Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
13702 commits 387 branches 195 tags 255 MiB
Commit graph

2501 commits

Author SHA1 Message Date
Tim Wojtulewicz
b9f63173bc Check for valid ip_hdr length before trying to make a Val out of it 2022-08-26 13:39:29 -07:00
Tim Wojtulewicz
2d7bfb4ca7 Merge remote-tracking branch 'origin/topic/neverlord/ssl-auth-test' 
* origin/topic/neverlord/ssl-auth-test:
  Revert to regular peering fn for ssl_auth_failure
 2022-08-26 09:09:36 -07:00
Tim Wojtulewicz
bde34016cf Merge remote-tracking branch 'origin/topic/timw/new-macos-ci' 
* origin/topic/timw/new-macos-ci:
  Switch macOS Monterey build to new m1-based VM
 2022-08-25 15:15:52 -07:00
Tim Wojtulewicz
0e9c7c77e0 Merge remote-tracking branch 'origin/topic/timw/2367-broker-ssl_auth_failure' 
* origin/topic/timw/2367-broker-ssl_auth_failure:
  Avoid race conditions in broker.ssl_auth_failure btest
 2022-08-25 12:46:11 -07:00
Tim Wojtulewicz
5ff189e234 Merge remote-tracking branch 'origin/topic/bbannier/issue-2363' 
* origin/topic/bbannier/issue-2363:
  Use correct variable to pass existing Spicy root to spicy-plugin.
 2022-08-24 09:34:10 -07:00
Tim Wojtulewicz
76b6cf7afa Merge remote-tracking branch 'simeonmiteff/master' 
* simeonmiteff/master:
  Pull changes from zeek/cmake fork
  Skip test based on preprocessor flag set by cmake
  Set flag for libpcap without DLT_LINUX_SLL2
  Force event order in core/init-error btest
  Update some coverage baselines
  Update plugins/hooks baseline
  Add support for DLT_LINUX_SLL2 PCAP link-type
 2022-08-24 09:23:01 -07:00
Johanna Amann
0968322c5f Merge remote-tracking branch 'origin/topic/neverlord/gh-2343' 
* origin/topic/neverlord/gh-2343:
  Add missing bits for Broker::metrics_import_topics
  Try adding Broker::metrics_import_topics, stuck
 2022-08-24 13:26:20 +01:00
Tim Wojtulewicz
8829490045 Merge remote-tracking branch 'origin/topic/awelzel/2075-if-conditional-parsing' 
* origin/topic/awelzel/2075-if-conditional-parsing:
  parse.y/anonymous_function: Allow conditionals between begin_lambda and lambda_body
 2022-08-23 20:28:17 -07:00
Christian Kreibich
c887bcb517 Merge remote-tracking branch 'origin/topic/awelzel/simple-scan-over-scan-zeek' 
* origin/topic/awelzel/simple-scan-over-scan-zeek:
  Deprecate misc/scan.zeek
 2022-08-23 10:19:47 -07:00
Christian Kreibich
4ed15857b8 Merge remote-tracking branch 'origin/topic/awelzel/vector-value-iteration' 
* origin/topic/awelzel/vector-value-iteration:
  stmt: Support iterating over vector values
 2022-08-23 09:40:12 -07:00
Christian Kreibich
f5df2a132a Merge branch 'topic/christian/docker-artifact-truncation' 
* topic/christian/docker-artifact-truncation:
  Truncate Docker image artifact at end of Docker CI workflow
 2022-08-22 17:34:30 -07:00
Tim Wojtulewicz
e308712534 Merge remote-tracking branch 'origin/topic/timw/2354-bytestring-len-warnings' 
* origin/topic/timw/2354-bytestring-len-warnings:
