The result of the |x| operator for interval and time types historically
returned a value of type double. This was changed as part of
3256ac7c49 to return interval/time, but
this now reverts to returning a double again to avoid introducing a
change that may break user code.
Fixes GH-219
Line 76: Replaced ' for ;
Line 120: Replaced ojbects to objects
I tested it on my cloned repo and everything seems to compile without errors (Ubuntu Bionic Beaver) regarding the DNP3 Protocol
It now produces numbers as large as is required to match the data it
needs to represent. It's up to the consumer to decide how to
appropriately handle values that may be outside their supported
range/precision.
Fixes GH-282
The contentline analyzer has two code paths that buffer data:
* right at the top of DeliverStream
* later in DoDeliverOnce
However, contentline can be in plain delivery mode, and if so, the
buffer resize in DeliverStream does not need to be done just because
DeliverStream was passed an 8K data chunk.
This was causing contentline to resize it's buffer to fit chunks of HTTP
response data. Additionally, the buffer was sized to be 3/2 of the
chunk, so an 8K chunk would result in a 12K allocation.
This change ignores leading/trailing whitespaces for a couple of
data-types (bool, port, subnet, addr) and just parses them as if the
whitespace was not present.
Instead of pre-allocating every list with space for 10 items, don't
initialize it at all until the first Insert.
Instead of pre-allocating every dictionary with 17 buckets,
don't initialize it at all until the first Insert.
* 'master' of https://github.com/ZekeMedley/zeek:
lstrip test output cleanup
implemented rstrip
add rstrip tests
cleanup of lstrip function
added implementation of lstrip
added tests for lstrip function
modified GetLinkHeaderSize to support link type
modified ProcessLayer2 to support NFLOG packets
expecting out of the box support from libpcap
hacking my way around bpf, bpf is not supported in libpcap (would be easy to implement) but at the moment, throw a warn if applying a filter and short circuit bpf code.
want to ensure this works... commenting out error states.
Fixed SetFilter to properly detect m_matches_anything, which is used by the DLT_NFLOG type to short circuit bpf filters.
Added NFLOG parsing to zeek source, added m_matches_anything flag check for bpf functionality (NFLOG is bpf incompatible, but shouldn't be)
* origin/topic/jsiwek/gh-211:
GH-208: change invalid subnet expressions to a runtime error
GH-211: improve consistency of how scripting errors are handled
Removed the 'allow_init_errors' option.
It turns out that bro -B all caused a segmentation fault since the
configuration framework was merged; this is caused by the fact that
calling the global_ids bif interacted poorly with -B all due to
side-effects that caused insertions into the global scope in the
global_ids loop.
Scripting errors/mistakes now consistently generate a runtime error
which have the behavior of unwinding the call stack all the way out of
the current event handler.
Before, such errors were not treated consistently and either aborted
the process entirely or emitted a message while continuing to execute
subsequent statements without well-defined behavior (possibly causing
a cascade of errors).
The previous behavior also would only unwind out of the current
function (if within a function body), not out the current event
handler, which is especially problematic for functions that return
a value: the caller is essentially left a mess with no way to deal
with it.
This also changes the behavior of the startup/initialization process
to abort if there's errors during bro_init() rather than continue one
to the main run loop. The `allow_init_errors` option may change this
new, default behavior.
* origin/topic/johanna/md5-fips:
A few more updates to the digest functions.
Tell OpenSSL that MD5 is not used for security in order to allow bro to work properly on a FIPS system
I changed a couple places that looked like memory management pitfalls:
moved some cleanup code into the dtors of HashVal derived classes
(seemed like it got stuck in ctors by accident) and also added a
cautionary cleanup in the MIME code.
Plus minor formatting changes.
This builds upon the previous commit to make Zeek compile on FIPS
systems.
This patch makes the changes a bit more aggressive. Instead of having a
number of different hash functions with different return values, we now
standardize on EVP_MD_CTX and just have one set of functions, to which
the hash algorithm that is desired is passed.
On the positive side, this enables us to support a wider range of hash
algorithm (and to easily add to them in the future).
I reimplemented the internal_md5 function - we don't support ebdic
systems in any case.
The md5/sha1 serialization functions are now also tested (I don't think
they were before).
When 'x' is an integral arithmetic expression, it's now coerced to
yield a signed integer before taking the absolute value of it to
prevent the common issue of unsigned integer overflow/wraparound for
values below zero.
Using a time or interval value/expression for 'x' now also yields a
time or interval, respective, from the |x| operation instead of
a double.
Hash key construction of nested sets depended on the order in
which their elements are iterated, which varied even between sets
containing equivalent elements. The iteration order is now sorted
by each element's hash value (or, on collision, by full key) such
that equivalent sets no longer hash differently.
* origin/topic/jsiwek/val_mgr:
Pre-allocate and re-use Vals for bool, int, count, enum and empty string
Preallocate booleans and small counts
I added a tiny change to CompHash to make sure that nothing messes this
up in the future.
Added check for the optional sub-header in ERSPAN Type III as well
as additional truncation checks to the GRE parsing logic in general.
Also added a unit test for ERSPAN Type II.
Disabling this option allows one to read pcaps, but still initiate
Broker peerings and automatically exit when done processing the pcap
file. The default behavior would normally cause Broker::peer() to
prevent shutting the process down even after done reading the pcap.
This fixes some use-after-free issues in the shutdown order of
various systems: I/O, plugin, logging, and reporter systems may
interact during shutdown if there's errors emitted (or maybe just
still pending) during the shutdown.
Fixes GH-188
