Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6849 commits 385 branches 195 tags 262 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vlad Grigorescu
05ecac2497 Refactored the SSH analyzer. Added supported for algorithm detection and more key exchange message types. 2015-01-13 12:02:31 -05:00
Johanna Amann
0480f0d811 small changes to ec curve names in a newer draft 2015-01-13 08:38:18 -08:00
Jon Siwek
39d51ca99c Improve documentation for connection_established event. 2015-01-12 09:38:50 -06:00
Jon Siwek
7120098ca2 Add support for building/linking broker within bro 
The new --enable-broker flag can be used to toggle the use of Broker,
which also implies building with -std=c++11, though nothing makes
use of these features at the moment.
 2015-01-08 16:43:07 -06:00
Jon Siwek
d8890ea009 Increase minimum required CMake version to 2.8. 2015-01-08 13:11:17 -06:00
Hui Lin
794273913f add test trace in which DNP3 packets are over UDP; update test scripts and baseline results 2015-01-07 15:04:22 -06:00
Jon Siwek
1ba0527cae Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Improve documentation of the Intelligence Framework
 2015-01-07 10:04:01 -06:00
Daniel Thayer
b5e9433b04 Improve documentation of the Intelligence Framework 
Added some missing information and rearranged a few sentences so the order
makes more sense.
 2015-01-07 00:01:35 -06:00
Vlad Grigorescu
245bd07af7 Add host key support for SSH1. 2015-01-06 21:23:18 -06:00
Vlad Grigorescu
5e206ed108 Add support for SSH1 2015-01-06 20:27:20 -06:00
Jon Siwek
593e74d4b7 Updating submodule(s). 
[nomail]
 2015-01-06 15:12:28 -06:00
Jon Siwek
4b6c683679 Merge remote-tracking branch 'origin/topic/jsiwek/file-reassembly-merge' 
* origin/topic/jsiwek/file-reassembly-merge:
  Add NEWS items related to file analysis changes.
  Revert "Workaround race condition in unified2 file module."
  Workaround race condition in unified2 file module.
  Fix reference counting bug in refactored file reassembly code.
  Change file extraction to explicitly NUL-fill gaps
  Review/fix/change file reassembly functionality.
  Improve TAR file detection and other small changes.
  Updates for file mime type identification.
  Updates the files event api and brings file reassembly up to master.
  More file reassembly work.
  Initial commit of file reassembly.
 2015-01-06 10:11:25 -06:00
Jon Siwek
58a9162ce7 Add NEWS items related to file analysis changes. 2015-01-05 16:57:24 -06:00
Jon Siwek
138438b88e Merge branch 'master' into topic/jsiwek/file-reassembly-merge 
Conflicts:
	testing/btest/Baseline/plugins.hooks/output
 2015-01-05 15:50:36 -06:00
Jon Siwek
1971d25a5c Fix race condition in unified2 file analyzer startup. 
Retrieval of extended alert information from sid-msg.map, gen-msg.map,
and classification.config files uses Bro's input framework, but since
the unified2 file analyzer also relies on the input framework,
coordination is needed to start analysis only after extended info has
been read at least once.
 2015-01-05 15:38:04 -06:00
Jon Siwek
a3d78cc830 Revert "Workaround race condition in unified2 file module." 
This reverts commit 1a03a95f35.
 2015-01-05 14:51:58 -06:00
Robin Sommer
494545f1eb Updating submodule(s). 
[nomail]
 2014-12-31 09:39:35 -08:00
Robin Sommer
bd8893f0d0 Changing Makefile's test-all to run test-all for broctl. 2014-12-31 09:19:09 -08:00
Robin Sommer
9af5fb1302 Updating submodule(s). 
[nomail]
 2014-12-31 09:14:55 -08:00
Robin Sommer
055e5c69f3 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Correct a typo in the Notice framework doc
 2014-12-31 09:06:24 -08:00
Vlad Grigorescu
727eada9ac Move SSH analyzer to new plugin architecture. 2014-12-27 17:46:42 -06:00
Vlad Grigorescu
fa98aee0a7 Merge remote-tracking branch 'origin/master' into topic/vladg/ssh 
Conflicts:
	src/analyzer/protocol/CMakeLists.txt
	src/analyzer/protocol/ssh/Plugin.cc
	src/analyzer/protocol/ssh/SSH.h
 2014-12-27 17:22:26 -06:00
Vlad Grigorescu
3ed6dd5585 A bit of code cleanup. 2014-12-27 17:19:43 -06:00
Daniel Thayer
15ec117da6 Correct a typo in the Notice framework doc 2014-12-18 11:57:32 -06:00
Jon Siwek
1a03a95f35 Workaround race condition in unified2 file module. 
This makes the unit test pass consistently, but need to see about
fixing it in the unified2 file module directly.
 2014-12-17 09:57:06 -06:00
Jon Siwek
6941538f81 Fix reference counting bug in refactored file reassembly code. 2014-12-16 20:58:27 -06:00
Jon Siwek
f6257618e5 Change file extraction to explicitly NUL-fill gaps 
Instead of expecting pwrite to do it.
 2014-12-16 20:56:15 -06:00
Jon Siwek
cbbe7b52dc Review/fix/change file reassembly functionality. 
- Re-arrange how some fa_file fields (e.g. source, connection info, mime
  type) get updated/set for consistency.

