Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 04:58:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'master' into topic/script-reference

Browse source 
Conflicts:
	src/event.bif
This commit is contained in:
Jon Siwek 2011-12-06 09:37:13 -06:00
commit 749e510fc7
35 changed files with 284 additions and 167 deletions
Download patch file Download diff file Expand all files Collapse all files

26
CHANGES
View file

@ -1,4 +1,30 @@
2.0-beta-88 | 2011-12-02 17:00:58 -0800
* Teach LogWriterAscii to use BRO_LOG_SUFFIX environemt variable.
Addresses #704. (Jon Siwek)
* Fix double-free of DNS_Mgr_Request object. Addresses #661.
* Add a remote_log_peer event which comes with an event_peer record
parameter. Addresses #493. (Jon Siwek)
* Remove example redef of SMTP::entity_excerpt_len from local.bro.
Fixes error emitted when loading local.bro in bare mode. (Jon
Siwek)
* Add missing doc targets to top Makefile; remove old doc/Makefile.
Fixes #705. (Jon Siwek)
* Turn some globals into constants. Addresses #633. (Seth Hall)
* Rearrange packet filter and DPD documentation. (Jon Siwek)
2.0-beta-72 | 2011-11-30 20:16:09 -0800
* Fine-tuning the Sphinx layout to better match www. (Jon Siwek and
Robin Sommer)
2.0-beta-69 | 2011-11-29 16:55:31 -0800
* Fixing ASCII logger to escape the unset-field place holder if

12
Makefile
View file

@ -29,6 +29,18 @@ doc: configured
docclean: configured
$(MAKE) -C $(BUILD) $@
restdoc: configured
$(MAKE) -C $(BUILD) $@
restclean: configured
$(MAKE) -C $(BUILD) $@
broxygen: configured
$(MAKE) -C $(BUILD) $@
broxygenclean: configured
$(MAKE) -C $(BUILD) $@
dist:
@rm -rf $(VERSION_FULL) $(VERSION_FULL).tgz
@rm -rf $(VERSION_MIN) $(VERSION_MIN).tgz

2
VERSION
View file

@ -1 +1 @@
2.0-beta-69
2.0-beta-88

2
aux/bro-aux

@ -1 +1 @@
Subproject commit 7ea5837b4ba8403731ca4a9875616c0ab501342f
Subproject commit 4d387ce660468b44df99d4c87d6016ae4ed2fdc4

2
aux/broctl

@ -1 +1 @@
Subproject commit 6771d28af299f025a701e67f51311513af1cbc22
Subproject commit be772bbada79b106db33fb9de5f56fa71226adc5

6
doc/CMakeLists.txt
View file

@ -60,16 +60,16 @@ add_custom_target(broxygen
# The "sphinxclean" target removes just the Sphinx input/output directories
# from the build directory.
add_custom_target(broxygen-clean
add_custom_target(broxygenclean
COMMAND "${CMAKE_COMMAND}" -E remove_directory
${DOC_SOURCE_WORKDIR}
COMMAND "${CMAKE_COMMAND}" -E remove_directory
${DOC_OUTPUT_DIR}
VERBATIM)
add_dependencies(broxygen broxygen-clean restdoc)
add_dependencies(broxygen broxygenclean restdoc)
add_custom_target(doc)
add_custom_target(docclean)
add_dependencies(doc broxygen)
add_dependencies(docclean broxygen-clean restclean)
add_dependencies(docclean broxygenclean restclean)

7
doc/Makefile
View file

@ -1,7 +0,0 @@
all:
test -d html || mkdir html
for i in *.rst; do echo "$$i ..."; ./bin/rst2html.py $$i >html/`echo $$i | sed 's/rst$$/html/g'`; done
clean:
rm -rf html

5
doc/README
View file

@ -15,8 +15,9 @@ which adds some reST directives and roles that aid in generating useful
index entries and cross-references. Other extensions can be added in
a similar fashion.
Either the ``make doc`` or ``make broxygen`` can be used to locally
render the reST files into HTML. Those targets depend on:
Either the ``make doc`` or ``make broxygen`` targets in the top-level
Makefile can be used to locally render the reST files into HTML.
Those targets depend on:
* Python interpreter >= 2.5
* `Sphinx <http://sphinx.pocoo.org/>`_ >= 1.0.1

12
doc/_static/broxygen-extra.css vendored
View file

@ -1,3 +1,15 @@
.highlight {
background-color: #ffffff;
}
h1 {
font-weight: bold;
font-size: 32px;
line-height:32px;
text-align: center;
padding-top: 3px;
margin-bottom: 30px;
font-family: Palatino,'Palatino Linotype',Georgia,serif;;
color: #000;
border-bottom: 0px;
}

