Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
12358 commits 387 branches 195 tags 255 MiB
Commit graph

12358 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
ae39225f82 Update broker submodule [nomail] 2021-08-03 17:42:15 -07:00
Tim Wojtulewicz
201617540d Only sort sessions during Drain() if a random seed is set 2021-08-03 10:07:47 -07:00
Johanna Amann
ec6b954499 Merge branch 'master' of https://github.com/sowmyaramapatruni/zeek 
Fixes GH-1689

* 'master' of https://github.com/sowmyaramapatruni/zeek:
  Fix issue-1689
 2021-08-03 10:25:26 +01:00
Johanna Amann
8b506ca113 Merge branch 'topic/jgvt/issue-1598' of https://github.com/ThalesGroup/zeek 
* 'topic/jgvt/issue-1598' of https://github.com/ThalesGroup/zeek:
  Fix when HTTP header are on several packet
  Fix HTTP evasion     - Happen when there is no CRLF at the end of HTTP     - Fix by adding CRLF when packet is complete (in relation to content-length in header)
 2021-08-03 10:21:41 +01:00
Sowmya Ramapatruni
58fae22708 Fix issue-1689 2021-08-02 13:52:43 -07:00
Tim Wojtulewicz
d343dbbd76 Merge remote-tracking branch 'origin/topic/timw/patricia-rebase' 
* origin/topic/timw/patricia-rebase:
  Fix failing test due to patricia change
  Rebase patricia code on upstream version
 2021-08-02 11:10:15 -07:00
Tim Wojtulewicz
e89a743901 Merge remote-tracking branch 'origin/topic/timw/1654-exclude-cmake-dot-git' 
* origin/topic/timw/1654-exclude-cmake-dot-git:
  GH-1654: Exclude the .git directory when installing cmake files
 2021-07-30 08:52:56 -07:00
Tim Wojtulewicz
a9deb1bfd2 GH-1654: Exclude the .git directory when installing cmake files 2021-07-29 15:30:21 -07:00
Tim Wojtulewicz
e2dc6df8a2 Use unordered_map to store sessions for performance reasons 2021-07-29 13:26:46 -07:00
Tim Wojtulewicz
2a717e05cc Merge remote-tracking branch 'origin/topic/timw/1692-binary-to-int64-shifting' 
* origin/topic/timw/1692-binary-to-int64-shifting:
  GH-1692: Add some safety to ASN's binary_to_int64 to avoid bad shifts
 2021-07-29 13:24:02 -07:00
Tim Wojtulewicz
b5841d0ab8 GH-1692: Add some safety to ASN's binary_to_int64 to avoid bad shifts 2021-07-29 10:11:50 -07:00
Tim Wojtulewicz
bbfce7aaf7 Update broker submodule 2021-07-28 19:10:24 -07:00
zeek-bot
9e23eb4309 Update doc submodule [nomail] [skip ci] 2021-07-28 00:31:19 +00:00
Tim Wojtulewicz
56ee21b97b Merge remote-tracking branch 'origin/topic/timw/shutdown-use-after-free' 
* origin/topic/timw/shutdown-use-after-free:
  Fix a use-after-free during shutdown
 2021-07-27 09:36:26 -07:00
Tim Wojtulewicz
cea9194650 Fix a use-after-free during shutdown 2021-07-26 14:26:22 -07:00
Tim Wojtulewicz
6acc3418e0 Merge remote-tracking branch 'origin/topic/timw/1693-robust-iterator-invalidation' 
* origin/topic/timw/1693-robust-iterator-invalidation:
  GH-1693: Fix potential crash with elements being modified during robust iteration
 2021-07-26 13:03:20 -07:00
Tim Wojtulewicz
41273afad8 GH-1693: Fix potential crash with elements being modified during robust iteration 2021-07-26 11:22:38 -07:00
jerome Grandvalet
83f4903250 Fix when HTTP header are on several packet 2021-07-26 15:58:14 +02:00
Tim Wojtulewicz
2fda808302 Update HMAC key used for benchmarking service 2021-07-23 16:28:36 -07:00
Tim Wojtulewicz
802dfd80c1 Fix failing test due to patricia change 2021-07-23 12:26:09 -07:00
Tim Wojtulewicz
083e0c5bdc Rebase patricia code on upstream version 2021-07-23 09:57:58 -07:00
Tim Wojtulewicz
36972ba9e1 Merge remote-tracking branch 'origin/topic/timw/1684-run-state-time-updates' 
* origin/topic/timw/1684-run-state-time-updates:
  GH-1684: Ensure that the time gets updated every pass if we're reading live traffic
 2021-07-23 09:29:00 -07:00
jerome Grandvalet
8cabecec40 Fix HTTP evasion 
- Happen when there is no CRLF at the end of HTTP
    - Fix by adding CRLF when packet is complete (in relation to content-length in header)
 2021-07-23 09:28:29 +02:00
Tim Wojtulewicz
5fab986ccb GH-1684: Ensure that the time gets updated every pass if we're reading live traffic 
This is necessary for e.g. packet sources that don't have a selectable
file descriptor. They'll always be ready on a very short timeout, but
won't necessarily have a packet to process. In these case, sometimes
the time won't get updated for a long time and timers don't function
correctly.
 2021-07-22 14:08:21 -07:00
Tim Wojtulewicz
9383c926ad Merge remote-tracking branch 'origin/topic/johanna/gh-1687' 
* origin/topic/johanna/gh-1687:
  Fix handling of timers when cloning TableVals
 2021-07-21 11:41:34 -07:00
Johanna Amann
13cfa4c938 Fix handling of timers when cloning TableVals 
When cloning TableVals, a new timer was created for the wrong object
(the existing TableVal, not the clone). This lead to the already
existing timer being no longer accessible. Which, in turn, leads to an
abandoned timer reading into no longer allocated data when the original
TableVal is deleted.

