Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11922 commits 384 branches 198 tags 285 MiB
Commit graph

11922 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vern Paxson
98f549d65d ReplaceBody now deletes a body if the replacement is nil 2021-06-04 16:56:29 -07:00
Vern Paxson
2ec2e1e7d7 removal of can't-actually-be-executed code 2021-06-04 16:54:11 -07:00
Tim Wojtulewicz
9fbbcaad8f Merge remote-tracking branch 'origin/topic/timw/analyzer-deprecations' 
* origin/topic/timw/analyzer-deprecations:
  Add deprecated headers for UDP and ICMP analyzers
 2021-06-04 08:29:43 -07:00
Tim Wojtulewicz
d15fca7e17 Merge remote-tracking branch 'origin/topic/timw/fix-ip-header-length-checking' 
* origin/topic/timw/fix-ip-header-length-checking:
  Fix handling of IP packets with bogus IP header lengths
 2021-06-04 08:28:57 -07:00
Tim Wojtulewicz
3dac5ed809 Merge remote-tracking branch 'origin/topic/christian/gh-1572' 
* origin/topic/christian/gh-1572:
  Make update-traces fail when the curl invocation fails
 2021-06-03 09:28:11 -07:00
Christian Kreibich
c96a177d88 Make update-traces fail when the curl invocation fails 2021-06-02 19:12:46 -07:00
zeek-bot
41b077d2cf Update doc submodule [nomail] [skip ci] 2021-06-03 00:50:48 +00:00
Tim Wojtulewicz
cdc62efa73 Add deprecated headers for UDP and ICMP analyzers 2021-06-02 15:52:10 -07:00
Christian Kreibich
cd8beb173a Merge branch 'topic/christian/ci-freebsd-13' 
* topic/christian/ci-freebsd-13:
  Add FreeBSD 13 to CI
 2021-06-02 15:10:14 -07:00
Christian Kreibich
246387c465 Merge branch 'topic/christian/ci-fedora-34' 
* topic/christian/ci-fedora-34:
  Add Fedora 34 to CI
 2021-06-02 15:07:40 -07:00
Tim Wojtulewicz
079ac1654f Merge remote-tracking branch 'origin/topic/timw/1114-tcp-analyzer' 
* origin/topic/timw/1114-tcp-analyzer:
  Update NEWS [skip ci]
  Label session adapters in the output of zeek -NN
  Split session adapter code into separate files from the analyzers
  Move adapter-specific code back into the adapter
  Move ICMP counterpart methods outside of ICMPAnalyzer class
  Remove obsolete Skipping()/SetSkip() from Connection
  Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented
  Move TCPStateStats object out of session_mgr
  Move analyzer-to-port mapping out of analyzer::Manager into packet analyzers
  Move packet parsing code out of adapter into analyzer
  Move old TCP analyzer into analyzer adapter in packet analysis tree
 2021-06-02 13:22:45 -07:00
Tim Wojtulewicz
d7848229ea Update NEWS [skip ci] 2021-06-02 13:20:59 -07:00
Tim Wojtulewicz
1f94b8f250 Label session adapters in the output of zeek -NN 2021-06-02 13:20:11 -07:00
Tim Wojtulewicz
5433f2936e Split session adapter code into separate files from the analyzers 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
b6ab22e9fb Move adapter-specific code back into the adapter 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
1eed8b7f67 Move ICMP counterpart methods outside of ICMPAnalyzer class 
These were previously global methods in the old analyzer, and moving them
to be private members of ICMPAnalyzer broke the usage of them by at least
one external plugin.
 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
12d768d0d8 Remove obsolete Skipping()/SetSkip() from Connection 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
08fb5d76ee Remove some code from IPBasedAnalyzer and children that was waiting for TCP to be implemented 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
4114bbebf0 Move TCPStateStats object out of session_mgr 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
9e1f6f95aa Move analyzer-to-port mapping out of analyzer::Manager into packet analyzers 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
d6c74373c7 Move packet parsing code out of adapter into analyzer 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
f6e31107e1 Move old TCP analyzer into analyzer adapter in packet analysis tree 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
b171f94729 Merge remote-tracking branch 'zeek-security/topic/timw/mobile-ipv6-overflow' 
* zeek-security/topic/timw/mobile-ipv6-overflow:
  Add some extra length checking when parsing mobile ipv6 packets
 2021-06-02 10:02:59 -07:00
Christian Kreibich
57c0a2a445 Add FreeBSD 13 to CI 2021-06-02 09:46:48 -07:00
Christian Kreibich
c9e91ada8c Add Fedora 34 to CI 2021-06-02 09:46:27 -07:00
Tim Wojtulewicz
9a6959d633 Merge remote-tracking branch 'origin/topic/jsiwek/improve-netbios-toupper' 
* origin/topic/jsiwek/improve-netbios-toupper:
