Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
3314 commits 387 branches 195 tags 267 MiB
Commit graph

17 commits

Author SHA1 Message Date
Jon Siwek
dce3e6448f FileAnalysis: fix a memory leak. 2013-03-27 14:50:15 -05:00
Jon Siwek
621fe51c82 FileAnalysis: fix access of invalidated std::map iterator. 2013-03-26 15:52:12 -05:00
Jon Siwek
71f0e2d276 FileAnalysis: replace script-layer http file analysis. 
Other misc:

- Remove HTTP::MD5 notice.

- Add "last_active" field to FileAnalysis::Info record.

- Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record
  with just a "conns" fields containing full connection records.

- The http-methods unit test is failing now, but I think it will be
  fixed once I change the file handle callback mechanism to use events
  instead.
 2013-03-22 16:14:06 -05:00
Jon Siwek
59ed5c75f1 FileAnalysis: add unit tests covering current protocol integration. 
And had to make various fixes/refinements after scrutinizing results.
 2013-03-19 15:50:05 -05:00
Jon Siwek
e0f3713912 FileAnalysis: change file handle -> file id mapping process. 
They're now actually directly related via a hash function that will
produce the same results among different instances in a cluster.
 2013-03-14 14:08:26 -05:00
Jon Siwek
3dd513e26e FileAnalysis: move unique file handle string generation to script-layer 
And add minimal integration with HTTP analyzer.
 2013-03-12 13:44:31 -05:00
Jon Siwek
589952f4d9 Merge branch 'master' into topic/jsiwek/file-analysis 
Conflicts:
	src/FileAnalyzer.cc
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-03-07 11:06:00 -06:00
Jon Siwek
00b2d34a8e FileAnalysis: add binary input reader and BIFs for sending in data. 
This allows the input framework to feed files in to Bro for analysis.
 2013-03-06 12:59:54 -06:00
Jon Siwek
c330b46128 FileAnalysis: add libmagic file type detection. 2013-03-04 16:20:10 -06:00
Jon Siwek
9425c2508f Change semantics of FileAnalysis::stop BIF to internally mean "ignore". 
The manager has to remember that the file is being ignored until either
EOF or timeout.
 2013-03-01 14:03:37 -06:00
Jon Siwek
6cb58a5228 FileAnalysis: minor code reorg/tweak of BOF buffering stuff. 2013-03-01 09:55:49 -06:00
Jon Siwek
720858fb36 FileAnalysis: refactor add/remove/stop BIFs, add BOF triggers/fields. 
The add_action, remove_action, and stop BIFs now go through a queue to
ensure that modifications are made at well-defined times and don't end
up invalidating loop iterators.
 2013-02-28 17:19:16 -06:00
Jon Siwek
691622b3aa Refactor how file analysis actions are tracked. 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
 2013-02-25 16:35:42 -06:00
Jon Siwek
4b30cc2e24 Add file analysis action to send data to script-land in chosen events. 2013-02-22 16:49:53 -06:00
Jon Siwek
85410a7657 Add MD5/SHA1/SHA256 file analysis hashing actions. 2013-02-21 21:05:01 -06:00
Jon Siwek
ceb471fb36 Prettify file analysis IDs to be more like connection uids. 2013-02-20 22:09:39 -06:00
Jon Siwek
f8af42cf9a Reorganizing file analysis source code. 2013-02-14 16:07:42 -06:00
Renamed from src/FileAnalysisManager.cc (Browse further)