- The all.bro script loads tuning/defaults which is
commonly applied tuning.
- Other less common tuning can be placed in the tuning/
directory directly.
* origin/topic/seth/ssl-binpac:
Fixed bug due to vectors now initially indexed on 0.
Finished core support for new SSL analyzer.
SSL analyzer changes with accompanying BiF.
A table_s_of_s type to get around bifcl type limitation.
Regenerated the Mozilla CA bundle without the untrusted server authentication certs.
Complete rewrite to SSL analyzer.
Conflicts:
src/AnalyzerTags.h
src/CMakeLists.txt
Notes:
- Haven't looked at the script-level, postponed to
policy-scripts-new.
- I renamed X509Extension to X509_extension for consistency.
Note: I didn't merge anything in policy/*. Seems there was some
unrelated stuff in there, and the ticket says that the policy script
was a dummy for now anyway.
* origin/topic/seth/syslog-analyzer:
Updates for syslog analyzer to prepare it for merging.
Added the initial syslog analyzer and policy script.
Adding some of the initial scripts that are going to be merged from my script repository.
- The install_pcap_filter BiF no longer will prevent
a filter from being installed if a -f filter was
provided. This was already causing a problem where
command line supplied filters weren't working.
The pcap.bro script is now where the filter update
limitation is placed making it possible for users
to still update the filter at runtime if they really
want to.
With a directory "foo" somewhere in BROPATH, "@load foo" now checks if
there's a file "foo/__load__.bro". If so, it reads that file in. (If
not, Bro reports the same error as before, complaining that it can't
read a directory).
I re-added it because it's used by the detect-webapps
script to re-log software that may already be logged
if a more-root URL is found that still represents the
same software.
- New extension mechanism.
- Notices requiring realtime actions can be accomodated with
the notice_functions set which are called synchronously
prior to logging or any further handling.
- Notice::notice event handlers will be called afterward
and follow normal (old) notice handling process. Logging
is done by handling this event.
- Lots of new docs.
- Renaming Action enums to reduce confusion with Type enums.
- Notice tags are attached to the Conn::Info record as a set[string].
