Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
10798 commits 388 branches 195 tags 264 MiB
Commit graph

10798 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bernhard Amann
b4e6971aab Add regular debugging output for interesting operations (stream/filter operations) to input framework (this was way overdue) 2012-03-14 14:45:53 -07:00
Robin Sommer
d2b59b1cb8 Merge branch 'topic/jsiwek/ipv6-ext-headers' of ssh://git.bro-ids.org/bro into topic/jsiwek/ipv6-ext-headers 
Conflicts:
	src/Sessions.cc
 2012-03-14 13:50:39 -07:00
Jon Siwek
94864da465 Update documentation for new syntax of IPv6 literals. 2012-03-14 15:25:08 -05:00
Jon Siwek
b859230be6 Merge branch 'master' into fastpath 2012-03-14 15:07:29 -05:00
Bernhard Amann
c3d2f1d5fc Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads 2012-03-14 12:28:53 -07:00
Daniel Thayer
cea52fbccb Merge remote-tracking branch 'origin/master' into topic/icmp6 2012-03-14 11:29:29 -05:00
Robin Sommer
159733f481 Updating submodule(s). 
[nomail]
 2012-03-14 08:42:36 -07:00
Jon Siwek
5312a904ab Fix ipv6_ext_headers event and add routing0_data_to_addrs BIF. 
Also add unit tests for ipv6_ext_headers and esp_packet events.
 2012-03-14 10:31:08 -05:00
Jon Siwek
7af14ec1fe Remove the default "tcp or udp or icmp" filter. 
In default mode, Bro would load the packet filter script framework
which installs a filter that allows all packets, but in bare mode
(the -b option), this old filter would not follow IPv6 protocol
chains and thus filter out packets with extension headers.
 2012-03-14 10:00:48 -05:00
Julien Sentier
a4f8b2ccbe Changing the regular expression to allow Site::local_nets in signatures 
Previous commit closes #792.
 2012-03-13 16:16:55 -07:00
Robin Sommer
cba160c8ac Removing a line of dead code. 
Found by Julien Sentier.

Closes #786.
 2012-03-13 16:14:05 -07:00
Robin Sommer
11fdb5edce Updating submodule(s). 
[nomail]
 2012-03-13 16:11:36 -07:00
Robin Sommer
9dd63acaa3 Updating baseline. 
Is that a platform-specific difference?
 2012-03-13 16:10:42 -07:00
Robin Sommer
b4239de4a3 Updating NEWS. 
Previous commit closes #796.
 2012-03-13 15:40:34 -07:00
Robin Sommer
d8d7dd4d53 Merge remote-tracking branch 'origin/topic/jsiwek/ipv6-literals' 
* origin/topic/jsiwek/ipv6-literals:
  Change IPv6 literal constant syntax to require encasing square brackets
 2012-03-13 15:33:43 -07:00
Robin Sommer
79948c7974 Merge remote-tracking branch 'origin/topic/jsiwek/ipv6-ext-headers' 
* origin/topic/jsiwek/ipv6-ext-headers:
  Update PacketFilter/Discarder code for IP version independence.
  Add a few comments to IP.h
  Fix some IPv6 header related bugs.
  Add IPv6 fragment reassembly.
  Add handling for IPv6 extension header chains (addresses #531)
 2012-03-13 15:25:18 -07:00
Robin Sommer
e83714e178 Merge branch 'master' into topic/jsiwek/ipv6-ext-headers 2012-03-13 15:25:05 -07:00
Robin Sommer
c78a391635 Merge remote-tracking branch 'origin/topic/jsiwek/remove-match' 
* origin/topic/jsiwek/remove-match:
  Remove the match expression (addressed #753).
 2012-03-13 14:55:40 -07:00
Robin Sommer
5b2b03c6f7 Merge remote-tracking branch 'origin/fastpath' 2012-03-13 14:55:30 -07:00
Jon Siwek
bf3f184a01 Change IPv6 literal constant syntax to require encasing square brackets 
This is to avoid ambiguity between compressed hex notation and
module namespacing, both which use "::". E.g.: "aaaa::bbbb" could
be an identifier or an IPv6 address, but "[aaaa::bbbb]" is now
clearly the address.

