Hi,
Here's an update of bro to 1.5.1.
Tested on amd64.
Comments? ok?
Kevin
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/bro/Makefile,v
retrieving revision 1.1.1.1
diff -N -u -p Makefile
--- Makefile 17 Dec 2008 01:34:53 -0000 1.1.1.1
+++ Makefile 8 Jan 2010 11:48:10 -0000
@@ -2,11 +2,9 @@
COMMENT= highly flexible sniffer/NIDS
-V= 1.4
-DISTNAME= bro-${V}-release
-PKGNAME= bro-${V}
+DISTNAME= bro-1.5.1
-SHARED_LIBS= broccoli 0.0 # .2.0
+SHARED_LIBS= broccoli 0.2 # .3.0
CATEGORIES= net security
@@ -20,20 +18,54 @@ PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= Yes
PERMIT_DISTFILES_FTP= Yes
-WANTLIB= c crypto m pcap ssl stdc++ termcap z
+WANTLIB= c crypto m pcap readline ssl stdc++ termcap z
MASTER_SITES= ftp://bro-ids.org/
+MODULES= lang/python
+RUN_DEPENDS= ::shells/bash
+BUILD_DEPENDS= ${RUN_DEPENDS}
LIB_DEPENDS= GeoIP.>=5::net/GeoIP \
magic.>=1::devel/libmagic
USE_LIBTOOL= Yes
-CONFIGURE_STYLE=gnu
+CONFIGURE_STYLE= autoconf
+AUTOCONF_VERSION= 2.59
+CONFIGURE_ARGS= --enable-brov6 \
+ --enable-activemapping \
+ --disable-nbdns
-WRKDIST= ${WRKDIR}/bro-${V}
-
FAKE_FLAGS= sysconfdir=${PREFIX}/share/examples/bro
NO_REGRESS= Yes
+
+SUBST_VARS= MODPY_SITEPKG
+
+post-patch:
+ ${SUBST_CMD} ${WRKSRC}/configure.in ${WRKSRC}/aux/broctl/Makefile.in \
+ ${WRKSRC}/aux/broctl/BroControl/config.py \
+ ${WRKSRC}/aux/broctl/bin/broctl.in
+ cd ${WRKSRC}/aux/broctl/bin && \
+ find . ! -type d \
+ -exec perl -pi -e 's,/usr/bin/env bash,${LOCALBASE}/bin/bash,g' {} \;
+ @perl -pi -e 's,/usr/bin/env python,${MODPY_BIN},g' \
+ ${WRKSRC}/aux/broctl/BroControl/*.py
+ @perl -pi -e 's,/usr/bin/env python,${MODPY_BIN},g' \
+ ${WRKSRC}/aux/broctl/configure
+ @perl -pi -e 's,/usr/bin/env python,${MODPY_BIN},g' \
+ ${WRKSRC}/aux/broctl/bin/{extract-strictly-local-conns,reformat-stats}
+
+post-install:
+ ${INSTALL_DATA} ${WRKSRC}/aux/broctl/etc/analysis.dat \
+ ${PREFIX}/share/examples/bro
+ ${INSTALL_DATA} ${WRKSRC}/aux/broctl/etc/broctl.cfg.standalone.in \
+ ${PREFIX}/share/examples/bro/broctl.cfg
+ ${INSTALL_DATA} ${WRKSRC}/aux/broctl/etc/networks.cfg.in \
+ ${PREFIX}/share/examples/bro/networks.cfg
+ ${INSTALL_DATA} ${WRKSRC}/aux/broctl/etc/node.cfg.standalone.in \
+ ${PREFIX}/share/examples/bro/node.cfg
+ ${INSTALL_DATA_DIR} ${WRKINST}${MODPY_SITEPKG}
+ @cd ${WRKSRC}/aux/broctl && ${MAKE_ENV} \
+ DESTDIR=${WRKINST} ${MAKE_PROGRAM} install-broctl
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/bro/distinfo,v
retrieving revision 1.1.1.1
diff -N -u -p distinfo
--- distinfo 17 Dec 2008 01:34:53 -0000 1.1.1.1
+++ distinfo 8 Jan 2010 11:48:10 -0000
@@ -1,5 +1,5 @@
-MD5 (bro-1.4-release.tar.gz) = NgeuZcWZPKJQmyZ688gw8A==
-RMD160 (bro-1.4-release.tar.gz) = TvG5YaY300vJAunf2u+D0P72cIc=
-SHA1 (bro-1.4-release.tar.gz) = SVE2HhXUA+grqWgZ6Wq4/ZxT8J8=
-SHA256 (bro-1.4-release.tar.gz) = xYX5gHfKNxtZ0S6+IJQY+Yq2FHU/TLY2jbr8fyKOeEo=
-SIZE (bro-1.4-release.tar.gz) = 4203949
+MD5 (bro-1.5.1.tar.gz) = EQuRayiVLUqlJ1ZPkGEVAQ==
+RMD160 (bro-1.5.1.tar.gz) = W+ffkb+l6p93G0SjhEiM264rmnc=
+SHA1 (bro-1.5.1.tar.gz) = 62zjYqisj9oIDSW3VtptKbAZuIk=
+SHA256 (bro-1.5.1.tar.gz) = npo0rxS2RmxyU84dA7/T71huP3ZZAtQ5gSEts95YWkg=
+SIZE (bro-1.5.1.tar.gz) = 4327064
Index: patches/patch-aux_broccoli_src_bro_hashtable_c
