Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6849 commits 385 branches 195 tags 261 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Josh Liburdi
af1f4be529 Added comments and TODOs 2015-02-15 10:16:16 -08:00
Josh Liburdi
0648dafa54 Removed scheduling of rdp_tracker event in server response events 2015-02-15 10:08:31 -08:00
Josh Liburdi
fd655aa85d Removed debug code for SSL 2015-02-15 09:24:28 -08:00
Josh Liburdi
c268898e04 Add btest for FreeRDP pcap sample (NLA authentication) 
https://github.com/FreeRDP/FreeRDP/wiki/Network-Level-Authentication
 2015-02-14 14:01:46 -08:00
Josh Liburdi
d0e2d64cfc Add btest for Wireshark sample pcap (native RDP encryption) 
http://wiki.wireshark.org/RDP
 2015-02-14 13:59:59 -08:00
jshlbrd
2fcddc6441 Update init-default.bro 
Commented out mysql
 2015-02-14 13:31:23 -08:00
Josh Liburdi
46713fb5c7 Init RDP analyzer 2015-02-14 13:16:48 -08:00
Seth Hall
b00bd7702f Add the ability to remove surrounding braces from the JSON formatter. 2015-02-13 22:02:54 -05:00
Jon Siwek
4bcb9d2d92 Updating submodule(s). 
[nomail]
 2015-02-13 18:04:17 -06:00
Jon Siwek
8e4f4b46f7 Updating submodule(s). 
[nomail]
 2015-02-13 16:23:43 -06:00
Jon Siwek
062baefde0 Add 'while' statement to Bro language. 2015-02-13 11:26:54 -06:00
Jon Siwek
212368b245 Merge remote-tracking branch 'origin/topic/jsiwek/socks-authentication' 
* origin/topic/jsiwek/socks-authentication:
  Refactor SOCKS5 user/pass authentication support.
  Update the SOCKS analyzer to support user/pass login.

BIT-1011 #merged
 2015-02-13 09:15:50 -06:00
Jon Siwek
961fd06cad Refactor SOCKS5 user/pass authentication support. 
- Rename event "socks_login_userpass" to "socks_login_userpass_request"
- Rename event "socks_login_reply" to "socks_login_userpass_reply"
- Split unsupported authN weird into 2 types: method vs. version

