Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
16055 commits 390 branches 195 tags 268 MiB
Commit graph

16055 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
ef659b8e82 Remove unused util::detail::rand64bit method 2022-07-01 14:10:33 -07:00
Craig Leres
6b52c5b2f9 Return false on error from the other place we call fstat() 2022-07-01 13:23:06 -07:00
Craig Leres
529a3d8e77
Merge branch 'zeek:master' into update 2022-07-01 12:33:08 -07:00
Christian Kreibich
d3b6f9f7a5 Update doc submodule [nomail] [skip ci] 2022-07-01 12:15:59 -07:00
Christian Kreibich
b96d8afa52 Merge branch 'topic/christian/management-default-instance' 
* topic/christian/management-default-instance:
  Management framework: bump zeek-client and cluster testsuite
 2022-07-01 11:11:46 -07:00
Craig Leres
c765dce5f6 Address concerns raised by @0xxon; avoid the new code path when 
reading from a pipe and return false if fstat() fails after sucessfully
opening the file (unlikely).
 2022-07-01 10:03:15 -07:00
Craig Leres
51773bb8b4
Merge branch 'zeek:master' into update 2022-07-01 08:33:07 -08:00
Tim Wojtulewicz
ee88aa3acb Merge remote-tracking branch 'origin/topic/timw/2229-weak-keys-typos' 
* origin/topic/timw/2229-weak-keys-typos:
  GH-2229: Fix some typos in weak-keys.zeek
 2022-07-01 09:23:49 -07:00
Craig Leres
1b8f5644ac
Merge branch 'zeek:master' into update 2022-07-01 08:20:51 -08:00
zeek-bot
3b70d3a10b Update doc submodule [nomail] [skip ci] 2022-07-01 00:36:52 +00:00
Tim Wojtulewicz
509718b51c GH-2229: Fix some typos in weak-keys.zeek 2022-06-30 15:12:10 -07:00
Tim Wojtulewicz
94c9747440 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump Spicy and spicy-plugin to their latest release.
 2022-06-30 13:38:49 -07:00
Tim Wojtulewicz
1c3c88fd2a Merge remote-tracking branch 'origin/topic/johanna/rand64bit' 
* origin/topic/johanna/rand64bit:
  Optimize 64 bit random number generation
 2022-06-30 13:37:49 -07:00
Tim Wojtulewicz
5ce7e2c12b Merge remote-tracking branch 'origin/topic/timw/remove-5.1-deprecations' 
* origin/topic/timw/remove-5.1-deprecations:
  Remove other general deprecations
  Remove some deprecated ocsp/ssl base scripts
  Remove deprecated DESC_PORTABLE ODesc mode and ODesc::IsPortable()
  Remove deprecated UDP, ICMP, and TCP analyzers
  Remove deprecated protocol_confirmation/violation events and methods
  Remove deprecated IterCookie-based dictionary iteration
  Remove deprecated MemoryAllocation() methods and related code
  Remove deprecated --enable-mobile-ipv6 configure argument
  Add helpers for syncing commit files with external testsuites
  Fix typo in update-timing target for external testsuites
 2022-06-30 12:28:01 -07:00
Tim Wojtulewicz
fb16ce3711 Remove other general deprecations 2022-06-30 19:17:13 +00:00
Tim Wojtulewicz
6130d32440 Remove some deprecated ocsp/ssl base scripts 2022-06-30 19:17:08 +00:00
Tim Wojtulewicz
765a8535e0 Remove deprecated DESC_PORTABLE ODesc mode and ODesc::IsPortable() 2022-06-30 19:11:59 +00:00
Tim Wojtulewicz
77aa80033b Remove deprecated UDP, ICMP, and TCP analyzers 2022-06-30 19:11:59 +00:00
Tim Wojtulewicz
644ed5d314 Remove deprecated protocol_confirmation/violation events and methods 2022-06-30 19:11:57 +00:00
Tim Wojtulewicz
392c2f3810 Remove deprecated IterCookie-based dictionary iteration 2022-06-30 19:06:01 +00:00
Tim Wojtulewicz
70e63d4749 Remove deprecated MemoryAllocation() methods and related code 2022-06-30 18:56:52 +00:00
Tim Wojtulewicz
d3169e48c0 Remove deprecated --enable-mobile-ipv6 configure argument 2022-06-30 17:42:18 +00:00
Christian Kreibich
86431f0a44 Management framework: bump zeek-client and cluster testsuite 
No Zeek-side changes here, this just pulls in updates and tests for more
flexible cluster configs in the client.
 2022-06-30 10:24:57 -07:00
Christian Kreibich
b3de9a0faf Merge branch 'topic/christian/external-testsuite-tweaks' 
* topic/christian/external-testsuite-tweaks:
  Add helpers for syncing commit files with external testsuites
  Fix typo in update-timing target for external testsuites
 2022-06-30 09:56:46 -07:00
Benjamin Bannier
e8bc953e8a Bump Spicy and spicy-plugin to their latest release. 2022-06-30 15:44:05 +02:00
Johanna Amann
31cf270565 Optimize 64 bit random number generation 
rand64bit called random 4 times to generate one 64 bit number. There is
no reason to do this - random() is basically guaranteed to return a 32
bit number.

