Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
5140 commits 387 branches 195 tags 267 MiB
Commit graph

5140 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bernhard Amann
604072f762 openssl / x509 memory leak issues. 
initialization had a small leak (static size), verify had none, ocsp_verify had tons.

I hope this was all...
 2014-05-19 14:36:36 -07:00
Jon Siwek
aee708c703 Change record ctors to only allow record-field-assignment expressions. 
Previously, any expression that evaluates to a record may have been used
in a record ctor's expression list.  This didn't work in all cases,
doesn't provide any unique functionality that can't be done otherwise,
and is possibly a path to introducing subtle scripting errors.

BIT-1192 #closed
 2014-05-19 15:50:00 -05:00
Jon Siwek
aa81825104 Merge branch 'fastpath' 2014-05-19 14:21:40 -05:00
Jon Siwek
b0644270c3 Update submodules and NEWS. 2014-05-19 14:12:13 -05:00
Bernhard Amann
2c35bcf709 change validation return value from count to int. Scripts already had been updated, I forgot the function returns.. 2014-05-19 11:31:30 -07:00
Daniel Thayer
c7599befb9 Fix a couple of doc build warnings 2014-05-19 12:54:15 -05:00
Jon Siwek
2738ce6292 Fix a doc reference to ssl_encrypted_heartbeat. 
That event isn't exported, instead the content type of
ssl_encrypted_data, which is exported, can be inspected for heartbeats.
 2014-05-19 12:25:41 -05:00
Jon Siwek
ce51b1cd53 Merge branch 'fastpath' 2014-05-19 12:24:28 -05:00
Daniel Thayer
fae092639d Fix some doc build warnings 
Removed references to pop3_terminate (that event was removed in a previous
commit).
 2014-05-19 08:39:04 -05:00
Robin Sommer
256ff73115 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update some doc tests and line numbers
 2014-05-16 15:23:38 -07:00
Robin Sommer
c52d989ac2 Merge remote-tracking branch 'origin/topic/dnthayer/ticket1186' 
* origin/topic/dnthayer/ticket1186:
  Update a broctl option name in cluster config doc
  Minor update to cluster config docs
  Minor updates to cluster config docs
  Add a new section "Cluster Configuration" to the docs
 2014-05-16 15:14:38 -07:00
Robin Sommer
65ea4f9862 Replacing TODO in NEWS. 2014-05-16 14:56:19 -07:00
Daniel Thayer
bb7781d2f6 Update some doc tests and line numbers 2014-05-16 16:53:56 -05:00
Robin Sommer
d242f6986f Updating submodule(s). 
[nomail]
 2014-05-16 14:52:19 -07:00
Robin Sommer
76c3d34a8e Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix a doc build warning
 2014-05-16 14:47:10 -07:00
Robin Sommer
ed4cd9352a Merge remote-tracking branch 'origin/topic/bernhard/even-more-ssl-changes' 
Good stuff! (but I admit I didn't look at the OpenSSL code too closely :)

* origin/topic/bernhard/even-more-ssl-changes:
  small test update & script fix
  update baselines & add ocsp leak check
  Add policy script adding ocsp validation to ssl.log
  Implement verification of OCSP replies.
  Add tls flag to smtp.log. Will be set if a connection switched to startls.
  add starttls support for pop3
  Add smtp starttls support
  Replace errors when parsing x509 certs with weirds (as requested by Seth).
  move tls content types from heartbleed to consts.bro. Seems better to put them there...
  Add new features from other branch to the heartbleed-detector (and clean them up).
  Let TLS analyzer fail better when no longer in sync with the data stream. The version field in each record-layer packet is now re-checked.

BIT-1190 #merged

Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
 2014-05-16 14:45:25 -07:00
Daniel Thayer
d230eed7f8 Fix a doc build warning 2014-05-16 16:05:03 -05:00
Daniel Thayer
9b82028f8c Update a broctl option name in cluster config doc 2014-05-16 14:43:58 -05:00
Jon Siwek
8c3cf8921a Disable all default AppStat plugins except facebook. 
The scripts for the others still remain and can be loaded explicitly,
but they reportedly may produce figures that are far from correct.

