Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
13702 commits 387 branches 195 tags 255 MiB
Commit graph

13702 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
d8b31de1a2 Move fuzzer corpus files to another directory 2022-08-26 13:51:30 -07:00
Tim Wojtulewicz
52431bc55c Add a way to create generic fuzzers without creating new files 2022-08-26 13:51:30 -07:00
Tim Wojtulewicz
b9f63173bc Check for valid ip_hdr length before trying to make a Val out of it 2022-08-26 13:39:29 -07:00
Tim Wojtulewicz
8d7a156109 Fix potential overflow in modbus analyzer's bytestring_to_coils 2022-08-26 10:59:59 -07:00
Tim Wojtulewicz
4993a51c29 Add some sanity checking to BadARPEvent method 2022-08-26 10:59:49 -07:00
Tim Wojtulewicz
519d0d810d Swap DNS EDNS field order to match script-land type 2022-08-26 10:59:21 -07:00
Tim Wojtulewicz
719e0a0f4f Reset packet cap_len before returning from IP::AnalyzePacket 2022-08-26 10:59:10 -07:00
Tim Wojtulewicz
2d7bfb4ca7 Merge remote-tracking branch 'origin/topic/neverlord/ssl-auth-test' 
* origin/topic/neverlord/ssl-auth-test:
  Revert to regular peering fn for ssl_auth_failure
 2022-08-26 09:09:36 -07:00
Dominik Charousset
456efd8082 Revert to regular peering fn for ssl_auth_failure 
With the fixed Broker version, the `ssl_auth_failure` btest can use the
regular `peer` function again.
 2022-08-26 17:00:45 +02:00
Tim Wojtulewicz
6721248da5 Merge remote-tracking branch 'origin/topic/timw/bump-spicy' 
* origin/topic/timw/bump-spicy:
  Bump Spicy dependencies to spicy-1.5.1 and spicy-plugin-1.3.17.
 2022-08-25 15:26:55 -07:00
Tim Wojtulewicz
bde34016cf Merge remote-tracking branch 'origin/topic/timw/new-macos-ci' 
* origin/topic/timw/new-macos-ci:
  Switch macOS Monterey build to new m1-based VM
 2022-08-25 15:15:52 -07:00
Benjamin Bannier
3b2b327d7d Bump Spicy dependencies to spicy-1.5.1 and spicy-plugin-1.3.17. 
(cherry picked from commit 7e1840f5fe)
 2022-08-25 12:55:37 -07:00
Tim Wojtulewicz
a927c4a998 Switch macOS Monterey build to new m1-based VM 2022-08-25 12:54:12 -07:00
Tim Wojtulewicz
0e9c7c77e0 Merge remote-tracking branch 'origin/topic/timw/2367-broker-ssl_auth_failure' 
* origin/topic/timw/2367-broker-ssl_auth_failure:
  Avoid race conditions in broker.ssl_auth_failure btest
 2022-08-25 12:46:11 -07:00
Tim Wojtulewicz
c88a362d1b Avoid race conditions in broker.ssl_auth_failure btest 2022-08-24 12:10:42 -07:00
Tim Wojtulewicz
011cfc2aaa Update docs submodule [nomail] [skip ci] 2022-08-24 09:51:49 -07:00
Tim Wojtulewicz
5ff189e234 Merge remote-tracking branch 'origin/topic/bbannier/issue-2363' 
* origin/topic/bbannier/issue-2363:
  Use correct variable to pass existing Spicy root to spicy-plugin.
 2022-08-24 09:34:10 -07:00
Tim Wojtulewicz
76b6cf7afa Merge remote-tracking branch 'simeonmiteff/master' 
* simeonmiteff/master:
  Pull changes from zeek/cmake fork
  Skip test based on preprocessor flag set by cmake
  Set flag for libpcap without DLT_LINUX_SLL2
  Force event order in core/init-error btest
  Update some coverage baselines
  Update plugins/hooks baseline
  Add support for DLT_LINUX_SLL2 PCAP link-type
 2022-08-24 09:23:01 -07:00
Johanna Amann
0968322c5f Merge remote-tracking branch 'origin/topic/neverlord/gh-2343' 
* origin/topic/neverlord/gh-2343:
  Add missing bits for Broker::metrics_import_topics
  Try adding Broker::metrics_import_topics, stuck
 2022-08-24 13:26:20 +01:00
Tim Wojtulewicz
8829490045 Merge remote-tracking branch 'origin/topic/awelzel/2075-if-conditional-parsing' 
* origin/topic/awelzel/2075-if-conditional-parsing:
  parse.y/anonymous_function: Allow conditionals between begin_lambda and lambda_body
 2022-08-23 20:28:17 -07:00
Simeon Miteff
3582e41838 Pull changes from zeek/cmake fork 2022-08-24 12:47:32 +10:00
Simeon Miteff
74cc5dcd6b Skip test based on preprocessor flag set by cmake 
Relies on change in d42dcb2d55029975a6a6b2e6378fc49a268631ec
 2022-08-24 12:47:32 +10:00
Simeon Miteff
e9eed20169 Set flag for libpcap without DLT_LINUX_SLL2 
Requires
6fd82a7e1d

