Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
14950 commits 390 branches 197 tags 281 MiB
Commit graph

169 commits

Author SHA1 Message Date
Josh Soref
cd201aa24e Spelling src 
These are non-functional changes.

* accounting
* activation
* actual
* added
* addresult
* aggregable
* aligned
* alternatively
* ambiguous
* analysis
* analyzer
* anticlimactic
* apparently
* application
* appropriate
* arithmetic
* assignment
* assigns
* associated
* authentication
* authoritative
* barrier
* boundary
* broccoli
* buffering
* caching
* called
* canonicalized
* capturing
* certificates
* ciphersuite
* columns
* communication
* comparison
* comparisons
* compilation
* component
* concatenating
* concatenation
* connection
* convenience
* correctly
* corresponding
* could
* counting
* data
* declared
* decryption
* defining
* dependent
* deprecated
* detached
* dictionary
* directional
* directly
* directory
* discarding
* disconnecting
* distinguishes
* documentation
* elsewhere
* emitted
* empty
* endianness
* endpoint
* enumerator
* essentially
* evaluated
* everything
* exactly
* execute
* explicit
* expressions
* facilitates
* fiddling
* filesystem
* flag
* flagged
* for
* fragments
* guarantee
* guaranteed
* happen
* happening
* hemisphere
* identifier
* identifies
* identify
* implementation
* implemented
* implementing
* including
* inconsistency
* indeterminate
* indices
* individual
* information
* initial
* initialization
* initialize
* initialized
* initializes
* instantiate
* instantiated
* instantiates
* interface
* internal
* interpreted
* interpreter
* into
* it
* iterators
* length
* likely
* log
* longer
* mainly
* mark
* maximum
* message
* minimum
* module
* must
* name
* namespace
* necessary
* nonexistent
* not
* notifications
* notifier
* number
* objects
* occurred
* operations
* original
* otherwise
* output
* overridden
* override
* overriding
* overwriting
* ownership
* parameters
* particular
* payload
* persistent
* potential
* precision
* preexisting
* preservation
* preserved
* primarily
* probably
* procedure
* proceed
* process
* processed
* processes
* processing
* propagate
* propagated
* prototype
* provides
* publishing
* purposes
* queue
* reached
* reason
* reassem
* reassemble
* reassembler
* recommend
* record
* reduction
* reference
* regularly
* representation
* request
* reserved
* retrieve
* returning
* separate
* should
* shouldn't
* significant
* signing
* simplified
* simultaneously
* single
* somebody
* sources
* specific
* specification
* specified
* specifies
* specify
* statement
* subdirectories
* succeeded
* successful
* successfully
* supplied
* synchronization
* tag
* temporarily
* terminating
* that
* the
* transmitted
* true
* truncated
* try
* understand
* unescaped
* unforwarding
* unknown
* unknowndata
* unspecified
* update
* usually
* which
* wildcard

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-09 12:08:15 -05:00
Tim Wojtulewicz
70e63d4749 Remove deprecated MemoryAllocation() methods and related code 2022-06-30 18:56:52 +00:00
Tim Wojtulewicz
7c4fd382d9 Code modernization: Convert from deprecated C standard library headers 2022-06-27 09:47:31 -07:00
Tim Wojtulewicz
a9fd4a60e0 GH-1991: Add option to limit the number of tunnel_changed events 2022-06-22 09:39:42 -07:00
Tim Wojtulewicz
1f8d406658 Only set connection history if strings differ 2022-05-09 14:35:56 -07:00
Tim Wojtulewicz
8b544d648d Remove uses of deprecated Tag types 2021-11-23 19:36:49 -07:00
Tim Wojtulewicz
9cb54f5d44 clang-format: Force zeek-config.h to be earlier in the config ordering 2021-09-25 11:52:55 -07:00
Robin Sommer
c5ebe299b1 Merge remote-tracking branch 'origin/topic/justin/conn-remove-empty-string-allocation' 
* origin/topic/justin/conn-remove-empty-string-allocation:
  Avoid allocation of 0 length strings on new conns
 2021-09-23 12:32:42 +02:00
Justin Azoff
971808ba3f Avoid allocation of 0 length strings on new conns 
New connections already do

    conn_val->Assign(6, val_mgr->EmptyString());

This second assignment was effectively doing

    conn_val->Assign(6, "")

for all new connections, causing a new empty ZeekString to be allocated.

On a pcap containing 100% syn packets this gives a noticeable perf improvement.

    Benchmark #1: zeek.orig -r /data/pcaps/scan.pcap
      Time (mean ± σ):     47.082 s ±  0.547 s    [User: 57.555 s, System: 9.114 s]
      Range (min … max):   46.516 s … 47.834 s    5 runs

    Benchmark #2: zeek -r /data/pcaps/scan.pcap
      Time (mean ± σ):     45.260 s ±  0.378 s    [User: 55.438 s, System: 8.537 s]
      Range (min … max):   44.783 s … 45.789 s    5 runs