===================================================================
RCS file: patches/patch-aux_broccoli_src_bro_hashtable_c
diff -N -u -p patches/patch-aux_broccoli_src_bro_hashtable_c
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-aux_broccoli_src_bro_hashtable_c 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- aux/broccoli/src/bro_hashtable.c.orig Mon Dec 15 08:48:09 2008
++++ aux/broccoli/src/bro_hashtable.c Wed Dec 30 10:46:53 2009
+@@ -413,7 +413,7 @@ __bro_ht_mem_free(void *data)
+ uint32
+ __bro_ht_int_hash(const void *val)
+ {
+- return (uint32) val;
++ return *(uint32 *) val;
+ }
+
+
Index: patches/patch-aux_broccoli_src_bro_sobject_c
===================================================================
RCS file: patches/patch-aux_broccoli_src_bro_sobject_c
diff -N -u -p patches/patch-aux_broccoli_src_bro_sobject_c
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-aux_broccoli_src_bro_sobject_c 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,33 @@
+$OpenBSD$
+--- aux/broccoli/src/bro_sobject.c.orig Mon Dec 28 18:10:17 2009
++++ aux/broccoli/src/bro_sobject.c Tue Dec 29 14:40:40 2009
+@@ -28,6 +28,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALI
+ #endif
+
+ #include <stdlib.h>
++#include <stdint.h>
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <string.h>
+@@ -390,7 +391,7 @@ __bro_sobject_unserialize(uint16 type_id_wanted, BroCo
+ if (! (bc->conn_flags & BRO_CFLAG_CACHE))
+ D(("WARNING: no caching requested, yet peer sends cached data.\n"));
+ #endif
+- if (! (obj = __bro_ht_get(bc->io_cache, (void *) perm_id)))
++ if (! (obj = __bro_ht_get(bc->io_cache, (void *)(uintptr_t) perm_id)))
+ {
+ D(("Cache inconsistency: cache should contain object %i\n", perm_id));
+ D_RETURN_(NULL);
+@@ -438,10 +439,10 @@ __bro_sobject_unserialize(uint16 type_id_wanted, BroCo
+ * make sure the object is in the cache:
+ */
+ if ( (bc->conn_flags & BRO_CFLAG_CACHE) &&
+- ! __bro_ht_get(bc->io_cache, (void *) perm_id))
++ ! __bro_ht_get(bc->io_cache, (void *)(uintptr_t) perm_id))
+ {
+ D(("Storing object %i in cache.\n", perm_id));
+- __bro_ht_add(bc->io_cache, (void *) perm_id, obj);
++ __bro_ht_add(bc->io_cache, (void *)(uintptr_t) perm_id, obj);
+ obj->perm_id = perm_id;
+ __bro_sobject_ref(obj);
+ }
Index: patches/patch-aux_broctl_BroControl_config_py
===================================================================
RCS file: patches/patch-aux_broctl_BroControl_config_py
diff -N -u -p patches/patch-aux_broctl_BroControl_config_py
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-aux_broctl_BroControl_config_py 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+--- aux/broctl/BroControl/config.py.orig Sat Dec 5 08:41:26 2009
++++ aux/broctl/BroControl/config.py Wed Jan 6 17:28:26 2010
+@@ -198,7 +198,11 @@ class Configuration:
+ self._setOption("mailfrom", "Big Brother <b...@%s>" % socket.gethostname())
+ self._setOption("home", os.getenv("HOME"))
+ self._setOption("mailalarmsto", self.config["mailto"])
+-
++ self._setOption("cfgdir", "${SYSCONFDIR}/bro")
++ self._setOption("libdirinternal", "${MODPY_SITEPKG}/broctl")
++ self._setOption("logdir", "/var/log/bro")
++ self._setOption("spooldir", "/var/spool/bro")
++
+ # Determine operating system.
