Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
10253 commits 387 branches 195 tags 259 MiB
Commit graph

2169 commits

Author SHA1 Message Date
Robin Sommer
525816b03d Merge remote-tracking branch 'origin/topic/hui/dnp3-udp' 
* origin/topic/hui/dnp3-udp:
  remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
  Renameing the DNP3 TCP analyzer
  quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
  Removing the debug printf in DNP3.cc
  fixed the bug of deciding the size of object 1 varition 1 in DNP3
  Fix some things in DNP3 UDP analyzer.
  changed a bug, but still not working
  modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
 2014-09-07 21:09:53 -07:00
Vlad Grigorescu
51373b0592 SSH: Misc. updates to the new analyzer. 2014-09-02 00:15:32 -04:00
Vlad Grigorescu
0a50688afc Move auth method detection into script-land, to make it easier to change. 2014-08-28 18:23:30 -04:00
Vlad Grigorescu
214e6b3ea9 Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes. 2014-08-26 22:26:42 -04:00
Hui Lin
81606e7ff4 Renameing the DNP3 TCP analyzer 2014-08-25 10:33:28 -05:00
Vlad Grigorescu
f93f2af748 Merge tag 'v2.3' into topic/vladg/sip 
Version tag

Conflicts:
	scripts/base/init-default.bro
 2014-08-22 19:25:43 -04:00
Hui Lin
fb21236661 quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header 2014-08-16 11:01:30 -05:00
Robin Sommer
996d118d68 Fixing tests. 2014-08-13 21:33:03 -07:00
Robin Sommer
58f3a715f2 Merge branch 'topic/robin/reader-writer-plugins' of git.bro.org:bro into topic/robin/reader-writer-plugins 
Conflicts:
	scripts/base/frameworks/logging/writers/dataseries.bro
 2014-08-08 18:36:09 -07:00
Robin Sommer
355314718b Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins 2014-08-08 18:32:45 -07:00
Robin Sommer
8737eae906 Move DataSeries and ElasticSearch into plugins. 2014-08-08 18:32:21 -07:00
Robin Sommer
8031da4ee7 More polishing of some of the branche's changes. 2014-08-08 18:32:05 -07:00
Vlad Grigorescu
250360eb55 Add support for more commands, and support quit 2014-08-08 13:53:16 -05:00
Vlad Grigorescu
1ceeafcb32 Redo the response handling.. 2014-08-08 13:46:12 -05:00
Jon Siwek
b83d4a9c84 Fix some things in DNP3 UDP analyzer. 
- DeliverPacket override had a wrong parameter.
- Change the DNP3 plugin to provide both UDP and TCP analyzer versions.
- Add a DPD signature.
 2014-08-06 15:41:53 -05:00
Johanna Amann
14d265482a add information about server chosen protocol to ssl.log, if provided by alpn. 
This is e.g. used to negotiate spdy or http/2
 2014-08-04 22:16:09 -07:00
Johanna Amann
026233d1f2 change SSL log to contain a boolean flag signaling if a session was resumed 
instead of the (usually not really that useful) session ID the client sent.
 2014-08-04 11:15:42 -07:00
Johanna Amann
fe60d5e9dd Split dhcp log writing from record creation. 
This allows users to customize dhcp.log by changing the record in their own
dhcp_ack event.
 2014-08-01 11:07:32 -07:00
Robin Sommer
ffd3d9d185 More polishing. 2014-07-31 15:08:45 -07:00
Robin Sommer
2b505b07c1 Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins 2014-07-31 10:10:39 -07:00
Jon Siwek
69b1ba653d Minor adjustments to plugin code/docs. 
Mostly whitespace/typos.
Moved some Plugin methods out from public access.
 2014-07-30 16:48:23 -05:00
Vlad Grigorescu
ca55d203cb Kerberos analyzer 2014-07-24 21:55:41 -04:00
Vlad Grigorescu
6a34de5dd8 SMB & NTLM analyzers. 2014-07-24 21:46:38 -04:00
Vlad Grigorescu
101d340b18 MySQL analyzer 2014-07-24 15:52:42 -04:00
Robin Sommer
c6e204fbe2 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
Conflicts:
	aux/btest
 2014-07-22 20:27:00 -07:00
Robin Sommer
48b251abd1 Merge branch 'topic/robin/dynamic-plugins-2.3' into topic/robin/reader-writer-plugins 2014-07-22 17:27:16 -07:00
Robin Sommer
9f0bc0fdf1 Starting to implement the proposed PACF API. 2014-07-22 03:57:05 +02:00
Robin Sommer
fa1ba06414 Merge remote-tracking branch 'origin/topic/hui/modbus-events' 
* origin/topic/hui/modbus-events:
  adding another trace file to test read and write coil function codes
  add/update test file and baseline result
  add implementation of bytestring_to_coils for modbusy analyzer
  adding a missing field in record ModbusHeaders
  add event handlers for modbus
 2014-07-22 01:03:48 +02:00
Robin Sommer
c9524757d2 Adding Files::register_for_mime_type() to associate a file analyzer 
with a MIME type.

