Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11634 commits 390 branches 195 tags 268 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
637fe69cf9 FileAnalysis: buffer input that can't get unique file handle immediately 
A retry happens on every new input and also periodically based on a
timer.  If a file handle is returned at those times, the input is
forwarded for analysis, else it keeps retrying until a timeout
threshold.
 2013-03-14 10:57:16 -05:00
Seth Hall
b1f1b64dde Checkpoint 2013-03-14 11:19:39 -04:00
Seth Hall
5734f9ef71 Merge remote-tracking branch 'origin/master' into topic/seth/software-version-updates2 2013-03-14 09:21:13 -04:00
Seth Hall
8778761c07 Checkpoint 2013-03-13 22:55:03 -04:00
Seth Hall
0f99956417 Added Exec, Dir, and ActiveHTTP modules. 2013-03-13 14:36:27 -04:00
Jon Siwek
878dfff2f2 FileAnalysis: decentralize unique file handle generator callbacks. 
The framework now cycles through callbacks based on a table indexed
by analyzer tags, or the special case of service strings if a given
analyzer is overloaded for multiple protocols (FTP/IRC data).  This
lets each protocol script bundle implement the callback locally and
reduces the FAF's external dependencies.
 2013-03-13 10:48:26 -05:00
Robin Sommer
b4824f4207 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add check for truncated link frames.  Addresses #962.
  Fix large memory allocation in IP fragment reassembly.  Addresses #961.
 2013-03-13 07:20:12 -07:00
Bernhard Amann
457ce10e99 and re-enable caching of extracted certs 
I kind of deleted the line by accident...
 2013-03-13 00:34:15 -07:00
Seth Hall
09cbaa7ccc Merge remote-tracking branch 'origin/master' into topic/seth/metrics-merge 
Conflicts:
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
	testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
	testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log
 2013-03-13 00:26:55 -04:00
Jon Siwek
bb3228e8f6 FileAnalysis: small tweak to file handle generation. 
For files that go over a single connection, add connection start time
to handle, so the file id will always differ even if the same connection
parameters are later used to transfer a file (same one or different).
 2013-03-12 16:06:06 -05:00
Scott Runnels
afdb80a334 Include required blank line after btest directive to avoid python error. 2013-03-12 16:03:17 -04:00
Jon Siwek
3dd513e26e FileAnalysis: move unique file handle string generation to script-layer 
And add minimal integration with HTTP analyzer.
 2013-03-12 13:44:31 -05:00
Bernhard Amann
a5161783ef and add bae64 bif tests. 2013-03-12 09:33:49 -07:00
Bernhard Amann
a1896fde90 Merge remote-tracking branch 'origin/master' into topic/bernhard/base64 2013-03-12 09:28:07 -07:00
Bernhard Amann
2b28c3a578 re-unify classes 2013-03-12 09:27:59 -07:00
Bernhard Amann
fdc8de7596 add sqlite tests and fix small vector/set escaping bugs 2013-03-11 14:22:35 -07:00
Bernhard Amann
a251a1c39a fix small bug with vectors and sets. 
On a first glance - this kind of seems to work. On mac-os you need
a newer than the system-installed sqlite - the hanging problem only
occurs with that one...
 2013-03-11 13:10:56 -07:00
Bernhard Amann
5d12765886 make work with newer AsciiFormatter. 2013-03-11 12:01:49 -07:00
Bernhard Amann
8cb91de93a Merge remote-tracking branch 'origin/master' into topic/bernhard/sqlite 
Conflicts:
	src/threading/AsciiFormatter.cc
 2013-03-11 11:47:10 -07:00
Jon Siwek
1f6cac9b6d Merge branch 'master' into topic/jsiwek/file-analysis 2013-03-11 13:20:45 -05:00
Jon Siwek
90ca2b87c4 Add check for truncated link frames. Addresses #962. 
Patch provided by jbaines, modified with a more descriptive Weird name.
 2013-03-11 11:58:54 -05:00
Jon Siwek
8d5434ef2d Fix large memory allocation in IP fragment reassembly. Addresses #961. 
Patch by jbaines modified slightly to return earlier so that the
problem packet can't cause any state change in the FragReassembler.
 2013-03-11 10:54:51 -05:00
Scott Runnels
5249a30c46 Expanding on records, including two simple examples. 2013-03-11 00:19:23 -04:00
Scott Runnels
d41883fb91 Merge remote-tracking branch 'origin/master' into topic/documentation 
Conflicts:
	doc/index.rst
 2013-03-11 00:17:58 -04:00
Robin Sommer
0075973249 Updating submodule(s). 
[nomail]
 2013-03-08 09:41:35 -08:00
Robin Sommer
f193fc25f6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix race-condition in table-event test.
 2013-03-08 09:19:04 -08:00
Bernhard Amann
1fb05da9cd Fix race-condition in table-event test. 
Event depended on the input manager receiving all lines from the reader
before the first input event was processed by the scripting layer.
 2013-03-07 20:28:18 -08:00
Robin Sommer
74a529d937 Updating submodule(s). 
[nomail]
 2013-03-07 19:33:19 -08:00
Robin Sommer
f830ed3edf s/bro-ids.org/bro.org/g 2013-03-07 19:33:04 -08:00
Robin Sommer
d3bf552a63 Merge remote-tracking branch 'origin/topic/jsiwek/ticket-957' 
* origin/topic/jsiwek/ticket-957:
  Fix function type-equivalence requiring same param names, addresses #957

