Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
2499 commits 385 branches 195 tags 258 MiB
Commit graph

2499 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bernhard Amann
84883348ec interface documentation. 
to a big part stolen from the logging framework
 2012-02-16 11:27:10 -08:00
Daniel Thayer
6d98008d07 Merge remote-tracking branch 'origin/topic/v6-addr' into topic/dnthayer/ftp-ipv6 2012-02-16 13:22:53 -06:00
Jon Siwek
93fa116738 Various tweaks/refactor of new IPAddr class usages or IPv6 related code. 
- non-binpac DNS analyzer now also generates dns_a6_reply event
- ExpectedConn class refactored to use IPAddr's
- BinaryExpr::AddrFold simplified
- IP_Hdr src/dst address accessor methods changed to construct IPAddr
  objects on the fly from ip4/ip6 members.

Addresses #770.
 2012-02-16 11:27:22 -06:00
Bernhard Amann
a850cc5992 make filter removal and stream closure asynchronous. 2012-02-15 15:14:04 -08:00
Daniel Thayer
2f2509fdce Merge remote-tracking branch 'origin/topic/v6-addr' into topic/dnthayer/ftp-ipv6 2012-02-15 16:29:31 -06:00
Daniel Thayer
ef31099fd7 Merge branch 'master' into topic/icmp6 
Conflicts:
	policy/bro.init
	policy/icmp.bro
	src/Analyzer.cc
	src/AnalyzerTags.h
	src/DPM.cc
	src/ICMP.h
	src/Sessions.cc
	src/event.bif
	src/net_util.cc
 2012-02-15 15:58:53 -06:00
Robin Sommer
7458ebf385 Checkpoint after pass. 2012-02-15 13:07:08 -08:00
Jon Siwek
2ef18e98a2 DNS name lookups performed by Bro now also query AAAA records. 
DNS_Mgr handles combining the results of the A and AAAA queries
for a given hostname such that at the scripting layer, the name
resolution can yield a set with both IPv4 and IPv6 addresses.
 2012-02-15 11:02:18 -06:00
Robin Sommer
1f8b299aaf Shortening file names a bit. 2012-02-14 10:12:09 -08:00
Robin Sommer
e2794c809f Merge remote-tracking branch 'origin/topic/bernhard/log-threads' into topic/robin/log-threads 
* origin/topic/bernhard/log-threads:
  typo
  fix CreateBackend function - the way that the right backend was chosen & backends were initialized did not make sense...
  backend does not need friend access to manager
  move Value and Field from the logging namespace to the threading namespace, because other modules using threading will need them.
  send enum instead of string
  memleak fix.
  make logging framework send the protocol to the writer.
 2012-02-14 10:08:46 -08:00
Bernhard Amann
88233efb2c It works. Even including all unit tests. 
But: there are still a few places where I am sure that there are race conditions & memory leaks & I do not really like the current interface & I have to add a few more messages between the front and backend.

But - it works :)
 2012-02-13 22:29:55 -08:00
Jon Siwek
808f3915e5 Merge branch 'master' into topic/v6-addr 2012-02-13 16:01:33 -06:00
Jon Siwek
0f207c243c Port DNS_Mgr to use new IPAddr class, enable lookups on IPv6 addrs. 
Host lookups still need to be changed to also do AAAA queries.
 2012-02-13 15:57:59 -06:00
Daniel Thayer
c87f82c492 Merge remote-tracking branch 'origin/topic/v6-addr' into topic/dnthayer/ftp-ipv6 2012-02-13 15:39:01 -06:00
Bernhard Amann
4e868d282d Merge branch 'topic/bernhard/log-threads' into topic/bernhard/input-threads 2012-02-13 02:37:02 -08:00
Bernhard Amann
1e4a93c767 Merge remote-tracking branch 'origin/topic/bernhard/log-threads' into topic/bernhard/log-threads 2012-02-13 02:35:10 -08:00
Bernhard Amann
8a6dfee00c Merge remote-tracking branch 'origin/topic/robin/log-threads' into topic/bernhard/log-threads 2012-02-13 02:30:24 -08:00
Robin Sommer
7fcb7b5f17 Save CPU when idle. 
This needs a bit more testing. It may also with the general problem of
high CPU usage with low traffic.
 2012-02-12 13:08:45 -08:00
Robin Sommer
b8ec653ebf Bugfixes. 
- Data queued at termination wasn't written out completely.

    - Fixed some race conditions.

    - Fixing IOSource integration.

    - Fixing setting thread names on Linux.

    - Fixing minor leaks.

All tests now pass for me on Linux in debug and non-debug compiles.

Remaining TODOs:

        - Needs leak check.

        - Test on MacOS and FreeBSD.

