history update
'W' for zero window implemented; logarithmic 'T'/'C'/'W' history repetitions
I reverted a change that made TCP window tracking unconditional (possibly
accepting out-of-order packets) until further verification of test suite
changes.
Improved install instructions for libmaxminddb and location database.
Improved the explanation of how Bro finds the location database files,
fixed some reST formatting, and fixed a broken link.
* origin/topic/jsiwek/openssl-1.1:
Update install instructions for OpenSSL 1.1 compat
Remove requestorName parameter of ocsp_request event
Adjust x509 unit tests to work around OpenSSL 1.0 vs. 1.1 differences
Fixes for OpenSSL 1.1 support
This updates the "lookup_location" and "lookup_asn" BIFs to use
libmaxminddb. The motivation for this is that MaxMind is discontinuing
GeoLite Legacy databases: no updates after April 1, 2018, no downloads
after January 2, 2019. It's also noted that all GeoIP Legacy databases
may be discontinued as they are superseded by GeoIP2.
Add types of files that genhtml (the program that generates html files
from .gcno/.gcda files, included in lcov) should ignore, such as .yy and
.ll files.
The generation of weird events, by default, are now rate-limited
according to these tunable options:
- Weird::sampling_whitelist
- Weird::sampling_threshold
- Weird::sampling_rate
- Weird::sampling_duration
The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.
There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:
- Reporter::conn_weird
- Reporter::flow_weird
- Reporter::net_weird
Some of the code was adapted from previous work by Johanna Amann.
Wrong offsets were used for the NegotiateFlags field of the
NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE and AUTHENTICATE_MESSAGE. See
[MS-NLMP].pdf section 2.2.2.5 for a definition of that field.
