Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
16484 commits 387 branches 195 tags 267 MiB
Commit graph

244 commits

Author SHA1 Message Date
Tim Wojtulewicz
b6ab22e9fb Move adapter-specific code back into the adapter 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
1eed8b7f67 Move ICMP counterpart methods outside of ICMPAnalyzer class 
These were previously global methods in the old analyzer, and moving them
to be private members of ICMPAnalyzer broke the usage of them by at least
one external plugin.
 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
12d768d0d8 Remove obsolete Skipping()/SetSkip() from Connection 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
08fb5d76ee Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
4114bbebf0 Move TCPStateStats object out of session_mgr 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
9e1f6f95aa Move analyzer-to-port mapping out of analyzer::Manager into packet analyzers 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
d6c74373c7 Move packet parsing code out of adapter into analyzer 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
f6e31107e1 Move old TCP analyzer into analyzer adapter in packet analysis tree 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
0e34f2e02f Fix handling of IP packets with bogus IP header lengths 
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34711
(Link to details becomes public 30 days after patch release)
 2021-05-27 16:33:50 -07:00
Tim Wojtulewicz
5f57daf9d1 Ensure SessionAdapter members are initialized 
Fixes Coverity #1453273
 2021-05-26 10:53:08 -07:00
Tim Wojtulewicz
30ab914cd8 Move bad UDP checksum handling into adapter object 2021-05-18 15:19:12 -07:00
Tim Wojtulewicz
b22ce6848f Rename IPBasedTransportAnalyzer to SessionAdapter 
This also also combines the old TransportLayerAnalyzer class into
SessionAdapter, and removes the old class. This requires naming changes
in a few places but no functionality changes.
 2021-05-18 15:19:12 -07:00
Tim Wojtulewicz
c56fb3e8e4 Move building session analyzer tree out of analyzer::Manager 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
7dc803f7bb Rework the packet flow through the IP-based analyzers 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
c21af39a30 Add new UDP packet analyzer, remove old one 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
d8adfaef65 Add new ICMP packet analyzer, remove old one 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
c1f0d312b5 Add base class for IP-based packet analyzers 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
3e1692676d Move SessionManager::ParseIPPacket to IP analyzer's namespace 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0c3e3069d0 Added skeletons for TCP/UDP/ICMP packet analysis plugins. 
This includes integration into the IP plugin and calling of the sessions code from each plugin.
 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0b7ca5e7bc Remove Session prefix from some session-related classes and files 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
18c6aaaa33 Move session code into new directory and into zeek::session namespace 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
db1d753b35 Rename NetSessions to SessionManager 
This also includes:
- Deprecating the NetSessions name.
- Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name.
- Renaming Sessions.{h,cc} to SessionManager.{h,cc}.
 2021-04-29 10:24:45 -07:00
Tim Wojtulewicz
c752d76052 Move packet filter out of NetSessions 2021-04-29 10:24:45 -07:00
Tim Wojtulewicz
6c52fd502f GH-1493: Fix build with -DENABLE_MOBILE_IPV6 2021-04-07 13:44:18 -07:00
Tim Wojtulewicz
f53fb9a22e Merge remote-tracking branch 'olaldiko/master' 
* olaldiko/master:
  Add tests for ERSPAN Type I patch
  Add ERSPAN Type I patch
 2021-03-17 10:37:14 -07:00
Gorka Olalde Mendia
fcc866567c Add ERSPAN Type I patch 
Co-authored-by: Markel Elorza Alvarez <melorzaalvarez@gmail.com>
Co-authored-by: Ivan Arrizabalaga Cupido <ivanarrcup@gmail.com>
 2021-03-17 11:43:53 +01:00
Tim Wojtulewicz
5111b8e386 Fix comment in IP analyzer 2021-03-02 14:04:30 -07:00
Tim Wojtulewicz
4ad08172d0 Remove obsolete ZEEK_FORWARD_DECLARE_NAMESPACED macros 2021-02-24 14:35:44 -07:00
Jon Siwek
c27bf62217 Merge remote-tracking branch 'origin/topic/timw/1389-vntag' 
Merge adjustment: changed test case to use `zeek -b`

* origin/topic/timw/1389-vntag:
  GH-1389: Skip VN-Tag headers
 2021-02-03 11:22:13 -08:00
Jon Siwek
c44cbe1feb Prefix #includes of .bif.h files with zeek/ 
This enables locating the headers within the install-tree using the
dirs provided by `zeek-config --include_dir`.

