Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9176 commits 388 branches 195 tags 265 MiB
Commit graph

9176 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
ffe895a0f1 Update doc tests 2018-08-29 17:17:20 -05:00
Jon Siwek
fa7fa5aa2b Update unit test baseline for new BinPAC output 2018-08-29 14:59:35 -05:00
Jon Siwek
651ccd553c Updating submodule(s). 
[nomail]
 2018-08-29 14:56:26 -05:00
Jon Siwek
31d8391af0 Fix a routing loop in control framework 
A controllee now subscribes to a topic prefix based on their node ID
instead of the common control topic prefix.
 2018-08-28 19:50:53 -05:00
Jon Siwek
1dcead93bf Add Broker::forward() function 
This enables explicit forwarding of events matching a given topic
prefix.  Even if a receiving node has an event handler, it will not
be raised if the event was sent along a topic that matches a previous
call to Broker::forward().
 2018-08-28 19:42:22 -05:00
Johanna Amann
3c7c60cf64 Update NEWS for ssl changes. 
When merging, please replace commit number of change with the version
number that is assigned.
 2018-08-28 16:34:50 -07:00
Johanna Amann
fb95a7750e Allow event/function definitions to be wrapped in directives. 
This makes

@if (conditions)
event a(...)
@else
event b(...)
@endif

work, which threw an error in the past. This is useful when event
definition change in newer Bro version and code wants to accept both
kinds of events.
 2018-08-28 16:00:34 -07:00
Jon Siwek
850030822d Enable implicit Broker message forwarding by default 2018-08-28 16:50:41 -05:00
Johanna Amann
8d9408c795 CT List update - a few more logs. 2018-08-28 14:49:21 -07:00
Johanna Amann
b2b2bb1b30 Update certificate list to NSS 3.38 
Only one root CA removed - so this is a rather minor change.
 2018-08-28 14:44:35 -07:00
Jon Siwek
8db042a8c2 Remove Cluster::broadcast_topic 
As enabling Broker forwarding would cause routing loops with messages
sent to such a topic (one subscribed to on all nodes).
 2018-08-28 16:40:48 -05:00
Johanna Amann
4fd6cbd138 Merge remote-tracking branches 'origin/topic/dnthayer/ticket1963' and 'origin/topic/jsiwek/improve-input-reread' 
* origin/topic/dnthayer/ticket1963:
  Convert more redef-able constants to runtime options

* origin/topic/jsiwek/improve-input-reread:
  Improve input framework re-read logic
 2018-08-28 14:36:28 -07:00
Jon Siwek
2f1e81059b Remove Intel Broker topics, re-use existing Cluster topics 
And update broker docs to reflect best-practice/convention for
declaring new topics.
 2018-08-28 15:43:34 -05:00
Johanna Amann
23eb8096fc SSL: test updates for record_layer version 
Update the tests to also include the recently included record layer
fields.
 2018-08-28 11:02:20 -07:00
Daniel Thayer
bb313cb660 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1963 2018-08-27 19:39:45 -05:00
Daniel Thayer
9bfc01b705 Convert more redef-able constants to runtime options 2018-08-27 19:38:47 -05:00
Jon Siwek
1a75ef2abd Remove "relay" family of Broker functions 
Namely these are now removed:

    - Broker::relay
    - Broker::publish_and_relay
    - Cluster::relay_rr
    - Cluster::relay_hrw

