Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
9240 commits 386 branches 195 tags 256 MiB
Commit graph

2944 commits

Author SHA1 Message Date
Johanna Amann
e5db1f085c Merge remote-tracking branch 'origin/topic/jsiwek/gh-684-fix-rpc-parsing' 
* origin/topic/jsiwek/gh-684-fix-rpc-parsing:
  GH-684: Fix parsing of RPC calls with non-AUTH_UNIX flavors

Addresses GH-684
 2019-11-21 08:50:28 -08:00
Johanna Amann
5dafa7218d Merge remote-tracking branch 'origin/topic/jsiwek/fix-zeek-profiler-file' 
* origin/topic/jsiwek/fix-zeek-profiler-file:
  Fix ZEEK_PROFILER_FILE file format/parsing
 2019-11-21 08:37:04 -08:00
Robin Sommer
a00f139f1c Merge remote-tracking branch 'origin/topic/jsiwek/gh-646-conn-removal' 
Clarified doc strings a bit.

* origin/topic/jsiwek/gh-646-conn-removal:
  GH-646: add new "successful_connection_remove" event
 2019-11-18 12:08:12 +00:00
Jon Siwek
eb4bf2d6a2 Merge remote-tracking branch 'origin/topic/jsiwek/ci-doctest' 
* origin/topic/jsiwek/ci-doctest:
  Run doctest unit tests in Travis CI
  Fix indents/whitespace in Travis CI script
 2019-11-15 18:27:21 -08:00
Jon Siwek
25ae6d90b7 Merge remote-tracking branch 'origin/topic/jsiwek/openbsd' 
* origin/topic/jsiwek/openbsd:
  Adjust btests for OpenBSD portability
  Convert pcapng test suite files to pcap format
  Fix undefined symbols loading libbroker on OpenBSD
  Fix compile warnings on OpenBSD
 2019-11-15 18:26:50 -08:00
Jon Siwek
9941537481 Run doctest unit tests in Travis CI 2019-11-15 16:14:43 -08:00
Jon Siwek
9e83abc5d9 Fix indents/whitespace in Travis CI script 2019-11-15 16:14:43 -08:00
Jon Siwek
37a478ae99 GH-684: Fix parsing of RPC calls with non-AUTH_UNIX flavors 
The parsing logic that should be specific to the AUTH_UNIX credential
flavor was previously applied unconditionally to other flavors.
 2019-11-13 13:14:14 -08:00
Henri DF
a645e38b78 Recursively handle into container types in record_fields() 2019-11-13 15:28:06 +01:00
Henri DF
26633eb727 Print full container types in record_fields() 2019-11-12 13:19:12 +01:00
Jon Siwek
31f60853c9 GH-646: add new "successful_connection_remove" event 
And switch Zeek's base scripts over to using it in place of
"connection_state_remove".  The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets).  There can be performance benefits
to this change for some use-cases.

There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.
 2019-11-11 19:52:59 -08:00
Jon Siwek
0c71715cf4 Adjust btests for OpenBSD portability 2019-11-08 17:32:44 -08:00
Jon Siwek
7965dcd041 Convert pcapng test suite files to pcap format 
The former isn't supported by default on OpenBSD.
 2019-11-08 13:08:06 -08:00
Jon Siwek
afb8bc6df8 Fix ZEEK_PROFILER_FILE file format/parsing 
Some Zeek script statement descriptions were exceeding the hardcoded
maximum length and also could contain tab characters which were
supposed to be reserved for use as a delimiter in the file format.
 2019-11-07 16:47:09 -08:00
Jon Siwek
63fe835acf Allow record_fields() string arguments that name a record type 2019-11-01 12:46:17 -07:00
Jon Siwek
8d31baf3b7 Fix Travis CI script to run Coverity build in container 
It was previously running on the host and didn't have adequate compiler
to do C++17.
 2019-10-31 12:09:18 -07:00
Jon Siwek
9c4e44924f GH-664: fix signature matching for payload-carrying SYN packets 
Or more generally, signatures would not work correctly for any case
where the first TCP packet seen contained payload data, regardless of
its TCP flags.
 2019-10-29 17:20:08 -07:00
Jon Siwek
36d7628bcb Install cmake3 from EPEL on CentOS CI system 2019-10-28 20:18:45 -07:00
Johanna Amann
44086c1f03 Merge remote-tracking branch 'origin/topic/jsiwek/gh-654-coerce-unspecified-table-defaults' 
* origin/topic/jsiwek/gh-654-coerce-unspecified-table-defaults:
  GH-654: allow table() in function &default expressions
  GH-654: allow table() in record &default expressions

