Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6849 commits 388 branches 195 tags 264 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
cd5409de34 Adding missing method implementation. 2014-06-18 14:33:42 -07:00
Robin Sommer
1c71832db1 Updating plugin hook test. 2014-06-18 14:33:42 -07:00
Robin Sommer
c24bb9cacd Adding a test building a file analyzer plugin. 
Also cleaning up, and moving, the other plugin tests.
 2014-06-18 14:33:42 -07:00
Robin Sommer
55de5c60f4 Enabling to specific a set of plugins with the -N option. 
Bro will then print information only about the plugins specified.
 2014-06-18 14:33:42 -07:00
Robin Sommer
58fbee5701 Updating plugin docs. 2014-06-18 13:18:05 -07:00
Hui Lin
42f2a7a9c6 add/update test file and baseline result 2014-06-17 21:30:04 -05:00
Robin Sommer
60cf0ddf26 Polishing, mostly documentation updates. 2014-06-17 11:50:23 -07:00
Jon Siwek
5d7b3f850b Updating CHANGES and VERSION. 2014-06-16 09:49:19 -05:00
Robin Sommer
ba7af428a7 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 2014-06-13 09:27:02 -07:00
Robin Sommer
4d4269ea19 Updating submodule. 2014-06-12 17:44:12 -07:00
Jon Siwek
86139fb8d2 Merge remote-tracking branch 'origin/topic/dnthayer/doc-fixes-for-2.3' 
* origin/topic/dnthayer/doc-fixes-for-2.3:
  Fix minor formatting issues in script docs
  Fix a broken link in the docs
  Update some info in the docs
  Removed a table from the scripting tutorial
  Update line numbers mentioned in scripting tutorial
  Update line numbers for a doc example
  Move scripting tutorial out of reference section

BIT-1205 #merged
 2014-06-12 12:22:08 -05:00
Daniel Thayer
5e23e57025 Fix minor formatting issues in script docs 2014-06-12 00:33:55 -05:00
Daniel Thayer
690ea30798 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-fixes-for-2.3 
Conflicts:
	doc/scripting/index.rst
 2014-06-11 23:20:31 -05:00
Jon Siwek
b4b64c1239 Merge remote-tracking branch 'origin/topic/robin/smtp-fix' 
* origin/topic/robin/smtp-fix:
  Fixing SMTP state tracking.

BIT-1203 #merged
 2014-06-11 15:38:29 -05:00
Jon Siwek
5ebda7cc09 Fix doc/test that broke due to a Bro script change. 2014-06-11 12:34:29 -05:00
Jon Siwek
da8a1d2489 Remove unused --with-libmagic configure option. 2014-06-11 12:10:20 -05:00
Robin Sommer
ba229f798d Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix use-after-free in some cases of reassigning a table index.
 2014-06-10 18:17:04 -07:00
Robin Sommer
9301ef5a4f Fixing SMTP state tracking. 
This fixes the case that an SMTP session has multiple mails sent from
the originator but we miss the server's response (e.g., because we
don't see server side packets at all).
 2014-06-10 18:01:38 -07:00
Jon Siwek
e616554ab8 Fix use-after-free in some cases of reassigning a table index. 
Specifically observed when redef'ing the same index of a table that uses
subnets as indices, though the bug seems like it applies more generally
to anytime TableVal::Assign is provided with just the HashKey parameter
and not the index Val.

Addresses BIT-1202.
 2014-06-10 13:38:32 -05:00
Daniel Thayer
745e287414 Fix a broken link in the docs 
Use quoting in docs to avoid HTML links being generated when docs are built.
 2014-06-07 13:13:44 -05:00
Daniel Thayer
95c7128d71 Update some info in the docs 2014-06-07 12:31:32 -05:00
Daniel Thayer
edc2774ba8 Removed a table from the scripting tutorial 2014-06-06 16:55:34 -05:00
Robin Sommer
c289a2743b Merge remote-tracking branch 'origin/topic/bernhard/ssl-new-events' 
* origin/topic/bernhard/ssl-new-events:
  Add two more ssl events - one triggered for each handshake message and one triggered for the tls change cipherspec message.

BIT-1201 #merged
 2014-06-06 13:24:17 -07:00
Robin Sommer
23c1f07bb6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  re-add notice suppression for expiring certificates
 2014-06-06 13:05:57 -07:00
Bernhard Amann
67c0cc118d Add two more ssl events - one triggered for each handshake message and one 
triggered for the tls change cipherspec message.

