Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6618 commits 389 branches 195 tags 271 MiB
Commit graph

2010 commits

Author SHA1 Message Date
Robin Sommer
8fb708b9b2 Adding an environemtn variable to btest.cfg for external scripts. 2015-07-13 22:13:10 -07:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00
Johanna Amann
eb9fbd1258 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-07-08 12:15:09 -07:00
Robin Sommer
5d30be2083 A set of tests exercising IP defragmentation and TCP reassembly. 2015-07-03 08:40:22 -07:00
Robin Sommer
c1f060be63 Merge branch 'topic/yunzheng/bit-1314' 
I've worked on this a bit more:

    - Added tcp_max_old_segments to init-bare.bro.
    - Removed the existing call to Overlap() as that now led to
      duplicate events.
    - Fixed the code checking for overlaps, as it didn't catch all the
      cases.

BIT-1314 #merged
GitHub #31 merged

* topic/yunzheng/bit-1314:
  BIT-1314: Added QI test for rexmit_inconsistency
  BIT-1314: Add detection for Quantum Insert attacks
 2015-07-03 08:40:12 -07:00
Robin Sommer
264a824fcc Merge remote-tracking branch 'origin/topic/seth/deflate-missing-headers-fix' 
I've changed the dynamic allocation of the unzipbuf back to stack
allocation, hope I'm not not missing the reason for doing that ...

* origin/topic/seth/deflate-missing-headers-fix:
  Fixes an issue with missing zlib headers on deflated HTTP content.

BIT-1399 #merged
 2015-06-28 12:23:36 -07:00
Robin Sommer
ffa254acd0 Merge remote-tracking branch 'origin/topic/seth/modbus_dpd_fix' 
* origin/topic/seth/modbus_dpd_fix:
  Call ProtocolConfirmed on modbus
 2015-06-19 14:08:13 -07:00
Seth Hall
7d105935b1 Call ProtocolConfirmed on modbus 
After a PDU is successfully parsed from both sides of a
modbus connection we're now declaring the protocol confirmed.

A small extension to the modbus/events test was added to verify
that "modbus" was identified in the service field in conn.log.
 2015-06-19 07:00:38 -04:00
Jon Siwek
7de83e0cf0 Fix a unit test to check for Broker requirement. 2015-06-05 09:10:50 -05:00
Johanna Amann
17796182c6 fix acld plugin to use address instead of subnet (and add functions for 
conversion)
 2015-06-05 00:00:20 -07:00
Johanna Amann
cedb80ff74 implement quarantine 2015-06-04 16:21:30 -07:00
Robin Sommer
74c83058e6 Test for Broker termination. 2015-06-04 14:48:58 -07:00
Johanna Amann
ee645dfce9 Acld implementation for Pacf - Bro side. 
Still needs a few small fixes to deal with the fact that acld does not
always accept subnets.
 2015-06-03 11:06:01 -07:00
Johanna Amann
f88a1337c0 add basic catch-and-release functionality (without own logging so far). 2015-06-02 15:04:11 -07:00
Johanna Amann
1439c244fc add hook to pacf that allows users to modify all rules or implement 
whitelists or similar.
 2015-06-02 14:23:25 -07:00
Johanna Amann
ed40855152 add support for multiple backends with same priority 2015-06-02 12:34:44 -07:00
Vlad Grigorescu
0a4604fe98 Add memleak btest for attachments over SMTP. 2015-06-01 21:14:52 -05:00
Vlad Grigorescu
847b16442b BIT-1410: Add btest 2015-06-01 20:49:04 -05:00
Vlad Grigorescu
05ea2d43c7 BIT-1410: Update baselines 2015-06-01 20:38:59 -05:00
Johanna Amann
ae18062761 add whitelist and redirect high-level functions 2015-06-01 15:57:58 -07:00
Johanna Amann
2f1ebed2e9 set the default idle timeout to 0 (= disable), because pacf actually 
does not directly support this concept. If someone wants idle timeouts,
they can just re-enable them with a redef.
 2015-06-01 10:46:39 -07:00
Seth Hall
097354a43f Updates for the urls.bro script. Fixes BIT-1404. 2015-06-01 11:38:26 -04:00
Jeff Barber
30fdc37479 Refactor to make bro use a common Packet object. 
Do a better job of parsing layer 2 and keeping track of layer 3 proto.
Add support for raw packet event, including Layer2 headers.
 2015-05-29 10:37:39 -04:00
Johanna Amann
3bd513785f make rule id generation in non-cluster mode work again 2015-05-28 16:58:55 -07:00
Yun Zheng Hu
2aa214d835 BIT-1314: Added QI test for rexmit_inconsistency 2015-05-28 12:12:22 +02:00
Johanna Amann
99dcb40c67 Clusterize pacf 
This changes the type of user-exposed IDs from counts to strings.
Also makes the init functions work for the first time.
 2015-05-27 18:01:53 -07:00
Johanna Amann
5147b0bb02 set fedora 21 specific environment variable to not make it complain about 
md5 signed certs.

