Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
13262 commits 388 branches 195 tags 269 MiB
Commit graph

13262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matthias Vallentin
22afbe42dd A number of tweaks of the serialization code. 2013-06-10 20:15:13 -07:00
Matthias Vallentin
4c21576c12 Add Bloomfilter serialization test code. 2013-06-10 20:14:34 -07:00
Jon Siwek
f84a661fa4 Merge branch 'master' into topic/jsiwek/faf-cleanup 2013-06-10 15:52:55 -05:00
Jon Siwek
7c7b6214a6 Move file analyzers to new plugin infrastructure. 2013-06-10 15:50:18 -05:00
Matthias Vallentin
d25984ba45 Update baseline for unit tests. 2013-06-10 12:55:03 -07:00
Matthias Vallentin
c638105538 Document max parameter in bloomfilter_init. 2013-06-10 12:51:41 -07:00
Bernhard Amann
ebb7af1483 this event handler fails the unused-event-handlers test because 
it is a bit of a special case.

It is only called via the SendEvent function from a reader. The reader
does (at least with the current interface) however not provide
the function pointer, but looks up the name of the event dynamically.

Hence, internal_handler is never called for the event.

Even if resolving the event in the reader, e.g. in an initialization
function, this would not solve the issue - the initialization function
is only called when the first Raw reader is initialized - and in the
base configuration the raw reader will never be used (hence, internal_handler
also won't be called).

Calling it once in the manager seems like a really dirty hack. So - now
it is the second exception in the testcase, unless anyone has a better
idea :)
 2013-06-09 16:18:17 -04:00
Bernhard Amann
655187a4f4 ...and fix the event ordering issue. Dispatch != QueueEvent 2013-06-09 08:43:17 -04:00
Bernhard Amann
3517c0ba99 add Terminate to input framework to prevent potential shutdown race-conditions. 2013-06-09 08:27:08 -04:00
Bernhard Amann
a32bb59770 fix warning. 
Update baseline of stderr test to what it should be. There still is
a message ordering issue there (which is the last issue in the new
Raw reader I know of).

One message that sidesteps a bit of the usual processing does
not always arrive at the correct time (meaning it pops up from the
event queue too early). Even though it sidesteps a bit of the usual
processing that should not happen in my opinion (which clearly
does not matter). And I have not yet fully grasped how this can happen.
 2013-06-08 05:57:56 -07:00
Bernhard Amann
b39bffd9aa Merge remote-tracking branch 'origin/master' into topic/bernhard/input-update 2013-06-08 05:43:21 -07:00
Robin Sommer
f811e669ff Fixing typo that could cause an assertion to falsely trigger. 2013-06-07 17:29:39 -07:00
Robin Sommer
5487258b03 Updating submodule(s). 
[nomail]
 2013-06-07 16:37:53 -07:00
Robin Sommer
1302da10cd Fix for CMake 2.6.x. 2013-06-07 16:28:27 -07:00
Jon Siwek
f2574636b6 Merge branch 'master' into topic/jsiwek/faf-cleanup 
Conflicts:
	scripts/base/protocols/ftp/file-analysis.bro
	scripts/base/protocols/http/file-analysis.bro
	scripts/base/protocols/irc/file-analysis.bro
	scripts/base/protocols/smtp/file-analysis.bro
	src/file_analysis/File.cc
	src/file_analysis/File.h
	src/file_analysis/Manager.cc
	src/file_analysis/Manager.h
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/file_analysis.log
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-0.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-1.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-2.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-3.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7-1.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4-0.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38-2.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk-3.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk.dat
	testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp.log
	testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3-0.dat
	testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3.dat
	testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item.dat
	testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log
	testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb-0.dat
	testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb.dat
	testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item.dat
	testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-0.dat
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-1.dat
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3-1.dat
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3.dat
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb-0.dat
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb.dat
	testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log
	testing/btest/scripts/base/protocols/ftp/ftp-extract.bro
	testing/btest/scripts/base/protocols/http/http-extract-files.bro
	testing/btest/scripts/base/protocols/irc/dcc-extract.test
	testing/btest/scripts/base/protocols/smtp/mime-extract.test
 2013-06-07 15:44:36 -05:00
Jon Siwek
e56a17102e Teach broxygen to generate protocol analyzer plugin reference. 2013-06-07 13:21:18 -05:00
Jon Siwek
eee16e1177 const adjustments 2013-06-07 13:19:36 -05:00
Robin Sommer
b426040ccf Merge remote-tracking branch 'origin/topic/matthias/h3-dtor-fix' 
* origin/topic/matthias/h3-dtor-fix:
  Remove invalid free on non-allocated pointer.

