Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
7932 commits 388 branches 195 tags 268 MiB
Commit graph

7932 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
4b0eb8127d Changes to add comments per enum or record type field. 2011-03-14 11:50:46 -05:00
Seth Hall
c212f28130 Fixed ftp.bro so that it's extensible by users. 2011-03-14 12:01:12 -04:00
Robin Sommer
b68d50d717 Updating submodule(s). 2011-03-11 18:41:45 -08:00
Robin Sommer
e1052b93b0 Test commit. 2011-03-11 18:39:14 -08:00
Robin Sommer
7d3ff49607 New submodule location. 2011-03-11 18:33:44 -08:00
Don Appleman
277136ecfc Merge branch 'topic/policy-scripts' of git://git.icir.org/bro into topic/policy-scripts 2011-03-11 17:05:06 -06:00
Don Appleman
e7c7929d35 Remove unused code; conform to naming conventions; relocate more state to export section 2011-03-11 17:04:30 -06:00
Seth Hall
e8526a0c05 Tiny cleanup to notice.bro 2011-03-11 15:07:24 -05:00
Seth Hall
50acf152bd More software fixes (and successful tests!). 
* SSH now removes the protocol information for detecting the actual software and not protocol used.
* Updates for the default version parsing.
* No longer testing default version parsing for the $addl field.  It doesn't seem to be generically extractable.
 2011-03-11 15:07:07 -05:00
Seth Hall
65c3cb6faf Updates for detecting and logging software. 
* Tests for the default software version parsing (showing how broken it is!)
* Software::cmp_versions(v1: Version, v2: Version) is now exported
* Many small naming tweaks to adjust to namespaces.
 2011-03-11 13:51:31 -05:00
Robin Sommer
0f854315e9 New test. 2011-03-10 18:18:58 -08:00
Robin Sommer
45ebfbb2b8 Bug fixes. 
- Fixing a crash with an invalid pointer.

- Fixing a namespacing problem with is_ftp_data_conn() and check_relay_3().

- Fixing the do-we-have-an-event-handler-defined check.

Standard test-suite passes.

Seth, I think you can give it a try now ...
 2011-03-10 18:18:01 -08:00
Jon Siwek
15fd5297a3 Fixes for declared type ID tracking & adding DescribeReST()'s 
Changed BroType to track a char* instead of an ID* that represents
the declared type's identifier.  It was also necessary to serialize
this information or else it can be lost (e.g. FieldDecl's in RecordType
always seem to get serialized at some point).

DescribeReST() functions added to many classes to get the output
closer to being reST compatible; still needs tweaking for Sphinx
(reST->HTML) compatibility.
 2011-03-10 16:22:45 -06:00
Seth Hall
da90961197 Another software documentation nit. 2011-03-10 16:53:18 -05:00
Seth Hall
ad054d0dcf New software.bro API function for constructing an Info record from a raw version string. 2011-03-10 16:51:22 -05:00
Seth Hall
b7e59a717b Documentation nit fixed. 2011-03-10 16:42:24 -05:00
Seth Hall
e105a7f948 software.bro now more complete and documented. 
* Currently doesn't cause any errors in Bro.
* Hasn't been tested yet.
* No scripts call the API yet to register software.
 2011-03-10 16:41:11 -05:00
Seth Hall
d3432829c9 Fixed some problems with the FTP analysis. 
* DPD configuration was lost and is now back.
* The logged timestamp is now the time of the request.
* Added a notice named: FTP_Site_Exec_Success
 2011-03-10 13:14:31 -05:00
Seth Hall
4c8650f552 The global NOTICE function is back. 
There is a small shim function placed into the
global namespace now that forwards the call to
the appropriate function in the Notice namespace.
 2011-03-10 13:12:38 -05:00
Seth Hall
05b689f10f DPD is now enabled by default. 2011-03-10 13:11:54 -05:00
Seth Hall
0bae127b3e Started rewrite of software.bro 
* Not working at the moment.
 2011-03-10 13:11:34 -05:00
Seth Hall
8fff1d70fd ftp.bro is done except for a few points 
* Documentation needs fleshed out.
* TODOs are noted throughout the source.
 2011-03-10 09:04:48 -05:00
Robin Sommer
871561939b Updating baselines. 2011-03-09 19:42:24 -08:00
Robin Sommer
170a8bd403 Setting random number generator seed in btest.cfg. 2011-03-09 19:42:24 -08:00
Robin Sommer
d54c705898 Adding new environment variable BRO_SEED_FILE to set the seed file for 
the random number generator.

This works like the corresponding command line option but is more
convinient when writing tests as it can be set in btest.cfg.
 2011-03-09 19:42:24 -08:00
Robin Sommer
de227b8d88 When creating a new stream, we check now that all log field have 
supported types.

