Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
13262 commits 387 branches 195 tags 267 MiB
Commit graph

13262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Scott Runnels
5249a30c46 Expanding on records, including two simple examples. 2013-03-11 00:19:23 -04:00
Scott Runnels
d41883fb91 Merge remote-tracking branch 'origin/master' into topic/documentation 
Conflicts:
	doc/index.rst
 2013-03-11 00:17:58 -04:00
Robin Sommer
0075973249 Updating submodule(s). 
[nomail]
 2013-03-08 09:41:35 -08:00
Robin Sommer
f193fc25f6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix race-condition in table-event test.
 2013-03-08 09:19:04 -08:00
Bernhard Amann
1fb05da9cd Fix race-condition in table-event test. 
Event depended on the input manager receiving all lines from the reader
before the first input event was processed by the scripting layer.
 2013-03-07 20:28:18 -08:00
Robin Sommer
74a529d937 Updating submodule(s). 
[nomail]
 2013-03-07 19:33:19 -08:00
Robin Sommer
f830ed3edf s/bro-ids.org/bro.org/g 2013-03-07 19:33:04 -08:00
Robin Sommer
d3bf552a63 Merge remote-tracking branch 'origin/topic/jsiwek/ticket-957' 
* origin/topic/jsiwek/ticket-957:
  Fix function type-equivalence requiring same param names, addresses #957

Closes #957.
 2013-03-07 13:31:55 -08:00
Robin Sommer
3cd3e26154 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix new[]/delete mismatch in RE.cc reported by jbaines, addresses #958.
  Fix compiler warnings.
 2013-03-07 13:28:35 -08:00
Jon Siwek
7e4963b22c Fix new[]/delete mismatch in RE.cc reported by jbaines, addresses #958. 2013-03-07 14:44:01 -06:00
Jon Siwek
f4d59f8137 Fix compiler warnings. 2013-03-07 14:41:18 -06:00
Jon Siwek
2293443ea0 Fix function type-equivalence requiring same param names, addresses #957 2013-03-07 13:02:33 -06:00
Scott Runnels
2f54d584e7 Merge remote-tracking branch 'origin/master' into topic/documentation 2013-03-07 13:25:47 -05:00
Jon Siwek
589952f4d9 Merge branch 'master' into topic/jsiwek/file-analysis 
Conflicts:
	src/FileAnalyzer.cc
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-03-07 11:06:00 -06:00
Robin Sommer
8ee4382721 Updating submodule(s). 
[nomail]
 2013-03-06 18:32:43 -08:00
Robin Sommer
a4e40bb402 Merge remote-tracking branch 'origin/topic/bernhard/vector-assignment' 
Closes #956.

* origin/topic/bernhard/vector-assignment:
  change vector assignment operator and remove unnecessary argument (expr)
 2013-03-06 16:50:53 -08:00
Robin Sommer
8a6d68e00f Merge remote-tracking branch 'origin/topic/bernhard/remove-length' 
Closes #955.

* origin/topic/bernhard/remove-length:
  forgot to remove the baselines for the now unnecessary bifs
  remove the byte_len and length bifs
 2013-03-06 16:46:20 -08:00
Robin Sommer
1bd2f26df3 Merge remote-tracking branch 'origin/topic/seth/notice-framework-updates' 
So much nicer!

Closes #954.

* origin/topic/seth/notice-framework-updates:
  Update notice framework documentation to represent the new reality.
  Complete removal of the old table based notice policy mechanism.
  Updates for the notices framework.
 2013-03-06 16:45:30 -08:00
Robin Sommer
9f99a4a942 Merge remote-tracking branch 'origin/topic/jsiwek/local-container-init' 
Closes #952.

* origin/topic/jsiwek/local-container-init:
  Fix init of local sets/vectors via curly brace initializer lists.
 2013-03-06 15:11:10 -08:00
Robin Sommer
d931079021 Merge remote-tracking branch 'origin/topic/jsiwek/ticket946' 
Closes #946.

* origin/topic/jsiwek/ticket946:
  Fix memory leaks resulting from 'when' and 'return when' statements.
  Fix three bugs with 'when' and 'return when' statements. Addresses #946
 2013-03-06 15:09:24 -08:00
Robin Sommer
a15b630cac Merge remote-tracking branch 'origin/topic/jsiwek/gtp-enhancements' 
* origin/topic/jsiwek/gtp-enhancements:
  Add parsing for GTPv1 extension headers and control messages.
 2013-03-06 15:00:45 -08:00
Robin Sommer
c13eae3253 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix possible null pointer dereference in identify_data BIF.
  Fix build on OpenBSD 5.2.
 2013-03-06 14:54:50 -08:00
Bernhard Amann
a005d77369 forgot to remove the baselines for the now unnecessary bifs 2013-03-06 14:14:55 -08:00
Bernhard Amann
8f259f866d change vector assignment operator and remove unnecessary argument (expr) 2013-03-06 14:08:06 -08:00
Bernhard Amann
986b346e3f remove the byte_len and length bifs 2013-03-06 13:45:42 -08:00
Bernhard Amann
cfada61672 and modernize script. 
thanks Seth.
 2013-03-06 13:30:13 -08:00
Jon Siwek
00b2d34a8e FileAnalysis: add binary input reader and BIFs for sending in data. 
This allows the input framework to feed files in to Bro for analysis.
 2013-03-06 12:59:54 -06:00
Seth Hall
e56a33b6c5 Update notice framework documentation to represent the new reality. 2013-03-06 10:04:50 -05:00
Seth Hall
00eeadf2f5 Complete removal of the old table based notice policy mechanism. 2013-03-06 09:44:25 -05:00
Bernhard Amann
5e8e12182a add base64-encode functionality and bif. 
This allows replacing an ugly openssl-call from one of
the policy scripts. The openssl call is now replaced with
a still-but-less-ugly call to base64_encode.

