Commit graph

9176 commits

Author SHA1 Message Date
Mauro Palumbo
8afa4616ff Extend File EA info to several items, minor fixes 2019-05-05 21:11:14 +02:00
Mauro Palumbo
9253357d4b minor fix 2019-05-05 18:29:22 +02:00
Mauro Palumbo
c90eec6b54 update master and merge into this branch 2019-05-05 16:46:41 +02:00
Jon Siwek
69eee058c1 Improve processing of broker data store responses
Now retrieves and processes all N available responses at once instead
of one-by-one-until-empty.  The later may be problematic from two
points: (1) hitting the shared queue/mailbox matching logic once per
response instead of once per Process() and (2) looping until empty is
not clearly bounded -- imagining a condition where there's a thread
trying to push a large influx of responses into the mailbox while at
the same time we're trying to take from it until it's empty.
2019-05-04 11:13:48 -07:00
Johanna Amann
ed644e39a0 Remove support for using &&/|| with patterns.
This was never documented and previously deprecated.
2019-05-03 15:26:21 -07:00
Johanna Amann
4c19e60488 Merge remote-tracking branch 'origin/master' into topic/johanna/remove-deprecated-functions-events 2019-05-03 15:15:22 -07:00
Johanna Amann
dcd6454530 Remove RemoteSerializer and related code/types.
Also removes broccoli from the source tree.
2019-05-03 15:00:13 -07:00
Jon Siwek
eda7610806 Fix sporadic openflow/broker test failure
Looked like a possible race condition in how the test was structured: an
endpoint sees its peer got lost and likewise exits immediately before
having a chance to process events the peer had sent just before exiting.
Fix is to reverse which endpoint initiates the termination sequence so
we can be sure we see the required events.
2019-05-03 11:22:56 -07:00
Jon Siwek
c640dd70cc Install local.zeek as symlink to pre-existing local.bro
This a convenience for those that are upgrading.  If we didn't do
this, then deployments can silently break until the user intervenes
since BroControl now prefers to load the initially-vanilla local.zeek
instead of the formerly-customized local.bro.
2019-05-02 23:06:52 -07:00
Jon Siwek
84ca12fdb4 Rename Zeexygen to Zeekygen 2019-05-02 21:39:21 -07:00
Jon Siwek
f2f06d66c0 Remove previously deprecated policy/protocols/smb/__load__ 2019-05-02 20:50:30 -07:00
Jon Siwek
1a77c1b287 Merge remote-tracking branch 'origin/topic/johanna/remove-deprecated-functions-events'
* origin/topic/johanna/remove-deprecated-functions-events:
  Remove deprecated functions/events
2019-05-02 19:18:45 -07:00
Johanna Amann
ca1b1dd6bb Remove PersistenceSerializer. 2019-05-02 13:45:36 -07:00
Johanna Amann
61c84a0a40 Remove synchrnized and persistent attributes.
Code that was used by them is still there.
2019-05-02 13:10:37 -07:00
Johanna Amann
6d47077222 Merge remote-tracking branch 'origin/topic/jsiwek/gh-340'
* origin/topic/jsiwek/gh-340:
  GH-340: Improve IPv4/IPv6 regexes, extraction, and validity functions
2019-05-02 12:28:31 -07:00
Johanna Amann
5d44735209 Remove deprecated functions/events
This commit removed functions/events that have been deprecated in Bro
2.6. It also removes the detection code that checks if the old
communication framework is used (since all the functions that are
checked were removed).

