Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8391 commits 387 branches 195 tags 255 MiB
Commit graph

1347 commits

Author SHA1 Message Date
Jon Siwek
0f55080625 GH-184: add bro-config --build_type, outputs CMake build type 2018-10-05 14:27:12 -05:00
Jon Siwek
0350004f1e Add return value checks for some RPC parsing functions 2018-10-04 11:33:57 -05:00
Jon Siwek
894b24d180 Improve broker.remote_id unit test 2018-10-03 15:50:07 -05:00
Jon Siwek
3c395aa22d Fix memory leak in broker type checking 2018-10-03 11:10:32 -05:00
Jon Siwek
98181dd67c Update testing/btest/README 2018-10-02 16:05:38 -05:00
Jon Siwek
0c02b11226 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add some missing @TEST-REQUIRES to a few tests
 2018-09-25 16:38:50 -05:00
Jon Siwek
c32b359e7e Merge branch 'master' of https://github.com/Neverlord/bro 
* 'master' of https://github.com/Neverlord/bro:
  Fix BasicThread::SetOSName on FreeBSD
 2018-09-24 10:56:31 -05:00
Jon Siwek
f7da111d1c Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some broken @TEST-REQUIRES
 2018-09-21 13:29:44 -05:00
Jon Siwek
2ede95422b Emit missing GeoIP database errors only once at startup 
Instead of one error per lookup.
 2018-09-21 13:27:27 -05:00
Jon Siwek
d7097635f4 Fix compile error in MMDB GeoIP code 
Seems to be from the ambiguity addressed via [1].  In C++11,
the compiler could treat it as an initializer list ctor instead
of a copy constructor for a single-element list.

[1] http://open-std.org/JTC1/SC22/WG21/docs/cwg_defects.html#1467
 2018-09-21 10:22:03 -05:00
Jon Siwek
c75d1d0521 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add a missing "break" in OSFinger.cc
  Fix buffer sizes in the rotate_file function
 2018-09-20 13:16:04 -05:00
Jon Siwek
c2c5754e28 Merge branch 'topic/jazoff/sqli-policy-hook' of https://github.com/JustinAzoff/bro 
* 'topic/jazoff/sqli-policy-hook' of https://github.com/JustinAzoff/bro:
  add sqli_policy hook
 2018-09-19 15:22:45 -05:00
Jon Siwek
3a66bc7c9d Updating CHANGES and VERSION. 2018-09-18 16:54:20 -05:00
Jon Siwek
43363ce51b Updating CHANGES and VERSION. 2018-09-18 15:21:31 -05:00
Jon Siwek
114cd2c860 Updating CHANGES and VERSION. 2018-09-12 20:19:51 -05:00
Jon Siwek
161aae828a Merge remote-tracking branch 'origin/topic/seth/fix-raw-reader-subprocess-exit' 
* origin/topic/seth/fix-raw-reader-subprocess-exit:
  Fix an issue with raw reader culling streams for dead processes.

Updated the 'exec' utility to no longer remove input streams for
processes that are finished as the core C++ code will take care of that
(and trying to remove a stream multiple times emits a warning message).
 2018-09-11 13:05:40 -05:00
Jon Siwek
13483e4892 Try to fix a rare broker test instability 2018-09-10 19:47:53 -05:00
Jon Siwek
4d7b0387ea Stabilize a unit test. 2018-09-10 18:35:08 -05:00
Jon Siwek
7e26bfe07f Fix recursive type checks/casts of broker data into type 'any' 2018-09-10 14:55:50 -05:00
Jon Siwek
4bd6da7186 Update default Broker/CAF thread tuning 2018-09-07 17:50:28 -05:00
Jon Siwek
9af0255ef7 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update NEWS explaining Bro runs as 1 process instead of 2
  Update NEWS for changes to broctl "top" command output
 2018-09-07 11:24:57 -05:00
Jon Siwek
73c8cf733a Give Cluster::rr_topic "key" argument a default value 2018-09-07 09:58:57 -05:00
Jon Siwek
c73bb8fdc4 Disable broker message forwarding by default 
Still finding it to not be foolproof enough to enable generally for all
nodes in a cluster.  Specific/advanced use-cases may still consider
enabling, possibly just for specific nodes.
 2018-09-06 18:32:22 -05:00
Jon Siwek
ddcd7f3405 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Added a documentation comment for the Input::Event type
  Update NEWS
  Update the install documentation
  Fix a typo and indentation in the configure script
  Add krb5 devel package to Travis docker containers
 2018-09-06 08:59:43 -05:00
Jon Siwek
b99be6458b Merge remote-tracking branch 'origin/topic/johanna/weird-options' 
* origin/topic/johanna/weird-options:
  Update test baselines (weird options)
  Weird settings: make constants into options.
  Permit weird sampling rate of 0.
 2018-09-05 16:57:08 -05:00
Jon Siwek
f00e2167a7 BIT-1208: remove unused weirds from Weird::actions table 2018-09-05 15:13:38 -05:00
Robin Sommer
e275927a64 Fix printf format specification for reporting packet stats. 
We were using '%d' for unsigned integers, leading to output like this:

