Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6849 commits 385 branches 195 tags 262 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Jon Siwek
7ef1409b40 Change find-bro-logs unit test to follow symlinks. 2014-10-09 16:02:13 -05:00
Jon Siwek
0632352f2a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add error checks and messages to a test script
 2014-10-09 15:59:12 -05:00
Vlad Grigorescu
c4eb7e2377 Add support for TRANSACTION subcommands. 2014-10-08 18:01:55 -04:00
Vlad Grigorescu
466a1e55e8 Fix SMB string handling. 2014-10-08 17:23:32 -04:00
Vlad Grigorescu
10db1b552d Add username tracking 2014-10-08 17:23:20 -04:00
Vlad Grigorescu
f38a580c8c Add support for transaction2 Find_First2. 2014-10-08 16:29:51 -04:00
Vlad Grigorescu
261f6e8c45 Fix a segfault, and add script-level support for some more commands. 2014-10-08 12:06:33 -04:00
Daniel Thayer
072dad6508 Add error checks and messages to a test script 2014-10-08 10:42:35 -05:00
Robin Sommer
f4f5cfd321 Further baseline normalization for plugin test portability. 2014-10-08 08:16:31 -07:00
Vlad Grigorescu
e9c398a41c Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/vladg/smb 2014-10-08 10:54:56 -04:00
Seth Hall
24a809b53e Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 2014-10-08 10:04:22 -04:00
Seth Hall
d77243823f Updates for file mime type identification. 
- Change to the default BOF buffer size to 3000 (was 1024).
 - Reorganized MS signatures into a separate file
 - Improved lots of the signatures and added new ones.
 2014-10-08 02:12:10 -04:00
Robin Sommer
81933d25a8 Fix for test portability. 2014-10-07 20:18:31 -07:00
Gilbert Clark
be5cb549a9 Re-updating plugin.hooks test to include new argument output (after merge). 2014-10-07 22:11:41 -04:00
Gilbert Clark
17e1d2a809 Merge branch 'master' into topic/gilbert/plugin-api-tweak 
Conflicts:
	testing/btest/Baseline/plugins.hooks/output
 2014-10-07 21:57:13 -04:00
Robin Sommer
91c218d44a Include plugin unit tests into the top-level btest configuration. 
Turns out they weren't part of it yet. Comes with some baseline updates.
 2014-10-07 15:33:18 -07:00
Robin Sommer
38beb6632e Switching the prefix separator for packet source/dumper plugins once 
more, now to "::".

Addresses BIT-1267.
 2014-10-07 15:27:16 -07:00
Robin Sommer
56a2a1a1e5 Fix for allowing a packet source plugin to provide multiple prefixes 
with a colon.
 2014-10-07 15:26:30 -07:00
Robin Sommer
446578ea97 Updating plugin documentation. 
Extending debugging section a bit, and claryyhing why some content is
missing. Also linking into new development section at top-level.
 2014-10-07 15:14:39 -07:00
Robin Sommer
21a0e12d82 Merge remote-tracking branch 'origin/topic/jdopheid/BIT-1242' 
* origin/topic/jdopheid/BIT-1242:
  Improved the log file reference documentation
  Added missing log files prof, stderr, stdout
  Add a test that detects changes in the list of all Bro log files
  Broke down logs into grouped sections based on use & origin
  Adding deatils for modbus_register_change.log
  More updates to log files page: descriptions
  Changing name of file
  New page for List of Log files, linked to script-reference

Very nice. I've reorganized slightly more, mostly to shrink down the
"other" category: moved some of that into "Detection" and "Files" (the
latter is small, but will hopefully grow).

BIT-1242 #merged
 2014-10-07 14:35:19 -07:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Robin Sommer
175ff9cf2d Merge remote-tracking branch 'origin/topic/dnthayer/langref' 
* origin/topic/dnthayer/langref:
  Minor improvements to script language reference docs
  Add more script language reference documentation
  Split the types and attributes reference doc into two docs

Wow, this is great!

BIT-1269 #merged
 2014-10-07 14:18:08 -07:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Daniel Thayer
0ab36bca26 Merge remote-tracking branch 'origin/master' into topic/dnthayer/langref 2014-10-06 13:34:22 -05:00
Daniel Thayer
f24adc1a95 Minor improvements to script language reference docs 2014-10-06 13:27:21 -05:00
Vlad Grigorescu
06dffb592b Trivial: Clean up whitespace/make it more consistent. 2014-10-06 13:38:18 -04:00
Vlad Grigorescu
ad0ce3481d A couple more small fixes for NTLM. 2014-10-06 12:37:59 -04:00
Seth Hall
80656d5294 Improves shockwave flash file signatures. 
- This moves the signatures out of the libmagic imported signatures
   and into our own general.sig.

