Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6192 commits 387 branches 195 tags 259 MiB
Commit graph

6192 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
ffa254acd0 Merge remote-tracking branch 'origin/topic/seth/modbus_dpd_fix' 
* origin/topic/seth/modbus_dpd_fix:
  Call ProtocolConfirmed on modbus
 2015-06-19 14:08:13 -07:00
Robin Sommer
d54667803b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Put cmd-line options in alphabetical order
 2015-06-19 09:13:59 -07:00
Seth Hall
7d105935b1 Call ProtocolConfirmed on modbus 
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.

A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
 2015-06-19 07:00:38 -04:00
Daniel Thayer
6c812bd5d6 Put cmd-line options in alphabetical order 
Sorted cmd-line options in alphabetical order to make it easier to
add or remove options (or even to just check if they're listed
correctly in the source code).
 2015-06-18 12:39:46 -05:00
Jon Siwek
668f3e38ad Updating submodule(s). 
[nomail]
 2015-06-11 12:15:33 -05:00
Johanna Amann
af1a663410 Update submodule 
[nomail]
 2015-06-09 07:31:28 -07:00
Robin Sommer
94c3e32cfa Fixing tiny thing in NEWS. 2015-06-09 07:01:06 -07:00
Johanna Amann
8402ec3b1c Updating submodule(s) and tagging release. 2015-06-08 13:28:17 -07:00
Robin Sommer
582da62d04 Fix reporter errors with GridFTP traffic. 2015-06-08 09:42:06 -07:00
Robin Sommer
659de2b357 Updating submodule(s). 
[nomail]
 2015-06-07 20:59:24 -07:00
Robin Sommer
795a3b8ad8 PE Analyzer: Change how we calculate the rva_table size. 2015-06-06 08:21:27 -07:00
Jon Siwek
7de83e0cf0 Fix a unit test to check for Broker requirement. 2015-06-05 09:10:50 -05:00
Robin Sommer
74c83058e6 Test for Broker termination. 2015-06-04 14:48:58 -07:00
Robin Sommer
476a5dbc34 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1408' 
BIT-1408 #merged

* origin/topic/jsiwek/bit-1408:
  BIT-1408: improve I/O loop and Broker IOSource.
 2015-06-04 14:46:30 -07:00
Robin Sommer
45ccf3abda Updating submodule(s). 
[nomail]
 2015-06-03 09:03:27 -07:00
Jon Siwek
58ea1ff458 BIT-1408: improve I/O loop and Broker IOSource. 2015-06-03 08:25:49 -05:00
Jeff Barber
49ece39cb6 One more tinker to Packet -- ensure no uninitialized values 2015-06-02 16:37:23 -04:00
Jeff Barber
97ab422e17 Packet::IP()-created IP_Hdr should not free 2015-06-02 16:37:16 -04:00
Robin Sommer
a6618eb964 Merge branch 'master' of git.bro.org:bro 2015-06-02 10:37:31 -07:00
Seth Hall
217ccf6063 Add signature support for F4M files. 2015-06-02 12:48:53 -04:00
Robin Sommer
26d10d88d2 Merge remote-tracking branch 'origin/topic/dnthayer/doc-improvements-2.4' 
Lots of good stuff! Thanks for catchign the plugin doc inconsistencies!

* origin/topic/dnthayer/doc-improvements-2.4:
  Add missing documentation on the "Bro Package Index" page
  More improvements to the Logging Framework doc
  Fix documentation typo
  Update the "Log Files" documentation
  Add links in the logging framework doc
  Add a link to the bro-plugins documentation
  Update bro man page
  Update script language reference documentation
  Fix typos in the "writing bro plugins" doc
  Fix a "make doc" warning
  Improve logging framework doc
  Add link to broctl doc from the quickstart doc
  Update install documentation and fix some typos
  Minor improvements to logging framework documentation
  Correct a minor typo in the docs
 2015-06-02 09:44:51 -07:00
Robin Sommer
6791c9a81d Merge remote-tracking branch 'origin/topic/vladg/bit-1410' 
BIT-1410 #merged

