Merge remote-tracking branch 'origin/topic/seth/zeek_init'

* origin/topic/seth/zeek_init: Some more testing fixes. Update docs and tests for bro_(init|done) -> zeek_(init|done) Implement the zeek_init handler.
2025-10-02 14:48:21 +00:00 · 2019-04-19 11:16:35 -07:00 · 2019-04-19 11:16:35 -07:00 · a994be9eeb
commit a994be9eeb
parent 9421ee0293 9d676d368b
628 changed files with 868 additions and 1082 deletions
--- a/scripts/policy/protocols/ssl/heartbleed.zeek
+++ b/scripts/policy/protocols/ssl/heartbleed.zeek
@ -45,7 +45,7 @@ type min_length: record {
 global min_lengths: vector of min_length = vector();
 global min_lengths_tls11: vector of min_length = vector();

-event bro_init()
+event zeek_init()
 	{
 	# Minimum length a heartbeat packet must have for different cipher suites.
 	# Note - tls 1.1f and 1.0 have different lengths :(
--- a/scripts/policy/protocols/ssl/known-certs.zeek
+++ b/scripts/policy/protocols/ssl/known-certs.zeek
@ -72,7 +72,7 @@ export {
 	global log_known_certs: event(rec: CertsInfo);
 }

-event bro_init()
+event zeek_init()
 	{
 	if ( ! Known::use_cert_store )
 		return;
@ -193,7 +193,7 @@ event ssl_established(c: connection) &priority=3
 	event Known::cert_found(info, hash);
 	}

-event bro_init() &priority=5
+event zeek_init() &priority=5
 	{
 	Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs, $path="known_certs"]);
 	}
--- a/scripts/policy/protocols/ssl/log-hostcerts-only.zeek
+++ b/scripts/policy/protocols/ssl/log-hostcerts-only.zeek
@ -31,7 +31,7 @@ function host_certs_only(rec: X509::Info): bool
 	return rec$logcert;
 	}

-event bro_init() &priority=2
+event zeek_init() &priority=2
 	{
 	local f = Log::get_filter(X509::LOG, "default");
 	Log::remove_filter(X509::LOG, "default"); # disable default logging
--- a/scripts/policy/protocols/ssl/validate-certs.zeek
+++ b/scripts/policy/protocols/ssl/validate-certs.zeek
@ -62,7 +62,7 @@ export {
 global intermediate_cache: table[string] of vector of opaque of x509;

@if ( Cluster::is_enabled() )
-event bro_init()
+event zeek_init()
 	{
 	Broker::auto_publish(Cluster::worker_topic, SSL::intermediate_add);
 	Broker::auto_publish(Cluster::manager_topic, SSL::new_intermediate);
--- a/scripts/policy/protocols/ssl/validate-sct.zeek
+++ b/scripts/policy/protocols/ssl/validate-sct.zeek
@ -69,7 +69,7 @@ export {
 global recently_validated_scts: table[string] of bool = table()
 	&read_expire=5mins &redef;

-event bro_init()
+event zeek_init()
 	{
 	Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
 	}