Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/master' into dev/2.7

Browse source
This commit is contained in:
Jon Siwek 2018-09-25 16:47:01 -05:00
commit 43aab5be7b
14 changed files with 65 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

26
CHANGES
View file

@ -1,4 +1,30 @@
2.6-beta2-14 | 2018-09-25 16:38:29 -0500
* Add some missing @TEST-REQUIRES to a few tests (Daniel Thayer)
2.6-beta2-12 | 2018-09-24 10:56:09 -0500
* Fix BasicThread::SetOSName on FreeBSD (Dominik Charousset)
2.6-beta2-10 | 2018-09-21 13:29:15 -0500
* Fix some broken @TEST-REQUIRES in unit tests (Daniel Thayer)
2.6-beta2-8 | 2018-09-21 13:25:50 -0500
* Emit missing GeoIP database errors only once at startup (Jon Siwek, Corelight)
2.6-beta2-7 | 2018-09-21 10:18:55 -0500
* Fix compile error in MMDB GeoIP code (Jon Siwek, Corelight)
2.6-beta2-6 | 2018-09-20 13:15:15 -0500
* Add a missing "break" in OSFinger.cc (Daniel Thayer)
* Fix buffer sizes in the rotate_file function (Daniel Thayer)
2.6-beta2-3 | 2018-09-19 15:21:00 -0500 2.6-beta2-3 | 2018-09-19 15:21:00 -0500
* Add HTTP::sqli_policy hook to ignore counting a request as a SQL injection * Add HTTP::sqli_policy hook to ignore counting a request as a SQL injection

2
VERSION
View file

@ -1 +1 @@
2.6-beta2-3 2.6-beta2-14

1
src/OSFinger.cc
View file

@ -469,6 +469,7 @@ reparse_ptr:
{ {
case 'E': case 'E':
Error("OS fingerprinting: Quirk 'E' is obsolete. Remove it, append E to the options. Line",(uint32)ln); Error("OS fingerprinting: Quirk 'E' is obsolete. Remove it, append E to the options. Line",(uint32)ln);
break;
case 'K': case 'K':
if ( mode != RST_FINGERPRINT_MODE ) if ( mode != RST_FINGERPRINT_MODE )

23
src/bro.bif
View file

@ -3626,7 +3626,7 @@ private:
}; };
MMDB::MMDB(const char* filename, struct stat info) MMDB::MMDB(const char* filename, struct stat info)
: file_info{info}, lookup_error{false}, : file_info(info), lookup_error{false},
last_check{std::chrono::steady_clock::now()} last_check{std::chrono::steady_clock::now()}
{ {
int status = MMDB_open(filename, MMDB_MODE_MMAP, &mmdb); int status = MMDB_open(filename, MMDB_MODE_MMAP, &mmdb);
@ -3695,6 +3695,8 @@ const char* MMDB::Filename()
std::unique_ptr<MMDB> mmdb_loc; std::unique_ptr<MMDB> mmdb_loc;
std::unique_ptr<MMDB> mmdb_asn; std::unique_ptr<MMDB> mmdb_asn;
static bool did_mmdb_loc_db_error = false;
static bool did_mmdb_asn_db_error = false;
static bool mmdb_open(const char* filename, bool asn) static bool mmdb_open(const char* filename, bool asn)
{ {
@ -3719,6 +3721,11 @@ static bool mmdb_open(const char* filename, bool asn)
catch ( const std::exception& e ) catch ( const std::exception& e )
{ {
if ( asn )
did_mmdb_asn_db_error = false;
else
did_mmdb_loc_db_error = false;
reporter->Info("Failed to open MaxMind DB: %s [%s]", filename, reporter->Info("Failed to open MaxMind DB: %s [%s]", filename,
e.what()); e.what());
return false; return false;
@ -3742,6 +3749,7 @@ static void mmdb_check_loc()
if ( mmdb_loc && mmdb_loc->StaleDB() ) if ( mmdb_loc && mmdb_loc->StaleDB() )
{ {
reporter->Info("Closing stale MaxMind DB [%s]", mmdb_loc->Filename()); reporter->Info("Closing stale MaxMind DB [%s]", mmdb_loc->Filename());
did_mmdb_loc_db_error = false;
mmdb_loc.release(); mmdb_loc.release();
} }
} }
@ -3751,6 +3759,7 @@ static void mmdb_check_asn()
if ( mmdb_asn && mmdb_asn->StaleDB() ) if ( mmdb_asn && mmdb_asn->StaleDB() )
{ {
reporter->Info("Closing stale MaxMind DB [%s]", mmdb_asn->Filename()); reporter->Info("Closing stale MaxMind DB [%s]", mmdb_asn->Filename());
did_mmdb_asn_db_error = false;
mmdb_asn.release(); mmdb_asn.release();
} }
} }
@ -3943,7 +3952,12 @@ function lookup_location%(a: addr%) : geo_location
{ {
if ( ! mmdb_try_open_loc() ) if ( ! mmdb_try_open_loc() )
{ {
if ( ! did_mmdb_loc_db_error )
{
did_mmdb_loc_db_error = true;
builtin_error("Failed to open GeoIP location database"); builtin_error("Failed to open GeoIP location database");
}
return location; return location;
} }
} }
@ -4021,7 +4035,12 @@ function lookup_asn%(a: addr%) : count
{ {
if ( ! mmdb_try_open_asn() ) if ( ! mmdb_try_open_asn() )
{ {
builtin_error("No open GeoIP ASN database"); if ( ! did_mmdb_asn_db_error )
{
did_mmdb_asn_db_error = true;
builtin_error("Failed to open GeoIP ASN database");
}
return new Val(0, TYPE_COUNT); return new Val(0, TYPE_COUNT);
} }
} }