BIN
doc/_static/logo-bro.png vendored Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 11 KiB

81
doc/_templates/layout.html vendored
View file

@ -9,7 +9,7 @@
{% endblock %}
{% block header %}
<iframe src="http://www.bro-ids.org/frames/header.html" width="100%" height="100px" frameborder="0" marginheight="0" scrolling="no" marginwidth="0">
<iframe src="http://www.bro-ids.org/frames/header-no-logo.html" width="100%" height="100px" frameborder="0" marginheight="0" scrolling="no" marginwidth="0">
</iframe>
{% endblock %}
@ -17,15 +17,82 @@
{% block relbar1 %}{% endblock %}
{% block content %}
<div id="bro-main" class="clearfix">
<div class="container_12">
{{ super() }}
</div>
</div>
<div id="bro-main" class="clearfix">
<div class="container_12">
<div class="grid_9">
<div>
{{ relbar() }}
</div>
<div class="body">
{% block body %}
{% endblock %}
</div>
</div>
<!-- Sidebar -->
<div class="grid_3 omega">
<div>
<img id="logo" src="{{pathto('_static/logo-bro.png', 1)}}" alt="Logo" />
</div>
<br />
<div class="widget sidebar-toc">
<h3 class="widgettitle">
Table of Contents
</h3>
<p>
<ul>{{toc}}</ul>
</p>
</div>
{% if next %}
<div class="widget">
<h3 class="widgettitle">
Next Page
</h3>
<p>
<a href="{{ next.link|e }}">{{ next.title }}</a>
</p>
</div>
{% endif %}
{% if prev %}
<div class="widget">
<h3 class="widgettitle">
Previous Page
</h3>
<p>
<a href="{{ prev.link|e }}">{{ prev.title }}</a>
</p>
</div>
{% endif %}
</div>
</div>
<div class="container_12">
<div class="grid_12 alpha omega">
<div class="center">
<small>
Copyright {{ copyright }}.
Last updated on {{ last_updated }}.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> {{ sphinx_version }}.
</small>
</div>
</div>
</div>
</div>
{% endblock %}
{% block footer %}
{{ super() }}
<iframe src="http://www.bro-ids.org/frames/footer.html" width="100%" height="420px" frameborder="0" marginheight="0" scrolling="no" marginwidth="0">
</iframe>
{% endblock %}

62
doc/bin/rst2html.py
View file

@ -1,62 +0,0 @@
#!/usr/bin/env python
#
# Derived from docutils standard rst2html.py.
#
# $Id: rst2html.py 4564 2006-05-21 20:44:42Z wiemann $
# Author: David Goodger <goodger@python.org>
# Copyright: This module has been placed in the public domain.
#
#
# Extension: we add to dummy directorives "code" and "console" to be
# compatible with Bro's web site setup.
try:
import locale
locale.setlocale(locale.LC_ALL, '')
except:
pass
import textwrap
from docutils.core import publish_cmdline, default_description
from docutils import nodes
from docutils.parsers.rst import directives, Directive
from docutils.parsers.rst.directives.body import LineBlock
class Literal(Directive):
#max_line_length = 68
max_line_length = 0
required_arguments = 0
optional_arguments = 1
final_argument_whitespace = True
has_content = True
def wrapped_content(self):
content = []
if Literal.max_line_length:
for line in self.content:
content += textwrap.wrap(line, Literal.max_line_length, subsequent_indent=" ")
else:
content = self.content
return u'\n'.join(content)
def run(self):
self.assert_has_content()
content = self.wrapped_content()
literal = nodes.literal_block(content, content)
return [literal]
directives.register_directive('code', Literal)
directives.register_directive('console', Literal)
description = ('Generates (X)HTML documents from standalone reStructuredText '
'sources. ' + default_description)
publish_cmdline(writer_name='html', description=description)

30
doc/conf.py.in
View file

@ -90,44 +90,20 @@ pygments_style = 'sphinx'
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
html_theme = 'basic'
html_last_updated_fmt = '%B %d, %Y'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
html_theme_options = {
"rightsidebar": "true",
"stickysidebar": "false",
"externalrefs": "false",
"footerbgcolor": "#333",
"footertextcolor": "#ddd",
"sidebarbgcolor": "#ffffff",
#"sidebarbtncolor": "",
"sidebartextcolor": "#333",
"sidebarlinkcolor": "#2a85a7",
"relbarbgcolor": "#ffffff",
"relbartextcolor": "#333",
"relbarlinkcolor": "#2a85a7",
"bgcolor": "#ffffff",
"textcolor": "#333",
"linkcolor": "#2a85a7",
"visitedlinkcolor": "#2a85a7",
"headbgcolor": "#f0f0f0",
"headtextcolor": "#000",
"headlinkcolor": "#2a85a7",
"codebgcolor": "#FFFAE2",
#"codetextcolor": "",
"bodyfont": "Arial, Helvetica, sans-serif",
"headfont": "Palatino,'Palatino Linotype',Georgia,serif",
}
html_theme_options = { }
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# "<project> v<release> Documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.