Submodule edited until that can be merged.
 2022-08-24 12:47:32 +10:00
Simeon Miteff
bfcc457093 Force event order in core/init-error btest 
See https://github.com/zeek/zeek/pull/2340#issuecomment-1218131444
 2022-08-24 12:47:25 +10:00
zeek-bot
05a071c7e8 Update doc submodule [nomail] [skip ci] 2022-08-24 00:48:47 +00:00
Simeon Miteff
2a22eb4078 Update some coverage baselines 2022-08-24 10:38:51 +10:00
Simeon Miteff
0bfec34732 Update plugins/hooks baseline 2022-08-24 10:38:51 +10:00
Simeon Miteff
b8f0acb5f1 Add support for DLT_LINUX_SLL2 PCAP link-type 2022-08-24 10:38:31 +10:00
Christian Kreibich
c887bcb517 Merge remote-tracking branch 'origin/topic/awelzel/simple-scan-over-scan-zeek' 
* origin/topic/awelzel/simple-scan-over-scan-zeek:
  Deprecate misc/scan.zeek
 2022-08-23 10:19:47 -07:00
Christian Kreibich
4ed15857b8 Merge remote-tracking branch 'origin/topic/awelzel/vector-value-iteration' 
* origin/topic/awelzel/vector-value-iteration:
  stmt: Support iterating over vector values
 2022-08-23 09:40:12 -07:00
Benjamin Bannier
13d011da66 Use correct variable to pass existing Spicy root to spicy-plugin. 
spicy-plugin can find Spicy in paths given by `SPICY_ROOT_DIR` while
`./configure` instead set `SPICY_ROOT`. With this patch we now set the
correct variable.

We also adjust variations of the previous variable name with different
capitalization which caused us to not properly configure spicy-plugin
(which triggers finding Spicy in its given prefix).