Addresses parts of GH-243
2019-05-02 12:06:39 -07:00
Jon Siwek
46799f7540 Fix timing out DNS lookups that were already resolved
This could happen in the case of making repeated lookup requests
for the same thing within a short period of time: cleaning up an
old request that already got resolved would mistakenly see a new,
yet-to-be-resolved request with identical host/addr and mistakenly
assume it's in need of being timed out.
2019-05-01 23:08:52 -07:00
Jon Siwek
fd11c63efe Remove an unhelpful/optimistic DNS_Mgr optimization
DNS_Mgr is always "idle", so Process() is always called when the
fd signals there's really something ready (except when flushing
at termination-time), so checking whether all pending request maps
are empty within Process() doesn't help much.  If they are empty,
but there's somehow something to pull off the socket, the main loop
is just going to keep trying to call Process() until it gets read
(which would be bad if it's preventing another IOSource from getting
real work done).
2019-05-01 22:55:43 -07:00
Jon Siwek
5bb2a6b1c0 Fix DNS_Mgr priority_queue usage
It was sorting by memory address stored in AsyncRequest pointers
rather than their actual timestamp.
2019-05-01 22:51:54 -07:00
Jon Siwek
5bccb44ad4 Remove dead code from DNS_Mgr 2019-05-01 22:50:47 -07:00
Jon Siwek
6db576195c Improve DNS_Mgr I/O loop: prevent starvation due to busy Broker 2019-05-01 22:46:10 -07:00
Jon Siwek
a8281ff9f9 Fix a ref counnting bug in DNS_Mgr 2019-05-01 22:42:41 -07:00
Robin Sommer
6a726afed9 Updating submodule. 2019-05-02 00:12:03 +00:00
Robin Sommer
789cb376fd GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.
This also installs symlinks from "zeek" and "bro-config" to a wrapper
script that prints a deprecation warning.

The btests pass, but this is still WIP. broctl renaming is still
missing.

#239
2019-05-01 21:43:45 +00:00
Jon Siwek
375b151a4b Update external pointer to zeek-testing repo 2019-05-01 14:18:05 -07:00
Johanna Amann
29d9b5b554 Merge remote-tracking branch 'origin/topic/jsiwek/plist-and-event-cleanup'
* origin/topic/jsiwek/plist-and-event-cleanup:
  Add comments to QueueEvent() and ConnectionEvent()
  Add methods to queue events without handler existence check
  Cleanup/improve PList usage and Event API
2019-05-01 08:41:13 -07:00
Jon Siwek
32473b85b0 Force the Broker IOSource to idle periodically
Previously, if there was always input in each Process() call, then
the Broker IOSource would never go idle and could completely starve
out a packet IOSource since it would always report readiness with
a timestamp value of the last known network_time (which prevents
selecting a packet IOSource for processing, due to incoming packets
likely having timestamps that are later).
2019-04-30 20:53:38 -07:00
Jon Siwek
c67da0a3cb Add comments to QueueEvent() and ConnectionEvent()
And also their "Fast" variants.
2019-04-29 19:21:18 -07:00
Jon Siwek
9a461d26e4 Updating CHANGES and VERSION. 2019-04-29 18:34:40 -07:00
Jon Siwek
f7c1cde7c7 Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var.
The later simply doesn't work well in conjunction with hostname
literals.  i.e. "google.com" (without quotes) needs to be resolved
to a set of addresses at parse-time, so if a user wishes to use a
custom resolver, we need that to be configured independently from
the order in which scripts get parsed.  Configuring 'dns_resolver'
via scripting "redef" is clearly dependent on parse order.

Note 'dns_resolver' hasn't been in any release version yet, so
I'm removing it outright, no deprecation.  The ZEEK_DNS_RESOLVER
environment variable now serves the original purpose.
2019-04-29 18:09:29 -07:00
Robin Sommer
b9dad02615 Reimplement copy().
The old implementation used the serialization framework, which is
going away. This is a new standalone implementation that should also
be quite a bit faster.