The idea being that Broker may eventually implement the necessary
routing (plus load balancing) functionality.  For now, code that used
these should "manually" handle and re-publish events as needed.
 2018-08-27 16:49:35 -05:00
Johanna Amann
27d47314f7 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-27 09:25:40 -07:00
Johanna Amann
e055f9b36b Merge remote-tracking branch 'origin/topic/dnthayer/ticket1963' 
* origin/topic/dnthayer/ticket1963:
  Add a missing initializer to a runtime option
  Convert more redef-able constants to runtime options
 2018-08-24 18:05:34 -07:00
Johanna Amann
82cefd23c4 Fix base/misc/version.bro version parsing 
Turns out that base/misc/version.bro did not parse Bro versions
correctly in case the version is just 2.5-12 or similar. This commit
fixes this oversight and adds a few more small testcases.
 2018-08-24 17:25:16 -07:00
Johanna Amann
4b40b6ebe4 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-24 15:36:34 -07:00
Daniel Thayer
fd1a23ea66 Add a missing initializer to a runtime option 2018-08-24 17:03:02 -05:00
Daniel Thayer
8b0b7d3304 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1963 2018-08-24 16:06:05 -05:00
Daniel Thayer
01a899255e Convert more redef-able constants to runtime options 2018-08-24 16:05:44 -05:00
Jon Siwek
1eeecf5fcc Stabilize a cluster logging unit test 2018-08-24 14:58:43 -05:00
Jon Siwek
f41f392743 Improve input framework re-read logic 
Changed from checking for "has newer modification time" to "has
different modification time or inode number".
 2018-08-24 12:46:31 -05:00
Jon Siwek
5c9813eadb Merge branch 'topic/feature/upstream/refresh-maxmind-db' of https://github.com/corelight/bro 
* 'topic/feature/upstream/refresh-maxmind-db' of https://github.com/corelight/bro:
  Detect MaxMind DB changes and auto-reload
 2018-08-24 10:27:26 -05:00
Jonathan Perkins
2b0e265a1f Detect MaxMind DB changes and auto-reload 2018-08-24 08:56:23 -05:00
Jon Siwek
d43238fe69 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix finding of kerberos and libmaxminddb in CMakeLists.txt
 2018-08-23 16:55:50 -05:00
Jon Siwek
af181474c1 BIT-1885: fix "kill" threading message 
Now goes through the proper (main thread) channels to signal the
thread to stop.
 2018-08-23 16:48:49 -05:00
Johanna Amann
b2a0418dc5 Final touches to SSL events with record layer version. 2018-08-23 14:18:38 -07:00
Daniel Thayer
7739aaf780 Fix finding of kerberos and libmaxminddb in CMakeLists.txt 
On an older system (CentOS 7), there was a bug where although the
headers and libraries for kerberos and maxminddb were found correctly,
both of those components were listed as "false" in the "Bro Build Summary"
output from cmake.
 2018-08-23 15:59:35 -05:00
Jon Siwek
b9dfca7789 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Improve readability of the Travis job log
 2018-08-23 15:21:25 -05:00
Jon Siwek
620cd671ba Fix tracking of DCE-RPC context identifier mappings 
This adds previously-missing support for "Alter Context"
request/response PDUs (initial patch contributed by Mark Fernandez).

Also, context ID arguments were added to dce_rpc_bind, dce_rpc_request,
and dce_rpc_response in order to properly track what endpoint/operation
a given opnum maps to.
 2018-08-23 15:11:38 -05:00
Daniel Thayer
419b5d9ee0 Improve readability of the Travis job log 
Use quiet mode in git checkout to suppress a dozen lines of output.
Also added a blank line of output just before attempting to get the
private tests.
 2018-08-23 12:27:08 -05:00
Robin Sommer
45338b1942 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1885' 
* origin/topic/jsiwek/bit-1885:
  BIT-1885: fix input framework memory leak
  Increase timeout for a memleak test
 2018-08-23 15:53:35 +00:00
Jon Siwek
b847b3b4d9 BIT-1885: fix input framework memory leak 
For input threads that get joined during run-time instead of being
signalled to stop at termination-time as typical (e.g. an error occurs
or process exits w/ non-zero status) messages could remain in the
thread's queue and leak.

This patches threads to ensure they enter the proper "finished"
state so that the thread manager can attempt to fully process and
empty out their queues before joining them.
 2018-08-22 19:23:10 -05:00
Jon Siwek
f5848f0279 Increase timeout for a memleak test 2018-08-22 19:22:08 -05:00
Jon Siwek
66871ba948 Ensure external test repo hashes track origin/master 2018-08-22 12:06:33 -05:00
Jon Siwek
12955d8676 Updating submodule(s). 
[nomail]
 2018-08-22 11:55:29 -05:00
Jon Siwek
1f70f607ce Fix "unused CMake variable" configuration warnings 2018-08-22 11:49:33 -05:00
Jon Siwek
f3f5ca923e Updating submodule(s). 
[nomail]
 2018-08-22 11:01:39 -05:00
Jon Siwek
ef3d451af3 Fix Travis CI script to checkout particular commits of external tests 2018-08-21 16:49:06 -05:00
Jon Siwek
553ce6aca1 Fix signed/unsigned comparison warning 2018-08-21 16:16:00 -05:00
Jon Siwek
9121c0436f Add --with-broker configure option 2018-08-21 15:55:56 -05:00
Jon Siwek
b679a51376 Merge remote-tracking branch 'origin/topic/jazoff/fix-snaplen' 
* origin/topic/jazoff/fix-snaplen:
  problem: default snaplen is too small for jumbo frames
 2018-08-21 14:54:55 -05:00
Jon Siwek
b63f0e2675 Updating submodule(s). 
[nomail]
 2018-08-21 10:02:02 -05:00
Johanna Amann
aa2488fb69 Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data 2018-08-20 16:10:21 -07:00
Jon Siwek
ee0bbdad34 Fix outdated documentation test baselines 2018-08-20 15:51:51 -05:00
Jon Siwek
bcf97f70ea Merge remote-tracking branch 'origin/topic/jsiwek/empty-lines' 
* origin/topic/jsiwek/empty-lines:
  Add 'smtp_excessive_pending_cmds' weird
  Fix SMTP command string comparisons
  Improve handling of empty lines in several text protocol analyzers
  Add rate-limiting sampling mechanism for weird events
  Teach timestamp canonifier about timestamps before ~2001
 2018-08-20 15:35:16 -05:00