Closes #2363.
 2022-08-23 09:10:57 +02:00
Arne Welzel
6dc585bd8c Deprecate misc/scan.zeek 
Update bare-mode-errors test to ignore that specific message.
 2022-08-23 09:10:53 +02:00
Christian Kreibich
f5df2a132a Merge branch 'topic/christian/docker-artifact-truncation' 
* topic/christian/docker-artifact-truncation:
  Truncate Docker image artifact at end of Docker CI workflow
 2022-08-22 17:34:30 -07:00
Tim Wojtulewicz
e308712534 Merge remote-tracking branch 'origin/topic/timw/2354-bytestring-len-warnings' 
* origin/topic/timw/2354-bytestring-len-warnings:
  Fix signed comparison warnings in bytestring_to_count
 2022-08-22 16:12:38 -07:00
Tim Wojtulewicz
e9f8fdab8f Fix signed comparison warnings in bytestring_to_count 2022-08-22 22:42:22 +00:00
Christian Kreibich
1e52f173ba Merge branch 'topic/christian/zeekygen-add-plugin-labels' 
* topic/christian/zeekygen-add-plugin-labels:
  Bump doc to pull in Sphinx exclusion for autogenerated files
  Remove long-unused BRO_DISABLE_BROXYGEN env var from btests
  Add Sphinx label to Zeekygen-generated plugin docs
 2022-08-22 14:30:39 -07:00
Tim Wojtulewicz
6e0e1f71db Merge branch 'topic/timw/parse-packet-results' 
* topic/timw/parse-packet-results:
  Make result of IP::ParsePacket easier to understand
  Remove reporter warning for bad IP protocols
 2022-08-22 10:57:10 -07:00
Tim Wojtulewicz
aa79356963 Make result of IP::ParsePacket easier to understand 2022-08-22 10:56:20 -07:00
Tim Wojtulewicz
40b1452905 Remove reporter warning for bad IP protocols 
It turns out that this can be *very* spammy on networks where we're receiving
lots of these packets, and can fill up the reporter log very quickly. Weirds are
already reported in all of these cases anyways, so it doesn't make sense to log
a reporter warning too.
 2022-08-22 10:56:20 -07:00
Dominik Charousset
6565b4862d Add missing bits for Broker::metrics_import_topics 2022-08-22 17:10:07 +02:00
Arne Welzel
f334df3b79 stmt: Support iterating over vector values 
I ran into wanting to iterate over just the values of a vector and wondering
whether that could just work.

This adds support for the following, where v will be value of vec[i].

    local vec = vector("zero", "one", "two");

    for ( i, v in vec )
        print i, v;
 2022-08-22 16:57:37 +02:00
Christian Kreibich
17a140b67a Bump doc to pull in Sphinx exclusion for autogenerated files 2022-08-19 17:19:30 -07:00
Christian Kreibich
f1a9108199 Remove long-unused BRO_DISABLE_BROXYGEN env var from btests 2022-08-19 15:31:55 -07:00
Christian Kreibich
0efdee0715 Add Sphinx label to Zeekygen-generated plugin docs 
Plugin documentation generated by Zeekygen is currently difficult to reference
from elsewhere in the docs because references prefer labels for unique
identification. This expands the plugin section headings with a unique label,
based on the plugin name.

For example, the documentation for a plugin called Zeek::Foobar becomes linkable
from anywhere via :ref:`plugin-zeek-foobar`.
 2022-08-19 15:31:54 -07:00
Christian Kreibich
0f8e675a49 Merge branch 'topic/awelzel/unified2-drop' 
* topic/awelzel/unified2-drop:
  Remove unified2 file analyzer
 2022-08-19 15:23:34 -07:00
Christian Kreibich
c3d75e4f1b Merge remote-tracking branch 'origin/topic/awelzel/barnyard2-drop' 
* origin/topic/awelzel/barnyard2-drop:
  Remove barnyard2 integration scripts
 2022-08-19 14:59:55 -07:00
Arne Welzel
8d19fa23ef Remove unified2 file analyzer 2022-08-19 14:05:00 +02:00
Arne Welzel
78beecf37d Remove barnyard2 integration scripts 2022-08-19 14:04:27 +02:00
Christian Kreibich
b20f2b5b98 Merge branch 'topic/christian/news-log-preds-coverage' 
* topic/christian/news-log-preds-coverage:
  Retroactively cover log filter predicate deprecation/removal in NEWS
 2022-08-18 15:57:11 -07:00
Christian Kreibich
a2e05a17e2 Retroactively cover log filter predicate deprecation/removal in NEWS 2022-08-18 14:51:38 -07:00