Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
16779 commits 387 branches 195 tags 255 MiB
Commit graph

16779 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vern Paxson
db22448270 internal option to suppress control-flow optimization 2024-08-16 11:18:58 +02:00
Vern Paxson
63f76c7f84 exposing some functionality for greater flexibility in structuring run-time execution 2024-08-16 11:18:58 +02:00
Vern Paxson
65e713e6ea rework ZAM compilation of type switches to leverage value switches 2024-08-16 11:18:58 +02:00
Vern Paxson
a1185ee6bb add tracking of control flow information 2024-08-16 11:18:58 +02:00
Vern Paxson
e94764982d factoring of ZAM operation specifications into separate files 2024-08-16 11:18:58 +02:00
Vern Paxson
5fc2c601b4 updates to ZAM operations / gen-zam regularization, other than the operations themselves 2024-08-16 11:18:58 +02:00
Vern Paxson
1d7e71b499 type-checking fix for vector-of-string operations 2024-08-16 11:18:57 +02:00
Vern Paxson
3cf3cc3c5e ZVal constructor for booleans 2024-08-16 11:18:57 +02:00
Vern Paxson
88740acffe fix for nit in base/protocols/krb/main.zeek 2024-08-16 11:18:57 +02:00
Vern Paxson
1253af42f9 mark functions skipped by ZAM compilation as such 2024-08-16 11:18:57 +02:00
Vern Paxson
11e9135f80 fix for avoiding inadvertent interpreter errors in CallExpr::IsPure() 2024-08-16 11:18:57 +02:00
Vern Paxson
37fcb231fa support for traversing ZAM code similar to AST traversal 2024-08-16 11:18:57 +02:00
Vern Paxson
85a8f0739c run-time warnings for scripts compiled to C++ 2024-08-16 11:18:57 +02:00
Vern Paxson
b333d24e0e allow C++ script compiler access to type internals 2024-08-16 11:18:57 +02:00
Vern Paxson
e93db75f78 fixes for script optimization of coerce-to-any expressions 2024-08-16 11:18:57 +02:00
Vern Paxson
cfb068a922 fix to correctly track whether a capture needs deep-copying 2024-08-16 11:18:57 +02:00
Vern Paxson
e6fe20f140 fix for -O report-C++ 2024-08-16 11:18:57 +02:00
Vern Paxson
857df9f063 support for more in-depth AST profiling 2024-08-16 11:18:57 +02:00
Vern Paxson
d2c6208421 allow profiling without updating of hash values 2024-08-16 11:18:57 +02:00
Vern Paxson
3962810e4b ListVal method to clear the list to allow reusing w/o new construction 2024-08-16 11:18:54 +02:00
Vern Paxson
5d37e6bb5c accessor for smart-pointer version of FileVal's value 2024-08-05 09:12:36 +01:00
zeek-bot
8acc5ae15e Update doc submodule [nomail] [skip ci] 2024-08-03 00:12:18 +00:00
Tim Wojtulewicz
3c3853dc7d Merge remote-tracking branch 'origin/topic/timw/telemetry-threading' 
* origin/topic/timw/telemetry-threading:
  Process metric callbacks from the main-loop thread
 2024-08-02 15:50:47 -07:00
Tim Wojtulewicz
7ac7ce1d2b Process metric callbacks from the main-loop thread 
This avoids the callbacks from being processed on the worker thread
spawned by Civetweb. It fixes data race issues with lookups involving
global variables, amongst other threading issues.
 2024-08-02 15:30:47 -07:00
Arne Welzel
9d9cc51e9d Merge remote-tracking branch 'origin/topic/timw/use-more-memory-for-freebsd-builds' 
* origin/topic/timw/use-more-memory-for-freebsd-builds:
  CI: Use 16GB of memory for FreeBSD builds
 2024-08-01 11:14:46 +02:00
Tim Wojtulewicz
af65c29a3e CI: Use 16GB of memory for FreeBSD builds 2024-07-31 10:19:11 -07:00
Arne Welzel
ed4acd2437 Update doc submodule [nomail] [skip ci] 2024-07-31 12:22:08 +02:00
zeek-bot
e9adb8e462 Update doc submodule [nomail] [skip ci] 2024-07-30 00:10:33 +00:00
Tim Wojtulewicz
4c0c7581c8 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump auxil/spicy to latest development snapshot
 2024-07-26 10:12:04 -07:00
Arne Welzel
152bbbd680 Merge remote-tracking branch 'origin/topic/awelzel/3853-ldap-spnego-ntlmssp' 
* origin/topic/awelzel/3853-ldap-spnego-ntlmssp:
  ldap: Recognize SASL+SPNEGO+NTLMSSP
 2024-07-26 15:14:52 +02:00
Arne Welzel
02e3d30227 ldap: Recognize SASL+SPNEGO+NTLMSSP 
The ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap file was harvested
from the CTU-SME-11 (Experiment-VM-Microsoft-Windows7AD-1) dataset
at https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).

