Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11634 commits 385 branches 195 tags 258 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
8ece1cf484 Make Sessions::NextPacket call packet_mgr, fix fuzzer code to do the same 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Tim Wojtulewicz
69da2d7b1d Prep work for IP changes 
- Move all of the time handling code out of PktSrc into RunState
- Call packet_mgr->ProcessPacket() from various places to setup layer 2 data in packets
 2020-10-15 12:12:07 -07:00
Johanna Amann
5f29f1dca1 Make event ordering deterministic 
NetControl::init and filter_change_tracking could basically be raised in
random order.
 2020-10-15 16:35:52 +00:00
Johanna Amann
e6805258dc dump-events: try to make baseline work on all systems 2020-10-15 15:35:51 +00:00
Johanna Amann
e95e9b8a5d Merge remote-tracking branch 'origin/master' into topic/johanna/GH-169 2020-10-15 15:31:23 +00:00
Jon Siwek
5f1ee35d31 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1211-improve-already-defined-error' into master 
* origin/topic/jsiwek/gh-1211-improve-already-defined-error:
  GH-1211: Improve error message for already-defined functions
 2020-10-14 10:48:05 -07:00
Jon Siwek
9ad47a3141 Update submodule(s) [nomail] 2020-10-14 10:46:08 -07:00
zeek-bot
b905e22135 Update doc submodule [nomail] [skip ci] 2020-10-14 00:38:25 +00:00
Jon Siwek
92cc798dd5 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1208-dict-asserts' 
* origin/topic/jsiwek/gh-1208-dict-asserts:
  GH-1208: Use Dictionary validity assertions only during CI
 2020-10-13 16:26:38 -07:00
Jon Siwek
6cb0cb9746 Merge remote-tracking branch 'origin/topic/seth/make-cluster-port-optional' 
* origin/topic/seth/make-cluster-port-optional:
  Apply suggestions from code review
  Update scripts/base/frameworks/cluster/main.zeek
  Make defining a port number for hosts in a cluster that only connect outbound optional
 2020-10-13 15:35:43 -07:00
Jon Siwek
399badfb51 Update submodule(s) [nomail] 2020-10-13 15:32:44 -07:00
Tim Wojtulewicz
1a8bb30127 Update submodule(s) [nomail] 2020-10-13 15:25:39 -07:00
Jon Siwek
3c4de51f40 GH-1208: Use Dictionary validity assertions only during CI 2020-10-13 14:59:11 -07:00
Tim Wojtulewicz
3f25214914 Merge remote-tracking branch 'origin/topic/timw/1063-kqueue-update' 
* origin/topic/timw/1063-kqueue-update:
  Update cmake submodule to pull in fix for building libkqueue
  GH-1063: Update libkqueue to fix pf_ring-zc failures
 2020-10-13 13:49:38 -07:00
Seth Hall
cd330c801d
Apply suggestions from code review 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 16:48:15 -04:00
Tim Wojtulewicz
6ef55db553 Update cmake submodule to pull in fix for building libkqueue 2020-10-13 13:47:56 -07:00
Tim Wojtulewicz
a608015338 GH-1063: Update libkqueue to fix pf_ring-zc failures 2020-10-13 13:47:56 -07:00
Seth Hall
e78386d6e5
Update scripts/base/frameworks/cluster/main.zeek 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 16:46:26 -04:00
Jon Siwek
a90d978cd4 Merge remote-tracking branch 'origin/topic/timw/remove-loginconn' 
* origin/topic/timw/remove-loginconn:
  Remove unused LoginConn type and variable in Conn.h
 2020-10-13 13:42:01 -07:00
Jon Siwek
d62fb3ab9a Merge remote-tracking branch 'origin/topic/jsiwek/zeek-script-args' 
* origin/topic/jsiwek/zeek-script-args:
  Improve zeek_script_args test case and documentation
  Apply suggestions from code review
  Add a test for script args.
  Fixed an option processing bug
  Make it possible to pass command line options through to scripts.
 2020-10-13 13:34:18 -07:00
Jon Siwek
2d3b4dab74 Improve zeek_script_args test case and documentation 2020-10-13 12:40:53 -07:00
Tim Wojtulewicz
8a7730f4c8 Remove unused LoginConn type and variable in Conn.h 2020-10-13 11:13:02 -07:00
Jon Siwek
961532a8f7 Merge remote-tracking branch 'origin/topic/seth/pcap_findalldevs' 
- Minor adjustments to whitespace/formatting

