- flow_weird event with name argument value of "routing0_hdr" is raised
for packets containing an IPv6 routing type 0 header because this
type of header is now deprecated according to RFC 5095.
- packets with a routing type 0 header and non-zero segments left
now use the last address in that header in order to associate
with a connection/flow and for calculating TCP/UDP checksums.
- added a set of IPv4/IPv6 TCP/UDP checksum unit tests
* topic/jsiwek/ipv6-ext-headers:
Cosmetics in preparation for merge.
Removing remaining comments. Looks fine.
Refactor script-layer IPv6 ext. header chain (addresses #795)
Changes to IPv6 ext. header parsing (addresses #795).
Fix ipv6_ext_headers event and add routing0_data_to_addrs BIF.
Remove the default "tcp or udp or icmp" filter.
Merge remote-tracking branch 'origin/topic/jsiwek/ipv6-ext-headers'
Add unit test for IPv6 fragment reassembly.
Update PacketFilter/Discarder code for IP version independence.
Add a few comments to IP.h
Fix some IPv6 header related bugs.
Add IPv6 fragment reassembly.
Add handling for IPv6 extension header chains (addresses #531)
Closes#795.
In response to feedback from Robin:
- rename "ip_hdr" to "ip4_hdr"
- pkt_hdr$ip6 is now of type "ip6_hdr" instead of "ip6_hdr_chain"
- "ip6_hdr_chain" no longer contains an "ip6_hdr" field, instead
it's the other way around, "ip6_hdr" contains an "ip6_hdr_chain"
- other internal refactoring
This is to avoid ambiguity between compressed hex notation and
module namespacing, both which use "::". E.g.: "aaaa::bbbb" could
be an identifier or an IPv6 address, but "[aaaa::bbbb]" is now
clearly the address.
Also added IPv6 mixed notation to allow an IPv4 dotted-decimal
address to be specified in the lower 32-bits.
The signatures of script-layer functions 'discarder_check_ip',
'discarder_check_tcp', 'discarder_check_udp', and 'discarder_check_icmp'
were changed to use the more general 'pkt_hdr' type as a parameter
instead of individual header types.
- BRO_PROFILER_FILE now passes .X* templated filenames to mkstemp
for generating unique coverage state files. All test suites
now use this so each Bro instance writes to a unique coverage file.
- Rearranging Makefile targets. The general rule is that if the
all/brief target fails out due to a test failure, then the dependent
coverage target won't run, but can still be invoked directly later.
(e.g. make brief || make coverage)
* origin/topic/robin/parallel-btest:
Updating submodule(s).
Adding group "comm" to communication tests for parallelizing execution with new btest version.
This is in preparation for the merge with the parallel btest branch.
Conflicts:
cmake
testing/btest/istate/pybroccoli.py
testing/btest/scripts/base/frameworks/control/configuration_update.bro
testing/btest/scripts/base/frameworks/control/id_value.bro
testing/btest/scripts/base/frameworks/control/shutdown.bro
testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro
* origin/topic/dnthayer/ftp-ipv6:
Add test case for FTP over IPv4
Fix IPv6 URLs
Add a test for FTP over IPv6
Update FTP EPSV response processing for IPv6
Fix parsing of FTP EPRT command and EPSV response
Conflicts:
src/bro.bif
Closes#778.
Also fix IPAddr::Mask/ReverseMask not allowing argument of 0.
And clarified return value of to_addr bif when the input string
does not parse into a valid IP address.
Internally, all BROv6 preprocessor switches were removed and
addr/subnet representations wrapped in the new IPAddr/IPPrefix classes.
Some script-layer changes of note:
- dns_AAAA_reply event signature changed: the string representation
of an IPv6 addr is easily derived from the addr value, it doesn't
need to be another parameter. This event also now generated directly
by the DNS analyzer instead of being "faked" into a dns_A_reply event.
- removed addr_to_count BIF. It used to return the host-order
count representation of IPv4 addresses only. To make it more
generic, we might later add a BIF to return a vector of counts
in order to support IPv6.
- changed the result of enclosing addr variables in vertical pipes
(e.g. |my_addr|) to return the bit-width of the address type which
is 128 for IPv6 and 32 for IPv4. It used to function the same
way as addr_to_count mentioned above.
- remove bro_has_ipv6 BIF
* origin/topic/bernhard/software:
change software framework interface again. At the moment everything should worl.
start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...
after talking to seth - change host_a field in record back to host.
forgotten policy files.
Software framework stores ports for server software.
Lines with a range were being output with text "lines", and so were
being listed after all other lines belonging to the same Bro script
(e.g., "lines 123-125" was listed after "line 492"). Fixed by using
the text "line" instead of "lines".
Line numbers with fewer digits were being listed after line numbers
with more digits (e.g., "line 85" was listed after "line 237").
Fixed by sorting on a reformatted string (this string does not appear
in the output) where line numbers are right justified (padded on left
with spaces) so that sorting produces the expected results.
* origin/topic/jsiwek/brofiler:
Fix superfluous/duplicate data getting in to testing coverage log.
Add "# @no-test" tag to blacklist statements from test coverage analysis.
Test coverage integration for external tests and complete suite.
Integrate Bro script coverage profiling with the btest suite.
Add simple profiling class to accumulate Stmt usage stats across runs.
Renaming environment variable BROFILER_FILE to BRO_PROFILER_FILE for
consistency. Yeah, I know, such a nice name! :)
