Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19037 commits 387 branches 195 tags 255 MiB
Commit graph

19037 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
d9357b4204 Merge remote-tracking branch 'origin/topic/timw/remove-8.1-deprecations' 
* origin/topic/timw/remove-8.1-deprecations:
  Pass DNS complete_flag along as a uint8_t instead of a String
  Update docs submodule with 8.1 deprecation removals
  Update zeekjs submodule with 8.1 deprecation fixes
  Remove deprecations tagged for v8.1
 2025-08-12 11:01:29 -07:00
Tim Wojtulewicz
f1d69df165 Pass DNS complete_flag along as a uint8_t instead of a String 2025-08-12 11:00:40 -07:00
Tim Wojtulewicz
73c9a1f3d9 Update docs submodule with 8.1 deprecation removals 2025-08-12 11:00:40 -07:00
Tim Wojtulewicz
cdba3c601f Update zeekjs submodule with 8.1 deprecation fixes 2025-08-12 10:19:03 -07:00
Tim Wojtulewicz
d95affde4d Remove deprecations tagged for v8.1 2025-08-12 10:19:03 -07:00
zeek-bot
e4dab3dded Update doc submodule [nomail] [skip ci] 2025-08-12 00:44:57 +00:00
Tim Wojtulewicz
76289a8022 Merge remote-tracking branch 'origin/topic/awelzel/4730-smb-read-response-data-offset' 
* origin/topic/awelzel/4730-smb-read-response-data-offset:
  smb2/read: Parse only 1 byte for data_offset, ignore reserved1
 2025-08-11 11:37:38 -07:00
Tim Wojtulewicz
dff534962e Merge remote-tracking branch 'origin/topic/timw/docs-generation-virtualenv' 
* origin/topic/timw/docs-generation-virtualenv:
  Update docs submodule with new python packages
  Use virtualenv in docs generation/builds
 2025-08-10 21:28:48 -07:00
Tim Wojtulewicz
302f6f2787 Update docs submodule with new python packages 2025-08-10 21:21:41 -07:00
Tim Wojtulewicz
ef055ddb7c Use virtualenv in docs generation/builds 2025-08-08 20:38:31 -07:00
Arne Welzel
b2a2ad7e10 smb2/read: Parse only 1 byte for data_offset, ignore reserved1 
A user provided a SMB2 pcap with the reserved1 field of a ReadResponse
set to 1 instead of 0. This confused the padding computation due to
including this byte into the offset. Properly split data_offset and
reserved1 into individual byte fields.

Closes #4730
 2025-08-08 16:12:20 +02:00
Arne Welzel
13f613eb1d Merge remote-tracking branch 'origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks' 
* origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks:
  cluster: Add on_subscribe() and on_unsubscribe() hooks
 2025-08-08 14:24:18 +02:00
Tim Wojtulewicz
54d67c3322 Merge remote-tracking branch 'origin/topic/timw/cleanup-warnings-from-plugin-btest-builds' 
* origin/topic/timw/cleanup-warnings-from-plugin-btest-builds:
  Update zeek-aux to remove BRO_DIST from plugin skeleton
  cmake_minimum_required() should come before project()
 2025-08-07 08:39:40 -07:00
Tim Wojtulewicz
162ecc022e Update zeek-aux to remove BRO_DIST from plugin skeleton 2025-08-07 08:39:08 -07:00
Arne Welzel
bd9130a69a Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-four-thanks-clang-tidy' 
* origin/topic/awelzel/tap-analyzer-take-four-thanks-clang-tidy:
  btest/tap-analyzer: Update existing test and add new one for UpdateConnVal()
  SessionAdapter: Keep tap_analyzers until destruction
  tcp,udp,icmp adapters: Move TapPacket() to earlier
  tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call
 2025-08-07 10:49:12 +02:00
Tim Wojtulewicz
3c535ec215 cmake_minimum_required() should come before project() 2025-08-06 12:10:41 -07:00
Arne Welzel
f98508bbb0 btest/tap-analyzer: Update existing test and add new one for UpdateConnVal() 
This also changes the output of connection UIDs from the tap analyzer to be
prefixed with C for easier correlation with other logs.

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:59 +02:00
Arne Welzel
bdff2935a4 SessionAdapter: Keep tap_analyzers until destruction 
connection_state_remove() is invoked after Done(), so it's not a good
idea to remove the tap analyzers before in case they have up-to-date
information for the connection val.

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:55 +02:00
Arne Welzel
ee93213d39 tcp,udp,icmp adapters: Move TapPacket() to earlier 
Writing a test, the packet was tapped after protocol analysis at least
for TCP. Ensure tapping happens before. The adapter->Process() moving
after pkt->session made me a bit wondering if things are underspecified
here, but seems reasonable to set the session on pkt before adapter->Process().

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:51 +02:00
Arne Welzel
9d7cfcbce3 tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call 
Now that SessionAdapter implements UpdateConnVal(), the individual
adapters need to call that instead of Analyzer::UpdateConnVal()

Thanks clang-tidy.

