* origin/topic/dnthayer/ticket1516:
Remove wordexp functionality from broxygen
Fix a failing test on OpenBSD
Fix compiler warnings on OpenBSD
Fix a build failure on OpenBSD
Fix test core.pcap.dumper to work on OpenBSD
BIT-1516 #merged
* origin/topic/seth/smb-auth-fixes:
Disable SMB2 error data parsing.
Removed some files that aren't being used.
Fix SMB tree connect handling.
Fix a small issue where DCE_RPC commands were improperly being logged.
SMB fixes and cleanup.
Including a test for raw NTLM in SMB
Updates for SMB auth handling from Martin van Hensbergen.
BIT-1721 #merged
* origin/topic/seth/dce_rpc_fixes:
Updating tests.
Moved the DCE_RPC constants into init-bare.bro.
Adding one more case to the DCE_RPC defrag logic.
Make DCE_RPC skip input in strange fragment circumstances.
Stop calling Remove() on DCE_RPC analyzer.
More DCE_RPC improvements.
* origin/topic/vladg/bit-1641:
Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641.
Clean up the logic for ssh_auth_failed. Addresses BIT-1641
Update baselines for adding a field to ssh.log as part of BIT-1641
Script-land changes for BIT-1641.
Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641.
Revert "Fixing duplicate SSH authentication failure events."
Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641.
I extended the tests a bit and did some small cleanups. I also moved the
SSH events back to the global namespace for backwards compatibility and
for consistency (the way it was at the moment, some of them were global
some SSH::).
Furthermore, I fixed the ssh_auth_result result event, it was only
raised in the success case. ssh_auth_result is now also checked in the
testcases. I also have a suspicion that the intel integration never
really worked before.
BIT-1641 #merged
Looks like the right fix. Two tiny tweaks:
- changed the order of arguments for DeleteVals() for consistency
with the corresponding Manager function.
- turned the InternalWarning into a Warning: if I understand
correctly, this can happen when scripts on nodes diverge; which
is a user-side problem, not an internal Bro logic issue.
BIT-1683 #merged
* origin/topic/johanna/bit-1683:
Actually check if the number of fields in a write are equal to the number of fields required.
(Note this a "manual" merge: I've copied just the two relevant *pac
files over, as there were a bunch of independent commits in the branch
history that I didn't want to pull in.)
BIT-1681 #merged
* origin/topic/seth/log-framework-ext:
Log extensions: series of small fixes and new tests.
Change the function for log extension to take a path only and update tests.
Final changes to log framework ext code.
Add logging framework metadata mechanism.
Add unrolling separator & field name map to logging framework.
* origin/topic/dnthayer/ticket1627:
Add a test for starting a cluster with a logger node
Update broctl submodule
Update broctl submodule to branch topic/dnthayer/ticket1627
Change how logger node is detected in cluster framework
Update test baselines for the new logger node type
Update docs for the new logger node type
Add a new node type for logging
* topic/seth/smb: (93 commits)
Update NEWS
Add some more DCE_RPC endpoints.
SMB cleanup.
Add rename and delete events for SMB2.
Remove a file that wasn't even being compiled
Simplify how packets go into the SMB analyzer.
Minor cleanup.
Add a DCE-RPC test.
SMB: call Done() for analyzers instantiated by dce_rpc-auth
Fix for an issue with GSSAPI mech_token from Florent Monjalet
Now actually loading DCE-RPC's dpd.sig
Fix a compile breakage.
Fixes for some SMB merge conflicts with master.
Updating the broctl pointer.
Fixing SMB tests again.
Simplify SMB string handling.
SMB test clean up and docs
SMB: fix number of small issues.
Fix a small poor implementation in SMB string handling.
Update tests to match move of smb base scripts into policy/
...
Closes github's #77 and closes BIT-1606
* topic/seth/intel-update-merge:
Tiny scoping updates and test baseline updates for Intel framework.
Minor documentation cleanups.
Fixed insertion of nested subnets.
Refactored FAF integration of intel framework.
Added expiration for intelligence items.
Improved intel notices.
Added hook to allow extending the intel log.
Added remove function to intel-framework.
Added support for subnets to intel-framework.
Refactoring of meta data handling for intel.
Added testcase for intel updates.
ninja said:
ninja: warning: multiple rules generate
scripts/base/bif/const.bif.bro. builds involving this target will
not be correct; continuing anyway [-w dupbuild=warn]
Looks like there's a larger problem here involving *.bif of the same
name at different locations of the source tree. For now, I'ved fixed
this one by merging src/iosource/pcap/{const,functions}.bif into
pcap.bif.
