Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
13262 commits 388 branches 195 tags 264 MiB
Commit graph

13262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bernhard Amann
b3dba9f0cc Merge branch 'topic/bernhard/input-logging-commmon-functions' into topic/bernhard/sqlite 2012-12-03 14:02:06 -08:00
Bernhard Amann
86c724caa0 and thinking about it, ascii-io doesn't need the separator 2012-12-03 14:01:50 -08:00
Robin Sommer
a259155e0f Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Slightly fix up file name extraction from Content-Disposition headers.
  Quick pass over unit tests, adding -b flag to bro so they run faster.
  Fixed a DNS attribute issue (reported by Matt Thompson).
 2012-12-03 14:00:48 -08:00
Bernhard Amann
53a919be81 Merge branch 'topic/bernhard/input-logging-commmon-functions' into topic/bernhard/sqlite 2012-12-03 13:57:46 -08:00
Bernhard Amann
22f2fc009c change constructors 2012-12-03 13:57:15 -08:00
Bernhard Amann
0a59d0d4db Merge branch 'topic/bernhard/input-logging-commmon-functions' into topic/bernhard/sqlite 2012-12-03 13:46:58 -08:00
Bernhard Amann
70a532e898 make it compile 2012-12-03 13:46:48 -08:00
Bernhard Amann
9b2265877d and factor stuff out the input framework too. 2012-12-03 13:41:19 -08:00
Bernhard Amann
501328d61a factor out ascii input/output. 
First step - factored out everything the logging classes
use ( so only output ).

Moved the script-level configuration to logging/main,
and made the individual writers just refer to it -
no idea if this is good design. It works. But I am happy
about opinions :)

Next step - add support for input...
 2012-12-03 12:59:11 -08:00
Seth Hall
4bb8babb45 Small change to load the correct scan file in local.bro. 2012-12-03 14:58:11 -05:00
Bernhard Amann
f62df0de82 std::string accessors to escape_sequence functionality 2012-12-03 11:01:28 -08:00
Bernhard Amann
bb76335e5a intermediate commit - it has been over a month since I touched 
this...
 2012-12-03 10:42:50 -08:00
Seth Hall
f956554c74 Slightly fix up file name extraction from Content-Disposition headers. 2012-12-03 11:57:00 -05:00
Scott Runnels
d35268a41c Beginning exploration of network centric data types, starting with subnets. 2012-12-01 02:22:52 -05:00
Vlad Grigorescu
318f38df43 A test for HTTP methods, including some horribly illegal requests. 2012-11-30 22:06:54 -05:00
Vlad Grigorescu
e98343b562 Remove hardcoded HTTP verbs from the analyzer (#741) 2012-11-30 20:08:20 -05:00
Jon Siwek
95ffb1cf27 Quick pass over unit tests, adding -b flag to bro so they run faster. 
Doing this made bifs/ ~3x faster and language/ ~2x faster.
 2012-11-30 17:44:36 -06:00
Jon Siwek
4e85fe0454 Change hook calls to only be allowed when preceded by "hook" keyword. 2012-11-30 15:39:00 -06:00
Seth Hall
1542b3696e Changed how traceroute detection works by having it check for low ttl packets after detecting time exceeded messages. 2012-11-30 11:27:09 -05:00
Seth Hall
bb7db64841 Fixed Sheharbano's name. 2012-11-30 09:51:20 -05:00
Seth Hall
96f850ca4e Moving scan.bro to a more appropriate place. 2012-11-30 09:49:16 -05:00
Seth Hall
2484295db3 scan.bro updates. 2012-11-30 09:48:52 -05:00
Jon Siwek
cc8f20c104 Merge branch 'master' into topic/jsiwek/gtp 2012-11-29 16:11:27 -06:00
Jon Siwek
f7e07f5f09 Fix various bugs with table/set attributes. 
- Identifiers that are initialized with set()/table() constructor
  expressions now inherit attributes from the expression.  Before,
  statements like

     const i: set[string] = set() &redef;

  associated the attribute with the set() constructor, but not the
  "i" identifier, preventing redefinition.  Addresses #866.

