Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19574 commits 387 branches 195 tags 255 MiB
Commit graph

25 commits

Author SHA1 Message Date
Tim Wojtulewicz
a33f100880 Add support for ircv3 tags 
This also replaces the irc-dcc-send.trace file in our pcap library with
a cleaner one that includes ircv3 tags.
 2025-07-28 14:06:33 -07:00
Arne Welzel
112e3c1c03 btest: Update tests and baselines after adding ctx to conn_id 2025-07-03 18:19:46 +02:00
Tim Wojtulewicz
5e5aceb6f7 Rename protocol_id field to ip_proto and similar renaming for name field 2024-11-13 12:02:00 -07:00
Tim Wojtulewicz
35ec9733c0 Add conn.log entries for connections with unhandled IP protocols 2024-11-13 11:25:40 -07:00
Fupeng Zhao
161ffb4192 Add irc_dcc_send_ack event and fix missing fields 2023-04-24 07:29:51 +00:00
Christian Kreibich
1843e2daae Update btest baselines to reflect the use of local address ranges. 2023-03-15 17:11:04 -07:00
Christian Kreibich
0b674eb851 Baseline refresh to reflect btest 0.64 2020-12-06 20:19:49 -08:00
Tim Wojtulewicz
21872aef39 Updating test baselines for new dictionary code due to changes in ordering of fields in the dictionary 2020-08-09 21:13:10 -07:00
Jon Siwek
e6f4e01041 Remove redundant memory leak btests 
Or otherwise convert into a regular btest if it didn't already seem to
be covered.

There's no need for a separate memory leak test group since compiling
with LeakSanitizer now covers leak checking for the full btest suite.
 2020-01-02 23:04:22 -08:00
Jeff Barber
4336de6651 Duplicate TCP segment should trigger tcp_multiple_retransmissions 2019-07-28 15:15:40 -06:00
Johanna Amann
6f9524e082 Make tunnel_parents in conn.log optional. 
This makes conn.logs a bit prettier (and smaller) because all lines that
do not use a tunnel will now have a "-" instead of the "(empty)" for
tunnel_parents.
 2018-01-12 13:46:00 -08:00
Johanna Amann
cdb6a1b6e6 Baseline updates after hash function change. 2016-07-13 10:11:37 -07:00
Robin Sommer
5dea09b7c1 Baseline updates for the addition of local_resp. 
That patch is a strong contender for the smallest ever ratio of
lines-of-code-changed to lines-of-baselines-updated. :-)
 2015-02-23 16:25:11 -08:00
Jon Siwek
5b9d190f2c Fix missing "irc-dcc-data" service field from IRC DCC connections. 2014-05-01 14:08:07 -05:00
Jon Siwek
22bf3e1196 Increase UIDs to 96 bits w/ C/F prefix - BIT-1016 
- The bit-length is adjustable via redef'ing bits_per_uid.

- Prefix 'C' is used for connection UIDS (including IP tunnels) and
  'F' for files.
 2013-08-26 15:36:31 -05:00
Jon Siwek
939619889d File analysis fixes and test updates. 
- Several places were just using old variable names or not loading
  scripts correctly after they'd been renamed/moved.

- Revert/adjust a change in how HTTP file handles are generated that
  broke partial content responses.

- Turn some libmagic builtin checks back on; seems some are actually
  useful (e.g. text detection seems to be a builtin).  The rule going
  forward probably will be only to turn off a builtin if we confirm it
  causes issues.

- Removed some tests that are redundant or not necessary anymore because
  the generic file analysis tests cover them.

- A couple FTP tests still fail that I think need an actual solution via
  script changes.
 2013-07-25 16:51:16 -05:00
Jon Siwek
27e47f0a57 FileAnalysis: replace script-layer IRC file analysis. 2013-03-27 14:02:20 -05:00
Robin Sommer
1fd0d7a607 Changing the start/end markers in logs to open/close now reflecting 
wall clock.

Triggers lots of (simple) baseline updates.
 2012-07-27 12:15:21 -07:00
Robin Sommer
5cfb8d65c3 Updating tests for the #start/#end change. 2012-07-19 22:28:55 -07:00
Seth Hall
3be1222532 Documentation updates for HTTP & IRC scripts. 
Closes #733
 2012-01-08 02:22:52 -05:00
Robin Sommer
3ac4ff6b42 Updates for log format changes. 2011-12-19 09:09:32 -08:00
Robin Sommer
a9f0b10e2e Updating baselines for recent commits. 2011-12-19 07:44:29 -08:00
Robin Sommer
3220bbce55 Merge remote branch 'origin/topic/jsiwek/log-escaping' 
* origin/topic/jsiwek/log-escaping:
  Add missing ascii writer options to log header.
  Escape the ASCII log's set separator (addresses #712)
  Rewrite ODesc character escaping functionality. (addresses #681)

Closes #712.
 2011-12-19 06:37:54 -08:00
Robin Sommer
33584ec721 Updating test baselines for new ASCII log header. 2011-09-04 13:27:46 -07:00
Jon Siwek
c3fb0ea035 Reorganizing btest/policy directory to match new scripts/ organization 
Addresses #545
 2011-08-11 10:43:11 -05:00