* origin/topic/jsiwek/openssl-1.1:
Update install instructions for OpenSSL 1.1 compat
Remove requestorName parameter of ocsp_request event
Adjust x509 unit tests to work around OpenSSL 1.0 vs. 1.1 differences
Fixes for OpenSSL 1.1 support
This updates the "lookup_location" and "lookup_asn" BIFs to use
libmaxminddb. The motivation for this is that MaxMind is discontinuing
GeoLite Legacy databases: no updates after April 1, 2018, no downloads
after January 2, 2019. It's also noted that all GeoIP Legacy databases
may be discontinued as they are superseded by GeoIP2.
Add types of files that genhtml (the program that generates html files
from .gcno/.gcda files, included in lcov) should ignore, such as .yy and
.ll files.
The generation of weird events, by default, are now rate-limited
according to these tunable options:
- Weird::sampling_whitelist
- Weird::sampling_threshold
- Weird::sampling_rate
- Weird::sampling_duration
The new get_reporter_stats() BIF also allows one to query the
total number of weirds generated (pre-sampling) which the new
policy/misc/weird-stats.bro script uses periodically to populate
a weird_stats.log.
There's also new reporter BIFs to allow generating weirds from the
script-layer such that they go through the same, internal
rate-limiting/sampling mechanisms:
- Reporter::conn_weird
- Reporter::flow_weird
- Reporter::net_weird
Some of the code was adapted from previous work by Johanna Amann.
Wrong offsets were used for the NegotiateFlags field of the
NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE and AUTHENTICATE_MESSAGE. See
[MS-NLMP].pdf section 2.2.2.5 for a definition of that field.
Directory name for bro core coverage changed to "coverage", error
messages made nicer. Use `make html` in testing/coverage to create
logs in HTML format when lcov exists on the system.
BIT-1955 #merged
* origin/topic/jsiwek/source-tree-independence:
Support building plugins from Bro installation root
Install binpac
Move bifcl to a separate repo
BIT-1958 #merged
* origin/topic/johanna/config-cluster:
Add vector to read_config_cluster test.
Fix special-case-bug for vectors in UnaryExpr.
Config: another cluster test-case, this time reading in a file.
Add sending of values to nodes that dropped out.
Continue work on config framework clusterization.
Teach Option::set to unwrap Broker::Data values
Start clusterizing configuration framework.
In some cases one can get the Type() of unaryexpr to be ANY. Vectors so
far did not deal gracefully with this and crashed because trying to
convert any to a vectortype.
This patch fixes this by just using the original vector-type in this
case.
