Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9059 commits 388 branches 195 tags 268 MiB
Commit graph

9059 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
2b0a28686a Cleaned up stats collection. 
- Removed the gap_report event.  It wasn't used anymore
   and functionally no more capable that scheduling events
   and using the get_gap_summary bif.

 - Added functionality to Dictionaries to count cumulative
   numbers of inserts performed.  This is further used to
   measure the total number of connections of various types.
   Previously only the number of active connections was
   available.

 - The Reassembler base class now tracks active reassembly
   size for all subclasses (File/TCP/Frag & unknown).

 - Improvements to the stats.log.  Mostly, more information.
 2016-01-04 00:55:52 -05:00
wglodek
020b09faa0 update ParseRequest to handle missing uri 2015-12-23 13:37:06 -05:00
Robin Sommer
374e61ee20 Updating submodule(s). 
[nomail]
 2015-12-19 13:40:28 -08:00
Robin Sommer
4218ab2dba Updating submodule. 2015-12-18 17:47:47 -08:00
Robin Sommer
aee312b5d2 Adding usage guard to canonifier script. 2015-12-18 12:59:26 -08:00
Robin Sommer
5cb4cd3970 Merge branch 'patch-1' of https://github.com/aeppert/bro 2015-12-18 11:43:38 -08:00
Robin Sommer
677f1172d9 Merge remote-tracking branch 'origin/topic/johanna/os-x-openssl' 
* origin/topic/johanna/os-x-openssl:
  Update installation instructions to add os-x openssl dependency.

BIT-1506 #merged
 2015-12-18 11:27:10 -08:00
Robin Sommer
eae21d4d33 Merge branch 'master' of git.bro.org:bro 2015-12-18 11:22:39 -08:00
Robin Sommer
0ba6bec710 Merge remote-tracking branch 'origin/topic/johanna/irc-starttls' 
* origin/topic/johanna/irc-starttls:
  StartTLS support for IRC

BIT-1513 #merged
 2015-12-18 11:20:59 -08:00
Jan Grashoefer
6f891ca2ff Added test-case for intel framework matching email 
Addresses #1507
 2015-12-16 14:51:02 +01:00
Johanna Amann
d92fd52b35 Remove measurement scripts 2015-12-14 16:06:31 -08:00
Johanna Amann
da9b5425e4 Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp 2015-12-14 16:05:41 -08:00
Johanna Amann
25a8d87da9 Change one forgotten bro-ids.org to bro.org 2015-12-14 15:58:16 -08:00
Johanna Amann
c93a9fbebd Log only local-originated IPs. 2015-12-08 14:55:50 -08:00
Robin Sommer
f0a28788ad Updating submodule(s). 
[nomail]
 2015-12-04 16:50:53 -08:00
Robin Sommer
bb51f40d93 Merge branch 'master' of git.bro.org:bro 2015-12-04 16:49:44 -08:00
Robin Sommer
952c64a793 Delaying BinPAC initializaton until afte plugins have been activated. 2015-12-04 16:40:43 -08:00
Robin Sommer
6dd32c649b Merge branch 'topic/robin/bpf-vector' 
* topic/robin/bpf-vector:
  Use better data structure for storing BPF filters.
 2015-12-04 15:25:56 -08:00
Aaron Eppert
5d1ed9c134 Update windows-version-detection.bro 
mscrl.microsoft.com is the proper hostname, however to be safe, let's use regex to identify it.
 2015-12-04 09:46:14 -05:00
Johanna Amann
cf97d1e991 Update installation instructions to add os-x openssl dependency. 
Also remove blob about binary mac packages, which we no longer provide.
 2015-12-01 13:13:48 -08:00
Seth Hall
4e4dece70a SIP scripts code cleanup. 
- Daniel Guerra pointed out a type issue for SIP
   request and response code length fields which is now
   corrected.
 - Some redundant code was removed.
 - if/else tree modified to use switch instead.
 2015-11-29 00:24:53 -05:00
Robin Sommer
c22a6f67d2 Use better data structure for storing BPF filters. 2015-11-23 19:55:02 -08:00
Robin Sommer
17bc615467 Making cluster reconnect timeout configurable. 2015-11-17 13:43:58 -08:00
Robin Sommer
931837c5a2 Bugfix for communication child loop. 
It could end up blocking indefinitly in cases where it shouldn't.
 2015-11-17 13:27:49 -08:00
Robin Sommer
eb6e8c75b9 Updating submodule(s). 
[nomail]
 2015-11-16 07:31:42 -08:00
Jon Siwek
21c6b52c28 Updating submodule(s). 
[nomail]
 2015-11-11 09:24:16 -06:00
Robin Sommer
39a5325ea0 Updating submodule(s). 
[nomail]
 2015-11-10 13:34:53 -08:00
Robin Sommer
037285555f Updating submodule(s). 
[nomail]
 2015-11-10 13:33:33 -08:00
Robin Sommer
1da6f4a430 Fix to compile with OpenSSL that has SSLv3 disalbed. 
Patch by Christoph Pietsch.
 2015-11-10 13:31:02 -08:00
Robin Sommer
96791d707f Merge remote-tracking branch 'origin/topic/dnthayer/ticket1503' 
* origin/topic/dnthayer/ticket1503:
  Fix potential race condition when logging VLAN info to conn.log

