Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9067 commits 387 branches 198 tags 286 MiB
Commit graph

9067 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
f6f4e3e8bc GH-527: fix LambdaExpr::Traverse 
Coverity CID 1403966
 2019-08-06 14:47:03 -07:00
Jon Siwek
05bc680d3f GH-527: fix ref-counting issues in Frame unserialization 
Coverity CIDs 1403968, 1403967
 2019-08-06 14:47:03 -07:00
Johanna Amann
7521fec5b3 Update submodule 
[nomail]
 2019-08-06 11:49:12 -07:00
Mauro Palumbo
8e418d3c7b add an empty read_error event to the intel framework (in the export block, so that users can implement further checks with it) 2019-08-06 12:20:47 +02:00
Mauro Palumbo
1011abd5e0 move event Intel::read_entry to export block 2019-08-06 11:17:34 +02:00
Johanna Amann
3080290a5e Merge remote-tracking branch 'origin/topic/jsiwek/gh-474-mqtt-option' 
* origin/topic/jsiwek/gh-474-mqtt-option:
  GH-474: change MQTT::max_payload_size to be a runtime option

Relates to GH-474
 2019-08-05 21:06:50 -07:00
Jon Siwek
cc91ab5d9e Fix malformed SMB documentation 2019-08-05 19:00:43 -07:00
Jon Siwek
1eb1771c25 Fix documentation warnings for MQTT identifiers 
I.e. a type was not in the export section, but a field was added
to connection record via a redef that uses the "hidden" type.
That generally doesn't help to hide it that way since a user comes
to rely on it indirectly anyway, and it also causes problems with
the Zeekygen documentation not being able to find it.
 2019-08-05 18:55:48 -07:00
Jon Siwek
35c42b4b09 GH-474: change MQTT::max_payload_size to be a runtime option 2019-08-05 18:11:54 -07:00
Jon Siwek
704969ddd6 Merge remote-tracking branch 'origin/topic/johanna/disable-mqq-by-default' 
* origin/topic/johanna/disable-mqq-by-default:
  Disable MQTT by default
 2019-08-05 17:33:25 -07:00
Johanna Amann
0f96a9dedf Disable MQTT by default 
To enable MQTT, one has to load policy/scripts/mqtt. Like with smb in
2.5, the consts are loaded by default.
 2019-08-05 17:04:39 -07:00
Tim Wojtulewicz
337da50da6 Add new LogAscii::gzip_file_extension option. 
This can be used with the LogAscii::gzip_level option to set the file extension of log files when they are compressed at creation time.
 2019-08-05 14:36:34 -07:00
Johanna Amann
39b9468f9d Merge remote-tracking branch 'origin/topic/jsiwek/gh-474-mqtt-improvements' 
* origin/topic/jsiwek/gh-474-mqtt-improvements:
  GH-474: add MQTT::max_payload_size option
  GH-474: use topic vectors for MQTT (un)subscribe events/logs

Relates to #520
 2019-08-05 10:26:40 -07:00
Jon Siwek
5f4c04c900 Updating submodule(s). 
[nomail]
 2019-08-02 18:24:51 -07:00
Jon Siwek
6bc947a48e GH-474: add MQTT::max_payload_size option 
This caps size of payload strings within mqtt_publish events and
mqtt_publish.log files.  A new "payload_len" field in the log file
shows the real payload size in cases where it may have been truncated.
 2019-08-02 14:28:55 -07:00
Jon Siwek
c43e809a69 GH-474: use topic vectors for MQTT (un)subscribe events/logs 2019-08-02 13:48:43 -07:00
Johanna Amann
649d9f502b Update Certificate Transparency list 2019-08-02 12:43:43 -07:00
Johanna Amann
6f25125443 Update CA store to NSS 3.45 
This also required updating a test that required a root-certificate that
was removed from the Mozilla store - the test now directly includes that
specific root-cert.
 2019-08-02 12:36:54 -07:00
Jon Siwek
d2eed166bd GH-517: fix MQTT suback/unsuback accessing non-existent index 2019-08-02 11:57:46 -07:00
Jon Siwek
b3884de2e5 Fix how Broker/CAF sleep duration options are set 
With CAF 0.17.0, these are now reporting an incorrect option name
was being used.
 2019-08-02 11:33:00 -07:00
Tim Wojtulewicz
bbf49406c1 DFA: remove uses of PDict 2019-08-02 09:45:50 -07:00
Tim Wojtulewicz
acff8d5a2b EventRegistry: remove uses of PDict 2019-08-02 09:45:50 -07:00
Johanna Amann
6fa0f4ac49 Merge remote-tracking branch 'origin/topic/johanna/conn-duration-thresholds' 
* origin/topic/johanna/conn-duration-thresholds:
  Add duration thresholding to the conn-size analyzer.
 2019-08-01 14:20:49 -07:00
Johanna Amann
f9ee0079a5 Merge remote-tracking branch 'origin/topic/jsiwek/lambda-name-fixes' 
* origin/topic/jsiwek/lambda-name-fixes:
  Guarantee unique internal name for each lambda function
  Use consistent hashing method for internal lambda function names
 2019-08-01 13:37:45 -07:00
Johanna Amann
ca36728a4e Merge remote-tracking branch 'origin/topic/jsiwek/gh-514-improve-addr-conversion-errors' 
* origin/topic/jsiwek/gh-514-improve-addr-conversion-errors:
  Improve error messages from to_addr and to_subnet BIFs
 2019-08-01 13:15:43 -07:00
Jon Siwek
70359c703f Fix a test that used a hardcoded Broker port 2019-08-01 12:28:50 -07:00
Jon Siwek
21bc1b6703 Updating submodule(s). 
[nomail]
 2019-08-01 12:07:26 -07:00
Johanna Amann
9d489cde20 Add duration thresholding to the conn-size analyzer. 
Now, in addition to setting thresholds for bytes and packet, one can set
a threshold for connection duration. Note that the threshold event is
only raised once the next packet in the connection is seen.

