Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11634 commits 384 branches 195 tags 258 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
4618df762d Merge remote-tracking branch 'origin/topic/jsiwek/gh-1273-size-expr-any' 
* origin/topic/jsiwek/gh-1273-size-expr-any:
  GH-1273: Change SizeExpr to yield "any" type when operating on "any"
 2020-11-12 14:30:52 -08:00
Jon Siwek
aab99b743d Merge remote-tracking branch 'origin/topic/jsiwek/type-alias-introspection' 
* origin/topic/jsiwek/type-alias-introspection:
  Add enum_names() BIF to return names of an enum type's values
  Add type_aliases() BIF for introspecting type-names of types/values
  Change Type::type_aliases map to store IntrusivePtr
  Fix lookup_ID() BIF to return enum values
 2020-11-12 14:30:32 -08:00
Tim Wojtulewicz
c10bcc7116 Merge remote-tracking branch 'origin/topic/timw/1079-zeek-includes' 
* origin/topic/timw/1079-zeek-includes:
  Move 'using namespace' declaration after other includes
  Use binpac.h as if it was an external dependency
  Fix includes of bif.h and _pac.h files to use full paths inside build directory
  Remove unnecessary include of NetVar.h from packet analysis plugins
  GH-1079: Use full paths starting with zeek/ when including files
 2020-11-12 12:16:34 -07:00
Tim Wojtulewicz
bd1379e864 Move 'using namespace' declaration after other includes 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
0e9227b753 Use binpac.h as if it was an external dependency 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
5589484f26 Fix includes of bif.h and _pac.h files to use full paths inside build directory 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
133ab55c91 Remove unnecessary include of NetVar.h from packet analysis plugins 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Robin Sommer
78fc5615a5 Merge remote-tracking branch 'origin/topic/christian/fix-extfunc-includes' 
* origin/topic/christian/fix-extfunc-includes:
  Fix type clash fatal error with log filters that use $ext_func and $include/$exclude
 2020-11-12 10:33:48 +00:00
Jon Siwek
89af6f2004 Move UnknownProtocol options to init-bare.zeek 
Otherwise the `unknown_protocol` event cannot be used independently
from `policy/mic/unknown-protocols.zeek`.
 2020-11-11 12:58:38 -08:00
Jon Siwek
49094688fd Coverity 1436183: Initialize packet_analysis::Manager fields 2020-11-11 12:58:02 -08:00
Tim Wojtulewicz
a6a4b976ec Support for additional DNS RR Type: LOC[29], SSHFP[44], NSEC3PARAM[51], custom BIND9 signaling[65534] 2020-11-11 13:35:51 -07:00
Christian Kreibich
f97a33e14d Fix type clash fatal error with log filters that use $ext_func and $include/$exclude 
The logging manager's Manager::TraverseRecord(), called when adding a
log filter to a stream, skipped any fields intoduced by a filter's
$ext_func when such fields weren't mentioned in a $include restriction
or mentioned in an $exclude restriction. This was inconsistent with
Manager::RecordToFilterVals, used when actually writing log entries,
which does include those values.

The result was that the record indices descent in Manager::RecordToFilterVals
expects to find only record values, when in fact only the record
provided by ext_func is present. This leads to type mismatches and
hard Zeek exits like this one:

1300475173.475401 fatal error in zeek/share/zeek//base/init-bare.zeek, line 4810: Val::CONVERTER (string/record) (zeek)

The fix makes ext_func's field additions decisive, meaning the
filter's include/exclude lists don't apply to it. If a user really
wants to override this, they can reset the filter's ext_func back to
our no-op default.

The included btest produces the above error when the fix is not present.
