Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9176 commits 387 branches 195 tags 259 MiB
Commit graph

9176 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
d726e44e0e Updating CHANGES and VERSION. 2019-08-09 09:15:22 -07:00
Tim Wojtulewicz
80e3c42526 Add new distro to Travis CI configuration for running leak tests 2019-08-08 16:36:17 -07:00
Jon Siwek
ba56cf62a7 Change version to 3.1.0-dev 2019-08-08 16:08:50 -07:00
Jon Siwek
d236f377e7 Add memory leak test of closure (un)serialization 2019-08-07 12:41:22 -07:00
Jon Siwek
662c416ad9 Updating submodule(s). 
[nomail]
 2019-08-07 10:29:16 -07:00
Jon Siwek
6af1bf18ac Replace use of deprecated pcap_lookupdev() 
libpcap 1.9.0 has started deprecating this function in favor
of pcap_findalldevs()
 2019-08-07 09:46:41 -07:00
Johanna Amann
51f565d235 Merge remote-tracking branch 'origin/topic/jsiwek/gh-527-coverity-issues' 
* origin/topic/jsiwek/gh-527-coverity-issues:
  GH-527: fix parsing of MQTT Remaining Length field
  GH-527: fix LambdaExpr::Traverse
  GH-527: fix ref-counting issues in Frame unserialization
 2019-08-07 08:10:29 -07:00
Mauro Palumbo
f93e41fd3f minor restyle and add comments 2019-08-07 10:32:36 +02:00
Jon Siwek
dc5aca6854 GH-527: fix parsing of MQTT Remaining Length field 
Packet length is encoded in up to four bytes, with MSB (0x80)
indicating if there's more bytes in the representation still to follow.
The comparison/bitwise-mask wasn't correctly testing the MSB.

Coverity CID 1403964
 2019-08-06 14:47:03 -07:00
Jon Siwek
f6f4e3e8bc GH-527: fix LambdaExpr::Traverse 
Coverity CID 1403966
 2019-08-06 14:47:03 -07:00
Jon Siwek
05bc680d3f GH-527: fix ref-counting issues in Frame unserialization 
Coverity CIDs 1403968, 1403967
 2019-08-06 14:47:03 -07:00
Johanna Amann
7521fec5b3 Update submodule 
[nomail]
 2019-08-06 11:49:12 -07:00
Mauro Palumbo
8e418d3c7b add an empty read_error event to the intel framework (in the export block, so that users can implement further checks with it) 2019-08-06 12:20:47 +02:00
Mauro Palumbo
1011abd5e0 move event Intel::read_entry to export block 2019-08-06 11:17:34 +02:00
Johanna Amann
3080290a5e Merge remote-tracking branch 'origin/topic/jsiwek/gh-474-mqtt-option' 
* origin/topic/jsiwek/gh-474-mqtt-option:
  GH-474: change MQTT::max_payload_size to be a runtime option

Relates to GH-474
 2019-08-05 21:06:50 -07:00
Jon Siwek
cc91ab5d9e Fix malformed SMB documentation 2019-08-05 19:00:43 -07:00
Jon Siwek
1eb1771c25 Fix documentation warnings for MQTT identifiers 
I.e. a type was not in the export section, but a field was added
to connection record via a redef that uses the "hidden" type.
That generally doesn't help to hide it that way since a user comes
to rely on it indirectly anyway, and it also causes problems with
the Zeekygen documentation not being able to find it.
 2019-08-05 18:55:48 -07:00
Jon Siwek
35c42b4b09 GH-474: change MQTT::max_payload_size to be a runtime option 2019-08-05 18:11:54 -07:00
Jon Siwek
704969ddd6 Merge remote-tracking branch 'origin/topic/johanna/disable-mqq-by-default' 
* origin/topic/johanna/disable-mqq-by-default:
  Disable MQTT by default
 2019-08-05 17:33:25 -07:00
Johanna Amann
0f96a9dedf Disable MQTT by default 
To enable MQTT, one has to load policy/scripts/mqtt. Like with smb in
2.5, the consts are loaded by default.
 2019-08-05 17:04:39 -07:00
Tim Wojtulewicz
337da50da6 Add new LogAscii::gzip_file_extension option. 
This can be used with the LogAscii::gzip_level option to set the file extension of log files when they are compressed at creation time.
 2019-08-05 14:36:34 -07:00
Johanna Amann
39b9468f9d Merge remote-tracking branch 'origin/topic/jsiwek/gh-474-mqtt-improvements' 
* origin/topic/jsiwek/gh-474-mqtt-improvements:
  GH-474: add MQTT::max_payload_size option
  GH-474: use topic vectors for MQTT (un)subscribe events/logs

Relates to #520
 2019-08-05 10:26:40 -07:00
Jon Siwek
5f4c04c900 Updating submodule(s). 
[nomail]
 2019-08-02 18:24:51 -07:00
Jon Siwek
6bc947a48e GH-474: add MQTT::max_payload_size option 
This caps size of payload strings within mqtt_publish events and
mqtt_publish.log files.  A new "payload_len" field in the log file
shows the real payload size in cases where it may have been truncated.
 2019-08-02 14:28:55 -07:00
Jon Siwek
c43e809a69 GH-474: use topic vectors for MQTT (un)subscribe events/logs 2019-08-02 13:48:43 -07:00
Johanna Amann
649d9f502b Update Certificate Transparency list 2019-08-02 12:43:43 -07:00
Johanna Amann
6f25125443 Update CA store to NSS 3.45 
This also required updating a test that required a root-certificate that
was removed from the Mozilla store - the test now directly includes that
specific root-cert.
 2019-08-02 12:36:54 -07:00
Jon Siwek
d2eed166bd GH-517: fix MQTT suback/unsuback accessing non-existent index 2019-08-02 11:57:46 -07:00
Jon Siwek
b3884de2e5 Fix how Broker/CAF sleep duration options are set 
With CAF 0.17.0, these are now reporting an incorrect option name
was being used.
 2019-08-02 11:33:00 -07:00
Tim Wojtulewicz
bbf49406c1 DFA: remove uses of PDict 2019-08-02 09:45:50 -07:00
Tim Wojtulewicz
acff8d5a2b EventRegistry: remove uses of PDict 2019-08-02 09:45:50 -07:00
Johanna Amann
6fa0f4ac49 Merge remote-tracking branch 'origin/topic/johanna/conn-duration-thresholds' 
* origin/topic/johanna/conn-duration-thresholds:
  Add duration thresholding to the conn-size analyzer.
 2019-08-01 14:20:49 -07:00
Johanna Amann
f9ee0079a5 Merge remote-tracking branch 'origin/topic/jsiwek/lambda-name-fixes' 
* origin/topic/jsiwek/lambda-name-fixes:
  Guarantee unique internal name for each lambda function
  Use consistent hashing method for internal lambda function names
 2019-08-01 13:37:45 -07:00
Johanna Amann
ca36728a4e Merge remote-tracking branch 'origin/topic/jsiwek/gh-514-improve-addr-conversion-errors' 
* origin/topic/jsiwek/gh-514-improve-addr-conversion-errors:
  Improve error messages from to_addr and to_subnet BIFs
 2019-08-01 13:15:43 -07:00
Jon Siwek
70359c703f Fix a test that used a hardcoded Broker port 2019-08-01 12:28:50 -07:00
Jon Siwek
21bc1b6703 Updating submodule(s). 
[nomail]
 2019-08-01 12:07:26 -07:00
Johanna Amann
9d489cde20 Add duration thresholding to the conn-size analyzer. 
Now, in addition to setting thresholds for bytes and packet, one can set
a threshold for connection duration. Note that the threshold event is
only raised once the next packet in the connection is seen.

This also fixes a small pre-existing bug, in which a bunch of warnings
were raised if someone just used the lower-level functions without going
through the higher-level scripting API.
 2019-08-01 11:57:40 -07:00
Jon Siwek
11f90bc9f5 GH-512: add --mandir configure option 2019-08-01 11:26:18 -07:00
Jon Siwek
68b0e1d54d Updating submodule(s). 
[nomail]
 2019-08-01 11:22:26 -07:00
Jon Siwek
ec4df80c67 Improve error messages from to_addr and to_subnet BIFs 
Related to GH-514
 2019-08-01 10:49:03 -07:00
Jon Siwek
ac7daf8456 Merge branch 'master' of https://github.com/zeek/zeek 2019-07-31 21:31:55 -07:00
Jon Siwek
ee28e9e9f3 Merge remote-tracking branch 'origin/topic/seth/mqtt' 
* origin/topic/seth/mqtt:
  Bug fixes and test baseline updates
  Fix an issue with bro_init -> zeek_init
  MQTT Analyzer heavily updated and ported from the analyzer originally by Supriya Kumar

Adjustments during merge:

* Minor whitespace cleanups
* Some bro to zeek renaming
* Fixed the parsing of unsubscribe messages to generate an event for each topic
 2019-07-31 21:29:38 -07:00
Seth Hall
e6f21b9a0f Fix the link to "good first issue" tickets. 2019-07-31 22:49:01 -04:00
Jon Siwek
09ea4ceb7e Rename a broxygen unit test to zeekygen 2019-07-31 14:25:22 -07:00
Jon Siwek
9b2d7795d5 Fix hello world script in README.md 2019-07-31 14:16:54 -07:00
Jon Siwek
a1d8a21005 Guarantee unique internal name for each lambda function 
By dealing with hash collisions.
 2019-07-31 14:10:29 -07:00
Jon Siwek
8575c9daed Use consistent hashing method for internal lambda function names 
The results of std::hash<std::string> may vary depending on platform.
E.g. test suite failed on macOS due to Linux generating different lambda
function names.
 2019-07-31 12:06:27 -07:00
Seth Hall
22e89bdc70 Fix hello world script in the readme. 2019-07-31 14:43:18 -04:00
Seth Hall
8b6a517c00 Fixes a tiny Bro->Zeek renaming issue 2019-07-31 14:17:46 -04:00
Jon Siwek
851a11086d Merge remote-tracking branch 'origin/topic/seth/506-fix-ntp-analyzer-fields-missing' 
* origin/topic/seth/506-fix-ntp-analyzer-fields-missing:
  Tiny tweaks to try and address ticket #506
 2019-07-31 10:45:25 -07:00