* origin/fastpath:
Fix the "-=" operator for intervals
Fix "!=" operator for subnets
Add sleeps to configuration_update test for better reliability.
Fix a segfault when iterating over a set
Not the greatest solution, but makes the 3 bro processes more likely to
run sequentially so that the controller2 process doesn't happen to be
scheduled before the controller process. In that case, the controllee
gets the shutdown request before the configuration update. FreeBSD
especially seemed to schedule them the unintended way frequently.
When iterating over a set with a "for" loop, bro would segfault
when the number of index variables was less than required.
Example: for ( [c1,c2] in s1 ) ...
where s1 is defined as set[addr,port,count].
* origin/fastpath:
Remove automatic use of gperftools on non-Linux systems.
Fix uninitialized value for 'is_partial' in TCP analyzer.
parse 64-bit consts correctly.
on 32-bit machines only unsigned long longs are 64-bits long. Not just unsigned longs...
--enable-perftools must now explicity be supplied to ./configure on
non-Linux systems to link against the tcmalloc library that a
gperftools installation provides. Linux systems still automatically
link it if it's found. The rationale is that gperftools was developed
and most throroughly tested on Linux so it's safer there.
There especially seems to be potential problems with gperftools on OS X
(e.g. see http://code.google.com/p/gperftools/issues/detail?id=413),
and Bro currently doesn't work with gpertools there using clang or gcc.
This led to non-deterministic behavior in cases where the first packet
analyzed wasn't from the originator side (see the conditionals in
TCP_Analyzer::CheckFlagCombos()).
The 'short' test in private test suite showed this behavior most often.
* remotes/origin/topic/bernhard/input-warn-on-invalid-numbers:
...and another small change to error handling -> now errors in single lines do not kill processing, but simply ignore the line, log it, and continue.
Ok, this one was a little bit sneaky.
ok, this one might really be a bit too big for 2.1
If I understand things correctly, calling other string functions
on an stl string may alter the contents of the buffer to which
earlier .c_str()-calls pointed. Kind of makes sense when thinking
about it.
Basically moving around a few lines should fix this.
(And thank you again Robin)
* origin/fastpath:
Ok, this one is not really necessary for 2.1 and more of a nice-to-have
another small bug found while searching for something else...
Fix two little bugs:
sorry. the patch for the set_separator.
make set_separators different from , work for input framework.
Bug found bei Keith & Seth: input framework was not handling counts and ints out of 32-bit-range correctly.
Before this patch, empty values were not hashed at all. Which had the unfortunate side-effect
that e.g. the lines
TEST -
and
- TEST
have the same hash values. On re-reads that means that the change will
be ignored.
This is probably pretty academic, but this patch changes it and adds a testcase.
Output of the reread test changes due to re-ordering of the output (probably
due to the fact that the internal hash values are changed and thus transferred
in a different order)
Escaped ,'s in sets and vectors were unescaped before tokenization
Handling of zero-length-strings as last element in a set was broken (sets ending with a ,).
Hashing of lines just containing zero-length-strings was broken (now a \0 is appended to each
string before it is hashed - giving us a hash of something for a line just consisting of \0s.
This also allows to differentiate between vectors with varying numbers of zero-length-strings).
* origin/fastpath:
Update documentation for builtin types
Adding an identifier to the SMTP blocklist notices for duplicate suppression.
Doc fixes for signature 'eval' conditions.
Remove orphaned unit tests.
Add type checking for signature 'eval' condition functions.
Add missing description of interval "msec" unit.
Improved description of pattern by clarifying the issue of operand
order and difference between exact and embedded matching.
Otherwise functions could be called with a mismatching argument list
and cause a crash at run-time. The incorrect function type is now
reported at parse-time.
* origin/topic/bernhard/input-allow_invalid_types:
to be sure - add a small assertion
add an option to the input framework that allows the user to chose to not die upon encountering files/functions.
That's the last feature for 2.1!
* origin/fastpath:
Add test serialization to "leak" unit tests that use communication.
Change to metrics/basic-cluster unit test for reliability.
Minor tweak to coverage.bare-mode-errors unit test.
Fixed ack tracking which could overflow quickly in some situations.
If the metrics break interval happened to occur between first and second
worker starting up and getting connected to the cluster, the test
would fail because the second worker didn't get a chance to connect and
send data. The test now waits for the cluster setup to complete
before workers send metrics data.
- Problem presented itself through incorrect results in capture-loss.bro
under odd traffic circumstances (exact circumstances unknown).
- Changed variables involved in ack tracking to all be uint64 values.
* origin/fastpath:
single-line documentation addition to main input framework script.
add testcase for input of set. Sets can be imported by not specifying $val in the add_table call.
