Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
2306 commits 388 branches 195 tags 268 MiB
Commit graph

6 commits

Author SHA1 Message Date
Jon Siwek
064c5dddb8 Fix for IP tunnel UID persistence. 2012-04-27 10:28:46 -05:00
Jon Siwek
44c4d41d0d Add summary documentation to tunnels/main.bro. 2012-04-26 12:53:20 -05:00
Jon Siwek
b8e1604ab5 Make tunnels always identifiable by UID, tunnel.log now gets populated. 
conn.log now sets a field indicating all the parent tunnel UIDs over
which a connection operated and cross reference the UIDs found in
the tunnel.log.

Also some renaming of tunnel related types at the scripting layer.
 2012-04-26 12:29:59 -05:00
Seth Hall
2a79fe95ec Another tunneling checkpoint. 
- AYIYA works.
  - AYIYA analyzed connections are still labelled wrong in conn.log (logged as syslog)
- Some clean up for left over code.
- Small refactoring to pass packets back from analyzers to core.
- $uid is now optional in conn logs since ip-in-ip tunnel parent's
  won't have an actual connection.
 2012-04-24 01:05:35 -04:00
Seth Hall
e2da969415 Return of Robin's old SOCKS analyzer/decapsulator and tunnel code checkpoint. 
- More discussion is needed to figure out how to integrate the SOCKS analyzer best.

- Tunnels framework now logs for the SOCKS analyzer.
 2012-04-21 23:50:09 -04:00
Seth Hall
69ab13c88f Added some scripts for a tunnels framework. 
- The AYIYA analyzer is now enabled on it's default port.
 2012-04-21 15:10:30 -04:00