While scripts are parsed, a warning is raised for each usage of an
identifier marked as &deprecated. This also works for BIFs.
Addresses BIT-924, BIT-757.
* origin/topic/robin/dnp3-merge-v4:
add test trace in which DNP3 packets are over UDP; update test scripts and baseline results
A bit more DNP3 tweaking.
remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
Renameing the DNP3 TCP analyzer
quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
Removing the debug printf in DNP3.cc
fixed the bug of deciding the size of object 1 varition 1 in DNP3
Fix some things in DNP3 UDP analyzer.
changed a bug, but still not working
modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
BIT-1231 #merged
- Re-arrange how some fa_file fields (e.g. source, connection info, mime
type) get updated/set for consistency.
- Add more robust mechanisms for flushing the reassembly buffer.
The goal being to report all gaps and deliveries to file analyzers
regardless of the state of the reassembly buffer at the time it has to
be flushed.
This prevented one from writing a packet-wise analyzer that needs access
to IP headers and can be attached to a connection via signature match.
None of the analyzers currently shipping are affected. And maybe it's
unlikely there will be many that ever would be, but it's awkward for the
API to omit IP headers in this special case (i.e. packets buffer for use
with DPD signature matching).
Addresses BIT-1298
Allows for catching more invalid assignments at parse-time instead of
aborting at runtime after realizing an assignment won't work.
Addresses BIT-1295.
BIT-1293 #merged
* origin/topic/johanna/ssl-fail-earlier:
and just to be safe - also require the &if check in binpac
make the SSL analyzer skip further processing once encountering situations which are very probably non-recoverable.
situations which are very probably non-recoverable.
Current behavior could lead to us jumping in in the middle of an old
443 stream and interpreting some data as ssl before failing again.
* origin/fastpath:
make sslv2 protocol tests more strict - in its current state they triggered on http traffic over port 443 sometimes.
Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs.
These logs aren't generally useful to build everytime, just when working
on and debugging one of the various grammars and at least I haven't
needed to look at them in years. Also, Ninja builds don't seem to work
because of them (can probably improve the related CMake macros so the
verbose logs do play nice with Ninja, but doesn't seem worth effort
right now, see previous comment).
* origin/topic/vladg/mysql:
Update baselines.
Fix a logic bug with handling quits after the cleanup.
Integrate MySQL with the software framework
A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
Move MySQL analyzer to the new plugin architecture.
Add a btest for the Wireshark sample MySQL PCAP
Add support for more commands, and support quit
Redo the response handling..
Whitespace/readability fixes.
Add memleak and auth btests.
Update baselines.
Get MySQL to compile and add basic v9 support.
MySQL analyzer