* origin/topic/vladg/bit-1410:
  Add memleak btest for attachments over SMTP.
  BIT-1410: Add btest
  BIT-1410: Update baselines
  BIT-1410: Propagate is_orig to MIME_Mail
 2015-06-02 09:18:40 -07:00
Seth Hall
0eb345a25a Updating the Mozilla root certs. 2015-06-02 11:51:08 -04:00
Daniel Thayer
45caf8d2c1 Add missing documentation on the "Bro Package Index" page 2015-06-02 10:00:00 -05:00
Vlad Grigorescu
0a4604fe98 Add memleak btest for attachments over SMTP. 2015-06-01 21:14:52 -05:00
Vlad Grigorescu
847b16442b BIT-1410: Add btest 2015-06-01 20:49:04 -05:00
Vlad Grigorescu
05ea2d43c7 BIT-1410: Update baselines 2015-06-01 20:38:59 -05:00
Vlad Grigorescu
60d07f8483 BIT-1410: Propagate is_orig to MIME_Mail 2015-06-01 20:26:58 -05:00
Daniel Thayer
63aa61fcc9 More improvements to the Logging Framework doc 2015-06-01 16:36:44 -05:00
Daniel Thayer
7681263f91 Fix documentation typo 2015-06-01 14:29:03 -05:00
Daniel Thayer
4db9b8d792 Update the "Log Files" documentation 2015-06-01 14:26:09 -05:00
Seth Hall
097354a43f Updates for the urls.bro script. Fixes BIT-1404. 2015-06-01 11:38:26 -04:00
Daniel Thayer
4ddfe0ed83 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-improvements-2.4 2015-05-31 23:49:38 -05:00
Daniel Thayer
b6920ac188 Add links in the logging framework doc 
Added links to the log writers that are available as external plugins.
 2015-05-31 23:34:19 -05:00
Daniel Thayer
648d091b29 Add a link to the bro-plugins documentation 2015-05-31 23:17:59 -05:00
Daniel Thayer
6bd24780b5 Update bro man page 2015-05-31 23:04:30 -05:00
Daniel Thayer
d0e304de46 Update script language reference documentation 2015-05-30 01:35:55 -05:00
Daniel Thayer
260b25f20a Fix typos in the "writing bro plugins" doc 2015-05-30 00:18:04 -05:00
Daniel Thayer
24701f2678 Fix a "make doc" warning 
Also fixed some indentation.
 2015-05-29 14:38:50 -05:00
Jeff Barber
72fca3ee26 Make enums work for non-C++11 config 2015-05-29 10:37:43 -04:00
Jeff Barber
30fdc37479 Refactor to make bro use a common Packet object. 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
 2015-05-29 10:37:39 -04:00
Daniel Thayer
7cf04c9f3a Improve logging framework doc 
Reorganized the content to be easier to follow, added a few more examples,
fixed some ugly formatting (removed scrollbars that make the examples
difficult to read).
 2015-05-28 17:52:32 -05:00
Robin Sommer
2b1cd66f17 Updating CHANGES and VERSION. 2015-05-28 13:37:52 -07:00
Robin Sommer
fbf40090a8 Updating submodule(s). 
[nomail]
 2015-05-28 13:20:44 -07:00
Robin Sommer
0a9b768e46 Updating submodule(s). 
[nomail]
 2015-05-28 12:15:48 -07:00
Robin Sommer
d9ef8c36c9 Updating submodule(s). 
[nomail]
 2015-05-28 12:02:26 -07:00
Robin Sommer
a3290d194c Fix segfault when DNS is not available. 
Based on patch by Frank Meier.

BIT-1387 #merged
 2015-05-28 11:52:54 -07:00
Yun Zheng Hu
2aa214d835 BIT-1314: Added QI test for rexmit_inconsistency 2015-05-28 12:12:22 +02:00
Yun Zheng Hu
b386b2ba51 BIT-1314: Add detection for Quantum Insert attacks 
TCP_Reassembler can now keep a history of old TCP segments using the
`tcp_max_old_segments` option. A value of zero will disable it.

An overlapping segment with different data can indicate a possible
TCP injection attack. The rexmit_inconsistency event will fire if this
is the case.
 2015-05-28 12:11:06 +02:00
Daniel Thayer
e02ad1711c Add link to broctl doc from the quickstart doc 2015-05-27 16:23:02 -05:00