 - Expand the detection to LZMA compressed flash files.
 2014-10-06 11:13:13 -04:00
Vlad Grigorescu
9a947eaffe Redo the NTLM parsing to correctly parse ASN.1. Previously, this was causing it to prematurely raise a protocol violation on many (most?) connections. 2014-10-03 19:19:07 -04:00
Jon Siwek
b3ff415120 Fix uninitialized router_list argument in dhcp_offer/dhcp_ack. 
BIT-1268 #close
 2014-10-03 09:43:44 -05:00
Gilbert Clark
619062fb55 Fixing logic errors in HandlePluginResult 2014-10-02 20:25:47 -04:00
Robin Sommer
1555eb65d4 Updating plugin docs. 
The remaining components are now supported as well.
 2014-10-02 16:39:51 -07:00
Gilbert Clark
70c7258dfa Updating tests and tweaking HookArgument to include Frame support. 
* Add frame support to HookArgument, since it's a new argument to HookCallFunction
* Fix test in api-version-mismatch to remove absolute paths from output
* Update test plugin to use new HookCallFunction interface
 2014-10-02 19:23:59 -04:00
Robin Sommer
bd87d7d3c6 Merge remote-tracking branch 'origin/topic/jsiwek/pktsrc-idle' 
* origin/topic/jsiwek/pktsrc-idle:
  Fix packet sources being treated as idle when a packet is available.

BIT-1266 #closed

Thanks, Jon!
 2014-10-02 12:36:11 -07:00
Jon Siwek
31b7e984d1 Fix packet sources being treated as idle when a packet is available. 
Addresses BIT-1266.
 2014-10-02 12:16:33 -05:00
Jon Siwek
9cd85be308 Fix regression causing the main loop to spin more frequently. 
Addresses BIT-1266.
 2014-10-02 11:33:37 -05:00
Gilbert Clark
0104d7147d Merging master into branch. 
Merge branch 'master' into topic/gilbert/plugin-api-tweak
 2014-10-01 21:19:02 -04:00
Daniel Thayer
c16384b914 Improved the log file reference documentation 
Reorganized the log file reference documentation, improved some of the
descriptions, and corrected a typo in a log filename.  Also removed
non-ascii characters that somehow got in the text.
 2014-09-30 00:45:28 -05:00
Robin Sommer
d9889d489f Fix to use length parameter in DNP3 time conversion correctly now. 2014-09-29 20:07:32 -07:00
Robin Sommer
64102e6f4f Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  new ssl extension type from iana and a few other ssl const changes.
  adding a function in dnp3-analyzer.pac to translate the time stamp format
  Make unexpected pipe errors fatal as precaution.

I added a lenght parameter to the DNP3 time conversion function to not
accidentally run into trouble later if there were ever any other
buffers passed in.
 2014-09-29 17:07:51 -07:00
Jeannette Dopheide
999f846abe Added missing log files prof, stderr, stdout 2014-09-29 10:50:46 -05:00
Jon Siwek
c7354c6fa0 Fix possible seg fault in TCP reassembler. 2014-09-29 10:43:05 -05:00
Johanna Amann
470d868558 new ssl extension type from iana and a few other ssl const changes. 2014-09-28 14:29:12 +02:00
Gilbert Clark
d639488d36 Incremental commit: implementing a wrapper for the Val class. 
Just a checkpoint: need to add / update tests to make sure things work as expected.  Should build / pass core btests, though.
 2014-09-27 08:03:30 -04:00
Seth Hall
e4ca588127 Does the initial effort to add the SMB2 SetInfo command and better handle file lengths. 2014-09-27 03:11:01 -04:00
Daniel Thayer
6dc4863d81 Add a test that detects changes in the list of all Bro log files 2014-09-26 22:06:56 -05:00
Hui Lin
6e7a4a4fee Merge branch 'fastpath' of git://git.bro-ids.org/bro into fastpath 2014-09-26 14:48:58 -05:00
Hui Lin
f933899b17 adding a function in dnp3-analyzer.pac to translate the time stamp format 2014-09-26 14:47:51 -05:00
Jon Siwek
57d0346789 Make unexpected pipe errors fatal as precaution. 
Addresses BIT-1260.
 2014-09-26 10:59:40 -05:00