Closes #957.
 2013-03-07 13:31:55 -08:00
Robin Sommer
3cd3e26154 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix new[]/delete mismatch in RE.cc reported by jbaines, addresses #958.
  Fix compiler warnings.
 2013-03-07 13:28:35 -08:00
Jon Siwek
7e4963b22c Fix new[]/delete mismatch in RE.cc reported by jbaines, addresses #958. 2013-03-07 14:44:01 -06:00
Jon Siwek
f4d59f8137 Fix compiler warnings. 2013-03-07 14:41:18 -06:00
Jon Siwek
2293443ea0 Fix function type-equivalence requiring same param names, addresses #957 2013-03-07 13:02:33 -06:00
Scott Runnels
2f54d584e7 Merge remote-tracking branch 'origin/master' into topic/documentation 2013-03-07 13:25:47 -05:00
Jon Siwek
589952f4d9 Merge branch 'master' into topic/jsiwek/file-analysis 
Conflicts:
	src/FileAnalyzer.cc
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-03-07 11:06:00 -06:00
Robin Sommer
8ee4382721 Updating submodule(s). 
[nomail]
 2013-03-06 18:32:43 -08:00
Robin Sommer
a4e40bb402 Merge remote-tracking branch 'origin/topic/bernhard/vector-assignment' 
Closes #956.

* origin/topic/bernhard/vector-assignment:
  change vector assignment operator and remove unnecessary argument (expr)
 2013-03-06 16:50:53 -08:00
Robin Sommer
8a6d68e00f Merge remote-tracking branch 'origin/topic/bernhard/remove-length' 
Closes #955.

* origin/topic/bernhard/remove-length:
  forgot to remove the baselines for the now unnecessary bifs
  remove the byte_len and length bifs
 2013-03-06 16:46:20 -08:00
Robin Sommer
1bd2f26df3 Merge remote-tracking branch 'origin/topic/seth/notice-framework-updates' 
So much nicer!

Closes #954.

* origin/topic/seth/notice-framework-updates:
  Update notice framework documentation to represent the new reality.
  Complete removal of the old table based notice policy mechanism.
  Updates for the notices framework.
 2013-03-06 16:45:30 -08:00
Robin Sommer
9f99a4a942 Merge remote-tracking branch 'origin/topic/jsiwek/local-container-init' 
Closes #952.

* origin/topic/jsiwek/local-container-init:
  Fix init of local sets/vectors via curly brace initializer lists.
 2013-03-06 15:11:10 -08:00
Robin Sommer
d931079021 Merge remote-tracking branch 'origin/topic/jsiwek/ticket946' 
Closes #946.

* origin/topic/jsiwek/ticket946:
  Fix memory leaks resulting from 'when' and 'return when' statements.
  Fix three bugs with 'when' and 'return when' statements. Addresses #946
 2013-03-06 15:09:24 -08:00
Robin Sommer
a15b630cac Merge remote-tracking branch 'origin/topic/jsiwek/gtp-enhancements' 
* origin/topic/jsiwek/gtp-enhancements:
  Add parsing for GTPv1 extension headers and control messages.
 2013-03-06 15:00:45 -08:00
Robin Sommer
c13eae3253 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix possible null pointer dereference in identify_data BIF.
  Fix build on OpenBSD 5.2.
 2013-03-06 14:54:50 -08:00
Bernhard Amann
a005d77369 forgot to remove the baselines for the now unnecessary bifs 2013-03-06 14:14:55 -08:00
Bernhard Amann
8f259f866d change vector assignment operator and remove unnecessary argument (expr) 2013-03-06 14:08:06 -08:00
Bernhard Amann
986b346e3f remove the byte_len and length bifs 2013-03-06 13:45:42 -08:00
Bernhard Amann
cfada61672 and modernize script. 
thanks Seth.
 2013-03-06 13:30:13 -08:00
Jon Siwek
00b2d34a8e FileAnalysis: add binary input reader and BIFs for sending in data. 
This allows the input framework to feed files in to Bro for analysis.
 2013-03-06 12:59:54 -06:00
Seth Hall
e56a33b6c5 Update notice framework documentation to represent the new reality. 2013-03-06 10:04:50 -05:00