This is a small caveat to this implementation. The ethernet
header that is carried over the tunnel is ignored. If a user
tries to do MAC address logging, it will only show the MAC
addresses for the outer tunnel and the inner MAC addresses
will be stripped and not available anywhere.
- New fields: extracted_cutoff and extracted_size.
These fields will be null if the file isn't extracted.
- Extended the extraction test to test the files log too.
* origin/topic/dnthayer/ticket1516:
Remove wordexp functionality from broxygen
Fix a failing test on OpenBSD
Fix compiler warnings on OpenBSD
Fix a build failure on OpenBSD
Fix test core.pcap.dumper to work on OpenBSD
BIT-1516 #merged
Broxygen no longer attempts to do tilde expansion of PATH
components when trying to get the mtime of Bro (this involved removing
the wordexp functionality, which doesn't exist on OpenBSD). In the
very unlikely event that this causes problems for someone (this could
occur by running "bro -X configfile" if bro is located in a PATH
component which starts with a tilde, such as "~/bin"), the error
message text has been improved so that a user knows the workaround
for this (just run bro with a relative or absolute path).
Broxygen also no longer attempts to get the mtime of the bro executable
when bro wasn't invoked with the "-X" option.
The wordexp function doesn't exist in OpenBSD. Skipping this
functionality only affects users who have bro installed in a directory
in the PATH and the directory name as it appears in PATH starts with
a tilde (e.g. "~/bin"). A simple workaround for affected users
would be to change the PATH environment variable to not contain any
tildes.
At one place in the code, we do not check the correct return code. This
makes it possible for a reply to get a response of "good", when the ocsp
reply is not actually signed by the responder in question.
This also instructs ocsp verication to skip certificate chain
validation, which we do ourselves earlier because the OCSP verify
function cannot do it correctly (no way to pass timestamp).
The definition of a "struct pcap_pkthdr" on OpenBSD contains a member
of type "struct bpf_timeval" instead of "struct timeval" used on other
systems.
Also, on OpenBSD the header netinet/if_ether.h does not #include
net/if_arp.h as it does on other systems.
KerberosString formatting for principal name to be compliant with RFC 4120 section 5.2.2, which states that there can be a few components (and in practice we have seen 3, more than the 1 or 2 that is typical)
Moved the definitions of DCE_RPC::BackingState and DCE_RPC::State types
into the export block. These types are used in the redef of the
"connection" record.