        - More testing:
            - High volume traffic.
            - Different platforms.
 2012-02-12 13:07:26 -08:00
Robin Sommer
abb506ec63 Merge branch 'master' into topic/robin/log-threads 2012-02-12 08:50:47 -08:00
Daniel Thayer
74899e29fe Update FTP EPSV response processing for IPv6 2012-02-10 16:55:15 -06:00
Robin Sommer
357cdd3f8d Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix minor typos in the documentation
  Fix compiler warning about Brofiler ctor init list order.
 2012-02-10 00:04:02 -08:00
Daniel Thayer
c0f05f57a7 Fix a minor typo in documentation 2012-02-09 18:50:21 -06:00
Daniel Thayer
42d6440bb2 Fix parsing of FTP EPRT command and EPSV response 2012-02-09 18:34:41 -06:00
Jon Siwek
086f747bc1 Add counts_to_addr and addr_to_counts conversion BIFs. 2012-02-09 15:32:57 -06:00
Jon Siwek
f945f3c518 Change HashKey threshold for using H3 to 36 bytes. 
This is enough to accommodate using H3 instead of HMAC/MD5 for IPv6
Conn::Key's and performs better since a hash happens for every packet.
 2012-02-09 12:55:55 -06:00
Jon Siwek
303f02d6f8 Inline some IPAddr methods. 2012-02-09 12:53:37 -06:00
Daniel Thayer
3ff0eed3fc Remove mention of --enable-brov6 in docs 2012-02-08 17:30:54 -06:00
Daniel Thayer
a28e671f8d Fix minor typos in the documentation 2012-02-08 14:16:29 -06:00
Seth Hall
d5107af1f3 Merge remote-tracking branch 'origin/topic/jsiwek/detect-webapps-fix' 
* origin/topic/jsiwek/detect-webapps-fix:
  Fix missing optional field access in webapp signature_match handler.
 2012-02-08 14:53:51 -05:00
Daniel Thayer
d3e432e8dd Add a test and baseline for addr_to_ptr_name BiF. 2012-02-08 11:23:02 -06:00
Jon Siwek
26731b1b58 Fix missing optional field access in webapp signature_match handler. 2012-02-08 10:37:00 -06:00
Seth Hall
161ad1a3df Adding a test and baseline for ptr_name_to_addr BiF. 2012-02-07 20:57:18 -05:00
Jon Siwek
9ab5180aa9 Fix compiler warning about Brofiler ctor init list order. 2012-02-07 16:25:28 -06:00
Daniel Thayer
31565d6987 Fix the ptr_name_to_addr BiF to work with IPv6 2012-02-07 16:15:13 -06:00
Jon Siwek
5ad0bab9b0 Fix a memory leak that perftools now complains about. 2012-02-07 14:27:40 -06:00
Jon Siwek
6c2351aa74 Merge branch 'topic/v6-addr' of git://git.bro-ids.org/bro into topic/v6-addr 2012-02-07 11:53:27 -06:00
Jon Siwek
4cb6a279f5 Add extra guard against non-IP, non-ARP packets being parsed as IPv6. 
This would usually manifest in raising truncated_IP weirds, which is
misleading because it wasn't actually an IP packet in the first place.
Now unknown_packet_type weird is raised instead.
 2012-02-07 11:42:55 -06:00
Bernhard Amann
8385d5bb2d it compiles :) 
But that's all, not tested, don't expect it to do anything but crash.
 2012-02-06 17:37:02 -08:00
Bernhard Amann
238e9545c0 Merge remote-tracking branch 'origin/topic/bernhard/log-threads' into topic/bernhard/input-threads 2012-02-06 16:15:22 -08:00
Bernhard Amann
833e724400 way less compile errors. 2012-02-06 16:14:39 -08:00
Bernhard Amann
e22d396229 typo 2012-02-06 13:53:33 -08:00
Bernhard Amann
f76bbf01a4 fix CreateBackend function - the way that the right backend was chosen & backends were initialized did not make sense... 2012-02-06 13:15:01 -08:00
Seth Hall
eca3261077 Protocol field for NULL encapsulation was read big endian. 2012-02-06 15:49:03 -05:00
Bernhard Amann
e726bfe301 Merge branch 'topic/bernhard/log-threads' into topic/bernhard/input-threads 2012-02-06 12:16:55 -08:00
Bernhard Amann
115e6a18b4 Merge branch 'topic/bernhard/log-send-proto' into topic/bernhard/log-threads 
Send protocol type to log writers - the ascii writer simply ignores this, but the input reader needs support for this.

Conflicts:
	src/LogMgr.h
	src/logging/Manager.cc
 2012-02-06 11:08:32 -08:00
Jon Siwek
1f58ac875b Fix some hashing bugs resulting from adaptation of new IPAddr class. 2012-02-06 13:05:52 -06:00
Bernhard Amann
23b2c95644 backend does not need friend access to manager 2012-02-06 10:57:07 -08:00
Bernhard Amann
f6c6387c52 Merge branch 'topic/bernhard/input' into topic/bernhard/input-threads 
most stuff is inplace, logging framework needs a few changes merged before continuing here...

Conflicts:
	src/CMakeLists.txt
	src/LogMgr.h
	src/logging/Manager.cc
	src/main.cc
 2012-02-06 10:54:07 -08:00
Jon Siwek
2e2f8f5d06 Merge branch 'master' into topic/v6-addr 
Conflicts:
	src/bro.bif
 2012-02-06 11:06:55 -06:00