- Allow &default attribute to apply to tables initialized as empty
  (via either "{ }" or "table()") or if the expression supplied to it
  can evaluate to a type that's promotable to the same yield type as
  the table.
 2012-11-29 15:44:03 -06:00
Jon Siwek
3b3b05fbbb Clarification in hook documentation. 2012-11-29 10:07:38 -06:00
Matthias Vallentin
aba8275346 Add opaque type to lexer, parser, and BroType. 2012-11-28 19:49:46 -08:00
Seth Hall
2b72275d7e More updates to clean up scan.bro 2012-11-28 17:07:30 -05:00
Seth Hall
f1b7ca62ee Actually fix the problem I just tried to fix a minute ago. 2012-11-28 15:58:29 -05:00
Jon Siwek
00f7bbda96 Add test of record() constructor to table initializer unit test. 2012-11-28 14:53:36 -06:00
Seth Hall
92285a9711 Fix a race condition when multiple workers report intermediate indexes simultaneously. 2012-11-28 15:52:41 -05:00
Seth Hall
2add60b4b1 A function wasn't returning a value like it should be. 2012-11-28 15:22:45 -05:00
Jon Siwek
a0590b2140 Fix table(), set(), vector() constructors in table initializer lists. 
Also adds type checking of yield values to table() constructor and
fixes the type checking of yield values in vector() constructor.

Addresses #5.
 2012-11-28 14:19:48 -06:00
Seth Hall
956c23eb66 Merge remote-tracking branch 'origin/master' into topic/seth/metrics-merge 2012-11-28 14:57:42 -05:00
Bernhard Amann
2d7ffd8269 Merge remote-tracking branch 'origin/master' into topic/bernhard/sqlite 2012-11-26 20:46:27 -08:00
Jon Siwek
378ee699ff Hook functions now directly callable instead of w/ "hook" statements. 
The return value of the call is an implicit boolean value of T if all
hook handlers ran, or F if one hook handler exited as a result of a
break statement and potentially prevented other handlers from running.

Scripts don't need to declare hooks with an explicit return type of bool
(internally, that's assumed), and any values given to (optional) return
statements in handler definitions are just ignored.

Addresses #918.
 2012-11-26 17:09:29 -06:00
Seth Hall
6bdcdcecf9 Fixed a problem with metrics aggregation on clusters (thanks Jon!). 2012-11-26 16:17:35 -05:00
Seth Hall
c98301e51f Fixed a DNS attribute issue (reported by Matt Thompson). 2012-11-26 15:58:25 -05:00
Scott Runnels
d1d7fe5d4d Exploration of the connection record data type and corresponding btests. 2012-11-24 14:16:50 -05:00
Robin Sommer
e2fdf16e0c Updating submodule(s). 
[nomail]
 2012-11-23 19:51:42 -08:00
Robin Sommer
7245aa5977 Adding NEWS placeholder for hooks and CSV mode. 2012-11-23 19:40:12 -08:00
Robin Sommer
a5e237f50c The ASCII writer now supports a filter config option 
'only_single_header_row' that turns the output into CSV format.

In that mode all meta data is skipped except for a single header line
with the fields names. Example:

    local my_filter: Log::Filter = [$name = "my-filter", $writer = Log::WRITER_ASCII, $config = table(["only_single_header_row"] = "T")];

Contributed by Carsten Langer.
 2012-11-23 19:38:53 -08:00
Robin Sommer
6c2ee1ef54 Removing in_hook variable in parser. 
I believe that's unnecessary and tests indeed pass just fine without it.
 2012-11-23 18:46:57 -08:00
Robin Sommer
d9bb9e0eb1 Merge remote-tracking branch 'origin/topic/jsiwek/hook' 
* origin/topic/jsiwek/hook:
  Add memory leak unit test for "hook" function flavor.
  Add new function flavor called a "hook".
 2012-11-23 18:39:51 -08:00
Robin Sommer
96ce99590d Merge remote-tracking branch 'origin/topic/jsiwek/improve-enum-doc' 
* origin/topic/jsiwek/improve-enum-doc:
  Improve auto-generated enum documentation.

Closes #919.
 2012-11-23 18:26:06 -08:00
Robin Sommer
3357746857 Merge remote-tracking branch 'origin/topic/jsiwek/composite-table-index-fix' 
* origin/topic/jsiwek/composite-table-index-fix:
  Fix ambiguity between composite table index and record ctor expressions.

Cool.

Closes #80.
 2012-11-23 18:25:04 -08:00
Robin Sommer
0096ebdd6b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some warnings from sphinx when building docs.
 2012-11-23 18:21:41 -08:00
Seth Hall
3546d93f36 Merging master. 2012-11-21 12:18:03 -05:00
Seth Hall
ebacb80d1c Add intel detection for apparently successful logins. 2012-11-21 11:56:39 -05:00
Seth Hall
5921a68e91 More test updates. 2012-11-20 11:18:55 -05:00
Seth Hall
08538211e1 Some test updates. 2012-11-20 02:08:49 -05:00