Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
11634 commits 385 branches 195 tags 262 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
d7c9471818 Extending queue statistics. 2012-03-23 15:57:25 -07:00
Bernhard Amann
872ad195f7 prevent several remove operations for the same thread to be queued and output errors in that case. 2012-03-23 12:30:54 -07:00
Bernhard Amann
315948dbc8 add test for update functionality of tables where a predicate modifies values / indexes. 
Seems to work fine for all cases...
 2012-03-23 11:40:59 -07:00
Bernhard Amann
03116d779e one unref to many ... apparently 2012-03-22 18:08:59 -07:00
Bernhard Amann
94d439b0cb enable predicate modification of index of value which is currently being added/removed 
Todo: test if this works for removal ( I think it should ).
 2012-03-22 17:17:41 -07:00
Bernhard Amann
f73de0bc8c fix small memory leak (field description given to readers was never freed). 2012-03-22 15:11:42 -07:00
Seth Hall
5904043e85 Modifications to the metrics framework API and new features. 
- Metrics:ID enum has been replaced with strings.

- Uniqueness can now be measured with the Metrics::add_unique function.

- Filters can change the index value with the $normalize_func field.
 2012-03-22 16:46:37 -04:00
Bernhard Amann
6c4a40f176 missing include on linux 2012-03-22 13:09:53 -07:00
Bernhard Amann
da13fe895e Merge remote-tracking branch 'origin/topic/bernhard/input-threads' into topic/bernhard/input-threads 2012-03-22 12:45:30 -07:00
Bernhard Amann
7e4cbbc073 remove forgotten debug statements 2012-03-22 12:45:11 -07:00
Bernhard Amann
db4f088156 Merge remote-tracking branch 'origin/topic/bernhard/input-threads' into topic/bernhard/input-threads 2012-03-22 12:43:56 -07:00
Bernhard Amann
e7f1200f9f Merge remote-tracking branch 'origin' into topic/bernhard/input-threads 2012-03-22 12:41:44 -07:00
Bernhard Amann
5f5209fcfb ...forgotten file. 2012-03-22 11:00:51 -07:00
Bernhard Amann
14c6c40042 fix crash when all value fields of imported table are uninitialized. 2012-03-22 10:59:36 -07:00
Bernhard Amann
0db89bed3b fix crash when deleting data from source where there are no events or predicates... 
(that happens when all testcases are too complicated and use all features..)
 2012-03-22 10:33:49 -07:00
Bernhard Amann
51ddc9f572 fix bug that crashed input framework when creating already existing stream (tried to free not yet alloccated data) + write twotables test 2012-03-21 15:51:21 -07:00
Jon Siwek
c765f43fe3 Refactor script-layer IPv6 ext. header chain (addresses #795) 
This replaces the "ip6_hdr_chain" in the "ip6_hdr" record with a vector of
"ip6_ext_hdr" to make it easier to traverse the chain.
 2012-03-21 10:34:38 -05:00
Bernhard Amann
d39a389201 make optional fields possible for input framework. 
This do not have to be present in the input file and are marked as &optional in the record description.

Those can e.g. be used to create field values on the file in a predicate while reading a file - example:

	Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
				$pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; }
 2012-03-20 14:11:59 -07:00
Jon Siwek
1c1d657039 Changes to IPv6 ext. header parsing (addresses #795). 
In response to feedback from Robin:

  - rename "ip_hdr" to "ip4_hdr"

  - pkt_hdr$ip6 is now of type "ip6_hdr" instead of "ip6_hdr_chain"

  - "ip6_hdr_chain" no longer contains an "ip6_hdr" field, instead
    it's the other way around, "ip6_hdr" contains an "ip6_hdr_chain"

  - other internal refactoring
 2012-03-20 15:50:17 -05:00
Bernhard Amann
08e1771682 update to execute raw. 
support reading from commands by adppending | to the filename.

support streaming reads from command.