  Fix signed comparison warnings in bytestring_to_count
 2022-08-22 16:12:38 -07:00
Christian Kreibich
1e52f173ba Merge branch 'topic/christian/zeekygen-add-plugin-labels' 
* topic/christian/zeekygen-add-plugin-labels:
  Bump doc to pull in Sphinx exclusion for autogenerated files
  Remove long-unused BRO_DISABLE_BROXYGEN env var from btests
  Add Sphinx label to Zeekygen-generated plugin docs
 2022-08-22 14:30:39 -07:00
Tim Wojtulewicz
6e0e1f71db Merge branch 'topic/timw/parse-packet-results' 
* topic/timw/parse-packet-results:
  Make result of IP::ParsePacket easier to understand
  Remove reporter warning for bad IP protocols
 2022-08-22 10:57:10 -07:00
Christian Kreibich
0f8e675a49 Merge branch 'topic/awelzel/unified2-drop' 
* topic/awelzel/unified2-drop:
  Remove unified2 file analyzer
 2022-08-19 15:23:34 -07:00
Christian Kreibich
c3d75e4f1b Merge remote-tracking branch 'origin/topic/awelzel/barnyard2-drop' 
* origin/topic/awelzel/barnyard2-drop:
  Remove barnyard2 integration scripts
 2022-08-19 14:59:55 -07:00
Christian Kreibich
b20f2b5b98 Merge branch 'topic/christian/news-log-preds-coverage' 
* topic/christian/news-log-preds-coverage:
  Retroactively cover log filter predicate deprecation/removal in NEWS
 2022-08-18 15:57:11 -07:00
Tim Wojtulewicz
20fe96c706 Merge remote-tracking branch 'origin/topic/timw/695-bytestring-to-count' 
* origin/topic/timw/695-bytestring-to-count:
  Support other byte lengths in bytestring_to_count
 2022-08-17 15:46:17 -07:00
Christian Kreibich
73f20ba761 Merge branch 'topic/christian/help-tweak' 
* topic/christian/help-tweak:
  Alignment tweak in help output
 2022-08-17 13:31:23 -07:00
Tim Wojtulewicz
60d840c231 Merge remote-tracking branch 'origin/topic/timw/163-event-lookup' 
* origin/topic/timw/163-event-lookup:
  GH-163: Use ID name (including module name) to create EventExpr when possible
 2022-08-17 13:29:10 -07:00
Tim Wojtulewicz
a0a2a18337 Merge remote-tracking branch 'origin/topic/timw/fuzzer-forward-stream' 
* origin/topic/timw/fuzzer-forward-stream:
  Use ForwardStream in fuzzers instead of DeliverStream
 2022-08-17 09:01:03 -07:00
Robin Sommer
fad18cb352
Fix code formatting. 2022-08-17 10:38:33 +02:00
Robin Sommer
598cef21bd
Merge ssh://github.com/fatemabw/zeek 
* ssh://github.com/fatemabw/zeek:
  Update options.zeek
  Create out-27
  Add files via upload
  Update src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
  Updating the weird names to use all lower case
  Fixing whitespaces..
  Fixing clang pre-commit error
  Add check for option 27
  Add the parsed fields for TCP option 27
  Add TCP options bad length check
 2022-08-17 09:09:58 +02:00
Robin Sommer
39148ef706
Merge remote-tracking branch 'origin/topic/awelzel/files-log-unrolling' 
I removed `deprecated-txhosts-rxhosts-connuids.zeek` from
`local.zeek`, seems preferable not to have a script-to-go-away in the
standard configuration for new users. Also tweaked `NEWS` just a tiny
bit.