Also added IPv6 mixed notation to allow an IPv4 dotted-decimal
address to be specified in the lower 32-bits.
 2012-03-13 13:47:07 -05:00
Jon Siwek
e74cbbf774 Add unit test for IPv6 fragment reassembly. 2012-03-12 15:26:51 -05:00
Bernhard Amann
92555badd4 cleanup, more sanity tests, a little bit more documentation 2012-03-11 20:43:26 -07:00
Bernhard Amann
faf5c95752 a couple of small fixes ( default values, all null lines) 2012-03-11 19:41:41 -07:00
Robin Sommer
8eaf40ec18 Reverting accidental commit. 
Thanks, Seth!
 2012-03-08 20:24:12 -08:00
Robin Sommer
f0682bb01a Merge branch 'topic/robin/log-threads' of ssh://git.bro-ids.org/bro into topic/robin/log-threads 2012-03-08 20:24:02 -08:00
Robin Sommer
51009b73bc Finetuning communication CPU usage. 2012-03-08 18:13:17 -08:00
Robin Sommer
1bdd0a5b6b Merge branch 'topic/robin/log-threads' of ssh://git.bro-ids.org/bro into topic/robin/log-threads 2012-03-08 17:42:31 -08:00
Robin Sommer
0208dd2844 Merge remote branch 'origin/master' into topic/robin/log-threads 2012-03-08 17:35:58 -08:00
Robin Sommer
83038d78e0 Adding new leak tests involving remote logging. 2012-03-08 17:35:58 -08:00
Robin Sommer
bf14bd91d7 Removing some no longer needed checks. 2012-03-08 17:30:18 -08:00
Robin Sommer
c0678e7e1f Fixing problem logging remotely when local logging was turned off. 
For that, moved the remote logging from the Manager to the
WriterFrontend. That also simplifies the Manager a bit.
 2012-03-08 17:30:18 -08:00
Jon Siwek
0b32c980bf Update PacketFilter/Discarder code for IP version independence. 
The signatures of script-layer functions 'discarder_check_ip',
'discarder_check_tcp', 'discarder_check_udp', and 'discarder_check_icmp'
were changed to use the more general 'pkt_hdr' type as a parameter
instead of individual header types.
 2012-03-08 13:12:04 -06:00
Bernhard Amann
cd78005d09 Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads 2012-03-07 13:43:48 -08:00
Bernhard Amann
b31230d429 Merge remote-tracking branch 'origin/topic/robin/log-threads' into topic/bernhard/input-threads 2012-03-07 13:43:27 -08:00
Bernhard Amann
7076c64a5e Merge remote-tracking branch 'origin/topic/robin/log-threads' into topic/bernhard/input-threads 
(and move a little bit of functionality from ascii reader to backend)

Conflicts:
	src/threading/Manager.cc
 2012-03-07 13:42:49 -08:00
Jon Siwek
76ef36e048 Add a few comments to IP.h 2012-03-07 14:17:56 -06:00
Jon Siwek
65307764f4 Fix some IPv6 header related bugs. 
- IPv6 payload length calculation didn't count main 40 byte IPv6 header.
- Fix how IPv6 headers that use TLV options are built.
- Fix ip6_hdr_chain$ext_order starting index at 1 instead of 0.
 2012-03-07 12:40:01 -06:00
Jon Siwek
9d590456b0 Add IPv6 fragment reassembly. 2012-03-06 16:08:28 -06:00
Robin Sommer
1811391cff Merge remote-tracking branch 'origin/topic/jsiwek/coverage-tweaks' 2012-03-05 16:53:09 -08:00
Robin Sommer
d8d567980c Merge remote-tracking branch 'origin/master' into fastpath 2012-03-05 16:52:29 -08:00
Jon Siwek
a0e07018f4 Merge branch 'master' into topic/jsiwek/ipv6-ext-headers 2012-03-05 09:31:53 -06:00
Jon Siwek
eb9f686bb2 Add handling for IPv6 extension header chains (addresses #531) 
- The script-layer 'pkt_hdr' type is extended with a new 'ip6' field
  representing the full IPv6 header chain.

- The 'new_packet' event is now raised for IPv6 packets (addresses #523)

- A new event called 'ipv6_ext_header' is raised for any IPv6 packet
  containing extension headers.

- A new event called 'esp_packet' is raised for any packets using ESP
  ('new_packet' and 'ipv6_ext_header' events provide connection info,
  but that info can't be provided here since the upper-layer payload
  is encrypted).

- The 'unknown_protocol' weird is now raised more reliably when Bro
  sees a transport protocol or IPv6 extension header it can't handle.
  (addresses #522)

Still need to do IPv6 fragment reassembly and needs more testing.
 2012-03-02 20:20:57 -06:00
Daniel Thayer
9d1e51a91e More code cleanup 2012-03-02 13:52:45 -06:00
Jon Siwek
fef671e4a6 Fix a BRO_PROFILER_FILE/mkstemp portability issue. (addresses #794) 2012-03-02 12:40:25 -06:00
Daniel Thayer
6eb9f63e17 Add more icmpv6 events, and general code cleanup 2012-03-02 12:29:18 -06:00
Robin Sommer
035de0216e Merge remote-tracking branch 'origin/topic/jsiwek/coverage-tweaks' 
* origin/topic/jsiwek/coverage-tweaks:
  Changes to how script coverage integrates with test suites.

Closes #794.
 2012-03-02 09:36:11 -08:00
Daniel Thayer
e9728d82ab Merge remote-tracking branch 'origin/master' into topic/icmp6 2012-03-02 10:50:05 -06:00
Robin Sommer
fd13f01a24 Merge remote-tracking branch 'origin/master' into topic/robin/log-threads 2012-03-01 16:25:46 -08:00
Robin Sommer
554a29b3ed Preventing busy looping when no threads have been spawned. 2012-03-01 16:04:34 -08:00
Robin Sommer
6429d1248a Prevent manager from busy looping. 
I saw this with the new threading code but I'm wondering if it also
helps with the "high CPU usage with low traffiv volume" problem.
 2012-03-01 16:00:30 -08:00