Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
10418 commits 386 branches 195 tags 256 MiB
Commit graph

31 commits

Author SHA1 Message Date
Jon Siwek
c8e070b8ee Add default function for Kerberos constant-lookup-tables 2020-04-16 12:34:41 -07:00
Jon Siwek
31f60853c9 GH-646: add new "successful_connection_remove" event 
And switch Zeek's base scripts over to using it in place of
"connection_state_remove".  The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets).  There can be performance benefits
to this change for some use-cases.

There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.
 2019-11-11 19:52:59 -08:00
Jon Siwek
f8d7aa2387 Add missing &optional attr to KRB record fields 
The KRB parser allowed for the following types/fields to be left
uninitialized, so an &optional attribute was added to reflect that:

  - KRB::Error_Msg
    - pvno
    - msg_type
    - server_time
    - service_realm
    - service_name

  - KRB::KDC_Request
    - kdc_options
    - service_realm
    - till
    - nonce
    - encryption_types

Usages have also been adapted to perform existence checks.
 2019-05-16 08:52:04 -07:00
Jon Siwek
a994be9eeb Merge remote-tracking branch 'origin/topic/seth/zeek_init' 
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
 2019-04-19 11:24:29 -07:00
Seth Hall
8cefb9be42 Implement the zeek_init handler. 
Implements the change and a test.
 2019-04-14 08:37:35 -04:00
Daniel Thayer
18bd74454b Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
Jon Siwek
01d303b480 Migrate table-based for-loops to key-value iteration 2019-03-15 19:54:44 -07:00
Jon Siwek
8d0087154a Add missing record field comments 2018-10-26 10:24:30 -05:00
Jon Siwek
34d0cf886c Fix potential memory leak in Kerberos scripts 
Reported by Maksim Shudrak.
 2018-09-10 18:06:07 -05:00
Daniel Thayer
dc0904a7f3 Convert some redef-able constants to runtime options 2018-08-15 10:17:14 -05:00
Johanna Amann
7aa219758c Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp-new 2017-03-16 12:28:08 -07:00
Seth Hall
0b8b76cfab Refactor base krb scripts and update tests. 2017-02-18 13:55:39 -05:00
Johanna Amann
9fd7816501 Allow File analyzers to direcly pass mime type. 
This makes it much easier for protocols where the mime type is known in
advance like, for example, TLS. We now do no longer have to perform deep
script-level magic.
 2017-02-10 17:03:33 -08:00
John E. Rollinson
68e3f0d96a Ensure TGS req does not stomp out AP data 2017-01-29 09:39:40 +09:00
Johanna Amann
a467f593de KRB: fix field value missing error for msg$client_name. 
Reported by giesiger on IRC.
 2016-08-15 16:05:10 -07:00
Daniel Thayer
45caf8d2c1 Add missing documentation on the "Bro Package Index" page 2015-06-02 10:00:00 -05:00
Daniel Thayer
7681263f91 Fix documentation typo 2015-06-01 14:29:03 -05:00
Robin Sommer
8b722c484d Renaming krb.log to kerberos.log. 2015-04-21 12:22:58 -07:00
Robin Sommer
9911993c6f Merge remote-tracking branch 'origin/topic/vladg/kerberos' 
* origin/topic/vladg/kerberos:
  Fix doc on krb_cred
  Update the KRB tests a bit.
 2015-04-21 11:58:44 -07:00
Vlad Grigorescu
891813696a Add known ports to krb/main.bro 2015-04-17 21:26:15 -04:00
Vlad Grigorescu
b129231d9b KRB: Clean up krb.log a bit. 2015-03-02 12:32:24 -05:00
Vlad Grigorescu
9f19c74a10 Kerberos: A couple small tweaks. 2015-02-06 13:05:09 -05:00
Vlad Grigorescu
dfc42ffe8a Kerberos: Fix parsing of the cipher in tickets, and add it to the log. 2015-02-06 11:48:46 -05:00
Vlad Grigorescu
a8373b60e7 Change krb Info string to success bool 2015-02-05 14:30:18 -05:00
Vlad Grigorescu
444ff240bd Clean up formatting. 2015-02-05 14:21:34 -05:00
Vlad Grigorescu
aea0ae453e Documentation update, and rework events a bit. 2015-02-05 14:05:56 -05:00
Vlad Grigorescu
1f41c0470c Improve Kerberos DPD and fix a few parse errors. 2015-01-23 17:22:10 -05:00
Vlad Grigorescu
b8376ca733 Add Kerberos support for PKINIT (x509 cert authentication) 2015-01-20 20:43:51 -05:00
Vlad Grigorescu
3c3920bfbc Kerberos - Add TCP support 2015-01-20 17:46:26 -05:00
Vlad Grigorescu
2e8eb574f5 A number of Kerberos fixes, following testing. Added some fields to the log, and parsed some more data. 2015-01-19 18:16:27 -05:00
Vlad Grigorescu
ca55d203cb Kerberos analyzer 2014-07-24 21:55:41 -04:00