Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
14085 commits 387 branches 198 tags 286 MiB
Commit graph

105 commits

Author SHA1 Message Date
Tim Wojtulewicz
a8fc63e182 Merge remote-tracking branch 'microsoft/master' 
* microsoft/master: (71 commits)
  Clang formatting
  Mask ports before inserting them into the map
  Fix compiler warning from applied patch
  Remove statistics plugin in favor of stats bif
  Add EventHandler version of stats plugin
  Mark a few EventHandler methods const
  Changed implementation from std::map to std::unordered_map of Val.cc
  Removed const, Windows build is now working
  Added fixes suggested in PR
  Update src/packet_analysis/protocol/ip/IP.cc
  Apply suggestions from code review
  Clang format again but now with v13.0.1
  Rewrote usages of define(_MSC_VER) to ifdef _MSC_VER
  Clang format it all
  Fixed initial CR comments
  Add NEWS entry about Windows port
  Add a couple of extra unistd.h includes to fix a build failure
  Use std::chrono instead of gettimeofday
  Update libkqueue submodule [nomail]
  Don't call tokenize_string if the input string is empty
  ...
 2022-11-11 15:23:21 -07:00
Josh Soref
cd201aa24e Spelling src 
These are non-functional changes.

* accounting
* activation
* actual
* added
* addresult
* aggregable
* aligned
* alternatively
* ambiguous
* analysis
* analyzer
* anticlimactic
* apparently
* application
* appropriate
* arithmetic
* assignment
* assigns
* associated
* authentication
* authoritative
* barrier
* boundary
* broccoli
* buffering
* caching
* called
* canonicalized
* capturing
* certificates
* ciphersuite
* columns
* communication
* comparison
* comparisons
* compilation
* component
* concatenating
* concatenation
* connection
* convenience
* correctly
* corresponding
* could
* counting
* data
* declared
* decryption
* defining
* dependent
* deprecated
* detached
* dictionary
* directional
* directly
* directory
* discarding
* disconnecting
* distinguishes
* documentation
* elsewhere
* emitted
* empty
* endianness
* endpoint
* enumerator
* essentially
* evaluated
* everything
* exactly
* execute
* explicit
* expressions
* facilitates
* fiddling
* filesystem
* flag
* flagged
* for
* fragments
* guarantee
* guaranteed
* happen
* happening
* hemisphere
* identifier
* identifies
* identify
* implementation
* implemented
* implementing
* including
* inconsistency
* indeterminate
* indices
* individual
* information
* initial
* initialization
* initialize
* initialized
* initializes
* instantiate
* instantiated
* instantiates
* interface
* internal
* interpreted
* interpreter
* into
* it
* iterators
* length
* likely
* log
* longer
* mainly
* mark
* maximum
* message
* minimum
* module
* must
* name
* namespace
* necessary
* nonexistent
* not
* notifications
* notifier
* number
* objects
* occurred
* operations
* original
* otherwise
* output
* overridden
* override
* overriding
* overwriting
* ownership
* parameters
* particular
* payload
* persistent
* potential
* precision
* preexisting
* preservation
* preserved
* primarily
* probably
* procedure
* proceed
* process
* processed
* processes
* processing
* propagate
* propagated
* prototype
* provides
* publishing
* purposes
* queue
* reached
* reason
* reassem
* reassemble
* reassembler
* recommend
* record
* reduction
* reference
* regularly
* representation
* request
* reserved
* retrieve
* returning
* separate
* should
* shouldn't
* significant
* signing
* simplified
* simultaneously
* single
* somebody
* sources
* specific
* specification
* specified
* specifies
* specify
* statement
* subdirectories
* succeeded
* successful
* successfully
* supplied
* synchronization
* tag
* temporarily
* terminating
* that
* the
* transmitted
* true
* truncated
* try
* understand
* unescaped
* unforwarding
* unknown
* unknowndata
* unspecified
* update
* usually
* which
* wildcard

