Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6202 commits 388 branches 195 tags 268 MiB
Commit graph

6202 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeff Barber
30fdc37479 Refactor to make bro use a common Packet object. 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
 2015-05-29 10:37:39 -04:00
Daniel Thayer
7cf04c9f3a Improve logging framework doc 
Reorganized the content to be easier to follow, added a few more examples,
fixed some ugly formatting (removed scrollbars that make the examples
difficult to read).
 2015-05-28 17:52:32 -05:00
Robin Sommer
2b1cd66f17 Updating CHANGES and VERSION. 2015-05-28 13:37:52 -07:00
Robin Sommer
fbf40090a8 Updating submodule(s). 
[nomail]
 2015-05-28 13:20:44 -07:00
Robin Sommer
0a9b768e46 Updating submodule(s). 
[nomail]
 2015-05-28 12:15:48 -07:00
Robin Sommer
d9ef8c36c9 Updating submodule(s). 
[nomail]
 2015-05-28 12:02:26 -07:00
Robin Sommer
a3290d194c Fix segfault when DNS is not available. 
Based on patch by Frank Meier.

BIT-1387 #merged
 2015-05-28 11:52:54 -07:00
Yun Zheng Hu
2aa214d835 BIT-1314: Added QI test for rexmit_inconsistency 2015-05-28 12:12:22 +02:00
Yun Zheng Hu
b386b2ba51 BIT-1314: Add detection for Quantum Insert attacks 
TCP_Reassembler can now keep a history of old TCP segments using the
`tcp_max_old_segments` option. A value of zero will disable it.

An overlapping segment with different data can indicate a possible
TCP injection attack. The rexmit_inconsistency event will fire if this
is the case.
 2015-05-28 12:11:06 +02:00
Daniel Thayer
e02ad1711c Add link to broctl doc from the quickstart doc 2015-05-27 16:23:02 -05:00
Johanna Amann
5147b0bb02 set fedora 21 specific environment variable to not make it complain about 
md5 signed certs.

Addresses BIT-1402
 2015-05-27 12:24:21 -07:00
Daniel Thayer
fcaf1d9c95 Update install documentation and fix some typos 2015-05-25 13:08:03 -05:00
Daniel Thayer
9cde2be727 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-improvements-2.4 2015-05-25 11:59:34 -05:00
Jon Siwek
08822e0dd4 Allow '<' and '>' in MIME multipart boundaries. 
The spec doesn't actually seem to permit these, but Seth had a (private)
pcap showing them used in the wild (and the HTTP/MIME analyzer failed to
parse content as a result).
 2015-05-22 11:46:50 -05:00
Jon Siwek
c870fefbef Updating submodule(s). 
[nomail]
 2015-05-20 13:00:58 -05:00
Seth Hall
ea2ce67c5f Fixes an issue with missing zlib headers on deflated HTTP content. 
- Includes a test.
 2015-05-18 14:30:32 -04:00
Johanna Amann
8be8f2e725 update local-compat.test 2015-05-07 21:55:59 -07:00
Johanna Amann
456a78e204 Updating CHANGES and VERSION. 2015-05-07 20:32:20 -07:00
Johanna Amann
ae74f37696 Updating CHANGES and VERSION. 2015-05-07 13:57:03 -07:00
Robin Sommer
1e66c6718a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add /sbin to PATH in btest.cfg
 2015-05-06 09:58:30 -07:00
Daniel Thayer
f6248994e4 Add /sbin to PATH in btest.cfg 
Added /sbin to PATH so that a couple of tests that require ifconfig
are not skipped on systems (such as debian) which don't have /sbin
in PATH by default.

Also removed a duplicate default_path.
 2015-05-04 14:47:56 -05:00
Robin Sommer
190df47c4b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update usage output and list of cmd-line options
  A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this.
 2015-05-04 09:58:57 -07:00
Daniel Thayer
26007f419e Update usage output and list of cmd-line options 2015-04-29 23:56:55 -05:00
Robin Sommer
31e75c8eac Baseline update. 2015-04-29 20:34:37 -07:00
Vlad Grigorescu
cb91a9c101 A small fix to ssh/geo-data.bro. ssh can now be unset for local-local or remote-remote, so make the script deal with this. 2015-04-29 20:57:40 -04:00
Robin Sommer
afdae31430 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update NEWS and code for removal of -O cmd-line option
 2015-04-29 17:02:59 -07:00
Robin Sommer
488acbb961 Merge remote-tracking branch 'origin/topic/seth/sip-fixes' 
* origin/topic/seth/sip-fixes:
  Improve SIP logging and remove reporter messages.

