Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9176 commits 388 branches 195 tags 268 MiB
Commit graph

9176 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
08c64112f0 Document variable argument list BIFs using ellipsis 
Instead of a single parameter: "va_args: any".
 2018-05-31 13:14:57 -05:00
Jon Siwek
3679b0d963 Teach Option::set to unwrap Broker::Data values 2018-05-31 12:45:44 -05:00
Jon Siwek
5bb72d2972 Merge branch 'topic/jsiwek/broker-misc' into topic/jsiwek/config-cluster 2018-05-31 11:01:10 -05:00
Jon Siwek
d873acc9e3 Support unserializing broker data into type 'any' 
The receiver side will wrap the data as a Broker::Data value, which
can then be type-checked/cast via 'is' or 'as' operators to a specific
Bro type.  For example:

Sender:

    Broker::publish("topic", my_event, "hello")

Receiver:

    event my_event(arg: any)
        {
        if ( arg is string )
            print arg as string;
        }
 2018-05-31 10:39:40 -05:00
Jon Siwek
bd3c16c6d7 Fix a bug in broker data type-casting check 2018-05-31 10:05:18 -05:00
Jon Siwek
6489b54deb Remove dead code in broker data/val conversion function 2018-05-31 08:58:34 -05:00
Johanna Amann
44dfcb7c6a Start clusterizing configuration framework. 
This is not finished and currently does not work due Broker not liking
to serialize into any types.
 2018-05-29 14:08:05 -07:00
Jon Siwek
84c1d9c808 Fix NEWS file formatting 2018-05-29 10:17:04 -05:00
Jon Siwek
9511daf5d2 Merge branch 'topic/dopheide/broker-docs' of https://github.com/dopheide-esnet/bro 
* 'topic/dopheide/broker-docs' of https://github.com/dopheide-esnet/bro:
  A suggestion for reminding folks about calling events in Module namespaces.

I've changed this to include more accurate examples
 2018-05-29 10:05:56 -05:00
Michael Dopheide
bbd65bcc74 A suggestion for reminding folks about calling events in Module namespaces. 2018-05-27 20:49:15 -05:00
Jon Siwek
7327c87c0a Updating submodule(s). 
[nomail]
 2018-05-25 12:20:45 -05:00
Jon Siwek
5c283e0a2e Updating submodule(s). 
[nomail]
 2018-05-25 08:56:13 -05:00
Jon Siwek
fe478877c6 Change Intel framework to round-robin insertion events across proxies 2018-05-24 14:36:22 -05:00
Jon Siwek
45178f3051 Add a counter for number of alive nodes within a given cluster pool 2018-05-24 14:33:35 -05:00
Jon Siwek
95ea84e60e Fix how cluster framework tracks worker count 2018-05-24 14:32:45 -05:00
Jon Siwek
186d47c762 Fix a typo in docs 2018-05-24 13:23:52 -05:00
Jon Siwek
85c82b13ef Updating submodule(s). 
[nomail]
 2018-05-24 12:06:59 -05:00
Jon Siwek
04eaafd4eb Updating submodule(s). 
[nomail]
 2018-05-24 09:41:46 -05:00
Jon Siwek
63251e9937 Updating submodule(s). 
[nomail]
 2018-05-24 09:40:07 -05:00
Jon Siwek
b2923f5528 Documentation improvements/fixes 2018-05-23 16:50:31 -05:00
Jon Siwek
58864c358c Add NCP::max_frame_size tuning option 
This helps prevent excessive allocations based on message lengths
taken from NCP headers.
 2018-05-22 18:27:52 -05:00
Jon Siwek
e35da5f592 Migrate NCP analyzer to use latest analyzer API 
It was possibly never updated for newer Analyzer API changes, as simply
attaching the NCP analyzer to a connection would result in null pointer
derefernces and also support analyzers were not attached.
 2018-05-22 16:27:07 -05:00
Jon Siwek
de029dd430 Merge remote-tracking branch 'origin/topic/jsiwek/binpac-fixes' 
* origin/topic/jsiwek/binpac-fixes:
  Update test baseline for binpac changes
  Update test baseline for optimized binpac static-size array parsing
  Fixes for MySQL and SMB protocol parsers
  BIT-1829: add unit test for modbus parser issue
 2018-05-22 15:06:51 -05:00
Jon Siwek
c9bf16e172 Updating submodule(s). 
[nomail]
 2018-05-22 13:31:48 -05:00
Jon Siwek
c1871b0f0b Update test baseline for binpac changes 2018-05-22 12:46:30 -05:00
Jon Siwek
477d3fc0e2 Updating submodule(s). 
[nomail]
 2018-05-22 09:48:17 -05:00
Jon Siwek
436a93b38a Make Reassembler::TotalSize a constant time operation 2018-05-22 09:20:44 -05:00
Robin Sommer
647fe3f494 Updating submodule(s). 
[nomail]
 2018-05-21 22:36:44 +00:00
Robin Sommer
d6cddffe32 Merge remote-tracking branch 'origin/master' 
* origin/master:
  Update link to flex pattern docs
 2018-05-21 21:38:19 +00:00
Robin Sommer
eaf5f4a9bb Whitespace changes. 2018-05-21 20:31:29 +00:00
Robin Sommer
593000be57 Updating submodules. 2018-05-21 20:31:29 +00:00
Robin Sommer
ad1978f698 Updating NEWS and CHANGES. 2018-05-21 20:31:29 +00:00
Robin Sommer
87552390e5 Bring Broccoli back for the time being. 
It's deprecated and now disabled by default, but can be reenabled by
configuring with --enable-broccoli.
 2018-05-21 18:38:25 +00:00
Jon Siwek
ed7b0b3503 Update link to flex pattern docs 2018-05-21 13:38:04 -05:00
Robin Sommer
fe7e1ee7f0 Merge topic/actor-system throug a squashed commit. 2018-05-18 22:39:23 +00:00
Robin Sommer
7a6f5020f6 Updating submodule(s). 
[nomail]
 2018-05-18 22:39:22 +00:00
Seth Hall
aa5d784d48 Merge branch 'p-l--topic/p-l-/fix-arp-tests' 2018-05-18 12:20:46 -04:00
Pierre LALET
8315aa36a6 Add bad ARP tests 
The capture file (btest/Traces/arp-leak.pcap) contains the
exploitation of an ARP leak flaw against NetBSD 7.0.2 using Scapy
etherleak() function.
 2018-05-18 17:39:53 +02:00
Jon Siwek
99a417fc07 Update test baseline for optimized binpac static-size array parsing 2018-05-18 10:34:06 -05:00
Jon Siwek
954e7980cf Fixes for MySQL and SMB protocol parsers 
* MySQL: the parser for this was generally broken (not following
  the specification well) and needed many changes.  One addition is a
  new "mysql_result_row" event that provides access to the results of
  queries.

* SMB: the spec seems to explitly call out the omission of the
  PrimaryDomain field on SMB_COM_SESSION_SETUP_ANDX responses (and I
  don't see that field in pcaps either), so this may have just been a
  typo that used to work fine in the past only due to faulty array
  parsing behavior in binpac.
 2018-05-18 10:31:36 -05:00
Pierre LALET
cc4605c8ae Tests/ARP: fix capture files. 
It seems the wrong ones were selected in a merge conflict (see
d5797d8).
 2018-05-18 17:25:55 +02:00
Jon Siwek
9c1e20394b BIT-1829: add unit test for modbus parser issue 2018-05-18 09:24:06 -05:00
Seth Hall
7ffc162383 Merge branch 'master' of ssh://git.bro-ids.org/bro 2018-05-18 09:52:37 -04:00
Seth Hall
d5797d8bde Merge branch 'p-l--topic/support-wlan-monitor' 
# Conflicts:
#	testing/btest/Traces/arp-who-has-radiotap.pcap
#	testing/btest/Traces/arp-who-has-wlanmon.pcap
 2018-05-18 09:52:28 -04:00
Johanna Amann
2b24e04ada Add non-standard experimental Google post-quantum ciphers 2018-05-17 15:54:48 -07:00
Pierre LALET
ab73946289 ARP: fix the l2 source address check 
ARP_Analyzer::NextPacket() incorrectly assumed that the MAC source
address was at data+6 (which is fine for classical ARP over Ethernet
frames but incorrect for ARP over Wi-Fi for example) and the
destination was at data.

Use pkt->l2_src and pkt->l2_dst instead, set by Packet::ProcessLayer2().
 2018-05-16 00:59:29 +02:00
Pierre LALET
0944747bab Add tests for ARP in 802.11 (w & w/o RadioTAP) 2018-05-16 00:21:20 +02:00
Seth Hall
09d283f7ed Merge branch 'topic/support-wlan-monitor' of https://github.com/p-l-/bro 2018-05-15 13:35:20 -04:00
Seth Hall
f2b4c16dd5 Merge branch 'p-l--topic/support-wlan-monitor' 2018-05-15 13:32:34 -04:00
Pierre LALET
a7fb278710 Add tests for ARP in 802.11 (w & w/o RadioTAP) 2018-05-15 18:15:17 +02:00