Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
8253 commits 387 branches 195 tags 267 MiB
Commit graph

8253 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johanna Amann
5b262ceda4 Merge branch 'x509_ext_san_dns_optional' of https://github.com/liviuvalsan/bro 
* 'x509_ext_san_dns_optional' of https://github.com/liviuvalsan/bro:
  Added support for making optional the extraction of DNS entries from X509 SAN as Intel::seen records.
 2018-07-13 10:55:36 -07:00
Jon Siwek
7fdb184ca6 Install binpac 2018-07-13 10:12:28 -05:00
Jon Siwek
e1b7820b01 Move bifcl to a separate repo 2018-07-12 17:51:23 -05:00
Vern Paxson
187757f377 a different sort of history update 2018-07-09 13:05:50 -07:00
Vern Paxson
73349362a3 'W' for zero window implemented; logarithmic 'T'/'C'/'W' history repetitions 2018-07-09 13:05:10 -07:00
Vern Paxson
2a8ea87c9f implemented set relationals 2018-07-06 16:22:06 -07:00
Vern Paxson
e416d34f1f bug fix for set intersection 2018-07-06 13:46:06 -07:00
Jon Siwek
ad9abd4c9b BIT-1950: support PPPoE over QinQ 2018-07-06 08:04:02 -05:00
Vern Paxson
b9a5d9ccbe de-restrict pattern-oriented BiFs to no longer require only running at init 2018-07-05 10:13:20 -07:00
Jon Siwek
15d74ac081 BIT-1941: improve unit test stability 
Mostly trying to standardize the way tests sleep for arbitrary amounts
of time to make it easier to tell at which particular point the
unit test actually may need the timeout interval increased (or else
debugged further).
 2018-07-03 15:00:52 -05:00
Jon Siwek
df3ce608e3 Fix unstable cluster/logging test 2018-07-03 10:25:14 -05:00
Jon Siwek
a6ddc882c3 Fix unstable config framework test 2018-07-03 09:34:33 -05:00
Jon Siwek
85e46f37ca BIT-1941: teach diff-remove-timestamps about time 0 2018-07-03 09:17:09 -05:00
Liviu Valsan
acf1c591ea Added support for making optional the extraction of DNS entries from X509 SAN as Intel::seen records. 2018-07-03 15:08:21 +02:00
Jon Siwek
c9ebe725f6 BIT-1941: improve reliability of broker.disconnect unit test 2018-07-02 16:32:13 -05:00
Jon Siwek
a66364fee0 Update install instructions for OpenSSL 1.1 compat 2018-07-02 14:04:55 -05:00
Jon Siwek
bb55f82809 Remove requestorName parameter of ocsp_request event 
This field isn't publicly available via the OpenSSL 1.1 API, not used
in the base scripts, and has no example in the test suit, so removing
it is simpler than trying to support manually parsing it out of the
raw data.
 2018-06-29 16:15:34 -05:00
Jon Siwek
2e0edd7416 Adjust x509 unit tests to work around OpenSSL 1.0 vs. 1.1 differences 2018-06-29 16:01:23 -05:00
Jon Siwek
8f990036f6 Fixes for OpenSSL 1.1 support 
The following tests currently fail due to what seems like different
behavior in OpenSSL 1.1 vs 1.0:

    scripts/base/protocols/rdp/rdp-x509.bro
    bifs/x509_verify.bro
 2018-06-29 15:58:53 -05:00
Johanna Amann
30c259864c Config: another cluster test-case, this time reading in a file. 
This test-case has actually revealed an interesting issue - it works as
is, but as soon as one adds a vector, one gets the fun error-message

fatal error in any: BroType::AsVectorType (any/vector) (any)

