Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00

Author	SHA1	Message	Date
Jon Siwek	f00e2167a7	BIT-1208: remove unused weirds from Weird::actions table	2018-09-05 15:13:38 -05:00
Johanna Amann	bec98b98f3	Weird settings: make constants into options. The new weird settings are now all updateable during runtime.	2018-09-05 13:12:23 -07:00
Johanna Amann	5c68093bc3	Permit weird sampling rate of 0. This change allows a weird sampling rate of 0, which completely suppresses all notifications (previously this crashed Bro). If also fixes the sampling threshold to work with sampling rates of 0.	2018-09-05 13:12:23 -07:00
Jon Siwek	4bbdd63054	BIT-1779: use BRO_LOG_SUFFIX env var in ascii log rotation function	2018-09-05 15:09:57 -05:00
Robin Sommer	e275927a64	Fix printf format specification for reporting packet stats. We were using '%d' for unsigned integers, leading to output like this: 1535403189.557168 -483803356 packets received on interface 0:1, 0 dropped	2018-09-05 19:32:15 +00:00
fatema	ff5c11975d	DNSSEC support in Bro	2018-09-05 14:12:07 -04:00
Jon Siwek	7dbd6366f9	Updating submodule(s). [nomail]	2018-09-05 10:00:44 -05:00
Jon Siwek	60da98fa73	Merge remote-tracking branch 'origin/topic/seth/ntlm-fixes' * origin/topic/seth/ntlm-fixes: Test baseline updates. Updates to NTLM script handling.	2018-09-04 17:18:56 -05:00
Jon Siwek	fcca789bc7	Improve update-changes output	2018-09-04 12:11:39 -05:00
Jon Siwek	07aac5f84f	Sort output of a coverage unit test	2018-09-04 12:09:20 -05:00
Jon Siwek	47ea7e7ad2	Remove non-ascii char from rdp/consts.bro	2018-09-04 12:07:17 -05:00
Jon Siwek	dee22f6839	Updating submodule(s). [nomail]	2018-09-04 10:50:20 -05:00
Jon Siwek	fa1d48e1d2	Updating submodule(s). [nomail]	2018-09-04 10:43:24 -05:00
Jon Siwek	ced5718071	Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Fix the find-bro-logs.test Fix typos/formatting in NEWS	2018-09-04 09:29:25 -05:00
Jon Siwek	60d0343845	Clarify 'old_comm_usage_is_ok' error message	2018-09-04 09:26:12 -05:00
Daniel Thayer	4bd1668915	Fix the find-bro-logs.test Updated the find-bro-logs.test to output the correct list of log files. The test now runs about 50 times faster. Also corrected a typo on the "Log Files" documentation page.	2018-08-31 22:52:16 -05:00
Daniel Thayer	9ec0ffe798	Fix typos/formatting in NEWS	2018-08-31 22:29:06 -05:00
Johanna Amann	452eb0cba9	Update Mozilla CA list to NSS 3.39	2018-08-31 16:50:04 -07:00
Jon Siwek	56c14fb6d5	Update NEWS (finalizations/formatting)	2018-08-31 17:30:50 -05:00
Jon Siwek	d1e4dbe5e3	Improve `make dist`	2018-08-31 15:34:28 -05:00
Johanna Amann	33a8e7a7c7	Merge remote-tracking branch 'origin/topic/jsiwek/at-deprecated' * origin/topic/jsiwek/at-deprecated: Add @deprecate to policy/protocols/smb/__load__.bro Add @deprecated directive	2018-08-31 09:06:52 -07:00
Jon Siwek	c85cfdd470	Add @deprecate to policy/protocols/smb/__load__.bro	2018-08-31 09:26:22 -05:00
Jon Siwek	a467d0c92d	Add @deprecated directive It emits a warning stating that the script is deprecated.	2018-08-31 09:24:03 -05:00
Jon Siwek	57a505b0e4	Allow loading policy/protocols/smb once again It just redirects to base/protocols/smb	2018-08-30 16:07:04 -05:00
Jon Siwek	1baf946e52	Merge remote-tracking branch 'origin/fastpath' * origin/fastpath: Update NEWS with more info about runtime options	2018-08-30 09:51:41 -05:00
Jon Siwek	7e6fc58ab4	Merge remote-tracking branch 'origin/topic/johanna/tls-more-data' * origin/topic/johanna/tls-more-data: Update NEWS for ssl changes. SSL: test updates for record_layer version Final touches to SSL events with record layer version. Introduce ssl_plaintext_data event. Add record layer version to event ssl_encrypted_data. Add compression methods to ssl_client_hello event.	2018-08-30 09:48:25 -05:00
Jon Siwek	12aa37f242	Update binpac submodule and unit test baseline	2018-08-30 09:14:06 -05:00
Daniel Thayer	be9d4556f6	Update NEWS with more info about runtime options	2018-08-30 00:08:45 -05:00
Robin Sommer	82862d8114	Baseline update.	2018-08-30 00:11:38 +00:00
