Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11363 commits 390 branches 197 tags 281 MiB
Commit graph

229 commits

Author SHA1 Message Date
Tim Wojtulewicz
4962986df1 Remove GET_FIELD_AS macro, replace with template methods 2021-01-14 11:58:59 -07:00
Tim Wojtulewicz
a94fcad957 Add templated As() method to Val, use in various places we were using dynamic_cast 2021-01-14 11:58:59 -07:00
Vern Paxson
7f92a573d2 Remove BroValUnion by hoisting underlying Val subclass values into subclasses 2021-01-14 11:58:59 -07:00
Tim Wojtulewicz
e27008ef26 GH-1184: Add 'source' field to weird log denoting where the weird was reported 2020-12-01 09:34:37 -07:00
Tim Wojtulewicz
5589484f26 Fix includes of bif.h and _pac.h files to use full paths inside build directory 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
b3eb63c48a GH-1186: Remove Packet::hdr_size and uses of it. 
This change also removes Packet::IP(), since Packet now contains an ip_hdr member
that points at the IP header if it exists.
 2020-11-09 10:49:57 -07:00
Tim Wojtulewicz
e70f578621 Merge remote-tracking branch 'origin/topic/timw/coverity' 
* origin/topic/timw/coverity:
  Fix a couple of Coverity findings (1433618, 1433619)
 2020-10-21 11:06:39 -07:00
Tim Wojtulewicz
ce2b00fe83 Fix a couple of Coverity findings (1433618, 1433619) 2020-10-21 10:53:34 -07:00
Jon Siwek
924a24ad2b Merge remote-tracking branch 'origin/topic/timw/packet-length-checks' into master 
* origin/topic/timw/packet-length-checks:
  Add length checks for IP header values before parsing TCP/UDP
 2020-10-19 18:58:19 -07:00
Tim Wojtulewicz
e7f62de51b Add length checks for IP header values before parsing TCP/UDP 2020-10-19 12:30:55 -07:00
Tim Wojtulewicz
a99b540e46 Rework Sessions::Weird 2020-10-15 13:03:11 -07:00
Tim Wojtulewicz
ecd970ffde Store packet's ip header as unique_ptr 2020-10-15 12:49:08 -07:00
Tim Wojtulewicz
41dcd0cde0 Use shared_ptr for encapsulation data instead of raw pointer 2020-10-15 12:49:05 -07:00
Tim Wojtulewicz
afdc08085f Move packet dumping to packet_mgr 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
8ece1cf484 Make Sessions::NextPacket call packet_mgr, fix fuzzer code to do the same 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Tim Wojtulewicz
69da2d7b1d Prep work for IP changes 
- Move all of the time handling code out of PktSrc into RunState
- Call packet_mgr->ProcessPacket() from various places to setup layer 2 data in packets
 2020-10-15 12:12:07 -07:00
Jon Siwek
d070709c57 Switch one's complement checksum implementation 
Borrows the `in_cksum` code from tcpdump, which borrowed from FreeBSD.
It handles unaligned data better and also unrolls the inner loop to
process 16 two-byte values at a time versus 2 one-byte values at a time
in the previous version.  Generally measured as ~1.5x faster in a
release build.  The new API should generally be more amenable to any
future optimization explorations since all relevant data blocks are
available within a single call rather than spread across multiple.
 2020-09-24 09:41:15 -07:00
Jan Grashoefer
1658b8dc84 Fix handling of session analysis. 
This reverts commit 0e51be18ac59d7a176f18780f1f8df85561449b9.
 2020-09-23 11:13:29 -07:00
Tim Wojtulewicz
6a0bd63756 Fix Sessions::DoNextPacket to ignore ARP packets and not report weirds for them 2020-09-23 11:13:29 -07:00
Jan Grashoefer
8d834a1d89 Packet analysis cleanup. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
38337d799b Improve packet analysis data flow. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
24babf096e Move ARP analysis into packet analyzer. 2020-09-23 11:13:28 -07:00
Peter Oettig
b2e6c9ac9a Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
Tim Wojtulewicz
fe0c22c789 Base: Clean up explicit uses of namespaces in places where they're not necessary. 
This commit covers all of the common and base classes.
 2020-08-24 12:07:00 -07:00
Tim Wojtulewicz
0ac3fafe13 Move zeek::net namespace to zeek::run_state namespace. 
This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
a34e632eef Move NetVar from zeek to zeek::detail namespace 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
8d2d867a65 Move everything in util.h to zeek::util namespace. 
This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_.
 2020-08-20 16:00:33 -07:00
Tim Wojtulewicz
e7c6d51ae7 Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
914ffcadae Move arp, tcp, udp, pia, and stepping stone analyzers 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
0355d13099 Move reassembler code to namespaces 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
e3ee1860b8 Move Session code to namespaces 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
fdcb2760b2 Move Stats and related classes to zeek::detail 2020-07-31 16:25:53 -04:00
Tim Wojtulewicz
c9ab1f93e7 Move a few low-use classes to namespaces 2020-07-31 16:25:47 -04:00
Tim Wojtulewicz
93948b4d19 Move all of the Packet-related classes to namespaces 2020-07-31 16:23:34 -04:00
Tim Wojtulewicz
45b5a98420 Move EventMgr, EventHandler, and EventRegistry code to zeek namespace. Rename mgr to event_mgr. 2020-07-31 16:23:32 -04:00
Tim Wojtulewicz
1c17700c48 Move Timer and PriorityQueue classes to namespaces 2020-07-31 16:23:02 -04:00
Tim Wojtulewicz
bfab224d7c Move Reporter to zeek namespace 2020-07-31 16:22:41 -04:00
Tim Wojtulewicz
25c0fc7ab2 Move IP Addr/Prefix/Header classes into namespaces 2020-07-31 16:22:04 -04:00
Tim Wojtulewicz
9400b863ea Move all base analyzer classes to zeek::analyzer namespace 2020-07-31 16:21:46 -04:00
Tim Wojtulewicz
64332ca22c Move all Val classes to the zeek namespaces 2020-06-30 20:48:09 -07:00
Tim Wojtulewicz
ec9eff0bd5 Use type aliases for IntrusivePtr definitions 2020-06-30 20:37:30 -07:00
Tim Wojtulewicz
9364e6a5b7 Move IntrusivePtr and utility methods to the zeek namespace 2020-06-30 20:19:12 -07:00
Jon Siwek
d4f3cad7d1 Merge remote-tracking branch 'origin/topic/timw/266-namespaces' 
Merge adjustments:

