Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
13262 commits 385 branches 195 tags 258 MiB
Commit graph

13262 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vern Paxson
86aafb7c84 fix for inlining type-based switch statements 2021-05-30 17:36:07 -07:00
Vern Paxson
0de51b31b1 fix for computing |size| of files and subnets 2021-05-30 17:33:49 -07:00
Vern Paxson
9ba7e95bad fix for tracking the effects of += operations 2021-05-30 17:32:29 -07:00
Vern Paxson
4ee8bd0082 Expr method to invert the sense of a relational 2021-05-30 17:31:22 -07:00
Vern Paxson
b1e95d68e0 Trigger constructor (and factoring) to support lower-level constructions 2021-05-30 17:28:25 -07:00
Vern Paxson
a16a25efbd fixed / removed out-of-date comments, tidied check_and_promote_args() interface 2021-05-30 17:25:40 -07:00
Vern Paxson
efd03d41f8 convert scopes to be managed using IntrusivePtr's 2021-05-30 17:20:29 -07:00
Vern Paxson
f2f041b63b various accessors used by ZAM compiler 2021-05-30 17:16:03 -07:00
Chris C
ada482c0e3
Update detect-MHR.zeek 
Update Virustotal URL to current
option match_sub_url = "https://www.virustotal.com/gui/search/%s";
 2021-05-28 14:46:19 -05:00
Tim Wojtulewicz
0e34f2e02f Fix handling of IP packets with bogus IP header lengths 
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34711
(Link to details becomes public 30 days after patch release)
 2021-05-27 16:33:50 -07:00
Jon Siwek
f861a194f9 Update submodule(s) [nomail] [skip ci] 2021-05-27 13:53:38 -07:00
Jon Siwek
77f1ede661 GH-839: Fix use of &optional sub-records within table/set indices 2021-05-26 13:28:13 -07:00
Tim Wojtulewicz
5f57daf9d1 Ensure SessionAdapter members are initialized 
Fixes Coverity #1453273
 2021-05-26 10:53:08 -07:00
Robin Sommer
815b8cbcc9 Merge remote-tracking branch 'origin/topic/robin/file-api-extension' 
* origin/topic/robin/file-api-extension:
  Extend the file analyzer API to set source manually.
 2021-05-26 08:08:09 +02:00
Dominik Charousset
44ca01eb18 Merge branch master into topic/neverlord/telemetry-scraper 2021-05-26 08:06:13 +02:00
Dominik Charousset
3f4b340abb Integrate review feedback 2021-05-26 08:05:14 +02:00
Dominik Charousset
7767c3d36c Sync new broker options, fix name inconsistencies 2021-05-25 17:22:45 +02:00
Robin Sommer
355ecc0c43 Extend the file analyzer API to set source manually. 
The API didn't offer methods for passing in data that allow setting
all of offset, source and MIME type. Adding overloads for that (no
breakage to existing APIs).
 2021-05-25 13:33:25 +02:00
zeek-bot
f38eae06f1 Update doc submodule [nomail] [skip ci] 2021-05-25 00:37:23 +00:00
Jon Siwek
ee7c275479 Update submodule(s) [nomail] 2021-05-24 15:24:16 -07:00
Jon Siwek
7185a71960 Update Broker submodule for bump of embedded CAF to 0.18.3 2021-05-24 15:05:19 -07:00
Jon Siwek
cdab601223 Replace toupper() usages in netbios decoding BIFs 
This avoids potential for locale-dependent results of toupper() by
instead using a function that simply maps ASCII characters a-z to A-Z.
 2021-05-24 13:11:47 -07:00
Tim Wojtulewicz
aa09e02117 Merge remote-tracking branch 'origin/topic/timw/1114-analyzers' 
* origin/topic/timw/1114-analyzers:
  Add type field to session::Key to help avoid collisions in map
  Move bad UDP checksum handling into adapter object
  Rename IPBasedTransportAnalyzer to SessionAdapter
  Move building session analyzer tree out of analyzer::Manager
  Rework the packet flow through the IP-based analyzers
  Add new UDP packet analyzer, remove old one
  Add new ICMP packet analyzer, remove old one
  Add base class for IP-based packet analyzers
  Move SessionManager::ParseIPPacket to IP analyzer's namespace
  Added skeletons for TCP/UDP/ICMP packet analysis plugins.
