Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19623 commits 387 branches 195 tags 255 MiB
Commit graph

13 commits

Author SHA1 Message Date
Tim Wojtulewicz
5e5aceb6f7 Rename protocol_id field to ip_proto and similar renaming for name field 2024-11-13 12:02:00 -07:00
Tim Wojtulewicz
35ec9733c0 Add conn.log entries for connections with unhandled IP protocols 2024-11-13 11:25:40 -07:00
Christian Kreibich
1843e2daae Update btest baselines to reflect the use of local address ranges. 2023-03-15 17:11:04 -07:00
Christian Kreibich
0b674eb851 Baseline refresh to reflect btest 0.64 2020-12-06 20:19:49 -08:00
Tim Wojtulewicz
21872aef39 Updating test baselines for new dictionary code due to changes in ordering of fields in the dictionary 2020-08-09 21:13:10 -07:00
Tim Wojtulewicz
01207c0720 Fix unit tests for new ordering from NetSessions::Drain 2019-08-21 09:24:02 -04:00
Johanna Amann
6f9524e082 Make tunnel_parents in conn.log optional. 
This makes conn.logs a bit prettier (and smaller) because all lines that
do not use a tunnel will now have a "-" instead of the "(empty)" for
tunnel_parents.
 2018-01-12 13:46:00 -08:00
Johanna Amann
cdb6a1b6e6 Baseline updates after hash function change. 2016-07-13 10:11:37 -07:00
Robin Sommer
0c080bca7a Extendign connection history field to flag when Bro flips a 
connection's endpoints.

The character is '^'.

Addresses BIT-1629.
 2016-07-08 14:56:52 -07:00
Robin Sommer
5dea09b7c1 Baseline updates for the addition of local_resp. 
That patch is a strong contender for the smallest ever ratio of
lines-of-code-changed to lines-of-baselines-updated. :-)
 2015-02-23 16:25:11 -08:00
Bernhard Amann
01d075bf2d Change #types description of sets to set 
Addresses BIT-1163
 2014-04-01 16:25:47 -07:00
Jon Siwek
22bf3e1196 Increase UIDs to 96 bits w/ C/F prefix - BIT-1016 
- The bit-length is adjustable via redef'ing bits_per_uid.

- Prefix 'C' is used for connection UIDS (including IP tunnels) and
  'F' for files.
 2013-08-26 15:36:31 -05:00
Jon Siwek
9edbf3e53c Add GPRS Tunnelling Protocol (GTPv1) decapsulation. 
This currently supports automatic decapsulation of GTP-U packets on
UDP port 2152.

The GTPv1 headers for such tunnels can be inspected by handling the
"gtpv1_g_pdu_packet" event, which has a parameter of type "gtpv1_hdr".

Analyzer and test cases are derived from submissions by Carsten Langer.

Addresses #690.
 2012-10-19 14:02:35 -05:00