Fixes GH-1687
 2021-07-21 12:52:22 +01:00
Tim Wojtulewicz
c58e4ec445 Update doc submodule [nomail] [skip ci] 2021-07-20 10:38:20 -07:00
Tim Wojtulewicz
f4016f34e8 Merge remote-tracking branch 'origin/topic/christian/btest-fodder-news' 
* origin/topic/christian/btest-fodder-news:
  Cover in NEWS the inclusion of btest tooling in the installation
 2021-07-20 09:58:27 -07:00
Tim Wojtulewicz
2d95c38148 Merge remote-tracking branch 'origin/topic/timw/send-email-on-docs-action-failure' 
* origin/topic/timw/send-email-on-docs-action-failure:
  Fix generate-docs github action to send email when it fails
 2021-07-20 09:56:17 -07:00
Tim Wojtulewicz
0209958475 Fix generate-docs github action to send email when it fails 2021-07-20 09:55:17 -07:00
Christian Kreibich
8ed5d462cc Merge branch 'topic/christian/lets-be-greedy' 
* topic/christian/lets-be-greedy:
  Use Cirrus's new greedy mode for parallelizing builds and tests
 2021-07-19 16:55:13 -07:00
Christian Kreibich
a6daa80730 Cover in NEWS the inclusion of btest tooling in the installation 
[skip ci]
 2021-07-19 16:47:21 -07:00
Christian Kreibich
959de22349 Use Cirrus's new greedy mode for parallelizing builds and tests 
This oversubscribes our cores 2x, which testing shows we actually
run with at times: speedup is around a third on average for builds,
and a bit more than that for testing.