I do not know if I split the Base64 classes in a "smart" way... :)
 2013-03-05 16:05:07 -08:00
Jon Siwek
c330b46128 FileAnalysis: add libmagic file type detection. 2013-03-04 16:20:10 -06:00
Jon Siwek
c88babf6ef Fix init of local sets/vectors via curly brace initializer lists. 2013-03-01 16:42:16 -06:00
Scott Runnels
78c81a59e0 Started in on describing records. 2013-03-01 15:55:38 -05:00
Jon Siwek
9425c2508f Change semantics of FileAnalysis::stop BIF to internally mean "ignore". 
The manager has to remember that the file is being ignored until either
EOF or timeout.
 2013-03-01 14:03:37 -06:00
Jon Siwek
6cb58a5228 FileAnalysis: minor code reorg/tweak of BOF buffering stuff. 2013-03-01 09:55:49 -06:00
Jon Siwek
720858fb36 FileAnalysis: refactor add/remove/stop BIFs, add BOF triggers/fields. 
The add_action, remove_action, and stop BIFs now go through a queue to
ensure that modifications are made at well-defined times and don't end
up invalidating loop iterators.
 2013-02-28 17:19:16 -06:00
Jon Siwek
2481f9f837 Fix possible null pointer dereference in identify_data BIF. 
There was no check/handling for if magic_buffer() returns null.
Also centralized libmagic calls for consistent error handling/output.
 2013-02-27 16:04:36 -06:00
Seth Hall
e3856d7681 Removing a field that is no longer logged through the standard metrics log. 2013-02-27 11:25:01 -05:00
Jon Siwek
691622b3aa Refactor how file analysis actions are tracked. 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
 2013-02-25 16:35:42 -06:00
Scott Runnels
b53f701ffe Added documentation for the pattern data type as well as btests for time, interval, and pattern. 2013-02-25 01:12:07 -05:00
Jon Siwek
4b30cc2e24 Add file analysis action to send data to script-land in chosen events. 2013-02-22 16:49:53 -06:00
Jon Siwek
dd9f361bc7 Fix build on OpenBSD 5.2. 2013-02-22 10:45:22 -06:00
Seth Hall
ff2c2c7e52 Merge remote-tracking branch 'origin/topic/jsiwek/file-analysis' into topic/seth/file-analysis-exe-analyzer 
Conflicts:
	src/CMakeLists.txt
	src/file_analysis.bif
	src/file_analysis/Info.cc
 2013-02-22 02:38:29 -05:00
Seth Hall
efc76fd052 Initial groundwork for analyzer actions in file analysis framework. 2013-02-22 02:36:41 -05:00
Jon Siwek
85410a7657 Add MD5/SHA1/SHA256 file analysis hashing actions. 2013-02-21 21:05:01 -06:00
Jon Siwek
ceb471fb36 Prettify file analysis IDs to be more like connection uids. 2013-02-20 22:09:39 -06:00
Scott Runnels
1724784aad After extensive testing it has been revealed that 2.2 secons is not equal to 10 seconds. Scientific paper to follow. 2013-02-20 09:35:53 -05:00
Jon Siwek
d158c7ffdf Fix memory leaks resulting from 'when' and 'return when' statements. 
Addresses #946.
 2013-02-19 16:19:16 -06:00
Jon Siwek
7e5115460c Fix three bugs with 'when' and 'return when' statements. Addresses #946 
- 'when' statements were problematic when used in a function/event/hook
  that had local variables with an assigned function value.  This was
  because 'when' blocks operate on a clone of the frame and the cloning
  process serializes locals and the serialization of functions had an
  infinite cycle in it (ID -> BroFunc -> ID -> BroFunc ...).  The ID
  was only used for the function name and type information, so
  refactoring Func and subclasses to depend on those two things instead
  fixes the issue.

- 'return when' blocks, specifically, didn't work whenever execution
  of the containing function's body does another function call before
  reaching the 'return when' block, because of an assertion.  This was
  was due to logic in CallExpr::Eval always clearing the CallExpr
  associated with the Frame after doing the call, instead of restoring
  any previous CallExpr, which the code in Trigger::Eval expected to
  have available.

- An assert could be reached when the condition of a 'when' statement
  depended on checking the value of global state variables.  The assert
  in Trigger::QueueTrigger that checks that the Trigger isn't disabled
  would get hit because Trigger::Eval/Timeout disable themselves after
  running, but don't unregister themselves from the NotifierRegistry,
  which keeps calling QueueTrigger for every state access of the global.
 2013-02-19 11:38:17 -06:00
Scott Runnels
11f9b83cd9 Added documentation for the interval data type. 2013-02-18 00:16:59 -05:00