To enable locating these headers within the build-tree, this change also
creates a 'build/src/include/zeek -> ..' symlink.
 2021-02-02 19:15:05 -08:00
Tim Wojtulewicz
f53448ccc9 GH-1389: Skip VN-Tag headers 2021-02-01 14:34:56 -07:00
Jon Siwek
8a8a983c49 Add missing zeek/ to header includes 
Related to https://github.com/zeek/zeek/pull/1377
 2021-01-29 19:16:29 -08:00
Tim Wojtulewicz
e27008ef26 GH-1184: Add 'source' field to weird log denoting where the weird was reported 2020-12-01 09:34:37 -07:00
Jon Siwek
fc114069b0 Merge remote-tracking branch 'origin/topic/jsiwek/unknown-protocol-options' 
* origin/topic/jsiwek/unknown-protocol-options:
  Move UnknownProtocol options to init-bare.zeek
  Coverity 1436183: Initialize packet_analysis::Manager fields
 2020-11-12 14:35:01 -08:00
Tim Wojtulewicz
5589484f26 Fix includes of bif.h and _pac.h files to use full paths inside build directory 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
133ab55c91 Remove unnecessary include of NetVar.h from packet analysis plugins 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Jon Siwek
89af6f2004 Move UnknownProtocol options to init-bare.zeek 
Otherwise the `unknown_protocol` event cannot be used independently
from `policy/mic/unknown-protocols.zeek`.
 2020-11-11 12:58:38 -08:00
Jon Siwek
49094688fd Coverity 1436183: Initialize packet_analysis::Manager fields 2020-11-11 12:58:02 -08:00
Tim Wojtulewicz
c3cf36e135 GH-1221: Add unknown_protocols.log for logging packet analyzer lookup failures 2020-11-09 20:37:26 -07:00
Tim Wojtulewicz
04dbc8e8be Remove now-unused Packet::l2_valid field 2020-11-09 10:49:57 -07:00
Tim Wojtulewicz
b3eb63c48a GH-1186: Remove Packet::hdr_size and uses of it. 
This change also removes Packet::IP(), since Packet now contains an ip_hdr member
that points at the IP header if it exists.
 2020-11-09 10:49:57 -07:00
Tim Wojtulewicz
3e16b5fde3 Add missing include to fix build on certain platforms 2020-11-02 22:01:20 +00:00
Tim Wojtulewicz
1f02bd5147 Use std::function instead of a function pointer in packet_analysis::Component 2020-11-02 13:05:05 -07:00
Tim Wojtulewicz
cd06bf34c7 GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches 2020-11-02 19:03:25 +00:00
Seth Hall
552a24e07c Add an option to ignore packets sourced from particular subnets. 
It's implemented with a new set[subnet] option named ignore_checksums_nets.

If you populate this set with subnets, any packet with a src address within
that set of subnets will not have it's checksum validated.
 2020-10-22 13:23:10 -04:00
Tim Wojtulewicz
ce2b00fe83 Fix a couple of Coverity findings (1433618, 1433619) 2020-10-21 10:53:34 -07:00
Tim Wojtulewicz
a19b018dc8 Add header length check to GRE packet analyzer 2020-10-19 10:58:10 -07:00
Tim Wojtulewicz
a99b540e46 Rework Sessions::Weird 2020-10-15 13:03:11 -07:00
Tim Wojtulewicz
ecd970ffde Store packet's ip header as unique_ptr 2020-10-15 12:49:08 -07:00