Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

Author	SHA1	Message	Date
Tim Wojtulewicz	179e4903f1	CI: Avoid divide by zero error when generating coverage files	2024-05-20 17:02:53 -07:00
Tim Wojtulewicz	04c8a6bde7	Merge remote-tracking branch 'origin/topic/vern/smb-filtering' * origin/topic/vern/smb-filtering: Fix for suppressing SMB logging of previously-logged files	2024-05-20 15:54:19 -07:00
Vern Paxson	74bf453d6d	Fix for suppressing SMB logging of previously-logged files	2024-05-18 14:13:52 -07:00
Tim Wojtulewicz	1a0fffd714	Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' * origin/topic/bbannier/bump-spicy: Bump Spicy to latest dev snapshot	2024-05-17 08:56:45 -07:00
mvhensbergen	a4f73ee45f	Copy timestamp from file object In some cases, e.g. running zeek on short pcaps as opposed to continuous packet streams, network_time() may not equal the time that was used when generating the file object. This results in the pe.log entry having a different timestamp than its corresponding files.log entry which is strange as they refer to the exact same file.	2024-05-17 15:03:06 +02:00
Benjamin Bannier	8c27d0643f	Bump Spicy to latest dev snapshot	2024-05-17 13:33:34 +02:00
Tim Wojtulewicz	301d042ba7	CI: Disable coverage temporarily, broken with clang-18	2024-05-16 18:53:09 -07:00
Tim Wojtulewicz	87870f8345	Merge remote-tracking branch 'origin/topic/vern/zam-subnet-fix' * origin/topic/vern/zam-subnet-fix: Fix for ZAM inlining of nested function calls with the same parameter names Fixed ZAM logic error in canonicalizing specialized min/max instructions Fixed order-of-evaluation bug in ZAM Subnet-To-Addr instruction "-a zam" BTest baseline update reflecting recent Spicy baseline change	2024-05-16 11:09:33 -07:00
Tim Wojtulewicz	237f4c39a4	Merge branch 'topic/timw/no-spicy-head-on-releases' * topic/timw/no-spicy-head-on-releases: CI: Disable spicy_head task for release branches	2024-05-16 09:35:06 -07:00
Tim Wojtulewicz	381ad3d04e	CI: Disable spicy_head task for release branches	2024-05-16 09:34:43 -07:00
Tim Wojtulewicz	a4d7587bca	Merge remote-tracking branch 'origin/topic/timw/fix-coverage-build' * origin/topic/timw/fix-coverage-build: CI: Use llvm-cov-18 on Cirrus for building coverage data	2024-05-15 20:00:58 -07:00
Vern Paxson	9e5977f24e	Fix for ZAM inlining of nested function calls with the same parameter names	2024-05-15 17:32:13 -07:00
Vern Paxson	ca62898a11	Fixed ZAM logic error in canonicalizing specialized min/max instructions	2024-05-15 17:31:30 -07:00
Vern Paxson	5ce5bbdbaa	Fixed order-of-evaluation bug in ZAM Subnet-To-Addr instruction	2024-05-15 17:30:29 -07:00
Vern Paxson	39d2ba410e	"-a zam" BTest baseline update reflecting recent Spicy baseline change	2024-05-15 17:29:06 -07:00
Tim Wojtulewicz	2bde82ffa2	CI: Use llvm-cov-18 on Cirrus for building coverage data	2024-05-15 13:58:33 -07:00
Tim Wojtulewicz	f1c04fec4b	Merge remote-tracking branch 'origin/topic/timw/missing-lcov' * origin/topic/timw/missing-lcov: CI: Add missing lcov package to ubuntu 24 Dockerfile	2024-05-14 11:00:01 -07:00
Tim Wojtulewicz	d5707d606c	CI: Add missing lcov package to ubuntu 24 Dockerfile	2024-05-13 22:10:36 -07:00
Tim Wojtulewicz	8337b5f018	Merge remote-tracking branch 'origin/topic/timw/ubuntu-24-sanitizers' * origin/topic/timw/ubuntu-24-sanitizers: CI: Use clang-18 on Ubuntu 24 for sanitizers builds, enable TSan builds CI: Add clang-18 to Ubuntu 24.04 VM	2024-05-13 17:40:52 -07:00
