Merge branch 'packaging'

.gitignore

@@ -1,3 +1,4 @@
 *.swp
 build/
 plugins/build
+tests/.*

CMakeLists.txt

@@ -1,7 +1,7 @@
+cmake_minimum_required(VERSION 2.8)
 
-project(Plugin-HTTP2)
+project(BroPluginHTTP2)
 
-cmake_minimum_required(VERSION 2.8)
 
 if ( NOT BRO_DIST )
     message(FATAL_ERROR "BRO_DIST not set")
@@ -38,7 +38,7 @@ message(STATUS "LibNGHTTP2 INC DIR  : ${LibNGHTTP2_INCLUDE_DIR}")
 message(STATUS "LibNGHTTP2 LIB DIR  : ${LibNGHTTP2_LIBRARIES}")
 
 include_directories(BEFORE ${LibNGHTTP2_INCLUDE_DIR})
-bro_plugin_begin(http2 HTTP2)
+bro_plugin_begin(mitrecnd HTTP2)
 
 include_directories(BEFORE ${LibBROTLI_INCLUDE_DIR})
 bro_plugin_link_library(${LibBROTLI_LIBRARIES})
@@ -50,6 +50,14 @@ bro_plugin_cc(src/HTTP2_HeaderStorage.cc)
 bro_plugin_cc(src/HTTP2_Stream.cc)
 bro_plugin_cc(src/HTTP2.cc)
 bro_plugin_bif(src/events.bif src/http2.bif)
-bro_plugin_dist_files(README VERSION)
+bro_plugin_dist_files(COPYING LICENSE README README.md VERSION)
 bro_plugin_link_library(${LibNGHTTP2_LIBRARIES})
 bro_plugin_end()
+
+file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1)
+
+if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}")
+    # Allows building rpm/deb packages via "make package" in build dir.
+    include(ConfigurePackaging)
+    ConfigurePackaging(${VERSION})
+endif ()

COPYING

@@ -0,0 +1 @@
+See "LICENSE" file

README

@@ -1,96 +1,9 @@
-
-http2::HTTP2
+mitrecnd::HTTP2
 =================================
 
-This plugin provides an HTTP2 (RFC 7540 - https://tools.ietf.org/html/rfc7540)
-decoder/analyzer for Bro (https://www.bro.org/).
+This plugin provides an HTTP2 ([RFC 7540](https://tools.ietf.org/html/rfc7540))
+decoder/analyzer for [Bro](https://www.bro.org/).
 
 The events exposed attempt to mimic the events exposed by the native HTTP analyzer
-
-Installation
-____________
-
-Requirements
-````````````
-NGHTTP2 1.11.0 or greater is required. The plugin uses the decompression 
-libraries and some portions of the API used are not supported prior to that 
-version.
-
-    nghttp2 Library - https://github.com/nghttp2/nghttp2
-
-On Ubuntu 16.04:
-
-    # sudo apt-get install libnghttp2-dev
-
-On CentOS 7:
-
-    # sudo yum install libnghttp2-devel
-
-
-Brotli is required as it is used quite often by popular websites and it
-is used to decompress data frames.
-
-    brotli Library  - https://github.com/google/brotli
-
-On Ubuntu 16.04 & CentOS 7:
-
-    Manually build and install the library as specified in the above reference.
-
-
-Manual Install
-``````````````
-
-To manually build and install the plugin:
-
-    cd <HTTP2 Plugin Directory>
-    ./configure --bro-dist=</path/to/bro/source>
-    make
-    make install
-
-You should see the following output from bro if successfully installed:
-
-    > bro -NN http2::HTTP2
-    http2::HTTP2 - Hypertext Transfer Protocol Version 2 analyzer (dynamic, version 0.2)
-        [Analyzer] HTTP2 (ANALYZER_HTTP2, enabled)
-        [Event] http2_request
-        [Event] http2_reply
-        [Event] http2_stream_start
-        [Event] http2_stream_end
-        [Event] http2_header
-        [Event] http2_all_headers
-        [Event] http2_begin_entity
-        [Event] http2_end_entity
-        [Event] http2_entity_data
-        [Event] http2_content_type
-        [Event] http2_event
-        [Event] http2_data_event
-        [Event] http2_header_event
-        [Event] http2_priority_event
-        [Event] http2_rststream_event
-        [Event] http2_settings_event
-        [Event] http2_pushpromise_event
-        [Event] http2_ping_event
-        [Event] http2_goaway_event
-        [Event] http2_windowupdate_event
-        [Event] http2_continuation_event
-        [Type] http2_settings_unrecognized_table
-        [Type] http2_settings
-        [Type] http2_stream_stat
-
-
-Bro Package Manager (Future)
-````````````````````````````
-
-Install this plugin through the Bro Package Manager::
-
-    # bro-pkg install mitrecnd/bro-http2
-
-
-Usage
-_____
-
-To use/load the http2 analyzer, add the following to your config:
-
-    @load http2
-
-The analyzer will create a new log file called "http2.log"
+Please read README.md in the source distro or on github at
+https://github.com/MITRECND/bro-http2 for more information

