Instead of creating the debug.log immediately when bro starts,
now it is created only after the debug streams are enabled.
This avoids having an empty log being created when it shouldn't be,
in usages such as "bro -h", "bro -v", or "bro -B help" (and also
when using broctl, which needs to run "bro -v").
The latter is thread-safe, but a GNU addition which does not exist on
OS-X. Since the function only is called in the main thread, it should
not matter if it is or is not threadsafe.
The link-layer addresses are now part of the connection endpoints
following the originator-responder-pattern. The addresses are printed
with leading zeros. Additionally link-layer addresses are also extracted
for 802.11 plus RadioTap.
The ascii reader now accepts \r\n newlines without complaining.
Furthermore, the reader was slightly rewritten in a more c++11-y way,
removing all raw pointers from the class.
Addresses BIT-1198
This weird points out a lot of benign stuff and it would
be easily reimplemented in a Bro script. This commit
also makes the minor change to update the reserved and
unreserved characters from a newer from of the URI RFC.
I was hoping to report this right at startup through a static check
but turns out we don't have the right machinery in place for that.
That would need to be done after the AST has been finalized, but our
AST traversal code can't iterate over types. So instead I've changed
this so that it's still being reported at runtime but at least
doesn't crash Bro anymore.
Closes BIT-1597.
* origin/topic/johanna/fix-analyzer-addition:
DTLS: Use magix constant from rfc5389 for stun detection.
DTLS: Fix binpac bug with DTLSv1.2 client hellos
Forgot to remove debug output.
DTLS: Fix interaction with STUN
Fix the way that child analyzers are added.
BIT-1604 #merged
Now the DTLS analyzer cleanly skips all STUN messages; no warnings
should be logged to dpd.log and parsing should work flawlessly with
intermixed STUN messages.
Bro contains functionality to add child analyzers delayed, so that an
just added analyzer does not influence the list of current analyzers
(which, in some combinations of mostly UDP and traffic replay by PIA can
lead to duplicate packets sent to the analyzer).
Sadly, this feature was broken sometime in the past, leading to the
aforementioned duplicate packets. Re-enabling this also necessitated
some changes in the analyzer manager, which immediately timed out all
connections when that feature was re-enabled.
There currently is no testcase (this is a bit hard to trigger); however,
I will add one with a later fix for DTLS.
Turns out the code implementing them went missing with the recent
merge of the stats changes.
For peer status, I removed most of the numbers that the code used to
return because (1) we don't have access to that data anymore, and (2)
even in 2.4 the numbers returned already didn't make sense (because
they were global values, not per peer). We could consider just
removing the peer_status command at all.
This seems to be a non-standardized microsoft extension that, besides
having a different name, works pretty much the same as StartTLS. We just
treat it as such.
I tested this against provided traffic and it works; I do not have
traffic I can share for a testcase.
By default, OS X 10.11 does not include openssl headers.
Since building a Bro plugin #includes Bro headers, which #include openssl
headers, we need to tell cmake to find these so that the compiler
can use them.
Scheduling a local event variable resulted in a global lookup instead of
evaluating the local variable. To prevent misunderstandings, this will
trigger an error now.
When receiving a remote log via broker, there was a bug that would
prevent a log from being written if the log record contained a field
without the &log attribute that was followed by a field with the &log
attribute.
Updated a test case to catch this error.
When Bro was compiled with broker disabled, then some Bro scripts
were referencing functions and types that were not defined. Fixed
by adding @ifdefs to several scripts. Removed one @ifdef because
it was causing several unit tests to fail.
Also fixed the @TEST-REQUIRES check in tests that rely on broker so
that such tests are skipped when broker is disabled.
(Cleaned up some code a little bit.)
* origin/topic/seth/stats-improvement:
Fixing tests for stats improvements
Rename the reporting interval variable for stats.
Removing more broken functionality due to changed stats apis.
Removing some references to resource_usage()
Removing Broker stats, it was broken and incomplete.
Fixing default stats collection interval to every 5 minutes.
Add DNS stats to the stats.log
Small stats script tweaks and beginning broker stats.
Continued stats cleanup and extension.
More stats collection extensions.
More stats improvements
Slight change to Mach API for collecting memory usage.
Fixing some small mistakes.
Updating the cmake submodule for the stats updates.
Fix memory usage collection on Mac OS X.
Cleaned up stats collection.
BIT-1581 #merged
