Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
11634 commits 386 branches 195 tags 258 MiB
Commit graph

11634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
7ad0af666d Renamed utils/conn_ids.bro to utils/conn-ids.bro for consistency. 2011-07-19 12:00:27 -04:00
Jon Siwek
1b1905fcea Moving the test for site.bro to live w/ other utils/ tests. 2011-07-19 10:38:52 -05:00
Jon Siwek
613b7a1405 Fix test due to moving of site.bro 2011-07-19 10:34:51 -05:00
Jon Siwek
caf798def0 Merge branch 'master' into topic/jsiwek/unit-tests 2011-07-19 10:29:56 -05:00
Jon Siwek
27ba228fa1 More policy/utils unit tests and documentation. 2011-07-19 10:28:26 -05:00
Seth Hall
cee3991822 Script updates. 
- Fixing more vestiges from moving site.bro and removing functions.bro

- Updates comments on analysis-groups.bro

- Added the trim-trace-file script from broctl.
 2011-07-19 10:41:54 -04:00
Jon Siwek
c5e98a8116 Updating documentation for some utils/ policy scripts 2011-07-18 20:14:06 -05:00
Jon Siwek
9b27a98e93 Add unit tests for utils/paths.bro with some changes 
- rename extract_directory() to extract_path() (later seemed clearer)
  and made it work with more than just path string in FTP response msgs
- rename build_full_path() and absolute_path()
- compress_path() should now work with relative paths also
 2011-07-18 20:05:16 -05:00
Seth Hall
731caf3f02 Spelling fix. 2011-07-18 14:31:09 -04:00
Seth Hall
7bf3e94628 Added a policy/site directory with a local.bro start up script. 2011-07-18 14:30:38 -04:00
Seth Hall
2ee000d93e Reverting back to using terminate_communication. 2011-07-18 09:58:41 -04:00
Jon Siwek
4437ee59f7 Adding unit tests for utils. 
Also fixing id_matches_direction() function to check both connection
endpoints when determining direction respectful of local network.
 2011-07-15 16:42:09 -05:00
Jon Siwek
33ce65f691 Fixing tests that need a diff canonifier. 2011-07-15 10:39:04 -05:00
Seth Hall
2b83f94961 Using terminate_communication results in crashes sometimes. 2011-07-15 02:13:13 -04:00
Seth Hall
9576c85dab One more small vestige of the cluster config option. 2011-07-15 01:51:55 -04:00
Seth Hall
e6d63b20b3 Removed the cluster option from the configure script. 2011-07-15 01:46:56 -04:00
Seth Hall
2317bf61f3 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-15 01:11:55 -04:00
Seth Hall
5245e6596c More cluster framework fixes for BroControl. 2011-07-15 01:11:37 -04:00
Jon Siwek
9d468493f2 Renaming a test better. 2011-07-14 22:06:16 -05:00
Jon Siwek
d97003892b Reimplementation of the @prefixes statement. 
Any added prefixes are now used *after* all input files have been
parsed to look for a prefixed, flattened version of the input file
somewhere in BROPATH and, if found, load it.

For example, if "lcl" is in @prefixes, and site.bro is loaded, then
a file named "lcl.site.bro" that's in BROPATH would end up being
automatically loaded as well.  Packages work similarly, e.g. loading
"protocols/http" means a file named "lcl.protocols.http.bro" in BROPATH
gets loaded automatically.
 2011-07-14 21:32:02 -05:00
Jon Siwek
e39a49833f Fix accidental overwrite of BROPATH copy. 2011-07-14 18:17:30 -05:00
Seth Hall
3c7f7d571c Fixed the reporter framework to use the newly renamed reporter_info event. 2011-07-14 15:41:38 -04:00
Robin Sommer
5c2ffab892 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-14 11:08:38 -07:00
Jon Siwek
e5e3bf28ec Make @load statements recognize relative paths. 
For example a script can do "@load ./foo" to load a script named
foo.bro that lives in the same directory or "@load ../bar" to load
a script named bar.bro in the parent directory, even if those
directories are not contained in BROPATH.
 2011-07-14 11:35:23 -05:00
Seth Hall
2045f1e366 Updating a baseline to make a test succeed. 2011-07-14 08:49:33 -04:00
Jon Siwek
f71010a013 Adding test for utils/addrs.bro. 
Also fixed the TODO about making check for valid IPv6 string formats
more robust.
 2011-07-13 20:25:57 -05:00
Jon Siwek
0dfd5b867e Add unit test for site.bro. 
Small fix in site.bro's find_all_emails() to get rid of errors
about accessing non-existent table indices.
 2011-07-13 18:35:43 -05:00
Seth Hall
d9f0612546 Lots of cleanup, tests, and the new Control framework. 
- Control framework is for runtime control of Bro instances.
  It was extracted from BroControl and made more generic.