BIT-1391 #merged
 2015-04-29 17:02:23 -07:00
Daniel Thayer
1508b00489 Update NEWS and code for removal of -O cmd-line option 2015-04-28 16:33:33 -05:00
Seth Hall
651132b70c Improve SIP logging and remove reporter messages. 
- People were seeing some reporter messages where the
   SIP scripts were not handling things safely.

 - New fields to show {request|response}_{from|to}.

 - Fixed a case where logs could be over logged on accident (junk logs).
 2015-04-28 16:30:54 -04:00
Robin Sommer
501dc821bf Merge remote-tracking branch 'origin/topic/jsiwek/bit-1350' 
* origin/topic/jsiwek/bit-1350:
  BIT-1350: improve record coercion type checking.

BIT-1350 #merged
 2015-04-27 17:28:29 -07:00
Robin Sommer
8f95a38885 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1384' 
* origin/topic/jsiwek/bit-1384:
  BIT-1384: Remove -O (optimize scripts) command-line option.

BIT-1384 #merged
 2015-04-27 17:26:12 -07:00
Robin Sommer
d0d8c7a03a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix the -J/--set-seed cmd-line option
  Remove unused -l, -L, and -Z cmd-line options
  Fix the --time and --re-level cmd-line options
  Update NEWS with changes to Bro cmd-line options
  Minor corrections and clarifications to NEWS

Conflicts:
	NEWS
 2015-04-27 17:23:07 -07:00
Daniel Thayer
ab917bd48c Fix the -J/--set-seed cmd-line option 2015-04-27 18:30:35 -05:00
Daniel Thayer
c008cd3fcb Remove unused -l, -L, and -Z cmd-line options 2015-04-27 17:58:04 -05:00
Daniel Thayer
85f4f4102d Fix the --time and --re-level cmd-line options 2015-04-27 17:45:01 -05:00
Daniel Thayer
3a40d42b2b Update NEWS with changes to Bro cmd-line options 2015-04-27 16:56:42 -05:00
Jon Siwek
48fccb3bce BIT-1350: improve record coercion type checking. 
For a field of the same name in both the target type and the coerced
type, a type mismatch is now reported as an error at parse-time.
 2015-04-27 16:37:40 -05:00
Jon Siwek
b42706f0b5 BIT-1384: Remove -O (optimize scripts) command-line option. 2015-04-27 14:45:02 -05:00
Daniel Thayer
1b9e2bb3f4 Minor corrections and clarifications to NEWS 2015-04-27 14:24:35 -05:00
Robin Sommer
d638342d7c Updating submodule(s). 
[nomail]
 2015-04-27 08:25:20 -07:00
Robin Sommer
54c28fc207 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix typos in the broker BIF documentation
  update installation instructions and remove outdated references.
 2015-04-27 08:22:49 -07:00
Robin Sommer
a6aa70d51f Updating NEWS for SSH. 2015-04-27 08:02:42 -07:00
Seth Hall
da24fa40a5 Easier support for systems with tcmalloc_minimal installed. 2015-04-26 00:40:31 -04:00
Daniel Thayer
7a63316e0e Fix typos in the broker BIF documentation 2015-04-24 15:40:33 -05:00
Johanna Amann
244dffa8fc update installation instructions and remove outdated references. 2015-04-24 10:33:22 -07:00
Jon Siwek
fe94d9ed2f Updating submodule(s). 
[nomail]
 2015-04-24 11:37:45 -05:00
Jon Siwek
c406fc7d29 Updating submodule(s). 
[nomail]
 2015-04-24 09:31:35 -05:00
Jon Siwek
9480cbd0b6 Updating submodule(s). 
[nomail]
 2015-04-23 17:01:11 -05:00
Jon Siwek
f73b4f2a21 Fix some outdated documentation unit tests. 2015-04-23 12:30:54 -05:00
Robin Sommer
7d95ebb48a Fix -N option to work with builtin plugins as well. 2015-04-23 07:10:55 -07:00