Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
5140 commits 388 branches 195 tags 265 MiB
Commit graph

5140 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
da8a1d2489 Remove unused --with-libmagic configure option. 2014-06-11 12:10:20 -05:00
Robin Sommer
ba229f798d Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix use-after-free in some cases of reassigning a table index.
 2014-06-10 18:17:04 -07:00
Robin Sommer
9301ef5a4f Fixing SMTP state tracking. 
This fixes the case that an SMTP session has multiple mails sent from
the originator but we miss the server's response (e.g., because we
don't see server side packets at all).
 2014-06-10 18:01:38 -07:00
Jon Siwek
e616554ab8 Fix use-after-free in some cases of reassigning a table index. 
Specifically observed when redef'ing the same index of a table that uses
subnets as indices, though the bug seems like it applies more generally
to anytime TableVal::Assign is provided with just the HashKey parameter
and not the index Val.

Addresses BIT-1202.
 2014-06-10 13:38:32 -05:00
Daniel Thayer
745e287414 Fix a broken link in the docs 
Use quoting in docs to avoid HTML links being generated when docs are built.
 2014-06-07 13:13:44 -05:00
Daniel Thayer
95c7128d71 Update some info in the docs 2014-06-07 12:31:32 -05:00
Daniel Thayer
edc2774ba8 Removed a table from the scripting tutorial 2014-06-06 16:55:34 -05:00
Robin Sommer
c289a2743b Merge remote-tracking branch 'origin/topic/bernhard/ssl-new-events' 
* origin/topic/bernhard/ssl-new-events:
  Add two more ssl events - one triggered for each handshake message and one triggered for the tls change cipherspec message.

BIT-1201 #merged
 2014-06-06 13:24:17 -07:00
Robin Sommer
23c1f07bb6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  re-add notice suppression for expiring certificates
 2014-06-06 13:05:57 -07:00
Bernhard Amann
67c0cc118d Add two more ssl events - one triggered for each handshake message and one 
triggered for the tls change cipherspec message.

Also - fix small bug. In case SSL::disable_analyzer_after_detection was set
to F, the ssl_established event would fire after each data packet after the
session is established.
 2014-06-06 12:50:54 -07:00
Bernhard Amann
005b7d60c9 re-add notice suppression for expiring certificates 2014-06-06 12:15:38 -07:00
Daniel Thayer
de93a5796e Update line numbers mentioned in scripting tutorial 2014-06-06 11:28:46 -05:00
Daniel Thayer
f615683460 Update line numbers for a doc example 2014-06-06 10:37:17 -05:00
Robin Sommer
cfda4113f4 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  add new TLS extension type numbers from IANA
 2014-06-05 14:45:50 -07:00
Robin Sommer
0f372c99df Merge remote-tracking branch 'origin/topic/matthias/bloomfilter-fix' 
* origin/topic/matthias/bloomfilter-fix:
  Switch to double hashing.
  Use full digest length instead of just one byte.

BIT-1140 #merged
 2014-06-05 14:42:26 -07:00
Bernhard Amann
85f5c05b95 add new TLS extension type numbers from IANA 2014-06-05 13:17:52 -07:00
Daniel Thayer
2a20e4a5e2 Move scripting tutorial out of reference section 2014-06-05 13:13:12 -05:00
Matthias Vallentin
673607f9a7 Switch to double hashing. 
For large k, standard hashing imposes an unnecessary overhead. By switchting to
double hashing, we invoke the hash function code at most two times.
 2014-06-05 16:02:25 +02:00
Matthias Vallentin
1d50874256 Use full digest length instead of just one byte. 
When our universal hash function fell back to MD5 for inputs larger than
supported by H3, the computation only returned the first byte of the MD5 result
instead of as many bytes as needed to cover sizeof(Hasher::digest).
 2014-06-05 16:01:20 +02:00
Hui Lin
6280eb6d6e add implementation of bytestring_to_coils for modbusy analyzer 2014-06-04 14:44:42 -05:00
Hui Lin
da261b4ca4 adding a missing field in record ModbusHeaders 2014-06-04 12:29:01 -05:00
Robin Sommer
cfde6225b0 Merge remote-tracking branch 'origin/topic/bernhard/ticket-1195' 
* origin/topic/bernhard/ticket-1195:
  update test baseline
  Make buffer for certificate subjects bigger. Flush buffer between reads (in case we still get something with a longer subject).