- Tests for cluster frameworks and control framework.

- Small fix for btest.cfg

- Fixed a bug in the cluster framework that was causing things to break.
 2011-07-13 17:09:20 -04:00
Robin Sommer
250db65043 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-12 18:21:08 -07:00
Seth Hall
427855a40d Fixing the name of a test so that it actually runs. 2011-07-12 16:19:47 -04:00
Seth Hall
b5ca7ceb59 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-12 14:12:44 -04:00
Seth Hall
0332a06012 Fixed most of the tests after the script reorganization. 2011-07-12 14:12:25 -04:00
Robin Sommer
0034eeb99a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add git ignore for public trace testing repo path.

(Moved the gitignore entry into the testing/external directory.)
 2011-07-12 09:21:33 -07:00
Robin Sommer
f83650f14a Fixing reporter's weird flow method. 2011-07-11 22:18:22 -07:00
Jon Siwek
46ce75fa78 Add git ignore for public trace testing repo path. 
To help prevent it from being accidentally added.
 2011-07-11 12:44:48 -05:00
Robin Sommer
5113b100d9 Making valgrind a bit more happy, and adding code that may or may not 
help with #490 and #491.
 2011-07-10 15:07:37 -07:00
Robin Sommer
1d20d2a985 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-09 08:46:28 -07:00
Robin Sommer
42f214b8d0 Test repository directory names no longer need to end in *.git. 2011-07-09 08:44:29 -07:00
Seth Hall
492d93cd8d Checkpoint for Bro side of broctl support. 2011-07-09 01:41:31 -04:00
Seth Hall
8bb240af99 Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-08 01:46:01 -04:00
Seth Hall
2c899a8f82 Missed a full path on a @load statement 2011-07-08 01:45:50 -04:00
Seth Hall
0af6e47ccd Removed the policy subpaths from the Bro core. 2011-07-08 00:06:02 -04:00
Seth Hall
b307cbbe64 Large reorganization. 
- Scripts now use the full path for @load to remove the subpaths
  from the shipped BROPATH.
- Some script sets have been reorganized to make optional loads
  more obvious.
 2011-07-08 00:04:01 -04:00
Robin Sommer
8bacb6eb3d New BiF record_field_vals() that returns the fields of a record in a 
table with meta-information.

Example:

type r: record {
	a: count;
	b: string &default="Foo";
	c: double &optional;
	d: string &log;
};

event bro_init()
{
    local x: r = [$a=42, $d="Bar"];
    print record_fields(x);
}

This prints:

  {
  [a] = [type_name=record, log=F, value=42, default_val=<uninitialized>]
  [b] = [type_name=record, log=F, value=<uninitialized>, default_val=Foo],
  [c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>],
  [d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>],
  }

This is one more step in Seth's quest for full inspection support. :-)
 2011-07-07 19:56:48 -07:00
Robin Sommer
cdd8827cc4 Adding a script that extracts a connection from a trace based on uid. 
The script parsed conn.log to find the 4-tuple and then runs tcpdump
to find the relevant packets.
 2011-07-07 19:56:48 -07:00
Robin Sommer
084c2086a4 Fixing bug causing crash when running without arguments. 2011-07-07 19:56:48 -07:00
Robin Sommer
97b5f812c7 A new event bro_script_loaded() raised for each policy script loaded. 
Also removing the -l command-line option as that can now be done at
the script-level.

A couple tests fail now that use -l. Leaving that until we have
script-level replacement.
 2011-07-07 19:56:26 -07:00
Robin Sommer
df1b2f922b Renaming reporter_message to report_info. 
Same change internally.
 2011-07-07 19:56:25 -07:00
Robin Sommer
eb0580c622 Fixing another memory leak. 
This is the ConnVal leak that Gilbert also saw.
 2011-07-07 19:46:40 -07:00
Robin Sommer
d3e764155e Merge branch 'master' of ssh://git.bro-ids.org/bro 2011-07-07 19:39:16 -07:00