Closes #3853
 2024-07-26 14:37:36 +02:00
Benjamin Bannier
666341fcbb Bump auxil/spicy to latest development snapshot 
This in particular pulls in a fix for zeek/spicy#1808.
 2024-07-26 13:28:31 +02:00
zeek-bot
7afb9b2afb Update doc submodule [nomail] [skip ci] 2024-07-26 00:10:24 +00:00
Tim Wojtulewicz
a40da34915 Merge remote-tracking branch 'botovq/opaque_x509_algor' 
* botovq/opaque_x509_algor:
  Use accessor to reach into X509_ALGOR
 2024-07-25 09:19:31 -07:00
Arne Welzel
93a430ce15 Merge remote-tracking branch 'origin/topic/awelzel/mysql-amazing-pp-issue-2716-additions' 
* origin/topic/awelzel/mysql-amazing-pp-issue-2716-additions:
  mysql: Simplify length computation
  mysql: Improve date and time parsing
  btest/mysql: Clean query-attr.pcapng
  mysql: Support non-string query attributes
  btest/mysql: Add pcap with non-string query attributes
  mysql: Introduce mysql_ssl_request event
  mysql: Fix EOFIfLegacyThenResultSet
  mysql: Add data parameter to mysql_auth_plugin
  mysql: Add mysql_auth_plugin, mysql_auth_more_data and mysql_auth_switch_request events
  mysql: AuthSwitchRequest: &enforce a 0xfe / 254 status
  mysql: Make auth_plugin_ a std::string
  mysql: Fix auth_plugin_data_part2 length computation
  Refactored connection phase state handling
  Add support for "auth switch" and "query attrs"
  Add support for parsing the "caching_sha2_password" auth plugin
 2024-07-25 12:18:31 +02:00
Arne Welzel
2e1e57033d mysql: Simplify length computation 
Thanks Tim!
 2024-07-25 11:53:41 +02:00
Fupeng Zhao
4adea7978c mysql: Improve date and time parsing 2024-07-25 11:53:41 +02:00
Arne Welzel
7b8bbc6d00 btest/mysql: Clean query-attr.pcapng 
It contained some unrelated IntelliJ traffic.
 2024-07-25 11:53:41 +02:00
Arne Welzel
2894ae38d0 mysql: Support non-string query attributes 
The query attributes aren't exposed to script layer right now, but this
should at least parse over them once encountered and some fixups.
 2024-07-25 11:53:41 +02:00
Arne Welzel
93f5813be3 btest/mysql: Add pcap with non-string query attributes 
Pcap was generated as follows. Doesn't seem wireshark even parses
this properly right now.

    with common.get_connection() as c:
        with c.cursor() as cur:
            date1 = datetime.date(1987, 10, 18)
            datetime1 = datetime.datetime(1990, 9, 26, 12, 13, 14)
            cur.add_attribute("number1", 42)
            cur.add_attribute("string1", "a string")
            cur.add_attribute("date1", date1)
            cur.add_attribute("datetime1", datetime1)
            cur.execute("SELECT version()")
            result = cur.fetchall()
            print("result", result)
 2024-07-25 11:53:41 +02:00
Arne Welzel
0a1568f1a1 mysql: Introduce mysql_ssl_request event 
This should've been added with fa48c885 for completion. Do it now.
The MySQL spec calls it SSLRequest packet, so keep SSL in the name for
consistency.
 2024-07-25 11:53:41 +02:00
Arne Welzel
6ea1045245 mysql: Fix EOFIfLegacyThenResultSet 
Only expect a result next if an EOF was consumed.
 2024-07-25 11:53:41 +02:00
Arne Welzel
320923418c mysql: Add data parameter to mysql_auth_plugin 
This may contain salt from the server or a hashed password from the client.
 2024-07-25 11:53:41 +02:00
Arne Welzel
40f1c2cb6d mysql: Add mysql_auth_plugin, mysql_auth_more_data and mysql_auth_switch_request events 
Remove caching_sha2_password parsing/state from the analyzer and implement
the generic events. If we actually want to peak into the authentication
mechanism, we could write a separate analyzer for it. For now, treat it
as opaque values that are exposed to script land.

The added tests show the --get-server-public-key in use where
mysql_auth_more_data contains an RSA public key.
 2024-07-25 11:53:41 +02:00
Arne Welzel
8a92945b06 mysql: AuthSwitchRequest: &enforce a 0xfe / 254 status 2024-07-25 11:53:41 +02:00
Arne Welzel
48e76f38cb mysql: Make auth_plugin_ a std::string 2024-07-25 11:53:40 +02:00
Arne Welzel
e98b80d140 mysql: Fix auth_plugin_data_part2 length computation 2024-07-25 11:53:40 +02:00
Fupeng Zhao
c82756bda4 Refactored connection phase state handling 
Added `ConnectionExpected` enum for expected packet types during the connection phase.
 2024-07-25 11:53:40 +02:00
Fupeng Zhao
e8bdf149f2 Add support for "auth switch" and "query attrs" 
Also fix the issue where Resultset could not correctly distinguish between EOF_Packet and OK_Packet.
 2024-07-25 11:53:40 +02:00
Fupeng Zhao
9cb618c718 Add support for parsing the "caching_sha2_password" auth plugin 2024-07-25 11:53:35 +02:00