5
doc/index.rst
View file

@ -1,9 +1,11 @@
.. Bro documentation master file
=================
Bro Documentation
=================
Documentation for version: |version|
Guides
------
.. toctree::
:maxdepth: 1
@ -39,7 +41,6 @@ Script Reference
.. toctree::
:maxdepth: 1
scripts/common
scripts/builtins
scripts/bifs
scripts/packages

2
doc/scripts/README
View file

@ -1,6 +1,6 @@
This directory contains scripts and templates that can be used to automate
the generation of Bro script documentation. Several build targets are defined
by CMake:
by CMake and available in the top-level Makefile:
``restdoc``

19
doc/scripts/common.rst
View file

@ -1,19 +0,0 @@
Common Documentation
====================
.. _common_port_analysis_doc:
Port Analysis
-------------
TODO: add some stuff here
.. _common_packet_filter_doc:
Packet Filter
-------------
TODO: add some stuff here
.. note:: Filters are only relevant when dynamic protocol detection (DPD)
is explicitly turned off (Bro release 1.6 enabled DPD by default).

4
doc/scripts/index.rst
View file

@ -1,7 +1,7 @@
.. This is a stub doc to which broxygen appends during the build process
Index of All Bro Scripts
========================
Index of All Individual Bro Scripts
===================================
.. toctree::
:maxdepth: 1

7
scripts/base/frameworks/communication/main.bro
View file

@ -130,6 +130,13 @@ event remote_log(level: count, src: count, msg: string)
do_script_log_common(level, src, msg);
}
# This is a core generated event.
event remote_log_peer(p: event_peer, level: count, src: count, msg: string)
{
local rmsg = fmt("[#%d/%s:%d] %s", p$id, p$host, p$p, msg);
do_script_log_common(level, src, rmsg);
}
function do_script_log(p: event_peer, msg: string)
{
do_script_log_common(REMOTE_LOG_INFO, REMOTE_SRC_SCRIPT, msg);

6
scripts/base/protocols/dns/main.bro
View file

@ -65,11 +65,11 @@ redef capture_filters += {
["netbios-ns"] = "udp port 137",
};
global dns_ports = { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp } &redef;
const dns_ports = { 53/udp, 53/tcp, 137/udp, 5353/udp, 5355/udp };
redef dpd_config += { [ANALYZER_DNS] = [$ports = dns_ports] };
global dns_udp_ports = { 53/udp, 137/udp, 5353/udp, 5355/udp } &redef;
global dns_tcp_ports = { 53/tcp } &redef;
const dns_udp_ports = { 53/udp, 137/udp, 5353/udp, 5355/udp };
const dns_tcp_ports = { 53/tcp };
redef dpd_config += { [ANALYZER_DNS_UDP_BINPAC] = [$ports = dns_udp_ports] };
redef dpd_config += { [ANALYZER_DNS_TCP_BINPAC] = [$ports = dns_tcp_ports] };

2
scripts/base/protocols/irc/main.bro
View file

@ -41,7 +41,7 @@ redef capture_filters += { ["irc-6668"] = "port 6668" };
redef capture_filters += { ["irc-6669"] = "port 6669" };
# DPD configuration.
global irc_ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp } &redef;
const irc_ports = { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp };
redef dpd_config += { [ANALYZER_IRC] = [$ports = irc_ports] };
redef likely_server_ports += { 6666/tcp, 6667/tcp, 6668/tcp, 6669/tcp };

8
scripts/site/local.bro
View file

@ -62,11 +62,3 @@ redef signature_files += "frameworks/signatures/detect-windows-shells.sig";
@load protocols/http/detect-MHR
# Detect SQL injection attacks
@load protocols/http/detect-sqli
# Uncomment this redef if you want to extract SMTP MIME entities for
# some file types. The numbers given indicate how many bytes to extract for
# the various mime types.
redef SMTP::entity_excerpt_len += {
# ["text/plain"] = 1024,
# ["text/html"] = 1024,
};

