Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
10798 commits 387 branches 195 tags 259 MiB
Commit graph

10798 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
9af6c183d2 Updating baselines for recent commits. 2011-10-06 19:04:26 -07:00
Robin Sommer
ea3dffa83c Fixing non-portable regexp match in test. 
Also adding site/ to scripts excluded from bare mode check.
 2011-10-06 19:04:03 -07:00
Robin Sommer
90d2136fd1 Filtering some potentially high-volume DNS weirds. 2011-10-06 18:10:15 -07:00
Robin Sommer
6fe2b2c0f3 DNS now raises DPD events. 
Closes #577.
 2011-10-06 17:53:03 -07:00
Robin Sommer
b790856a40 Fixing a bunch of compiler warnings. 2011-10-06 17:46:47 -07:00
Robin Sommer
f1ae48ea53 Remote logs are auto-flushed if the last write was longer than a 
second ago. Addresses #498.
 2011-10-06 17:40:35 -07:00
Robin Sommer
83ff7b65a6 Fix missing from previous MIME commit. 2011-10-06 17:30:07 -07:00
Robin Sommer
2b9e5bbe7e Updating submodule(s). 2011-10-06 17:24:12 -07:00
Robin Sommer
7e5254ee2f Merge remote-tracking branch 'origin/topic/jsiwek/comphash-func-determinism2' 
Closes #636.

* origin/topic/jsiwek/comphash-func-determinism2:
  Make CompHash computation/recovery for functions deterministic
 2011-10-06 17:07:32 -07:00
Robin Sommer
60b43a417e Removing unnecessary load. 2011-10-06 16:56:40 -07:00
Robin Sommer
63e4ee3d81 Small tweak to make double formatting match what we had before. 2011-10-06 16:54:38 -07:00
Robin Sommer
7acbb8776d Merge branch 'master' of /home/robin/bro/master-linux 2011-10-06 16:14:49 -07:00
Robin Sommer
9e673e1298 Optimizing some MIME code. 2011-10-06 16:11:08 -07:00
Robin Sommer
8aaccf1c95 Logging speed improvements. 
We now use Google's replacement functions for slow printf-based
num-to-ascii conversion.
 2011-10-06 15:55:45 -07:00
Jon Siwek
1cc675e30f Make CompHash computation/recovery for functions deterministic 
Functions are now assigned a unique integer on construction which
CompositeHash can base hashes on.  Recovery then just involves
looking up the function pointer associated with that unique number.
 2011-10-06 14:29:03 -05:00
Robin Sommer
dd13b9b0f4 Merge branch 'master' of ssh://git.bro-ids.org/bro 
Conflicts:
	scripts/base/protocols/http/main.bro
 2011-10-05 17:24:05 -07:00
Robin Sommer
3ecd872291 Updating submodule(s). 2011-10-05 17:19:22 -07:00
Robin Sommer
cde3eedb48 Updating submodule(s). 2011-10-05 17:18:51 -07:00
Robin Sommer
d660eb89cd Cleaning up some distribution files. 2011-10-05 17:18:25 -07:00
Robin Sommer
fe77d385e0 Merge remote-tracking branch 'origin/topic/jsiwek/broctl-tweaks' 
* origin/topic/jsiwek/broctl-tweaks:
  Consolidating some node-specific functionality from scripts in broctl repo.
 2011-10-05 16:54:39 -07:00
Robin Sommer
25fe7e91db Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add check for optional HTTP::Info status_code.
  Changing some external testing scripts.

Conflicts:
	scripts/base/protocols/http/main.bro
 2011-10-05 16:24:33 -07:00
Jon Siwek
88e089864b Consolidating some node-specific functionality from scripts in broctl repo. 2011-10-05 16:33:40 -05:00
Seth Hall
0e4fecdfe4 HTTP bug fix reported by Martin. 2011-10-05 09:35:19 -04:00
Seth Hall
13ab46e793 Updating files for tests. 
- All but scripts.base.frameworks.notice.suppression-disable
  pass for me now.
 2011-10-04 23:50:52 -04:00
Seth Hall
26290bb56c More script tuning 
- Moved some of the weird events back to the base/ directory.

- Fixed more bugs with SSL certificate handling.
 2011-10-04 17:06:45 -04:00
Jon Siwek
c9a540b992 Add check for optional HTTP::Info status_code. 2011-10-04 14:27:51 -05:00
Jon Siwek
f09813ccfb Merge branch 'master' into fastpath 2011-10-04 14:25:48 -05:00
Seth Hall
dc47203cd7 Fixing the SSL analysis crashes differently. 2011-10-04 14:40:49 -04:00
Seth Hall
a649be6d9e Bug fix and style updates. 2011-10-04 14:36:31 -04:00
Seth Hall
5a45c246e5 Updates for known-certs. 
- Fixed a crash.