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-09 12:08:15 -05:00
Tim Wojtulewicz
af947ae000 Add a couple of extra unistd.h includes to fix a build failure 2022-11-09 18:17:11 +02:00
Tim Wojtulewicz
77c555a3a8 Fixing some issues from rebasing 2022-11-09 18:16:13 +02:00
Elad Solomon
3a80b79497 Compile Zeek with MSVC 
Allow Zeek to be embedded in another project
 2022-11-09 18:15:30 +02:00
Tim Wojtulewicz
81357853ed Restore reporting messages for pcap filter issues 2022-10-21 10:50:00 -07:00
Tim Wojtulewicz
5e4db6d0c4 Add column to packet_filter.log for failure reason 2022-10-21 10:50:00 -07:00
Tim Wojtulewicz
82adecb2ad Store error message from BPF compilation 2022-10-21 10:09:56 -07:00
Tim Wojtulewicz
7c4fd382d9 Code modernization: Convert from deprecated C standard library headers 2022-06-27 09:47:31 -07:00
Tim Wojtulewicz
b30d5702f6 Allow pcap pktsrc to use other BPF_Program::Compile method 2022-05-25 09:41:16 -07:00
Tim Wojtulewicz
92b84a00f9 Add command-line option to write unprocessed packets to a file 
This commit also changes the PcapDumper to automatically flush after
every called to Dump(). This is because pcap_dump has an internal buffer
of some sort that only writes to the file after a set amount of bytes.
When using the new option on a low-traffic network, it might be a while
before you see any packets written since it has to overcome that buffer
limit first.
 2021-11-12 09:30:26 -07:00
Tim Wojtulewicz
ceaec09024 GH-693: use pcap_dump_open_append where supported 2021-11-02 17:09:39 -07:00
Tim Wojtulewicz
b6444dce0c Fix issue with broken libpcaps that return repeat packets 
This is apparently a problem with the Myricom version of libpcap, where
instead of returning a null or a zero if no packets are available, it
returns the previous packet. This causes Zeek to improperly parse the
packet and crash. We thought we had fixed this previously with a check
for a null packet but that fix was not enough.
 2021-11-01 09:19:55 -07:00
Tim Wojtulewicz
b2f171ec69 Reformat the world 2021-09-16 15:35:39 -07:00
Jon Siwek
77cf68fda7 Add a check for null packet data in pcap IOSource 
Some libpcaps (observed in Myricom's) may claim to have read a packet,
but either did not really read a packet or at least provide no way
to access its contents, so this adds a check for null-data to
handle those cases.
 2021-04-08 15:09:41 -07:00
Vern Paxson
245108e86e remove unnecessary casts, and change necessary ones to use static_cast<> 2021-03-18 13:24:25 -07:00
Vern Paxson
62bab66114 migration to using new differentiated methods for setting record fields 2021-02-25 16:59:26 -08:00
Jon Siwek
c44cbe1feb Prefix #includes of .bif.h files with zeek/ 
This enables locating the headers within the install-tree using the
dirs provided by `zeek-config --include_dir`.

To enable locating these headers within the build-tree, this change also
creates a 'build/src/include/zeek -> ..' symlink.
 2021-02-02 19:15:05 -08:00
Jon Siwek
8a8a983c49 Add missing zeek/ to header includes 
Related to https://github.com/zeek/zeek/pull/1377
 2021-01-29 19:16:29 -08:00
Tim Wojtulewicz
0618be792f Remove all of the random single-file deprecations 
These are the changes that don't require a ton of changes to other files outside
of the original removal.
 2021-01-27 10:52:40 -07:00
Vern Paxson
7f92a573d2 Remove BroValUnion by hoisting underlying Val subclass values into subclasses 2021-01-14 11:58:59 -07:00
Tim Wojtulewicz
5589484f26 Fix includes of bif.h and _pac.h files to use full paths inside build directory 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Jon Siwek
961532a8f7 Merge remote-tracking branch 'origin/topic/seth/pcap_findalldevs' 
- Minor adjustments to whitespace/formatting

