Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
7254 commits 388 branches 195 tags 265 MiB
Commit graph

7254 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
3dc445900b Merge remote-tracking branch 'origin/topic/johanna/bit-1529' 
BIT-1529 #merged

* origin/topic/johanna/bit-1529:
  Subscribe is a valid message per RFC 3265
 2016-03-03 07:58:10 -08:00
Robin Sommer
7857cc7d8c Merge remote-tracking branch 'origin/topic/johanna/bit-1535' 
* origin/topic/johanna/bit-1535:
  Update documentation for RSTR.

BIT-1535 #merged
 2016-03-03 07:57:06 -08:00
Daniel Thayer
7ede9c65d2 Add more documentation to sumstats framework scripts 2016-03-01 17:31:41 -06:00
Johanna Amann
f37139791a More detailed installation instructions for FreeBSD 9.X 2016-03-01 15:23:58 -08:00
Johanna Amann
fdf36393ba Update documentation for RSTR. 
Addresses BIT-1535
 2016-03-01 14:08:58 -08:00
Johanna Amann
9f6f7312a3 Subscribe is a valid message per RFC 3265 
Addresses BIT-1529
 2016-03-01 14:00:11 -08:00
Seth Hall
41e2eaa02d Source clean up and some fixes for SMB. 
- Remove the separate string handling for NTLM.
 - Fixed a crash in RPC Bind handling when no context
   elements are included.
 2016-03-01 14:16:45 -05:00
Seth Hall
2e2fb6831f Merge remote-tracking branch 'origin/topic/vladg/smb' into topic/seth/smb 
# Conflicts:
#	scripts/base/protocols/smb/files.bro
#	scripts/base/protocols/smb/main.bro
#	scripts/base/protocols/smb/smb1-main.bro
#	scripts/base/protocols/smb/smb2-main.bro
 2016-03-01 11:11:50 -05:00
Johanna Amann
17dd44a620 update cmake OpenSSL checks 2016-02-23 14:47:55 -08:00
Robin Sommer
611a8ab935 Updating submodule(s). 
[nomail]
 2016-02-23 14:02:43 -08:00
Seth Hall
dbb5992f43 Disable the smb_cmd.log by default. 2016-02-19 00:23:05 -05:00
Seth Hall
f9cbee20f8 Merge remote-tracking branch 'origin/master' into topic/seth/smb 
# Conflicts:
#	src/analyzer/protocol/smb/SMB.cc
 2016-02-18 23:09:22 -05:00
Seth Hall
af8c1d229b Fix some small SMB issues 
- Remove some fields from set_info that were causing trouble.
 - Improve some SMB2 error handling.
 2016-02-18 22:57:10 -05:00
Johanna Amann
3a2b583e32 Update submodule 
[nomail]
 2016-02-17 14:24:55 -08:00
Johanna Amann
c38e962030 Fix failing jenkins test (dump-events). 
The problem is that with certain compilers, the order of the file hash
events is reversed (for at this moment unknown reasons).

This fix simply removes all MD5 events from the dump-events test, only
leaving the SHA1 events. This removes this condition during the test.
 2016-02-17 14:12:57 -08:00
Johanna Amann
8f60974bc0 Add new logfiles for shunting and drops to netcontrol 
Also fix small bugs and update baselines.
 2016-02-17 12:48:16 -08:00
Robin Sommer
0ac6460e98 Updating submodule(s). 
[nomail]
 2016-02-15 11:07:49 -08:00
Robin Sommer
9a7a024f6e Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add missing break; in StartTLS case of IRC analyzer.
 2016-02-13 10:48:45 -08:00
Robin Sommer
124531d4ae Merge remote-tracking branch 'origin/topic/johanna/stats_smb_leak' 
BIT-1534 #merged

* origin/topic/johanna/stats_smb_leak:
  Fix memory leaks in stats.cc and smb.cc
 2016-02-13 10:41:05 -08:00
Johanna Amann
baa3cd986c Merge branch 'master' of https://github.com/marktayl/bro 
* 'master' of https://github.com/marktayl/bro:
  Better multi-space separator handling.

Also tweak multi-space separator handline some more and add test-case
triggering the new behavior.
 2016-02-12 18:55:25 -08:00
Mark Taylor
886ba6e823 Better multi-space separator handling. 
1) IRC spec indicates "one or more spaces" separating parameters, so be better at handling multiple space separators.
2) Have "length" track against "myline", since it continues to be used against it.
3) "WHO" command's parameters are optional.
 2016-02-12 15:14:19 -05:00
Johanna Amann
a38327bd08 Extend NetControl logging and fix bugs. 
Netcontrol log now includes more information; before that, it had not
quite caught up to the new capabilities (like flow modifying and
redirection, as well as mac addresses).

Furthermore, this fixes a number of bugs with cluster mode (like
duplicate events), test failures due to updates in Bro, etc.
 2016-02-11 19:47:29 -08:00
Johanna Amann
9f3c0c9bb4 Update OpenFlow API and events. 
Events now generally carry the unique ID of the backend that is given
during initialization; there are a few more functions and other
bugfixes.