README.md

@@ -0,0 +1,137 @@
+# Bro HTTP2 Analyzer Plugin
+
+__NOTE!!__ If you are currently running versions 0.1 or 0.2, you will need to
+delete the old plugin since the namespace of the plugin has changed (from
+"http2::HTTP2" to "mitrecnd::HTTP2"). Instructions on how to do so are
+outlined below.
+
+This plugin provides an HTTP2 ([RFC 7540](https://tools.ietf.org/html/rfc7540))
+decoder/analyzer for [Bro](https://www.bro.org/).
+
+The events exposed attempt to mimic the events exposed by the native HTTP analyzer
+
+------
+
+## Installation
+
+### Requirements
+
+#### Nghttp2
+
+Nghttp2 1.11.0 or greater is required. The plugin uses the decompression
+libraries and some portions of the API used are not supported prior to that
+version.
+
+    nghttp2 Library - https://github.com/nghttp2/nghttp2
+
+On Ubuntu 16.04:
+
+    # sudo apt-get install libnghttp2-dev
+
+On CentOS 7:
+
+    # sudo yum install libnghttp2-devel
+
+#### Brotli
+
+Brotli is required as it is used quite often by popular websites and the
+analyzer automatically attempts to decompress data frames. No pre-compiled
+packages could be found for the brotli library so it will need to be manually
+built and installed. The library can be found at
+https://github.com/google/brotli. The latest release can be found at
+https://github.com/google/brotli/releases/latest. After downloading the latest
+release, follow these steps to compile and install the library:
+
+    tar -zxvf <release file>
+    cd brotli-<version>
+    mkdir build && cd build
+    ../configure-cmake
+    make
+    make test
+    make install
+
+### Manual Installation
+
+To manually build and install the plugin:
+
+    cd <HTTP2 Plugin Directory>
+    rm -r build # Only if build exists
+    ./configure --bro-dist=</path/to/bro/source>
+    make
+    make test
+    make install
+
+
+__NOTE!!__ If you are upgrading the plugin from versions 0.1 or 0.2 please
+delete the following directory from your bro install before starting or
+restarting your cluster:
+
+    <bro_install_root>/lib/bro/plugins/http2_HTTP2
+
+
+### Bro Package Manager
+
+The Bro Package Manager can be used to install
+this plugin in multiple ways:
+
+* From the repo clone directory:
+```
+    # bro-pkg install .
+```
+
+* Using the github repo directly:
+```
+    # bro-pkg install https://github.com/MITRECND/bro-http2
+```
+
+* Using the official source (FUTURE):
+```
+    # bro-pkg install bro/mitrecnd/bro-http2
+```
+
+## Usage
+
+You should see the following output from bro if successfully installed:
+
+```
+    > bro -NN mitrecnd::HTTP2
+    mitrecnd::HTTP2 - Hypertext Transfer Protocol Version 2 analyzer (dynamic, version 0.3)
+        [Analyzer] HTTP2 (ANALYZER_HTTP2, enabled)
+        [Event] http2_request
+        [Event] http2_reply
+        [Event] http2_stream_start
+        [Event] http2_stream_end
+        [Event] http2_header
+        [Event] http2_all_headers
+        [Event] http2_begin_entity
+        [Event] http2_end_entity
+        [Event] http2_entity_data
+        [Event] http2_content_type
+        [Event] http2_event
+        [Event] http2_data_event
+        [Event] http2_header_event
+        [Event] http2_priority_event
+        [Event] http2_rststream_event
+        [Event] http2_settings_event
+        [Event] http2_pushpromise_event
+        [Event] http2_ping_event
+        [Event] http2_goaway_event
+        [Event] http2_windowupdate_event
+        [Event] http2_continuation_event
+        [Type] http2_settings_unrecognized_table
+        [Type] http2_settings
+        [Type] http2_stream_stat
+```
+
+
+To use/load the http2 analyzer, add the following to your config
+(e.g., local.bro):
+
+    @load http2
+
+The analyzer will create a new log file called "http2.log"
+
+To use/load the http2 intel framework extensions add the following
+to your config:
+
+    @load http2/intel

