Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6192 commits 385 branches 195 tags 262 MiB
Commit graph

6192 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
88165ad72c Merge remote-tracking branch 'origin/topic/johanna/bit-1199' 
* origin/topic/johanna/bit-1199:
  add a basic leak test for an unparseable enum
  Change the way the input framework deals with values it cannot convert into BroVals (especially enums)
  Make error message when encountering not existing enums better.

BIT-1199: #merged
 2015-03-23 10:25:43 -07:00
Robin Sommer
9999bce142 Merge remote-tracking branch 'origin/topic/jsiwek/bit-788' 
* origin/topic/jsiwek/bit-788:
  BIT-788: use DNS QR field to better identify flow direction.

BIT-788 #merged
 2015-03-23 10:08:02 -07:00
Robin Sommer
6c6873b668 Merge remote-tracking branch 'origin/topic/jsiwek/bit-342' 
* origin/topic/jsiwek/bit-342:
  BIT-342: add "icmp_sent_payload" event.

BIT-342 #merged.
 2015-03-23 10:04:07 -07:00
Jon Siwek
0b6e225758 Updating submodule(s). 
[nomail]
 2015-03-23 10:43:00 -05:00
Jon Siwek
4e5a3c8eb9 Updating submodule(s). 
[nomail]
 2015-03-23 10:04:47 -05:00
Jon Siwek
cf3abfb1c7 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Correct a spelling error
  When setting the SSL analyzer to fail, also stop processing data that already has been delivered to the analyzer, not just future data.
 2015-03-23 09:50:15 -05:00
Jon Siwek
739b295611 Improve documentation of 'for' loop iterator invalidation. 
BIT-978 #close
 2015-03-20 16:29:10 -05:00
Jon Siwek
df60015333 Remove "unmatched_HTTP_reply" weird. 
BIT-725 #close
 2015-03-20 11:13:50 -05:00
Jon Siwek
792dedf718 Updating submodule(s). 
[nomail]
 2015-03-20 10:46:25 -05:00
Jon Siwek
0a7afab740 Add unit test to catch breaking changes to local.bro 
BIT-1207 #close
 2015-03-20 10:34:34 -05:00
Vlad Grigorescu
a119247dd3 SSH: Ignore encrypted packets by default. 2015-03-19 21:43:44 -04:00
Vlad Grigorescu
f33e26242c SSH: Fix some edge-cases which created BinPAC exceptions 2015-03-19 21:43:07 -04:00
Vlad Grigorescu
e2134d3cb9 SIP: Fix up DPD and the TCP analyzer a bit. 2015-03-19 19:57:05 -04:00
Johanna Amann
8d4708300f fix failing sqlite leak test 2015-03-19 16:15:52 -07:00
Johanna Amann
1f33dd0c38 add a basic leak test for an unparseable enum 2015-03-19 15:59:49 -07:00
Johanna Amann
c27848fc32 Change the way the input framework deals with values it cannot convert 
into BroVals (especially enums)

Not we do not force an internal error anymore. Instead, we raise an
normal error and set an error flag that signals to the top-level
functions that the value could not be converted and should not be
propagated to the Bro core. This sadly makes the already messy code even
more messy - but since errors can happen in deeply nested data
structures, the alternative (catching the error at every possible
location and then trying to clean up there instead of recursively
deleting the data that cannot be used later) is much worse.

Addresses BIT-1199
 2015-03-19 14:58:38 -07:00
Daniel Thayer
8841d0ae77 Minor improvements to logging framework documentation 2015-03-19 16:01:28 -05:00
Jon Siwek
186e67ec1d Allow logging filters to inherit default path from stream. 
This allows the path for the default filter to be specified explicitly
when creating a stream and reduces the need to rely on the default path
function to magically supply the path.

The default path function is now only used if, when a filter is added to
a stream, it has neither a path nor a path function already.

Adapted the existing Log::create_stream calls to explicitly specify a
path value.

Addresses BIT-1324
 2015-03-19 14:49:55 -05:00
Jon Siwek
4c00729104 Tune parameters related to TCP initial window. 
Increase default values of "tcp_max_above_hole_without_any_acks" and
"tcp_max_initial_window" from 4096 to 16384 bytes.

BIT-1255 #close
 2015-03-19 13:23:55 -05:00
Jon Siwek
6ebd80a8b4 BIT-849: turn SMTP reporter warnings into weirds. 
The new weirds are named "smtp_nested_mail_transaction" and
"smtp_unmatched_end_of_data".