Tim Wojtulewicz	cb8e99d739	CI: Use clang-18 on Ubuntu 24 for sanitizers builds, enable TSan builds	2024-05-13 17:40:26 -07:00
Tim Wojtulewicz	1a227659fa	CI: Add clang-18 to Ubuntu 24.04 VM	2024-05-13 17:40:26 -07:00
Robin Sommer	e5fa105a1f	Merge remote-tracking branch 'origin/topic/robin/spicy-gh-1657' * origin/topic/robin/spicy-gh-1657: Apply missing fix for https://github.com/zeek/spicy/pull/1723.	2024-05-13 16:39:15 +02:00
Robin Sommer	e02f04c6be	Apply missing fix for https://github.com/zeek/spicy/pull/1723 .	2024-05-13 15:29:14 +02:00
Robin Sommer	0edc115ffc	Merge remote-tracking branch 'origin/topic/robin/revert-deferred' Includes Spicy bump. * origin/topic/robin/revert-deferred: Spicy: Update for https://github.com/zeek/spicy/pull/1738.	2024-05-13 12:20:21 +02:00
Robin Sommer	747e26297b	Spicy: Update for https://github.com/zeek/spicy/pull/1738 .	2024-05-13 09:25:37 +02:00
Tim Wojtulewicz	a9649026ae	Merge remote-tracking branch 'origin/topic/timw/ci-ubuntu-24-lts' * origin/topic/timw/ci-ubuntu-24-lts: CI: Update asan and ubsan tasks to use Ubuntu 22.04 VM CI: Replace Ubuntu 23.10 with Ubuntu 24.04	2024-05-10 10:19:53 -07:00
Robin Sommer	82be6425e6	Merge remote-tracking branch 'origin/topic/robin/gh-3561-forward-to-udp' * origin/topic/robin/gh-3561-forward-to-udp: Update docs. Add explicit children life-cycle management method to analyzers. Spicy: Support UDP in Spicy's `protocol_*` runtime functions. Add method to analyzer to retrieve direct child by name. Extend PIA's `FirstPacket` API. Spicy: Prepare for supporting forwarding to protocols other than TCP.	2024-05-10 11:15:20 +02:00
Robin Sommer	4a63495b1d	Merge remote-tracking branch 'origin/topic/robin/gh-3725-service' * origin/topic/robin/gh-3725-service: Spicy: Fix service reporting for replaced analyzers. Fix include of private file in public header	2024-05-10 11:07:40 +02:00
Tim Wojtulewicz	7de30a4c80	CI: Update asan and ubsan tasks to use Ubuntu 22.04 VM	2024-05-08 17:23:17 -07:00
Tim Wojtulewicz	e72714410a	CI: Replace Ubuntu 23.10 with Ubuntu 24.04	2024-05-08 15:17:35 -07:00
Tim Wojtulewicz	0301d2eb22	Merge remote-tracking branch 'origin/topic/timw/update-zeekctl-zkg' * origin/topic/timw/update-zeekctl-zkg: Update package-manager submodule [nomail] Update zeekctl submodule [nomail]	2024-05-08 13:10:43 -07:00
Tim Wojtulewicz	b2e4fbe58d	Merge remote-tracking branch 'origin/topic/vern/gen-zam-multi-files' * origin/topic/vern/gen-zam-multi-files: enable ZAM operation specifications to reside in multiple files (not yet used)	2024-05-08 13:09:35 -07:00
Vern Paxson	1989dc5e5a	enable ZAM operation specifications to reside in multiple files (not yet used)	2024-05-08 12:50:49 -07:00
Tim Wojtulewicz	336ce01f73	Update package-manager submodule [nomail]	2024-05-08 12:22:31 -07:00
Tim Wojtulewicz	0de454b499	Update zeekctl submodule [nomail]	2024-05-08 12:22:17 -07:00
Tim Wojtulewicz	2c46d3139c	Merge remote-tracking branch 'origin/topic/timw/3417-packet-analysis-detail' * origin/topic/timw/3417-packet-analysis-detail: Move packet_analysis::Dispatcher to detail namespace	2024-05-08 09:55:16 -07:00
Robin Sommer	93a424b28a	Spicy: Fix service reporting for replaced analyzers. We accidentally applied analyzer mappings when looking up an analyzer's name from scriptland. Closes #3725.	2024-05-08 14:01:46 +02:00