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:44 +02:00
Johanna Amann
2f2f328a72 Merge remote-tracking branch 'origin/topic/johanna/analyzer-log-proto' 
* origin/topic/johanna/analyzer-log-proto:
  Add proto to analyzer.log
 2025-08-06 14:38:47 +01:00
Evan Typanski
22f77248f5 Merge remote-tracking branch 'origin/topic/etyp/fix-record-vec-type-conflict' 
* origin/topic/etyp/fix-record-vec-type-conflict:
  Fix record coercion with compatible types
 2025-08-06 09:10:19 -04:00
Arne Welzel
33b6869425 Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-three' 
* origin/topic/awelzel/tap-analyzer-take-three:
  TapAnalyzer: Fix docstring
  btest/plugins/tap-analyzer: Update baseline
 2025-08-06 14:27:56 +02:00
Arne Welzel
ce7c394af1 TapAnalyzer: Fix docstring 
Relates to #4337 #4725 #4734
 2025-08-06 14:19:40 +02:00
Arne Welzel
ac776b0aad btest/plugins/tap-analyzer: Update baseline 
Relates to #4337 #4725 #4734
 2025-08-06 14:17:42 +02:00
Johanna Amann
82266b1e78 Add proto to analyzer.log 
The analyzer.log file was missing the protocol field to distinguish
tcp/udp connections.
 2025-08-06 11:34:57 +01:00
Arne Welzel
7dea987432 Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-follow-up' 
* origin/topic/awelzel/4337-tap-analyzer-follow-up:
  TapAnalyzer: More verdict to action rename
 2025-08-05 20:00:44 +02:00
Arne Welzel
b4925fbd16 TapAnalyzer: More verdict to action rename 
Relates to #4725 #4337
 2025-08-05 19:59:06 +02:00
Arne Welzel
1e05588e8e Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-sketch' 
* origin/topic/awelzel/4337-tap-analyzer-sketch:
  IPBasedAnalyzer: Call TapPacket() when skipping
  SessionAdapter: Introduce TapAnalyzer for session adapter
 2025-08-05 19:49:01 +02:00
Arne Welzel
4bc7f9532c IPBasedAnalyzer: Call TapPacket() when skipping 
When skip_further_processing() is called, a TapAnalyzer should still see
the packets as skipped with SkipReason "skipping".
 2025-08-05 19:47:04 +02:00
Arne Welzel
dc904b2216 SessionAdapter: Introduce TapAnalyzer for session adapter 
This commit introduces a mechanism to attach light weight analyzers to
the root analyzer of sessions in order to tap into the packets delivered
to child analyzer.
 2025-08-05 19:47:02 +02:00
Evan Typanski
006bef71b5 Fix record coercion with compatible types 
Fixes #4722
 2025-08-04 17:09:26 -04:00
Christian Kreibich
56325d1412 Merge branch 'topic/christian/zeek-8.0-news' 
* topic/christian/zeek-8.0-news:
  Compile contributors for Zeek 8.0 in the NEWS file
 2025-08-04 09:35:53 -07:00
Christian Kreibich
4fdd83f3f5 Compile contributors for Zeek 8.0 in the NEWS file 2025-08-04 09:32:58 -07:00
Tim Wojtulewicz
6afeeca090 Start of 8.1.0 development 2025-08-04 08:26:29 -07:00
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Arne Welzel
1a87ebab72 cluster: Add on_subscribe() and on_unsubscribe() hooks 
Closes #4176
 2025-08-01 14:06:19 +02:00
Arne Welzel
7a68208ecf ci/windows: No ZeroMQ cluster backend 
Doesn't seems there's libzmq available, so just skip building.
 2025-08-01 10:17:13 +02:00
Arne Welzel
993502e0b6 cluster/zeromq: Bail on missing ZeroMQ by default 2025-08-01 09:46:06 +02:00
zeek-bot
aabb36abf7 Update doc submodule [nomail] [skip ci] 2025-08-01 00:28:48 +00:00
Tim Wojtulewicz
f2e155d7fa Merge remote-tracking branch 'origin/topic/timw/update-ct-ca-lists' 
* origin/topic/timw/update-ct-ca-lists:
  Update CT/CA lists to versions from NSS 3.114
 2025-07-31 14:32:21 -07:00
Tim Wojtulewicz
528f0d9766 Merge remote-tracking branch 'origin/topic/timw/update-submodules-ahead-of-8.0' 
* origin/topic/timw/update-submodules-ahead-of-8.0:
  Updating submodule(s) [nomail]
 2025-07-31 14:29:48 -07:00
Tim Wojtulewicz
1daead9edd Update CT/CA lists to versions from NSS 3.114 2025-07-31 11:34:23 -07:00
Tim Wojtulewicz
74a3fe5856 Updating submodule(s) [nomail] 2025-07-31 10:37:45 -07:00
Tim Wojtulewicz
b9a5a635bd Merge remote-tracking branch 'origin/topic/timw/clang-tidy-fix' 
* origin/topic/timw/clang-tidy-fix:
  Fix use-after-move reported by clang-tidy
 2025-07-31 10:34:58 -07:00
Tim Wojtulewicz
647da4f970 Fix use-after-move reported by clang-tidy 
This was introduced by 9eb94ee151.
 2025-07-31 09:55:43 -07:00
Johanna Amann
136bdb43fd Merge remote-tracking branch 'origin/topic/johanna/gh-4694' 
* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek
 2025-07-31 16:11:00 +01:00
Tim Wojtulewicz
3e0012ea30 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump `auxil/spicy` to latest development snapshot
 2025-07-31 07:58:05 -07:00
Benjamin Bannier
c0ce3f19fb Bump auxil/spicy to latest development snapshot 2025-07-31 13:47:32 +02:00