    1535403189.557168 -483803356 packets received on interface 0:1, 0 dropped
 2018-09-05 19:32:15 +00:00
Jon Siwek
60da98fa73 Merge remote-tracking branch 'origin/topic/seth/ntlm-fixes' 
* origin/topic/seth/ntlm-fixes:
  Test baseline updates.
  Updates to NTLM script handling.
 2018-09-04 17:18:56 -05:00
Jon Siwek
fcca789bc7 Improve update-changes output 2018-09-04 12:11:39 -05:00
Jon Siwek
07aac5f84f Sort output of a coverage unit test 2018-09-04 12:09:20 -05:00
Jon Siwek
ced5718071 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix the find-bro-logs.test
  Fix typos/formatting in NEWS
 2018-09-04 09:29:25 -05:00
Jon Siwek
56c14fb6d5 Update NEWS (finalizations/formatting) 2018-08-31 17:30:50 -05:00
Jon Siwek
d1e4dbe5e3 Improve make dist 2018-08-31 15:34:28 -05:00
Johanna Amann
33a8e7a7c7 Merge remote-tracking branch 'origin/topic/jsiwek/at-deprecated' 
* origin/topic/jsiwek/at-deprecated:
  Add @deprecate to policy/protocols/smb/__load__.bro
  Add @deprecated directive
 2018-08-31 09:06:52 -07:00
Jon Siwek
57a505b0e4 Allow loading policy/protocols/smb once again 
It just redirects to base/protocols/smb
 2018-08-30 16:07:04 -05:00
Jon Siwek
1baf946e52 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Update NEWS with more info about runtime options
 2018-08-30 09:51:41 -05:00
Jon Siwek
7e6fc58ab4 Merge remote-tracking branch 'origin/topic/johanna/tls-more-data' 
* origin/topic/johanna/tls-more-data:
  Update NEWS for ssl changes.
  SSL: test updates for record_layer version
  Final touches to SSL events with record layer version.
  Introduce ssl_plaintext_data event.
  Add record layer version to event ssl_encrypted_data.
  Add compression methods to ssl_client_hello event.
 2018-08-30 09:48:25 -05:00
Robin Sommer
82862d8114 Baseline update. 2018-08-30 00:11:38 +00:00
Robin Sommer
6de436f3f6 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1967' 
* origin/topic/jsiwek/bit-1967:
  Fix a routing loop in control framework
  Add Broker::forward() function
  Enable implicit Broker message forwarding by default
  Remove Cluster::broadcast_topic
  Remove Intel Broker topics, re-use existing Cluster topics
  Remove "relay" family of Broker functions
 2018-08-30 00:08:12 +00:00
Jon Siwek
611c00a605 Merge remote-tracking branch 'origin/topic/johanna/bit-1976' 
* origin/topic/johanna/bit-1976:
  Allow event/function definitions to be wrapped in directives.

Fixed to work with attributes (e.g. &priority).
 2018-08-29 18:28:54 -05:00
Jon Siwek
01300f8706 Fix a unit test 2018-08-29 17:23:48 -05:00
Jon Siwek
fa7fa5aa2b Update unit test baseline for new BinPAC output 2018-08-29 14:59:35 -05:00
Johanna Amann
4fd6cbd138 Merge remote-tracking branches 'origin/topic/dnthayer/ticket1963' and 'origin/topic/jsiwek/improve-input-reread' 
* origin/topic/dnthayer/ticket1963:
  Convert more redef-able constants to runtime options

* origin/topic/jsiwek/improve-input-reread:
  Improve input framework re-read logic
 2018-08-28 14:36:28 -07:00
Johanna Amann
e055f9b36b Merge remote-tracking branch 'origin/topic/dnthayer/ticket1963' 
* origin/topic/dnthayer/ticket1963:
  Add a missing initializer to a runtime option
  Convert more redef-able constants to runtime options
 2018-08-24 18:05:34 -07:00
Johanna Amann
82cefd23c4 Fix base/misc/version.bro version parsing 
Turns out that base/misc/version.bro did not parse Bro versions
correctly in case the version is just 2.5-12 or similar. This commit
fixes this oversight and adds a few more small testcases.
 2018-08-24 17:25:16 -07:00
Jon Siwek
1eeecf5fcc Stabilize a cluster logging unit test 2018-08-24 14:58:43 -05:00
Jon Siwek
5c9813eadb Merge branch 'topic/feature/upstream/refresh-maxmind-db' of https://github.com/corelight/bro 
* 'topic/feature/upstream/refresh-maxmind-db' of https://github.com/corelight/bro:
  Detect MaxMind DB changes and auto-reload
 2018-08-24 10:27:26 -05:00
Jon Siwek
d43238fe69 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix finding of kerberos and libmaxminddb in CMakeLists.txt
 2018-08-23 16:55:50 -05:00
Jon Siwek
b9dfca7789 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Improve readability of the Travis job log
 2018-08-23 15:21:25 -05:00
Robin Sommer
45338b1942 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1885' 
* origin/topic/jsiwek/bit-1885:
  BIT-1885: fix input framework memory leak
  Increase timeout for a memleak test
 2018-08-23 15:53:35 +00:00