Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00

Author	SHA1	Message	Date
Arne Welzel	416887157c	cluster_started: No Broker::auto_publish() use	2024-11-14 12:59:22 +01:00
Arne Welzel	b32153037a	openflow: Remove Broker::auto_publish()	2024-11-14 12:59:22 +01:00
Arne Welzel	cb10852f99	dhcp: Remove Broker::auto_publish() This isn't prettier, but neither worse IMO. A test would be good.	2024-11-14 12:59:22 +01:00
Arne Welzel	08f2198d3e	frameworks/notice: Remove Broker::auto_publish()	2024-11-14 12:59:22 +01:00
Arne Welzel	b05f7a4d0e	communityid: Do not include ports for non TCP, UDP, ICMP Checked against the result of pycommunityid. The SCTP case isn't quite right, because Zeek's core will not have extracted any ports for SCTP.	2024-11-14 11:05:43 +01:00
Christian Kreibich	af4c21763f	Merge branch 'topic/christian/ci-updates' * topic/christian/ci-updates: CI: Use FEDORA40 crypto policy in Fedora 41 Bump zeekjs to 0.13.0 CI: bump FreeBSD 13 to 13.4, released in September CI: drop Fedora 39, add 41	2024-11-13 17:29:23 -08:00
Johanna Amann	09d6be7f68	CI: Use FEDORA40 crypto policy in Fedora 41 Fedora 41 distrusts SHA-1 signatures by default. Switching to this policy is Fedora's recommended way of re-enabling support for at least the next several releases. A few references: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer https://fedoraproject.org/wiki/SHA1SignaturesGuidance https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9	2024-11-13 17:05:08 -08:00
zeek-bot	ba0e8290ed	Update doc submodule [nomail] [skip ci]	2024-11-14 00:24:48 +00:00
Tim Wojtulewicz	3c08c57be3	Merge remote-tracking branch 'origin/topic/timw/3915-unknown-ip-protocol' * origin/topic/timw/3915-unknown-ip-protocol: Add NEWS entry for ip_proto feature Move IP protocol names table out of policy script to init-bare Minor review nits Fixes for community ID hashing with new proto values Use new_connection instead of connection_state_remove Add policy script to remove ip_proto field, rename protocol naming script Rename protocol_id field to ip_proto and similar renaming for name field Increase size of proto fields to uint16_t, add common default value Disable part of core/dict-iteration-expire5 btest to avoid iteration bug Add conn.log entries for connections with unhandled IP protocols	2024-11-13 14:36:22 -07:00
Tim Wojtulewicz	ec3794b43e	Add NEWS entry for ip_proto feature	2024-11-13 14:15:57 -07:00
Tim Wojtulewicz	e33aee8ca2	Move IP protocol names table out of policy script to init-bare	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	fd67206865	Minor review nits	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	43e77a3338	Fixes for community ID hashing with new proto values	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	5a3d16e16f	Use new_connection instead of connection_state_remove	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	623fea9014	Add policy script to remove ip_proto field, rename protocol naming script	2024-11-13 14:08:04 -07:00
Tim Wojtulewicz	5e5aceb6f7	Rename protocol_id field to ip_proto and similar renaming for name field	2024-11-13 12:02:00 -07:00
Tim Wojtulewicz	d0896e81d6	Increase size of proto fields to uint16_t, add common default value	2024-11-13 11:25:46 -07:00
Tim Wojtulewicz	f762a45e83	Disable part of core/dict-iteration-expire5 btest to avoid iteration bug The second set of seeds in this test trip the bug reported in #3538	2024-11-13 11:25:46 -07:00
Tim Wojtulewicz	35ec9733c0	Add conn.log entries for connections with unhandled IP protocols	2024-11-13 11:25:40 -07:00
Johanna Amann	a96515a2e8	Merge remote-tracking branch 'origin/topic/johanna/ci-u2410' * origin/topic/johanna/ci-u2410: CI: Add Ubuntu 24.10	2024-11-13 14:52:29 +00:00
Johanna Amann	2f5f8bdd36	CI: Add Ubuntu 24.10	2024-11-13 12:58:20 +00:00
Arne Welzel	6c7f2e62f2	Bump zeekjs to 0.13.0 c0dd7bb README: Add note about supported versions da69053 ci: Bump to Fedora 40 43f69bd Nodejs/Types: Make compatible with v22.11.0 8a70a21 ci: Fix nightly job	2024-11-13 13:43:31 +01:00
Christian Kreibich	62e8c49e66	CI: bump FreeBSD 13 to 13.4, released in September	2024-11-12 15:49:03 -08:00
Christian Kreibich	2881ff620b	CI: drop Fedora 39, add 41	2024-11-12 15:32:07 -08:00
Tim Wojtulewicz	0217208c49	Merge remote-tracking branch 'origin/topic/timw/remove-abspath-cleanup' * origin/topic/timw/remove-abspath-cleanup: diff-remove-abspath: Add separate handling of Windows paths diff-remove-abspath: Remove capture of windows drive letters from POSIX regex	2024-11-12 12:26:56 -07:00
Robin Sommer	0ea2a35d7a	Merge remote-tracking branch 'origin/topic/robin/spicy-bump' * origin/topic/robin/spicy-bump: Bump Spicy to current `main`.	2024-11-12 16:16:23 +01:00
Arne Welzel	d0bf4e428a	Merge remote-tracking branch 'origin/topic/awelzel/pseudo-realtime-again' * origin/topic/awelzel/pseudo-realtime-again: PktSrc: Remove first_timestamp condition check PktSrc: Fix includes PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState RunState.h: Deprecate misleadingly named current_packet_timestamp() debug: Add processing suspended/continued to debug.log	2024-11-12 16:00:19 +01:00
