Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6015 commits 387 branches 195 tags 271 MiB
Commit graph

6015 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
65ea4f9862 Replacing TODO in NEWS. 2014-05-16 14:56:19 -07:00
Daniel Thayer
bb7781d2f6 Update some doc tests and line numbers 2014-05-16 16:53:56 -05:00
Robin Sommer
d242f6986f Updating submodule(s). 
[nomail]
 2014-05-16 14:52:19 -07:00
Robin Sommer
76c3d34a8e Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix a doc build warning
 2014-05-16 14:47:10 -07:00
Robin Sommer
ed4cd9352a Merge remote-tracking branch 'origin/topic/bernhard/even-more-ssl-changes' 
Good stuff! (but I admit I didn't look at the OpenSSL code too closely :)

* origin/topic/bernhard/even-more-ssl-changes:
  small test update & script fix
  update baselines & add ocsp leak check
  Add policy script adding ocsp validation to ssl.log
  Implement verification of OCSP replies.
  Add tls flag to smtp.log. Will be set if a connection switched to startls.
  add starttls support for pop3
  Add smtp starttls support
  Replace errors when parsing x509 certs with weirds (as requested by Seth).
  move tls content types from heartbleed to consts.bro. Seems better to put them there...
  Add new features from other branch to the heartbleed-detector (and clean them up).
  Let TLS analyzer fail better when no longer in sync with the data stream. The version field in each record-layer packet is now re-checked.

BIT-1190 #merged

Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
 2014-05-16 14:45:25 -07:00
Daniel Thayer
d230eed7f8 Fix a doc build warning 2014-05-16 16:05:03 -05:00
Daniel Thayer
9b82028f8c Update a broctl option name in cluster config doc 2014-05-16 14:43:58 -05:00
Jon Siwek
8c3cf8921a Disable all default AppStat plugins except facebook. 
The scripts for the others still remain and can be loaded explicitly,
but they reportedly may produce figures that are far from correct.

Addresses BIT-1171.
 2014-05-16 14:15:39 -05:00
Daniel Thayer
5199cb0293 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1186 2014-05-16 14:01:56 -05:00
Daniel Thayer
08266b409d Minor update to cluster config docs 
Forgot to add one small change in previous commit.
 2014-05-16 13:59:28 -05:00
Bernhard Amann
e749f17821 small test update & script fix 2014-05-16 11:29:47 -07:00
Bernhard Amann
5db240f291 update baselines & add ocsp leak check 2014-05-16 11:23:44 -07:00
Bernhard Amann
d9e7ac6e92 Add policy script adding ocsp validation to ssl.log 2014-05-16 11:21:26 -07:00
Daniel Thayer
25bd2c8d00 Minor updates to cluster config docs 
Incorporated some feedback from Jeannette, and temporarily removed
the PF_RING ZC section.
 2014-05-16 12:58:21 -05:00
Bernhard Amann
55d0c6f7fa Implement verification of OCSP replies. 
The OpenSSL code to do that is a nightmare.
 2014-05-16 10:32:08 -07:00
Seth Hall
dad8c9a74d Update for the active http test to force it to use ipv4. 
It was having trouble because the httpd.py script would start up
a webserver on ipv4 but on some platforms and with some versions
of curl "localhost" will attempt to connect to ::1.
 2014-05-15 21:00:37 -04:00
Robin Sommer
79531a4538 Making test more stable. 2014-05-15 15:41:19 -07:00
Robin Sommer
421120e12c Extending plugin interface. 
This is for feature parity with the older interface, and remains
experimental for now.
 2014-05-15 15:36:48 -07:00
Robin Sommer
aec61e9ea4 Updating submodule. 2014-05-15 15:04:26 -07:00
Robin Sommer
6b3f11493d Making a test's output predictable. 
Plus, a baseline update.
 2014-05-15 15:04:26 -07:00
Robin Sommer
b36df2a272 Updating submodule(s). 
[nomail]
 2014-05-15 11:48:11 -07:00
Robin Sommer
525e757d2a Merge remote-tracking branch 'origin/topic/vladg/radius' into topic/robin/radius-merge 
* origin/topic/vladg/radius:
  Radius functionality and memleak test.
  Update test baselines.
  Move seq to uint64 to match recent changes in seq processing.