    Summary
      'zeek -r /data/pcaps/scan.pcap' ran
        1.04 ± 0.01 times faster than 'zeek.orig -r /data/pcaps/scan.pcap'
 2021-09-22 07:53:03 -04:00
Tim Wojtulewicz
b2f171ec69 Reformat the world 2021-09-16 15:35:39 -07:00
Tim Wojtulewicz
a7fd34375f GH-572: Mark MemoryAllocation() and related methods deprecated 2021-06-28 11:07:58 -07:00
Tim Wojtulewicz
12d768d0d8 Remove obsolete Skipping()/SetSkip() from Connection 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
4114bbebf0 Move TCPStateStats object out of session_mgr 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
f6e31107e1 Move old TCP analyzer into analyzer adapter in packet analysis tree 2021-06-02 13:20:10 -07:00
Tim Wojtulewicz
b22ce6848f Rename IPBasedTransportAnalyzer to SessionAdapter 
This also also combines the old TransportLayerAnalyzer class into
SessionAdapter, and removes the old class. This requires naming changes
in a few places but no functionality changes.
 2021-05-18 15:19:12 -07:00
Tim Wojtulewicz
9684624a52 Rename ConnID and ConnIDKey 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
0b7ca5e7bc Remove Session prefix from some session-related classes and files 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
18c6aaaa33 Move session code into new directory and into zeek::session namespace 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
c8844677f1 Review cleanup 
- Add constructors for ConnIDKey, remove BuildConnIDKey()
- Rename protocol stats classes and move to implementation file
- Rename "num" field of protocol stats to "active"
- Explicitly delete copy operations for SessionKey
- Change argument for ProtocolStats methods to const-reference
- Make key validity methods in Session not be virtual
- Rename Session::ClearKey and Session::IsKeyValid
 2021-04-29 11:09:35 -07:00
Tim Wojtulewicz
63fd1611ca Rename some connection-specific methods in Session and SessionManager 2021-04-29 10:59:08 -07:00
Tim Wojtulewicz
db1d753b35 Rename NetSessions to SessionManager 
This also includes:
- Deprecating the NetSessions name.
- Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name.
- Renaming Sessions.{h,cc} to SessionManager.{h,cc}.
 2021-04-29 10:24:45 -07:00
Tim Wojtulewicz
8fbab9408a Add new Session base class 
This is mostly code copied from the existing Connection class, as that class now
inherits from Session.
 2021-04-29 10:24:45 -07:00
Tim Wojtulewicz
50713b3c2d Move some code out of NetSessions 
- TCPStateStats update when a session is removed was moved to Connection
- Stepping Stone manager moved to a singleton object in SteppingStoneManager
 2021-04-29 10:24:44 -07:00
Vern Paxson
62bab66114 migration to using new differentiated methods for setting record fields 2021-02-25 16:59:26 -08:00
Vern Paxson
931cec4e06 use differentiated record field accessors 2021-02-25 14:47:44 -08:00
Jon Siwek
8a8a983c49 Add missing zeek/ to header includes 
Related to https://github.com/zeek/zeek/pull/1377
 2021-01-29 19:16:29 -08:00
Tim Wojtulewicz
0618be792f Remove all of the random single-file deprecations 
These are the changes that don't require a ton of changes to other files outside
of the original removal.
 2021-01-27 10:52:40 -07:00
Tim Wojtulewicz
4962986df1 Remove GET_FIELD_AS macro, replace with template methods 2021-01-14 11:58:59 -07:00
Vern Paxson
7f92a573d2 Remove BroValUnion by hoisting underlying Val subclass values into subclasses 2021-01-14 11:58:59 -07:00
Jon Siwek
a35cd2a726 GH-1321: Prevent compounding of connection_status_update event timers 
Particularly for ICMP connections, a new timer got added every time a
`connection` record was updated even if there was still a pending timer
for that connection.
 2020-12-08 11:20:02 -08:00
Tim Wojtulewicz
e27008ef26 GH-1184: Add 'source' field to weird log denoting where the weird was reported 2020-12-01 09:34:37 -07:00
Tim Wojtulewicz
0e9227b753 Use binpac.h as if it was an external dependency 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
41dcd0cde0 Use shared_ptr for encapsulation data instead of raw pointer 2020-10-15 12:49:05 -07:00
Tim Wojtulewicz
8a7730f4c8 Remove unused LoginConn type and variable in Conn.h 2020-10-13 11:13:02 -07:00
Jon Siwek
5f435c2644 Remove connection_successful and successful_connection_remove events 
Related to https://github.com/zeek/zeek/issues/1119
 2020-09-10 12:06:50 -07:00
Tim Wojtulewicz
fe0c22c789 Base: Clean up explicit uses of namespaces in places where they're not necessary. 
This commit covers all of the common and base classes.
 2020-08-24 12:07:00 -07:00
Tim Wojtulewicz
0ac3fafe13 Move zeek::net namespace to zeek::run_state namespace. 
This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
01ce18894b Rename types in ZeekList.h to be consistent with the style guide 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
a34e632eef Move NetVar from zeek to zeek::detail namespace 2020-08-20 16:11:46 -07:00
Tim Wojtulewicz
ddf48d7529 Move a few of the zeek::util methods and variables to zeek::util::detail 2020-08-20 16:11:44 -07:00
Tim Wojtulewicz
8d2d867a65 Move everything in util.h to zeek::util namespace. 
This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_.
 2020-08-20 16:00:33 -07:00
Tim Wojtulewicz
e7c6d51ae7 Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
914ffcadae Move arp, tcp, udp, pia, and stepping stone analyzers 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
7fefdd97af Move Conn and related types to zeek namespace 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
e3ee1860b8 Move Session code to namespaces 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
4e9a5e9d98 Move ODesc to zeek namespace 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
fdcb2760b2 Move Stats and related classes to zeek::detail 2020-07-31 16:25:53 -04:00
Tim Wojtulewicz
c9ab1f93e7 Move a few low-use classes to namespaces 2020-07-31 16:25:47 -04:00
Tim Wojtulewicz
93948b4d19 Move all of the Packet-related classes to namespaces 2020-07-31 16:23:34 -04:00