* origin/topic/seth/pcap_findalldevs:
  Finishing changes from code review.
  Update src/iosource/pcap/pcap.bif
  Update src/iosource/pcap/pcap.bif
  Update scripts/base/init-bare.zeek
  Update src/iosource/pcap/pcap.bif
  I accidentally missed a paren
  New bif to wrap pcap_findalldevs
 2020-10-13 10:52:14 -07:00
Jon Siwek
aa148831f5 Merge remote-tracking branch 'origin/topic/jsiwek/remove-rule-condition-dtors' 
* origin/topic/jsiwek/remove-rule-condition-dtors:
  Remove superfluous RuleCondition destructors
 2020-10-13 10:39:32 -07:00
Jon Siwek
dff7e59a21 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1200-addon' 
* origin/topic/jsiwek/gh-1200-addon:
  Silence Clang's warning about ignoring GCC's maybe-uninitialized warning
 2020-10-13 10:39:07 -07:00
Jon Siwek
08339f071e Add reference to network_time_init from zeek_init docs 2020-10-13 10:38:01 -07:00
Seth Hall
92eb7c10da Finishing changes from code review. 2020-10-13 08:35:45 -04:00
Seth Hall
5d6800f6bd
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:57 -04:00
Seth Hall
928faeaad3
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:50 -04:00
Seth Hall
dfa21d54c8
Update scripts/base/init-bare.zeek 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:20 -04:00
Seth Hall
e532991bf2
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:09:58 -04:00
Jon Siwek
d827e8b2d2 Improve documentation for zeek_init event scheduling pitfalls 2020-10-12 17:45:24 -07:00
zeek-bot
38af38beae Update doc submodule [nomail] [skip ci] 2020-10-13 00:37:59 +00:00
Jon Siwek
86e10bfb7e Merge remote-tracking branch 'origin/topic/vlad/caploss_no_traffic' 
- Tweaked the Too_Little_Traffic notice message to avoid
  cluster-specific terminology.

* origin/topic/vlad/caploss_no_traffic:
  Fix scheduling due to network_time being 0 in zeek_init
  Add test for CaptureLoss::Too_Little_Traffic
  Add CaptureLoss::Too_Little_Traffic
  Add CaptureLoss::initial_watch_interval for a quick read on cluster health after startup.
  Documentation update, reference the threshold variable. [nomail] [skip ci]
  Whitespace fixes only [nomail] [skip ci]
 2020-10-12 17:05:05 -07:00
Jon Siwek
8c85f2135e GH-1211: Improve error message for already-defined functions 2020-10-12 16:19:19 -07:00
Jon Siwek
cbe47650d1 Remove superfluous RuleCondition destructors 2020-10-12 11:20:50 -07:00
Jon Siwek
b73cc816e9 Merge remote-tracking branch 'origin/topic/jsiwek/gh-779-udp-state-sig' 
* origin/topic/jsiwek/gh-779-udp-state-sig:
  GH-779: Add "udp-state" signature condition
  Rename RuleConditionTCPState::TCPState enum values
  Rename signature parser tokens to not be TCP-specific
 2020-10-12 11:16:54 -07:00
Seth Hall
36d75a0296 I accidentally missed a paren 2020-10-12 12:59:40 -04:00
Seth Hall
7bcbc57401 New bif to wrap pcap_findalldevs 2020-10-12 12:47:23 -04:00
Seth Hall
cf8671d078 Make defining a port number for hosts in a cluster that only connect outbound optional 2020-10-12 10:46:28 -04:00
Johanna Amann
f4d9cf5f89 Introduce generate_all_events bif and add option to misc/dump-events 
generate_all_events causes all events to be raised internally; this
makes it possible for dump_events to really capture all events (and not
just those that were handled).

Addresses GH-169
 2020-10-12 16:21:18 +02:00
Jon Siwek
5904d0708f GH-779: Add "udp-state" signature condition 
It accepts "originator" or "responder" states as a way to enforce that
the signature only matches packets in the associated direction.
The "established" state is rejected as an error since it doesn't
have a useful meaning like it does for the "tcp-state" condition.
 2020-10-09 13:43:17 -07:00
Jon Siwek
7556beac20 Rename RuleConditionTCPState::TCPState enum values 2020-10-09 12:56:23 -07:00
Vlad Grigorescu
4d998742e2
Fix scheduling due to network_time being 0 in zeek_init 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-09 14:43:04 -05:00
Jon Siwek
7b77c7e523 Rename signature parser tokens to not be TCP-specific 2020-10-09 12:41:15 -07:00
Seth Hall
39177ce8c9
Apply suggestions from code review 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-09 12:16:44 -04:00
Jon Siwek
d9f4f9b371 Silence Clang's warning about ignoring GCC's maybe-uninitialized warning 
Clang supports `#pragma GCC diagnostic` for "compatibility", but not
`-Wmaybe-uninitialized`, so was emitting `warning: unknown warning group
'-Wmaybe-uninitialized'`
 2020-10-08 17:57:56 -07:00
Seth Hall
ce590ae05f Add a test for script args. 2020-10-08 16:32:54 -04:00
Seth Hall
97f7bf784b Fixed an option processing bug 2020-10-08 16:11:25 -04:00