Also not reporting a run-time error anymore when logging to a stream
that hasn't been created; just fail silently as this may happen due to
other earlier errors.
 2011-03-09 19:42:24 -08:00
Robin Sommer
5beee9e45e Updating TODO. 
Just one to go. :)
 2011-03-09 18:08:17 -08:00
Robin Sommer
89e8ea7353 Enums are now logged with their ID names, not anymore with their 
numerical values.
 2011-03-09 18:06:50 -08:00
Robin Sommer
c6e3174bc8 The logging systems now supports fields of type set[<atomic_type>]. 2011-03-09 18:01:41 -08:00
Robin Sommer
52c54859b6 Bugfix: the header line was ending with a separator. 
Test baselines needed adaption as well.
 2011-03-09 16:55:29 -08:00
Robin Sommer
b69ecff3ee More options for the ASCII writer. 
# The prefix for the header line if included.
	const header_prefix = "# " &redef;

	# The string to use for empty string fields.
	const empty_field = "" &redef;

	# The string to use for an unset optional field.
	const unset_field = "-" &redef;
 2011-03-09 16:52:46 -08:00
Robin Sommer
cb9e0a5d5a If a field value contains the separator, that is now escape with hex 
characters.
 2011-03-09 16:26:11 -08:00
Jon Siwek
287a3a3cb8 Changes to parser to pass along identifiers to doc framework. 2011-03-09 15:47:58 -06:00
Don Appleman
670ceb94d3 Switched to using SSL::Log as the type for the state table; moved state table into export section; added &default=F for weak ciphers booleans; combined two handlers for event bro_init(); reduced number of dependencies; updated to use Notice:: namespace as needed; deleted obsolete code; added documentation 2011-03-09 15:23:33 -06:00
Jon Siwek
1310f2387c Changing BroDocObj wrapper class to wrap ID instead of BroObj. 2011-03-09 15:10:05 -06:00
Jon Siwek
1c962cbb89 Changes to make declared types track their identifier. 
Only occurs when in documentation mode.
 2011-03-09 14:53:22 -06:00
Jon Siwek
9282e0adff Add explicit CMake check for compiler 2011-03-09 11:48:00 -06:00
Robin Sommer
c6d20dbfdf Adding a few options to the ASCII writer. 
module LogAscii;

export {
	# Output everything to stdout rather than into files. This is primarily
	# for testing purposes.
	const output_to_stdout = F &redef;

	# The separator between fields.
	const separator = "\t" &redef;

	# True to include a header line with column names.
	const include_header = T &redef;
}
 2011-03-08 21:44:46 -08:00
Robin Sommer
26eab74ecc The ASCII writer can now deal with /dev/* paths. 
It will not longer try to add a ".log" extension.
 2011-03-08 17:59:05 -08:00
Robin Sommer
4b7c5905f1 New functions Log::disable_stream() and Log::enable_stream(). 
When disabled, all outout to a stream will be ignored (but no error
raised).
 2011-03-08 17:54:11 -08:00
Robin Sommer
88d114053c Removing unnessary namespace qualifiers in logging.bro. 2011-03-08 17:32:21 -08:00
Robin Sommer
5d8b9f2e74 New function Log::get_filter() that allows to retrieve previously 
installed filter by name.

This filter can then be modified and reinstalled via add_filter(),
which will replace the old one with the same name.
 2011-03-08 17:31:46 -08:00
Robin Sommer
b8ee425e0d Adding test for per-file rotation. 2011-03-08 16:33:06 -08:00
Robin Sommer
df54cc6e78 New table Log::rotation_control that enables to control rotation 
for individual files, overriding defaults.

The interface isn't the greatest but the best I can come up with right
now.
 2011-03-08 16:30:53 -08:00
Robin Sommer
eb736a34b3 '[]' is now a valid record ctor. 2011-03-08 16:28:59 -08:00
Robin Sommer
83bd6584ee Enabling record coercion for a table's &default attribute. 2011-03-08 16:27:07 -08:00
Robin Sommer
51f9cb2ac5 Updating test baseline after fixing an older bug in previous commit. 2011-03-08 16:26:31 -08:00
Seth Hall
03044c329e Initial movement towards rewritten ftp.bro script. 
* All NOTICE functionality is currently removed.
* All "hot" functionality is removed.
 2011-03-08 17:01:29 -05:00
Don Appleman
723b46a410 Merge branch 'topic/policy-scripts' of git://git.icir.org/bro into topic/policy-scripts 2011-03-07 14:49:24 -06:00
Don Appleman
fd3ba87cae Initial drop of updated ssl.bro 2011-03-07 14:48:35 -06:00