Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
9059 commits 388 branches 195 tags 269 MiB
Commit graph

9059 commits

This branch
This branch
All branches
Author SHA1 Message Date
Liang Zhu
15bf098e7a rename proc_certificate_status to proc_ocsp_response 2015-07-08 13:39:24 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Liang Zhu
07891b3b66 parse multiple OCSP stapling responses 2015-07-08 12:27:02 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
e2c30f0005 record more timestamp for ocsp measurement 2015-07-06 17:52:13 -07:00
Liang Zhu
d18a96bc8d separated field for ocsp response timestamp and update baseline 2015-07-06 16:12:52 -07:00
Robin Sommer
85b433b13f Adding a weird for when truncated packets lead TCP reassembly to 
ignore content.

(Private test suite has a bunch of test cases.)
 2015-07-03 11:06:05 -07:00
Robin Sommer
de3932bc42 A bit more cleanup for the new overlap detection. 2015-07-03 09:05:44 -07:00
Robin Sommer
5d30be2083 A set of tests exercising IP defragmentation and TCP reassembly. 2015-07-03 08:40:22 -07:00
Robin Sommer
c1f060be63 Merge branch 'topic/yunzheng/bit-1314' 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
 2015-07-03 08:40:12 -07:00
Liang Zhu
8844d344af add connection in ocsp log 2015-07-02 17:46:43 -07:00
Liang Zhu
da122a6a14 Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-02 16:48:51 -07:00
Liang Zhu
de17c12656 add btest for ocsp-stapling logging 2015-07-02 14:51:07 -07:00
Liang Zhu
386a5b811d add optional logging for parsed ocsp stapling message 2015-07-02 14:23:38 -07:00
Liang Zhu
2743966fcc add a script to combine ocsp with ssl 2015-07-01 17:00:41 -07:00
Robin Sommer
46fc3db8cc Merge remote-tracking branch 'origin/topic/jsiwek/mime-multipart-boundary-leniency' 
* origin/topic/jsiwek/mime-multipart-boundary-leniency:
  Allow '<' and '>' in MIME multipart boundaries.

BIT-1400 #merged
 2015-06-28 12:31:47 -07:00
Robin Sommer
264a824fcc Merge remote-tracking branch 'origin/topic/seth/deflate-missing-headers-fix' 
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...

* origin/topic/seth/deflate-missing-headers-fix:
  Fixes an issue with missing zlib headers on deflated HTTP content.

BIT-1399 #merged
 2015-06-28 12:23:36 -07:00
Robin Sommer
0ac506fd1a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Correct the name used in the header identifier
 2015-06-25 07:12:08 -07:00
Justin Azoff
5c060f302e Correct the name used in the header identifier 2015-06-24 12:26:54 -04:00
Robin Sommer
408c0d8ac3 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Restore the --load-seeds cmd-line option
 2015-06-24 07:51:08 -07:00
Daniel Thayer
368c1463ab Restore the --load-seeds cmd-line option 
Also enabled the short options -G/-H for --load-seeds/--save-seeds.
 2015-06-23 13:16:31 -05:00
Robin Sommer
b98708bf14 Removing dead code for no longer supported -G switch. 2015-06-19 16:27:08 -07:00
Liang Zhu
356480745c add function to get hash of cert issuer name 2015-06-19 15:01:31 -07:00
Robin Sommer
ffa254acd0 Merge remote-tracking branch 'origin/topic/seth/modbus_dpd_fix' 
* origin/topic/seth/modbus_dpd_fix:
  Call ProtocolConfirmed on modbus
 2015-06-19 14:08:13 -07:00
Liang Zhu
d1c568663c add btest and fix bug 2015-06-19 09:37:10 -07:00
Robin Sommer
d54667803b Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Put cmd-line options in alphabetical order
 2015-06-19 09:13:59 -07:00
Seth Hall
7d105935b1 Call ProtocolConfirmed on modbus 
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.

A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
 2015-06-19 07:00:38 -04:00
Daniel Thayer
6c812bd5d6 Put cmd-line options in alphabetical order 
Sorted cmd-line options in alphabetical order to make it easier to
add or remove options (or even to just check if they're listed
correctly in the source code).
 2015-06-18 12:39:46 -05:00
Liang Zhu
d84d1d24e8 add ocsp logging 2015-06-17 19:18:37 -07:00
Liang Zhu
e9baddfd6b add a file analyzer to parse ocsp request and response 
add two events: ocsp_request and ocsp_response
 2015-06-15 11:05:04 -07:00
Jon Siwek
668f3e38ad Updating submodule(s). 
[nomail]
 2015-06-11 12:15:33 -05:00
Johanna Amann
af1a663410 Update submodule 
[nomail]
 2015-06-09 07:31:28 -07:00
Robin Sommer
94c3e32cfa Fixing tiny thing in NEWS. 2015-06-09 07:01:06 -07:00
Johanna Amann
8402ec3b1c Updating submodule(s) and tagging release. 2015-06-08 13:28:17 -07:00
Robin Sommer
582da62d04 Fix reporter errors with GridFTP traffic. 2015-06-08 09:42:06 -07:00
Robin Sommer
659de2b357 Updating submodule(s). 
[nomail]
 2015-06-07 20:59:24 -07:00
Robin Sommer
795a3b8ad8 PE Analyzer: Change how we calculate the rva_table size. 2015-06-06 08:21:27 -07:00
Jon Siwek
7de83e0cf0 Fix a unit test to check for Broker requirement. 2015-06-05 09:10:50 -05:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Robin Sommer
74c83058e6 Test for Broker termination. 2015-06-04 14:48:58 -07:00
Robin Sommer
476a5dbc34 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1408' 
BIT-1408 #merged

* origin/topic/jsiwek/bit-1408:
  BIT-1408: improve I/O loop and Broker IOSource.
 2015-06-04 14:46:30 -07:00
Johanna Amann
e6834367fd miscelaneous missing bits and pieces 2015-06-04 11:16:42 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Robin Sommer
45ccf3abda Updating submodule(s). 
[nomail]
 2015-06-03 09:03:27 -07:00
Jon Siwek
58ea1ff458 BIT-1408: improve I/O loop and Broker IOSource. 2015-06-03 08:25:49 -05:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Jeff Barber
49ece39cb6 One more tinker to Packet -- ensure no uninitialized values 2015-06-02 16:37:23 -04:00
Jeff Barber
97ab422e17 Packet::IP()-created IP_Hdr should not free 2015-06-02 16:37:16 -04:00