VERSION

@@ -1 +1 @@
-0.2
+0.3

bro-pkg.meta

@@ -1,7 +1,11 @@
-[package]
-description = A HTTP2 protocol analyzer for the Bro IDS.
-tags = bro plugin, protocol analyzer, http2
-script_dir = scripts
-depends = bro >=2.5.0
-external_depends = libnghttp2>=1.11.0 libbrotlidec>=1.0.0
-
+[package]
+description = A HTTP2 protocol analyzer for the Bro IDS.
+tags = bro plugin, protocol analyzer, http2, intel
+script_dir = scripts
+depends =
+    bro >=2.5.0
+external_depends =
+    libnghttp2>=1.11.0
+    libbrotlidec>=1.0.0
+build_command = ./configure --bro-dist=%(bro_dist)s && make
+test_command = make test

scripts/http2/intel/seen/http2-url.bro

@@ -1,5 +1,5 @@
 @load base/frameworks/intel
-@load http2/utils
+@load ../../utils
 @load policy/frameworks/intel/seen/where-locations
 
 

src/HTTP2.cc

@@ -9,7 +9,7 @@
 #include "debug.h"
 #include "Reporter.h"
 
-using namespace analyzer::http2;
+using namespace analyzer::mitrecnd;
 
 const bool DEBUG_http2 = true;
 

src/HTTP2.h

@@ -24,7 +24,7 @@
 
 using namespace std;
 
-namespace analyzer { namespace http2 {
+namespace analyzer { namespace mitrecnd {
 
 
 class HTTP2_Stream;

src/HTTP2_Frame.cc

@@ -11,7 +11,7 @@
 #include "debug.h"
 #include "Reporter.h"
 
-using namespace analyzer::http2;
+using namespace analyzer::mitrecnd;
 
 static inline uint32_t ntoh24(uint8_t* data)
 {

src/HTTP2_Frame.h

@@ -5,7 +5,7 @@ static constexpr size_t MAX_FRAME_SIZE = 16777215;
 
 #include "util.h"
 
-namespace analyzer { namespace http2 {
+namespace analyzer { namespace mitrecnd {
 
 struct RawFrameHeader
 {

src/HTTP2_FrameReassembler.cc

@@ -6,7 +6,7 @@
 #include "debug.h"
 #include "Reporter.h"
 
-using namespace analyzer::http2;
+using namespace analyzer::mitrecnd;
 
 HTTP2_FrameReassembler::HTTP2_FrameReassembler()
 {

src/HTTP2_FrameReassembler.h

@@ -7,7 +7,7 @@
 
 #include "util.h"
 
-namespace analyzer { namespace http2 {
+namespace analyzer { namespace mitrecnd {
 
 static constexpr size_t MIN_BUFFER_SIZE = 65535;
 static constexpr size_t MAX_BUFFER_SIZE = 33554430; // ~32MB!!!

src/HTTP2_HeaderStorage.cc

@@ -6,7 +6,7 @@
 #include "debug.h"
 #include "Reporter.h"
 
-using namespace analyzer::http2;
+using namespace analyzer::mitrecnd;
 
 HTTP2_HeaderStorage::HTTP2_HeaderStorage(std::string& name, std::string& value)
 {

src/HTTP2_HeaderStorage.h

@@ -12,7 +12,7 @@
 
 using namespace std;
 
-namespace analyzer { namespace http2 {
+namespace analyzer { namespace mitrecnd {
 
 struct HTTP2_HeaderStorage {
     HTTP2_HeaderStorage(std::string& name, std::string& value);

src/HTTP2_Stream.cc

@@ -6,7 +6,7 @@
 #include "debug.h"
 #include "Reporter.h"
 
-using namespace analyzer::http2;                    
+using namespace analyzer::mitrecnd;
 
 /**
  * HTTP2_Stream::UncompressedOutput : public analyzer::OutputHandler