 2020-11-10 18:13:16 -08:00
zeek-bot
ee31673154 Update doc submodule [nomail] [skip ci] 2020-11-11 00:32:31 +00:00
Tim Wojtulewicz
8722118935 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1269' 
* origin/topic/jsiwek/gh-1269:
  GH-1269: Fix LogAscii::enable_leftover_log_rotation crash in bad dirs
 2020-11-10 14:06:10 -07:00
Tim Wojtulewicz
2e57f8487b Merge remote-tracking branch 'origin/topic/jsiwek/ci-debian-10-gcc' 
* origin/topic/jsiwek/ci-debian-10-gcc:
  Change Debian 10 CI config to use GCC
 2020-11-10 13:55:53 -07:00
Tim Wojtulewicz
45167953b3 Update external testing repo hashes for canonification updates 2020-11-10 09:02:30 -07:00
Tim Wojtulewicz
ad46a8b717 Merge remote-tracking branch 'origin/topic/timw/1221-unknown-protocols' 
* origin/topic/timw/1221-unknown-protocols:
  GH-1221: Add unknown_protocols.log for logging packet analyzer lookup failures
  Remove default_analyzer for Ethernet packet analzyer
 2020-11-10 08:42:26 -07:00
Tim Wojtulewicz
c3cf36e135 GH-1221: Add unknown_protocols.log for logging packet analyzer lookup failures 2020-11-09 20:37:26 -07:00
Jon Siwek
d4528162d1 GH-1273: Change SizeExpr to yield "any" type when operating on "any" 2020-11-09 19:03:42 -08:00
Tim Wojtulewicz
efe42bc67b Remove default_analyzer for Ethernet packet analzyer 2020-11-09 19:54:45 -07:00
Jon Siwek
04a02d979f Change Debian 10 CI config to use GCC 2020-11-09 16:29:27 -08:00
Jon Siwek
721b232d94 Merge remote-tracking branch 'origin/topic/christian/ci-refresh' 
* origin/topic/christian/ci-refresh:
  Add CI support for Debian 10, Fedora 31 & 33, FreeBSD 11, Ubuntu 20.04
 2020-11-09 16:28:05 -08:00
Christian Kreibich
13ecafd687 Add CI support for Debian 10, Fedora 31 & 33, FreeBSD 11, Ubuntu 20.04 
This also adds two environment variables to the Dockerfiles for the
Debian/Ubuntu flavors to avoid stalling on user input when configuring
tzdata.
 2020-11-09 14:04:37 -08:00
Tim Wojtulewicz
9fc4f6c2fa Merge remote-tracking branch 'origin/topic/timw/1186-pkt-hdr-size' 
* origin/topic/timw/1186-pkt-hdr-size:
  Remove now-unused Packet::l2_valid field
  GH-1186: Remove Packet::hdr_size and uses of it.
 2020-11-09 10:56:22 -07:00
Tim Wojtulewicz
04dbc8e8be Remove now-unused Packet::l2_valid field 2020-11-09 10:49:57 -07:00
Tim Wojtulewicz
b3eb63c48a GH-1186: Remove Packet::hdr_size and uses of it. 
This change also removes Packet::IP(), since Packet now contains an ip_hdr member
that points at the IP header if it exists.
 2020-11-09 10:49:57 -07:00
Jon Siwek
0eb6839dae GH-1269: Fix LogAscii::enable_leftover_log_rotation crash in bad dirs 
Running with that option enabled inside a bad directory (e.g. lack of
permissions) crashed due to not checking for failure of opendir().
 2020-11-06 19:28:45 -08:00
Jon Siwek
f147c47271 Add enum_names() BIF to return names of an enum type's values 2020-11-06 18:31:41 -08:00
Jon Siwek
77514f234f Add type_aliases() BIF for introspecting type-names of types/values 2020-11-06 17:18:44 -08:00
Jon Siwek
1dda387ac9 Change Type::type_aliases map to store IntrusivePtr 
And deprecate Type::GetAliases() and Type::AddAlias() since they
took raw pointers.  Now replaced with Type::Aliases() and
Type::RegisterAlias().
