mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Merge branch 'master' of ssh://git.bro-ids.org/bro
This commit is contained in:
Seth Hall
commit
8c633daade
15 changed files with 41 additions and 39 deletions
|
|
@ -1 +1 @@
|
|||
Subproject commit 9866a00e78b088315e632960aaa230635bca326a
|
||||
Subproject commit e90325bc2bd3023f4a5f48446a91725192eafef4
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit a9aeb2e1a8434c583c75f5941b58dc69a7517444
|
||||
Subproject commit 3b23a300152405135088aeb9fc0f411c295193b1
|
||||
|
|
@ -512,8 +512,7 @@ PktFileSrc::PktFileSrc(const char* arg_readfile, const char* filter,
|
|||
return;
|
||||
|
||||
// We don't put file sources into non-blocking mode as
|
||||
// otherwise we would not be able to identify the EOF
|
||||
// via next_packet().
|
||||
// otherwise we would not be able to identify the EOF.
|
||||
|
||||
selectable_fd = fileno(pcap_file(pd));
|
||||
|
||||
|
|
|
|||
|
|
@ -2558,7 +2558,10 @@ bool RemoteSerializer::SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, st
|
|||
|
||||
// Do we have enough space in the buffer? If not, flush first.
|
||||
if ( len > (LOG_BUFFER_SIZE - peer->log_buffer_used) )
|
||||
FlushLogBuffer(peer);
|
||||
{
|
||||
if ( ! FlushLogBuffer(peer) )
|
||||
return false;
|
||||
}
|
||||
|
||||
// If the data is actually larger than our complete buffer, just send it out.
|
||||
if ( len > LOG_BUFFER_SIZE )
|
||||
|
|
@ -2569,8 +2572,8 @@ bool RemoteSerializer::SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, st
|
|||
peer->log_buffer_used += len;
|
||||
assert(peer->log_buffer_used <= LOG_BUFFER_SIZE);
|
||||
|
||||
FlushLogBuffer(peer);
|
||||
return false;
|
||||
FlushLogBuffer(peer); // FIXME: This should go away, but then the unit test fails. See #498.
|
||||
return true;
|
||||
|
||||
error:
|
||||
FatalError(io->Error());
|
||||
|
|
@ -2582,7 +2585,7 @@ bool RemoteSerializer::FlushLogBuffer(Peer* p)
|
|||
if ( p->state == Peer::CLOSING )
|
||||
return false;
|
||||
|
||||
if ( ! p->log_buffer )
|
||||
if ( ! (p->log_buffer && p->log_buffer_used) )
|
||||
return true;
|
||||
|
||||
SendToChild(MSG_LOG_WRITE, p, p->log_buffer, p->log_buffer_used);
|
||||
|
|
|
|||
|
|
@ -438,7 +438,7 @@ int main(int argc, char** argv)
|
|||
opterr = 0;
|
||||
|
||||
char opts[256];
|
||||
safe_strncpy(opts, "B:D:e:f:I:i:K:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGHLOPSWdghvZ",
|
||||
safe_strncpy(opts, "B:D:e:f:I:i:K:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGLOPSWdghvZ",
|
||||
sizeof(opts));
|
||||
|
||||
#ifdef USE_PERFTOOLS
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
1310590727.30137 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - - - -
|
||||
1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
1310590727.30137 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - -
|
||||
1310750785.32134 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
1310590707.11117 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - - - -
|
||||
1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file
|
||||
1310590707.11117 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - -
|
||||
1310750770.8185 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - -
|
||||
|
|
|
|||
|
|
@ -1,21 +1,21 @@
|
|||
0, /Users/seth/bro.git9/policy/bro.init
|
||||
1, /Users/seth/bro.git9/build/src/const.bif.bro
|
||||
1, /Users/seth/bro.git9/build/src/types.bif.bro
|
||||
1, /Users/seth/bro.git9/build/src/strings.bif.bro
|
||||
1, /Users/seth/bro.git9/build/src/bro.bif.bro
|
||||
1, /Users/seth/bro.git9/build/src/reporter.bif.bro
|
||||
1, /Users/seth/bro.git9/build/src/event.bif.bro
|
||||
1, /Users/seth/bro.git9/policy/utils/site.bro
|
||||
2, /Users/seth/bro.git9/policy/utils/pattern.bro
|
||||
1, /Users/seth/bro.git9/policy/frameworks/logging/__load__.bro
|
||||