+ (success, output) = execute.captureCmd("uname")
+ if not success:
Index: patches/patch-aux_broctl_Makefile_in
===================================================================
RCS file: patches/patch-aux_broctl_Makefile_in
diff -N -u -p patches/patch-aux_broctl_Makefile_in
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-aux_broctl_Makefile_in 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,28 @@
+$OpenBSD$
+--- aux/broctl/Makefile.in.orig Tue Jan 5 16:48:46 2010
++++ aux/broctl/Makefile.in Tue Jan 5 16:50:18 2010
+@@ -46,20 +46,20 @@ distdir:
+ ( cd aux/capstats/capstats-* && tar cf - . ) | ( cd $(distdir)/aux/capstats && tar xf - );
+
+ doc:
+- python BroControl/options.py >README.options
+- python ./bin/broctl --print-doc >README.cmds
++ ${MODPY_BIN} BroControl/options.py >README.options
++ ${MODPY_BIN} ./bin/broctl --print-doc >README.cmds
+ asciidoc --unsafe -a toc -a no-homepage-link -b xhtml11-custom README
+
+ pybroccoli:
+ @echo broctl: building Python bindings for Broccoli ...
+ ( cd $BRODIST/aux/broccoli/bindings/python \
+- && CFLAGS="-I$BRODIST/aux/broccoli/src" LDFLAGS="-L$BROBUILD/aux/broccoli/src/.libs" python setup.py build -b $BROCTLBUILD/.python-build )
++ && CFLAGS="-I$BRODIST/aux/broccoli/src" LDFLAGS="-L$BROBUILD/aux/broccoli/src/.libs" ${MODPY_BIN} setup.py build -b $BROCTLBUILD/.python-build )
+ @( cd $BROCTLBUILD/.python-build && test -e lib || ln -s lib.* lib )
+
+ pysubnettree:
+ @echo broctl: building pysubnettree Python module ...
+ @( cd $BRODIST/aux/broctl/aux/pysubnettree \
+- && python setup.py build -b $BROCTLBUILD/.python-build )
++ && CFLAGS="-fPIC" ${MODPY_BIN} setup.py build -b $BROCTLBUILD/.python-build )
+
+ capstats:
+ @echo broctl: building capstats ...
