Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
8355 commits 386 branches 195 tags 257 MiB
Commit graph

27 commits

Author SHA1 Message Date
Jon Siwek
a262ed8d9c Merge branch 'master' of https://github.com/rdenniston/zeek 
* 'master' of https://github.com/rdenniston/zeek:
  Add linux netfilter NFLOG capture functionality initial commit

I made modifications:

  - Formatting / code style

  - More error handling and validity checks

  - The Type and Length value of TLVs is technically host order

  - Changed / fixed the Length value padding check: it's generally
    32-bit alignment, not just aligning any TLV less than 8 bytes.
 2019-03-19 19:19:02 -07:00
Ryan Denniston
5262237c3b Add linux netfilter NFLOG capture functionality initial commit 
modified GetLinkHeaderSize to support link type
   modified ProcessLayer2 to support NFLOG packets
   expecting out of the box support from libpcap

hacking my way around bpf, bpf is not supported in libpcap (would be easy to implement) but at the moment, throw a warn if applying a filter and short circuit bpf code.

want to ensure this works... commenting out error states.

Fixed SetFilter to properly detect m_matches_anything, which is used by the DLT_NFLOG type to short circuit bpf filters.

Added NFLOG parsing to zeek source, added m_matches_anything flag check for bpf functionality (NFLOG is bpf incompatible, but shouldn't be)
 2019-02-12 13:23:50 -08:00
Jon Siwek
2982765128 Pre-allocate and re-use Vals for bool, int, count, enum and empty string 2019-01-09 18:29:23 -06:00
Jon Siwek
1be7ac509c Add 'fallthrough' comment to a switch/case block 2018-10-04 11:28:56 -05:00
Damani Wade
3710ff936f Add Cisco FabricPath support 2018-07-27 16:00:54 -05:00
Jon Siwek
ad9abd4c9b BIT-1950: support PPPoE over QinQ 2018-07-06 08:04:02 -05:00
Pierre LALET
30c28da046 Support 802.11 monitor mode 2018-05-15 14:08:48 +02:00
Daniel Thayer
e198fba2d9 Fix a build failure on OpenBSD 
The definition of a "struct pcap_pkthdr" on OpenBSD contains a member
of type "struct bpf_timeval" instead of "struct timeval" used on other
systems.

Also, on OpenBSD the header netinet/if_ether.h does not #include
net/if_arp.h as it does on other systems.
 2016-11-29 14:20:43 -06:00
Robin Sommer
e69f7f85d1 Merge branch 'topic/jgras/802-11-header' of https://github.com/J-Gras/bro 
Added one more range check.
 2016-06-14 17:31:08 -07:00
Jan Grashoefer
75849f8fe2 Improved handling of 802.11 headers. 
Frame types except data and frames subtypes without payload are skipped.
Header length is determined based on presence of QoS and flags
indicating the use of the 4th address field. Handling of aggregated
MSDUs is explicitly prevented.
 2016-06-14 17:52:34 +02:00
Robin Sommer
cfe9ba28dd Guarding against reading beyond packet data when accessing L2 address 
in Radiotap header.

This is temporary until we clean up the preceding length check.
 2016-06-07 15:59:02 -07:00
Robin Sommer
d59bb2e9d1 Merge branch 'topic/jgras/mac-logging' of https://github.com/J-Gras/bro 
Thanks! I've tweaked this a bit further, have a look.

BIT-1613 #merged
 2016-06-06 17:59:34 -07:00
Jan Grashoefer
50cf694aae Moved link-layer addresses into endpoints. 
The link-layer addresses are now part of the connection endpoints
following the originator-responder-pattern. The addresses are printed
with leading zeros. Additionally link-layer addresses are also extracted
for 802.11 plus RadioTap.
 2016-06-02 01:46:26 +02:00
Robin Sommer
57aef6d49f Add MAC addresses to connection record. 
c$eth_src and c$eth_dst now contain the Ethernet address if available.
A new script protocols/conn/mac-logging.bro adds these to conn.log
when loaded.
 2016-05-29 17:18:47 -07:00
Jan Grashoefer
c0bf1b3c67 Added get_current_packet_header bif. 2016-04-20 00:00:47 +02:00
Johanna Amann
072a3fa28d Merge remote-tracking branch 'origin/topic/seth/radiotap' 
BIT-1526 #merged

* origin/topic/seth/radiotap:
  Improved Radiotap support and a test.
  Fixed RadioTap support (still "Works for Me")
  Initial commit of RadioTap encapsulation support)
 2016-01-20 17:45:25 -08:00
Seth Hall
88f2a066ce Improved Radiotap support and a test. 
Radiotap support should be fully functional now with Radiotap
packets that include IPv4 and IPv6.  Other radiotap packets are
silently ignored.  This includes a test which has 802.11 headers
both with and without QoS data.
 2016-01-19 04:10:44 -05:00
Seth Hall
1d94eadd36 Fixed RadioTap support (still "Works for Me") 2015-10-17 03:09:12 -04:00
Seth Hall
d6c89ae022 Merge branch 'master' into topic/seth/radiotap 
# Conflicts:
#	src/iosource/PktSrc.cc
 2015-10-16 16:59:23 -04:00
Robin Sommer
0494a6d882 Merge remote-tracking branch 'origin/topic/johanna/bit-1463' 
* origin/topic/johanna/bit-1463:
  Refactor oob tests using different approach.
  Add a number of out_of_bound checks to Packet.cc

BIT-1463 #merged
 2015-08-31 14:35:49 -07:00
Johanna Amann
8763e1a485 Refactor oob tests using different approach. 2015-08-31 13:45:00 -07:00
Johanna Amann
fd6f9e470f Add a number of out_of_bound checks to Packet.cc 
Mostly this verifies that we actually have the full headers that we are
trying to read in a packet.

Addresses BIT-1463
 2015-08-31 13:09:18 -07:00
Robin Sommer
8fc44e7e86 CID 1312751: Removing redundant assignment. 2015-08-07 13:10:08 -07:00
Robin Sommer
fb848f795d Merge branch 'master' of https://github.com/aaronmbr/bro 
* 'master' of https://github.com/aaronmbr/bro:
  Copy-paste issue
  Allow for logging of the VLAN data about a connection in conn.log
  Save the inner vlan in the Packet object for Q-in-Q setups
 2015-07-23 13:05:28 -07:00
Aaron Brown
d76c7a2657 Save the inner vlan in the Packet object for Q-in-Q setups 2015-07-22 12:52:10 -04:00
Robin Sommer
f97b2b180c Moving the remaining code from Layer2.* into Packet.* and documenting 
the Packet API.

Plus, some more cleanup, including removing a legacy option
time_machine_profiling.
 2015-07-21 08:30:23 -07:00
Robin Sommer
f69edd1437 Adding missing files. 2015-07-20 16:49:03 -07:00