Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
13262 commits 388 branches 195 tags 264 MiB
Commit graph

3882 commits

Author SHA1 Message Date
Robin Sommer
2be985433c Test-suite passes. 
All tests pass with one exception: some Broxygen tests are broken
because dpd_config doesn't exist anymore. Need to update the mechanism
for auto-documenting well-known ports.
 2013-03-26 15:40:23 -07:00
Jon Siwek
497496ec83 FileAnalysis: replace script-layer SMTP file analysis. 
Notable differences:

- Removed SMTP::MD5 notice.

- Removed ability to specify mime entity excerpt length per mime-type.
 2013-03-26 15:48:52 -05:00
Jon Siwek
84a0c2fdac FileAnalysis: file handles now set from events. 
Versus from synchronous function calls, which doesn't work well because
the function call can see a script-layer state that doesn't reflect
the state as it will be in terms of the event/network stream.
 2013-03-25 15:37:58 -05:00
Bernhard Amann
b05eef6541 Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog 
Conflicts:
	src/bro.bif
 2013-03-25 08:39:52 -07:00
Scott Runnels
a4998f3780 Typo fix and baselines for hooking the log framework. 2013-03-24 22:01:08 -04:00
Scott Runnels
e755bf1b54 Hooking into the Logging Framework. 2013-03-24 21:58:28 -04:00
Yun Zheng Hu
9a88dc500a Added reverse() function to strings.bif. 
Closes #969.
 2013-03-23 08:39:04 -07:00
Jon Siwek
00a1de3593 FileAnalysis: refactor unit tests to use a common script. 2013-03-22 17:27:16 -05:00
Jon Siwek
71f0e2d276 FileAnalysis: replace script-layer http file analysis. 
Other misc:

- Remove HTTP::MD5 notice.

- Add "last_active" field to FileAnalysis::Info record.

- Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record
  with just a "conns" fields containing full connection records.

- The http-methods unit test is failing now, but I think it will be
  fixed once I change the file handle callback mechanism to use events
  instead.
 2013-03-22 16:14:06 -05:00
Robin Sommer
4255205026 Merge remote-tracking branch 'origin/topic/jsiwek/table-init-record-idx' 
Closes #660.

* origin/topic/jsiwek/table-init-record-idx:
  Fix record constructors in table initializer indices.  Addresses #660.
 2013-03-22 12:11:29 -07:00
Seth Hall
4e99d3a606 Add support for 802.1ah (Q-in-Q). 2013-03-22 12:38:43 -04:00
Jon Siwek
7034785810 FileAnalysis: add logging, file_analysis.log. 2013-03-20 13:31:11 -05:00
Jon Siwek
1ef7465e30 FileAnalysis: add more unit tests. 2013-03-20 12:47:45 -05:00
Jon Siwek
661677d452 FileAnalysis: separating IRC/FTP data analyzers. 
It simplifies the file handle string callbacks.
 2013-03-20 11:12:06 -05:00
Scott Runnels
44892cd78d Split logging via Filters in the Logging Framework. 2013-03-20 00:02:20 -04:00
Scott Runnels
b4a92432e3 Changes to framework_logging_factorial_02.bro to make the call to Log::create_stream() more distinct. 2013-03-19 23:28:48 -04:00
Jon Siwek
59ed5c75f1 FileAnalysis: add unit tests covering current protocol integration. 
And had to make various fixes/refinements after scrutinizing results.
 2013-03-19 15:50:05 -05:00
Bernhard Amann
8875953751 A bunch of more changes for the raw reader 
* send end_of_data event for all kind of streams
* send process_finished event containing exit code of child process for executed programs
* move raw-tests to separate directory
* expose name of input stream to readers
* better handling of some error cases in raw reader
* new force_kill option for raw reader which SIGKILLs progesses on exit

The ordering of events how they arrive in the main loop is a bit peculiar at the moment.
The process_finished event arrives in scriptland before all of the other events, even though
it should be sent last. I have not yet fully figured that out.
 2013-03-18 21:49:16 -07:00
Scott Runnels
9ae8487844 Logging Framework (contrived) example: Logging factorials. 2013-03-18 23:44:36 -04:00
Scott Runnels
940910768b Start on Logging Framework. 2013-03-18 23:23:43 -04:00
Bernhard Amann
f1c91f02ce Merge remote-tracking branch 'origin/master' into topic/bernhard/input-update 2013-03-18 19:16:47 -07:00
Jon Siwek
b30211c178 FileAnalysis: fix unit tests. 2013-03-18 12:29:41 -05:00
Jon Siwek
294570ec2e Merge branch 'master' into topic/jsiwek/file-analysis 2013-03-18 11:48:05 -05:00
Robin Sommer
f412a00ada Adding a test for extract-certs-pem.pem. 2013-03-17 13:06:24 -07:00
Robin Sommer
d58a02aa01 Merge remote-tracking branch 'origin/topic/bernhard/base64' 
* origin/topic/bernhard/base64:
  and re-enable caching of extracted certs
  and add bae64 bif tests.
  re-unify classes
  and modernize script.
  add base64-encode functionality and bif.