Index: patches/patch-aux_broctl_aux_capstats_capstats_cc
===================================================================
RCS file: patches/patch-aux_broctl_aux_capstats_capstats_cc
diff -N -u -p patches/patch-aux_broctl_aux_capstats_capstats_cc
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-aux_broctl_aux_capstats_capstats_cc 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,28 @@
+$OpenBSD$
+--- aux/broctl/aux/capstats/capstats.cc.orig Fri Sep 25 03:18:20 2009
++++ aux/broctl/aux/capstats/capstats.cc Sat Dec 26 19:49:08 2009
+@@ -4,6 +4,8 @@
+ //
+ // Robin Sommer <ro...@icir.org>
+
++#include <sys/types.h>
++#include <sys/socket.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <stdarg.h>
+@@ -11,8 +13,14 @@
+ #include <string.h>
+ #include <pcap.h>
+ #include <errno.h>
+-#include <net/ethernet.h>
+ #include <netinet/in.h>
++#if defined(__FreeBSD__)
++#include <net/ethernet.h>
++#elif defined(__OpenBSD__)
++#include <net/if.h>
++#include <net/if_arp.h>
++#include <netinet/if_ether.h>
++#endif
+ #include <netinet/in_systm.h>
+ #include <netinet/ip.h>
+ #include <signal.h>
Index: patches/patch-aux_broctl_bin_broctl_in
===================================================================
RCS file: patches/patch-aux_broctl_bin_broctl_in
diff -N -u -p patches/patch-aux_broctl_bin_broctl_in
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-aux_broctl_bin_broctl_in 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,27 @@
+$OpenBSD$
+--- aux/broctl/bin/broctl.in.orig Wed Jan 6 18:01:53 2010
++++ aux/broctl/bin/broctl.in Wed Jan 6 18:16:20 2010
+@@ -1,4 +1,4 @@
+-#! /usr/bin/env python
++#! ${MODPY_BIN}
+ #
+ # $Id: broctl.in 6948 2009-12-03 20:59:41Z robin $
+ #
+@@ -37,7 +37,7 @@ StandAlone = $STANDALONE
+ # Adjust the PYTHONPATH. (If we're installing the make-wrapper will have already
+ # set it correctly.)
+ if not "BROCTL_INSTALL" in os.environ:
+- sys.path = [os.path.join(BroBase, "lib/broctl")] + sys.path
++ sys.path = [os.path.join("${MODPY_SITEPKG}/broctl")] + sys.path
+
+ # We need to add the directory of the Broccoli library files
+ # to the linker's runtime search path. This is hack which
+@@ -708,7 +708,7 @@ from BroControl import control
+ from BroControl import cron
+ from BroControl.config import Config
+
+-Config = config.Configuration("etc/broctl.cfg", BroBase, BroDist, Version, StandAlone)
++Config = config.Configuration("${SYSCONFDIR}/bro/broctl.cfg", BroBase, BroDist, Version, StandAlone)
+
+ util.enableSignals()
+
Index: patches/patch-configure_in
===================================================================
RCS file: patches/patch-configure_in
diff -N -u -p patches/patch-configure_in
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-configure_in 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,42 @@
+$OpenBSD$
+--- configure.in.orig Sat Dec 19 07:12:43 2009
++++ configure.in Sat Dec 26 23:13:33 2009
+@@ -524,11 +524,6 @@ dnl If not, we disable nonblocking DNS lookups.
+ dnl We assume worst case first and improve on it below.
+ AM_CONDITIONAL(USE_NBDNS, false)
+
+-dnl Add potential header locations to path
+-if test -d /usr/local/include/bind; then
+- CFLAGS="$CFLAGS -I/usr/local/include/bind"
+-fi
+-
+ AC_CHECK_TYPE(ns_msg, bro_check_nb_dns=yes, bro_check_nb_dns=no, [#include <arpa/nameser.h>])
+
+ if test $bro_check_nb_dns = no; then
+@@ -836,14 +831,14 @@ fi
+
+ # Need Python >= 2.4.
