Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' into topic/jsiwek/reorg-followup

Browse source
This commit is contained in:
Jon Siwek 2011-08-16 09:52:05 -05:00
commit e37430ef66
5 changed files with 30 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
aux/broctl

@ -1 +1 @@
Subproject commit c39622855e3c3a5cc94c7376f86184ed1db1939a Subproject commit ad8dfaba0c0c784060aa6f0c5e1fcf62244b1a51

10
scripts/policy/protocols/http/detect-sqli.bro
View file

@ -39,13 +39,13 @@ export {
event bro_init() event bro_init()
{ {
Metrics::add_filter(SQL_ATTACKS, [$log=T, Metrics::add_filter(SQL_ATTACKS, [$log=F,
$break_interval=1mins, $break_interval=5mins,
$note=SQL_Injection_Attacker]); $note=SQL_Injection_Attacker]);
Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=T, Metrics::add_filter(SQL_ATTACKS_AGAINST, [$log=F,
$break_interval=1mins, $break_interval=5mins,
$note=SQL_Injection_Attack, $note=SQL_Injection_Attack,
$notice_thresholds=vector(10,100)]); $notice_threshold=50]);
} }
event http_request(c: connection, method: string, original_URI: string, event http_request(c: connection, method: string, original_URI: string,

31
src/DNS_Mgr.cc
View file

@ -360,7 +360,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode)
nb_dns = nb_dns_init(err); nb_dns = nb_dns_init(err);
if ( ! nb_dns ) if ( ! nb_dns )
reporter->Warning(fmt("problem initializing NB-DNS: %s", err)); reporter->Warning("problem initializing NB-DNS: %s", err);
dns_mapping_valid = dns_mapping_unverified = dns_mapping_new_name = dns_mapping_valid = dns_mapping_unverified = dns_mapping_new_name =
dns_mapping_lost_name = dns_mapping_name_changed = dns_mapping_lost_name = dns_mapping_name_changed =
@ -447,7 +447,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name)
return d->Addrs()->ConvertToSet(); return d->Addrs()->ConvertToSet();
else else
{ {
reporter->Warning("no such host:", name); reporter->Warning("no such host: %s", name);
return empty_addr_set(); return empty_addr_set();
} }
} }
@ -460,7 +460,7 @@ TableVal* DNS_Mgr::LookupHost(const char* name)
return empty_addr_set(); return empty_addr_set();
case DNS_FORCE: case DNS_FORCE:
reporter->InternalError("can't find DNS entry for %s in cache", name); reporter->FatalError("can't find DNS entry for %s in cache", name);
return 0; return 0;
case DNS_DEFAULT: case DNS_DEFAULT:
@ -490,7 +490,7 @@ Val* DNS_Mgr::LookupAddr(uint32 addr)
return d->Host(); return d->Host();
else else
{ {
reporter->Warning("can't resolve IP address:", dotted_addr(addr)); reporter->Warning("can't resolve IP address: %s", dotted_addr(addr));
return new StringVal(dotted_addr(addr)); return new StringVal(dotted_addr(addr));
} }
} }
@ -503,7 +503,7 @@ Val* DNS_Mgr::LookupAddr(uint32 addr)
return new StringVal("<none>"); return new StringVal("<none>");
case DNS_FORCE: case DNS_FORCE:
reporter->InternalError("can't find DNS entry for %s in cache", reporter->FatalError("can't find DNS entry for %s in cache",
dotted_addr(addr)); dotted_addr(addr));
return 0; return 0;
@ -574,7 +574,7 @@ void DNS_Mgr::Resolve()
struct nb_dns_result r; struct nb_dns_result r;
status = nb_dns_activity(nb_dns, &r, err); status = nb_dns_activity(nb_dns, &r, err);
if ( status < 0 ) if ( status < 0 )
reporter->InternalError( reporter->Warning(
"NB-DNS error in DNS_Mgr::WaitForReplies (%s)", "NB-DNS error in DNS_Mgr::WaitForReplies (%s)",
err); err);
else if ( status > 0 ) else if ( status > 0 )
@ -823,7 +823,7 @@ void DNS_Mgr::LoadCache(FILE* f)
} }
if ( ! m->NoMapping() ) if ( ! m->NoMapping() )
reporter->InternalError("DNS cache corrupted"); reporter->FatalError("DNS cache corrupted");
delete m; delete m;
fclose(f); fclose(f);
@ -958,7 +958,7 @@ void DNS_Mgr::IssueAsyncRequests()
if ( ! dr->MakeRequest(nb_dns) ) if ( ! dr->MakeRequest(nb_dns) )
{ {
reporter->Error("can't issue DNS request"); reporter->Warning("can't issue DNS request");
req->Timeout(); req->Timeout();
continue; continue;
} }
@ -1095,7 +1095,10 @@ int DNS_Mgr::AnswerAvailable(int timeout)
{ {
int fd = nb_dns_fd(nb_dns); int fd = nb_dns_fd(nb_dns);
if ( fd < 0 ) if ( fd < 0 )
reporter->InternalError("nb_dns_fd() failed in DNS_Mgr::WaitForReplies"); {
reporter->Warning("nb_dns_fd() failed in DNS_Mgr::WaitForReplies");
return -1;
}
fd_set read_fds; fd_set read_fds;
@ -1110,13 +1113,17 @@ int DNS_Mgr::AnswerAvailable(int timeout)
if ( status < 0 ) if ( status < 0 )
{ {
if ( errno == EINTR ) if ( errno != EINTR )
reporter->Warning("problem with DNS select");
return -1; return -1;
reporter->InternalError("problem with DNS select");
} }
if ( status > 1 ) if ( status > 1 )
reporter->InternalError("strange return from DNS select"); {
reporter->Warning("strange return from DNS select");
return -1;
}
return status; return status;
} }

5
src/DNS_Mgr.h
View file

@ -100,8 +100,9 @@ protected:
void LoadCache(FILE* f); void LoadCache(FILE* f);
void Save(FILE* f, PDict(DNS_Mapping)& m); void Save(FILE* f, PDict(DNS_Mapping)& m);
// Selects on the fd to see if there is an answer available (timeout is // Selects on the fd to see if there is an answer available (timeout
// secs). Returns 0 on timeout, -1 on EINTR, and 1 if answer is ready. // is secs). Returns 0 on timeout, -1 on EINTR or other error, and 1
// if answer is ready.
int AnswerAvailable(int timeout); int AnswerAvailable(int timeout);
// Issue as many queued async requests as slots are available. // Issue as many queued async requests as slots are available.

4
src/Expr.cc
View file

@ -5022,13 +5022,11 @@ Val* ListExpr::InitVal(const BroType* t, Val* aggr) const
Expr* e = exprs[i]; Expr* e = exprs[i];
check_and_promote_expr(e, vec->Type()->AsVectorType()->YieldType()); check_and_promote_expr(e, vec->Type()->AsVectorType()->YieldType());
Val* v = e->Eval(0); Val* v = e->Eval(0);
if ( ! vec->Assign(i, v->RefCnt() == 1 ? v->Ref() : v, e) ) if ( ! vec->Assign(i, v, e) )
{ {
e->Error(fmt("type mismatch at index %d", i)); e->Error(fmt("type mismatch at index %d", i));
return 0; return 0;
} }
Unref(v);
} }
return aggr; return aggr;