Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6886 commits 386 branches 195 tags 257 MiB
Commit graph

612 commits

Author SHA1 Message Date
Robin Sommer
0024881f3d Merge remote-tracking branch 'origin/topic/vladg/mysql' 
* origin/topic/vladg/mysql:
  Updating MySQL with Robin's suggestions:

BIT-1285 #merged
 2015-01-14 14:21:00 -08:00
Robin Sommer
41ff1c4cd0 Merge remote-tracking branch 'origin/topic/robin/dnp3-merge-v4' 
* origin/topic/robin/dnp3-merge-v4:
  add test trace in which DNP3 packets are over UDP; update test scripts and baseline results
  A bit more DNP3 tweaking.
  remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
  Renameing the DNP3 TCP analyzer
  quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
  Removing the debug printf in DNP3.cc
  fixed the bug of deciding the size of object 1 varition 1 in DNP3
  Fix some things in DNP3 UDP analyzer.
  changed a bug, but still not working
  modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged

BIT-1231 #merged
 2015-01-14 13:25:42 -08:00
Vlad Grigorescu
2c8a3fce49 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 
Conflicts:
	testing/btest/Baseline/core.print-bpf-filters/output2
	testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
 2015-01-13 14:46:18 -05:00
Vlad Grigorescu
272916c189 Updating MySQL with Robin's suggestions: 
- Use a boolean success instead of a result string
 - Change the affected_rows response detail string to a "rows" count
 - Fix the state tracking to log incomplete commands
 2015-01-13 14:39:25 -05:00
Vlad Grigorescu
05ecac2497 Refactored the SSH analyzer. Added supported for algorithm detection and more key exchange message types. 2015-01-13 12:02:31 -05:00
Johanna Amann
0480f0d811 small changes to ec curve names in a newer draft 2015-01-13 08:38:18 -08:00
Hui Lin
794273913f add test trace in which DNP3 packets are over UDP; update test scripts and baseline results 2015-01-07 15:04:22 -06:00
Vlad Grigorescu
245bd07af7 Add host key support for SSH1. 2015-01-06 21:23:18 -06:00
Vlad Grigorescu
5e206ed108 Add support for SSH1 2015-01-06 20:27:20 -06:00
Vlad Grigorescu
fa98aee0a7 Merge remote-tracking branch 'origin/master' into topic/vladg/ssh 
Conflicts:
	src/analyzer/protocol/CMakeLists.txt
	src/analyzer/protocol/ssh/Plugin.cc
	src/analyzer/protocol/ssh/SSH.h
 2014-12-27 17:22:26 -06:00
Jon Siwek
edaf7edc11 Merge remote-tracking branch 'origin/topic/seth/files-reassembly-and-mime-updates' into topic/jsiwek/file-reassembly-merge 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-12-15 10:33:09 -06:00
Robin Sommer
e8e81043a1 Merge remote-tracking branch 'origin/topic/vladg/mysql' 
* origin/topic/vladg/mysql:
  Update baselines.
  Fix a logic bug with handling quits after the cleanup.
  Integrate MySQL with the software framework
  A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
  Move MySQL analyzer to the new plugin architecture.
  Add a btest for the Wireshark sample MySQL PCAP
  Add support for more commands, and support quit
  Redo the response handling..
  Whitespace/readability fixes.
  Add memleak and auth btests.
  Update baselines.
  Get MySQL to compile and add basic v9 support.
  MySQL analyzer
 2014-11-11 11:49:26 -08:00
Seth Hall
842dfd8b4a Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:40:26 -05:00
Vlad Grigorescu
31baaf6499 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-11-04 13:18:56 -05:00
Vlad Grigorescu
98c33139c5 Merge remote-tracking branch 'origin/master' into topic/vladg/smb 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-04 13:17:18 -05:00
Vlad Grigorescu
0bd45d54c8 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 2014-11-04 13:12:12 -05:00
Johanna Amann
705989da39 add new curves from draft-ietf-tls-negotiated-ff-dhe 2014-11-01 19:37:27 -07:00
Vlad Grigorescu
c601ebccb8 Fix a logic bug with handling quits after the cleanup. 2014-10-31 16:24:48 -04:00
Vlad Grigorescu
e2ad93c543 A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit 2014-10-31 12:08:13 -04:00
Vlad Grigorescu
e6d6ba6ec6 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:56:07 -04:00
Vlad Grigorescu
b259a41ef2 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:24:31 -04:00
Robin Sommer
2002fd7f90 Merge remote-tracking branch 'origin/topic/johanna/ssl-resumption' 
* origin/topic/johanna/ssl-resumption:
  Update baseline of new SSL policy script for changes
  update test baselines
  Mark everything below 2048 bit as a weak key (Browsers will stop accepting 1024 bits soon, so we can be of that opinion too).
  add information about server chosen protocol to ssl.log, if provided by alpn.
  change SSL log to contain a boolean flag signaling if a session was resumed instead of the (usually not really that useful) session ID the client sent.

