* origin/topic/robin/dnp3-merge-v4:
add test trace in which DNP3 packets are over UDP; update test scripts and baseline results
A bit more DNP3 tweaking.
remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
Renameing the DNP3 TCP analyzer
quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
Removing the debug printf in DNP3.cc
fixed the bug of deciding the size of object 1 varition 1 in DNP3
Fix some things in DNP3 UDP analyzer.
changed a bug, but still not working
modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
BIT-1231 #merged
- Use a boolean success instead of a result string
- Change the affected_rows response detail string to a "rows" count
- Fix the state tracking to log incomplete commands
The new --enable-broker flag can be used to toggle the use of Broker,
which also implies building with -std=c++11, though nothing makes
use of these features at the moment.
* origin/topic/jsiwek/file-reassembly-merge:
Add NEWS items related to file analysis changes.
Revert "Workaround race condition in unified2 file module."
Workaround race condition in unified2 file module.
Fix reference counting bug in refactored file reassembly code.
Change file extraction to explicitly NUL-fill gaps
Review/fix/change file reassembly functionality.
Improve TAR file detection and other small changes.
Updates for file mime type identification.
Updates the files event api and brings file reassembly up to master.
More file reassembly work.
Initial commit of file reassembly.
Retrieval of extended alert information from sid-msg.map, gen-msg.map,
and classification.config files uses Bro's input framework, but since
the unified2 file analyzer also relies on the input framework,
coordination is needed to start analysis only after extended info has
been read at least once.
- Re-arrange how some fa_file fields (e.g. source, connection info, mime
type) get updated/set for consistency.
- Add more robust mechanisms for flushing the reassembly buffer.
The goal being to report all gaps and deliveries to file analyzers
regardless of the state of the reassembly buffer at the time it has to
be flushed.
This prevented one from writing a packet-wise analyzer that needs access
to IP headers and can be attached to a connection via signature match.
None of the analyzers currently shipping are affected. And maybe it's
unlikely there will be many that ever would be, but it's awkward for the
API to omit IP headers in this special case (i.e. packets buffer for use
with DPD signature matching).
Addresses BIT-1298
Allows for catching more invalid assignments at parse-time instead of
aborting at runtime after realizing an assignment won't work.
Addresses BIT-1295.