Robin Sommer	6de436f3f6	Merge remote-tracking branch 'origin/topic/jsiwek/bit-1967' * origin/topic/jsiwek/bit-1967: Fix a routing loop in control framework Add Broker::forward() function Enable implicit Broker message forwarding by default Remove Cluster::broadcast_topic Remove Intel Broker topics, re-use existing Cluster topics Remove "relay" family of Broker functions	2018-08-30 00:08:12 +00:00
Jon Siwek	611c00a605	Merge remote-tracking branch 'origin/topic/johanna/bit-1976' * origin/topic/johanna/bit-1976: Allow event/function definitions to be wrapped in directives. Fixed to work with attributes (e.g. &priority).	2018-08-29 18:28:54 -05:00
Jon Siwek	01300f8706	Fix a unit test	2018-08-29 17:23:48 -05:00
Jon Siwek	0c9878f136	Fix strict-aliasing compiler warning	2018-08-29 17:18:56 -05:00
Jon Siwek	ffe895a0f1	Update doc tests	2018-08-29 17:17:20 -05:00
Jon Siwek	fa7fa5aa2b	Update unit test baseline for new BinPAC output	2018-08-29 14:59:35 -05:00
Jon Siwek	651ccd553c	Updating submodule(s). [nomail]	2018-08-29 14:56:26 -05:00
Jon Siwek	31d8391af0	Fix a routing loop in control framework A controllee now subscribes to a topic prefix based on their node ID instead of the common control topic prefix.	2018-08-28 19:50:53 -05:00
Jon Siwek	1dcead93bf	Add Broker::forward() function This enables explicit forwarding of events matching a given topic prefix. Even if a receiving node has an event handler, it will not be raised if the event was sent along a topic that matches a previous call to Broker::forward().	2018-08-28 19:42:22 -05:00
Johanna Amann	3c7c60cf64	Update NEWS for ssl changes. When merging, please replace commit number of change with the version number that is assigned.	2018-08-28 16:34:50 -07:00
Johanna Amann	fb95a7750e	Allow event/function definitions to be wrapped in directives. This makes @if (conditions) event a(...) @else event b(...) @endif work, which threw an error in the past. This is useful when event definition change in newer Bro version and code wants to accept both kinds of events.	2018-08-28 16:00:34 -07:00
Jon Siwek	850030822d	Enable implicit Broker message forwarding by default	2018-08-28 16:50:41 -05:00
Johanna Amann	8d9408c795	CT List update - a few more logs.	2018-08-28 14:49:21 -07:00
Johanna Amann	b2b2bb1b30	Update certificate list to NSS 3.38 Only one root CA removed - so this is a rather minor change.	2018-08-28 14:44:35 -07:00
Jon Siwek	8db042a8c2	Remove Cluster::broadcast_topic As enabling Broker forwarding would cause routing loops with messages sent to such a topic (one subscribed to on all nodes).	2018-08-28 16:40:48 -05:00
Johanna Amann	4fd6cbd138	Merge remote-tracking branches 'origin/topic/dnthayer/ticket1963' and 'origin/topic/jsiwek/improve-input-reread' * origin/topic/dnthayer/ticket1963: Convert more redef-able constants to runtime options * origin/topic/jsiwek/improve-input-reread: Improve input framework re-read logic	2018-08-28 14:36:28 -07:00
Jon Siwek	2f1e81059b	Remove Intel Broker topics, re-use existing Cluster topics And update broker docs to reflect best-practice/convention for declaring new topics.	2018-08-28 15:43:34 -05:00
Johanna Amann	23eb8096fc	SSL: test updates for record_layer version Update the tests to also include the recently included record layer fields.	2018-08-28 11:02:20 -07:00
Daniel Thayer	bb313cb660	Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1963	2018-08-27 19:39:45 -05:00
Daniel Thayer	9bfc01b705	Convert more redef-able constants to runtime options	2018-08-27 19:38:47 -05:00
Jon Siwek	1a75ef2abd	Remove "relay" family of Broker functions Namely these are now removed: - Broker::relay - Broker::publish_and_relay - Cluster::relay_rr - Cluster::relay_hrw The idea being that Broker may eventually implement the necessary routing (plus load balancing) functionality. For now, code that used these should "manually" handle and re-publish events as needed.	2018-08-27 16:49:35 -05:00

... 19 20 21 22 23 ...

9059 commits