Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
17337 commits 387 branches 195 tags 271 MiB
Commit graph

17337 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
31590fbb9b FileAnalysis: improve HTTP integration. 
Seems to be working with various examples I tested, now including
multipart/byteranges.
 2013-03-14 17:05:05 -05:00
Robin Sommer
38e1dc9ca4 Support for cleaning up threads that have terminated. 
Once a BasicThread leaves its run() method, a thread is now marked for
cleaning up, and the ThreadMgr will soon join it to release the OS
resources.

Also, adding a function Log::remove_stream() that remove a logging
stream, stopping all writer threads that are associated with it.

Note, however, that removing a *filter* from a stream still doesn't
clean up any threads. The problem is that because of the output paths
potentially being created dynamically it's unclear if the writer
thread will still be needed in the future. We could add clean writers
up with timeouts, but that doesn't sound great either. So for now, the
only way to sure clean up logging threads is to remove the entire
stream.

Also note that cleanup doesn't work with input threads yet, which
don't seem to terminate (at least in the case I tried).
 2013-03-14 14:59:05 -07:00
Jon Siwek
e0f3713912 FileAnalysis: change file handle -> file id mapping process. 
They're now actually directly related via a hash function that will
produce the same results among different instances in a cluster.
 2013-03-14 14:08:26 -05:00
Jon Siwek
637fe69cf9 FileAnalysis: buffer input that can't get unique file handle immediately 
A retry happens on every new input and also periodically based on a
timer.  If a file handle is returned at those times, the input is
forwarded for analysis, else it keeps retrying until a timeout
threshold.
 2013-03-14 10:57:16 -05:00
Seth Hall
b1f1b64dde Checkpoint 2013-03-14 11:19:39 -04:00
Seth Hall
5734f9ef71 Merge remote-tracking branch 'origin/master' into topic/seth/software-version-updates2 2013-03-14 09:21:13 -04:00
Seth Hall
8778761c07 Checkpoint 2013-03-13 22:55:03 -04:00
Seth Hall
0f99956417 Added Exec, Dir, and ActiveHTTP modules. 2013-03-13 14:36:27 -04:00
Jon Siwek
878dfff2f2 FileAnalysis: decentralize unique file handle generator callbacks. 
The framework now cycles through callbacks based on a table indexed
by analyzer tags, or the special case of service strings if a given
analyzer is overloaded for multiple protocols (FTP/IRC data).  This
lets each protocol script bundle implement the callback locally and
reduces the FAF's external dependencies.
 2013-03-13 10:48:26 -05:00
Robin Sommer
b4824f4207 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add check for truncated link frames.  Addresses #962.
  Fix large memory allocation in IP fragment reassembly.  Addresses #961.
 2013-03-13 07:20:12 -07:00
Bernhard Amann
457ce10e99 and re-enable caching of extracted certs 
I kind of deleted the line by accident...
 2013-03-13 00:34:15 -07:00
Seth Hall
09cbaa7ccc Merge remote-tracking branch 'origin/master' into topic/seth/metrics-merge 
Conflicts:
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.base.frameworks.notice.cluster/manager-1.notice.log
	testing/btest/Baseline/scripts.base.frameworks.notice.suppression-cluster/manager-1.notice.log
	testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/notice.log
 2013-03-13 00:26:55 -04:00
Jon Siwek
bb3228e8f6 FileAnalysis: small tweak to file handle generation. 
For files that go over a single connection, add connection start time
to handle, so the file id will always differ even if the same connection
parameters are later used to transfer a file (same one or different).
 2013-03-12 16:06:06 -05:00
Scott Runnels
afdb80a334 Include required blank line after btest directive to avoid python error. 2013-03-12 16:03:17 -04:00
Jon Siwek
3dd513e26e FileAnalysis: move unique file handle string generation to script-layer 
And add minimal integration with HTTP analyzer.
 2013-03-12 13:44:31 -05:00
Bernhard Amann
a5161783ef and add bae64 bif tests. 2013-03-12 09:33:49 -07:00
Bernhard Amann
a1896fde90 Merge remote-tracking branch 'origin/master' into topic/bernhard/base64 2013-03-12 09:28:07 -07:00
Bernhard Amann
2b28c3a578 re-unify classes 2013-03-12 09:27:59 -07:00
Bernhard Amann
fdc8de7596 add sqlite tests and fix small vector/set escaping bugs 2013-03-11 14:22:35 -07:00
Bernhard Amann
a251a1c39a fix small bug with vectors and sets. 
On a first glance - this kind of seems to work. On mac-os you need
a newer than the system-installed sqlite - the hanging problem only
occurs with that one...
 2013-03-11 13:10:56 -07:00
Bernhard Amann
5d12765886 make work with newer AsciiFormatter. 2013-03-11 12:01:49 -07:00
Bernhard Amann
8cb91de93a Merge remote-tracking branch 'origin/master' into topic/bernhard/sqlite 
Conflicts:
	src/threading/AsciiFormatter.cc
 2013-03-11 11:47:10 -07:00
Jon Siwek
1f6cac9b6d Merge branch 'master' into topic/jsiwek/file-analysis 2013-03-11 13:20:45 -05:00
Jon Siwek
90ca2b87c4 Add check for truncated link frames. Addresses #962. 
Patch provided by jbaines, modified with a more descriptive Weird name.
 2013-03-11 11:58:54 -05:00
Jon Siwek
8d5434ef2d Fix large memory allocation in IP fragment reassembly. Addresses #961. 
Patch by jbaines modified slightly to return earlier so that the
problem packet can't cause any state change in the FragReassembler.
 2013-03-11 10:54:51 -05:00
Scott Runnels
5249a30c46 Expanding on records, including two simple examples. 2013-03-11 00:19:23 -04:00
Scott Runnels
d41883fb91 Merge remote-tracking branch 'origin/master' into topic/documentation 
Conflicts:
	doc/index.rst
 2013-03-11 00:17:58 -04:00
Robin Sommer
0075973249 Updating submodule(s). 
[nomail]
 2013-03-08 09:41:35 -08:00
Robin Sommer
f193fc25f6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix race-condition in table-event test.
 2013-03-08 09:19:04 -08:00
Bernhard Amann
1fb05da9cd Fix race-condition in table-event test. 
Event depended on the input manager receiving all lines from the reader
before the first input event was processed by the scripting layer.
 2013-03-07 20:28:18 -08:00
Robin Sommer
74a529d937 Updating submodule(s). 
[nomail]
 2013-03-07 19:33:19 -08:00
Robin Sommer
f830ed3edf s/bro-ids.org/bro.org/g 2013-03-07 19:33:04 -08:00
Robin Sommer
d3bf552a63 Merge remote-tracking branch 'origin/topic/jsiwek/ticket-957' 
* origin/topic/jsiwek/ticket-957:
  Fix function type-equivalence requiring same param names, addresses #957