6
src/BroDoc.cc
View file

@ -215,14 +215,16 @@ void BroDoc::WriteDocFile() const
if ( ! port_analysis.empty() )
{
WriteSectionHeading("Port Analysis", '-');
WriteToDoc(":ref:`More Information <common_port_analysis_doc>`\n\n");
WriteToDoc("Loading this script makes the following changes to "
":bro:see:`dpd_config`.\n\n");
WriteStringList("%s", port_analysis);
}
if ( ! packet_filter.empty() )
{
WriteSectionHeading("Packet Filter", '-');
WriteToDoc(":ref:`More Information <common_packet_filter_doc>`\n\n");
WriteToDoc("Loading this script makes the following changes to "
":bro:see:`capture_filters`.\n\n");
WriteToDoc("Filters added::\n\n");
WriteToDoc("%s\n", packet_filter.c_str());
}

2
src/DNS_Mgr.cc
View file

@ -595,8 +595,6 @@ void DNS_Mgr::Resolve()
}
else
--num_pending;
delete dr;
}
}

11
src/LogWriterAscii.cc
View file

@ -88,7 +88,7 @@ bool LogWriterAscii::DoInit(string path, int num_fields,
if ( output_to_stdout )
path = "/dev/stdout";
fname = IsSpecial(path) ? path : path + ".log";
fname = IsSpecial(path) ? path : path + "." + LogExt();
if ( ! (file = fopen(fname.c_str(), "w")) )
{
@ -320,7 +320,7 @@ bool LogWriterAscii::DoRotate(string rotated_path, double open,
fclose(file);
file = 0;
string nname = rotated_path + ".log";
string nname = rotated_path + "." + LogExt();
rename(fname.c_str(), nname.c_str());
if ( ! FinishedRotation(nname, fname, open, close, terminating) )
@ -338,4 +338,9 @@ bool LogWriterAscii::DoSetBuf(bool enabled)
return true;
}
string LogWriterAscii::LogExt()
{
const char* ext = getenv("BRO_LOG_SUFFIX");
if ( ! ext ) ext = "log";
return ext;
}

1
src/LogWriterAscii.h
View file

@ -13,6 +13,7 @@ public:
~LogWriterAscii();
static LogWriter* Instantiate() { return new LogWriterAscii; }
static string LogExt();
protected:
virtual bool DoInit(string path, int num_fields,

32
src/RemoteSerializer.cc
View file

@ -2923,25 +2923,37 @@ void RemoteSerializer::Log(LogLevel level, const char* msg)
void RemoteSerializer::Log(LogLevel level, const char* msg, Peer* peer,
LogSrc src)
{
if ( peer )
{
val_list* vl = new val_list();
vl->append(peer->val->Ref());
vl->append(new Val(level, TYPE_COUNT));
vl->append(new Val(src, TYPE_COUNT));
vl->append(new StringVal(msg));
mgr.QueueEvent(remote_log_peer, vl);
}
else
{
val_list* vl = new val_list();
vl->append(new Val(level, TYPE_COUNT));
vl->append(new Val(src, TYPE_COUNT));
vl->append(new StringVal(msg));
mgr.QueueEvent(remote_log, vl);
}
#ifdef DEBUG
const int BUFSIZE = 1024;
char buffer[BUFSIZE];
int len = 0;
if ( peer )
len += snprintf(buffer + len, sizeof(buffer) - len,
"[#%d/%s:%d] ", int(peer->id), ip2a(peer->ip),
peer->port);
len += snprintf(buffer + len, sizeof(buffer) - len, "[#%d/%s:%d] ",
int(peer->id), ip2a(peer->ip), peer->port);
len += safe_snprintf(buffer + len, sizeof(buffer) - len, "%s", msg);
val_list* vl = new val_list();
vl->append(new Val(level, TYPE_COUNT));
vl->append(new Val(src, TYPE_COUNT));
vl->append(new StringVal(buffer));
mgr.QueueEvent(remote_log, vl);
DEBUG_COMM(fmt("parent: %.6f %s", current_time(), buffer));
#endif
}
void RemoteSerializer::RaiseEvent(EventHandlerPtr event, Peer* peer,