BIT-1279 #merged
 2014-10-21 13:44:46 -07:00
Johanna Amann
ba3b35a612 Merge remote-tracking branch 'origin/master' into topic/johanna/ssl-resumption 2014-10-21 11:32:46 -07:00
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Vlad Grigorescu
c4eb7e2377 Add support for TRANSACTION subcommands. 2014-10-08 18:01:55 -04:00
Vlad Grigorescu
10db1b552d Add username tracking 2014-10-08 17:23:20 -04:00
Vlad Grigorescu
f38a580c8c Add support for transaction2 Find_First2. 2014-10-08 16:29:51 -04:00
Vlad Grigorescu
261f6e8c45 Fix a segfault, and add script-level support for some more commands. 2014-10-08 12:06:33 -04:00
Vlad Grigorescu
e9c398a41c Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/vladg/smb 2014-10-08 10:54:56 -04:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Johanna Amann
470d868558 new ssl extension type from iana and a few other ssl const changes. 2014-09-28 14:29:12 +02:00
Seth Hall
e4ca588127 Does the initial effort to add the SMB2 SetInfo command and better handle file lengths. 2014-09-27 03:11:01 -04:00
Seth Hall
cafd35e746 Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
Vlad Grigorescu
6ee2ec666f Merge remote-tracking branch 'origin/master' into topic/vladg/smb 
Conflicts:
	src/analyzer/protocol/smb/Plugin.cc
 2014-09-24 18:38:43 -04:00
Vlad Grigorescu
51373b0592 SSH: Misc. updates to the new analyzer. 2014-09-02 00:15:32 -04:00
Vlad Grigorescu
0a50688afc Move auth method detection into script-land, to make it easier to change. 2014-08-28 18:23:30 -04:00
Vlad Grigorescu
214e6b3ea9 Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes. 2014-08-26 22:26:42 -04:00
Hui Lin
81606e7ff4 Renameing the DNP3 TCP analyzer 2014-08-25 10:33:28 -05:00
Vlad Grigorescu
f93f2af748 Merge tag 'v2.3' into topic/vladg/sip 
Version tag

Conflicts:
	scripts/base/init-default.bro
 2014-08-22 19:25:43 -04:00
Hui Lin
fb21236661 quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header 2014-08-16 11:01:30 -05:00
Vlad Grigorescu
250360eb55 Add support for more commands, and support quit 2014-08-08 13:53:16 -05:00
Vlad Grigorescu
1ceeafcb32 Redo the response handling.. 2014-08-08 13:46:12 -05:00
Jon Siwek
b83d4a9c84 Fix some things in DNP3 UDP analyzer. 
- DeliverPacket override had a wrong parameter.
- Change the DNP3 plugin to provide both UDP and TCP analyzer versions.
- Add a DPD signature.
 2014-08-06 15:41:53 -05:00
Johanna Amann
14d265482a add information about server chosen protocol to ssl.log, if provided by alpn. 
This is e.g. used to negotiate spdy or http/2
 2014-08-04 22:16:09 -07:00
Johanna Amann
026233d1f2 change SSL log to contain a boolean flag signaling if a session was resumed 
instead of the (usually not really that useful) session ID the client sent.
 2014-08-04 11:15:42 -07:00
Johanna Amann
fe60d5e9dd Split dhcp log writing from record creation. 
This allows users to customize dhcp.log by changing the record in their own
dhcp_ack event.
 2014-08-01 11:07:32 -07:00
Vlad Grigorescu
ca55d203cb Kerberos analyzer 2014-07-24 21:55:41 -04:00
Vlad Grigorescu
6a34de5dd8 SMB & NTLM analyzers. 2014-07-24 21:46:38 -04:00
Vlad Grigorescu
101d340b18 MySQL analyzer 2014-07-24 15:52:42 -04:00