- Made some other small style updates.
 2011-10-04 14:32:11 -04:00
Seth Hall
5a04190ffe More adjustment to reduce Weird volumes. 
- New script extracted from weird.bro to implement the
  connection related "weird" data into an optionally
  loaded script.

- Adjusted the default notice tuning to stop ignoring
  the connection related weirds since they aren't loaded
  by default anymore.
 2011-10-04 13:58:55 -04:00
Seth Hall
04a9a0dc38 Fixed an error when calculating x509 certificate hashes (reported by Martin Holste). 2011-10-04 13:19:11 -04:00
Seth Hall
aa9fdf38bb Clean up to cluster framework to make event handling clearer. 
- Fixed a bug where notices were being passed to proxies.
  This was a mistake and should greatly reduce load on
  many clusters.

- Cluster event regex variables renamed to:
  - Notice::manager2worker_events
  - Notice::manager2proxy_events
  - Notice::worker2manager_events
  - Notice::worker2proxy_events
  - Notice::proxy2manager_events
  - Notice::proxy2worker_events

- The default Notice::policy set is cleared for all cluster
  nodes except for managers to cause all default notice
  processing to occur on managers.  This should reduce load
  on workers slightly.
 2011-10-04 11:57:50 -04:00
Jon Siwek
357341c887 Changing some external testing scripts. 
- The absolute path canonifier was overzealously canonifying relevant
  log fields, so it's no longer generally applied to diffing all
  baselines.  I don't think there's any logs that require local
  filesystem path names that aren't already tested by a unit test,
  but if any show up in the future, they can be canonified on a
  case-by-case basis.

- Removed some logs from being diff'd in the diff-all script
  because they're either already covered by a unit test
  (load_scripts.log) or because of difficulty/maintainenance
  tradeoff (prof.log).

Baselines for the external bro-testing repo still need updating.
 2011-10-04 10:51:41 -05:00
Jon Siwek
870bdf796d Fix some of the coverage unit tests. 2011-10-03 16:57:29 -05:00
Seth Hall
549661bd11 Updates to improve SSL scripts. 
- Certificate validation volume has been greatly cut down by
  caching results.

- Cert hashing is now done in one place instead of being repeated
  everywhere a cert hash was needed.

- Some small cleanups for notice suppression that should greatly reduce
  duplicate notice volume about invalid certificates.
 2011-10-03 13:58:42 -04:00
Seth Hall
e6a3dbfb5d Fixed a bug in the notice framework. 
- The notice alarm shorthand PolicyItem wasn't actually setting the action.
 2011-10-03 10:45:37 -04:00
Seth Hall
be30dde827 Bug fix for FTP analysis script. 2011-10-03 00:06:05 -04:00
Robin Sommer
804687fb45 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-09-30 07:20:21 -07:00
Robin Sommer
94fb2be253 Another fix the for 1xx script code. 2011-09-30 07:19:58 -07:00
Jon Siwek
8099640bc3 Fix the way HTTP tests were checking for weirds 2011-09-30 08:21:33 -05:00
Jon Siwek
71dc6b6de3 Fixing unit tests. 2011-09-30 07:53:23 -05:00
Robin Sommer
91ed9ffa8f Fixing a bunch of memory leaks. 
Courtesy of perftools. Most are not really relevant but cleanup  the
perftools output. There was a big one in the logging code as well
though.
 2011-09-29 22:53:07 -07:00
Robin Sommer
221d1663be Merge branch 'master' of ssh://git.bro-ids.org/bro 
Conflicts:
	scripts/base/protocols/http/main.bro
 2011-09-29 18:54:50 -07:00
Seth Hall
c0f8b5160c Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-09-29 21:25:11 -04:00
Seth Hall
012d8cfc5f Fix for shutdown bug in http scripts. 
- The bug was introduced with the recent 1xx update.

- I updated some tests that seemed be written wrong.
 2011-09-29 21:25:00 -04:00
Robin Sommer
f7521ad222 Fixing occasional HTTP crash with new 1xx code. 
Sometimes the status_code field isn't set. Adding check for that, hope
that's all that needed.
 2011-09-29 16:18:25 -07:00
Robin Sommer
a87cc2f5dd Updating submodule(s). 2011-09-29 15:37:01 -07:00
Robin Sommer
2252e9d90b Fixing two memory leaks. 2011-09-29 15:28:41 -07:00
Seth Hall
36dbaa5b92 Loaded scripts is indented with spaces now and makes more sense to look at. 
- Updated a test to make it pass again.
 2011-09-29 15:53:54 -04:00