Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/etyp/redis-analyzer'

Browse source 
* origin/topic/etyp/redis-analyzer:
  spicy-redis: Add NEWS entry
  spicy-redis: Separate error replies from success
  spicy-redis: Cleanup scripts and tests
  spciy-redis: Bring Redis analyzer into Zeek proper
  spicy-redis: Abort parsing if server data comes first
  spicy-redis: Add recursion depth to server data
  spicy-redis: Make client data only accept bulk strings
  spicy-redis: Add dpd signature and clean pcaps
  spicy-redis: Add some commands and touch up parsing
  spicy-redis: Add some script logic for logging
  spicy-redis: Separate client/server
  spicy-redis: Touchup logging and Spicy issues
  spicy-redis: Add synchronization and pipeline support
  spicy-redis: Begin Spicy Redis analyzer
This commit is contained in:
Evan Typanski 2025-05-27 10:18:49 -04:00
commit 9f2fb47f48
71 changed files with 2747 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

41
CHANGES
View file

@ -1,3 +1,44 @@
8.0.0-dev.227 | 2025-05-27 10:18:49 -0400
* spicy-redis: Separate error replies from success (Evan Typanski, Corelight)
* spicy-redis: Cleanup scripts and tests (Evan Typanski, Corelight)
- Recomputes checksums for pcaps to keep clean
- Removes some tests that had big pcaps or weren't necessary
- Cleans up scripting names and minor points
- Comments out Spicy code that causes a build failure now with a TODO to
uncomment it
* spciy-redis: Bring Redis analyzer into Zeek proper (Evan Typanski, Corelight)
* spicy-redis: Abort parsing if server data comes first (Evan Typanski, Corelight)
Redis seems to only want client data first to request server data. The
DPD signature seems to pick up on some cases where server data comes
first, but is otherwise "valid" RESP. See if this helps lower FP rates.
* spicy-redis: Add recursion depth to server data (Evan Typanski, Corelight)
* spicy-redis: Make client data only accept bulk strings (Evan Typanski, Corelight)
* spicy-redis: Add dpd signature and clean pcaps (Evan Typanski, Corelight)
* spicy-redis: Add some commands and touch up parsing (Evan Typanski, Corelight)
* spicy-redis: Add some script logic for logging (Evan Typanski, Corelight)
* spicy-redis: Separate client/server (Evan Typanski, Corelight)
This makes the parser more official and splits the client/server out
from each other.
* spicy-redis: Touchup logging and Spicy issues (Evan Typanski, Corelight)
* spicy-redis: Add synchronization and pipeline support (Evan Typanski, Corelight)
* spicy-redis: Begin Spicy Redis analyzer (Evan Typanski, Corelight)
8.0.0-dev.209 | 2025-05-26 16:08:44 +0200
* btest: Add test for Cluster::hello zero-timestamp (Arne Welzel, Corelight)