BIT-1195 #merged
 2014-06-03 12:39:42 -07:00
Jon Siwek
f0795b91d1 Update submodule. 2014-06-03 12:48:41 -05:00
Hui Lin
bc4b5773c8 add event handlers for modbus 2014-06-02 21:39:04 -05:00
Bernhard Amann
fa2de9cc08 update test baseline 2014-05-30 15:37:52 -07:00
Bernhard Amann
bb09de7828 Make buffer for certificate subjects bigger. 
Flush buffer between reads (in case we still get something with a longer subject).

Addresses BIT-1195
 2014-05-30 15:31:33 -07:00
Robin Sommer
551950c438 Adding environment variable BRO_PLUGIN_ACTIVATE that unconditionally 
activates plugins.

Plugins are specified with a comma-separated list of names.
 2014-05-29 18:15:18 -07:00
Robin Sommer
d88b333353 A number of smaller API extensions to provide plugins with access to 
information.
 2014-05-29 18:15:14 -07:00
Jon Siwek
8ec8dfa705 Fix misc/load-balancing.bro's reference to PacketFilter::sampling_filter 
BIT-1197 #close
 2014-05-29 15:40:41 -05:00
Jon Siwek
8383828b02 Fix potential mem leak in remote function/event unserialization. 
I say potential because a code path to get in the required state is
not obvious (if one even exists).
 2014-05-28 15:12:38 -05:00
Jon Siwek
ed7273ccf1 Fix reference counting bug in table coercion expressions. 2014-05-28 14:54:18 -05:00
Jon Siwek
ad6c58ce43 Fix an "unused value" warning. 2014-05-27 09:30:17 -05:00
Jon Siwek
2dc6dc8d86 Remove a duplicate unit test baseline dir. 
It overlaps with the lowercased version of the same dir on case
insensitive systems, which has interesting repercussions.
 2014-05-22 14:55:08 -05:00
Jon Siwek
7211d73ee6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  last ssl fixes - missed three more.
  and more tiny ssl script fixes
  a few more small fixes for chains containing broken certs.
  fix expression errors in x509 policy scrips when unparseable data is in certificate chain.
 2014-05-21 15:59:26 -05:00
Bernhard Amann
cb2eb0228b last ssl fixes - missed three more. 
This is the last one, I promise.
 2014-05-21 11:24:47 -07:00
Bernhard Amann
9a8fc7a47d and more tiny ssl script fixes 2014-05-21 11:16:24 -07:00
Bernhard Amann
ff00c0786a a few more small fixes for chains containing broken certs. 2014-05-21 11:01:33 -07:00
Bernhard Amann
b16322aefb fix expression errors in x509 policy scrips when unparseable data is in certificate chain. 2014-05-21 10:50:31 -07:00
Jon Siwek
3874286ff7 Update CHANGES, VERSION, submodules. 2014-05-20 12:47:38 -05:00
Jon Siwek
f239c84f24 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  include a few more tls changes that we might want to mention in news
 2014-05-20 12:44:30 -05:00
Bernhard Amann
96f71c24d8 include a few more tls changes that we might want to mention in news 2014-05-20 09:28:33 -07:00
Jon Siwek
943495cfd3 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  intel framework plugin for ssl server_name extension was not updated after api changes :(
 2014-05-20 10:58:47 -05:00
Bernhard Amann
1253b7cb8a intel framework plugin for ssl server_name extension was not updated after api changes :( 
Thank you Justin.
 2014-05-20 08:33:44 -07:00
Jon Siwek
d92d841314 Updating submodule(s). 
[nomail]
 2014-05-20 10:30:41 -05:00
Jon Siwek
fb7c3677dc Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Remove remaining references to BROMAGIC
  Fix typos and formatting in event and BiF documentation
 2014-05-20 10:29:45 -05:00
Daniel Thayer
11d2d8e549 Remove remaining references to BROMAGIC 2014-05-19 21:14:07 -05:00
Daniel Thayer
d421357104 Fix typos and formatting in event and BiF documentation 2014-05-19 19:39:43 -05:00
Jon Siwek
a8078b491e Merge branch 'topic/bernhard/x509-memory' 
BIT-1193 #merged
 2014-05-19 18:15:21 -05:00
Bernhard Amann
360a93badb clean up openssl data structures on exit 2014-05-19 14:44:35 -07:00
Jon Siwek
daab3145fa Update submodules, CHANGES, VERSION. 2014-05-19 16:38:21 -05:00