BIT-1129 #merged
 2014-05-15 11:39:05 -07:00
Robin Sommer
ebc8ebf5f9 Merge remote-tracking branch 'origin/master' into topic/robin/radius-merge 
Conflicts:
	scripts/base/init-default.bro
 2014-05-15 11:10:11 -07:00
Bernhard Amann
ccccda6da8 Merge remote-tracking branch 'origin/master' into topic/bernhard/even-more-ssl-changes 2014-05-15 10:59:13 -07:00
Bernhard Amann
10cc44b37f Add tls flag to smtp.log. Will be set if a connection switched to startls. 2014-05-15 10:53:11 -07:00
Seth Hall
c536db0feb Merge remote-tracking branch 'origin/topic/bernhard/ticket1177' 
* origin/topic/bernhard/ticket1177:
  define empty request_key method for sumstats in cluster mode.
 2014-05-15 13:50:16 -04:00
Bernhard Amann
388b8f92ec add starttls support for pop3 2014-05-15 10:25:21 -07:00
Bernhard Amann
6bc914458b Add smtp starttls support 2014-05-15 09:59:43 -07:00
Vlad Grigorescu
0706567e68 Merge branch 'topic/vladg/radius' of ssh://git.bro.org/bro into topic/vladg/radius 2014-05-15 11:50:58 -04:00
Vlad Grigorescu
9ab4744072 Radius functionality and memleak test. 2014-05-15 11:49:03 -04:00
Vlad Grigorescu
a3e00322a2 Update test baselines. 2014-05-15 11:18:00 -04:00
Vlad Grigorescu
d88f8d77cb Move seq to uint64 to match recent changes in seq processing. 2014-05-15 09:47:20 -04:00
Vlad Grigorescu
df99f87dbf Merge origin/master into topic/vladg/radius 2014-05-14 23:23:08 -04:00
Robin Sommer
bbd409d274 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
(Never good to name a branch after version anticipated to include it ...)
 2014-05-14 16:23:04 -07:00
Bernhard Amann
746c073729 Replace errors when parsing x509 certs with weirds (as requested by Seth). 
The one I did not replace is a malloc issue which I think really should
raise an error.
 2014-05-14 15:53:26 -07:00
Bernhard Amann
5bd0c3fcaf move tls content types from heartbleed to consts.bro. Seems better to put them there... 2014-05-14 15:45:47 -07:00
Bernhard Amann
f0b244b8b0 Add new features from other branch to the heartbleed-detector (and clean them up). 
We should now quite reliably detect scans/attacks, even when encrypted and not succesful.
 2014-05-14 15:42:27 -07:00
Robin Sommer
37dd331256 Updating submodule(s). 
[nomail]
 2014-05-08 17:08:41 -07:00
Robin Sommer
96bcc2d69d Merge branch 'topic/robin/bit-348-merge' 
* topic/robin/bit-348-merge:
  Fixing compiler warnings.
  Update SNMP analyzer's DeliverPacket method signature.
  Fix reassembly of data w/ sizes beyond 32-bit capacities (BIT-348).

BIT-348 #merged
 2014-05-08 16:33:59 -07:00
Bernhard Amann
9014629a7d Let TLS analyzer fail better when no longer in sync with the data stream. The 
version field in each record-layer packet is now re-checked.
 2014-05-08 11:32:52 -07:00
Jon Siwek
012156e9f1 Merge branch 'topic/jsiwek/asan-fixes' 2014-05-07 11:03:05 -05:00
Jon Siwek
4ea8a4e8ef Change handling of atypical OpenSSL error case in x509 verification. 2014-05-07 10:45:00 -05:00
Jon Siwek
6277be6e60 Fix memory leaks in X509 certificate parsing/verification. 2014-05-06 20:50:37 -05:00
Jon Siwek
37b860d325 Fix new []/delete mismatch in input::reader::Raw::DoClose(). 2014-05-06 12:55:50 -05:00
Jon Siwek
af3b87e100 Fix buffer over-reads in file_analysis::Manager::Terminate() 2014-05-06 12:36:02 -05:00
Jon Siwek
965e4d421d Fix buffer overlows in IP address masking logic. 
That could occur either in taking a zero-length mask on an IPv6 address
(e.g. [fe80::]/0) or a reverse mask of length 128 on any address (e.g.
via the remask_addr BuiltIn Function).
 2014-05-06 12:13:43 -05:00
Jon Siwek
713fd2fbaf Fix new []/delete mismatch in ~Base64Converter. 2014-05-06 12:07:23 -05:00
Daniel Thayer
0cfdb8cbfa Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1186 2014-05-02 17:15:18 -05:00
Daniel Thayer
99b13d3cfd Add a new section "Cluster Configuration" to the docs 
Added a new section that is intended as a how-to for configuring a Bro
cluster (this section does not discuss cluster architecture or theory)
that is aimed at beginners to Bro.  Most of this content was moved here
from the BroControl doc (which is now intended as more of a reference guide
for more experienced users) and the load balancing FAQ on the website.
 2014-05-02 16:57:55 -05:00
Jon Siwek
b15bbf4f33 Replace an unneeded OPENSSL_malloc call. 2014-05-02 12:52:11 -05:00