Also some light Bashification in ci/build.sh, for consistency.
 2021-07-19 13:44:16 -07:00
Tim Wojtulewicz
d8b0ee0853 Merge remote-tracking branch 'origin/topic/christian/bump-highwayhash' 
* origin/topic/christian/bump-highwayhash:
  Bump highwayhash to pull in FreeBSD 14 fix
 2021-07-19 08:56:59 -07:00
Tim Wojtulewicz
58a5118149 Merge remote-tracking branch 'origin/topic/robin/update-doctest' 
* origin/topic/robin/update-doctest:
  Update 3rdparty submodule to pull in doctest to 2.4.6.
 2021-07-19 08:55:19 -07:00
Tim Wojtulewicz
449a5e0fc3 Merge remote-tracking branch 'origin/topic/robin/fix-plugin-port-registration' 
* origin/topic/robin/fix-plugin-port-registration:
  Fix registration of protocol analyzers from inside plugins.
 2021-07-19 08:54:42 -07:00
Robin Sommer
bb59e7e0c8 Update 3rdparty submodule to pull in doctest to 2.4.6. 
Our old version didn't support compilation on Apple's M1 yet.
 2021-07-18 10:07:01 +02:00
Robin Sommer
a7343ee019 Fix registration of protocol analyzers from inside plugins. 
With the recent packet manager work, it broke to register a protocol
analyzer for a specific port from inside a plugin's initialization code.
That's because that registration now depends on the packet manager being
set up, which isn't case at that time a plugin's `InitPostInit()` runs.
This fix contains two parts:

    - Initialize the packet manager before the analyzer manager, so that
      the latter's `InitPostScript()` can rely on the former being
      ready.

    - Change the analyzer manager to (only) record port registrations
      happening before it's fully initialized. Its `InitPostScript()`
      then performs the actual registrations, knowing it can use the
      packet manager now.

This comes with a `cmake/` to add a missing include directory.
 2021-07-18 10:00:49 +02:00
Tim Wojtulewicz
6e3d2d4516 Merge remote-tracking branch 'origin/topic/timw/caf-0-18-5' 
* origin/topic/timw/caf-0-18-5:
  Update broker submodule for new CAF version
 2021-07-16 22:44:18 -07:00
Tim Wojtulewicz
1d69a698de Update broker submodule for new CAF version 2021-07-16 19:07:17 -07:00
zeek-bot
b330a95050 Update doc submodule [nomail] [skip ci] 2021-07-16 00:31:40 +00:00
Christian Kreibich
9f8b21fc51 Bump highwayhash to pull in FreeBSD 14 fix 2021-07-15 17:04:11 -07:00
Tim Wojtulewicz
db72849bdb Setup generate-docs workflow to run on push to test branch 2021-07-15 15:14:05 -07:00
Tim Wojtulewicz
3c7a2b1450 Merge remote-tracking branch 'origin/topic/vlad/dns_rr_fixes' 
* origin/topic/vlad/dns_rr_fixes:
  Add a TODO to return a correct status for ParseRR_WKS
  Remove unnecessary if
  Generate dns_WKS_reply event
  dns_HINFO_reply event was never being generated.
 2021-07-15 11:33:44 -07:00
Vlad Grigorescu
5e021f7d3c Add a TODO to return a correct status for ParseRR_WKS 2021-07-15 13:03:38 -05:00
Vlad Grigorescu
5f3fa57298 Remove unnecessary if 2021-07-15 13:02:23 -05:00
Tim Wojtulewicz
e75a40edb3 Update scripts/site/local-compat test for 4.2 cycle 2021-07-15 17:36:13 +00:00
Tim Wojtulewicz
62aa2fe7ba Merge remote-tracking branch 'origin/topic/robin/vector-string-tests' 
* origin/topic/robin/vector-string-tests:
  Remove tests for deprecated operators.
  Add tests for operations on vectors of string.
 2021-07-15 09:50:36 -07:00
Vlad Grigorescu
8b4c2a88a5 Generate dns_WKS_reply event 2021-07-15 10:11:48 -05:00
Vlad Grigorescu
15b294098c dns_HINFO_reply event was never being generated. 
On top of that, I modified the event to pass the relevant fields from the DNS message.
 2021-07-15 09:56:38 -05:00