With clang on FreeBSD 11.0-p1, some md5 functions tend to return the
wrong result. This is, e.g., visible when running the bifs/md5 testcase.
In this test, the checks using md5_hash_finish will return an empty
string.
The apparent cause is some confusion in clang when using a static char
inside a static inline function that is refered to several compilation
units.
Exact version of clang showing this issue is:
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0)
Target: x86_64-unknown-freebsd11.0
Thread model: posix
InstalledDir: /usr/bin
Issue occurs with -O2.
The first person to either find an existing clang bugreport for this, or
to create an minimal testcase and files one will get a drink from me :)
- DCE_RPC fragmentation handling returns!
- Fixed some general parsing issues
- Fixed an issue with the DCE_RPC signature not working for IPv6 connections.
We could actually already see these in traffic with people that use and
enabled them in chrome canary / firefox nightly builds. This change
includes the re-naming of a few names that were never formalli assigned
yet.
Nice, thanks!
BIT-1671 #merged
* origin/topic/vladg/bit-1671:
Add descriptions for what the SMB1 events do, and references to the specification.
Add descriptions for what the SMB2 events do, and references to the specification.
Improve the SMB2 documentation.
Improve the SMB1 documentation a bit. Clean it up, make it more consistent, and add references to similar events.
Add DCE-RPC and NTLM abbreviation documentation for their events.
Remove reference to epm_map_response in RPC documentation. Addresses BIT-1671.
Rename events referenced in SMB1::Header documentation with new SMB analyzer. Addresses BIT-1671.
versions.bro uses the changing version string, which leads to changing
lines in the output of the hooks plugin, which is difficult to filter.
Hence, let's just @unload it, before it is being used.
* Clean it up, make it more consistent, and add references to similar events.
* Commented out the smb2_set_info_request event, which wasn't being generated.
* Documented the SMB2 record types in init-bare
One more name change: version_num -> version_number
BIT-1707 #merged
* origin/topic/johanna/version:
Slight naming changes for Bro version information.
Add convenient way to access version information to Bro.
Because plugins register their script directories with the BROPATH,
Broxygen stripped them out from plugin script paths it was indexing.
That then led to multiple plugins ending up with the same script
paths, triggering warnings about duplicates.
I fixed this by checking if a script comes out of a plugin. If so, it
gets an artifcial index prefix "<plugin-name>:", followed by the
script's relative path inside the plugin's top-level directory. For
example, "/opt/bro/lib/bro/plugins/Bro_Netmap/scripts/init.bro" now
turns into "Bro::Netmap:scripts/init.bro" for Broxygen purposes
(whereas it used to be just "init.bro").
Addresses BIT-1663.
(Can't think of a good way to add a test for this unfortunately.)
With the introduction of the package manager, it will get more common
that applications are able to get information about the currently
running version of Bro. With this commit, scripts can easily compare
which version of Bro they are running.
Commonly, this probably will either look like this (both lines check if
the current Bro version is greater or equal to 2.5)
@if ( Version::num >= 20500 )
or
@if ( Version::greater_equal("2.5") )
Version::info contains detailed information about the running version of
Bro, including beta flags, etc.
Looks like the right fix. Two tiny tweaks:
- changed the order of arguments for DeleteVals() for consistency
with the corresponding Manager function.
- turned the InternalWarning into a Warning: if I understand
correctly, this can happen when scripts on nodes diverge; which
is a user-side problem, not an internal Bro logic issue.
BIT-1683 #merged
* origin/topic/johanna/bit-1683:
Actually check if the number of fields in a write are equal to the number of fields required.