+ have_python=no
+-AC_PATH_TOOL(pybin, python, "")
++AC_PATH_TOOL(pybin, python${MODPY_VERSION}, "")
+ if test "x$pybin" != x -a "x$broctl" = xyes; then
+ AC_MSG_CHECKING([for Python >= 2.4])
+ AC_CACHE_VAL(ac_cv_python_major_vers,
+- ac_cv_python_major_vers=`python -V 2>&1 | \
++ ac_cv_python_major_vers=`python${MODPY_VERSION} -V 2>&1 | \
+ sed 's/^Python //g' | awk -v FS='.' '{print $1}'`)
+ AC_CACHE_VAL(ac_cv_python_minor_vers,
+- ac_cv_python_minor_vers=`python -V 2>&1 | \
++ ac_cv_python_minor_vers=`python${MODPY_VERSION} -V 2>&1 | \
+ sed 's/^Python //g' | awk -v FS='.' '{print $2}'`)
+
+ pyversion=`expr $ac_cv_python_major_vers '*' 10 '+' $ac_cv_python_minor_vers`
+@@ -852,7 +847,7 @@ if test "x$pybin" != x -a "x$broctl" = xyes; then
+ have_python=yes
+ fi
+
+- AC_CHECK_PROG(have_python, python-config, $have_python, no)
++ AC_CHECK_PROG(have_python, python${MODPY_VERSION}-config, $have_python, no)
+
+ if test "x$have_python" != xyes; then
+ AC_MSG_RESULT([no, disabling broctl])
Index: patches/patch-policy_Makefile_in
===================================================================
RCS file: /cvs/ports/net/bro/patches/patch-policy_Makefile_in,v
retrieving revision 1.1.1.1
diff -N -u -p patches/patch-policy_Makefile_in
--- patches/patch-policy_Makefile_in 17 Dec 2008 01:34:53 -0000 1.1.1.1
+++ /dev/null 28 Sep 2008 10:50:08 -0000
@@ -1,12 +0,0 @@
-$OpenBSD: patch-policy_Makefile_in,v 1.1.1.1 2008/12/17 01:34:53 kevlo Exp $
---- policy/Makefile.in.orig Mon Dec 15 12:43:31 2008
-+++ policy/Makefile.in Mon Dec 15 12:43:44 2008
-@@ -436,7 +436,7 @@ install-data-hook:
- $(INSTALL_DATA) smb-rw.bif.bro $(DESTDIR)${bropolicydir}/smb-rw.bif.bro
- $(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${bropolicydir}/smtp-rw.bif.bro
- $(INSTALL_DATA) strings.bif.bro $(DESTDIR)${bropolicydir}/strings.bif.bro
-- test -d ${bropolicydir}/site || mkdir ${bropolicydir}/site
-+ test -d $(DESTDIR)${bropolicydir}/site || mkdir $(DESTDIR)${bropolicydir}/site
-
- uninstall-local:
- rm -f ${bropolicydir}/bro.bif.bro
Index: patches/patch-src_SMB_cc
===================================================================
RCS file: patches/patch-src_SMB_cc
diff -N -u -p patches/patch-src_SMB_cc
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-src_SMB_cc 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/SMB.cc.orig Tue Dec 29 17:51:48 2009
++++ src/SMB.cc Tue Dec 29 23:06:34 2009
+@@ -166,7 +166,7 @@ void SMB_Session::Deliver(int is_orig, int len, const
+ const u_char* tmp = data_start + next;
+ if ( data_start + next < data + body.length() )
+ {
+- Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %d", next, data + body.length() - data_start));
++ Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %d", next, (int)(data + body.length() - data_start)));
+ break;
+ }
+
Index: patches/patch-src_Sessions_cc
===================================================================
RCS file: patches/patch-src_Sessions_cc
diff -N -u -p patches/patch-src_Sessions_cc
--- /dev/null 8 Jan 2010 11:48:11 -0000
+++ patches/patch-src_Sessions_cc 8 Jan 2010 11:48:10 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+--- src/Sessions.cc.orig Sat Dec 26 21:31:27 2009