Robin Sommer	f68d43bc02	Bump Spicy to current `main`.	2024-11-12 15:00:01 +01:00
Arne Welzel	fcab5fd6cf	PktSrc: Remove first_timestamp condition check The comment is stale and first_timestamp is only relevant/available in pseudo_realtime.	2024-11-12 10:46:55 +01:00
Arne Welzel	ffa1fafa03	PktSrc: Fix includes	2024-11-12 10:46:55 +01:00
Arne Welzel	d9a7f9f36f	PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState check_pseudo_time() used zeek_start_time which skews things sufficiently around being in the past when ZAM compilation takes multiple seconds. Switch to using first_wallclock instead. Further, move setting of first_timestamp and first_wallclock from PktSrc into RunState's dispatch_packet(), so it's more centralized now. The only pseudo_realtime piece left in PktSrc() is in GetNextTimeout() to determine how long the PktSrc is idle until the next packet is ready.	2024-11-12 10:46:55 +01:00
Arne Welzel	54d28a2179	RunState.h: Deprecate misleadingly named current_packet_timestamp() This returns current_pseudo, naming it current_packet_timestamp() is actively misleading.	2024-11-12 10:46:55 +01:00
Arne Welzel	402b768787	debug: Add processing suspended/continued to debug.log	2024-11-12 10:46:55 +01:00
Arne Welzel	9e27334596	Merge remote-tracking branch 'origin/topic/vern/zam-asan-fixes' * origin/topic/vern/zam-asan-fixes: ZAM fixes for assignments involving "any" record fields fixes for (mostly ZAM) vector operation issues found by ASAN Including a fix for mmdb/explicit-open.zeek to avoid using assert.	2024-11-12 10:29:56 +01:00
zeek-bot	57ffa96600	Update doc submodule [nomail] [skip ci]	2024-11-12 00:11:11 +00:00
Benjamin Bannier	1d38c31071	Merge remote-tracking branch 'origin/topic/etyp/cookie-nullptr-spicy-dpd'	2024-11-11 22:30:50 +01:00
Evan Typanski	ae33aa0413	Fix nullptr deref in Spicy accept/decline input Seems like this is a continuation of #4006	2024-11-11 10:30:02 -05:00
Robin Sommer	0285196626	Merge remote-tracking branch 'origin/topic/robin/gh-3988-evt-assert' * origin/topic/robin/gh-3988-evt-assert: Spicy: Improve error messages reporting malformed unit names in EVT files. Spicy:: Remove unhelpful assertion.	2024-11-11 14:02:15 +01:00
Robin Sommer	3362d44e0c	Merge remote-tracking branch 'origin/topic/robin/gh-4007-spicy-eod' * origin/topic/robin/gh-4007-spicy-eod: Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down.	2024-11-11 14:02:05 +01:00
Arne Welzel	50c2b10cfb	Merge remote-tracking branch 'origin/topic/awelzel/run-zam-ci-if-changes-include-src-script-opt' * origin/topic/awelzel/run-zam-ci-if-changes-include-src-script-opt: ci: Run ZAM CI if src/script_opt is modified	2024-11-11 10:25:56 +01:00
Arne Welzel	43789fbccc	ci: Run ZAM CI if src/script_opt is modified ...and rework && to \|\| conditions.	2024-11-11 10:18:14 +01:00
Arne Welzel	f598c89f17	Merge remote-tracking branch 'origin/topic/timw/update-c-ares-to-latest-release' * origin/topic/timw/update-c-ares-to-latest-release: DNS_Mgr: Remove processing of dns aliases in general ci: Add dnsmasq to a few platforms for testing DNS_Mgr: Fix aliases memory issues btest: Add integration test for DNS_Mgr DNS_Mgr: Remove usage of ares_getsock from Lookup DNS_Mgr: Remove usage of ares_getsock from GetNextTimeout DNS_Mgr: Switch to ares_set_servers_csv DNS_Mgr: Use ares_dns_record methods for queries Update vcpkg submodule to pick up c-ares v1.34.2 Update c-ares submodule to v1.34.2	2024-11-11 09:53:04 +01:00
Arne Welzel	d3579c1f34	Merge remote-tracking branch 'origin/topic/awelzel/community-id-new-connection' * origin/topic/awelzel/community-id-new-connection: policy/community-id: Populate conn$community_id in new_connection()	2024-11-11 09:35:49 +01:00
Vern Paxson	197d49773c	ZAM fixes for assignments involving "any" record fields	2024-11-11 09:19:54 +01:00
Vern Paxson	c7e5e5feea	fixes for (mostly ZAM) vector operation issues found by ASAN	2024-11-11 09:19:54 +01:00
zeek-bot	35cac72984	Update doc submodule [nomail] [skip ci]	2024-11-09 00:12:14 +00:00
Tim Wojtulewicz	e3763df065	DNS_Mgr: Remove processing of dns aliases in general	2024-11-08 12:45:51 -07:00
Arne Welzel	346a9233da	Merge remote-tracking branch 'origin/topic/vern/zam-any-coerce-leak' * origin/topic/vern/zam-any-coerce-leak: Fixed ZAM memory leak when coercing values to "any"	2024-11-08 18:36:34 +01:00
Arne Welzel	cb679e4d7a	policy/community-id: Populate conn$community_id in new_connection() This wasn't possible before #3028 was fixed, but now it's safe to set the value in new_connection() and allow other users access to the field much earlier. We do not have to deal with connection_flipped() because the community-id hash is symmetric.	2024-11-08 18:19:55 +01:00
Arne Welzel	3f4de778ae	ci: Add dnsmasq to a few platforms for testing	2024-11-08 09:50:35 -07:00

... 4 5 6 7 8 ...

17477 commits