 2021-05-24 12:40:00 -07:00
Dominik Charousset
f9cd05f00b Integrate new Broker metric exporter parameters 2021-05-24 17:20:48 +02:00
Tim Wojtulewicz
54271657a8 Add some extra length checking when parsing mobile ipv6 packets 
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34263
(Link to details becomes public 30 days after patch release)
 2021-05-20 15:32:07 -07:00
Tim Wojtulewicz
3a8047f535 Add type field to session::Key to help avoid collisions in map 2021-05-20 11:00:11 -07:00
Tim Wojtulewicz
30ab914cd8 Move bad UDP checksum handling into adapter object 2021-05-18 15:19:12 -07:00
Tim Wojtulewicz
b22ce6848f Rename IPBasedTransportAnalyzer to SessionAdapter 
This also also combines the old TransportLayerAnalyzer class into
SessionAdapter, and removes the old class. This requires naming changes
in a few places but no functionality changes.
 2021-05-18 15:19:12 -07:00
Jon Siwek
2c27f1bf34 Update submodule(s) [nomail] [skip ci] 2021-05-18 15:14:49 -07:00
Jon Siwek
f75f14eb0d Update submodule(s) [nomail] [skip ci] 2021-05-18 13:15:28 -07:00
Jon Siwek
754ca24aba Update submodule(s) [nomail] [skip ci] 2021-05-18 12:04:28 -07:00
Tim Wojtulewicz
c56fb3e8e4 Move building session analyzer tree out of analyzer::Manager 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
7dc803f7bb Rework the packet flow through the IP-based analyzers 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
c21af39a30 Add new UDP packet analyzer, remove old one 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
d8adfaef65 Add new ICMP packet analyzer, remove old one 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
c1f0d312b5 Add base class for IP-based packet analyzers 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
3e1692676d Move SessionManager::ParseIPPacket to IP analyzer's namespace 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0c3e3069d0 Added skeletons for TCP/UDP/ICMP packet analysis plugins. 
This includes integration into the IP plugin and calling of the sessions code from each plugin.
 2021-05-18 11:52:03 -07:00
Jon Siwek
82fb5722a1 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1244-print-small-floating-point' 
* origin/topic/jsiwek/gh-1244-print-small-floating-point:
  Omit unneeded decimal points in modp_dtoa2() scientific notation output
  GH-1244: Change modp_dtoa2() to use scientific notation for small values
 2021-05-18 11:47:56 -07:00
Jon Siwek
8996dfbfef Omit unneeded decimal points in modp_dtoa2() scientific notation output 
For example, "1e-13" is now used instead of "1.e-13".
 2021-05-17 17:56:19 -07:00
Jon Siwek
48ee0f31a1 GH-1244: Change modp_dtoa2() to use scientific notation for small values 
This fixes problems where printing floating point numbers less than
10^-6 output as "0.0".  Such numbers now use using scientific notation
and preserve the value's actual floating point representation.
 2021-05-17 17:44:23 -07:00
Tim Wojtulewicz
f66b4f5340 Merge remote-tracking branch 'origin/topic/timw/dict-iterator-construction' 
* origin/topic/timw/dict-iterator-construction:
  GH-1546: Make DictIterator() public, add copy/move operators
 2021-05-17 11:58:17 -07:00
Tim Wojtulewicz
6ab317f7bd GH-1546: Make DictIterator() public, add copy/move operators 2021-05-17 11:57:17 -07:00
Jon Siwek
31f73f6e92 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1555-gh-1558-config-enum-fixes' 
* origin/topic/jsiwek/gh-1555-gh-1558-config-enum-fixes:
  GH-1558: Fix reading `vector of enum` types from config files
  GH-1555: Fix reading empty set[enum] values from config files
 2021-05-17 11:35:20 -07:00
Johanna Amann
1d25def759 Merge branch 'master' of https://github.com/kramse/zeek 
* 'master' of https://github.com/kramse/zeek:
  Added note about default configuration
  More precise description of the example
  Removed tcpdump file, as it may not even work.
  Just a few ideas for improving the manual page
 2021-05-17 13:14:50 +01:00
Jon Siwek
45b2d3b4f2 GH-1558: Fix reading vector of enum types from config files 2021-05-14 16:59:51 -07:00
Jon Siwek
e35888a994 GH-1555: Fix reading empty set[enum] values from config files 2021-05-14 16:32:19 -07:00
Jon Siwek
09ff24199b Update submodule(s) [nomail] [skip ci] 2021-05-14 11:11:04 -07:00
Henrik Kramselund Jereminsen
49d99f6a03 Added note about default configuration 2021-05-14 16:40:27 +02:00
Henrik Kramselund Jereminsen
60eb12f575 More precise description of the example 2021-05-14 16:37:40 +02:00