Fixes GH-654
 2019-10-28 20:59:39 +01:00
Robin Sommer
29164c5992 Merge remote-tracking branch 'origin/topic/jsiwek/gh-585-c++17' 
* origin/topic/jsiwek/gh-585-c++17:
  Update Travis CI config for C++17
  GH-585: Require C++17
 2019-10-28 10:06:16 +00:00
Robin Sommer
9d7c9f37d4 Merge branch 'Fix_http_build_url' of ssh://github.com/Olerdrive/zeek 
I changed the format string of the port to %d and added a test.
 2019-10-28 09:32:32 +00:00
Jon Siwek
b698c5507a GH-654: allow table() in function &default expressions 
Table parameters of functions previously did not coerce unspecified
tables used in their &default attribute to the correct type.
 2019-10-25 13:00:46 -07:00
Jon Siwek
34bf78984b GH-654: allow table() in record &default expressions 
Table fields of records previously did not coerce unspecified tables
used in their &default attribute to the correct type.
 2019-10-25 12:48:52 -07:00
Jon Siwek
81ab0b0d05 Use explicit path name for NTP log stream 
For consistency (we do this for all other logs) and just to avoid
the extra path function calls.
 2019-10-25 10:38:58 -07:00
Jon Siwek
08e2f97393 Update Travis CI config for C++17 
Several platforms didn't have a C++17 compiler in their default repos.

Also moved from Fedora 28 to Fedora 30 since that will soon be the
oldest, still-supported version.
 2019-10-24 22:27:54 -07:00
Jon Siwek
4bf3c6ff22 Improve &default validation for global vars: exclude sets 2019-10-15 18:24:35 -07:00
Johanna Amann
5265613a9e Merge remote-tracking branch 'origin/topic/jsiwek/gh-618-tcp-option-values' 
* origin/topic/jsiwek/gh-618-tcp-option-values:
  Add weirds for invalid TCP option lengths
  GH-618: add "tcp_options" event containing TCP option values
  Fix tcp_option event
 2019-10-15 16:50:43 -07:00
Johanna Amann
f62a51b41b Merge remote-tracking branch 'origin/topic/jsiwek/fix-table-default-redef' 
* origin/topic/jsiwek/fix-table-default-redef:
  Fix redef'ing a table with a new &default attribute
 2019-10-14 22:06:35 -07:00
Johanna Amann
66effde97d Merge remote-tracking branch 'origin/topic/seth/624' 
* origin/topic/seth/624:
  Support whitespace at end of line for config reader.

This merge fixes a failing test; it also sprinkles a few more spaces
into another test file.