++++ src/Sessions.cc Sat Dec 26 21:31:57 2009
+@@ -467,9 +467,9 @@ void NetSessions::DoNextPacket(double t, const struct
+
+ // Check for TTL/MTU problems from Active Mapping
+ #ifdef ACTIVE_MAPPING
++ const NumericData* numeric;
+ if ( ip4 )
+ {
+- const NumericData* numeric;
+ get_map_result(ip4->ip_dst.s_addr, numeric);
+
+ if ( numeric->hops && ip4->ip_ttl < numeric->hops )
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/bro/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -N -u -p pkg/PLIST
--- pkg/PLIST 17 Dec 2008 01:34:53 -0000 1.1.1.1
+++ pkg/PLIST 8 Jan 2010 11:48:10 -0000
@@ -1,11 +1,36 @@
-...@comment $OpenBSD: PLIST,v 1.1.1.1 2008/12/17 01:34:53 kevlo Exp $
+...@comment $OpenBSD$
%%SHARED%%
@bin bin/bro
bin/broccoli-config
+bin/broctl
+...@bin bin/capstats
+...@bin bin/cf
+...@bin bin/hf
+bin/trace-summary
include/broccoli.h
lib/libbroccoli.a
lib/libbroccoli.la
+lib/python${MODPY_VERSION}/site-packages/broctl/
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/__init__.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/config.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/control.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/cron.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/execute.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/install.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/options.py
+lib/python${MODPY_VERSION}/site-packages/broctl/BroControl/util.py
+lib/python${MODPY_VERSION}/site-packages/broctl/SubnetTree.py
+lib/python${MODPY_VERSION}/site-packages/broctl/_SubnetTree.so
+lib/python${MODPY_VERSION}/site-packages/broctl/_broccoli_intern.so
+lib/python${MODPY_VERSION}/site-packages/broctl/broccoli.py
share/bro/
+share/bro/.site/
+share/bro/.site/auto/
+share/bro/.site/auto/analysis-policy.bro
+share/bro/.site/auto/broctl-layout.bro
+share/bro/.site/auto/local-networks.bro
+share/bro/.site/local.bro
share/bro/OS-fingerprint.bro
share/bro/adu.bro
share/bro/alarm.bro
@@ -17,11 +42,95 @@ share/bro/bittorrent.bro
share/bro/blaster.bro
share/bro/bro.bif.bro
share/bro/bro.init
+share/bro/broctl/
+share/bro/broctl/analysis-groups.bro
+share/bro/broctl/broctl-check.bro
+share/bro/broctl/broctl-events.bro
+share/bro/broctl/broctl-live.bro
+share/bro/broctl/broctl.bro
+share/bro/broctl/broctl.checkpoint.bro
+share/bro/broctl/broctl.conn.bro
+share/bro/broctl/broctl.remote.bro
+share/bro/broctl/broctl.site.bro
+share/bro/broctl/broctl.tm-contents.bro
+share/bro/broctl/capture-unknown-protocols.bro
+share/bro/broctl/cluster-addrs.anon.bro
+share/bro/broctl/cluster-addrs.blaster.bro
+share/bro/broctl/cluster-addrs.bro
+share/bro/broctl/cluster-addrs.conn.bro
+share/bro/broctl/cluster-addrs.ftp-cmd-arg.bro
+share/bro/broctl/cluster-addrs.ftp.bro
+share/bro/broctl/cluster-addrs.hot.bro
+share/bro/broctl/cluster-addrs.icmp.bro
+share/bro/broctl/cluster-addrs.irc.bro
+share/bro/broctl/cluster-addrs.pop3.bro
+share/bro/broctl/cluster-addrs.portmapper.bro
+share/bro/broctl/cluster-addrs.proxy.bro
+share/bro/broctl/cluster-addrs.scan.bro
+share/bro/broctl/cluster-addrs.smtp-relay.bro
+share/bro/broctl/cluster-addrs.ssh.bro
+share/bro/broctl/cluster-addrs.tftp.bro
+share/bro/broctl/cluster-addrs.weird.bro
