* origin/fastpath:
Update documentation for builtin types
Adding an identifier to the SMTP blocklist notices for duplicate suppression.
Doc fixes for signature 'eval' conditions.
Remove orphaned unit tests.
Add type checking for signature 'eval' condition functions.
Add missing description of interval "msec" unit.
Improved description of pattern by clarifying the issue of operand
order and difference between exact and embedded matching.
Otherwise functions could be called with a mismatching argument list
and cause a crash at run-time. The incorrect function type is now
reported at parse-time.
* origin/topic/bernhard/input-allow_invalid_types:
to be sure - add a small assertion
add an option to the input framework that allows the user to chose to not die upon encountering files/functions.
That's the last feature for 2.1!
* origin/fastpath:
Add test serialization to "leak" unit tests that use communication.
Change to metrics/basic-cluster unit test for reliability.
Minor tweak to coverage.bare-mode-errors unit test.
Fixed ack tracking which could overflow quickly in some situations.
If the metrics break interval happened to occur between first and second
worker starting up and getting connected to the cluster, the test
would fail because the second worker didn't get a chance to connect and
send data. The test now waits for the cluster setup to complete
before workers send metrics data.
- Problem presented itself through incorrect results in capture-loss.bro
under odd traffic circumstances (exact circumstances unknown).
- Changed variables involved in ack tracking to all be uint64 values.
* origin/fastpath:
single-line documentation addition to main input framework script.
add testcase for input of set. Sets can be imported by not specifying $val in the add_table call.
This one would fail intermittently in the cases where log files were
opened or closed on a different second of the time of day from each
other since the "out" baseline contains only a single "#open" and
"#close" tag (indicating all logs opened/closed on same second of time
of day). Piping aggregated log output through the timestamp canonifier
before `uniq` makes it so "#open" and "#close" tags for different
seconds of the time of day are reduced to a single one.
Not sure if more can be done to work around it, but reported to
dataseries devs here: https://github.com/dataseries/DataSeries/issues/1
The core/leaks/dataseries-rotate.bro unit test fails without this.
* origin/fastpath:
Add the Stream record to Log:active_streams to make more dynamic logging possible.
Fix portability of printing to files returned by open("/dev/stderr").
Fix mime type diff canonifier to also skip mime_desc columns
Unit test tweaks/fixes.
Fix memory leak of serialized IDs when compiled with --enable-debug.
One tweak to the open() change: make sure we don't try to rotate the
special files.
The BroFile ctor now wraps /dev/std{in,out,err} string arguments
into the actual FILE* provided by stdio.h because use of the former
directly isn't POSIX compliant and led to subtle differences that
broke unit tests on certain platforms (e.g. OS X redirection of stderr
behavior started differing from Linux). The BroFile (un)serialization
methods already did this kind of logic, so adding it in the ctor also
should make things more consistent.
Some of the reporter-related unit tests looked like they were missing
output because of this, and the coverage test for bare-mode errors
needed tweaking to branch on whether or not libcurl was available
(since the error output differs when elasticsearch isn't there).
- Some baselines for tests in "leaks" group were outdated.
- Changed a few of the cluster/communication tests to terminate
more explicitly instead of relying on btest-bg-wait to kill
processes. This makes the tests finish faster in the success case
and makes the reason for failing clearer in the that case.
When using --enable-debug, values keep track of the last identifier
to which they were bound by storing a ref'd ID pointer. This could
lead to some circular dependencies in which an ID is never reclaimed
because the Val is bound to the ID and the ID is bound to the Val, with
both holding references to each other.
There might be more cases where this feature of --enable-debug caused
a leak, but it showed up in particular when running the
core.leaks.remote unit test due to the internal
SendID("peer_description") call during the handshake between remote
processes. Other tests showed the send_id() BIF leaked more generally.
Tracking the ID last bound to a Val through just the identifier string
instead of a ref'd ID pointer fixes the leak.
* origin/topic/seth/reporter-to-stderr:
A couple of tests for printing reporter messages to STDERR.
Small improvements for printing reporter messages to STDERR.
Reporter warnings and error now print to stderr by default.
Closes#836.
* origin/fastpath:
fix little sneaky bug in input framework with an edge case.
small bug in test script. Still worked, because the internal type checking let this through...