This will require a bit more digging :).
 2018-06-29 13:34:05 -07:00
Johanna Amann
c28f1ae0ce Add sending of values to nodes that dropped out. 
The only node that cannot be recovered is the manager - and the manager
should just re-read its own configuration and be ok :)
 2018-06-29 13:10:00 -07:00
Vern Paxson
85c4b0d285 use PCRE syntax instead of the beautiful new (?i ...) syntax 2018-06-29 13:01:05 -07:00
Vern Paxson
726424f371 nitlet in NEWS entry 2018-06-29 12:00:37 -07:00
Vern Paxson
f5e89b96ae test suite update for case-insensitive patterns 2018-06-29 11:55:50 -07:00
Vern Paxson
a02d9e7f4a document use of double quotes to escape case-insensitivity 2018-06-29 11:35:22 -07:00
Vern Paxson
5ce3d1b899 bug fix for recent memory leak patch 2018-06-29 11:30:21 -07:00
Vern Paxson
cfe45e0af0 documentation updates for case-insensitive patterns 2018-06-29 11:30:00 -07:00
Johanna Amann
5f07673e25 Merge remote-tracking branch 'origin/master' into topic/johanna/config-cluster 2018-06-29 08:30:29 -07:00
Jon Siwek
4614dbe911 Updating submodule(s). 
[nomail]
 2018-06-28 09:29:45 -05:00
Jon Siwek
e2d5ca5f95 Merge remote-tracking branch 'origin/topic/dnthayer/ticket1947' 
* origin/topic/dnthayer/ticket1947:
  Fix some typos and formatting in NEWS
  Add pattern operators to the documentation of operators
  Fix minor typos in broker reference documentation
  Fix a broken link and some typos in broker documentation
  Fix reST formatting in documentation of "count" type
  Add documentation for some new Bro features
 2018-06-27 20:27:34 -05:00
Jon Siwek
06e7f18a32 Prevent double-wrapping Broker::Data in published event args 
In the following example, the republication of "arg" would result in
literally sending it as a Broker::Data record instead of the broker data
that it was already wrapping.

Sender:

    Broker::publish("topic", my_event, "hello")

Receiver:

    event my_event(arg: any)
        {
        Broker::publish("topic", my_event, arg)
        }
 2018-06-27 19:17:54 -05:00
Daniel Thayer
8849e214ca Fix some typos and formatting in NEWS 2018-06-27 14:33:07 -05:00
Daniel Thayer
cfe8e8f04b Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1947 2018-06-27 14:17:44 -05:00
Daniel Thayer
bd74b4525b Add pattern operators to the documentation of operators 2018-06-27 14:00:56 -05:00
Johanna Amann
ea040265c0 Merge remote-tracking branch 'origin/master' into topic/johanna/config-cluster 2018-06-27 11:32:47 -07:00
Daniel Thayer
ceefb6edaf Fix minor typos in broker reference documentation 2018-06-27 13:00:09 -05:00
Johanna Amann
d6990119db Continue work on config framework clusterization. 
This does not currently work.
 2018-06-27 10:47:17 -07:00
Vern Paxson
9bdb24a719 d'oh there's isalpha. I looked earlier for isletter :-P 2018-06-26 20:47:12 -07:00
Vern Paxson
4bd8f3a5d5 fix for handling [:(lower|upper):] in case-insensitive patterns 2018-06-26 20:43:48 -07:00
Jon Siwek
e33a3a9c02 Fix typo in NEWS 2018-06-26 18:10:07 -05:00
Jon Siwek
a97567ef38 Add memory leak unit test for pattern operations 2018-06-26 18:00:51 -05:00
Vern Paxson
80b3b82b54 implemented /re/i for case-insensitive patterns 2018-06-26 15:59:41 -07:00
Jon Siwek
daf8e3ad77 Merge remote-tracking branch 'origin/topic/vern/pattern-leaks' 
* origin/topic/vern/pattern-leaks:
  whoops - patterns ops broke count bitwise ops
  fixed 3 leaks in creating pattern values
 2018-06-26 17:29:41 -05:00
Jon Siwek
5968f91c4f Merge remote-tracking branch 'origin/topic/vern/pattern-ops' 
* origin/topic/vern/pattern-ops:
  Update submodules to correct checkouts.
  test suite updates for &/| pattern operators
  documentation for &/| for patterns
  side-porting changes for supporting &/| pattern ops
  basic code implemented, but there's a memory problem somehwere :-(
 2018-06-26 17:19:38 -05:00
Jon Siwek
fb5c32062b Merge remote-tracking branch 'origin/topic/vern/deprecations' 
* origin/topic/vern/deprecations:
  deprecate merge_patterns()
  deprecate boolean scalar+vector operations
  bug fix (and typo fix) for vector+scalar boolean operations
  deprecate mixing scalars and vectors
  deprecate && / || operators for patterns
  fixed typos in NEWS
 2018-06-26 17:03:49 -05:00
Daniel Thayer
57128af3ab Fix a broken link and some typos in broker documentation 2018-06-26 15:34:57 -05:00
Jon Siwek
ac495e729b Fix deprecated actor_system_config field usages 2018-06-26 15:05:53 -05:00
Daniel Thayer
884d3d2abd Fix reST formatting in documentation of "count" type 2018-06-26 14:43:41 -05:00
Daniel Thayer
fef351b9c1 Add documentation for some new Bro features 
Add documentation for the type-based "switch" statement,
the "as" operator, the "is" operator, and bitwise operators.
 2018-06-26 14:38:24 -05:00
Vern Paxson
bd5414d8d5 whoops - patterns ops broke count bitwise ops 2018-06-26 10:57:24 -07:00