This commit removed functions/events that have been deprecated in Bro
2.6. It also removes the detection code that checks if the old
communication framework is used (since all the functions that are
checked were removed).
Addresses parts of GH-243
* All "Broxygen" usages have been replaced in
code, documentation, filenames, etc.
* Sphinx roles/directives like ":bro:see" are now ":zeek:see"
* The "--broxygen" command-line option is now "--zeexygen"
* origin/topic/dnthayer/doc-fixes-for-2.6:
Fix some typos and improve formatting in NEWS
Update the operators documentation
Replace references to libgeoip in the documentation
Update install instructions for python-ipaddress
Update documentation of "option" and "redef" declarations
Improvements to the config framework documentation
Rearrange some lines on the "Log Files" documentation page
Improve install/setup instructions for libmaxminddb
Update NEWS for config framework clusterization changes
Update config framework doc for clusterization changes
Fix typos and formatting issues in config framework docs
* origin/topic/vladg/dhcp_event_deprecation:
Add script to support the old DHCP events
Updated coverage tests and fixed incorrect DHCP:: scoping on some things
* origin/topic/seth/dhcp-update:
Rework to the DHCP analyzer.
First step of DHCP analyzer rearchitecture.
Add .btest scripts for dhck_ack and dhcp_discover messages verifying that new options are correctly reported in dhcp.log records.
Extend DHCP protocol analyzer with new options.
BIT-1924 #merged
Additional changes:
* Removed known-hosts.bro as the only thing populating its table was
the already-removed known-hosts-and-devices.bro. So a
known_devices.log will no longer be generated.
* In dhcp-options.pac, the process_relay_agent_inf_option had a memleak
and also process_auto_proxy_config_option looked like it accessed one
byte past the end of the available bytestring, so fixed those.
* origin/topic/seth/smb-pending-fix:
Updating the defined SMB2 dialects to match Microsofts current docs.
On rare occasions the server doesn't return the tree id on read responses.
Fix an issue with pending commands.
BIT-1862 #merged
This tracks the tree id given by the request
This also addresses BIT-1862 with code submitted by Stefano Rinaldi
and took some hints from his changes in other areas of the code.
Highlights:
- Reduced all DHCP events into a single dhcp_message event. (removed legacy events since they weren't widely used anyway)
- Support many more DHCP options.
- DHCP log is completely reworked and now represents DHCP sessions
based on the transaction ID (and works on clusters).
- Removed the known-devices-and-hostnames script since it's generally
less relevant now with the updated log.
Add the folowing option types:
- 55 Parameters Request List;
- 58 Renewal time;
- 59 Rebinding time;
- 61 Client Identifier;
- 82 Relay Agent Information.
Extend the following events with new parameters, specifically:
- dhcp_discover exports client identifier and parameters request list;
- dhcp_request exports client_identifier and parameters request list;
- dhcp_ack exports rebinding time, renewal time and list of suboptions value of
dhcp relay agent information option;
- dhcp_inform exports parameters request list.
Add option type specific variables within the scope of DHCP module
(see src/analyzer/protocol/dhcp/types.bif).
Move protocol specific variables "dhcp_msg" and "dhcp_router_list" from scope Global to DHCP::
and adapt inet_net_var in src/NetVar.cc consequently.
Extend src/analyzer/protocols/dhcp/main.bro to handle the new events and to log
dhcp_ack, dhcp_request and dhcp_discover.
Modify scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro to
include new events' variables.