WIP: Not fully implemented and tested yet.
2019-04-29 16:52:01 -07:00
Johanna Amann
4dc6ac5382 Include all data of the server-hello random
Before we cut the first 4 bytes, which makes it impossible to recognize
several newer packets (like the hello retry).
2019-04-29 15:25:47 -04:00
Johanna Amann
27438644ae Merge remote-tracking branch 'origin/master' into topic/johanna/tls13-details 2019-04-29 13:03:12 -04:00
Jon Siwek
49908ac865 Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression 2019-04-26 19:29:40 -07:00
Jon Siwek
cc83b8ce8e Updating submodule(s).
[nomail]
2019-04-26 09:43:57 -07:00
Jon Siwek
a93e9317d5 Updating submodule(s).
[nomail]
2019-04-25 12:00:21 -07:00
Jon Siwek
05b4d2a26c Add Zeexygen cross-reference links for some events 2019-04-25 10:23:00 -07:00
Jon Siwek
4c6b35970d Merge remote-tracking branch 'origin/topic/vern/expose-TCP-statics'
* origin/topic/vern/expose-TCP-statics:
  expose some TCP analyzer utility functions for use by derived classes
2019-04-23 18:43:54 -07:00
Vern Paxson
85acdc14e4 expose some TCP analyzer utility functions for use by derived classes 2019-04-23 16:40:58 -07:00
Jon Siwek
aebcb1415d GH-234: rename Broxygen to Zeexygen along with roles/directives
* All "Broxygen" usages have been replaced in
  code, documentation, filenames, etc.

* Sphinx roles/directives like ":bro:see" are now ":zeek:see"

* The "--broxygen" command-line option is now "--zeexygen"
2019-04-22 19:45:50 -07:00
Johanna Amann
e85a016521 Parse pre-shared-key extension.
No documentation yet...
2019-04-22 23:02:39 +02:00
Johanna Amann
5ba46eaa71 update SSL consts from TLS 1.3 2019-04-22 22:57:45 +02:00
Jon Siwek
d5803d7047 Merge remote-tracking branch 'origin/topic/vern/content-gap-history'
* origin/topic/vern/content-gap-history:
  Refined state machine update placement to (1) properly deal with gaps capped by clean FIN handshakes, and (1) fix failure to detect split routing.
  added 'g' $history character for content gaps
2019-04-22 12:40:40 -07:00
Jon Siwek
f15c99c82e Updating submodule(s).
[nomail]
2019-04-22 11:19:52 -07:00
Vern Paxson
9c8ad11d92 Refined state machine update placement to (1) properly deal with gaps capped
by clean FIN handshakes, and (1) fix failure to detect split routing.

Fixed typo flagged by Pierre Lalet.
2019-04-22 09:13:23 -07:00
Jon Siwek
3ea34d6ea3 GH-236: Add zeek_script_loaded event, deprecate bro_script_loaded 2019-04-19 12:02:22 -07:00
Jon Siwek
a994be9eeb Merge remote-tracking branch 'origin/topic/seth/zeek_init'
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
2019-04-19 11:24:29 -07:00
Jon Siwek
7144661930 GH-340: Improve IPv4/IPv6 regexes, extraction, and validity functions
* is_valid_ip() is now implemented as a BIF instead of in
  base/utils/addrs

* The IPv4 and IPv6 regular expressions provided by base/utils/addrs
  have been improved/corrected (previously they could possibly match
  some invalid IPv4 decimals, or various "zero compressed" IPv6 strings
  with too many hextets)

* extract_ip_addresses() should give better results as a result of
  the above two points
2019-04-18 19:04:39 -07:00
Johanna Amann
9421ee0293 Merge branch 'topic/jsbarber/fix-topk-merge-core-dump' of https://github.com/jsbarber/bro
* 'topic/jsbarber/fix-topk-merge-core-dump' of https://github.com/jsbarber/bro:
  Prevent topk_merge from crashing when second argument is empty set
2019-04-18 09:36:48 +02:00
Jon Siwek
5f3e608b60 Fix unit test failures on case-insensitive file systems
The original casing mistake in the test only pops up now due to the
new .zeek over .bro file loading preference
2019-04-17 16:47:01 -07:00