+share/bro/broctl/cluster-addrs.worm.bro
+share/bro/broctl/cluster-by-addrs.bro
+share/bro/broctl/cluster-by-conns.bro
+share/bro/broctl/cluster-conns.ftp.bro
+share/bro/broctl/cluster-conns.portmapper.bro
+share/bro/broctl/cluster-conns.scan.bro
+share/bro/broctl/cluster-manager.bro
+share/bro/broctl/cluster-manager.detect-protocols.bro
+share/bro/broctl/cluster-manager.drop.bro
+share/bro/broctl/cluster-manager.icmp.bro
+share/bro/broctl/cluster-manager.mail-alarms.bro
+share/bro/broctl/cluster-manager.notice.bro
+share/bro/broctl/cluster-manager.remote.bro
+share/bro/broctl/cluster-manager.rotate-logs.bro
+share/bro/broctl/cluster-manager.scan.bro
+share/bro/broctl/cluster-manager.time-machine.bro
+share/bro/broctl/cluster-proxy.bro
+share/bro/broctl/cluster-proxy.notice.bro
+share/bro/broctl/cluster-proxy.remote.bro
+share/bro/broctl/cluster-proxy.rotate-logs.bro
+share/bro/broctl/cluster-proxy.scan.bro
+share/bro/broctl/cluster-worker.alarm.bro
+share/bro/broctl/cluster-worker.bro
+share/bro/broctl/cluster-worker.checkpoint.bro
+share/bro/broctl/cluster-worker.cluster-live.bro
+share/bro/broctl/cluster-worker.drop.bro
+share/bro/broctl/cluster-worker.irc-bot.bro
+share/bro/broctl/cluster-worker.notice.bro
+share/bro/broctl/cluster-worker.remote.bro
+share/bro/broctl/cluster-worker.rotate-logs.bro
+share/bro/broctl/cluster-worker.time-machine.bro
+share/bro/broctl/cluster-worker.weird.bro
+share/bro/broctl/cluster.detect-protocols.bro
+share/bro/broctl/cluster.dns.bro
+share/bro/broctl/cluster.icmp.bro
+share/bro/broctl/cluster.irc.bro
+share/bro/broctl/cluster.notice.bro
+share/bro/broctl/cluster.rotate-logs.bro
+share/bro/broctl/cluster.scan.bro
+share/bro/broctl/cluster.trw.bro
+share/bro/broctl/filter-duplicates.bro
+share/bro/broctl/mail-alarms.bro
+share/bro/broctl/remote-update.bro
+share/bro/broctl/send-config.bro
+share/bro/broctl/standalone.bro
+share/bro/broctl/standalone.checkpoint.bro
+share/bro/broctl/standalone.irc-bot.bro
+share/bro/broctl/standalone.mail-alarms.bro
+share/bro/broctl/standalone.notice.bro
+share/bro/broctl/standalone.remote.bro
+share/bro/broctl/standalone.rotate-logs.bro
+share/bro/broctl/terminate.bro
+share/bro/broctl/tm-mail-contents.bro
+share/bro/broctl/trim-trace-file.bro
share/bro/brolite-backdoor.bro
share/bro/brolite-sigs.bro
share/bro/brolite.bro
share/bro/bt-tracker.bro
share/bro/capture-events.bro
+share/bro/capture-loss.bro
share/bro/capture-state-updates.bro
share/bro/checkpoint.bro
share/bro/clear-passwords.bro
@@ -32,6 +141,7 @@ share/bro/conn.bro
share/bro/const.bif.bro
share/bro/contents.bro
share/bro/cpu-adapt.bro
+share/bro/dce.bro
share/bro/demux.bro
share/bro/detect-protocols-http.bro
share/bro/detect-protocols.bro
@@ -75,6 +185,7 @@ share/bro/http-anon-useragent.bro
share/bro/http-anon-utils.bro
share/bro/http-anonymizer.bro
share/bro/http-body.bro
+share/bro/http-detect-passwd.bro
share/bro/http-entity.bro
share/bro/http-event.bro
share/bro/http-extract-items.bro
@@ -103,6 +214,7 @@ share/bro/login.bro
share/bro/mime-pop.bro
share/bro/mime.bro
share/bro/mt.bro
+share/bro/ncp.bro
share/bro/netflow.bro
share/bro/netstats.bro
share/bro/nfs.bro
@@ -133,6 +245,7 @@ share/bro/remote-send-id.bro
share/bro/remote.bro
