Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9059 commits 385 branches 195 tags 260 MiB
Commit graph

9059 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johanna Amann
c868a19a28 Add gzip log writing to the ascii writer. 
This feature can be enabled globally for all logs by setting
LogAscii::gzip_level to a value greater than 0.

This feature can be enabled on a per-log basis by setting gzip-level in
$confic to a value greater than 0.
 2017-04-24 13:15:32 -07:00
Johanna Amann
333bb71ed1 Add rename, unlink, and rmdir bifs. 2017-04-24 11:58:05 -07:00
Robin Sommer
2c2c9c9052 Updating submodule(s). 
[nomail]
 2017-04-22 08:12:25 -07:00
Robin Sommer
ad4b2d6880 Updating submodule(s). 
[nomail]
 2017-04-22 08:12:15 -07:00
Robin Sommer
f80a10fb96 Merge remote-tracking branch 'origin/topic/johanna/format-checks' 
* origin/topic/johanna/format-checks:
  Guard a few more format strings with __attribute__((format))
 2017-04-21 14:19:47 -07:00
Robin Sommer
bf15ff4c83 Merge remote-tracking branch 'origin/topic/johanna/tls13-extensions' 
* origin/topic/johanna/tls13-extensions:
  Add support for two TLS 1.3 extensions.
 2017-04-21 14:15:23 -07:00
Robin Sommer
b307b29f42 Updating CHANGES and VERSION. 2017-04-21 14:14:00 -07:00
Johanna Amann
81dbbbd3a2 Update submodule 
[nomail]
 2017-04-17 22:02:39 +02:00
Johanna Amann
15375ba1e3 Guard a few more format strings with __attribute__((format)) 
This will cause compile-time error messages to be raised if someone
passes incorrect parameters to these strings.
 2017-04-17 21:46:58 +02:00
Seth Hall
b3d7d8b1da Documentation updates for loading Bro scripts. 2017-04-17 12:09:18 -04:00
Johanna Amann
9e302c7e89 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some failing tests
 2017-04-10 13:31:17 -07:00
Daniel Thayer
817b9e01a3 Fix some failing tests 
Increase delay time before launching 2nd process to give bro more of a
chance to startup.
 2017-04-10 15:24:21 -05:00
Johanna Amann
a7b1161c12 Threading Types: add a bit of documentation to subnet type. 
This explains how the length field is currently handled when exchanging
data in both directions.
 2017-04-10 11:37:43 -07:00
Robin Sommer
7826cbdfb6 Fixing couple issues reported by Coverity. 2017-04-08 09:57:45 -07:00
Johanna Amann
a3b664c77d Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix the test group name in some broker test files
 2017-04-07 10:33:47 -07:00
Johanna Amann
bdc693e72a NetControl: small rule_error changes 
* add rule_error test for acld plugin

* add namespace for rule_error calls in OpenFlow
 2017-04-07 10:26:34 -07:00
Daniel Thayer
fcbf54f697 Fix the test group name in some broker test files 
Some broker leak tests were being ignored because the test group
name was incorrect.
 2017-04-07 12:24:29 -05:00
Johanna Amann
61906fe7fb Merge branch 'topic/johanna/tls13-extensions' into topic/johanna/ocsp-sct-validate 2017-04-05 12:04:15 -07:00
Johanna Amann
6c9449c780 Add support for two TLS 1.3 extensions. 
New events:

event ssl_extension_supported_versions(c: connection, is_orig: bool, versions: index_vec)

event ssl_extension_psk_key_exchange_modes(c: connection, is_orig: bool, modes: index_vec)
 2017-04-05 11:55:40 -07:00
Johanna Amann
0cd0ffed13 SSL: update dpd signature for TLS1.3 
The dpd signature missed a few cases that are used for TLS 1.3,
especially when draft versions (which are all that we are seeing at the
moment) are being negotiated.

This fix mostly allows draft versions in the server hello (identified by
7F[version]; since we do not know how many drafts there will be, we are
currently allowing a rather safe upper limit.
 2017-04-05 08:58:08 -07:00
Roberto Del Valle Rodriguez
1ee9610b77 Added rename event to rpc/nfs protocol analyzer. 
This event identifies and reports information
	about nfs/rpc calls and replies of the type
	rename.
 2017-04-03 18:27:51 -04:00
Julien Wallior
e69bb37cc7 Expand parsing of RPC Call packets to add Uid, Gid, Stamp, MachineName 
and AuxGIDs
 2017-04-03 18:27:36 -04:00
Julien Wallior
04478acb59 Fix NFS protocol parser. 2017-04-03 18:27:25 -04:00
Johanna Amann
d531a5405a SSL: Fix type of ssl validation result 2017-03-29 12:40:14 -07:00
Johanna Amann
b8e81029f8 TLS-SCT: compile on old versions of OpenSSL (1.0.1...) 2017-03-29 09:17:30 -07:00
Johanna Amann
aec62aeee9 SCT: Add caching support for validation 2017-03-29 09:17:30 -07:00
Johanna Amann
22b1eda472 SCT: Add signed certificate timestamp validation script. 
This also rewrites the certificate validation script (which we need for
this) slightly.

