The http.log that both sides produce is the same, but the
http-related events that each serializes into events.bst
don't look equivalent when read back and cause the test to fail.
I removed the diff'ing against which scripts Bro outputs as loaded
because that's going to be sensitive to changes in which scripts
get loaded by default. What really matters is the output that shows
that Bro was able to load the script via a directory's __load__.bro
This change primarily improves the way Bro detects and prevents
the same script from being loaded twice. It now compares inode
numbers instead of path names.
"conn-id.bro" was the name of a script in the policy/ directory that conn.bro
expected to @load, but when the unit test was also named "conn-id.bro",
it would be loaded twice during the test (once from conn.bro and once
as a command line argument to bro). This means two event handlers were
registered in error and the baseline output contained duplicate lines
that can be removed.
Logging to stdout for use in a baseline doesn't work well when
there may be scripts that get loaded by default (in this case,
packet-filter) and also do logging. Instead just baseline against
the logs generated by the test in question.
This lets events be sent to bro that contain record arguments that
don't have to fill in all &optional record fields.
This corresponds to broccoli-python tests that were updated in
commit 8b87d8f61ef89162019cd4acc01be93700b0c588
With a directory "foo" somewhere in BROPATH, "@load foo" now checks if
there's a file "foo/__load__.bro". If so, it reads that file in. (If
not, Bro reports the same error as before, complaining that it can't
read a directory).
* remotes/origin/topic/jsiwek/doc-framework:
Adding example documentation for a script's use of logging features.
Adding &log attribute to static attr_names array.
Small typo fix.
Bro doc mode now tracks record redefs that extend its field list.
BroBifDoc was unneeded; now dead code, so removed.
Bro doc mode now only does a "shallow" copy of declared record types
Bro's doc mode now terminates after processing bro_init but before net_run
Fixes related to `make doc` handling of script summary text (##! comments)
Overhaul of "doc" build target for generating policy script documentation.
Add parser error hint when in doc mode about checking ## comment syntax.
Move stuff related to policy script documentation from doc/ to doc/scripts/
Fixing example.bro's auto-reST generation baseline test.
If 'use_conn_size_analyzer' is true, the event engine tracks number of
packets and raw IP bytes per connection. If report_conn_size_analyzer
is true, these values are included as four new columns into conn.log
I changed conn.bro so that the value of report_conn_size_analyzer
follows that of use_conn_size_analyzer. For the new conn.log, we
probably want to get rid of report_conn_size_analyzer anyway.
filter. (Seth Hall and Robin Sommer)
- Merging in the patch from #264, which provides support for mixed
VLAN and MPLS traffic.
- Changing Bro's default filter from being built dynamically to being
a static "ip or not ip". To get the old behaviour back (i.e., the
dynamically built filter), redef "all_packets" to false.
- print-filter.bro now always prints the filter that Bro is actually
using, even if overriden from the command line.
It's now all implemented in CMake scripting.
The generation of reST docs is now a distinct target, "restdoc", while
the target to generate HTML docs, "doc", depends on "restdoc". reST doc
generation supports incremental builds (documentation for a given policy
script is only regenerated when it is out of date), but HTML doc generation
via ``make doc`` is not incremental (Sphinx always starts with fresh input).
Building the "restdoc" target is now covered by a btest to ensure all
policy scripts are parse-able when Bro is in "doc mode".
Generated reST docs should now support "@load"ing from subdirectories. e.g.
"@load foo/baz" and "@load bar/baz" will now generate the right xref links.