Benjamin Bannier	4e6bbd9756	Fix include of private file in public header	2024-05-08 12:50:42 +02:00
Robin Sommer	2f78a93ee3	Update docs.	2024-05-08 08:50:06 +02:00
zeek-bot	8e06e1cad0	Update doc submodule [nomail] [skip ci]	2024-05-08 00:19:30 +00:00
Tim Wojtulewicz	554294bb84	Merge remote-tracking branch 'origin/topic/vern/ssh-half-duplex' * origin/topic/vern/ssh-half-duplex: make SSH analyzer robust to half-duplex connections	2024-05-07 12:02:43 -07:00
Vern Paxson	a0888b7e36	make SSH analyzer robust to half-duplex connections	2024-05-07 11:40:47 -07:00
Tim Wojtulewicz	29f5a49baf	Merge remote-tracking branch 'origin/topic/christian/private_address_clarification' * origin/topic/christian/private_address_clarification: Clarify membership in the Site::private_address_space prefix list. [skip ci]	2024-05-07 10:26:50 -07:00
Tim Wojtulewicz	d463141ded	Merge remote-tracking branch 'origin/topic/christian/fix-zeekygen-crash' * origin/topic/christian/fix-zeekygen-crash: Avoid segfault when generating Zeekygen docs on Zeek-internal identifiers. Add btest for Zeekygen docs extraction on identifiers defined by the Zeek core.	2024-05-07 10:26:19 -07:00
Robin Sommer	b4f68a2681	Add explicit children life-cycle management method to analyzers.	2024-05-07 18:19:47 +02:00
Robin Sommer	a2ae9c4b02	Spicy: Support UDP in Spicy's `protocol_*` runtime functions. This extends the ability to feed new payload back into Zeek's analyzer pipeline from TCP to now also UDP. Note: We don't extend this further to ICMP because the ICMP analyzer cannot be dynamically instantiated (Zeek aborts when trying so). As ICMP isn't very interesting from use-case perspective anyways, that seems fine. Closes #3561.	2024-05-07 18:19:46 +02:00
Robin Sommer	df3d50ea07	Add method to analyzer to retrieve direct child by name.	2024-05-07 18:19:46 +02:00
Robin Sommer	2ec44f098f	Extend PIA's `FirstPacket` API. `FirstPacket()` so far supported only TCP. To extend this to UDP, we move the method into the PIA base class; give it a protocol parameter for the case that there's no actual packet is available; and add the ability to create fake UDP packets as well, not just TCP. This whole thing is pretty ugly to begin with, and this doesn't make it nicer, but we need this extension that so we can feed UDP data into the signature engine that's tunneled over other protocols. Without the fake packets, DPD signatures in particular wouldn't have anything to match on.	2024-05-07 18:19:46 +02:00
Robin Sommer	8dd3debeae	Spicy: Prepare for supporting forwarding to protocols other than TCP. So far the Spicy runtime supported forwarding data into other analyzers only for TCP analyzers. This puts branching logic in place that let the relevant runtime functions dispatch differently based on the target transport-layer protocol. We don't implement anything else than TCP yet; that will come next. Along with the internal changes, this also updates the user-visible runtime function to pass protocol information in. For now, this likewise remains limited to TCP. The function signatures are chosen so that they stay backwards-compatible to previous Spicy version. In particular, they default to TCP where not otherwise specified.	2024-05-07 14:44:52 +02:00
Robin Sommer	9c1ecd205c	Updating CHANGES and VERSION, and bump Spicy and docs.	2024-05-07 10:03:17 +02:00

... 4 5 6 7 8 ...

16736 commits