* origin/topic/robin/modbus-events-merge:
adding another trace file to test read and write coil function codes
add/update test file and baseline result
add implementation of bytestring_to_coils for modbusy analyzer
adding a missing field in record ModbusHeaders
add event handlers for modbus
* origin/topic/hui/modbus-events:
adding another trace file to test read and write coil function codes
add/update test file and baseline result
add implementation of bytestring_to_coils for modbusy analyzer
adding a missing field in record ModbusHeaders
add event handlers for modbus
that init-plugin now generates.
Also adding new test that makes sure the the skeleton created by
init-plugin compiles on its own withoyt any further changes.
with a MIME type.
Whenever that MIME is detected, Bro will now automatically activate
the analyzer. The interface mimics how well-known ports are defined
for protocol analyzers.
This isn't actually used by any existing file analyzer (because we
don't have any yet that target a specific file format), but there's a
test making sure it works.
Removed line numbers in the text because it was difficult to keep these
up-to-date. Changed some wording and moved sample scripts before (rather
than after) the descriptive text in order to keep it easy to understand.
* origin/topic/dnthayer/doc-fixes-for-2.3:
Fix minor formatting issues in script docs
Fix a broken link in the docs
Update some info in the docs
Removed a table from the scripting tutorial
Update line numbers mentioned in scripting tutorial
Update line numbers for a doc example
Move scripting tutorial out of reference section
BIT-1205 #merged
This fixes the case that an SMTP session has multiple mails sent from
the originator but we miss the server's response (e.g., because we
don't see server side packets at all).
Specifically observed when redef'ing the same index of a table that uses
subnets as indices, though the bug seems like it applies more generally
to anytime TableVal::Assign is provided with just the HashKey parameter
and not the index Val.
Addresses BIT-1202.
triggered for the tls change cipherspec message.
Also - fix small bug. In case SSL::disable_analyzer_after_detection was set
to F, the ssl_established event would fire after each data packet after the
session is established.
Previously, any expression that evaluates to a record may have been used
in a record ctor's expression list. This didn't work in all cases,
doesn't provide any unique functionality that can't be done otherwise,
and is possibly a path to introducing subtle scripting errors.
BIT-1192 #closed
Good stuff! (but I admit I didn't look at the OpenSSL code too closely :)
* origin/topic/bernhard/even-more-ssl-changes:
small test update & script fix
update baselines & add ocsp leak check
Add policy script adding ocsp validation to ssl.log
Implement verification of OCSP replies.
Add tls flag to smtp.log. Will be set if a connection switched to startls.
add starttls support for pop3
Add smtp starttls support
Replace errors when parsing x509 certs with weirds (as requested by Seth).
move tls content types from heartbleed to consts.bro. Seems better to put them there...
Add new features from other branch to the heartbleed-detector (and clean them up).
Let TLS analyzer fail better when no longer in sync with the data stream. The version field in each record-layer packet is now re-checked.
BIT-1190 #merged
Conflicts:
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