- Preserved original `base_type_no_ref` argument type as ::TypeTag
- Removed superfluous #pragma guard around deprecated TableVal ctor
- Clarify NEWS regarding MetaHook{Pre,Post} deprecations
- Simplify some `::zeek::` qualifications to just `zeek::`
- Prefixed FORWARD_DECLARE_NAMESPACED macro with ZEEK_

* origin/topic/timw/266-namespaces:
  Disable some deprecation diagnostics for GCC
  Rename BroType to Type
  Update NEWS
  Review cleanup
  Move Type types to zeek namespace
  Move Flare/Pipe from the bro namespace to zeek::detail
  Move Attr to the zeek::detail namespace
  Move Trigger into the zeek::detail namespace
  Move ID to the zeek::detail namespace
  Move Anon.h into zeek::detail namespace
  Mark all of the aliased classes in plugin/Plugin.h deprecated, and fix all of the plugins that were using them
  Move all of the base plugin classes into the zeek::plugin namespace
  Expr: move all classes into zeek::detail
  Stmt: move Stmt classes into zeek::detail namespace
  Add utility macro for creating namespaced aliases for classes
 2020-06-11 23:20:51 -07:00
Tim Wojtulewicz
ed13972924 Move Type types to zeek namespace 2020-06-09 17:20:45 -07:00
Jon Siwek
3255930738 Merge remote-tracking branch 
* Prevent IP fragment reassembly on packets without minimal IP header
 2020-06-09 09:46:46 -07:00
Jon Siwek
377779bb2a Change BroValUnion to use IntrusivePtr for record field storage 
This also changes the AsRecord() and AsNonConstRecord() accessors
to return std::vector<IntrusivePtr<Val>>* instead of val_list*
 2020-05-19 17:15:13 -07:00
Jon Siwek
4debad8caf Switch zeek:🆔:lookup to zeek:🆔:find 
For parity with Scope since it now uses Find instead of Lookup
 2020-05-14 18:00:18 -07:00
Jon Siwek
0db5c920f2 Deprecate names in BifConst, replace with zeek::BifConst 
Some Val* types are also replaced with IntrusivePtr at the new location
 2020-05-14 17:26:00 -07:00