BIT-1503 #merged
 2015-11-10 13:20:49 -08:00
Daniel Thayer
28f4d45d33 Fix potential race condition when logging VLAN info to conn.log 
Lowered priority of a connection_state_remove event handler to ensure
that the "conn" field is initialized in the connection record before
attempting to add the VLAN tags.
 2015-11-05 12:14:05 -06:00
Robin Sommer
1119ca8792 Updating submodule(s). 
[nomail]
 2015-10-28 07:09:03 -07:00
Robin Sommer
329594e8a2 Updating NEWS. 2015-10-27 16:11:43 -07:00
Robin Sommer
cae66721e6 Adding missing file. 2015-10-26 16:58:44 -07:00
Robin Sommer
9d7ec6b6d2 Merge branch 'master' of https://github.com/aeppert/bro 
Cleaned up the surrounding code a bit and also added '[' as another
case (not sure that can happen, but doesn't hurt eihter).

* 'master' of https://github.com/aeppert/bro:
  Whitespace
  Remove
  Remove.
  Fix for JSON formatter
  A fatal error, especially in DEBUG, should result in a core.
  Seems to fix a case where an entry in the table may be null on insert.
 2015-10-26 16:52:47 -07:00
Aaron Eppert
3b027fdebb Whitespace 2015-10-26 18:10:26 -04:00
Aaron Eppert
053aa40335 Remove 2015-10-26 18:09:38 -04:00
Aaron Eppert
1b09734b31 Remove. 2015-10-26 18:06:41 -04:00
Aaron Eppert
295dbc3055 Fix for JSON formatter 
In the event that the first entry in a record is optional AND not present, the serializer will incorrectly add a leading comma. This leading common is invalid JSON and will, more often than not, cause parser failures downstream.
 2015-10-26 17:55:01 -04:00
Aaron Eppert
81d141959f Merge branch 'bro-master' 2015-10-26 17:48:21 -04:00
Robin Sommer
a83d97937e Extending rexmit_inconsistency() event to receive an additional 
parameter with the packet's TCP flags, if available.
 2015-10-26 14:16:08 -07:00
Robin Sommer
88a4683d22 Updating NEWS for new plugins. 2015-10-26 13:43:56 -07:00
Robin Sommer
41ebce097d Merge remote-tracking branch 'origin/topic/johanna/tls_early_alert' 
* origin/topic/johanna/tls_early_alert:
  Add missing pcap file for tls dpd test.
 2015-10-23 15:23:19 -07:00
Robin Sommer
a6b884e764 Removing pcap options for AF_PACKET support. 
Turns out that's not working. Addresses BIT-1363.
 2015-10-23 15:06:02 -07:00
Johanna Amann
c7f0945f54 Add missing pcap file for tls dpd test. 2015-10-23 15:04:26 -07:00
Robin Sommer
cf4fcf5751 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Correct a typo in controller.bro documentation
 2015-10-23 14:05:29 -07:00
Robin Sommer
a1c0d9d91c Merge remote-tracking branch 'origin/topic/johanna/tls_early_alert' 
* origin/topic/johanna/tls_early_alert:
  Extend ssl dpd signature to allow alert before server_hello.

BIT-1496 #merged
 2015-10-23 14:04:43 -07:00
Robin Sommer
ecc09c11ca Merge remote-tracking branch 'origin/topic/johanna/string_vec_null' 
* origin/topic/johanna/string_vec_null:
  Make join_string_vec work with vectors containing empty elements.

BIT-1495 #merged
 2015-10-23 13:12:42 -07:00
Robin Sommer
c151a25843 Fix support for HTTP connect when server adds headers to response. 
Patch by Eric Karasuda.

I slightly tweaked the patch to not need a new member variable. Also
turned the provided trace into a test case.
 2015-10-23 13:10:33 -07:00
Johanna Amann
401e6c9102 Extend ssl dpd signature to allow alert before server_hello. 
The alert in this case is caused by the server name in the SNI not being
recognized by the server, which triggers an alert. Since the server is
an apache, and this might happen reasonably often, the new signature
allows one TLS alert before the server hello is expected.
 2015-10-22 13:36:21 -07:00