* topic/robin/input-threads-merge: (130 commits)
And now it even compiles after my earlier changes.
A set of input framework refactoring, cleanup, and polishing.
another small memory leak in ascii reader:
and another small memory leak when using streaming reads.
fix another memory lead (when updating tables).
Input framework merge in progress.
filters have been called streams for eternity. And I always was too lazy to change it everywhere...
reactivate network_time check in threading manager. previously this line made all input framework tests fail - it works now. Some of the other recent changes of the threading manager must have fixed that problem.
fix up the executeraw test - now it works for the first time and does not always fail
baselines for the autostart removal.
remove last remnants of autostart, which has been removed for quite a while.
make input framework source (hopefully) adhere to the usual indentation style. No functional changes.
fix two memory leaks which occured when one used filters.
update description to current interface.
rename a couple of structures and make the names in manager fit the api more.
fix memory leak in tables and vectors that are read into tables
fix missing get call for heart beat in benchmark reader.
fix heart_beat_interval -- initialization in constructor does not work anymore (probably due to change in init ordering?)
fix memory leak for tables... nearly completely.
fix a couple more leaks. But - still leaking quite a lot with tables.
...
The ICMP/ICMPv6 analyzers function correctly when full packets have
not been captured, but everything up to and including the ICMP header
is there (e.g. the functions that inspect ICMP error message context
correctly check the caplen to see if more info can be extracted).
The "Should have been caught earlier already." comment may have referred
to NetSessions::CheckHeaderTrunc, which works as intended to catch cases
where the ICMP header is not there in full, but then the assert was
still not correctly formulated for that...
Also changed the ICMP checksum calculation to not occur when the full
packet has not been captured, which seems consistent with what the UDP
analysis does.
Adjust twotables testcase - now it is faster. Shorten the output
-- because of threading, the results did not always come out in
the same order (it depends on which thread manages to sneak in
the results into the queue earlier).
* origin/topic/jsiwek/ipv6-comm:
Enable Bro to communicate with peers over non-global IPv6 addresses.
Add unit tests for Broccoli SSL and Broccoli IPv6 connectivity.
Remove AI_ADDRCONFIG getaddrinfo hints flag for listening sockets.
Undo communication protocol version bump.
Add support to Bro for connecting with peers over IPv6.
Closes#820.
Conflicts:
src/bro.bif
Without this change, flow labeling of connections over IPv6 are
only available in the per-packet types of events (e.g. new_packet)
in which header fields can be inspected, but now minimal tracking
of the most recent flow label is done internally and that's available
per-connection for all events that use connection record arguments.
Specifically, this adds a "flow_label" field to the "endpoint" record
type, which is used for both the "orig" and "resp" fields of
"connection" records. The new "connection_flow_label_changed" event
also allows tracking of changes in flow labels: it's raised each time
one direction of the connection starts using a different label.
* origin/topic/robin/dataseries:
Moving trace for rotation test into traces directory.
Fixing a rotation race condition at termination.
Portability fixes.
Extending DS docs with some examples.
Updating doc.
Fixing pack_scale and time-as-int.
Adding format specifier to DS spec to print out double as %.6f.
DataSeries updates and fixes.
DataSeries tuning.
Tweaking DataSeries support.
Extending log post-processor call to include the name of the writer.
Removing an unnecessary const cast.
DataSeries TODO list with open issues/questions.
Starting DataSeries HowTo.
Additional test output canonification for ds2txt's timestamps.
In threads, an internal error now immediately aborts.
DataSeries cleanup.
Working on DataSeries support.
Merging in DataSeries support from topic/gilbert/logging.
Fixing threads' DoFinish() method.
* origin/topic/jsiwek/ipv6-output-format:
Change IPv6 output format to no longer automatically be bracketed.
Change IPv6 address/prefix output format to be bracketed.
Closes#818.
Because, according to RFC 3493, that will cause getaddrinfo to
overlook the ::1 loopback if there's not some other interface with
a global IPv6 address. The rationale being that the flag helps
prevent unnecessary AAAA lookups, but since I set AI_NUMERICHOST,
lookups aren't going to happen anyway.
Also update the IPv6 Bro communication test to get it to work more
reliably.
- Communication::listen_ipv6 needs to be redef'd to true in order
for IPv6 listening sockets to be opened.
- Added Communication::listen_retry option as an interval at which
to retry binding to socket addresses that were already in use.
- Added some explicit baselines to check in the istate.events
and istate.events-ssl tests -- the SSL test was incorrectly
passing because it compared two empty files. (The files being
empty because "http/base" was given as an argument to Bro which
it couldn't handle because that script doesn't exist anymore).
Instead, the `addr_to_uri` script-level function can be used to
explicitly add brackets to an address if it's IPv6 and will be
included in a URI or when a ":<port>" needs to be appended to it.
- Unserializing files that were previously kicked out of the open-file
cache would cause them to be fopen'd with the original access
permissions which is usually 'w' and causes truncation. They
are now opened in 'a' mode. (addresses #780)
- Add 'max_files_in_cache' script option to manually set the maximum
amount of opened files to keep cached. Mainly this just helped
to create a simple test case for the above change.
- Remove unused NO_HAVE_SETRLIMIT preprocessor switch.
- On systems that don't enforce a limit on number of files opened for
the process, raise default max size of open-file cache from
32 to 512.
- SSL related files and classes renamed to remove the "binpac" term.
- A small fix for DPD scripts to make the DPD log more helpful if
there are multiple continued failures. Also, fixed the SSL
analyzer to make it stop doing repeated violation messages for
some handshake failures.
- Added a $issuer_subject to the SSL log.
- Created a basic test for SSL.
conn.log now sets a field indicating all the parent tunnel UIDs over
which a connection operated and cross reference the UIDs found in
the tunnel.log.
Also some renaming of tunnel related types at the scripting layer.
UDP tunnel support removed for now, to be re-added in specific
analyzers later, but IP-in-IP is now decapsulated recursively
so nested tunnels can be seen and the inner packets get sent
through the IP fragment reassembler if necessary.
