addresses. Rather than crashing, we warn the user once and then
always time out the call. This addresses #291, and a #355 is new
ticket scheduling fixing the actual problem to later.
The TCP Reassembler does not deliver any data to analyzers after the
first 2GB due to signed integer overflow (Actually it will deliver again
between 4--6GB, etc.) This happens silently, i.e., without content_gap
events or Undelivered calls.
See Comments in TCP_Reassembler.cc for more details.
As a hotfix that seems to work I disabled the seq_to_skip features. It
wasn't used by any analyzer or policy script (Note, that seq_to_skip is
different from skip_deliveries).
See also ticket #348
Closes#207. From there:
When files are rotated they lose their buffered flag, this is
because File::Open only does a SetBuf? when it opens the file
itself, but Rotate calls rotate_file to open the file.
From ticket #339http://tracker.icir.org/bro/ticket/339 :
* Fixing a couple of minor issues in the HTTP analyzer, that made the
analyzer raise a ProtocolViolation() on strange but seemingly legal
HTTP traffic. Well, the traffic might not necessarily be adhering the
RFC, but the server has understood it.
* Also stops parsing when the message is interrupted to prevent further
parsing and ProtocolViolation() generation.
* skip_http_entity_data: check return value of FindAnalyzer, since it
can be NULL
In addition:
* http-headers.bro now loads http.bro
Testsuite changes:
* Added a new weird (empty_http_request). This shows up once in the medium
testsuite.
* no change when running short testsuite
To POLICYDIR since that's more clear. Also decided that restricting
it to a subdirectory of prefix isn't much use as an option, so went
back to having it be an absolute path.
- configure wrapper had bash syntax some places; replaced w/ sh syntax
- Added FindOpenSSL module. The one that ships with CMake does not
allow for specifying a non-standard location.
- datadir configure option changed to be relative to prefix. This
simplifies the packaging from having to consider absolute paths.
- Added macro for changing install_name of shared libs that need to
ship with precompiled Bro for OS X. This is only the optional
libmagic and libGeoIP for now.
Observed on FreeBSD build that the compiler would emit an error claiming
Val(abs(val.int_val), TYPE_COUNT)
is ambiguous because it can't make a choice between cstdlib's
"int abs(int)" or "long abs(long)" signatures. And actually, since
we now always use 64 bit integers for bro_int_t, we can use
"long long llabs(long long)".
Checking for netinet/if_ether.h and netinet/ip6.h depended
on including other headers first; observed when trying to
build on FreeBSD.
ARP.h was changed to conform to CMake style config.h generation.
Definitions are not set to 1 like with autotools, so we have
to check for definition, not just that the value is true.