2, /Users/seth/bro.git9/policy/frameworks/logging/base.bro
|
||||
3, /Users/seth/bro.git9/build/src/logging.bif.bro
|
||||
2, /Users/seth/bro.git9/policy/frameworks/logging/plugins/ascii.bro
|
||||
1, /Users/seth/bro.git9/policy/frameworks/packet-filter/__load__.bro
|
||||
2, /Users/seth/bro.git9/policy/frameworks/packet-filter/base.bro
|
||||
3, /Users/seth/bro.git9/policy/frameworks/notice/__load__.bro
|
||||
4, /Users/seth/bro.git9/policy/frameworks/notice/base.bro
|
||||
4, /Users/seth/bro.git9/policy/frameworks/notice/weird.bro
|
||||
5, /Users/seth/bro.git9/policy/utils/conn-ids.bro
|
||||
2, /Users/seth/bro.git9/policy/frameworks/packet-filter/netstats.bro
|
||||
0, /Users/seth/bro.git9/testing/btest/.tmp/policy.misc.loaded-scripts/loaded-scripts.bro
|
||||
0, /Users/jsiwek/tmp/bro/policy/bro.init
|
||||
1, /Users/jsiwek/tmp/bro/build/src/const.bif.bro
|
||||
1, /Users/jsiwek/tmp/bro/build/src/types.bif.bro
|
||||
1, /Users/jsiwek/tmp/bro/build/src/strings.bif.bro
|
||||
1, /Users/jsiwek/tmp/bro/build/src/bro.bif.bro
|
||||
1, /Users/jsiwek/tmp/bro/build/src/reporter.bif.bro
|
||||
1, /Users/jsiwek/tmp/bro/build/src/event.bif.bro
|
||||
1, /Users/jsiwek/tmp/bro/policy/site.bro
|
||||
2, /Users/jsiwek/tmp/bro/policy/utils/pattern.bro
|
||||
1, /Users/jsiwek/tmp/bro/policy/frameworks/logging/__load__.bro
|
||||
2, /Users/jsiwek/tmp/bro/policy/frameworks/logging/base.bro
|
||||
3, /Users/jsiwek/tmp/bro/build/src/logging.bif.bro
|
||||
2, /Users/jsiwek/tmp/bro/policy/frameworks/logging/plugins/ascii.bro
|
||||
1, /Users/jsiwek/tmp/bro/policy/frameworks/packet-filter/__load__.bro
|
||||
2, /Users/jsiwek/tmp/bro/policy/frameworks/packet-filter/base.bro
|
||||
3, /Users/jsiwek/tmp/bro/policy/frameworks/notice/__load__.bro
|
||||
4, /Users/jsiwek/tmp/bro/policy/frameworks/notice/base.bro
|
||||
4, /Users/jsiwek/tmp/bro/policy/frameworks/notice/weird.bro
|
||||
5, /Users/jsiwek/tmp/bro/policy/utils/conn_ids.bro
|
||||
2, /Users/jsiwek/tmp/bro/policy/frameworks/packet-filter/netstats.bro
|
||||
0, /Users/jsiwek/tmp/bro/testing/btest/.tmp/policy.misc.loaded-scripts/loaded-scripts.bro
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@
|
|||
# @TEST-EXEC: cp %INPUT foo/test.bro
|
||||
# @TEST-EXEC: bro misc/loaded-scripts foo >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff loaded_scripts.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff loaded_scripts.log
|
||||
|
||||
print "Foo loaded";
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@
|
|||
# @TEST-EXEC: echo 'print "oops12345";' >dontloadmebro.bro
|
||||
# @TEST-EXEC: bro %INPUT misc/loaded-scripts dontloadmebro > output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff loaded_scripts.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff loaded_scripts.log
|
||||
|
||||
@unload dontloadmebro
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ event bro_init()
|
|||
redef peer_description = "events-rcv";
|
||||
|
||||
redef Communication::nodes += {
|
||||
["foo"] = [$host = 127.0.0.1, $events = /http_.*/, $connect=T, $ssl=T]
|
||||
["foo"] = [$host = 127.0.0.1, $events = /http_.*|signature_match/, $connect=T, $ssl=T]
|
||||
};
|
||||
|
||||
redef ssl_ca_certificate = "../ca_cert.pem";
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ event bro_init()
|
|||
redef peer_description = "events-rcv";
|
||||
|
||||
redef Communication::nodes += {
|
||||
["foo"] = [$host = 127.0.0.1, $events = /http_.*/, $connect=T]
|
||||
["foo"] = [$host = 127.0.0.1, $events = /http_.*|signature_match/, $connect=T]
|
||||
};
|
||||
|
||||
event remote_connection_closed(p: event_peer)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# @TEST-EXEC: bro %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
|
||||
|
||||
event bro_script_loaded(path: string, level: count)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue