Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
9176 commits 387 branches 195 tags 259 MiB
Commit graph

9176 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
528bad72de Move record_fields method from zeek.bif to Val class method 2019-07-02 12:52:25 -07:00
Tim Wojtulewicz
dffefe0683 Add ToStdString method for StringVal 2019-07-02 12:52:25 -07:00
sfinlon
fe46035366 Fix CIF integration and add logging options to intel.log and added comments to code 2019-07-01 23:54:24 -04:00
Zeke Medley
f18464f1f8 remove some leftover debug output 2019-07-01 14:26:02 -07:00
Zeke Medley
6e84a5eb8e Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures 2019-07-01 13:43:48 -07:00
Zeke Medley
409f27955b Call parent constructor from LambdaExpr. 2019-07-01 13:36:28 -07:00
Jon Siwek
23a1815e29 Updating submodule(s). 
[nomail]
 2019-07-01 12:17:53 -07:00
Tim Wojtulewicz
20c320d62b Add clang-tidy rule to CMake including a base configuration 2019-07-01 12:09:55 -07:00
Jon Siwek
962988e0b4 Updating submodule(s). 
[nomail]
 2019-07-01 10:40:48 -07:00
Johanna Amann
3cdda7647f Merge remote-tracking branch 'origin/topic/jsiwek/gh-443-fix-timestamp-0-logs' 
* origin/topic/jsiwek/gh-443-fix-timestamp-0-logs:
  GH-443: fix uses of timestamp 0 in cluster diagnostic logs
 2019-07-01 01:29:41 -07:00
Johanna Amann
1ebd3adf20 Merge remote-tracking branch 'origin/topic/jsiwek/gh-243-wrap-up-deprecation-removal' 
* origin/topic/jsiwek/gh-243-wrap-up-deprecation-removal:
  Improve deprecation warning messages
  Remove deprecated DNS events
  Remove BackDoor analyzer
  Remove InterConn analyzer
  Remove deprecated/unused irc_servers option
  Remove deprecated print_hook event
  Remove dead code: dump_used_event_handlers
  Remove unused software_version_found events
  Remove deprecated open_log_file and log_file_name functions
  Remove deprecated/unused "packet" type
  Un-deprecate anonymizer BIFs
  Un-deprecate file rotation functions
 2019-07-01 01:14:29 -07:00
Johanna Amann
8d5b7007ec Merge remote-tracking branch 'origin/topic/jsiwek/gh-380-bypass-caf-spinlock-problems' 
* origin/topic/jsiwek/gh-380-bypass-caf-spinlock-problems:
  Switch default CAF scheduler policy to work sharing
 2019-07-01 00:53:07 -07:00
Johanna Amann
85cd38a3e1 Update 3rdparty submodule. 
This updates sqlite to 3.28.0.

Fixes GH-448

 [nomail]
 2019-07-01 00:47:08 -07:00
Jon Siwek
5b64c35185 Switch default CAF scheduler policy to work sharing 
It may generally be better for our default use-case, as workers may
save a few percent cpu utilization as this policy does not have to
use any polling like the stealing policy does.

This also helps avoid a potential issue with the implementation of
spinlocks used in the work-stealing policy in current CAF versions,
where there's some conditions where lock contention causes a thread
to spin for long periods without relinquishing the cpu to others.
 2019-06-28 16:34:33 -07:00
Zeke Medley
f47390f66a Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures 2019-06-28 16:22:18 -07:00
Seth Hall
9795782ecb
Merge pull request #324 from zeek/topic/jsiwek/gh-320 
Improve RFB (VNC) protocol parsing
 2019-06-28 17:27:16 -04:00
Jon Siwek
b6c4aa7d2e Merge branch 'master' of https://github.com/spacepatcher/zeek 
* 'master' of https://github.com/spacepatcher/zeek:
  Add Windows Minidump file signature
 2019-06-28 12:11:17 -07:00
Jon Siwek
bc77b65b0a Merge remote-tracking branch 'origin/topic/johanna/gh-214-notice-on-workers' 
* origin/topic/johanna/gh-214-notice-on-workers:
  Change notices to be processed on worker.

Fixes GH-214
 2019-06-28 11:51:04 -07:00
Seth Hall
e3b080c741
Fixed a small issue due to the name changes 2019-06-28 14:49:57 -04:00
Zeke Medley
cadc1ab403 Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures 2019-06-28 09:46:15 -07:00
Alexander Bolshakov
1759205930
Add Windows Minidump file signature 
This signature is relevant for process dumps on Windows that could be extracted by various tools. The unencrypted transmission of the dump of a critical system process (for example, lsass.exe) via network would be detected by this rule.
 2019-06-28 14:43:38 +03:00
Jon Siwek
430f9a92c6 GH-443: fix uses of timestamp 0 in cluster diagnostic logs 
For broker.log and cluster.log: there was a race condition.  A worker's
first IOSource that it processes is potentially Broker if there were
no packets available yet and thread scheduling happens to work out
such that network connections (inside CAF threads) become established
before we enter the main I/O loop.  Such peering establishments would
generate logs with timestamp 0 as there was not yet any code path
taken that would update network_time.

For reporter.log: any non-worker (packet-processing) node would just
unnecessarily use a timestamp of 0 for their reporter messages.
 2019-06-27 23:00:42 -07:00
Jon Siwek
7b56925b77 Updating submodule(s). 
[nomail]
 2019-06-27 18:54:29 -07:00
Jon Siwek
7d2d63551d Improve deprecation warning messages 2019-06-27 18:36:27 -07:00
Jon Siwek
0edc7c6cbb Remove deprecated DNS events 
- dns_full_request
- non_dns_request
 2019-06-27 18:30:48 -07:00
Jon Siwek
7dc3fca754 Remove BackDoor analyzer 2019-06-27 18:25:43 -07:00
Jon Siwek
a940cf3fb5 Remove InterConn analyzer 2019-06-27 18:05:32 -07:00
Jon Siwek
a520433636 Remove deprecated/unused irc_servers option 2019-06-27 17:48:01 -07:00
Jon Siwek
e9fefa6501 Remove deprecated print_hook event 2019-06-27 17:43:20 -07:00
Jon Siwek
5343924eb9 Remove dead code: dump_used_event_handlers 2019-06-27 17:43:20 -07:00
Jon Siwek
2655a65331 Remove unused software_version_found events 
- software_version_found
- software_unparsed_version_found
- software_parse_error
 2019-06-27 17:43:20 -07:00
Jon Siwek
bfd037989b Remove deprecated open_log_file and log_file_name functions 2019-06-27 17:43:20 -07:00
Jon Siwek
b635cc240b Remove deprecated/unused "packet" type 2019-06-27 17:43:20 -07:00
Jon Siwek
88ffe06004 Un-deprecate anonymizer BIFs 2019-06-27 17:43:20 -07:00
Jon Siwek
ea43c154cf Un-deprecate file rotation functions 
- rotate_file
- rotate_file_by_name
- calc_next_rotate

These still have use-cases even though no longer used for our logging
functionality.  E.g. rotate_file_by_name may be used to rotate
pcap dump files.

Also the log_rotate_base_time option was marked deprecated, but still
used in the new logging framework.
 2019-06-27 16:13:22 -07:00
Zeke Medley
fef8aeb123 Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures 2019-06-27 14:39:08 -07:00
Zeke Medley
28253b24f9 Table defaults capture closures. 2019-06-27 14:38:38 -07:00
Jon Siwek
dafc44e8b9 Merge remote-tracking branch 'origin/topic/johanna/gh-375-remove-brofile-cache' 
* origin/topic/johanna/gh-375-remove-brofile-cache:
  Remove the BroFile cache

Fixes GH-375
 2019-06-27 12:09:31 -07:00
Jon Siwek
4a6977ba5b Merge remote-tracking branch 'origin/topic/johanna/stringval-from-stdstring' 
* origin/topic/johanna/stringval-from-stdstring:
  Fix creating a StringVal from std::string.
 2019-06-27 10:13:31 -07:00
Robin Sommer
b9538045d5 Updating submodule. 2019-06-27 16:58:00 +00:00
Johanna Amann
5052dc03fc Remove the BroFile cache 
GH-375
 2019-06-26 16:32:18 -07:00
Zeke Medley
d7a73c270d Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures 2019-06-26 15:15:19 -07:00
Zeke Medley
8ed18ca194 Make ClosureFrame safe & cleanup 
TODO: make anonymous-funcs associated with tables capture closures,
implement copy constructor for Frame, & other cleanup.
 2019-06-26 15:05:57 -07:00
Seth Hall
eb690a18cc
Merge branch 'master' into topic/jsiwek/gh-320 2019-06-26 14:47:01 -04:00
Johanna Amann
44b657687a Fix creating a StringVal from std::string. 
Currently, creating a StringVal from a std::string did not work with
data that contains \0 characters. This easy fix changes this - and
should also lead to a small speed increase for code using this
constructor.

This obviously means that more data might copied now in some cases that
were previously cut off at the first 0-byte. Our test-suite did not
reveal any such cases.
 2019-06-26 11:41:39 -07:00
Johanna Amann
3ec9fb0f7f Change notices to be processed on worker. 
In the past they were processed on the manager - which requires big
records to be sent around.

This has a potential of incompatibilities if someone relied on global
state for notice processing.

GH-214
 2019-06-25 13:51:27 -07:00
Jon Siwek
f810de11fa Make a paraglob unit test parallelizable 2019-06-25 12:50:30 -07:00
Johanna Amann
0d96e71f49 Update doc submodule 
Fixes GH-433

 [nomail]
 2019-06-25 10:51:15 -07:00
Zeke Medley
670816ad48 Merge branch 'master' of https://github.com/zeek/zeek into topic/zeke/closures 2019-06-25 10:48:39 -07:00
Johanna Amann
10e25bd625 Update submodules 
[nomail]
 2019-06-25 10:47:07 -07:00