* origin/topic/awelzel/files-log-unrolling:
  files.log: Unroll and introduce uid and id fields
 2022-08-17 09:01:43 +02:00
Tim Wojtulewicz
963ba61b8e Merge remote-tracking branch 'origin/topic/timw/coverity-fixes' 
* origin/topic/timw/coverity-fixes:
  Fix a swath of AUTO_CAUSES_COPY issues reported by Coverity
 2022-08-16 09:17:22 -07:00
Tim Wojtulewicz
f631551ffb Merge remote-tracking branch 'origin/topic/timw/update-private-tests' 
* origin/topic/timw/update-private-tests:
  Update zeek-testing-private commit hash after email regex changes
 2022-08-15 09:22:44 -07:00
Tim Wojtulewicz
7fe6290974 Merge remote-tracking branch 'micrictor/master' 
* micrictor/master:
  Add a field to Modbus/TCP log to indicate the Modbus PDU type
  Add modbus transaction and unit ids to logs
  Enable modbus logging for requests
 2022-08-11 11:57:10 -07:00
Tim Wojtulewicz
e618be094a Merge remote-tracking branch 'theavgjojo/master' 
* theavgjojo/master:
  UPDATED: improving email address splitting for common comma case
 2022-08-11 10:41:18 -07:00
Tim Wojtulewicz
957dc1d6dd Merge remote-tracking branch 'origin/topic/timw/2142-more-fuzzers' 
* origin/topic/timw/2142-more-fuzzers:
  Fix a crash related to a broken IPv6 chain
  Add a couple of ICMP files to corpus for packet-fuzzer
  Trick event handlers into returning that they exist during fuzzing
  Add http, ftp, imap, and smtp fuzzers and corpora
  Add section to fuzzer README about generating corpus from pcaps
  Rename fuzzers/README to README.rst so github renders it
 2022-08-11 10:30:42 -07:00
Tim Wojtulewicz
313e303fda Merge remote-tracking branch 'AmazingPP/topic/amazingpp/table-values-and-keys' 
* AmazingPP/topic/amazingpp/table-values-and-keys:
  Add more test cases
  Add table_keys function
  Add table_values function
 2022-08-11 08:49:34 -07:00
Robin Sommer
6d27df548e
Merge remote-tracking branch 'origin/topic/awelzel/1678-disabling-analyzer-hook' 
* origin/topic/awelzel/1678-disabling-analyzer-hook:
  Add NEWS entry and zeekygen-smithing for disabling_analyzer()
  Introduce global disabling_analyzer() hook to veto disable_analyzer()
  ssl: Only delete c$ssl$analyzer_id when disabling the analyzer was successful
 2022-08-11 16:02:37 +02:00
Robin Sommer
ee7288b1e6
Merge remote-tracking branch 'origin/topic/awelzel/record-field-redef' 
* origin/topic/awelzel/record-field-redef:
  Support redef'ing the &log attribute of record fields
 2022-08-11 11:59:26 +02:00
Robin Sommer
ceacabe3a2
Merge remote-tracking branch 'origin/topic/awelzel/use-family-num-buckets-upper-bound-at' 
* origin/topic/awelzel/use-family-num-buckets-upper-bound-at:
  telemetry: Switch to histogram family bucket and bound accessors
 2022-08-11 11:52:58 +02:00
Christian Kreibich
3a0a702723 Merge branch 'topic/christian/management-bugfixes' 
* topic/christian/management-bugfixes:
  Management framework: bump cluster testsuite
  Management framework: log node set in dispatch requests cleanly
  Management framework: log additional node events
  Management framework: upon deployment, make agent log multiple node results
  Management framework: fix early return condition for get-id-value
 2022-08-10 14:18:38 -07:00
Tim Wojtulewicz
0d0a057d89 Merge remote-tracking branch 'origin/topic/timw/1443-global-type-clash' 
* origin/topic/timw/1443-global-type-clash:
  Fix module-scoped type definitions that conflict with existing global ones
 2022-08-09 09:50:19 -07:00
Tim Wojtulewicz
cb3abccfb1 Merge remote-tracking branch 'ynadji/topic/yacin/2319-add-change-handler-to-site' 
* ynadji/topic/yacin/2319-add-change-handler-to-site:
  update plugins.hooks baseline
  lower priority for change handlers
  split update_zones_regex into two functions
  GH-2319: Add change handlers to Site
 2022-08-08 11:09:16 -07:00
Tim Wojtulewicz
3da1848279 Merge remote-tracking branch 'AmazingPP/topic/amazingpp/command-line-script-warning' 
* AmazingPP/topic/amazingpp/command-line-script-warning:
  Squelch the zeekygen warnings for command line
 2022-08-08 11:03:32 -07:00
Tim Wojtulewicz
9524963da6 Merge remote-tracking branch 'anniebryan/notice-suppression-bug-fix' 
* anniebryan/notice-suppression-bug-fix:
  Added test case with back-to-back notices
  Fix notice suppression atomicity bug
 2022-08-05 16:21:29 +00:00
Tim Wojtulewicz
66c4e57442 Merge remote-tracking branch 'origin/topic/timw/2034-ifdef-namespace-name' 
* origin/topic/timw/2034-ifdef-namespace-name:
  GH-2034: Store module names and use them in lookups for ifdef
 2022-08-05 16:20:12 +00:00
Robin Sommer
686e740bbe
Merge remote-tracking branch 'origin/topic/awelzel/telemetry-script-land-v0' 
* origin/topic/awelzel/telemetry-script-land-v0:
  Introduce telemetry framework
  Bump broker submodule to master.