Closes #1018.
 2013-06-07 08:38:58 -07:00
Matthias Vallentin
f2d536d2da Add missing initializations. 2013-06-06 15:22:04 -07:00
Matthias Vallentin
86becdd6e4 Add tests. 2013-06-06 15:08:24 -07:00
Matthias Vallentin
e15f03d980 Cleanup BiFs. 2013-06-06 15:02:11 -07:00
Matthias Vallentin
0d299eca57 Correct computation of k hash functions. 2013-06-06 14:54:25 -07:00
Matthias Vallentin
289192623e Merge remote-tracking branch 'origin/topic/matthias/h3-dtor-fix' into topic/matthias/bloom-filter 
Conflicts:
	src/CMakeLists.txt
 2013-06-06 14:08:04 -07:00
Matthias Vallentin
fde081c30f Remove invalid free on non-allocated pointer. 
The byte_lookup member is a fixed-size 2D array and should not be freed in the
destructor.

Fixes #1018.
 2013-06-06 13:51:28 -07:00
Matthias Vallentin
fcf1807fc8 Fix hasher usage and narrow interface. 2013-06-06 13:39:00 -07:00
Matthias Vallentin
7ce986e31f Fix modding. 2013-06-06 13:21:27 -07:00
Matthias Vallentin
f211b856c9 Catch invalid values of the false-positive rate. 2013-06-06 13:13:36 -07:00
Matthias Vallentin
012e09c5c4 Small fixes and simplifications. 2013-06-06 12:56:46 -07:00
Robin Sommer
203df4fa6b Merge remote-tracking branch 'origin/topic/jsiwek/869' 
* origin/topic/jsiwek/869:
  Change @PATH to @DIR for clarity.  Add @FILENAME.  Addresses #869.
  Make @PATH always return absolute path.  Addresses #869.
  Add @PATH bro script macro.  Addresses #869.

Closes #869.
 2013-06-06 12:42:18 -07:00
Matthias Vallentin
d5126a1339 Fix some BiF issues. 2013-06-05 17:45:10 -07:00
Matthias Vallentin
3d97642131 Add Bloom filter BiFs. 2013-06-05 16:26:16 -07:00
Matthias Vallentin
880d02f720 Associate a Comphash with a BloomFilterVal. 
We also keep track of the Bloom filter's element type inside each value. The
first use of the BiF bloomfilter_add will "typify" the Bloom filter and lock
the Bloom filter's type to the element type.
 2013-06-05 16:25:48 -07:00
Jon Siwek
022ce2505f Change @PATH to @DIR for clarity. Add @FILENAME. Addresses #869. 
@DIR expands to directory path of the script, @FILENAME expands to just
the script file name without path.
 2013-06-05 11:01:11 -05:00
Robin Sommer
1dfaf24945 Updating submodule(s). 
[nomail]
 2013-06-05 08:00:01 -07:00
Robin Sommer
74e99a27db Ignoring file ids in external tests. 
They can change occasionally, and we likewise ignore uids already.
 2013-06-04 21:23:50 -07:00
Robin Sommer
da3eb2d3e2 Merge remote-tracking branch 'origin/topic/robin/plugins' 2013-06-04 20:58:16 -07:00
Robin Sommer
cf9d65932c Redoing the plugin versioning. 
We now explicitly mark plugins as static vs dynamic (though we don't
have the latter yet) instead of piggy-backing that on the version.
Also, versions are now ignored for static plugins.
 2013-06-04 20:43:20 -07:00
Matthias Vallentin
751cf61293 Add more serialization implementation. 2013-06-04 15:30:27 -07:00
Matthias Vallentin
a5572dd66f Write CounterVector implementation scaffold. 2013-06-04 14:31:39 -07:00
Matthias Vallentin
d3297dd6f3 Adhere to Bro coding style. 2013-06-04 14:00:23 -07:00
Jon Siwek
7e8b504305 Make @PATH always return absolute path. Addresses #869. 2013-06-04 14:16:56 -05:00
Jon Siwek
307fc187c0 Add @PATH bro script macro. Addresses #869. 
The macro expands to a string value containing the file system path
in which the script lives.
 2013-06-04 10:53:10 -05:00
Matthias Vallentin
f708cd4a36 Work on parameter estimation and serialization. 2013-06-03 22:55:21 -07:00
Robin Sommer
433c85540c Merge remote-tracking branch 'origin/topic/jsiwek/plugins-cleanup' into topic/robin/plugins 
Adding one todo back in as that's something we indeed still need to do.

* origin/topic/jsiwek/plugins-cleanup:
  Fix various documentation/typos; remove a few superfluous things.
 2013-06-03 20:16:19 -07:00
Robin Sommer
a5cb605b1d Fixing test that was accidentally broken. 2013-06-03 20:10:48 -07:00
Jon Siwek
a5e1810aa8 Fix various documentation/typos; remove a few superfluous things. 2013-06-03 16:03:25 -05:00
Matthias Vallentin
f529df33e0 Stabilize Bloom filter interface. 2013-06-03 14:00:28 -07:00
Seth Hall
caf61f619b Merge remote-tracking branch 'origin/topic/jsiwek/faf-cleanup' into topic/seth/faf-updates 2013-06-03 10:51:55 -04:00
Seth Hall
190f98f8a9 Beginning some rework. 2013-06-03 10:51:53 -04:00
Robin Sommer
4494643296 Fix a compiler warning. 2013-06-02 20:13:51 -07:00