Addresses BIT-1011
 2015-02-12 17:06:38 -06:00
Jon Siwek
035cce96ac Merge branch 'fastpath' 
* fastpath:
  Submodule update - newest sqlite version
 2015-02-12 12:19:23 -06:00
Jon Siwek
5a73c11baa broker integration: fix memory leak, add leak tests 
Leak tests won't pass w/ libcaf 0.12.2, needs the develop branch
(actor-framework@a89485a3098965f104264808994fabfbc3a1bf61).
 2015-02-12 11:40:04 -06:00
Jon Siwek
88af106b6b Fix use of deprecated gperftools headers. 
As of gperftools 2.0 (Feb. 2012), they've been renamed in to
gperftools/ instead of google/, and as of gperftools 2.2, including
the later emits deprecation warnings.
 2015-02-11 13:56:34 -06:00
Jon Siwek
dab4d6c8bd Update broker submodule. 2015-02-11 13:21:36 -06:00
Jon Siwek
8e4d37d5c1 Improve comm tests. 
Same old problems: hard to get termination conditions right.
 2015-02-11 11:21:01 -06:00
Jon Siwek
07cba950b8 Fix gcc compile warnings. 2015-02-10 16:14:49 -06:00
Jon Siwek
6d868d83be broker integration: fix unit tests to work when broker is not enabled. 2015-02-10 13:44:04 -06:00
Jon Siwek
fc36777e66 Add --enable-c++11 configure flag. 
And try to detect that compiler version is sufficient for C++11 support.
--enable-broker implies --enable-c++11
 2015-02-10 12:34:47 -06:00
Jon Siwek
bdf21c054a broker integration: add (un)publish/(un)advertise functions 
For when one wants to manually tune pub/sub behavior instead of use the
default automatic settings of allowing publication to all peers and
advertising all subscriptions to all peers.
 2015-02-10 09:51:57 -06:00
Jon Siwek
ebc9407a2b broker integration: add knobs to set auto publish/advertise behavior 2015-02-09 16:26:31 -06:00
Jon Siwek
cfb666af2b broker integration: move listen port for unit tests to a btest variable 
Later, this might be something btest itself could provide to help
parallelize communication tests.  E.g. unit tests requests a unique
number from some range and btest coordinates the distribution of those
among all tests.
 2015-02-09 16:01:31 -06:00
Jon Siwek
afc5767165 broker integration: add events for incoming connection status updates 
e.g. for the listen() side of connections to tell when peers have
connected or disconnected.
 2015-02-09 15:48:42 -06:00
Johanna Amann
5f0a27ca31 Submodule update - newest sqlite version 2015-02-09 12:10:49 -08:00
Robin Sommer
23b9705a7b Fixing analyzer tag types for some Files::* functions. 2015-02-08 18:23:22 -08:00
Robin Sommer
530c3c0c6b Changing load order for plugin scripts. 
This can be need if they depends on each other.
 2015-02-08 18:22:59 -08:00
Vlad Grigorescu
4a2d7f1d39 SIP: Move to the new string BIFs 2015-02-06 20:00:38 -05:00
Vlad Grigorescu
dde3ce90f8 SIP: Move to new analyzer format. 2015-02-06 19:57:48 -05:00
Vlad Grigorescu
d852fe8b52 Merge remote-tracking branch 'origin/master' into topic/vladg/sip 2015-02-06 19:49:23 -05:00
Vlad Grigorescu
95f3696c91 Kerberos: Remove debugging output. 2015-02-06 19:44:57 -05:00
Vlad Grigorescu
843afce7d9 Kerberos: Fix a memleak. 2015-02-06 19:42:34 -05:00
Vlad Grigorescu
3190ca275e SSH: Fix some memleaks. 2015-02-06 19:32:08 -05:00
Vlad Grigorescu
fc721d2d25 Merge remote-tracking branch 'origin/master' into topic/vladg/ssh 2015-02-06 18:58:38 -05:00
Jon Siwek
0253f49a94 broker integration: adapt to change in expiration_time 2015-02-06 16:54:01 -06:00
Vlad Grigorescu
9f19c74a10 Kerberos: A couple small tweaks. 2015-02-06 13:05:09 -05:00
Vlad Grigorescu
dfc42ffe8a Kerberos: Fix parsing of the cipher in tickets, and add it to the log. 2015-02-06 11:48:46 -05:00
Vlad Grigorescu
5bba7ad1eb Kerberos: A couple more formatting fixes. 2015-02-05 16:06:31 -05:00
Vlad Grigorescu
a8373b60e7 Change krb Info string to success bool 2015-02-05 14:30:18 -05:00
Vlad Grigorescu
7e1fcb1a10 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 2015-02-05 14:22:29 -05:00
Vlad Grigorescu
444ff240bd Clean up formatting. 2015-02-05 14:21:34 -05:00
Vlad Grigorescu
aea0ae453e Documentation update, and rework events a bit. 2015-02-05 14:05:56 -05:00
Seth Hall
9592f64225 Update the SOCKS analyzer to support user/pass login. 
- This addresses BIT-1011
 - Add a new field to socks.log; "password".
 - Two new events; socks_login_userpass and socks_login_reply.
 - One new weird for unsupported authentication method.
 - A new test for authenticated socks traffic.
 - Credit to Nicolas Retrain for the initial patch.  Thanks!
 2015-02-05 12:44:10 -05:00
Jon Siwek
1012539ded Merge branch 'topic/seth/small-files-bof-handling-fix' 
* topic/seth/small-files-bof-handling-fix:
  Fix a bug in the core files framework with handling the BOF buffer.

BIT-1310 #merged
 2015-02-05 10:10:00 -06:00
Jon Siwek
8859c73bde Add/fix log fields in x509 diff canonifier. 2015-02-05 10:04:04 -06:00
Jon Siwek
08bb4b2274 Merge branch 'master' of https://github.com/msmiley/bro 
* 'master' of https://github.com/msmiley/bro:
  "id" not defined for debug code
 2015-02-05 10:03:39 -06:00
Seth Hall
a97cd1f3a2 Fix a bug in the core files framework with handling the BOF buffer. 
- Any files where the total size was below the size of the
   default bof_buffer size couldn't have stream analyzers successfully
   attached because the bof_buffer never reached the full size
   and was never flushed.  This branch explicitly marks the buf_buffer
   as full and flushes it when the file is being removed.
 2015-02-05 09:09:08 -05:00
Seth Hall
9a71f8aa86 Initial commit of RadioTap encapsulation support) 
- It works for me, but I believe that one of the headers I'm stripping
   is variable length so this is unlikely to be complete.
 2015-02-04 23:33:20 -05:00
Vlad Grigorescu
457ad73e6d Add support for the SAFE message type. 2015-02-04 17:28:09 -05:00