Addresses BIT-1402
 2015-05-27 12:24:21 -07:00
Johanna Amann
ad2361b7ac remove (disfunctional) notifications from pacf 2015-05-27 07:37:50 -07:00
Johanna Amann
f2be226a5a make openflow framework work in clusters. 2015-05-26 13:55:16 -07:00
Johanna Amann
0a49b8cdf6 add pacf plugin that directly outputs messages to broker. 
Also fix a few problems in pacf in the process of doing this.
 2015-05-26 11:19:55 -07:00
Johanna Amann
30e305cf4b we also really want to get notifications upon flow removal 2015-05-22 19:19:11 -07:00
Johanna Amann
870acea8a9 deal with the fact that some pacf rules create two openflow messages 
and that the return events need to unify them again...

More or less untested.
 2015-05-22 18:59:40 -07:00
Johanna Amann
b9953e7048 change type of flow_mod entries to count - the type is defined in other 
records and this leads to unfortunate problems with external scripts that would
have to convert values into bro port types themseves.
 2015-05-22 13:37:57 -07:00
Seth Hall
ea2ce67c5f Fixes an issue with missing zlib headers on deflated HTTP content. 
- Includes a test.
 2015-05-18 14:30:32 -04:00
Johanna Amann
c0111bc4d2 add flow modification to pacf and openflow. 
More or less untested, but there should not be any big problems.
 2015-05-15 13:29:44 -07:00
Johanna Amann
6014b395b8 handle the notification events correctly. 
Now if a rule is inserted correctly (or fails to be inserted) into
openflow, we actually get the corresponding Pacf events that everything
worked.
 2015-05-15 11:24:18 -07:00
Johanna Amann
208d150a0e Change openflow plugin for broker and allow specification of topics per 
instance.
 2015-05-13 16:23:24 -07:00
Johanna Amann
73d22a2dbd add Pacf plugin for the internal Bro PacketFilter (not BPF) 2015-05-12 15:12:16 -07:00
Johanna Amann
ed65fdb6ba Make Flow a separate, more flexible type in PACF. 
This allows the use of wildcards, etc. in rules and removes the need
for a few entity types that were separate so far.
 2015-05-12 13:37:16 -07:00
Johanna Amann
a51ee45e05 Merge remote-tracking branch 'origin/master' into topic/johanna/openflow 2015-05-12 13:08:32 -07:00
Johanna Amann
8be8f2e725 update local-compat.test 2015-05-07 21:55:59 -07:00
Robin Sommer
1e66c6718a Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Add /sbin to PATH in btest.cfg
 2015-05-06 09:58:30 -07:00
Daniel Thayer
f6248994e4 Add /sbin to PATH in btest.cfg 
Added /sbin to PATH so that a couple of tests that require ifconfig
are not skipped on systems (such as debian) which don't have /sbin
in PATH by default.

Also removed a duplicate default_path.
 2015-05-04 14:47:56 -05:00
Robin Sommer
31e75c8eac Baseline update. 2015-04-29 20:34:37 -07:00
Jon Siwek
48fccb3bce BIT-1350: improve record coercion type checking. 
For a field of the same name in both the target type and the coerced
type, a type mismatch is now reported as an error at parse-time.
 2015-04-27 16:37:40 -05:00
Jon Siwek
f73b4f2a21 Fix some outdated documentation unit tests. 2015-04-23 12:30:54 -05:00
Robin Sommer
03a29368fe Merge branch 'topic/robin/ascii-escape-normalization' 
* topic/robin/ascii-escape-normalization:
  Updating NEWS.
  In bifs, change ODesc objects to have RAW_STYLE.
  Changing what's escaped when printing.
  Remove several BroString escaping methods that are no longer useful.

BIT-1333 #merged
 2015-04-21 15:59:54 -07:00
Robin Sommer
5b32791edb Merge remote-tracking branch 'origin/topic/vladg/sip' 
* origin/topic/vladg/sip:
  Update NEWS.
  Update baselines.
  Spruce up SIP events.bif documentation a bit.
  Register SIP analyzer to well known port.
  Fix indenting issue in main.bro
  Add SIP btests.
  Small update for the SIP logs and DPD sig.
  SIP: Fix up DPD and the TCP analyzer a bit.
  SIP: Move to the new string BIFs
  SIP: Move to new analyzer format.
  Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes.
  Rely on content inspection and not just is_orig to determine client/server.
  Enable SIP in CMakeLists.txt
  Merge topic/seth/faf-updates.

BIT-1370 #merged
 2015-04-21 15:30:25 -07:00
Robin Sommer
8b722c484d Renaming krb.log to kerberos.log. 2015-04-21 12:22:58 -07:00
Robin Sommer
9911993c6f Merge remote-tracking branch 'origin/topic/vladg/kerberos' 
* origin/topic/vladg/kerberos:
  Fix doc on krb_cred
  Update the KRB tests a bit.
 2015-04-21 11:58:44 -07:00