Addresses BIT-1171.
 2014-05-16 14:15:39 -05:00
Daniel Thayer
5199cb0293 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1186 2014-05-16 14:01:56 -05:00
Daniel Thayer
08266b409d Minor update to cluster config docs 
Forgot to add one small change in previous commit.
 2014-05-16 13:59:28 -05:00
Bernhard Amann
e749f17821 small test update & script fix 2014-05-16 11:29:47 -07:00
Bernhard Amann
5db240f291 update baselines & add ocsp leak check 2014-05-16 11:23:44 -07:00
Bernhard Amann
d9e7ac6e92 Add policy script adding ocsp validation to ssl.log 2014-05-16 11:21:26 -07:00
Daniel Thayer
25bd2c8d00 Minor updates to cluster config docs 
Incorporated some feedback from Jeannette, and temporarily removed
the PF_RING ZC section.
 2014-05-16 12:58:21 -05:00
Bernhard Amann
55d0c6f7fa Implement verification of OCSP replies. 
The OpenSSL code to do that is a nightmare.
 2014-05-16 10:32:08 -07:00
Seth Hall
dad8c9a74d Update for the active http test to force it to use ipv4. 
It was having trouble because the httpd.py script would start up
a webserver on ipv4 but on some platforms and with some versions
of curl "localhost" will attempt to connect to ::1.
 2014-05-15 21:00:37 -04:00
Robin Sommer
79531a4538 Making test more stable. 2014-05-15 15:41:19 -07:00
Robin Sommer
421120e12c Extending plugin interface. 
This is for feature parity with the older interface, and remains
experimental for now.
 2014-05-15 15:36:48 -07:00
Robin Sommer
aec61e9ea4 Updating submodule. 2014-05-15 15:04:26 -07:00
Robin Sommer
6b3f11493d Making a test's output predictable. 
Plus, a baseline update.
 2014-05-15 15:04:26 -07:00
Robin Sommer
b36df2a272 Updating submodule(s). 
[nomail]
 2014-05-15 11:48:11 -07:00
Robin Sommer
525e757d2a Merge remote-tracking branch 'origin/topic/vladg/radius' into topic/robin/radius-merge 
* origin/topic/vladg/radius:
  Radius functionality and memleak test.
  Update test baselines.
  Move seq to uint64 to match recent changes in seq processing.

BIT-1129 #merged
 2014-05-15 11:39:05 -07:00
Robin Sommer
ebc8ebf5f9 Merge remote-tracking branch 'origin/master' into topic/robin/radius-merge 
Conflicts:
	scripts/base/init-default.bro
 2014-05-15 11:10:11 -07:00
Bernhard Amann
ccccda6da8 Merge remote-tracking branch 'origin/master' into topic/bernhard/even-more-ssl-changes 2014-05-15 10:59:13 -07:00
Bernhard Amann
10cc44b37f Add tls flag to smtp.log. Will be set if a connection switched to startls. 2014-05-15 10:53:11 -07:00
Seth Hall
c536db0feb Merge remote-tracking branch 'origin/topic/bernhard/ticket1177' 
* origin/topic/bernhard/ticket1177:
  define empty request_key method for sumstats in cluster mode.
 2014-05-15 13:50:16 -04:00
Bernhard Amann
388b8f92ec add starttls support for pop3 2014-05-15 10:25:21 -07:00
Bernhard Amann
6bc914458b Add smtp starttls support 2014-05-15 09:59:43 -07:00
Vlad Grigorescu
0706567e68 Merge branch 'topic/vladg/radius' of ssh://git.bro.org/bro into topic/vladg/radius 2014-05-15 11:50:58 -04:00
Vlad Grigorescu
9ab4744072 Radius functionality and memleak test. 2014-05-15 11:49:03 -04:00
Vlad Grigorescu
a3e00322a2 Update test baselines. 2014-05-15 11:18:00 -04:00
Vlad Grigorescu
d88f8d77cb Move seq to uint64 to match recent changes in seq processing. 2014-05-15 09:47:20 -04:00
Vlad Grigorescu
df99f87dbf Merge origin/master into topic/vladg/radius 2014-05-14 23:23:08 -04:00
Robin Sommer
bbd409d274 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
(Never good to name a branch after version anticipated to include it ...)
 2014-05-14 16:23:04 -07:00
Bernhard Amann
746c073729 Replace errors when parsing x509 certs with weirds (as requested by Seth). 
The one I did not replace is a malloc issue which I think really should
raise an error.
 2014-05-14 15:53:26 -07:00
Bernhard Amann
5bd0c3fcaf move tls content types from heartbleed to consts.bro. Seems better to put them there... 2014-05-14 15:45:47 -07:00
Bernhard Amann
f0b244b8b0 Add new features from other branch to the heartbleed-detector (and clean them up). 
We should now quite reliably detect scans/attacks, even when encrypted and not succesful.
 2014-05-14 15:42:27 -07:00
Robin Sommer
37dd331256 Updating submodule(s). 
[nomail]
 2014-05-08 17:08:41 -07:00
Robin Sommer
96bcc2d69d Merge branch 'topic/robin/bit-348-merge' 
* topic/robin/bit-348-merge:
  Fixing compiler warnings.
  Update SNMP analyzer's DeliverPacket method signature.
  Fix reassembly of data w/ sizes beyond 32-bit capacities (BIT-348).

BIT-348 #merged
 2014-05-08 16:33:59 -07:00