Fix something to make rearead work better. (magically happened)
 2012-03-20 12:07:37 -07:00
Jon Siwek
f11fca588e Merge branch 'master' into topic/jsiwek/ipv6-ext-headers 2012-03-19 14:26:59 -05:00
Jon Siwek
667487cec9 Adapt FreeBSD's inet_ntop implementation for internal use. 
So we get consistent text representations of IPv6 addresses across
platforms.
 2012-03-19 11:26:31 -05:00
Bernhard Amann
88e0cea598 add execute-mode support to the raw reader - allows to directly call commands and read their output. 
Note that fdstream.h is from boost and has a separate license:
 * (C) Copyright Nicolai M. Josuttis 2001.
 * Permission to copy, use, modify, sell and distribute this software
 * is granted provided this copyright notice appears in all copies.
 * This software is provided "as is" without express or implied
 * warranty, and with no claim as to its suitability for any purpose.
 2012-03-18 15:31:47 -07:00
Bernhard Amann
e7dfdb1ae9 Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads 2012-03-18 11:03:15 -07:00
Bernhard Amann
b34a0b6deb Merge remote-tracking branch 'origin/topic/robin/log-threads' into topic/bernhard/input-threads 
Conflicts:
	src/threading/Manager.cc
 2012-03-18 11:03:04 -07:00
Bernhard Amann
aa6026c1a7 forgot to undo this - this idea did not work, because records cannot reference themselves. 2012-03-18 10:52:23 -07:00
Bernhard Amann
bf597012f8 fix some stupid, not that easy to find bugs. 
Functionality seems to work completely again - including all tests passing.
 2012-03-18 10:50:10 -07:00
Bernhard Amann
3286d013c9 forgot two files. 2012-03-16 23:45:10 -07:00
Bernhard Amann
29f56b4986 continue finetuning of interface + adjust tests. 
streaming + re-reading do not seem to work completely correctly + there are still some strange random crashes.
 2012-03-16 23:43:13 -07:00
Robin Sommer
e3f5cbb670 Small fixes and tweaks. 
- Fixing tiny leak.

    - Fixing threads stat output.
 2012-03-16 09:11:31 -07:00
Robin Sommer
89a3bb33c8 Don't assert during shutdown. 2012-03-16 09:11:00 -07:00
Bernhard Amann
e59aed6ce3 for seth - reverse order of event arguments 2012-03-16 08:31:19 -07:00
Bernhard Amann
842f635695 give EventDescripion field back to events 2012-03-16 08:10:28 -07:00
Bernhard Amann
367c4b4a7e make raw reading work. 
apparently there was a crash in the reader plugin, but main bro did not notice but waited for eternity for it do to something.
 2012-03-16 07:53:29 -07:00
Bernhard Amann
57ffe1be77 completely change interface again. 
compiles, not really tested.

basic test works 70% of the time, coredumps in the other 30 - but was not easy to debug on a first glance (most interestingly the crash happens in the logging framework - I wonder how that works).
Other tests are not adjusted to the new interface yet.
 2012-03-15 18:41:51 -07:00
Robin Sommer
6708f0ed4d Updating submodule(s). 
[nomail]
 2012-03-14 16:08:25 -07:00
Bernhard Amann
b4e6971aab Add regular debugging output for interesting operations (stream/filter operations) to input framework (this was way overdue) 2012-03-14 14:45:53 -07:00
Robin Sommer
d2b59b1cb8 Merge branch 'topic/jsiwek/ipv6-ext-headers' of ssh://git.bro-ids.org/bro into topic/jsiwek/ipv6-ext-headers 
Conflicts:
	src/Sessions.cc
 2012-03-14 13:50:39 -07:00
Jon Siwek
94864da465 Update documentation for new syntax of IPv6 literals. 2012-03-14 15:25:08 -05:00
Jon Siwek
b859230be6 Merge branch 'master' into fastpath 2012-03-14 15:07:29 -05:00
Bernhard Amann
c3d2f1d5fc Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads 2012-03-14 12:28:53 -07:00
Daniel Thayer
cea52fbccb Merge remote-tracking branch 'origin/master' into topic/icmp6 2012-03-14 11:29:29 -05:00
Robin Sommer
159733f481 Updating submodule(s). 
[nomail]
 2012-03-14 08:42:36 -07:00
Jon Siwek
5312a904ab Fix ipv6_ext_headers event and add routing0_data_to_addrs BIF. 
Also add unit tests for ipv6_ext_headers and esp_packet events.
 2012-03-14 10:31:08 -05:00
Jon Siwek
7af14ec1fe Remove the default "tcp or udp or icmp" filter. 
In default mode, Bro would load the packet filter script framework
which installs a filter that allows all packets, but in bare mode
(the -b option), this old filter would not follow IPv6 protocol
chains and thus filter out packets with extension headers.
 2012-03-14 10:00:48 -05:00
Julien Sentier
a4f8b2ccbe Changing the regular expression to allow Site::local_nets in signatures 
Previous commit closes #792.
 2012-03-13 16:16:55 -07:00
Robin Sommer
cba160c8ac Removing a line of dead code. 
Found by Julien Sentier.

Closes #786.
 2012-03-13 16:14:05 -07:00
Robin Sommer
11fdb5edce Updating submodule(s). 
[nomail]
 2012-03-13 16:11:36 -07:00
Robin Sommer
9dd63acaa3 Updating baseline. 
Is that a platform-specific difference?
 2012-03-13 16:10:42 -07:00
Robin Sommer
b4239de4a3 Updating NEWS. 
Previous commit closes #796.
 2012-03-13 15:40:34 -07:00