diff --git a/CHANGES b/CHANGES index 824eb0c436..3f11c55338 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.1-1034 | 2013-08-03 20:27:43 -0700 + + * A set of DHCP extensions. (Vlad Grigorescu) + + - Leases are logged to dhcp.log as they are seen. + - scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro + - Added DPD sig. + 2.1-1027 | 2013-08-03 01:57:37 -0400 * Fix a major memory issue in the SumStats framework. diff --git a/VERSION b/VERSION index 7d3375bd3d..5ed761d1ae 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-1027 +2.1-1034 diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index e405834ac6..bd88f5cd54 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -139,6 +139,9 @@ rest_target(${psd} base/protocols/conn/contents.bro) rest_target(${psd} base/protocols/conn/inactivity.bro) rest_target(${psd} base/protocols/conn/main.bro) rest_target(${psd} base/protocols/conn/polling.bro) +rest_target(${psd} base/protocols/dhcp/consts.bro) +rest_target(${psd} base/protocols/dhcp/main.bro) +rest_target(${psd} base/protocols/dhcp/utils.bro) rest_target(${psd} base/protocols/dns/consts.bro) rest_target(${psd} base/protocols/dns/main.bro) rest_target(${psd} base/protocols/ftp/files.bro) @@ -215,6 +218,7 @@ rest_target(${psd} policy/misc/app-stats/plugins/pandora.bro) rest_target(${psd} policy/misc/app-stats/plugins/youtube.bro) rest_target(${psd} policy/misc/capture-loss.bro) rest_target(${psd} policy/misc/detect-traceroute/main.bro) +rest_target(${psd} policy/misc/known-devices.bro) rest_target(${psd} policy/misc/load-balancing.bro) rest_target(${psd} policy/misc/loaded-scripts.bro) rest_target(${psd} policy/misc/profiling.bro) @@ -224,6 +228,7 @@ rest_target(${psd} policy/misc/trim-trace-file.bro) rest_target(${psd} policy/protocols/conn/known-hosts.bro) rest_target(${psd} policy/protocols/conn/known-services.bro) rest_target(${psd} policy/protocols/conn/weirds.bro) +rest_target(${psd} policy/protocols/dhcp/known-devices-and-hostnames.bro) rest_target(${psd} policy/protocols/dns/auth-addl.bro) rest_target(${psd} policy/protocols/dns/detect-external-names.bro) rest_target(${psd} policy/protocols/ftp/detect-bruteforcing.bro) diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index f0900fda07..7d582bf82f 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -47,6 +47,7 @@ @load misc/capture-loss.bro @load misc/detect-traceroute/__load__.bro @load misc/detect-traceroute/main.bro +@load misc/known-devices.bro @load misc/load-balancing.bro @load misc/loaded-scripts.bro @load misc/profiling.bro @@ -56,6 +57,7 @@ @load protocols/conn/known-hosts.bro @load protocols/conn/known-services.bro @load protocols/conn/weirds.bro +@load protocols/dhcp/known-devices-and-hostnames.bro @load protocols/dns/auth-addl.bro @load protocols/dns/detect-external-names.bro @load protocols/ftp/detect-bruteforcing.bro diff --git a/testing/btest/Baseline/core.print-bpf-filters/output2 b/testing/btest/Baseline/core.print-bpf-filters/output2 index 99ad929fbf..d7d8c8b05b 100644 --- a/testing/btest/Baseline/core.print-bpf-filters/output2 +++ b/testing/btest/Baseline/core.print-bpf-filters/output2 @@ -26,6 +26,8 @@ 1 6667 1 6668 1 6669 +1 67 +1 68 1 80 1 8000 1 8080 @@ -36,8 +38,8 @@ 1 992 1 993 1 995 -40 and -39 or -40 port +42 and +41 or +42 port 31 tcp -9 udp +11 udp diff --git a/testing/btest/Baseline/core.tunnels.teredo/conn.log b/testing/btest/Baseline/core.tunnels.teredo/conn.log index b71e56f073..8bb55e11d2 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2008-05-16-15-50-57 +#open 2013-08-04-03-28-45 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool count string count count count count table[string] 1210953047.736921 arKYeMETxOg 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty) @@ -21,10 +21,10 @@ 1210953074.570439 c4Zw9TmAE05 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - 0 ShADadFf 7 757 6 4164 (empty) 1210953052.202579 nQcgTWjvg4c 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - 0 Dd 2 185 1 76 (empty) 1210953060.829233 GSxOnSLghOa 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - 0 Dd 12 2695 13 11607 (empty) -1210953058.933954 iE6yhOq3SF 0.0.0.0 68 255.255.255.255 67 udp - - - - S0 - 0 D 1 328 0 0 (empty) +1210953058.933954 iE6yhOq3SF 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - 0 D 1 328 0 0 (empty) 1210953052.324629 TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - 0 d 0 0 1 137 (empty) 1210953046.591933 UWkUyAuUGXf 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - 0 D 2 472 0 0 (empty) 1210953052.324629 FrJExwHcSal fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 TEfuqmmG4bh 1210953060.829303 qCaWGmzFtM5 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 GSxOnSLghOa,nQcgTWjvg4c 1210953052.202579 j4u32Pc5bif fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 nQcgTWjvg4c -#close 2008-05-16-15-51-16 +#close 2013-08-04-03-28-45 diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index e65b72a30b..6f85862bd7 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2013-07-29-22-37-52 +#open 2013-08-04-03-27-22 #fields name #types string scripts/base/init-bare.bro @@ -91,6 +91,7 @@ scripts/base/init-bare.bro scripts/base/utils/site.bro scripts/base/utils/patterns.bro build/scripts/base/bif/__load__.bro + build/scripts/base/bif/top-k.bif.bro scripts/policy/misc/loaded-scripts.bro scripts/base/utils/paths.bro -#close 2013-07-29-22-37-52 +#close 2013-08-04-03-27-22 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 572173bd97..0d9a490080 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2013-07-29-22-37-53 +#open 2013-08-04-03-27-23 #fields name #types string scripts/base/init-bare.bro @@ -91,6 +91,7 @@ scripts/base/init-bare.bro scripts/base/utils/site.bro scripts/base/utils/patterns.bro build/scripts/base/bif/__load__.bro + build/scripts/base/bif/top-k.bif.bro scripts/base/init-default.bro scripts/base/utils/active-http.bro scripts/base/utils/exec.bro @@ -147,6 +148,7 @@ scripts/base/init-default.bro scripts/base/frameworks/sumstats/plugins/std-dev.bro scripts/base/frameworks/sumstats/plugins/variance.bro scripts/base/frameworks/sumstats/plugins/sum.bro + scripts/base/frameworks/sumstats/plugins/topk.bro scripts/base/frameworks/sumstats/plugins/unique.bro scripts/base/frameworks/sumstats/non-cluster.bro scripts/base/frameworks/tunnels/__load__.bro @@ -156,6 +158,10 @@ scripts/base/init-default.bro scripts/base/protocols/conn/contents.bro scripts/base/protocols/conn/inactivity.bro scripts/base/protocols/conn/polling.bro + scripts/base/protocols/dhcp/__load__.bro + scripts/base/protocols/dhcp/consts.bro + scripts/base/protocols/dhcp/main.bro + scripts/base/protocols/dhcp/utils.bro scripts/base/protocols/dns/__load__.bro scripts/base/protocols/dns/consts.bro scripts/base/protocols/dns/main.bro @@ -202,4 +208,4 @@ scripts/base/init-default.bro scripts/base/files/extract/main.bro scripts/base/misc/find-checksum-offloading.bro scripts/policy/misc/loaded-scripts.bro -#close 2013-07-29-22-37-53 +#close 2013-08-04-03-27-23