Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6849 commits 388 branches 195 tags 265 MiB
Commit graph

6849 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
2dc6dc8d86 Remove a duplicate unit test baseline dir. 
It overlaps with the lowercased version of the same dir on case
insensitive systems, which has interesting repercussions.
 2014-05-22 14:55:08 -05:00
Jon Siwek
7211d73ee6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  last ssl fixes - missed three more.
  and more tiny ssl script fixes
  a few more small fixes for chains containing broken certs.
  fix expression errors in x509 policy scrips when unparseable data is in certificate chain.
 2014-05-21 15:59:26 -05:00
Bernhard Amann
cb2eb0228b last ssl fixes - missed three more. 
This is the last one, I promise.
 2014-05-21 11:24:47 -07:00
Bernhard Amann
9a8fc7a47d and more tiny ssl script fixes 2014-05-21 11:16:24 -07:00
Bernhard Amann
ff00c0786a a few more small fixes for chains containing broken certs. 2014-05-21 11:01:33 -07:00
Bernhard Amann
b16322aefb fix expression errors in x509 policy scrips when unparseable data is in certificate chain. 2014-05-21 10:50:31 -07:00
Jon Siwek
3874286ff7 Update CHANGES, VERSION, submodules. 2014-05-20 12:47:38 -05:00
Jon Siwek
f239c84f24 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  include a few more tls changes that we might want to mention in news
 2014-05-20 12:44:30 -05:00
Bernhard Amann
96f71c24d8 include a few more tls changes that we might want to mention in news 2014-05-20 09:28:33 -07:00
Jon Siwek
943495cfd3 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  intel framework plugin for ssl server_name extension was not updated after api changes :(
 2014-05-20 10:58:47 -05:00
Bernhard Amann
1253b7cb8a intel framework plugin for ssl server_name extension was not updated after api changes :( 
Thank you Justin.
 2014-05-20 08:33:44 -07:00
Jon Siwek
d92d841314 Updating submodule(s). 
[nomail]
 2014-05-20 10:30:41 -05:00
Jon Siwek
fb7c3677dc Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Remove remaining references to BROMAGIC
  Fix typos and formatting in event and BiF documentation
 2014-05-20 10:29:45 -05:00
Daniel Thayer
11d2d8e549 Remove remaining references to BROMAGIC 2014-05-19 21:14:07 -05:00
Daniel Thayer
d421357104 Fix typos and formatting in event and BiF documentation 2014-05-19 19:39:43 -05:00
Jon Siwek
a8078b491e Merge branch 'topic/bernhard/x509-memory' 
BIT-1193 #merged
 2014-05-19 18:15:21 -05:00
Bernhard Amann
360a93badb clean up openssl data structures on exit 2014-05-19 14:44:35 -07:00
Jon Siwek
daab3145fa Update submodules, CHANGES, VERSION. 2014-05-19 16:38:21 -05:00
Bernhard Amann
604072f762 openssl / x509 memory leak issues. 
initialization had a small leak (static size), verify had none, ocsp_verify had tons.

I hope this was all...
 2014-05-19 14:36:36 -07:00
Jon Siwek
aee708c703 Change record ctors to only allow record-field-assignment expressions. 
Previously, any expression that evaluates to a record may have been used
in a record ctor's expression list.  This didn't work in all cases,
doesn't provide any unique functionality that can't be done otherwise,
and is possibly a path to introducing subtle scripting errors.