This also fixes a small pre-existing bug, in which a bunch of warnings
were raised if someone just used the lower-level functions without going
through the higher-level scripting API.
 2019-08-01 11:57:40 -07:00
Jon Siwek
11f90bc9f5 GH-512: add --mandir configure option 2019-08-01 11:26:18 -07:00
Jon Siwek
68b0e1d54d Updating submodule(s). 
[nomail]
 2019-08-01 11:22:26 -07:00
Jon Siwek
ec4df80c67 Improve error messages from to_addr and to_subnet BIFs 
Related to GH-514
 2019-08-01 10:49:03 -07:00
Jon Siwek
ac7daf8456 Merge branch 'master' of https://github.com/zeek/zeek 2019-07-31 21:31:55 -07:00
Jon Siwek
ee28e9e9f3 Merge remote-tracking branch 'origin/topic/seth/mqtt' 
* origin/topic/seth/mqtt:
  Bug fixes and test baseline updates
  Fix an issue with bro_init -> zeek_init
  MQTT Analyzer heavily updated and ported from the analyzer originally by Supriya Kumar

Adjustments during merge:

* Minor whitespace cleanups
* Some bro to zeek renaming
* Fixed the parsing of unsubscribe messages to generate an event for each topic
 2019-07-31 21:29:38 -07:00
Seth Hall
e6f21b9a0f Fix the link to "good first issue" tickets. 2019-07-31 22:49:01 -04:00
Jon Siwek
09ea4ceb7e Rename a broxygen unit test to zeekygen 2019-07-31 14:25:22 -07:00
Jon Siwek
9b2d7795d5 Fix hello world script in README.md 2019-07-31 14:16:54 -07:00
Jon Siwek
a1d8a21005 Guarantee unique internal name for each lambda function 
By dealing with hash collisions.
 2019-07-31 14:10:29 -07:00
Jon Siwek
8575c9daed Use consistent hashing method for internal lambda function names 
The results of std::hash<std::string> may vary depending on platform.
E.g. test suite failed on macOS due to Linux generating different lambda
function names.
 2019-07-31 12:06:27 -07:00
Seth Hall
22e89bdc70 Fix hello world script in the readme. 2019-07-31 14:43:18 -04:00
Seth Hall
8b6a517c00 Fixes a tiny Bro->Zeek renaming issue 2019-07-31 14:17:46 -04:00
Jon Siwek
851a11086d Merge remote-tracking branch 'origin/topic/seth/506-fix-ntp-analyzer-fields-missing' 
* origin/topic/seth/506-fix-ntp-analyzer-fields-missing:
  Tiny tweaks to try and address ticket #506
 2019-07-31 10:45:25 -07:00
Mauro Palumbo
e206347d1a improve logging with broker store 2019-07-31 17:40:02 +02:00
Seth Hall
7626344122 Tiny tweaks to try and address ticket #506 2019-07-31 11:17:53 -04:00
Mauro Palumbo
1f7f42daea drop services starting with - 2019-07-31 17:07:10 +02:00
Mauro Palumbo
f7a8e8c8fb remove service from key for Cluster::publish_hrw 2019-07-31 16:28:25 +02:00
Mauro Palumbo
55013fa128 remove check for empty services 2019-07-31 16:08:36 +02:00
Mauro Palumbo
780aae8e51 remove empty services and include udp active connections when logging in connection_state_remove 2019-07-31 15:52:43 +02:00
Mauro Palumbo
b4ac0b54fe update tests 2019-07-31 15:48:30 +02:00
Mauro Palumbo
9e1e177621 order list of services in store key 2019-07-31 11:11:28 +02:00
Mauro Palumbo
ddf2d2d8a9 remove repeated services in logs if already seen 2019-07-31 11:11:05 +02:00