Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11867 commits 384 branches 198 tags 285 MiB
Commit graph

80 commits

Author SHA1 Message Date
Tim Wojtulewicz
c21af39a30 Add new UDP packet analyzer, remove old one 2021-05-18 11:52:04 -07:00
Tim Wojtulewicz
d8adfaef65 Add new ICMP packet analyzer, remove old one 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
c1f0d312b5 Add base class for IP-based packet analyzers 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
3e1692676d Move SessionManager::ParseIPPacket to IP analyzer's namespace 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0c3e3069d0 Added skeletons for TCP/UDP/ICMP packet analysis plugins. 
This includes integration into the IP plugin and calling of the sessions code from each plugin.
 2021-05-18 11:52:03 -07:00
Tim Wojtulewicz
0b7ca5e7bc Remove Session prefix from some session-related classes and files 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
18c6aaaa33 Move session code into new directory and into zeek::session namespace 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
db1d753b35 Rename NetSessions to SessionManager 
This also includes:
- Deprecating the NetSessions name.
- Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name.
- Renaming Sessions.{h,cc} to SessionManager.{h,cc}.
 2021-04-29 10:24:45 -07:00
Tim Wojtulewicz
c752d76052 Move packet filter out of NetSessions 2021-04-29 10:24:45 -07:00
Tim Wojtulewicz
6c52fd502f GH-1493: Fix build with -DENABLE_MOBILE_IPV6 2021-04-07 13:44:18 -07:00
Tim Wojtulewicz
f53fb9a22e Merge remote-tracking branch 'olaldiko/master' 
* olaldiko/master:
  Add tests for ERSPAN Type I patch
  Add ERSPAN Type I patch
 2021-03-17 10:37:14 -07:00
Gorka Olalde Mendia
fcc866567c Add ERSPAN Type I patch 
Co-authored-by: Markel Elorza Alvarez <melorzaalvarez@gmail.com>
Co-authored-by: Ivan Arrizabalaga Cupido <ivanarrcup@gmail.com>
 2021-03-17 11:43:53 +01:00
Tim Wojtulewicz
5111b8e386 Fix comment in IP analyzer 2021-03-02 14:04:30 -07:00
Tim Wojtulewicz
4ad08172d0 Remove obsolete ZEEK_FORWARD_DECLARE_NAMESPACED macros 2021-02-24 14:35:44 -07:00
Jon Siwek
c27bf62217 Merge remote-tracking branch 'origin/topic/timw/1389-vntag' 
Merge adjustment: changed test case to use `zeek -b`

* origin/topic/timw/1389-vntag:
  GH-1389: Skip VN-Tag headers
 2021-02-03 11:22:13 -08:00
Jon Siwek
c44cbe1feb Prefix #includes of .bif.h files with zeek/ 
This enables locating the headers within the install-tree using the
dirs provided by `zeek-config --include_dir`.

To enable locating these headers within the build-tree, this change also
creates a 'build/src/include/zeek -> ..' symlink.
 2021-02-02 19:15:05 -08:00
Tim Wojtulewicz
f53448ccc9 GH-1389: Skip VN-Tag headers 2021-02-01 14:34:56 -07:00
Jon Siwek
8a8a983c49 Add missing zeek/ to header includes 
Related to https://github.com/zeek/zeek/pull/1377
 2021-01-29 19:16:29 -08:00
Tim Wojtulewicz
e27008ef26 GH-1184: Add 'source' field to weird log denoting where the weird was reported 2020-12-01 09:34:37 -07:00
Jon Siwek
fc114069b0 Merge remote-tracking branch 'origin/topic/jsiwek/unknown-protocol-options' 
* origin/topic/jsiwek/unknown-protocol-options:
  Move UnknownProtocol options to init-bare.zeek
  Coverity 1436183: Initialize packet_analysis::Manager fields
 2020-11-12 14:35:01 -08:00
Tim Wojtulewicz
5589484f26 Fix includes of bif.h and _pac.h files to use full paths inside build directory 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
133ab55c91 Remove unnecessary include of NetVar.h from packet analysis plugins 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Jon Siwek
89af6f2004 Move UnknownProtocol options to init-bare.zeek 
Otherwise the `unknown_protocol` event cannot be used independently
from `policy/mic/unknown-protocols.zeek`.
 2020-11-11 12:58:38 -08:00
Jon Siwek
49094688fd Coverity 1436183: Initialize packet_analysis::Manager fields 2020-11-11 12:58:02 -08:00
Tim Wojtulewicz
c3cf36e135 GH-1221: Add unknown_protocols.log for logging packet analyzer lookup failures 2020-11-09 20:37:26 -07:00
Tim Wojtulewicz
04dbc8e8be Remove now-unused Packet::l2_valid field 2020-11-09 10:49:57 -07:00
Tim Wojtulewicz
b3eb63c48a GH-1186: Remove Packet::hdr_size and uses of it. 
This change also removes Packet::IP(), since Packet now contains an ip_hdr member
that points at the IP header if it exists.
 2020-11-09 10:49:57 -07:00
Tim Wojtulewicz
3e16b5fde3 Add missing include to fix build on certain platforms 2020-11-02 22:01:20 +00:00
Tim Wojtulewicz
1f02bd5147 Use std::function instead of a function pointer in packet_analysis::Component 2020-11-02 13:05:05 -07:00
Tim Wojtulewicz
cd06bf34c7 GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches 2020-11-02 19:03:25 +00:00
Seth Hall
552a24e07c Add an option to ignore packets sourced from particular subnets. 
It's implemented with a new set[subnet] option named ignore_checksums_nets.

If you populate this set with subnets, any packet with a src address within
that set of subnets will not have it's checksum validated.
 2020-10-22 13:23:10 -04:00
Tim Wojtulewicz
ce2b00fe83 Fix a couple of Coverity findings (1433618, 1433619) 2020-10-21 10:53:34 -07:00
Tim Wojtulewicz
a19b018dc8 Add header length check to GRE packet analyzer 2020-10-19 10:58:10 -07:00
Tim Wojtulewicz
a99b540e46 Rework Sessions::Weird 2020-10-15 13:03:11 -07:00
Tim Wojtulewicz
ecd970ffde Store packet's ip header as unique_ptr 2020-10-15 12:49:08 -07:00
Tim Wojtulewicz
41dcd0cde0 Use shared_ptr for encapsulation data instead of raw pointer 2020-10-15 12:49:05 -07:00
Tim Wojtulewicz
a7d4364334 Review cleanup 2020-10-15 12:44:45 -07:00
Tim Wojtulewicz
665d0d9814 Store the ip header in the packet after processing, reuse other places 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
7d2c35174f Change to store data in packet directly instead of keystore 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
d0ef05c748 Don't always insert data into keystore for tunnels 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
02ed03adaa Add comment about packet header size and session analysis 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
d0cc30eccd Set data to ip header's payload instead of advancing the pointer 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
afdc08085f Move packet dumping to packet_mgr 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Tim Wojtulewicz
23bbe0ac38 Move packet_mgr to the zeek namespace 2020-09-24 09:56:55 -07:00
Tim Wojtulewicz
c21504deed Fix build on FreeBSD, which was missing full definition of sockaddr for ARP 2020-09-23 11:14:01 -07:00
Jan Grashoefer
8d834a1d89 Packet analysis cleanup. 2020-09-23 11:13:29 -07:00
Tim Wojtulewicz
62562504d5 Minor cleanup 2020-09-23 11:13:29 -07:00
Jan Grashoefer
7ede4f48bd Simplify packet analyzer config. 2020-09-23 11:13:29 -07:00