Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9059 commits 390 branches 195 tags 268 MiB
Commit graph

9059 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
871b340ade Fix broker python bindings install location to track --prefix. 2015-07-22 10:58:09 -05:00
Robin Sommer
10b61b1d16 Increasing plugin API version. 
The layer 2 updates introduced some API changes.
 2015-07-22 06:53:20 -07:00
Liang Zhu
cea1b62a9a small bug fix 2015-07-21 23:38:56 -07:00
Liang Zhu
725d116852 Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 19:30:14 -07:00
Liang Zhu
62225d5f5f Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 18:40:45 -07:00
Robin Sommer
8ad504ad4f Enabling Broker by default. 
This means CAF is now a required dependency. For now, I'm keeping a
switch --disable-broker to turn it off, but I'm thinking that
eventually we should remove that as well.
 2015-07-21 18:20:34 -07:00
Liang Zhu
462f6608a8 log the time for server first encrypted application data 2015-07-21 14:44:33 -07:00
Johanna Amann
0b897c70da Add xmpp dpd sig and fix a few parsing problems for connections that do 
not upgrade to TLS.
 2015-07-21 13:20:35 -07:00
Robin Sommer
93846d428f Requiring a C++11 compiler, and turning on C++11 support. 2015-07-21 13:19:18 -07:00
Johanna Amann
574bcb0a51 Add simple XMPP StartTLS analyzer. 
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.

While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
 2015-07-21 12:18:14 -07:00
Robin Sommer
748450c61f Updating submodule(s). 
[nomail]
 2015-07-21 12:07:40 -07:00
Robin Sommer
ff21fa42d3 Updating submodule(s). 
[nomail]
 2015-07-21 09:39:36 -07:00
Robin Sommer
e4c6779a67 Fixing compiler warning. 2015-07-21 08:36:23 -07:00
Robin Sommer
358f3bfe84 Merge branch 'topic/robin/rework-packets-merge' 2015-07-21 08:32:08 -07:00
Robin Sommer
f97b2b180c Moving the remaining code from Layer2.* into Packet.* and documenting 
the Packet API.

Plus, some more cleanup, including removing a legacy option
time_machine_profiling.
 2015-07-21 08:30:23 -07:00
Liang Zhu
5f2cb840d7 add user_agent to ocsp-to-match log 2015-07-20 16:55:19 -07:00
Robin Sommer
f69edd1437 Adding missing files. 2015-07-20 16:49:03 -07:00
Robin Sommer
fcf8cef949 Updating submodule(s). 
[nomail]
 2015-07-20 16:23:10 -07:00
Robin Sommer
c72d191ab5 Refactoring L2 parsing code to reside in the Packet class. 
That way it can be reused more easily. This also avoid having to
change the serialization structure for packets, which is a problem as
external sources of packets (via Broccoli) wouldn't have the new
attributes available to send.

Also moving Packet.{h,cc} and Layer2.{h,cc} into iosource/, and
removing header size from properties that packet sources have to
provide, as we can now compute that easily from the link type.

Plus some more cleanup.
 2015-07-20 16:21:34 -07:00
Liang Zhu
fa654121ec fix url parsing bug 2015-07-20 15:46:21 -07:00
Liang Zhu
b4fce308f0 minor change to deal with empty request 2015-07-18 19:36:47 -07:00
Liang Zhu
4e8d15d8d1 small bug fix 2015-07-18 01:53:28 -07:00
Liang Zhu
0c3b03ac8d log original uri and fix GET url parsing 2015-07-18 01:06:31 -07:00
Robin Sommer
64a478dbd5 Determining final L3 layer protocol right inside PktSrc. 2015-07-17 21:44:42 -07:00
Liang Zhu
6c9b49a5d7 fix a bug for ocsp-ssl-split.bro 2015-07-17 16:00:18 -07:00
Robin Sommer
86440e44fc Adding more cross-checks for IP. 
This prevents a few more packets from reaching raw_events(), see
baseline update for the corresponding test.
 2015-07-17 13:59:12 -07:00
Robin Sommer
fe3579f1b4 Merge branch 'topic/rework-packets' of https://github.com/jsbarber/bro 
* 'topic/rework-packets' of https://github.com/jsbarber/bro:
  One more tinker to Packet -- ensure no uninitialized values
  Packet::IP()-created IP_Hdr should not free
  Make enums work for non-C++11 config
  Refactor to make bro use a common Packet object. Do a better job of parsing layer 2 and keeping track of layer 3 proto. Add support for raw packet event, including Layer2 headers.

Conflicts:
	aux/plugins
 2015-07-17 12:56:04 -07:00
Liang Zhu
569e637eb1 small changes for parsing GET url 2015-07-16 19:31:58 -07:00
Liang Zhu
d20925f230 make parsing GET url more robust 2015-07-16 19:07:13 -07:00
Liang Zhu
cb0aa7725e fix a few bug for logging 2015-07-16 18:20:57 -07:00
Liang Zhu
00a0313967 fix a bug for parsing OCSP Get request 2015-07-16 18:10:05 -07:00
Johanna Amann
5f07268805 Small changes to iana tls registry. 2015-07-16 16:40:35 -07:00
Robin Sommer
924549bd4d Updating submodule(s). 
[nomail]
 2015-07-15 13:32:17 -07:00
Robin Sommer
4d6efa4e02 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  (Hopefully) fix race condition between trace and intel file.
 2015-07-15 13:31:43 -07:00
Liang Zhu
f0c642cd25 update logging for ocsp and baseline 2015-07-15 13:31:41 -07:00
Liang Zhu
fb757d96a6 clean up ocsp/main.bro 2015-07-15 10:39:46 -07:00
Johanna Amann
0d9869a2aa (Hopefully) fix race condition between trace and intel file. 2015-07-15 09:14:36 -07:00
Liang Zhu
fc35ab9bf5 add a btest for ocsp http get 2015-07-15 01:30:46 -07:00
Liang Zhu
c2f1c428f0 fix a bug and update baseline 2015-07-15 01:06:12 -07:00
Liang Zhu
01094bfc43 add parsing ocsp request in get url 2015-07-15 00:40:39 -07:00
Robin Sommer
70d222135b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Correct perl package name on freebsd
 2015-07-14 08:05:03 -07:00
Robin Sommer
8fb708b9b2 Adding an environemtn variable to btest.cfg for external scripts. 2015-07-13 22:13:10 -07:00
Liang Zhu
1f5a7aecbc change log schema for ocsp-ssl-split.bro 2015-07-13 15:23:56 -07:00
Liang Zhu
9553c8aefc separated logging for ocsp and ssl 2015-07-12 13:52:26 -07:00
Robin Sommer
31dda41169 Updating submodule(s). 
[nomail]
 2015-07-10 07:15:40 -07:00
Justin Azoff
8d8dc890dd Correct perl package name on freebsd 
Based on feedback on IRC, the correct package name is 'perl5', not 'perl'
 2015-07-10 08:35:18 -04:00
Liang Zhu
406fec9ef4 potentially fix a memory problem ocsp-measurement 2015-07-09 11:56:58 -07:00
Liang Zhu
535525e283 fix a memory leak 2015-07-08 18:20:29 -07:00
Liang Zhu
6947387522 add status_type to ocsp stapling log 2015-07-08 14:21:53 -07:00
Liang Zhu
545848d906 add parameter 'status_type' to event ssl_stapled_ocsp 2015-07-08 14:11:14 -07:00