* origin/topic/seth/pcap_findalldevs:
  Finishing changes from code review.
  Update src/iosource/pcap/pcap.bif
  Update src/iosource/pcap/pcap.bif
  Update scripts/base/init-bare.zeek
  Update src/iosource/pcap/pcap.bif
  I accidentally missed a paren
  New bif to wrap pcap_findalldevs
 2020-10-13 10:52:14 -07:00
Seth Hall
92eb7c10da Finishing changes from code review. 2020-10-13 08:35:45 -04:00
Seth Hall
5d6800f6bd
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:57 -04:00
Seth Hall
928faeaad3
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:50 -04:00
Seth Hall
e532991bf2
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:09:58 -04:00
Seth Hall
36d75a0296 I accidentally missed a paren 2020-10-12 12:59:40 -04:00
Seth Hall
7bcbc57401 New bif to wrap pcap_findalldevs 2020-10-12 12:47:23 -04:00
Peter Oettig
b2e6c9ac9a Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
Tim Wojtulewicz
fe0c22c789 Base: Clean up explicit uses of namespaces in places where they're not necessary. 
This commit covers all of the common and base classes.
 2020-08-24 12:07:00 -07:00
Tim Wojtulewicz
0ac3fafe13 Move zeek::net namespace to zeek::run_state namespace. 
This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
4b61d60e80 Fix indentation of namespaced aliases 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
6b60a20360 Move all plugin classes into zeek::plugin::detail namespaces 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
8d2d867a65 Move everything in util.h to zeek::util namespace. 
This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_.
 2020-08-20 16:00:33 -07:00
Tim Wojtulewicz
e7c6d51ae7 Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
be92bd536f Move iosource code to zeek namespaces 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
93948b4d19 Move all of the Packet-related classes to namespaces 2020-07-31 16:23:34 -04:00
Tim Wojtulewicz
45b5a98420 Move EventMgr, EventHandler, and EventRegistry code to zeek namespace. Rename mgr to event_mgr. 2020-07-31 16:23:32 -04:00
Tim Wojtulewicz
bfab224d7c Move Reporter to zeek namespace 2020-07-31 16:22:41 -04:00
Tim Wojtulewicz
86fdf0eaa9 Mark global val_mgr as deprecated and fix uses of it to use namespaced version 2020-07-02 16:15:00 -07:00
Tim Wojtulewicz
d6f1ea16ac Move Func and associated classes into zeek::detail namespace 2020-06-30 20:51:58 -07:00
Tim Wojtulewicz
64332ca22c Move all Val classes to the zeek namespaces 2020-06-30 20:48:09 -07:00
Tim Wojtulewicz
9364e6a5b7 Move IntrusivePtr and utility methods to the zeek namespace 2020-06-30 20:19:12 -07:00
Jon Siwek
6cec268e43 Merge remote-tracking branch 'origin/topic/jsiwek/gh-977-improve-pcap-error-handling' 
* origin/topic/jsiwek/gh-977-improve-pcap-error-handling:
  Compare pcap_next_ex() result to PCAP_ERROR/PCAP_ERROR_BREAK
  GH-977: Improve pcap error handling
  Remove not-useful code in iosource::Manager::OpenPktSrc
 2020-06-11 23:22:19 -07:00
Jon Siwek
65ae4d732a Compare pcap_next_ex() result to PCAP_ERROR/PCAP_ERROR_BREAK 2020-06-11 15:01:06 -07:00
Jon Siwek
2000e2a424 GH-977: Improve pcap error handling 
Switches from pcap_next() to pcap_next_ex() to better handle all error
conditions.  This allows, for example, to have a non-zero exit code for
a Zeek process that fails to fully process all packets in a pcap file.
 2020-06-08 18:11:58 -07:00
Tim Wojtulewicz
7a5dae4354 Mark all of the aliased classes in plugin/Plugin.h deprecated, and fix all of the plugins that were using them 2020-06-03 15:16:18 -07:00
Jon Siwek
0db5c920f2 Deprecate names in BifConst, replace with zeek::BifConst 
Some Val* types are also replaced with IntrusivePtr at the new location
 2020-05-14 17:26:00 -07:00