- Add more robust mechanisms for flushing the reassembly buffer.
  The goal being to report all gaps and deliveries to file analyzers
  regardless of the state of the reassembly buffer at the time it has to
  be flushed.
 2014-12-16 14:05:15 -06:00
Jon Siwek
edaf7edc11 Merge remote-tracking branch 'origin/topic/seth/files-reassembly-and-mime-updates' into topic/jsiwek/file-reassembly-merge 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-12-15 10:33:09 -06:00
Robin Sommer
6f2b8cbe78 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1298' 
* origin/topic/jsiwek/bit-1298:
  Change IP_Hdr copy ctor/assign to explicit method
  Fix PIA packet replay to deliver copy of IP header

BIT-1298 #merged
 2014-12-12 12:44:53 -08:00
Jon Siwek
d31b556b85 Change IP_Hdr copy ctor/assign to explicit method 
Addresses BIT-1298
 2014-12-12 14:14:24 -06:00
Robin Sommer
15cc08c940 Updating submodule(s). 
[nomail]
 2014-12-12 10:50:05 -08:00
Jon Siwek
c211a2c91a Fix PIA packet replay to deliver copy of IP header 
This prevented one from writing a packet-wise analyzer that needs access
to IP headers and can be attached to a connection via signature match.

None of the analyzers currently shipping are affected.  And maybe it's
unlikely there will be many that ever would be, but it's awkward for the
API to omit IP headers in this special case (i.e. packets buffer for use
with DPD signature matching).

Addresses BIT-1298
 2014-12-10 15:12:38 -06:00
Robin Sommer
69724c5e1f Updating submodule(s). 
[nomail]
 2014-12-08 13:57:08 -08:00
Robin Sommer
b40b3ef158 Merge remote-tracking branch 'origin/topic/dnthayer/ticket856' 
* origin/topic/dnthayer/ticket856:
  Improve man page for Bro
  Add man page for Bro

BIT-856 #merged
 2014-12-08 13:56:52 -08:00
Daniel Thayer
0a7d96dec3 Improve man page for Bro 2014-12-04 23:46:03 -06:00
Robin Sommer
665e6b00f1 Updating doc baselines. 2014-12-04 09:05:38 -08:00
Robin Sommer
a4e45dca80 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1295' 
* origin/topic/jsiwek/bit-1295:
  Fix compound assignment to require proper L-value.

BIT-1295 #merged
 2014-12-03 14:22:36 -08:00
Robin Sommer
bb7d94d9c5 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1296' 
* origin/topic/jsiwek/bit-1296:
  Make using local IDs in @if directives an error.

BIT-1296 #merged
 2014-12-03 14:14:23 -08:00
Robin Sommer
19d9a8bfa2 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some "make doc" warnings and update some doc tests
 2014-12-03 14:10:49 -08:00
Jon Siwek
cdbe459f20 Make using local IDs in @if directives an error. 
Addresses BIT-1296.
 2014-12-02 12:30:46 -06:00
Jon Siwek
3f590859bb Fix compound assignment to require proper L-value. 
Allows for catching more invalid assignments at parse-time instead of
aborting at runtime after realizing an assignment won't work.

Addresses BIT-1295.
 2014-12-02 10:12:48 -06:00
Seth Hall
379593c7fd Merge branch 'patch-1' of https://github.com/mpurzynski/bro 
- Adds version detection for Windows 10.
 2014-12-02 08:14:29 -05:00
Daniel Thayer
cc7286b628 Fix some "make doc" warnings and update some doc tests 2014-12-01 22:43:17 -06:00
Daniel Thayer
e4c9c58b9e Add man page for Bro 2014-12-01 20:58:37 -06:00
Jon Siwek
fe9e7d015e Update submodules/changes/version. 2014-12-01 12:17:34 -06:00
Christian Struck
df12384758 [ADD] base pacf framework and shunt script. 
It seems that there is a bug where things
are loaded in the wrong way.
 2014-12-01 10:16:38 -08:00
Jon Siwek
20ddf1e62f Merge branch 'master' of https://github.com/hillu/bro 
* 'master' of https://github.com/hillu/bro:
  BIFScanner: Make filename->symbol transformation more robust
 2014-12-01 12:08:07 -06:00
Jon Siwek
0a6b102e25 Merge remote-tracking branch 'origin/topic/johanna/ticket-1294' 
* origin/topic/johanna/ticket-1294:
  Do not change global event parameters in exec.bro

BIT-1294 #close
 2014-12-01 11:01:19 -06:00
Raúl Benencia
127a61597e Add/invoke "distclean" for testing directories. 
BIT-1292 #close
 2014-12-01 10:43:41 -06:00