Also - fix small bug. In case SSL::disable_analyzer_after_detection was set
to F, the ssl_established event would fire after each data packet after the
session is established.
 2014-06-06 12:50:54 -07:00
Bernhard Amann
005b7d60c9 re-add notice suppression for expiring certificates 2014-06-06 12:15:38 -07:00
Daniel Thayer
de93a5796e Update line numbers mentioned in scripting tutorial 2014-06-06 11:28:46 -05:00
Daniel Thayer
f615683460 Update line numbers for a doc example 2014-06-06 10:37:17 -05:00
Robin Sommer
cfda4113f4 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  add new TLS extension type numbers from IANA
 2014-06-05 14:45:50 -07:00
Robin Sommer
0f372c99df Merge remote-tracking branch 'origin/topic/matthias/bloomfilter-fix' 
* origin/topic/matthias/bloomfilter-fix:
  Switch to double hashing.
  Use full digest length instead of just one byte.

BIT-1140 #merged
 2014-06-05 14:42:26 -07:00
Bernhard Amann
85f5c05b95 add new TLS extension type numbers from IANA 2014-06-05 13:17:52 -07:00
Daniel Thayer
2a20e4a5e2 Move scripting tutorial out of reference section 2014-06-05 13:13:12 -05:00
Matthias Vallentin
673607f9a7 Switch to double hashing. 
For large k, standard hashing imposes an unnecessary overhead. By switchting to
double hashing, we invoke the hash function code at most two times.
 2014-06-05 16:02:25 +02:00
Matthias Vallentin
1d50874256 Use full digest length instead of just one byte. 
When our universal hash function fell back to MD5 for inputs larger than
supported by H3, the computation only returned the first byte of the MD5 result
instead of as many bytes as needed to cover sizeof(Hasher::digest).
 2014-06-05 16:01:20 +02:00
Hui Lin
6280eb6d6e add implementation of bytestring_to_coils for modbusy analyzer 2014-06-04 14:44:42 -05:00
Hui Lin
da261b4ca4 adding a missing field in record ModbusHeaders 2014-06-04 12:29:01 -05:00
Robin Sommer
cfde6225b0 Merge remote-tracking branch 'origin/topic/bernhard/ticket-1195' 
* origin/topic/bernhard/ticket-1195:
  update test baseline
  Make buffer for certificate subjects bigger. Flush buffer between reads (in case we still get something with a longer subject).

BIT-1195 #merged
 2014-06-03 12:39:42 -07:00
Jon Siwek
f0795b91d1 Update submodule. 2014-06-03 12:48:41 -05:00
Hui Lin
bc4b5773c8 add event handlers for modbus 2014-06-02 21:39:04 -05:00
Bernhard Amann
fa2de9cc08 update test baseline 2014-05-30 15:37:52 -07:00
Bernhard Amann
bb09de7828 Make buffer for certificate subjects bigger. 
Flush buffer between reads (in case we still get something with a longer subject).

Addresses BIT-1195
 2014-05-30 15:31:33 -07:00
Robin Sommer
551950c438 Adding environment variable BRO_PLUGIN_ACTIVATE that unconditionally 
activates plugins.

Plugins are specified with a comma-separated list of names.
 2014-05-29 18:15:18 -07:00
Robin Sommer
d88b333353 A number of smaller API extensions to provide plugins with access to 
information.
 2014-05-29 18:15:14 -07:00
Jon Siwek
8ec8dfa705 Fix misc/load-balancing.bro's reference to PacketFilter::sampling_filter 
BIT-1197 #close
 2014-05-29 15:40:41 -05:00
Jon Siwek
8383828b02 Fix potential mem leak in remote function/event unserialization. 
I say potential because a code path to get in the required state is
not obvious (if one even exists).
 2014-05-28 15:12:38 -05:00
Jon Siwek
ed7273ccf1 Fix reference counting bug in table coercion expressions. 2014-05-28 14:54:18 -05:00
Seth Hall
583b7a3ada Merge remote-tracking branch 'origin/master' into topic/seth/file-entropy 2014-05-28 10:10:13 -04:00
Seth Hall
8d72cd20a8 Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
 2014-05-27 10:59:43 -04:00
Seth Hall
8d9940c8c3 Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
 2014-05-27 10:56:11 -04:00
Jon Siwek
ad6c58ce43 Fix an "unused value" warning. 2014-05-27 09:30:17 -05:00