 2020-11-06 17:18:20 -08:00
Jon Siwek
bfb7afc600 Fix lookup_ID() BIF to return enum values 
Looking up an enum value from a string equal to its name previously
returned "<no ID value>".
 2020-11-06 15:37:54 -08:00
Jon Siwek
8337b4cf2d Merge remote-tracking branch 'origin/topic/jsiwek/rename-files-with-colons' into master 
* origin/topic/jsiwek/rename-files-with-colons:
  GH-1252: rename files with colons for Windows compatibility
 2020-11-04 10:42:22 -08:00
Jon Siwek
b7bd87d9cf GH-1252: rename files with colons for Windows compatibility 
A short-term measure so that the Zeek source tree can simply exist on a
Windows filesystem.  For true support, the logic that decides/generates
the filename format will need to change.
 2020-11-04 10:29:52 -08:00
Jon Siwek
218c24f55b Update submodule(s) [nomail] [skip ci] 2020-11-03 16:22:48 -08:00
Jon Siwek
47725c35b7 Update submodule(s) [nomail] 2020-11-02 14:54:36 -08:00
Tim Wojtulewicz
3e16b5fde3 Add missing include to fix build on certain platforms 2020-11-02 22:01:20 +00:00
Tim Wojtulewicz
1f02bd5147 Use std::function instead of a function pointer in packet_analysis::Component 2020-11-02 13:05:05 -07:00
Tim Wojtulewicz
43f7b3beab Merge remote-tracking branch 'origin/topic/timw/1215-analyzer-registration' 
* origin/topic/timw/1215-analyzer-registration:
  GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches
 2020-11-02 12:04:05 -07:00
Tim Wojtulewicz
cd06bf34c7 GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches 2020-11-02 19:03:25 +00:00
Jon Siwek
95fd2382bc Merge remote-tracking branch 'origin/topic/timw/1256-strerror' 
* origin/topic/timw/1256-strerror:
  GH-1256: Write out strerror when writing errno during safe_write
 2020-11-02 09:51:27 -08:00
Tim Wojtulewicz
72ccaee4d5 GH-1256: Write out strerror when writing errno during safe_write 2020-10-30 15:45:32 -07:00
zeek-bot
43821a8957 Update doc submodule [nomail] [skip ci] 2020-10-28 00:40:40 +00:00
Duffy O'Craven
b32eba579d updated to mention notice_alarm.log by name. That has taken the place of the file formerly named alarm.log 2020-10-27 13:56:30 -07:00
zeek-bot
8fb1d4118b Update doc submodule [nomail] [skip ci] 2020-10-27 00:35:52 +00:00
Tim Wojtulewicz
008cdef712 Merge remote-tracking branch 'origin/topic/jsiwek/better-zeekygen-redef-info' 
* origin/topic/jsiwek/better-zeekygen-redef-info:
  Improve how Zeekygen generated record/enum redefinition docs
 2020-10-26 11:04:17 -07:00
Tim Wojtulewicz
75caf60990 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1245-tld-validity' 
* origin/topic/jsiwek/gh-1245-tld-validity:
  GH-1245: require TLD of hostname literals to start with a letter
 2020-10-26 10:42:15 -07:00
Tim Wojtulewicz
5ee06d8535 Merge remote-tracking branch 'origin/topic/timw/1116-coveralls' 
* origin/topic/timw/1116-coveralls:
  Add coveralls badge to README.md
  Remove the entire auxil directory from the results
  Prevent non-master builds, add cirrus information to upload
  Add support for sending data to coveralls with lcov_html.sh via Cirrus
 2020-10-23 14:48:15 -07:00
Jon Siwek
fb85a19fa8 GH-1245: require TLD of hostname literals to start with a letter 2020-10-23 14:17:10 -07:00
Tim Wojtulewicz
b248a56a2d Add coveralls badge to README.md 2020-10-23 19:58:02 +00:00