* Better parsing/error-checking of VXLAN and encapsulated packet headers
* Add/implement the "vxlan_packet" event
* Add "Tunnel::vxlan_ports" option to tune the set of VXLAN ports to
analyze/decapsulate
* Add "Tunnel::validate_vxlan_checksums" option to allow for tuning of how
checksums associated with the outer UDP header of a possible VXLAN
tunnel are handled
Fixes GH-250
The result of the |x| operator for interval and time types historically
returned a value of type double. This was changed as part of
3256ac7c49 to return interval/time, but
this now reverts to returning a double again to avoid introducing a
change that may break user code.
Fixes GH-219
Line 76: Replaced ' for ;
Line 120: Replaced ojbects to objects
I tested it on my cloned repo and everything seems to compile without errors (Ubuntu Bionic Beaver) regarding the DNP3 Protocol
The "orig_fuids", "orig_filenames", "orig_mime_types" http.log fields as
well as their "resp" counterparts are now limited to having
"HTTP::max_files_orig" or "HTTP::max_files_resp" entries, which are 15
by default. The limit can also be ignored case-by-case via the
"HTTP::max_files_policy" hook.
Fixes GH-289
It now produces numbers as large as is required to match the data it
needs to represent. It's up to the consumer to decide how to
appropriately handle values that may be outside their supported
range/precision.
Fixes GH-282
The contentline analyzer has two code paths that buffer data:
* right at the top of DeliverStream
* later in DoDeliverOnce
However, contentline can be in plain delivery mode, and if so, the
buffer resize in DeliverStream does not need to be done just because
DeliverStream was passed an 8K data chunk.
This was causing contentline to resize it's buffer to fit chunks of HTTP
response data. Additionally, the buffer was sized to be 3/2 of the
chunk, so an 8K chunk would result in a 12K allocation.
This change ignores leading/trailing whitespaces for a couple of
data-types (bool, port, subnet, addr) and just parses them as if the
whitespace was not present.
Instead of pre-allocating every list with space for 10 items, don't
initialize it at all until the first Insert.
Instead of pre-allocating every dictionary with 17 buckets,
don't initialize it at all until the first Insert.
get_conn_transport_proto needs to use sessions->FindConnection and do a
hash lookup to find the connection while get_port_transport_proto just
looks at the port directly.
* 'master' of https://github.com/ZekeMedley/zeek:
lstrip test output cleanup
implemented rstrip
add rstrip tests
cleanup of lstrip function
added implementation of lstrip
added tests for lstrip function