Closes #957.
 2013-03-07 13:31:55 -08:00
Robin Sommer
3cd3e26154 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix new[]/delete mismatch in RE.cc reported by jbaines, addresses #958.
  Fix compiler warnings.
 2013-03-07 13:28:35 -08:00
Jon Siwek
7e4963b22c Fix new[]/delete mismatch in RE.cc reported by jbaines, addresses #958. 2013-03-07 14:44:01 -06:00
Jon Siwek
f4d59f8137 Fix compiler warnings. 2013-03-07 14:41:18 -06:00
Jon Siwek
2293443ea0 Fix function type-equivalence requiring same param names, addresses #957 2013-03-07 13:02:33 -06:00
Scott Runnels
2f54d584e7 Merge remote-tracking branch 'origin/master' into topic/documentation 2013-03-07 13:25:47 -05:00
Jon Siwek
589952f4d9 Merge branch 'master' into topic/jsiwek/file-analysis 
Conflicts:
	src/FileAnalyzer.cc
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-03-07 11:06:00 -06:00
Robin Sommer
8ee4382721 Updating submodule(s). 
[nomail]
 2013-03-06 18:32:43 -08:00
Robin Sommer
a4e40bb402 Merge remote-tracking branch 'origin/topic/bernhard/vector-assignment' 
Closes #956.

* origin/topic/bernhard/vector-assignment:
  change vector assignment operator and remove unnecessary argument (expr)
 2013-03-06 16:50:53 -08:00
Robin Sommer
8a6d68e00f Merge remote-tracking branch 'origin/topic/bernhard/remove-length' 
Closes #955.

* origin/topic/bernhard/remove-length:
  forgot to remove the baselines for the now unnecessary bifs
  remove the byte_len and length bifs
 2013-03-06 16:46:20 -08:00
Robin Sommer
1bd2f26df3 Merge remote-tracking branch 'origin/topic/seth/notice-framework-updates' 
So much nicer!

Closes #954.

* origin/topic/seth/notice-framework-updates:
  Update notice framework documentation to represent the new reality.
  Complete removal of the old table based notice policy mechanism.
  Updates for the notices framework.
 2013-03-06 16:45:30 -08:00
Robin Sommer
9f99a4a942 Merge remote-tracking branch 'origin/topic/jsiwek/local-container-init' 
Closes #952.

* origin/topic/jsiwek/local-container-init:
  Fix init of local sets/vectors via curly brace initializer lists.
 2013-03-06 15:11:10 -08:00
Robin Sommer
d931079021 Merge remote-tracking branch 'origin/topic/jsiwek/ticket946' 
Closes #946.

* origin/topic/jsiwek/ticket946:
  Fix memory leaks resulting from 'when' and 'return when' statements.
  Fix three bugs with 'when' and 'return when' statements. Addresses #946
 2013-03-06 15:09:24 -08:00
Robin Sommer
a15b630cac Merge remote-tracking branch 'origin/topic/jsiwek/gtp-enhancements' 
* origin/topic/jsiwek/gtp-enhancements:
  Add parsing for GTPv1 extension headers and control messages.
 2013-03-06 15:00:45 -08:00
Robin Sommer
c13eae3253 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix possible null pointer dereference in identify_data BIF.
  Fix build on OpenBSD 5.2.
 2013-03-06 14:54:50 -08:00
Bernhard Amann
a005d77369 forgot to remove the baselines for the now unnecessary bifs 2013-03-06 14:14:55 -08:00
Bernhard Amann
8f259f866d change vector assignment operator and remove unnecessary argument (expr) 2013-03-06 14:08:06 -08:00
Bernhard Amann
986b346e3f remove the byte_len and length bifs 2013-03-06 13:45:42 -08:00