This also adds a static check to make sure that it does.
 2022-06-29 14:37:39 +02:00
Christian Kreibich
bf9b1ebbbe Add helpers for syncing commit files with external testsuites 
This provides "make sync-repos" to check out all locally available testsuites at
the commits indicated in their commit files, and "make sync-commits" to update
the commit files to the HEADs of the local testsuite repos.

Also adds the commit -> repo sync for the Makefile init target so initialization
always lands on the right version, and removes the corresponding explicit
checkout from the CI repo setup.
 2022-06-28 13:20:14 -07:00
Christian Kreibich
9f3dfbdb13 Fix typo in update-timing target for external testsuites 
Also includes whitespace tweaks for consistency.
 2022-06-28 13:20:03 -07:00
Tim Wojtulewicz
86f874b31b Merge remote-tracking branch 'origin/topic/timw/bump-broker' 
* origin/topic/timw/bump-broker:
  Update broker submodule [nomail]
 2022-06-28 09:25:19 -07:00
Tim Wojtulewicz
342354343c Update broker submodule [nomail] 2022-06-27 15:56:39 -07:00
Tim Wojtulewicz
9e953f50cb Merge remote-tracking branch 'origin/topic/vern/remove-deprecated-closures' 
* origin/topic/vern/remove-deprecated-closures:
  removed deprecated capture-by-reference closures
 2022-06-27 13:04:57 -07:00
Tim Wojtulewicz
11bcb26ab5 Merge remote-tracking branch 'origin/topic/timw/2183-checksum-variables' 
* origin/topic/timw/2183-checksum-variables:
  GH-2183: Rework Packet checksummed variable naming
 2022-06-27 11:43:37 -07:00
Tim Wojtulewicz
1b5741d905 GH-2183: Rework Packet checksummed variable naming 2022-06-27 11:07:31 -07:00
Tim Wojtulewicz
1af3039ca3 Merge remote-tracking branch 'origin/topic/timw/modernize-cpp-headers' 
* origin/topic/timw/modernize-cpp-headers:
  Code modernization: Convert from deprecated C standard library headers
  Bump cmake submodule for run-clang-tidy fix [skip ci] [nomail]
 2022-06-27 10:37:25 -07:00
Tim Wojtulewicz
7c4fd382d9 Code modernization: Convert from deprecated C standard library headers 2022-06-27 09:47:31 -07:00
Tim Wojtulewicz
823d80494b Bump cmake submodule for run-clang-tidy fix [skip ci] [nomail] 2022-06-27 09:27:50 -07:00
Tim Wojtulewicz
c5b435f2cc Merge remote-tracking branch 'origin/topic/timw/2021-signal-handler-deadlock' 
* origin/topic/timw/2021-signal-handler-deadlock:
  Mark bools in BasicThread as atomic to avoid data races
  Avoid calling DBG_LOG during signal handling
  Fixes for iosource::Manager for deadlocks during shutdown
 2022-06-27 09:27:07 -07:00
Tim Wojtulewicz
268ebbaffd Mark bools in BasicThread as atomic to avoid data races 2022-06-26 20:54:04 +00:00
Tim Wojtulewicz
f50777cdab Avoid calling DBG_LOG during signal handling 2022-06-26 20:54:04 +00:00
Tim Wojtulewicz
d06387d4d3 Fixes for iosource::Manager for deadlocks during shutdown 2022-06-26 20:54:04 +00:00
Tim Wojtulewicz
6acb626ece Add initial NEWS block for 5.1 2022-06-25 08:23:16 -07:00
Tim Wojtulewicz
bf7b6e5ed0 Merge remote-tracking branch 'origin/topic/timw/bump-broker' 
* origin/topic/timw/bump-broker:
  Bump broker submodule to pick up two fixes
 2022-06-24 14:18:54 -07:00
Tim Wojtulewicz
a6dd3af831 Bump broker submodule to pick up two fixes 
- https://github.com/zeek/broker/pull/244
- https://github.com/zeek/broker/pull/245
 2022-06-24 14:18:23 -07:00
Johanna Amann
e14eddeb97 SSL Analyzer: track connection direction by messages 
This PR changes the way in which the SSL analyzer tracks the direction
of connections. So far, the SSL analyzer assumed that the originator of
a connection would send the client hello (and other associated
client-side events), and that the responder would be the SSL servers.