  Replace toupper() usages in netbios decoding BIFs
 2021-06-01 19:12:09 -07:00
zeek-bot
1bbe5427da Update doc submodule [nomail] [skip ci] 2021-06-02 00:50:53 +00:00
Tim Wojtulewicz
ff79a58f59 Merge remote-tracking branch 'origin/topic/neverlord/telemetry-scraper' 
* origin/topic/neverlord/telemetry-scraper:
  Integrate review feedback
  Sync new broker options, fix name inconsistencies
  Integrate new Broker metric exporter parameters
 2021-06-01 10:19:46 -07:00
Tim Wojtulewicz
ca4d0321f1 Merge remote-tracking branch 'sigkillchris/sigkillchris-patch-1' 
* sigkillchris/sigkillchris-patch-1:
  Update detect-MHR.zeek
 2021-06-01 09:52:17 -07:00
Tim Wojtulewicz
7393e13d67 Merge remote-tracking branch 'origin/topic/jsiwek/gh-839-fix-optional-subrecord-table-indices' 
* origin/topic/jsiwek/gh-839-fix-optional-subrecord-table-indices:
  GH-839: Fix use of &optional sub-records within table/set indices
 2021-06-01 09:39:54 -07:00
Chris C
ada482c0e3
Update detect-MHR.zeek 
Update Virustotal URL to current
option match_sub_url = "https://www.virustotal.com/gui/search/%s";
 2021-05-28 14:46:19 -05:00
Tim Wojtulewicz
0e34f2e02f Fix handling of IP packets with bogus IP header lengths 
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34711
(Link to details becomes public 30 days after patch release)
 2021-05-27 16:33:50 -07:00
Jon Siwek
f861a194f9 Update submodule(s) [nomail] [skip ci] 2021-05-27 13:53:38 -07:00
Jon Siwek
77f1ede661 GH-839: Fix use of &optional sub-records within table/set indices 2021-05-26 13:28:13 -07:00
Tim Wojtulewicz
5f57daf9d1 Ensure SessionAdapter members are initialized 
Fixes Coverity #1453273
 2021-05-26 10:53:08 -07:00
Robin Sommer
815b8cbcc9 Merge remote-tracking branch 'origin/topic/robin/file-api-extension' 
* origin/topic/robin/file-api-extension:
  Extend the file analyzer API to set source manually.
 2021-05-26 08:08:09 +02:00
Dominik Charousset
44ca01eb18 Merge branch master into topic/neverlord/telemetry-scraper 2021-05-26 08:06:13 +02:00
Dominik Charousset
3f4b340abb Integrate review feedback 2021-05-26 08:05:14 +02:00
Dominik Charousset
7767c3d36c Sync new broker options, fix name inconsistencies 2021-05-25 17:22:45 +02:00
Robin Sommer
355ecc0c43 Extend the file analyzer API to set source manually. 
The API didn't offer methods for passing in data that allow setting
all of offset, source and MIME type. Adding overloads for that (no
breakage to existing APIs).
 2021-05-25 13:33:25 +02:00
zeek-bot
f38eae06f1 Update doc submodule [nomail] [skip ci] 2021-05-25 00:37:23 +00:00
Jon Siwek
ee7c275479 Update submodule(s) [nomail] 2021-05-24 15:24:16 -07:00
Jon Siwek
7185a71960 Update Broker submodule for bump of embedded CAF to 0.18.3 2021-05-24 15:05:19 -07:00
Jon Siwek
cdab601223 Replace toupper() usages in netbios decoding BIFs 
This avoids potential for locale-dependent results of toupper() by
instead using a function that simply maps ASCII characters a-z to A-Z.
 2021-05-24 13:11:47 -07:00
Tim Wojtulewicz
aa09e02117 Merge remote-tracking branch 'origin/topic/timw/1114-analyzers' 
* origin/topic/timw/1114-analyzers:
  Add type field to session::Key to help avoid collisions in map
  Move bad UDP checksum handling into adapter object
  Rename IPBasedTransportAnalyzer to SessionAdapter
  Move building session analyzer tree out of analyzer::Manager
  Rework the packet flow through the IP-based analyzers
  Add new UDP packet analyzer, remove old one
  Add new ICMP packet analyzer, remove old one
  Add base class for IP-based packet analyzers
  Move SessionManager::ParseIPPacket to IP analyzer's namespace
  Added skeletons for TCP/UDP/ICMP packet analysis plugins.
 2021-05-24 12:40:00 -07:00
Dominik Charousset
f9cd05f00b Integrate new Broker metric exporter parameters 2021-05-24 17:20:48 +02:00
Tim Wojtulewicz
54271657a8 Add some extra length checking when parsing mobile ipv6 packets 
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34263
(Link to details becomes public 30 days after patch release)
 2021-05-20 15:32:07 -07:00
Tim Wojtulewicz
3a8047f535 Add type field to session::Key to help avoid collisions in map 2021-05-20 11:00:11 -07:00
Tim Wojtulewicz
30ab914cd8 Move bad UDP checksum handling into adapter object 2021-05-18 15:19:12 -07:00
Tim Wojtulewicz
b22ce6848f Rename IPBasedTransportAnalyzer to SessionAdapter 
This also also combines the old TransportLayerAnalyzer class into
SessionAdapter, and removes the old class. This requires naming changes
in a few places but no functionality changes.
 2021-05-18 15:19:12 -07:00