Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
15389 commits 388 branches 195 tags 269 MiB
Commit graph

1408 commits

Author SHA1 Message Date
Johanna Amann
77c79bd010 Load static CA list for validation tests too. 
This fixes test failures in some cases (and should protect against future test failures).
 2015-10-02 15:12:32 -04:00
Johanna Amann
0e0dd9a5f7 Remove cluster certificate validation script for the moment. 
Since we always have wallclock time in --pseudo-realtime, there
currently is no way to make this test reliable.
 2015-10-02 11:32:15 -07:00
Johanna Amann
630e9f22d2 Merge remote-tracking branch 'origin/master' into topic/dnthayer/ticket1467 2015-10-02 11:31:00 -07:00
Johanna Amann
a052dc4e35 Fix offset=-1 (eof) for raw reader 
Addresses BIT-1479
 2015-09-16 15:16:04 -07:00
Daniel Thayer
4788e4e715 Fix some test canonifiers in scripts/policy/protocols/ssl 2015-08-22 21:56:55 -05:00
Liang Zhu
1989f34a0a add parsing certificates in OCSP responses 2015-08-18 19:35:43 -07:00
Liang Zhu
adbc0b1eaf Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-08-05 17:15:09 -07:00
Liang Zhu
1abd41c413 copy paste error 2015-07-31 13:50:48 -07:00
Liang Zhu
61f7276c80 parse revocation time and reason in ocsp response 2015-07-31 13:39:25 -07:00
Robin Sommer
46e584daa2 Adding tests for Flash version parsing and plugin detection. 
(The plugin detection isn't testing the Chrome behaviour actually,
don't have a trace for that.)
 2015-07-30 07:23:14 -07:00
Johanna Amann
5a8eac521c StartTLS support for IRC 2015-07-29 11:47:59 -07:00
Liang Zhu
e9f028be4c Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-28 13:47:21 -07:00
Johanna Amann
7c71eca7d0 Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol 2015-07-27 14:49:38 -07:00
Robin Sommer
632ac4bc88 Merge branch 'master' of git.bro.org:bro 2015-07-24 15:05:22 -07:00
Johanna Amann
5ffe76f336 Slightly earlier protocol confirmation for pop3. 
This allows, e.g. pop3 sessions that are upgraded via STLS to be
properly marked as such.
 2015-07-23 16:55:02 -07:00
Johanna Amann
7f2087af34 also generate an event when starttls is encounterd for imap. 2015-07-23 12:37:40 -07:00
Johanna Amann
1933299543 Add support of getting server capabilities to IMAP parser. 2015-07-23 11:15:57 -07:00
Aaron Brown
ba1facb6c3 Copy-paste issue 2015-07-22 14:19:36 -04:00
Aaron Brown
f29dbb90a5 Allow for logging of the VLAN data about a connection in conn.log 2015-07-22 14:13:17 -04:00
Johanna Amann
4a5737708c Basic IMAP StartTLS analyzer. 
Parses certificates out of imap connections using StartTLS. Aborts
processing if StartTLS is not found.
 2015-07-22 10:35:49 -07:00
Liang Zhu
62225d5f5f Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-21 18:40:45 -07:00
Johanna Amann
0b897c70da Add xmpp dpd sig and fix a few parsing problems for connections that do 
not upgrade to TLS.
 2015-07-21 13:20:35 -07:00
Johanna Amann
574bcb0a51 Add simple XMPP StartTLS analyzer. 
This is a very simple XMPP analyzer that basically only can parse the
protocol until the client and server start negotiating a TLS session. At
that point, the TLS analyzer is attached.

While the basic case seems to be working, I fully expect that I missed
something and that this might break in a lot of cases.
 2015-07-21 12:18:14 -07:00
Johanna Amann
0d9869a2aa (Hopefully) fix race condition between trace and intel file. 2015-07-15 09:14:36 -07:00
Liang Zhu
fc35ab9bf5 add a btest for ocsp http get 2015-07-15 01:30:46 -07:00
Liang Zhu
545848d906 add parameter 'status_type' to event ssl_stapled_ocsp 2015-07-08 14:11:14 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Liang Zhu
da122a6a14 Merge remote-tracking branch 'origin/master' into topic/liangzhu/analyzer-ocsp 2015-07-02 16:48:51 -07:00
Liang Zhu
de17c12656 add btest for ocsp-stapling logging 2015-07-02 14:51:07 -07:00
Robin Sommer
264a824fcc Merge remote-tracking branch 'origin/topic/seth/deflate-missing-headers-fix' 
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...

* origin/topic/seth/deflate-missing-headers-fix:
  Fixes an issue with missing zlib headers on deflated HTTP content.

BIT-1399 #merged
 2015-06-28 12:23:36 -07:00
Robin Sommer
ffa254acd0 Merge remote-tracking branch 'origin/topic/seth/modbus_dpd_fix' 
* origin/topic/seth/modbus_dpd_fix:
  Call ProtocolConfirmed on modbus
 2015-06-19 14:08:13 -07:00
Liang Zhu
d1c568663c add btest and fix bug 2015-06-19 09:37:10 -07:00
Seth Hall
7d105935b1 Call ProtocolConfirmed on modbus 
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.

A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
 2015-06-19 07:00:38 -04:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Vlad Grigorescu
847b16442b BIT-1410: Add btest 2015-06-01 20:49:04 -05:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Seth Hall
097354a43f Updates for the urls.bro script. Fixes BIT-1404. 2015-06-01 11:38:26 -04:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
f2be226a5a make openflow framework work in clusters. 2015-05-26 13:55:16 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Seth Hall
ea2ce67c5f Fixes an issue with missing zlib headers on deflated HTTP content. 
- Includes a test.
 2015-05-18 14:30:32 -04:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00
Johanna Amann
6014b395b8 handle the notification events correctly. 
Now if a rule is inserted correctly (or fails to be inserted) into
openflow, we actually get the corresponding Pacf events that everything
worked.
 2015-05-15 11:24:18 -07:00
Johanna Amann
208d150a0e Change openflow plugin for broker and allow specification of topics per 
instance.
 2015-05-13 16:23:24 -07:00