A few netcontrol tests are still broken (mostly due to a pcap update in
msater).
 2016-02-11 13:10:40 -08:00
Johanna Amann
5e2ec25a38 small acld plugin fix 2016-02-11 11:31:44 -08:00
Johanna Amann
9d1a764ef7 Merge branch 'master' of https://github.com/marktayl/bro 
* 'master' of https://github.com/marktayl/bro:
  Allow IRC commands to not have parameters.

Also update test baseline.
 2016-02-10 21:30:39 -08:00
Mark Taylor
2ae80640cb Allow IRC commands to not have parameters. 
When testing against irc-dcc-send.trace, I didn't see an irc_quit_message event generated for the QUIT command at the end of the trace, but rather a weird.log "irc_invalid_line" for the packet: the IRC packet parser wasn't allowing commands without parameters.
 2016-02-10 12:50:30 -05:00
Johanna Amann
ba8742ebb4 Update submodule 
[nomail]
 2016-02-08 17:54:33 -08:00
Johanna Amann
107737c9a0 Fix memory leaks in stats.cc and smb.cc 
No test for smb leak because I don't have anything that triggers this.
 2016-02-08 15:38:09 -08:00
Johanna Amann
8f33d7fa4d Updating CHANGES and VERSION. 2016-02-08 14:30:56 -08:00
Johanna Amann
8913b60fd1 Add IRC leak test. 2016-02-08 14:27:58 -08:00
Dirk Leinenbach
6b5fd442f0 fix memory leaks in find_all() and IRC analyzer 2016-02-08 14:20:47 -08:00
Johanna Amann
9cdf869456 Merge branch 'master' of https://github.com/marktayl/bro 
* 'master' of https://github.com/marktayl/bro:
  Removed duplicate parameter for IRC "QUIT" event handler.

Also add a test-case that checks the output of the quit
event handler.
 2016-02-08 13:02:09 -08:00
Johanna Amann
043ebba937 Update submodule 
[nomail]
 2016-02-08 12:36:22 -08:00
wglodek
78c0e2355c update of http btest 2016-02-07 11:26:06 -05:00
wglodek
93f52fcdd2 detect possible HTTP evasion attempts 2016-02-07 11:22:09 -05:00
Mark Taylor
e0e7a14031 Removed duplicate parameter for IRC "QUIT" event handler. 2016-02-05 19:26:04 -05:00
Johanna Amann
2e0c2035c9 Add missing break; in StartTLS case of IRC analyzer. 
The missing break did not cause any issues besides one extra
(unspecialized) event being fired in addition to the actual
starttls event.

Found by Aaron Eppert
 2016-02-04 12:35:54 -08:00
Johanna Amann
eb0692106a Merge remote-tracking branch 'origin/topic/johanna/function-recursion' into topic/johanna/netcontrol 2016-02-03 14:33:02 -08:00
Johanna Amann
bebe2e85cb Revert "introduce &weaken attribute" 
This reverts commit 00204ab8a6.

We decided to implement this using an alternative method that does not
need a new language attribute.
 2016-02-03 14:32:40 -08:00
Johanna Amann
e74dc74550 Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2016-02-03 14:30:40 -08:00
Johanna Amann
c5a14d1bc1 Fix crash when printing type of recursive structures. 
Also slightly fix indentation in Type.h
 2016-02-03 13:22:05 -08:00
Robin Sommer
9ec6927cc1 Updating submodule(s). 
[nomail]
 2016-02-01 12:38:39 -08:00
Robin Sommer
72f0c2bd65 Merge remote-tracking branch 'origin/topic/johanna/cve-2015-3194' 
* origin/topic/johanna/cve-2015-3194:
  Add testcase for CVE-2015-3194

BIT-1527 #merged
 2016-02-01 12:36:54 -08:00
Robin Sommer
46931aa316 Merge remote-tracking branch 'origin/topic/dnthayer/mktemp' 
* origin/topic/dnthayer/mktemp:
  Fix portability issue with use of mktemp
 2016-02-01 12:34:24 -08:00
Robin Sommer
e63990398d Updating submodule(s). 
[nomail]
 2016-01-29 10:49:08 -08:00
Robin Sommer
67324a6a64 Updating submodule(s). 
[nomail]
 2016-01-29 10:48:45 -08:00
Daniel Thayer
3ba671ab3a Fix portability issue with use of mktemp 
Some platforms require six Xs in the mktemp template.
 2016-01-28 14:32:22 -06:00
Robin Sommer
cb41161d9f Merge branch 'master' of git.bro.org:bro 
(Fixing a merge conflict in CHANGES).
 2016-01-28 08:07:38 -08:00
Johanna Amann
aff555c95e Merge branch 'master' of https://github.com/marktayl/bro 
* 'master' of https://github.com/marktayl/bro:
  Correct irc_privmsg_message handling.
 2016-01-27 13:55:28 -08:00
Daniel Thayer
6ef8a93dca Update traffic per core estimate in the cluster doc 2016-01-27 14:56:42 -06:00