I just commited an updated barnyard2 version that support sig-msg.map(v1) as well as sid-msg.map(v2) format.
This is a minor change and it should go really smoothly but it still require some testing.
by2 should auto detect which version to use and behave accordingly.
People used to the new database output plugin could be surprised to see that most of the signature will now be inserted at startup if your
database is fresh, or if you where already using the plugin, alot of new signature could appear.
This is due to the fact that the new sid-msg.map file include signature revision, so
they are insertd at the initialization phase, if their not present in the database, instead
of keeping them in cache waiting for a matching event to update the revision and log its first version.
So if you upgrade from sid-msg.map(v1) to a sid-msg.map(v2) file using PP don't be surprised to see
alot more signatures in your favorite UI when its first starting.
WARNING:
The differences betwen a regular sid-msg.map file and a sid-msg.mapv2 file is mainly the
#v2 at the start of the file and the additional fields.
If you modify that file format (removing the #v2 from a sid-msg.mapv2)
the result when parsing could lead to a crash, you have been warned.
If you try to add a #v2 tag to a v1 file you could get unexpected result in some cases
(if you have a signature with alot of reference field, they would count
in the defined minmum number of field ([4] sid||gid||rev||msg) for a valid v2 line which would obviously lead to funky result.
EOW
-elz