share/bro/rotate-logs.bro
share/bro/rsh.bro
+share/bro/save-peer-status.bro
share/bro/scan.bro
share/bro/secondary-filter.bro
share/bro/sensor-sshd.bro
@@ -142,13 +255,16 @@ share/bro/signatures.bro
share/bro/sigs/
share/bro/sigs/dpd.sig
share/bro/sigs/ex.web-rules.sig
+share/bro/sigs/http-bots.sig
share/bro/sigs/p0fsyn.osf
share/bro/sigs/snort-default.sig
share/bro/sigs/ssl-worm.sig
share/bro/sigs/worm.sig
share/bro/site/
share/bro/site.bro
+share/bro/site/local.bro
share/bro/smb-rw.bif.bro
+share/bro/smb.bro
share/bro/smtp-relay.bro
share/bro/smtp-rewriter.bro
share/bro/smtp-rw.bif.bro
@@ -185,6 +301,74 @@ share/bro/udp.bro
share/bro/vlan.bro
share/bro/weird.bro
share/bro/worm.bro
+share/broctl/
+share/broctl/scripts/
+share/broctl/scripts/archive-log
+share/broctl/scripts/cflow-stats
+share/broctl/scripts/check-config
+share/broctl/scripts/crash-diag
+share/broctl/scripts/delete-log
+share/broctl/scripts/expire-logs
+share/broctl/scripts/get-prof-log
+share/broctl/scripts/helpers/
+share/broctl/scripts/helpers/cat-file
+share/broctl/scripts/helpers/check-pid
+share/broctl/scripts/helpers/df
+share/broctl/scripts/helpers/exists
+share/broctl/scripts/helpers/get-childs
+share/broctl/scripts/helpers/is-dir
+share/broctl/scripts/helpers/rmdir
+share/broctl/scripts/helpers/run-cmd
+share/broctl/scripts/helpers/start
+share/broctl/scripts/helpers/stop
+share/broctl/scripts/helpers/to-bytes.awk
+share/broctl/scripts/helpers/top
+share/broctl/scripts/is-alive
+share/broctl/scripts/local-interfaces
+share/broctl/scripts/mail-alarm
+share/broctl/scripts/mail-contents
+share/broctl/scripts/post-terminate
+share/broctl/scripts/postprocessors/
+share/broctl/scripts/postprocessors/mail-log
+share/broctl/scripts/postprocessors/summarize-connections
+share/broctl/scripts/remove-log
+share/broctl/scripts/run-bro
+share/broctl/scripts/send-mail
+share/broctl/scripts/update
+share/broctl/templates/
+share/broctl/templates/archive-log.in
+share/broctl/templates/cflow-stats.in
+share/broctl/templates/check-config.in
+share/broctl/templates/crash-diag.in
+share/broctl/templates/df.in
+share/broctl/templates/expire-logs.in
+share/broctl/templates/get-prof-log.in
+share/broctl/templates/is-alive.in
+share/broctl/templates/mail-alarm.in
+share/broctl/templates/mail-contents.in
+share/broctl/templates/mail-log.in
+share/broctl/templates/post-terminate.in
+share/broctl/templates/run-bro.in
+share/broctl/templates/send-mail.in
+share/broctl/templates/start.in
+share/broctl/templates/summarize-connections.in
+share/broctl/templates/top.in
+share/broctl/templates/update.in
share/examples/bro/
+...@sample ${SYSCONFDIR}/bro/
+share/examples/bro/analysis.dat
+...@sample ${SYSCONFDIR}/bro/analysis.dat
share/examples/bro/broccoli.conf
@sample ${SYSCONFDIR}/broccoli.conf
+share/examples/bro/broctl.cfg
+...@sample ${SYSCONFDIR}/bro/broctl.cfg
+share/examples/bro/networks.cfg
+...@sample ${SYSCONFDIR}/bro/networks.cfg
+share/examples/bro/node.cfg
+...@sample ${SYSCONFDIR}/bro/node.cfg
+...@sample /var/log/bro/
+...@sample /var/spool/bro/
+...@sample /var/spool/bro/broctl.dat
+...@sample /var/spool/bro/tmp/
+...@extraunexec rm -rf /var/log/bro
+...@extraunexec rm -rf /var/spool/bro
