Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
3552 commits 385 branches 195 tags 260 MiB
Commit graph

14 commits

Author SHA1 Message Date
Jon Siwek
3cbef60f57 Fix HTTP multipart body file analysis. 
Each part now gets assigned a different file handle/id.
 2013-05-21 15:35:22 -05:00
Jon Siwek
16f924c2c0 Remove FileAnalysis::postpone_timeout. 
FileAnalysis::set_timeout_interval can now perform same function.
 2013-05-21 10:50:07 -05:00
Jon Siwek
0ef074594d Add input interface to forward data for file analysis. 
The new Input::add_analysis function is used to automatically forward
input data on to the file analysis framework.
 2013-05-21 10:29:22 -05:00
Jon Siwek
b8c98b8bf7 FileAnalysis: change terminology s/action/analyzer 2013-04-11 14:53:54 -05:00
Jon Siwek
d9321e2203 FileAnalysis: remove some file events. 
The file_new event now takes over the function of file_type, file_bof,
and file_bof_buffer.
 2013-04-10 14:34:23 -05:00
Jon Siwek
a2d9b47bcd FileAnalysis: finish switching hooks to events. 2013-04-10 11:13:43 -05:00
Jon Siwek
641154f8e8 FileAnalysis: checkpoint in middle of big reorganization. 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
 2013-04-09 15:49:58 -05:00
Jon Siwek
7caa4aa45c FileAnalysis: unit test tweaks (portability, etc.) 2013-03-27 14:51:23 -05:00
Jon Siwek
00a1de3593 FileAnalysis: refactor unit tests to use a common script. 2013-03-22 17:27:16 -05:00
Jon Siwek
71f0e2d276 FileAnalysis: replace script-layer http file analysis. 
Other misc:

- Remove HTTP::MD5 notice.

- Add "last_active" field to FileAnalysis::Info record.

- Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record
  with just a "conns" fields containing full connection records.

- The http-methods unit test is failing now, but I think it will be
  fixed once I change the file handle callback mechanism to use events
  instead.
 2013-03-22 16:14:06 -05:00
Jon Siwek
7034785810 FileAnalysis: add logging, file_analysis.log. 2013-03-20 13:31:11 -05:00
Jon Siwek
1ef7465e30 FileAnalysis: add more unit tests. 2013-03-20 12:47:45 -05:00
Jon Siwek
661677d452 FileAnalysis: separating IRC/FTP data analyzers. 
It simplifies the file handle string callbacks.
 2013-03-20 11:12:06 -05:00
Jon Siwek
59ed5c75f1 FileAnalysis: add unit tests covering current protocol integration. 
And had to make various fixes/refinements after scrutinizing results.
 2013-03-19 15:50:05 -05:00