This should it make easier for other people to understand what is going on without having knowledge of an "internal api * means * in external api" mapping.
- Add more guards against trying to analyze captured packets with a
truncated IPv6 static header or extension header chain.
- Add back in the ICMP payload tracking for ICMP "connections".
- Fix 'icmp_context' record construction. Some field assignments
were mismatched for ICMP and ICMP6. Source and destination
addresses were set incorrectly for context packets that don't
contain a full IP header. Some fields for ICMP6 weren't filled out.
- Changed ICMP Time Exceeded packets to raise the 'icmp_time_exceeded'
event instead of 'icmp_error_message'.
- Add unit tests for truncation and the main types of ICMP/ICMP6
that have specific events.
- Documentation clarifications.
So that src/dst addresses used in pseudo-header are correct when
there's certain extension headers (routing/destination).
Add ICMP/ICMPv6 checksum unit tests.
* origin/topic/jsiwek/mobile-ipv6:
Add support for mobile IPv6 Mobility Header (RFC 6275).
Refactor IP_Hdr routing header handling, add MobileIPv6 Home Address handling.
Revert TCP checksumming to cache common data, like it did before.
Revert "Improve handling of IPv6 Routing Type 0 headers."
Improve handling of IPv6 routing type 0 extension headers.
- The option to use integers insteads of double was ignored.
- Renaming script-level options to remove the ds_ prefix.
- Log rotation didn't work.
- A set of simple unit tests.
- Accessible at script-layer through 'mobile_ipv6_message' event.
- All Mobile IPv6 analysis now enabled through --enable-mobile-ipv6
configure-time option, otherwise the mobility header, routing type 2,
and Home Address Destination option are ignored.
Value assigned in bro_init() to a table with &create_expire
weren't expiring when reading traffic from an interface. It worked
when reading a pcap file, but I added a test case to show it still
working.
The variable was never "used" in the case google perftools was not
found, so CMake warned about it being unused since it was manually
specified as a cache variable in the configure script. There might
be a better way to organize that, but this is a quick/easy hack.
* topic/robin/log-threads: (42 commits)
Two more tweaks to reliably terminate when reading from trace.
This could be fixing the memory problems finally.
Fix compile errors due to now-explicit IPAddr ctors and global IPFamily enum.
Switching log buffer size back to normal
Teaching cmake to always link in tcmalloc if it finds it.
Extending queue statistics.
Small fixes and tweaks.
Don't assert during shutdown.
Reverting accidental commit.
Finetuning communication CPU usage.
Adding new leak tests involving remote logging.
Removing some no longer needed checks.
Fixing problem logging remotely when local logging was turned off.
Preventing busy looping when no threads have been spawned.
Prevent manager from busy looping.
Adding missing includes needed on FreeBSD.
Updating submodule(s).
Updating submodule(s).
A number of bugfixes for the recent threading updates.
Making exchange of addresses between threads thread-safe.
...
The FragReassembler expire_timer was left uninitialized until after
the first fragment is added, but since the atomic fragment is also
the last, the reassembler thought expire_timer needed to be deleted.
This fix just initializes expire_timer before the first fragment is
added.
I copied the code over manually, no merging, because (1) it needed to
be adapted to the new threading API, and (2) there's more stuff in the
branch that I haven't ported yet.
The DS output generally seems to work, but it has seen no further
testing yet.
Not unit tests yet either.
There is still a tiny where I have not yet found where the delete could be missing.
For big table imports the memory footprint is significant nevertheless -- with tables of > 200000 entries, memory consumption can apparently reach in excess of 1.5Gb - and on a first glance this seems legitimate.
(The reason for this is probably that we use several hash tables to keep the performance impact small).
