Sorted cmd-line options in alphabetical order to make it easier to
add or remove options (or even to just check if they're listed
correctly in the source code).
Works like old enable_communication(), but for new broker communication
mechanism. Scripts have to explicitly call this if they want to use the
broker communication functionality. Saves a decent chunk of Bros'
initialization time when one doesn't need communication features.
* origin/topic/robin/pktsrc:
Fixing link-layer handling.
Bugfixes and test updates.
Fixing remaining tests.
Adding test for dynamic packet dumper plugin.
Test updates.
Fixing Bro-level BPF filtering.
A set of smaller API tweaks, and polishing.
Adding test creating a dynamic pktsrc plugin.
Interface tweaks for PktSrc, plus docs for PktSrc and PktDumper.
A set of various fixes and smaller API tweaks, plus tests.
Moving some of the BPF filtering code into base class.
Small packet dumper API change.
Moving Pkt{Src,Dumper} a directory level up.
Removing FlowSrc.
Removing netmap, remaining pieces of the 2ndary path, and left-over files of packet sorter.
Prototype of a netmap packet source.
A series of updates and tweaks to the new PktSrc interface.
Fixing rebase relicts.
IOSource reorg.
BIT-1243 #close
We could bring this back, now derived from PktSrc (though strickly
speaking it's of course not *packets). But not sure if we want that,
as the input framework seems the better place to host it. Then it
would turns into a reader.
file_analysis::Manager's dtor now doesn't assume any more analysis
progress can be made because too many of Bro's other subsystems
are shutdown by that point. Any file analysis requests made after
Terminate cannot be reliably processed.
* origin/topic/jsiwek/file-signatures:
File type detection changes and fix https.log {orig,resp}_fuids fields.
Various minor changes related to file mime type detection.
Refactor common MIME magic matching code.
Replace libmagic w/ Bro signatures for file MIME type identification.
Conflicts:
scripts/base/init-default.bro
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
BIT-1143 #merged
* origin/topic/bernhard/file-analysis-x509:
x509 version always has to be incremented. Baselines already committed.
Fix x509 certificate Version (the +1 was missing...).
Add policy script to suppress non host-certificate logging in x509.log
Forgot the preamble for the new leak test
(hopefully) last change -> return real opaque vec instead of any_vec
Fix dump-events - it cannot be used with ssl anymore, because openssl does not give the same string results in all versions.
Finishing touches of the x509 file analyzer.
Revert change to only log certificates once per hour.
Change x509 log - now certificates are only logged once per hour.
Fix circular reference problem and a few other small things.
X509 file analyzer nearly done. Verification and most other policy scripts work fine now.
Add verify functionality, including the ability to get the validated chain. This means that it is now possible to get information about the root-certificates that were used to secure a connection.
Second try on the event interface.
Backport crash fix that made it into master with the x509_extension backport from here.
Make x509 certificates an opaque type
rip out x509 code from ssl analyzer. Note that since at the moment the file analyzer does not yet re-populate the info record that means quite a lot of information is simply not available.
parse out extension. One event for general extensions (just returns the openssl-parsed string-value), one event for basicconstraints (is a certificate a CA or not) and one event for subject-alternative-names (only DNS parts).
Very basic file-analyzer for x509 certificates. Mostly ripped from the ssl-analyzer and the topic/bernhard/x509 branch.
BIT-1150 #merged
Put some methods in file_analysis::Manager that can perform the
matching process and return MIME type results. Also helps to
centralize the management/re-use of a signature matcher object.