Closes #965.
 2013-03-17 13:00:52 -07:00
Bernhard Amann
6fef99ee03 make reading from stdout and stderr simultaneously work. 
Needs a few test-cases - but seems ok...
 2013-03-16 09:54:48 -07:00
Bernhard Amann
3aeec7ec14 allow sending data to stdin of child process 2013-03-15 15:47:20 -07:00
Bernhard Amann
fc42c71dfa Streaming reads from external commands work without blocking anything. 2013-03-15 13:58:41 -07:00
Seth Hall
5734f9ef71 Merge remote-tracking branch 'origin/master' into topic/seth/software-version-updates2 2013-03-14 09:21:13 -04:00
Seth Hall
09cbaa7ccc Merge remote-tracking branch 'origin/master' into topic/seth/metrics-merge 
Conflicts:
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
	testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
	testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log
 2013-03-13 00:26:55 -04:00
Bernhard Amann
a5161783ef and add bae64 bif tests. 2013-03-12 09:33:49 -07:00
Bernhard Amann
fdc8de7596 add sqlite tests and fix small vector/set escaping bugs 2013-03-11 14:22:35 -07:00
Bernhard Amann
8cb91de93a Merge remote-tracking branch 'origin/master' into topic/bernhard/sqlite 
Conflicts:
	src/threading/AsciiFormatter.cc
 2013-03-11 11:47:10 -07:00
Jon Siwek
1f6cac9b6d Merge branch 'master' into topic/jsiwek/file-analysis 2013-03-11 13:20:45 -05:00
Scott Runnels
5249a30c46 Expanding on records, including two simple examples. 2013-03-11 00:19:23 -04:00
Scott Runnels
d41883fb91 Merge remote-tracking branch 'origin/master' into topic/documentation 
Conflicts:
	doc/index.rst
 2013-03-11 00:17:58 -04:00
Bernhard Amann
1fb05da9cd Fix race-condition in table-event test. 
Event depended on the input manager receiving all lines from the reader
before the first input event was processed by the scripting layer.
 2013-03-07 20:28:18 -08:00
Robin Sommer
f830ed3edf s/bro-ids.org/bro.org/g 2013-03-07 19:33:04 -08:00
Jon Siwek
2293443ea0 Fix function type-equivalence requiring same param names, addresses #957 2013-03-07 13:02:33 -06:00
Scott Runnels
2f54d584e7 Merge remote-tracking branch 'origin/master' into topic/documentation 2013-03-07 13:25:47 -05:00
Jon Siwek
589952f4d9 Merge branch 'master' into topic/jsiwek/file-analysis 
Conflicts:
	src/FileAnalyzer.cc
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-03-07 11:06:00 -06:00
Robin Sommer
8a6d68e00f Merge remote-tracking branch 'origin/topic/bernhard/remove-length' 
Closes #955.

* origin/topic/bernhard/remove-length:
  forgot to remove the baselines for the now unnecessary bifs
  remove the byte_len and length bifs
 2013-03-06 16:46:20 -08:00
Robin Sommer
1bd2f26df3 Merge remote-tracking branch 'origin/topic/seth/notice-framework-updates' 
So much nicer!

Closes #954.

* origin/topic/seth/notice-framework-updates:
  Update notice framework documentation to represent the new reality.
  Complete removal of the old table based notice policy mechanism.
  Updates for the notices framework.
 2013-03-06 16:45:30 -08:00
Robin Sommer
9f99a4a942 Merge remote-tracking branch 'origin/topic/jsiwek/local-container-init' 
Closes #952.

* origin/topic/jsiwek/local-container-init:
  Fix init of local sets/vectors via curly brace initializer lists.
 2013-03-06 15:11:10 -08:00
Robin Sommer
d931079021 Merge remote-tracking branch 'origin/topic/jsiwek/ticket946' 
Closes #946.

* origin/topic/jsiwek/ticket946:
  Fix memory leaks resulting from 'when' and 'return when' statements.
  Fix three bugs with 'when' and 'return when' statements. Addresses #946
 2013-03-06 15:09:24 -08:00
Bernhard Amann
a005d77369 forgot to remove the baselines for the now unnecessary bifs 2013-03-06 14:14:55 -08:00
Bernhard Amann
986b346e3f remove the byte_len and length bifs 2013-03-06 13:45:42 -08:00
Jon Siwek
c88babf6ef Fix init of local sets/vectors via curly brace initializer lists. 2013-03-01 16:42:16 -06:00
Scott Runnels
b53f701ffe Added documentation for the pattern data type as well as btests for time, interval, and pattern. 2013-02-25 01:12:07 -05:00
Jon Siwek
d158c7ffdf Fix memory leaks resulting from 'when' and 'return when' statements. 
Addresses #946.
 2013-02-19 16:19:16 -06:00