BIT-1192 #closed
 2014-05-19 15:50:00 -05:00
Jon Siwek
aa81825104 Merge branch 'fastpath' 2014-05-19 14:21:40 -05:00
Jon Siwek
b0644270c3 Update submodules and NEWS. 2014-05-19 14:12:13 -05:00
Bernhard Amann
2c35bcf709 change validation return value from count to int. Scripts already had been updated, I forgot the function returns.. 2014-05-19 11:31:30 -07:00
Daniel Thayer
c7599befb9 Fix a couple of doc build warnings 2014-05-19 12:54:15 -05:00
Jon Siwek
2738ce6292 Fix a doc reference to ssl_encrypted_heartbeat. 
That event isn't exported, instead the content type of
ssl_encrypted_data, which is exported, can be inspected for heartbeats.
 2014-05-19 12:25:41 -05:00
Jon Siwek
ce51b1cd53 Merge branch 'fastpath' 2014-05-19 12:24:28 -05:00
Daniel Thayer
fae092639d Fix some doc build warnings 
Removed references to pop3_terminate (that event was removed in a previous
commit).
 2014-05-19 08:39:04 -05:00
Seth Hall
fb0a658a7c Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
 2014-05-17 02:12:52 -04:00
Robin Sommer
256ff73115 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update some doc tests and line numbers
 2014-05-16 15:23:38 -07:00
Robin Sommer
c52d989ac2 Merge remote-tracking branch 'origin/topic/dnthayer/ticket1186' 
* origin/topic/dnthayer/ticket1186:
  Update a broctl option name in cluster config doc
  Minor update to cluster config docs
  Minor updates to cluster config docs
  Add a new section "Cluster Configuration" to the docs
 2014-05-16 15:14:38 -07:00
Robin Sommer
65ea4f9862 Replacing TODO in NEWS. 2014-05-16 14:56:19 -07:00
Daniel Thayer
bb7781d2f6 Update some doc tests and line numbers 2014-05-16 16:53:56 -05:00
Robin Sommer
d242f6986f Updating submodule(s). 
[nomail]
 2014-05-16 14:52:19 -07:00
Robin Sommer
76c3d34a8e Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix a doc build warning
 2014-05-16 14:47:10 -07:00
Robin Sommer
ed4cd9352a Merge remote-tracking branch 'origin/topic/bernhard/even-more-ssl-changes' 
Good stuff! (but I admit I didn't look at the OpenSSL code too closely :)

* origin/topic/bernhard/even-more-ssl-changes:
  small test update & script fix
  update baselines & add ocsp leak check
  Add policy script adding ocsp validation to ssl.log
  Implement verification of OCSP replies.
  Add tls flag to smtp.log. Will be set if a connection switched to startls.
  add starttls support for pop3
  Add smtp starttls support
  Replace errors when parsing x509 certs with weirds (as requested by Seth).
  move tls content types from heartbleed to consts.bro. Seems better to put them there...
  Add new features from other branch to the heartbleed-detector (and clean them up).
  Let TLS analyzer fail better when no longer in sync with the data stream. The version field in each record-layer packet is now re-checked.

BIT-1190 #merged

Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
 2014-05-16 14:45:25 -07:00
Daniel Thayer
d230eed7f8 Fix a doc build warning 2014-05-16 16:05:03 -05:00
Daniel Thayer
9b82028f8c Update a broctl option name in cluster config doc 2014-05-16 14:43:58 -05:00
Jon Siwek
8c3cf8921a Disable all default AppStat plugins except facebook. 
The scripts for the others still remain and can be loaded explicitly,
but they reportedly may produce figures that are far from correct.

Addresses BIT-1171.
 2014-05-16 14:15:39 -05:00
Daniel Thayer
5199cb0293 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1186 2014-05-16 14:01:56 -05:00
Daniel Thayer
08266b409d Minor update to cluster config docs 
Forgot to add one small change in previous commit.
 2014-05-16 13:59:28 -05:00
Bernhard Amann
e749f17821 small test update & script fix 2014-05-16 11:29:47 -07:00
Bernhard Amann
5db240f291 update baselines & add ocsp leak check 2014-05-16 11:23:44 -07:00
Bernhard Amann
d9e7ac6e92 Add policy script adding ocsp validation to ssl.log 2014-05-16 11:21:26 -07:00
Daniel Thayer
25bd2c8d00 Minor updates to cluster config docs 
Incorporated some feedback from Jeannette, and temporarily removed
the PF_RING ZC section.
 2014-05-16 12:58:21 -05:00
Bernhard Amann
55d0c6f7fa Implement verification of OCSP replies. 
The OpenSSL code to do that is a nightmare.
 2014-05-16 10:32:08 -07:00
Seth Hall
dad8c9a74d Update for the active http test to force it to use ipv4. 
It was having trouble because the httpd.py script would start up
a webserver on ipv4 but on some platforms and with some versions
of curl "localhost" will attempt to connect to ::1.
 2014-05-15 21:00:37 -04:00
Robin Sommer
79531a4538 Making test more stable. 2014-05-15 15:41:19 -07:00
Robin Sommer
421120e12c Extending plugin interface. 
This is for feature parity with the older interface, and remains
experimental for now.
 2014-05-15 15:36:48 -07:00
Robin Sommer
aec61e9ea4 Updating submodule. 2014-05-15 15:04:26 -07:00
Robin Sommer
6b3f11493d Making a test's output predictable. 
Plus, a baseline update.
 2014-05-15 15:04:26 -07:00