This branch and equivalently named branches are ready for merging in the public and private test suites.
We generate the event for SRV responses in DNS now.
Fixed several annoying issues with NetBios name service requests and responses. Fewer incorrect weirds and more correct dns logs now.
Let me ask the expected question: any better way to recognize NetBios than hard-coding the port?
Hm.. not really. It's probably the most reliable technique to identify it. They literally use the exact same DNS structure, we just encountered reuse of a RR identifier between NBNS and one of the DNS RFCs. We're actually using the port mechanism to identify NBNS queries in script-land anyway (to decide when to decode the encoded MS host names).
Yeah, I saw that, but it's uglier to hardcode a port inside the event
engine. But I was expecting the "no" answer.
(Wondering if anybody has ever seen NB on a non-standard port?)
Anyways, going to push the merge.