In some circumstances this is not true, and the initiator of a
connection is the server, with the responder being the client. So far
this confused some of the internal statekeeping logic and could lead to
mis-parsing of extensions.

This reversal of roles can happen in DTLS, if a connection uses STUN -
and potentially in some StartTLS protocols.

This PR tracks the direction of a TLS connection using the hello
request, client hello and server hello handshake messages. Furthermore,
it changes the SSL events from providing is_orig to providing is_client,
where is_client is true for the client_side of a connection. Since the
argument positioning in the event has not changed, old scripts will
continue to work seamlessly - the new semantics are what everyone
writing SSL scripts will have expected in any case.

There is a new event that is raised when a connection is flipped. A
weird is raised if a flip happens repeatedly.

Addresses GH-2198.
 2022-06-24 18:35:44 +01:00
Tim Wojtulewicz
5162732598 Add NEWS entry for 5.0 management changes [nomail] [skip ci] 2022-06-24 09:09:31 -07:00
Tim Wojtulewicz
693a0c71c4 Merge remote-tracking branch 'origin/topic/johanna/bf-news' 
* origin/topic/johanna/bf-news:
  News entry about Bloom Filter changes in 5.0.
 2022-06-24 09:08:19 -07:00
Johanna Amann
ce410b7ed5 News entry about Bloom Filter changes in 5.0. 2022-06-24 14:52:54 +02:00
zeek-bot
a7aa345c76 Update doc submodule [nomail] [skip ci] 2022-06-24 00:43:53 +00:00
Tim Wojtulewicz
e60c305ac1 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump Spicy to the latest development version.
 2022-06-23 13:04:08 -07:00
Christian Kreibich
3287b8b793 Merge branch 'topic/christian/management-restart' 
* topic/christian/management-restart:
  Management framework: bump external cluster testsuite
  Management framework: bump zeek-client
  Management framework: edit pass over docstrings
  Management framework: node restart support
  Management framework: more consistent Supervisor interaction in the agent
  Management framework: log the controller's startup deployment attempt
  Management framework: bugfix for a get_id_value corner case
  Management framework: minor timeout bugfix
  Management framework: make "result" argument plural in multi-result response events
 2022-06-23 12:27:19 -07:00