Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6849 commits 387 branches 195 tags 259 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vlad Grigorescu
05ea2d43c7 BIT-1410: Update baselines 2015-06-01 20:38:59 -05:00
Vlad Grigorescu
60d07f8483 BIT-1410: Propagate is_orig to MIME_Mail 2015-06-01 20:26:58 -05:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Daniel Thayer
63aa61fcc9 More improvements to the Logging Framework doc 2015-06-01 16:36:44 -05:00
Daniel Thayer
7681263f91 Fix documentation typo 2015-06-01 14:29:03 -05:00
Daniel Thayer
4db9b8d792 Update the "Log Files" documentation 2015-06-01 14:26:09 -05:00
Johanna Amann
2f1ebed2e9 set the default idle timeout to 0 (= disable), because pacf actually 
does not directly support this concept. If someone wants idle timeouts,
they can just re-enable them with a redef.
 2015-06-01 10:46:39 -07:00
Seth Hall
097354a43f Updates for the urls.bro script. Fixes BIT-1404. 2015-06-01 11:38:26 -04:00
Daniel Thayer
4ddfe0ed83 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-improvements-2.4 2015-05-31 23:49:38 -05:00
Daniel Thayer
b6920ac188 Add links in the logging framework doc 
Added links to the log writers that are available as external plugins.
 2015-05-31 23:34:19 -05:00
Daniel Thayer
648d091b29 Add a link to the bro-plugins documentation 2015-05-31 23:17:59 -05:00
Daniel Thayer
6bd24780b5 Update bro man page 2015-05-31 23:04:30 -05:00
Daniel Thayer
d0e304de46 Update script language reference documentation 2015-05-30 01:35:55 -05:00
Daniel Thayer
260b25f20a Fix typos in the "writing bro plugins" doc 2015-05-30 00:18:04 -05:00
Daniel Thayer
24701f2678 Fix a "make doc" warning 
Also fixed some indentation.
 2015-05-29 14:38:50 -05:00
Jeff Barber
72fca3ee26 Make enums work for non-C++11 config 2015-05-29 10:37:43 -04:00
Jeff Barber
30fdc37479 Refactor to make bro use a common Packet object. 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
 2015-05-29 10:37:39 -04:00
Johanna Amann
3bd513785f make rule id generation in non-cluster mode work again 2015-05-28 16:58:55 -07:00
Daniel Thayer
7cf04c9f3a Improve logging framework doc 
Reorganized the content to be easier to follow, added a few more examples,
fixed some ugly formatting (removed scrollbars that make the examples
difficult to read).
 2015-05-28 17:52:32 -05:00
Robin Sommer
2b1cd66f17 Updating CHANGES and VERSION. 2015-05-28 13:37:52 -07:00
Robin Sommer
fbf40090a8 Updating submodule(s). 
[nomail]
 2015-05-28 13:20:44 -07:00
Robin Sommer
0a9b768e46 Updating submodule(s). 
[nomail]
 2015-05-28 12:15:48 -07:00
Robin Sommer
d9ef8c36c9 Updating submodule(s). 
[nomail]
 2015-05-28 12:02:26 -07:00
Robin Sommer
a3290d194c Fix segfault when DNS is not available. 
Based on patch by Frank Meier.

BIT-1387 #merged
 2015-05-28 11:52:54 -07:00
Yun Zheng Hu
2aa214d835 BIT-1314: Added QI test for rexmit_inconsistency 2015-05-28 12:12:22 +02:00
Yun Zheng Hu
b386b2ba51 BIT-1314: Add detection for Quantum Insert attacks 
TCP_Reassembler can now keep a history of old TCP segments using the
`tcp_max_old_segments` option. A value of zero will disable it.

An overlapping segment with different data can indicate a possible
TCP injection attack. The rexmit_inconsistency event will fire if this
is the case.
 2015-05-28 12:11:06 +02:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Daniel Thayer
e02ad1711c Add link to broctl doc from the quickstart doc 2015-05-27 16:23:02 -05:00
Johanna Amann
5147b0bb02 set fedora 21 specific environment variable to not make it complain about 
md5 signed certs.

Addresses BIT-1402
 2015-05-27 12:24:21 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
f2be226a5a make openflow framework work in clusters. 2015-05-26 13:55:16 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Daniel Thayer
fcaf1d9c95 Update install documentation and fix some typos 2015-05-25 13:08:03 -05:00
Daniel Thayer
9cde2be727 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-improvements-2.4 2015-05-25 11:59:34 -05:00
Johanna Amann
94fbd492ca update a few consts to openflow 1.3 - we downconvert them to the less 
common 1.0 in the controller when necessary.
 2015-05-23 12:17:56 -07:00
Johanna Amann
30e305cf4b we also really want to get notifications upon flow removal 2015-05-22 19:19:11 -07:00
Johanna Amann
870acea8a9 deal with the fact that some pacf rules create two openflow messages 
and that the return events need to unify them again...

More or less untested.
 2015-05-22 18:59:40 -07:00
Johanna Amann
93b79c87bd it makes much more sense for the high level api to still return rule 
numbers.
 2015-05-22 18:07:57 -07:00
Johanna Amann
b9953e7048 change type of flow_mod entries to count - the type is defined in other 
records and this leads to unfortunate problems with external scripts that would
have to convert values into bro port types themseves.
 2015-05-22 13:37:57 -07:00
Jon Siwek
08822e0dd4 Allow '<' and '>' in MIME multipart boundaries. 
The spec doesn't actually seem to permit these, but Seth had a (private)
pcap showing them used in the wild (and the HTTP/MIME analyzer failed to
parse content as a result).
 2015-05-22 11:46:50 -05:00
Jon Siwek
c870fefbef Updating submodule(s). 
[nomail]
 2015-05-20 13:00:58 -05:00
Johanna Amann
5f0a630116 add support for switches notifying openflow and pacf about flow removal. 
I just noticed - the OpenFlow events also really should send the
instance of openflow that they are with them. That is a... tad
complicated though due to a number of reasons (among others how the
events are currently generated), so this will have to wait for a bit.
 2015-05-18 13:38:38 -07:00
Seth Hall
ea2ce67c5f Fixes an issue with missing zlib headers on deflated HTTP content. 
- Includes a test.
 2015-05-18 14:30:32 -04:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00
Johanna Amann
6014b395b8 handle the notification events correctly. 
Now if a rule is inserted correctly (or fails to be inserted) into
openflow, we actually get the corresponding Pacf events that everything
worked.
 2015-05-15 11:24:18 -07:00
Johanna Amann
8c292ddd49 Allow pacf openflow plugin to speficy a priority offset. 2015-05-14 08:15:43 -07:00
Johanna Amann
208d150a0e Change openflow plugin for broker and allow specification of topics per 
instance.
 2015-05-13 16:23:24 -07:00
Johanna Amann
73d22a2dbd add Pacf plugin for the internal Bro PacketFilter (not BPF) 2015-05-12 15:12:16 -07:00
Johanna Amann
ed65fdb6ba Make Flow a separate, more flexible type in PACF. 
This allows the use of wildcards, etc. in rules and removes the need
for a few entity types that were separate so far.
 2015-05-12 13:37:16 -07:00
Johanna Amann
a51ee45e05 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-05-12 13:08:32 -07:00