25
src/event.bif
View file

@ -5442,9 +5442,32 @@ event remote_state_inconsistency%(operation: string, id: string,
## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook
## remote_state_inconsistency print_hook remote_log_peer
event remote_log%(level: count, src: count, msg: string%);
## Generated for communication log messages. While this event is
## intended primarily for use by Bro's communication framework, it can also trigger
## additional code if helpful. This event is equivalent to
## :bro:see:`remote_log` except the message is with respect to a certain peer.
##
## p: A record describing the remote peer.
##
## level: The log level, which is either :bro:enum:`REMOTE_LOG_INFO` or
## :bro:enum:`REMOTE_LOG_ERROR`.
##
## src: The component of the comminication system that logged the message.
## Currently, this will be one of :bro:enum:`REMOTE_SRC_CHILD` (Bro's
## child process), :bro:enum:`REMOTE_SRC_PARENT` (Bro's main process), or
## :bro:enum:`REMOTE_SRC_SCRIPT` (the script level).
##
## msg: The message logged.
##
## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook remote_log
event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%);
## Generated when a remote peer has answered to our ping. This event is part of
## Bro's infrastructure for measuring communication latency. One can send a ping
## by calling :bro:id:`send_ping` and when a corresponding reply is received, this

2
src/main.cc
View file

@ -47,6 +47,7 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
#include "ConnCompressor.h"
#include "DPM.h"
#include "BroDoc.h"
#include "LogWriterAscii.h"
#include "binpac_bro.h"
@ -194,6 +195,7 @@ void usage()
fprintf(stderr, " $BRO_PREFIXES | prefix list (%s)\n", bro_prefixes());
fprintf(stderr, " $BRO_DNS_FAKE | disable DNS lookups (%s)\n", bro_dns_fake());
fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n");
fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", LogWriterAscii::LogExt().c_str());
exit(1);
}

0
testing/btest/Baseline/core.dns-init/output Normal file
View file

4
testing/btest/Baseline/doc.autogen-reST-example/example.rst
View file

@ -281,7 +281,7 @@ Redefinitions
Port Analysis
-------------
:ref:`More Information <common_port_analysis_doc>`
Loading this script makes the following changes to :bro:see:`dpd_config`.
SSL::
@ -292,7 +292,7 @@ SSL::
Packet Filter
-------------
:ref:`More Information <common_packet_filter_doc>`
Loading this script makes the following changes to :bro:see:`capture_filters`.
Filters added::

16
testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log Normal file
View file

@ -0,0 +1,16 @@
#separator \x09
#path communication
#fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message
#types time string string string addr port string string
1322788789.351248 bro parent - - - info [#1/127.0.0.1:47757] added peer
1322788789.354851 bro child - - - info [#1/127.0.0.1:47757] connected
1322788789.354956 bro parent - - - info [#1/127.0.0.1:47757] peer connected
1322788789.354956 bro parent - - - info [#1/127.0.0.1:47757] phase: version
1322788789.355429 bro script - - - info connection established
1322788789.355429 bro script - - - info requesting events matching /^?(NOTHING)$?/
1322788789.355429 bro script - - - info accepting state
1322788789.355967 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
1322788789.355967 bro parent - - - info warning: no events to request
1322788789.355967 bro parent - - - info terminating...
1322788789.355967 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
1322788789.355967 bro parent - - - info [#1/127.0.0.1:47757] closing connection

9
testing/btest/core/dns-init.bro Normal file
View file

@ -0,0 +1,9 @@
# We once had a bug where DNS lookups at init time lead to an immediate crash.
#
# @TEST-EXEC: bro %INPUT >output 2>&1
# @TEST-EXEC: btest-diff output
const foo: set[addr] = {
google.com
};

4
testing/btest/core/leaks/dns.bro
View file

@ -4,6 +4,10 @@
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace %INPUT
const foo: set[addr] = {
google.com
};
# Add the state tracking information variable to the connection record
event connection_established(c: connection)

37
testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro Normal file
View file

@ -0,0 +1,37 @@
#
# @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro
# @TEST-EXEC: btest-bg-run sender bro -b ../sender.bro
# @TEST-EXEC: btest-bg-wait -k 2
#
# Don't diff the receiver log just because port is always going to change
# @TEST-EXEC: egrep -v 'pid|socket buffer size' sender/communication.log >send.log
# @TEST-EXEC: btest-diff send.log
@TEST-START-FILE sender.bro
@load base/frameworks/communication/main
redef Communication::nodes += {
["foo"] = [$host = 127.0.0.1, $events = /NOTHING/, $connect=T]
};
event remote_connection_established(p: event_peer)
{
terminate_communication();
terminate();
}
@TEST-END-FILE
#############
@TEST-START-FILE receiver.bro
@load frameworks/communication/listen
event remote_connection_closed(p: event_peer)
{
terminate();
}
@TEST-END-FILE

2
testing/btest/scripts/base/frameworks/logging/env-ext.test Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: BRO_LOG_SUFFIX=txt bro -r $TRACES/wikipedia.trace
# @TEST-EXEC: test -f conn.txt