Whenever that MIME is detected, Bro will now automatically activate
the analyzer. The interface mimics how well-known ports are defined
for protocol analyzers.

This isn't actually used by any existing file analyzer (because we
don't have any yet that target a specific file format), but there's a
test making sure it works.
 2014-07-21 16:31:22 +02:00
Robin Sommer
f4cbcb9b03 Converting log writers and input readers to plugins. 2014-07-20 19:17:58 +02:00
Robin Sommer
9616cd8e61 Further polishing and cleanup in preparation for merge. 2014-07-12 18:12:09 -07:00
Robin Sommer
aeb8e71e8c Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
Conflicts:
	aux/bro-aux
	aux/broccoli
 2014-07-10 20:11:52 -07:00
Robin Sommer
a7746afa0a Fixing DataSeries, which was using a now illegal value as default 
compression level.
 2014-07-10 14:50:15 -07:00
Vlad Grigorescu
d98b5b88b5 Parse PE section headers. 2014-06-22 07:18:12 -04:00
Vlad Grigorescu
8ffa81f390 Updated PE analyzer to work with changes in master. 2014-06-21 13:30:14 -04:00
Vlad Grigorescu
b91b0646b8 Merge remote-tracking branch 'origin/master' into topic/vladg/file-analysis-exe-analyzer 
Conflicts:
	scripts/base/init-default.bro
	src/file_analysis/analyzer/CMakeLists.txt
 2014-06-21 13:15:14 -04:00
Robin Sommer
ba7af428a7 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 2014-06-13 09:27:02 -07:00
Jon Siwek
86139fb8d2 Merge remote-tracking branch 'origin/topic/dnthayer/doc-fixes-for-2.3' 
* origin/topic/dnthayer/doc-fixes-for-2.3:
  Fix minor formatting issues in script docs
  Fix a broken link in the docs
  Update some info in the docs
  Removed a table from the scripting tutorial
  Update line numbers mentioned in scripting tutorial
  Update line numbers for a doc example
  Move scripting tutorial out of reference section

BIT-1205 #merged
 2014-06-12 12:22:08 -05:00
Daniel Thayer
5e23e57025 Fix minor formatting issues in script docs 2014-06-12 00:33:55 -05:00
Daniel Thayer
690ea30798 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-fixes-for-2.3 
Conflicts:
	doc/scripting/index.rst
 2014-06-11 23:20:31 -05:00
Jon Siwek
b4b64c1239 Merge remote-tracking branch 'origin/topic/robin/smtp-fix' 
* origin/topic/robin/smtp-fix:
  Fixing SMTP state tracking.

BIT-1203 #merged
 2014-06-11 15:38:29 -05:00
Robin Sommer
9301ef5a4f Fixing SMTP state tracking. 
This fixes the case that an SMTP session has multiple mails sent from
the originator but we miss the server's response (e.g., because we
don't see server side packets at all).
 2014-06-10 18:01:38 -07:00
Daniel Thayer
95c7128d71 Update some info in the docs 2014-06-07 12:31:32 -05:00
Bernhard Amann
67c0cc118d Add two more ssl events - one triggered for each handshake message and one 
triggered for the tls change cipherspec message.

Also - fix small bug. In case SSL::disable_analyzer_after_detection was set
to F, the ssl_established event would fire after each data packet after the
session is established.
 2014-06-06 12:50:54 -07:00
Bernhard Amann
85f5c05b95 add new TLS extension type numbers from IANA 2014-06-05 13:17:52 -07:00
Hui Lin
da261b4ca4 adding a missing field in record ModbusHeaders 2014-06-04 12:29:01 -05:00
Seth Hall
8d9940c8c3 Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
 2014-05-27 10:56:11 -04:00
Jon Siwek
7211d73ee6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  last ssl fixes - missed three more.
  and more tiny ssl script fixes
  a few more small fixes for chains containing broken certs.
  fix expression errors in x509 policy scrips when unparseable data is in certificate chain.
 2014-05-21 15:59:26 -05:00
Bernhard Amann
9a8fc7a47d and more tiny ssl script fixes 2014-05-21 11:16:24 -07:00
Bernhard Amann
ff00c0786a a few more small fixes for chains containing broken certs. 2014-05-21 11:01:33 -07:00