8
src/threading/BasicThread.cc
View file

@ -11,6 +11,10 @@
#include <sys/prctl.h> #include <sys/prctl.h>
#endif #endif
#ifdef __FreeBSD__
#include <pthread_np.h>
#endif
using namespace threading; using namespace threading;
static const int STD_FMT_BUF_LEN = 2048; static const int STD_FMT_BUF_LEN = 2048;
@ -60,8 +64,8 @@ void BasicThread::SetOSName(const char* arg_name)
pthread_setname_np(arg_name); pthread_setname_np(arg_name);
#endif #endif
#ifdef FREEBSD #ifdef __FreeBSD__
pthread_set_name_np(thread.native_handle(), arg_name, arg_name); pthread_set_name_np(thread.native_handle(), arg_name);
#endif #endif
} }

2
src/util.cc
View file

@ -1272,7 +1272,7 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
// Build file names. // Build file names.
const int buflen = strlen(name) + 128; const int buflen = strlen(name) + 128;
char tmpname[buflen], newname[buflen+4]; char newname[buflen], tmpname[buflen+4];
safe_snprintf(newname, buflen, "%s.%d.%.06f.tmp", safe_snprintf(newname, buflen, "%s.%d.%.06f.tmp",
name, getpid(), network_time); name, getpid(), network_time);

1
testing/btest/bifs/dump_current_packet.bro
View file

@ -1,3 +1,4 @@
# @TEST-REQUIRES: which hexdump
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: hexdump -C 1.pcap >1.hex # @TEST-EXEC: hexdump -C 1.pcap >1.hex
# @TEST-EXEC: hexdump -C 2.pcap >2.hex # @TEST-EXEC: hexdump -C 2.pcap >2.hex

2
testing/btest/core/disable-mobile-ipv6.test
View file

@ -1,4 +1,4 @@
# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/bro-config.h
# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT # @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
# @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff weird.log

2
testing/btest/core/mobile-ipv6-home-addr.test
View file

@ -1,4 +1,4 @@
# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/config.h # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output # @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-hoa.trace %INPUT >output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output

2
testing/btest/core/mobile-ipv6-routing.test
View file

@ -1,4 +1,4 @@
# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/config.h # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output # @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/ipv6-mobile-routing.trace %INPUT >output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output

2
testing/btest/core/mobility-checksums.test
View file

@ -1,4 +1,4 @@
# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/config.h # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h
# @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap # @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap
# @TEST-EXEC: mv weird.log bad.out # @TEST-EXEC: mv weird.log bad.out
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap # @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap

2
testing/btest/core/mobility_msg.test
View file

@ -1,4 +1,4 @@
# @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/config.h # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/bro-config.h
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output # @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output # @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_be.trace %INPUT >>output
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output # @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_brr.trace %INPUT >>output

1
testing/btest/core/pcap/dumper.bro
View file

@ -1,3 +1,4 @@
# @TEST-REQUIRES: which hexdump
# @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace -w dump # @TEST-EXEC: bro -r $TRACES/workshop_2011_browse.trace -w dump
# @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1 # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1
# @TEST-EXEC: hexdump -C dump >2 # @TEST-EXEC: hexdump -C dump >2

1
testing/btest/coverage/find-bro-logs.test
View file

@ -4,6 +4,7 @@
# #
# If this test fails, then the "Log Files" documentation page should be updated. # If this test fails, then the "Log Files" documentation page should be updated.
# @TEST-REQUIRES: which python
# @TEST-EXEC: bash %INPUT # @TEST-EXEC: bash %INPUT
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out