Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6849 commits 387 branches 195 tags 264 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johanna Amann
f01e8629fc fix more http links. 
This does not break the layout, thus these are not really important enough for the .1.
 2014-09-04 22:43:25 -07:00
Robin Sommer
042afd2feb Fixing remaining tests. 2014-09-04 20:55:44 -07:00
Robin Sommer
6e33c92cf0 Adding test for dynamic packet dumper plugin. 2014-09-04 20:30:28 -07:00
Gilbert Clark
2446a942e0 Plugin API: minor change (adding parent frame) to support calling methods from hook. Also declare network time update argument to be const because good practice. 2014-09-04 20:41:44 -04:00
Robin Sommer
daae28c72e Merge remote-tracking branch 'origin/topic/johanna/ticket-1212' 
* origin/topic/johanna/ticket-1212:
  Fix ocsp reply validation - there were a few things that definitely were wrong.
  fix null pointer dereference in ocsp verification code in case no certificate is sent as part as the ocsp reply.
 2014-09-04 16:17:36 -07:00
Robin Sommer
b66721375a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Also make links in documentation templates protocol relative.
 2014-09-04 16:11:08 -07:00
Robin Sommer
b813b6f83b Test updates. 2014-09-04 16:08:14 -07:00
Johanna Amann
42979b89f7 Also make links in documentation templates protocol relative. 
In case we do a point release, including this commit would be very
helpful - without the bro documentation pages are somewhat broken
over https.
 2014-09-04 16:03:16 -07:00
Johanna Amann
8f1cbb8b0a Fix ocsp reply validation - there were a few things that definitely were wrong. 
Now the right signer certificate for the reply is looked up (and no longer assumed that it is the first one) and a few compares are fixed. Plus - there are more test cases that partially send certificates in the ocsp message and partially do not - and it seems to work fine in all cases.

Addresses BIT-1212
 2014-09-04 12:22:55 -07:00
Daniel Thayer
4e2ec912b0 Merge remote-tracking branch 'origin/master' into topic/dnthayer/langref 2014-09-04 13:41:31 -05:00
Daniel Thayer
5c9a7a92a4 Add more script language reference documentation 
Added new sections on operators, statements, and directives.  Also
improved the documentation on types and attributes by providing more
examples and added a chart on the top of each page with links to
each type and attribute for easier access to the information.
 2014-09-04 13:32:24 -05:00
Johanna Amann
2d8368fee9 fix null pointer dereference in ocsp verification code in case no certificate 
is sent as part as the ocsp reply.

Addresses BIT-1212

There is an additional issue here that prevents the correct verification of
proofs in quite a few cases; this will be addressed in a separate commit.
 2014-09-03 22:07:21 -07:00
Robin Sommer
43e63daa45 Fixing Bro-level BPF filtering. 2014-09-03 17:37:35 -07:00
Jon Siwek
0921465297 Fix Pipe copy/assignment to make a copy of flags. 2014-09-03 16:23:13 -05:00
Robin Sommer
569853444f A set of smaller API tweaks, and polishing. 2014-09-03 12:45:38 -07:00
Jon Siwek
77955d7677 Fix possible abort on writing to a full pipe. 2014-09-03 09:51:34 -05:00
Jon Siwek
26887dd71b Merge branch 'master' into topic/jsiwek/improve_comm_loop 2014-09-03 09:20:38 -05:00
Vlad Grigorescu
f1696ab534 Update NetVar for the SMB changes. 2014-09-02 20:44:58 -04:00
Vlad Grigorescu
a06577d285 Update the NetBIOS analyzer for the SMB changes. 2014-09-02 20:44:26 -04:00
Robin Sommer
dc468b1e56 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Simplify a conditional with equivalent branches.
  Change EDNS parsing code to use rdlength more cautiously.
  Fix a memory leak when bind() fails due to EADDRINUSE.
  Fix possible buffer over-read in DNS TSIG parsing
 2014-09-02 17:23:37 -07:00
Jon Siwek
ff61737212 Simplify a conditional with equivalent branches. 2014-09-02 16:29:52 -05:00
Jon Siwek
782b4d0eae Change EDNS parsing code to use rdlength more cautiously. 
It shouldn't ever be negative, but if it were, using it to modify the
data pointer/length isn't appropriate.
 2014-09-02 16:22:15 -05:00
Jon Siwek
d57b161c40 Fix a memory leak when bind() fails due to EADDRINUSE. 2014-09-02 16:18:55 -05:00
Jon Siwek
dde0ce234f Fix possible buffer over-read in DNS TSIG parsing 2014-09-02 14:22:26 -05:00
Vlad Grigorescu
51373b0592 SSH: Misc. updates to the new analyzer. 2014-09-02 00:15:32 -04:00
Hui Lin
dd830db38a remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test 2014-08-28 20:35:28 -05:00
Vlad Grigorescu
0a50688afc Move auth method detection into script-land, to make it easier to change. 2014-08-28 18:23:30 -04:00
Jon Siwek
675fba3fde Remove timeouts from remote communication loop. 
The select() now blocks until there's work to do instead of relying on a
small timeout value which can cause unproductive use of cpu cycles.
 2014-08-28 13:13:30 -05:00
Robin Sommer
5e4f498083 Adding test creating a dynamic pktsrc plugin. 2014-08-28 00:53:15 -04:00
Robin Sommer
3e669daa05 Interface tweaks for PktSrc, plus docs for PktSrc and PktDumper. 2014-08-28 00:52:36 -04:00
Vlad Grigorescu
214e6b3ea9 Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes. 2014-08-26 22:26:42 -04:00
Jon Siwek
d5513a0757 Improve multipart HTTP/MIME entity file analysis. 
Singular CR or LF characters in multipart body content are no longer
converted to a full CRLF (thus corrupting the file) and it also no
longer considers the CRLF before the multipart boundary as part of the
content.

