Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6849 commits 387 branches 195 tags 259 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
8fb708b9b2 Adding an environemtn variable to btest.cfg for external scripts. 2015-07-13 22:13:10 -07:00
Robin Sommer
31dda41169 Updating submodule(s). 
[nomail]
 2015-07-10 07:15:40 -07:00
Justin Azoff
8d8dc890dd Correct perl package name on freebsd 
Based on feedback on IRC, the correct package name is 'perl5', not 'perl'
 2015-07-10 08:35:18 -04:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Robin Sommer
85b433b13f Adding a weird for when truncated packets lead TCP reassembly to 
ignore content.

(Private test suite has a bunch of test cases.)
 2015-07-03 11:06:05 -07:00
Robin Sommer
de3932bc42 A bit more cleanup for the new overlap detection. 2015-07-03 09:05:44 -07:00
Robin Sommer
5d30be2083 A set of tests exercising IP defragmentation and TCP reassembly. 2015-07-03 08:40:22 -07:00
Robin Sommer
c1f060be63 Merge branch 'topic/yunzheng/bit-1314' 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
 2015-07-03 08:40:12 -07:00
Robin Sommer
46fc3db8cc Merge remote-tracking branch 'origin/topic/jsiwek/mime-multipart-boundary-leniency' 
* origin/topic/jsiwek/mime-multipart-boundary-leniency:
  Allow '<' and '>' in MIME multipart boundaries.

BIT-1400 #merged
 2015-06-28 12:31:47 -07:00
Robin Sommer
264a824fcc Merge remote-tracking branch 'origin/topic/seth/deflate-missing-headers-fix' 
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...

* origin/topic/seth/deflate-missing-headers-fix:
  Fixes an issue with missing zlib headers on deflated HTTP content.

BIT-1399 #merged
 2015-06-28 12:23:36 -07:00
Robin Sommer
0ac506fd1a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Correct the name used in the header identifier
 2015-06-25 07:12:08 -07:00
Justin Azoff
5c060f302e Correct the name used in the header identifier 2015-06-24 12:26:54 -04:00
Robin Sommer
408c0d8ac3 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Restore the --load-seeds cmd-line option
 2015-06-24 07:51:08 -07:00
Daniel Thayer
368c1463ab Restore the --load-seeds cmd-line option 
Also enabled the short options -G/-H for --load-seeds/--save-seeds.
 2015-06-23 13:16:31 -05:00
Robin Sommer
b98708bf14 Removing dead code for no longer supported -G switch. 2015-06-19 16:27:08 -07:00
Robin Sommer
ffa254acd0 Merge remote-tracking branch 'origin/topic/seth/modbus_dpd_fix' 
* origin/topic/seth/modbus_dpd_fix:
  Call ProtocolConfirmed on modbus
 2015-06-19 14:08:13 -07:00
Robin Sommer
d54667803b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Put cmd-line options in alphabetical order
 2015-06-19 09:13:59 -07:00
Seth Hall
7d105935b1 Call ProtocolConfirmed on modbus 
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.

A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
 2015-06-19 07:00:38 -04:00
Daniel Thayer
6c812bd5d6 Put cmd-line options in alphabetical order 
Sorted cmd-line options in alphabetical order to make it easier to
add or remove options (or even to just check if they're listed
correctly in the source code).
 2015-06-18 12:39:46 -05:00
Jon Siwek
668f3e38ad Updating submodule(s). 
[nomail]
 2015-06-11 12:15:33 -05:00
Johanna Amann
af1a663410 Update submodule 
[nomail]
 2015-06-09 07:31:28 -07:00
Robin Sommer
94c3e32cfa Fixing tiny thing in NEWS. 2015-06-09 07:01:06 -07:00
Johanna Amann
8402ec3b1c Updating submodule(s) and tagging release. 2015-06-08 13:28:17 -07:00
Robin Sommer
582da62d04 Fix reporter errors with GridFTP traffic. 2015-06-08 09:42:06 -07:00
Robin Sommer
659de2b357 Updating submodule(s). 
[nomail]
 2015-06-07 20:59:24 -07:00
Robin Sommer
795a3b8ad8 PE Analyzer: Change how we calculate the rva_table size. 2015-06-06 08:21:27 -07:00
Jon Siwek
7de83e0cf0 Fix a unit test to check for Broker requirement. 2015-06-05 09:10:50 -05:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Robin Sommer
74c83058e6 Test for Broker termination. 2015-06-04 14:48:58 -07:00
Robin Sommer
476a5dbc34 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1408' 
BIT-1408 #merged

* origin/topic/jsiwek/bit-1408:
  BIT-1408: improve I/O loop and Broker IOSource.
 2015-06-04 14:46:30 -07:00
Johanna Amann
e6834367fd miscelaneous missing bits and pieces 2015-06-04 11:16:42 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Robin Sommer
45ccf3abda Updating submodule(s). 
[nomail]
 2015-06-03 09:03:27 -07:00
Jon Siwek
58ea1ff458 BIT-1408: improve I/O loop and Broker IOSource. 2015-06-03 08:25:49 -05:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Jeff Barber
49ece39cb6 One more tinker to Packet -- ensure no uninitialized values 2015-06-02 16:37:23 -04:00
Jeff Barber
97ab422e17 Packet::IP()-created IP_Hdr should not free 2015-06-02 16:37:16 -04:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Robin Sommer
a6618eb964 Merge branch 'master' of git.bro.org:bro 2015-06-02 10:37:31 -07:00
Seth Hall
217ccf6063 Add signature support for F4M files. 2015-06-02 12:48:53 -04:00
Robin Sommer
26d10d88d2 Merge remote-tracking branch 'origin/topic/dnthayer/doc-improvements-2.4' 
Lots of good stuff! Thanks for catchign the plugin doc inconsistencies!

* origin/topic/dnthayer/doc-improvements-2.4:
  Add missing documentation on the "Bro Package Index" page
  More improvements to the Logging Framework doc
  Fix documentation typo
  Update the "Log Files" documentation
  Add links in the logging framework doc
  Add a link to the bro-plugins documentation
  Update bro man page
  Update script language reference documentation
  Fix typos in the "writing bro plugins" doc
  Fix a "make doc" warning
  Improve logging framework doc
  Add link to broctl doc from the quickstart doc
  Update install documentation and fix some typos
  Minor improvements to logging framework documentation
  Correct a minor typo in the docs
 2015-06-02 09:44:51 -07:00
Robin Sommer
6791c9a81d Merge remote-tracking branch 'origin/topic/vladg/bit-1410' 
BIT-1410 #merged

* origin/topic/vladg/bit-1410:
  Add memleak btest for attachments over SMTP.
  BIT-1410: Add btest
  BIT-1410: Update baselines
  BIT-1410: Propagate is_orig to MIME_Mail
 2015-06-02 09:18:40 -07:00
Seth Hall
0eb345a25a Updating the Mozilla root certs. 2015-06-02 11:51:08 -04:00
Daniel Thayer
45caf8d2c1 Add missing documentation on the "Bro Package Index" page 2015-06-02 10:00:00 -05:00
Vlad Grigorescu
0a4604fe98 Add memleak btest for attachments over SMTP. 2015-06-01 21:14:52 -05:00
Johanna Amann
269e80b3e1 make pacf logging deal with wildcards in flows. 2015-06-01 18:57:16 -07:00
Vlad Grigorescu
847b16442b BIT-1410: Add btest 2015-06-01 20:49:04 -05:00