BIT-849 #close
 2015-03-19 12:18:37 -05:00
Jon Siwek
8efaae96cd BIT-788: use DNS QR field to better identify flow direction. 2015-03-19 11:53:40 -05:00
Seth Hall
3956df4407 Merge remote-tracking branch 'origin/topic/vladg/rrsig' 
* origin/topic/vladg/rrsig:
  DNS: Log the type number for the DNS_RR_unknown_type weird.
 2015-03-18 22:51:37 -04:00
Daniel Thayer
eec7f77913 Correct a spelling error 2015-03-18 16:39:06 -05:00
Daniel Thayer
9aa5cdc53a Merge remote-tracking branch 'origin/master' into fastpath 2015-03-18 16:33:32 -05:00
Jon Siwek
981be3b670 BIT-342: add "icmp_sent_payload" event. 2015-03-18 16:16:24 -05:00
Johanna Amann
443106dbdb a few more small script-level fixes 
Sorry, forgot to commit these.
 2015-03-18 13:26:46 -07:00
Johanna Amann
e180403e76 update test baselines 2015-03-18 12:56:02 -07:00
Johanna Amann
5f557849a6 add a simple leak test for dtls 2015-03-18 12:48:22 -07:00
Vlad Grigorescu
1ea5463037 Merge remote-tracking branch 'origin/master' into topic/vladg/sip 2015-03-18 15:44:09 -04:00
Johanna Amann
28e6aa9561 Merge remote-tracking branch 'origin/master' into topic/johanna/dtls 2015-03-18 12:25:39 -07:00
Johanna Amann
58ed2eb9ae add signature for dtls client hello 2015-03-18 11:58:46 -07:00
Johanna Amann
90bc5add6e Make the plugin structure more... legal. 2015-03-18 11:15:18 -07:00
Vlad Grigorescu
01e5de8234 DNS: Log the type number for the DNS_RR_unknown_type weird. 2015-03-18 13:31:12 -04:00
Vlad Grigorescu
29f78cf90f SSH: Add memleak btest 2015-03-18 13:04:44 -04:00
Vlad Grigorescu
be6188bf00 SSH: Update baselines 2015-03-18 13:02:33 -04:00
Vlad Grigorescu
61c94d1809 SSH: Added some more events for SSH2 2015-03-18 12:52:46 -04:00
Aaron Eppert
2d98a64831 Merge branch 'master' of https://github.com/bro/bro into develop 2015-03-18 12:08:54 -04:00
Robin Sommer
567073ac09 Updating submodule(s). 
[nomail]
 2015-03-18 08:46:56 -07:00
Aaron Eppert
2088928fb6 A fatal error, especially in DEBUG, should result in a core. 
This issue is especially helpful in the case of the Val::CONVERTER error and having:

"fatal error in <no location>: Val::CONVERTER ..."

Nebulous error and sans location, it is extremely hard to figure out the culprit. Thus, if Bro is built DEBUG, fatal should provide a core.

This subtle change prevents having to change FatalErrors to FatalErrorWithCore everywhere.
 2015-03-18 11:15:38 -04:00
Aaron Eppert
e3cc7aa48f Seems to fix a case where an entry in the table may be null on insert. 
#0  0x0000000000713b87 in Dictionary::Insert (this=0x1339840, new_entry=0xb18a9d0, copy_key=0) at /root/psdev/bro/src/Dict.cc:419
#1  0x00000000007130b0 in Dictionary::Insert (this=0x1339840, key=0xa23f6d0, key_size=36, hash=658668102, val=0x67fde40, copy_key=0) at /root/psdev/bro/src/Dict.cc:158
#2  0x00000000006cb508 in Dictionary::Insert (this=0x1339840, key=0x7ffff4ba81b0, val=0x67fde40) at /root/psdev/bro/src/Dict.h:47

(gdb) print *this
$59 = {_vptr.Dictionary = 0xaf7810, tbl = 0x215b400, num_buckets = 1347, num_entries = 3879, max_num_entries = 4042, den_thresh = 3, thresh_entries = 4041, tbl2 = 0x1afcc9e0,
  num_buckets2 = 2695, num_entries2 = 181, max_num_entries2 = 181, den_thresh2 = 3, thresh_entries2 = 8085, tbl_next_ind = 60, order = 0x133bfb0, delete_func = 0,
  cookies = {<BaseList> = {entry = 0x133d790, chunk_size = 10, max_entries = 10, num_entries = 0}, <No data fields>}}

(gdb) print *tbl
$60 = (DictEntryPList *) 0x0
 2015-03-18 00:28:19 -04:00
Robin Sommer
d3afe97f83 Splitting test-all target into Bro tests and test-aux. 
Also making failure of one sub-suite non-fatal.
 2015-03-17 15:57:28 -07:00
Robin Sommer
468e7bbce2 Increasing a test timeout to not fail on slower machines. 2015-03-17 15:41:14 -07:00
Robin Sommer
b0e066d3e0 Merge remote-tracking branch 'origin/topic/johanna/cert-validation' 
* origin/topic/johanna/cert-validation:
  add x509 canonifiers to test to not make it fail on differing openssl versions.
 2015-03-17 15:29:47 -07:00
Johanna Amann
d236643894 Make error message when encountering not existing enums better. 
Example:
internal error: Value not 'NoSuch::Notice' for stream 'ignored_notices' is not a valid enum.
Abort trap: 6

Addresses BIT-1199
 2015-03-17 13:45:00 -07:00
Johanna Amann
e291ccc14a add x509 canonifiers to test to not make it fail on differing openssl 
versions.
 2015-03-17 12:51:57 -07:00
Vlad Grigorescu
092a78d14b Merge remote-tracking branch 'origin/master' into topic/vladg/ssh 2015-03-17 12:36:30 -04:00
Vlad Grigorescu
0cffee7694 SSH: Intel framework integration (PUBKEY_HASH) 2015-03-17 12:33:09 -04:00
Robin Sommer
e3be3c9e02 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1305' 
* origin/topic/jsiwek/bit-1305:
  Deprecate &rotate_interval, &rotate_size, &encrypt, &mergeable.

BIT-1305 #merged
 2015-03-17 09:24:13 -07:00
Robin Sommer
1ec4243ea8 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1077' 
* origin/topic/jsiwek/bit-1077:
  BIT-1077: fix HTTP::log_server_header_names.

BIT-1077 #merged
 2015-03-17 09:12:55 -07:00
Robin Sommer
0cfe431f15 Merge remote-tracking branch 'origin/topic/johanna/cert-validation' 
* origin/topic/johanna/cert-validation:
  and still use the hash for notice suppression.
  add knob to revert to old validation behavior
  Update certificate validation script - new version will cache valid intermediate chains that it encounters on the wire and use those to try to validate chains that might be missing intermediate certificates.

BIT-1332 #merged
 2015-03-17 09:09:54 -07:00