Addresses BIT-1235.
 2014-08-26 17:54:41 -05:00
Vlad Grigorescu
ee7ebc72e9 Update baselines. 2014-08-26 17:44:18 -04:00
Jon Siwek
73cc81f44a Merge branch 'topic/jimmyjones2/string-doc' of https://github.com/jimmyjones2/bro 2014-08-26 09:26:00 -05:00
Vlad Grigorescu
e87b2080d1 Small Kerberos tweaks and fixes. 2014-08-25 11:33:32 -04:00
Hui Lin
81606e7ff4 Renameing the DNP3 TCP analyzer 2014-08-25 10:33:28 -05:00
Robin Sommer
5f817513d0 A set of various fixes and smaller API tweaks, plus tests. 
Also moving PCAP-related bifs to iosource/pcap.bif.
 2014-08-24 19:55:26 -07:00
Jimmy Jones
9232f05f52 Better documentation for sub_bytes 2014-08-23 15:05:20 +01:00
Jon Siwek
121fcdbb5b Fix build on systems that already have ntohll/htonll 
BIT-1234 #close
 2014-08-22 19:56:27 -05:00
Robin Sommer
ce9f16490c Moving some of the BPF filtering code into base class. 
This will allow packet sources that don't support BPF natively to
emulate the filtering via libpcap.
 2014-08-22 17:50:03 -07:00
Robin Sommer
0186061aa8 Small packet dumper API change. 2014-08-22 16:49:32 -07:00
Robin Sommer
caa55ad352 Moving Pkt{Src,Dumper} a directory level up. 
Also renaming PktSourceComponent to PktSrcComponent.
 2014-08-22 16:46:15 -07:00
Robin Sommer
ecf1e32f60 Removing FlowSrc. 
We could bring this back, now derived from PktSrc (though strickly
speaking it's of course not *packets). But not sure if we want that,
as the input framework seems the better place to host it. Then it
would turns into a reader.
 2014-08-22 16:33:55 -07:00
Vlad Grigorescu
f93f2af748 Merge tag 'v2.3' into topic/vladg/sip 
Version tag

Conflicts:
	scripts/base/init-default.bro
 2014-08-22 19:25:43 -04:00
Robin Sommer
93e6a4a9db Removing netmap, remaining pieces of the 2ndary path, and left-over 
files of packet sorter.

Netmap will move to a plugin.
 2014-08-22 16:24:39 -07:00
Robin Sommer
bf6dd2e9ca Merge remote-tracking branch 'origin/master' into topic/robin/pktsrc 
Conflicts:
	configure
	src/CMakeLists.txt
	src/Net.cc
	src/PacketSort.cc
	src/PacketSort.h
	src/RemoteSerializer.cc
	src/Sessions.cc
	src/Sessions.h
 2014-08-22 15:41:42 -07:00
Robin Sommer
a3b2e3a2b4 Merge remote-tracking branch 'origin/topic/jsiwek/outer_param_binding' 
That works. Just renaming "param" to "ID", as locals are affected as
well.

BIT-1233 #merged

* origin/topic/jsiwek/outer_param_binding:
  Detect functions that try to bind variables from an outer scope.
 2014-08-22 15:23:18 -07:00
Jon Siwek
3521a92a00 Detect functions that try to bind variables from an outer scope. 
And raise an error saying that's not supported.
Addresses BIT-1233.
 2014-08-22 16:49:10 -05:00
Jon Siwek
f8895843cf Updating submodule(s). 
[nomail]
 2014-08-22 14:43:20 -05:00
Jon Siwek
1eb7d718d4 Updating submodule(s). 
[nomail]
 2014-08-22 12:26:59 -05:00