 2022-08-05 17:14:23 +02:00
Tim Wojtulewicz
9b546cbb2b Merge remote-tracking branch 'origin/topic/awelzel/config-util-fmt-thread-fmt' 
* origin/topic/awelzel/config-util-fmt-thread-fmt:
  input/config: Use thread-safe Fmt() rather than util::fmt() for regex formatting
 2022-08-03 10:27:38 -07:00
Tim Wojtulewicz
930fd75ed8 Merge remote-tracking branch 'origin/topic/awelzel/2010-zeek-done-change-handlers' 
* origin/topic/awelzel/2010-zeek-done-change-handlers:
  testing/missing-enum-value: redef exit_only_after_terminate=T
  option.bif: Short-circuit option changes when terminating
 2022-08-03 10:27:06 -07:00
Tim Wojtulewicz
3ffffe33bc Merge remote-tracking branch 'origin/topic/vern/bit-shift-fixes' 
* origin/topic/vern/bit-shift-fixes:
  btest portability fix address review comment about shifting corner-case
  canonicalize filenames for new vector deprecation btest
  updates for gen-C++ maintenance, including skipping some inappropriate tests
  fix for profiling "when" statements
  gen-C++ support for vector bit-shift operations
  corrected wording in some btest comments
  make gen-C++ maintenance scripts directly executable
  ZAM support for bit-shifting
  don't allow deprecated-style mixing of vectors and scaling for shifting leverage restrictions placed on shifting (RHS is always unsigned) split deprecated vector operations into separate test, with separate ZAM baseline
  ZAM fix for vector "in" operator
  ensure that language tests pay attention to .stderr
  fix vector tests, including checking for errors
 2022-08-03 09:56:55 -07:00
Tim Wojtulewicz
c82eb13cc8 Merge remote-tracking branch 'pbcullen/topic/pbcullen/prevent-large-dhcp-logs' 
* pbcullen/topic/pbcullen/prevent-large-dhcp-logs:
  Update plugins.hooks baseline with new DHCP options
  Prevent large dhcp log entries
 2022-08-02 12:38:03 -07:00
Tim Wojtulewicz
2cba2415fd Merge remote-tracking branch 'origin/topic/timw/1129-slash-s-patterns' 
* origin/topic/timw/1129-slash-s-patterns:
  Add support for /s modifier to RE matcher and parser
  Code cleanup in RE_Matcher code
  Add basic unit tests for RE_Matcher
  Add /s modifier to parser for patterns
 2022-08-02 11:33:35 -07:00
Tim Wojtulewicz
6fd0645aef Merge branch 'topic/timw/1344-illegal-base-type' 
* topic/timw/1344-illegal-base-type:
  GH-1344: Give better warning when using a type that doesn't exist
 2022-08-01 09:57:05 -07:00
Tim Wojtulewicz
6d16f9bb42 Merge remote-tracking branch 'origin/topic/timw/bit-shift-error-handling' 
* origin/topic/timw/bit-shift-error-handling:
  Add btest for vector bit-shift operators
  Handle error cases for bit-shift operators more cleanly
 2022-07-29 12:10:27 -07:00
Tim Wojtulewicz
25b49bf6ea Merge remote-tracking branch 'origin/topic/timw/clang-format-patricia' 
* origin/topic/timw/clang-format-patricia:
  Update 3rdparty submodule to get patricia reformat
 2022-07-29 12:01:07 -07:00
Tim Wojtulewicz
c56e895bee Merge remote-tracking branch 'origin/topic/timw/reenable-coverage-upload' 
* origin/topic/timw/reenable-coverage-upload:
  Re-enable sending coverage data to Coveralls via Cirrus
 2022-07-28 11:22:09 -07:00
Tim Wojtulewicz
ac4b7f9f02 Merge remote-tracking branch 'origin/topic/timw/2131-no-redef-segfault' 
* origin/topic/timw/2131-no-redef-segfault:
  Return an error if redef'ing a variable without redef attribute
 2022-07-25 09:43:54 -07:00