Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11634 commits 385 branches 195 tags 258 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
6a0bd63756 Fix Sessions::DoNextPacket to ignore ARP packets and not report weirds for them 2020-09-23 11:13:29 -07:00
Jan Grashoefer
8d834a1d89 Packet analysis cleanup. 2020-09-23 11:13:29 -07:00
Tim Wojtulewicz
62562504d5 Minor cleanup 2020-09-23 11:13:29 -07:00
Jan Grashoefer
7ede4f48bd Simplify packet analyzer config. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
efa262a229 Make default packet analyzer definition explicit. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
8f951574d7 Add explicit root analyzer for packet analysis. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
d51252bb3f Extend packet analysis test. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
3f3f00030d Simplify MPLS analysis. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
38337d799b Improve packet analysis data flow. 2020-09-23 11:13:29 -07:00
Jan Grashoefer
90eb97876f Improve packet analyzer API. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
d5ca0f9da5 Rename DefaultAnalyzer to IP. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
24babf096e Move ARP analysis into packet analyzer. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
0ec7516602 Small cleanup of packet analysis. 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
2d7280fabd Fix some build issues from the rebase 2020-09-23 11:13:28 -07:00
Jan Grashoefer
0925b3bbec Remove encap_hdr_size (replaced by skip analyzer). 2020-09-23 11:13:28 -07:00
Jan Grashoefer
aa4506ad06 Add skip analyzer test and update baselines. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
54961b5ea2 Allow to overwrite packet analysis mappings. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
fc814bd7e2 Add SkipAnalyzer. 
This is WIP: The test case would require a new pcap or the possibility
to overwrite analyzer mappings. The CustomEncapsulationSkip method and
the corresponding options need to be removed.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
6f6e5b4df0 Suggested code improvements for packet analysis. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
4aeab7402d Improve naming in packet analysis. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
6365fa6d80 Migrate all packet analyzers to new API. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
cbdaa53f85 Remove magic identifiers from Ethernet analyzer. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
462b1fe3a2 Bring back default packet analysis. 
Default analyzers can be configured per packet analyzer by omitting the
identifier in the ConfigEntry.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
d4ff5a236c Further simplified the packet analysis API. 
This is still WIP and includes the following changes:
* Dispatchers are now part of analyzers (moving dispatching logic from
  the manager to the analyzers)
* All available analyzers are instantiated on start up
* Removal of configuration class
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
9feda100b9 Move dispatching into packet analyzers. 
WIP that updates only the Ethernet analyzer.
 2020-09-23 11:13:28 -07:00
Jan Grashoefer
96d0e11bb8 Move cur_pos from packet into packet manager loop. 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
c2500d03d6 Remove packet_analysis/Defines.h 
- Replace uses of identifier_t with uint32_t
- Replace repeated usage of tuple type for Analysis results with type alias
 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
b46e600775 Move VectorDispatcher to be the only dispatcher 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
d22481aef3 Remove Manager::Reset() method 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
bd6d3e0112 Remove enabled state from Components, ability to enable/disable from Manager 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
f39d6bb4c4 Use shared_ptr instead of raw pointers in packet_analysis for analyzers and dispatchers 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
07b7a3be40 Whitespace fixes from review 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
27fea2b218 Reorganize some pointer handling 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
94ec639bfb Fix ordering of debug logger strings to match the enum 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
08ceea8de1 Fixes for various btest issues 
- Fix handling of truncated ethernet headers, fix core.truncation test output
- Update commit hashes for external private test repo
 2020-09-23 11:13:28 -07:00
Tim Wojtulewicz
1c3ded7dd5 Merge ProtocolAnalyzerSet into Manager, remove AnalyzerSet base class 2020-09-23 11:13:28 -07:00
Jan Grashoefer
1e0e8e35af Minor fixes for packet analyzer renaming. 2020-09-23 11:13:28 -07:00
Jan Grashoefer
e53ec46c23 Renamed LL-Analyzers to Packet Analyzers. 2020-09-23 11:13:28 -07:00
Peter Oettig
b2e6c9ac9a Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
Jon Siwek
f744d4c070 Improve fa_file/fa_metadata documentation 
Related to https://github.com/zeek/zeek-docs/pull/38
 2020-09-22 16:04:00 -07:00
Jon Siwek
01d83c3204 Avoid race condition in control/id_value btest 2020-09-22 14:11:17 -07:00
Jon Siwek
e1bfb55736 Update external test suite commit pointers 2020-09-22 12:56:05 -07:00
Jon Siwek
75b3ff7da4 Merge remote-tracking branch 'origin/topic/jsiwek/gh-927-when-condition-eval-order' into master 
* origin/topic/jsiwek/gh-927-when-condition-eval-order:
  GH-927: Fix circumvention of evaluation order in 'when' conditions
 2020-09-22 11:09:51 -07:00
Jon Siwek
153ce649c4 Update submodule(s) [nomail] [skip ci] 2020-09-21 15:50:21 -07:00
Jon Siwek
ba5655fdfa Merge remote-tracking branch 'origin/topic/christian/ci-fedora-32' into master 
* origin/topic/christian/ci-fedora-32:
  CI: Move to Fedora 32
 2020-09-21 15:23:36 -07:00
Jon Siwek
98c8b67333 Update submodule(s) [nomail] 2020-09-21 13:37:15 -07:00
Christian Kreibich
d772bbafc1 CI: Move to Fedora 32 
Fedora 30 is EOL. For Fedora 32, we need to add the diffutils RPM to
the installation list, since cmp and diff aren't automatically
available in the base image. (Also, sort the RPMs alphabetically.)
 2020-09-18 15:40:43 -07:00
Jon Siwek
428870be15 Fix negative-value-left-shift undefined behavior in patricia trie 2020-09-18 11:32:05 -07:00
Jon Siwek
a44b056e81 Improve negation of ConstExpr 
* Instead of creating a NegExpr for negation of a literal/constant,
  a ConstExpr is now created directly.

* For negation of integer literals, there's now an additional check
  for whether the integer would be outside the range of possible 'int'
  values.  This can also help prevent the undefined behavior due to
  overflow as a result of trying to represent the minimum 'int' value of
  -9223372036854775808 as a literal in a script -- the unsigned value is
  cast to signed yielding INT64_MIN, then INT64_MIN is negated.
 2020-09-18 11:32:05 -07:00
Jon Siwek
1b88e63e78 Avoid signed integer overflow when combining SMB header PID bits 
Such an overflow invokes undefined behavior.
 2020-09-18 11:32:05 -07:00