The main change is that this now also works with configuration lines
that don't have a value.
 2019-10-14 21:47:59 -07:00
Seth Hall
cd06cb24cc Support whitespace at end of line for config reader. 
This commit addresses issue #624
 2019-10-14 11:43:16 -04:00
Jon Siwek
42b6040952 Fix redef'ing a table with a new &default attribute 2019-10-11 18:57:03 -07:00
Johanna Amann
916205e254 Merge remote-tracking branch 'origin/topic/jsiwek/print-raw-bif' 
* origin/topic/jsiwek/print-raw-bif:
  Add new BIF: print_raw()
 2019-10-08 15:15:55 -07:00
Johanna Amann
e615d1f4a8 Merge remote-tracking branch 'origin/topic/jsiwek/gh-589-sub-microsecond-printing' 
* origin/topic/jsiwek/gh-589-sub-microsecond-printing:
  GH-589: improve printing of sub-microsecond intervals
 2019-10-07 10:51:40 -07:00
Jon Siwek
052feacbda GH-618: add "tcp_options" event containing TCP option values 2019-10-03 18:59:02 -07:00
Jon Siwek
222e3ad3ea Fix tcp_option event 
It was not being raised in all the cases it should have been due to
an incorrect/unnecessary truncation check.
 2019-10-03 17:55:07 -07:00
Jon Siwek
39b06e3cee GH-591: allow Config::set_value() to use empty/unspecified table/sets 2019-10-02 22:13:43 -07:00
Jon Siwek
fd66e7b9f6 GH-591: fix reading set[enum] values from input files 2019-10-02 22:09:16 -07:00
Jon Siwek
5622df4d1b Add new BIF: print_raw() 
This is a convenience function to make it easier to print literal byte
sequences to stdout without additional escaping like what may be added
by the default `print` statement behavior.

For example, related to GH-596, `print` currently escapes even valid
UTF-8 byte sequences and makes it difficult to output valid JSON strings
containing such.
 2019-10-02 15:21:24 -07:00
Jon Siwek
a5d71ed2d2 Merge remote-tracking branch 'origin/topic/timw/595-json-perf' 
* origin/topic/timw/595-json-perf:
  Update COPYING.3rdparty
  Use json::emplace to avoid some extra calls to operator[]
  Use tessil/unordered-map instead of nlohmann/fifo-map to mitigate performance issues when logging JSON
 2019-10-01 16:42:59 -07:00
Jon Siwek
a34ade4876 Improve RecordVal JSON formatting 
No need to create a record introspection table each time when all
the required information can be obtained directly in the RecordVal
and RecordType objects.  Besides the additional overhead, using such
a table will re-order the fields arbitrarily instead of using the
order in which they're defined.
 2019-09-30 19:04:55 -07:00
Jon Siwek
d258ebe5ca Fix memory leak in RecordVal JSON formatting 2019-09-30 19:02:33 -07:00
Jon Siwek
97519e4350 Merge remote-tracking branch 'origin/topic/timw/606-json-nulls' 
* origin/topic/timw/606-json-nulls:
  GH-606: Output nulls into json data if a field isn't set
 2019-09-30 17:40:27 -07:00
Tim Wojtulewicz
d4c394b72a GH-606: Output nulls into json data if a field isn't set 2019-09-27 14:12:48 -07:00
Tim Wojtulewicz
756f363185 GH-598: handle multi-key sets correctly when outputting json 2019-09-27 12:01:47 -07:00
Tim Wojtulewicz
d4d1009b5c Use json::emplace to avoid some extra calls to operator[] 2019-09-27 09:58:24 -07:00
Jon Siwek
f287d9abe8 GH-589: improve printing of sub-microsecond intervals 2019-09-23 19:57:49 -07:00
Jon Siwek
aeef4bf030 Merge branch 'topic/jgras/dpd-late-match' of https://github.com/J-Gras/zeek 
* 'topic/jgras/dpd-late-match' of https://github.com/J-Gras/zeek:
  Improve dpd_late_match event generation.
  Improve logging of speculative service.
  Update test-all-policy script.
  Add speculative service script.
  Allow to handle late DPD matches.
 2019-09-17 11:17:41 -07:00
Robin Sommer
6f9d1ec72d Merge remote-tracking branch 'origin/topic/jsiwek/gh-566-fix-ssh-encrypted-packet' 
* origin/topic/jsiwek/gh-566-fix-ssh-encrypted-packet:
  GH-566: fix cases where ssh_encrypted_packet event wasn't raised
 2019-09-17 17:22:27 +00:00
Dominik Charousset
c1f3fe7829 Switch from header guards to pragma once 2019-09-17 14:10:30 +02:00
Jon Siwek
9c8db5f6ca Stop loading scan detection in local.zeek by default 2019-09-16 10:51:50 -07:00