This could need a bit of caching, but should generally work very
reliably.
 2017-03-29 09:17:30 -07:00
Johanna Amann
115a676d08 SCT: Allow verification of SCTs in Certs. 
This is much more complex than the TLS Extension/OCSP cases. We need to
first alter the certificate and remove the extension from it, before
extracting the tbscert. Furthermore, we need the key hash of the issuing
certificate to be able to validate the proof - which means that we need
a valid certificate chain.

Missing: documentation, nice integration so that we can just add a
script and use this in Bro.
 2017-03-29 09:17:24 -07:00
Johanna Amann
41a2028dee SCT: only compare correct OID/NID for Cert/OCSP. 
The old way of doing it did not really cause problems - but now only the
OID that can be used in practice is checked.
 2017-03-29 09:04:11 -07:00
Johanna Amann
c403a7f4e6 SCT: add validation of proofs for extensions and OCSP. 
This does not yet work for certificates, because this requires some
changing the ASN.1 structure before validation (we need to extract the
tbscert and remove the SCT extension before).

API will change in the future.
 2017-03-29 09:04:05 -07:00
Robin Sommer
391685af73 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix a test that was failing on some platforms
 2017-03-23 07:26:18 -07:00
Daniel Thayer
ca51dfc9c7 Fix a test that was failing on some platforms 
Fixed by sorting the .stderr file, since the ordering of lines was
not consistent on all platforms.
 2017-03-22 14:37:37 -05:00
Robin Sommer
05915571db Updating submodule(s). 
[nomail]
 2017-03-20 12:17:40 -07:00
Johanna Amann
d50bddfbfb SCT: pass timestamp as uint64 instead of time 
For verification, we need the exact uint64 as it was seen on the wire;
converting it to a double might mean that we loose precision.
 2017-03-16 18:18:39 -07:00
Johanna Amann
dcf4907857 Add CT log information to Bro 
This commit add the table SSL::ct_logs to Bro. This table is populated
with information about the currently active certificate transparency
logs (data from Google). The data can, e.g., be used to identify which
Logs are being used in SCTs.
 2017-03-16 13:50:32 -07:00
Johanna Amann
2b3dcc273a KRB: Fix small recently introduced files bug. 
is_orig was set incorrectly for responses.
 2017-03-16 12:29:50 -07:00
Johanna Amann
7aa219758c Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp-new 2017-03-16 12:28:08 -07:00
Johanna Amann
6544e36564 Remove cluster catch and release. 
This test keeps failing intermittently because of timing issues that are
surprisingly hard to fix.
 2017-03-15 08:00:36 -07:00
Robin Sommer
98c808fbfe Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some Coverity warnings
 2017-03-15 06:44:56 -07:00
Johanna Amann
750e3e358f Update submodule 
[nomail]
 2017-03-14 06:58:42 -07:00
Johanna Amann
2d7c84956c Update submodule 
[nomail]
 2017-03-13 16:08:14 -07:00
Johanna Amann
7180c704f6 Update submodule 
[nomail]
 2017-03-13 11:56:55 -07:00
Johanna Amann
0d691a5032 Merge branch 'patch-1' of https://github.com/petiepooo/bro 
* 'patch-1' of https://github.com/petiepooo/bro:
  print version string to stdout on --version
 2017-03-13 11:22:59 -07:00
Johanna Amann
17fa1b6fed Fix compiler warnings raised by llvm 8.0. 
Warning was:

warning: moving a temporary object prevents copy elision [-Wpessimizing-move]
 2017-03-13 11:16:19 -07:00
Johanna Amann
a38f44b1fd Fix coverity warning in Ascii reader. 2017-03-13 11:16:15 -07:00
Pete
05746ab7fc print version string to stdout on --version 
When running a *nix command from the prompt, and output is expected, that output should be sent to stdout, not stderr.  The --version option is such a case.  The outputted version string is not an indication of error or a diagnostic output; it is the expected output, thus should follow standard conventions and be output to stdout..
 2017-03-12 12:53:12 -04:00
Seth Hall
d505670f59 Updating NEWS 2017-03-09 12:43:41 -05:00
Seth Hall
b9c8bae0fd Merge branch 'topic/seth/input-thread-behavior' 
* topic/seth/input-thread-behavior:
  Minor documentation fixes.
  Ascii reader error changes - fix small bugs
  Tiny fix to correct a warning message.
  Input's ascii reader is now more resilient.
  Another resilient Ascii reader checkpoint.
  In progress on ascii writer behavior change.
 2017-03-09 12:23:02 -05:00
Seth Hall
ffdd684eaa Merge remote-tracking branch 'origin/master' into topic/seth/input-thread-behavior 2017-03-09 12:18:41 -05:00
Seth Hall
ff4d624ebe Minor documentation fixes. 2017-03-09 12:18:35 -05:00