Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12374 commits 386 branches 195 tags 257 MiB
Commit graph

1093 commits

Author SHA1 Message Date
Johanna Amann
d9459fc59a Add rule hooks to the acld plugin. 
The hook name is NetControl::acld_rule_policy and allows the
modification of acld rules before they are sent out to the network.

This allows, e.g. network policies to use nullzero instead of drop in
certain circumstances.
 2016-03-08 11:25:15 -08:00
Daniel Thayer
7ede9c65d2 Add more documentation to sumstats framework scripts 2016-03-01 17:31:41 -06:00
Johanna Amann
8f60974bc0 Add new logfiles for shunting and drops to netcontrol 
Also fix small bugs and update baselines.
 2016-02-17 12:48:16 -08:00
Johanna Amann
a38327bd08 Extend NetControl logging and fix bugs. 
Netcontrol log now includes more information; before that, it had not
quite caught up to the new capabilities (like flow modifying and
redirection, as well as mac addresses).

Furthermore, this fixes a number of bugs with cluster mode (like
duplicate events), test failures due to updates in Bro, etc.
 2016-02-11 19:47:29 -08:00
Johanna Amann
9f3c0c9bb4 Update OpenFlow API and events. 
Events now generally carry the unique ID of the backend that is given
during initialization; there are a few more functions and other
bugfixes.

A few netcontrol tests are still broken (mostly due to a pcap update in
msater).
 2016-02-11 13:10:40 -08:00
Johanna Amann
5e2ec25a38 small acld plugin fix 2016-02-11 11:31:44 -08:00
Johanna Amann
bebe2e85cb Revert "introduce &weaken attribute" 
This reverts commit 00204ab8a6.

We decided to implement this using an alternative method that does not
need a new language attribute.
 2016-02-03 14:32:40 -08:00
Johanna Amann
f06e9e6aab Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2016-01-20 15:01:50 -08:00
Seth Hall
6d836b7956 More stats improvements 
Broke out the stats collection into a bunch of new Bifs
in stats.bif.  Scripts that use stats collection functions
have also been updated.  More work to do.
 2016-01-07 16:20:24 -05:00
Robin Sommer
17bc615467 Making cluster reconnect timeout configurable. 2015-11-17 13:43:58 -08:00
Daniel Thayer
6519103890 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-fixes 
Conflicts:
	scripts/base/protocols/conn/main.bro
 2015-09-23 11:45:10 -05:00
Daniel Thayer
8896679a01 More improvements to input framework documentation 
Fixed more typos, reformatted the code examples to remove the
horizontal scroll bars, and removed some redundant sections that were
just outdated copies of information in the auto-generated reference
docs.
 2015-09-22 17:41:24 -05:00
Daniel Thayer
aa5471ec15 Improve documentation of input framework 2015-09-21 16:42:53 -05:00
Robin Sommer
36b5a4db08 Merge branch 'master' of https://github.com/knielander/bro 
I reworked this a bit:

    - Moved the globals into a new Pcap::* namespace, and renamed them
      slightly.

    - Moved the definitions of the globals into pcap/const.bif.

    - Also moved the existing 'snaplen' into Pcap::* and removed
      SnapLen() from the PktSrc API (it's really a pcap thing).

    - Likewise moved the existing functions precompile_pcap_filter,
      install_pcap_filter, and pcap_error, into Pcap::*.

    - Did some more refactoring for the pcap code.

* 'master' of https://github.com/knielander/bro:
  Refactored patch (removed options, less ambiguous name)
  Allow Bro to run in fanout mode.
  Allow libpcap buffer size to be set manually.
  Allow Bro to run in fanout mode.
  Allowed libpcap buffer size to be set via configuration.
 2015-08-30 22:09:32 -07:00
dmfreemon@users.noreply.github.com
b14b189d12 add support for MIME type video/MP2T 
BIT-1457 #merged
 2015-08-21 17:32:19 -07:00
Daniel Thayer
ab8a8d3ef3 Split long lines in input framework docs 2015-08-21 16:30:51 -05:00
Jan Grashoefer
b765c95d6e Updated detection of Flash and AdobeAIR. 2015-07-24 14:33:53 +02:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Johanna Amann
e6834367fd miscelaneous missing bits and pieces 2015-06-04 11:16:42 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Robin Sommer
a6618eb964 Merge branch 'master' of git.bro.org:bro 2015-06-02 10:37:31 -07:00
Seth Hall
217ccf6063 Add signature support for F4M files. 2015-06-02 12:48:53 -04:00
Daniel Thayer
45caf8d2c1 Add missing documentation on the "Bro Package Index" page 2015-06-02 10:00:00 -05:00
Johanna Amann
269e80b3e1 make pacf logging deal with wildcards in flows. 2015-06-01 18:57:16 -07:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Johanna Amann
2f1ebed2e9 set the default idle timeout to 0 (= disable), because pacf actually 
does not directly support this concept. If someone wants idle timeouts,
they can just re-enable them with a redef.
 2015-06-01 10:46:39 -07:00
Daniel Thayer
24701f2678 Fix a "make doc" warning 
Also fixed some indentation.
 2015-05-29 14:38:50 -05:00
Johanna Amann
3bd513785f make rule id generation in non-cluster mode work again 2015-05-28 16:58:55 -07:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
f2be226a5a make openflow framework work in clusters. 2015-05-26 13:55:16 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Daniel Thayer
9cde2be727 Merge remote-tracking branch 'origin/master' into topic/dnthayer/doc-improvements-2.4 2015-05-25 11:59:34 -05:00
Johanna Amann
94fbd492ca update a few consts to openflow 1.3 - we downconvert them to the less 
common 1.0 in the controller when necessary.
 2015-05-23 12:17:56 -07:00
Johanna Amann
30e305cf4b we also really want to get notifications upon flow removal 2015-05-22 19:19:11 -07:00
Johanna Amann
870acea8a9 deal with the fact that some pacf rules create two openflow messages 
and that the return events need to unify them again...

More or less untested.
 2015-05-22 18:59:40 -07:00
Johanna Amann
93b79c87bd it makes much more sense for the high level api to still return rule 
numbers.
 2015-05-22 18:07:57 -07:00
Johanna Amann
b9953e7048 change type of flow_mod entries to count - the type is defined in other 
records and this leads to unfortunate problems with external scripts that would
have to convert values into bro port types themseves.
 2015-05-22 13:37:57 -07:00
Johanna Amann
5f0a630116 add support for switches notifying openflow and pacf about flow removal. 
I just noticed - the OpenFlow events also really should send the
instance of openflow that they are with them. That is a... tad
complicated though due to a number of reasons (among others how the
events are currently generated), so this will have to wait for a bit.
 2015-05-18 13:38:38 -07:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00
Johanna Amann
6014b395b8 handle the notification events correctly. 
Now if a rule is inserted correctly (or fails to be inserted) into
openflow, we actually get the corresponding Pacf events that everything
worked.
 2015-05-15 11:24:18 -07:00
Johanna Amann
8c292ddd49 Allow pacf openflow plugin to speficy a priority offset. 2015-05-14 08:15:43 -07:00
Johanna Amann
208d150a0e Change openflow plugin for broker and allow specification of topics per 
instance.
 2015-05-13 16:23:24 -07:00
Johanna Amann
73d22a2dbd add Pacf plugin for the internal Bro PacketFilter (not BPF) 2015-05-12 15:12:16 -07:00