* origin/topic/vladg/mysql_nul_string_fix:
Add a test with an encrypted MySQL connection
Fix parsing of MySQL NUL Strings, where we now require it to have a NUL value at the end.
ssh_auth_attempted sets some requisite fields that ssh_auth_successful
relies on. ssh_auth_attempted wasn't getting called because of a logic
error.
For a more complete discussion of this issue, see:
https://github.com/bro/bro/issues/192
* TypeType values are now printable and yield the type name/alias
* Fix record_fields BIF to return correct type name for fields
* Allow TypeType values that point to a RecordType to be used with
record_fields BIF
* origin/master:
Fix typo in Sessions.h
Update baselines for SSH capabilities fix
Fix SSH analyzer bug where is_server in capabilities is wrong.
Revert DNS query 255 from ANY to *
Missing commas...
Fix typo in dce-rpc consts
Refactor to use consistent numeric type in dce_rpc. Add missing DNS query type codes
Add DCE_RPC exchange_mapi operations to relevant consts.bro file
GH-186: fix JSON formatting of timestamps before Unix epoch
Fix test baseline for plugin skeleton update
Fix crash when modifying a table from within its &expire_func
Convert site::local_nets, etc. into options.
GH-184: add `bro-config --build_type`, outputs CMake build type
Updating submodule(s).
Add return value checks for some RPC parsing functions
Add 'fallthrough' comment to a switch/case block
Improve broker.remote_id unit test
Increase broker unit test timeout intervals
* 'master' of https://github.com/spitfire55/bro:
Revert DNS query 255 from ANY to *
Missing commas...
Fix typo in dce-rpc consts
Refactor to use consistent numeric type in dce_rpc. Add missing DNS query type codes
I added back in DNS constants for PTR, EDNS, and ANY to avoid breaking
code for any people that use them.
Also omitted the DNP3 function code 0x83 name change from
"AUTHENTICATE_RESP" to "AUTHENTICATE_RESPONSE", again to avoid
potentially breaking code unnecessarily: "RESP" vs. "RESPONSE" is not
wrong in any sense, just maybe a matter of clarify.
The ssh_capabilities event includes the capabilities reported
by either the server or the client. The record also includes a field,
is_server, so that scripts can determine which endpoint is reporting
its capabilities. That field was being set incorrectly (it was being
set as is_client rather than is_server, so it needed to be negated).
This simple bug had some larger repercussions. RFC 4253 provides a
method for client and server to agree on algorithms used in the SSH
connection. Bro was calculating these incorrectly. Some of these, such
as the encryption algorithm, are also used to determine whether or not
Bro should attempt to detect successful versus failed
authentications. In some cases, Bro would get this wrong, and make a
guess when it could not correctly determine the authentication outcome.
These are probably some of the most desired options to be dynamically
changeable; since they only are accessed in script-land there should not
be any problems with them changing on the fly.
