If lookup of enum name by value fails, an error is now sent through
the reporter framework and the value logged will be an empty string
(as opposed to trying to construct a string with null pointer which
throws a logic_error and aborts Bro).
* origin/topic/dnthayer/bif-tests:
Improve "fmt" BIF documentation comment
Improve tests of the type_name BIF
Improve test cases for "order" BIF
Fix documentation of sort BIF and add more tests
Fix documentation for system_env BIF
Deprecate the parse_dotted_addr BIF (use to_addr instead)
Improve tests for to_port and type_name BIFs
Improve tests for sort, order, and system_env BIFs
Fix the join_string_vec BIF and add more tests
Add more tests for previously-untested BIFs
Add more tests for previously-untested BIFs
Add more tests for previously-untested BIFs
Add more tests for previously-untested BIFs
Add tests for previously-untested strings BIFs
Also going through the internal_handler() function will set the
event as "used" (i.e. it's marked as being raised somewhere) and
fixes the core.check-unused-event-handlers test failure
(addresses #823).
* topic/robin/input-threads-merge: (130 commits)
And now it even compiles after my earlier changes.
A set of input framework refactoring, cleanup, and polishing.
another small memory leak in ascii reader:
and another small memory leak when using streaming reads.
fix another memory lead (when updating tables).
Input framework merge in progress.
filters have been called streams for eternity. And I always was too lazy to change it everywhere...
reactivate network_time check in threading manager. previously this line made all input framework tests fail - it works now. Some of the other recent changes of the threading manager must have fixed that problem.
fix up the executeraw test - now it works for the first time and does not always fail
baselines for the autostart removal.
remove last remnants of autostart, which has been removed for quite a while.
make input framework source (hopefully) adhere to the usual indentation style. No functional changes.
fix two memory leaks which occured when one used filters.
update description to current interface.
rename a couple of structures and make the names in manager fit the api more.
fix memory leak in tables and vectors that are read into tables
fix missing get call for heart beat in benchmark reader.
fix heart_beat_interval -- initialization in constructor does not work anymore (probably due to change in init ordering?)
fix memory leak for tables... nearly completely.
fix a couple more leaks. But - still leaking quite a lot with tables.
...
The ICMP/ICMPv6 analyzers function correctly when full packets have
not been captured, but everything up to and including the ICMP header
is there (e.g. the functions that inspect ICMP error message context
correctly check the caplen to see if more info can be extracted).
The "Should have been caught earlier already." comment may have referred
to NetSessions::CheckHeaderTrunc, which works as intended to catch cases
where the ICMP header is not there in full, but then the assert was
still not correctly formulated for that...
Also changed the ICMP checksum calculation to not occur when the full
packet has not been captured, which seems consistent with what the UDP
analysis does.
Stack trace context descriptions are no longer limited to 1024 chars
and better error messages are relayed when the arguments to print
commands fail to parse (e.g. an "unknown identifier" was given).
Adjust twotables testcase - now it is faster. Shorten the output
-- because of threading, the results did not always come out in
the same order (it depends on which thread manages to sneak in
the results into the queue earlier).
line made all input framework tests fail - it works now. Some of the
other recent changes of the threading manager must have fixed that
problem.
This was easy :)
