Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6022 commits 388 branches 195 tags 264 MiB
Commit graph

6022 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
2e043c0ff6 Creating the installation directory for plugins at install time. 2015-02-16 12:11:59 -08:00
Jon Siwek
e95116ba85 Merge branch 'master' into topic/jsiwek/broker 2015-02-16 10:00:17 -06:00
Josh Liburdi
a63d7307c8 FreeRDP test trace showing SSL encryption -- RDP analyzer does not currently handle this and SSL analyzer does not identify it either 2015-02-15 23:13:40 -08:00
Josh Liburdi
7773cd6011 Wireshark test trace for native encryption -- generates a binpac error 2015-02-15 23:11:52 -08:00
jshlbrd
5ef15c8cdd Delete RDP-004.pcap 2015-02-15 23:10:05 -08:00
jshlbrd
55a0b344af Delete nla_win7_win2k8r2.pcap 2015-02-15 23:09:50 -08:00
jshlbrd
dade1936be Update dpd.sig 2015-02-15 23:06:36 -08:00
jshlbrd
10071ffddf Fixed typo 2015-02-15 23:05:11 -08:00
jshlbrd
8a5bb0f6a7 Added check for connection existence 
Added a check for connection existence before trying to remove the RDP analyzer from a connection.
 2015-02-15 23:04:31 -08:00
Josh Liburdi
b1614b7fe9 Modified how cookie value is handled 2015-02-15 22:45:16 -08:00
Josh Liburdi
0ef8a106df Moved DPD to each individual event process 2015-02-15 22:44:00 -08:00
Josh Liburdi
90bfbf9002 Added comments, changed logging events to reduce analyzer errors 2015-02-15 22:43:31 -08:00
Josh Liburdi
a3ab9f5b09 Added comments and TODOs 2015-02-15 10:18:52 -08:00
Josh Liburdi
af1f4be529 Added comments and TODOs 2015-02-15 10:16:16 -08:00
Josh Liburdi
0648dafa54 Removed scheduling of rdp_tracker event in server response events 2015-02-15 10:08:31 -08:00
Josh Liburdi
fd655aa85d Removed debug code for SSL 2015-02-15 09:24:28 -08:00
Josh Liburdi
c268898e04 Add btest for FreeRDP pcap sample (NLA authentication) 
https://github.com/FreeRDP/FreeRDP/wiki/Network-Level-Authentication
 2015-02-14 14:01:46 -08:00
Josh Liburdi
d0e2d64cfc Add btest for Wireshark sample pcap (native RDP encryption) 
http://wiki.wireshark.org/RDP
 2015-02-14 13:59:59 -08:00
jshlbrd
2fcddc6441 Update init-default.bro 
Commented out mysql
 2015-02-14 13:31:23 -08:00
Josh Liburdi
46713fb5c7 Init RDP analyzer 2015-02-14 13:16:48 -08:00
Seth Hall
b00bd7702f Add the ability to remove surrounding braces from the JSON formatter. 2015-02-13 22:02:54 -05:00
Jon Siwek
4bcb9d2d92 Updating submodule(s). 
[nomail]
 2015-02-13 18:04:17 -06:00
Jon Siwek
8e4f4b46f7 Updating submodule(s). 
[nomail]
 2015-02-13 16:23:43 -06:00
Jon Siwek
062baefde0 Add 'while' statement to Bro language. 2015-02-13 11:26:54 -06:00
Jon Siwek
212368b245 Merge remote-tracking branch 'origin/topic/jsiwek/socks-authentication' 
* origin/topic/jsiwek/socks-authentication:
  Refactor SOCKS5 user/pass authentication support.
  Update the SOCKS analyzer to support user/pass login.

BIT-1011 #merged
 2015-02-13 09:15:50 -06:00
Jon Siwek
961fd06cad Refactor SOCKS5 user/pass authentication support. 
- Rename event "socks_login_userpass" to "socks_login_userpass_request"
- Rename event "socks_login_reply" to "socks_login_userpass_reply"
- Split unsupported authN weird into 2 types: method vs. version

Addresses BIT-1011
 2015-02-12 17:06:38 -06:00
Jon Siwek
035cce96ac Merge branch 'fastpath' 
* fastpath:
  Submodule update - newest sqlite version
 2015-02-12 12:19:23 -06:00
Jon Siwek
5a73c11baa broker integration: fix memory leak, add leak tests 
Leak tests won't pass w/ libcaf 0.12.2, needs the develop branch
(actor-framework@a89485a3098965f104264808994fabfbc3a1bf61).
 2015-02-12 11:40:04 -06:00
Jon Siwek
88af106b6b Fix use of deprecated gperftools headers. 
As of gperftools 2.0 (Feb. 2012), they've been renamed in to
gperftools/ instead of google/, and as of gperftools 2.2, including
the later emits deprecation warnings.
 2015-02-11 13:56:34 -06:00
Jon Siwek
dab4d6c8bd Update broker submodule. 2015-02-11 13:21:36 -06:00
Jon Siwek
8e4d37d5c1 Improve comm tests. 
Same old problems: hard to get termination conditions right.
 2015-02-11 11:21:01 -06:00
Jon Siwek
07cba950b8 Fix gcc compile warnings. 2015-02-10 16:14:49 -06:00
Jon Siwek
6d868d83be broker integration: fix unit tests to work when broker is not enabled. 2015-02-10 13:44:04 -06:00
Jon Siwek
fc36777e66 Add --enable-c++11 configure flag. 
And try to detect that compiler version is sufficient for C++11 support.
--enable-broker implies --enable-c++11
 2015-02-10 12:34:47 -06:00
Jon Siwek
bdf21c054a broker integration: add (un)publish/(un)advertise functions 
For when one wants to manually tune pub/sub behavior instead of use the
default automatic settings of allowing publication to all peers and
advertising all subscriptions to all peers.
 2015-02-10 09:51:57 -06:00
Jon Siwek
ebc9407a2b broker integration: add knobs to set auto publish/advertise behavior 2015-02-09 16:26:31 -06:00
Jon Siwek
cfb666af2b broker integration: move listen port for unit tests to a btest variable 
Later, this might be something btest itself could provide to help
parallelize communication tests.  E.g. unit tests requests a unique
number from some range and btest coordinates the distribution of those
among all tests.
 2015-02-09 16:01:31 -06:00
Jon Siwek
afc5767165 broker integration: add events for incoming connection status updates 
e.g. for the listen() side of connections to tell when peers have
connected or disconnected.
 2015-02-09 15:48:42 -06:00
Johanna Amann
5f0a27ca31 Submodule update - newest sqlite version 2015-02-09 12:10:49 -08:00
Robin Sommer
23b9705a7b Fixing analyzer tag types for some Files::* functions. 2015-02-08 18:23:22 -08:00
Robin Sommer
530c3c0c6b Changing load order for plugin scripts. 
This can be need if they depends on each other.
 2015-02-08 18:22:59 -08:00
Vlad Grigorescu
4a2d7f1d39 SIP: Move to the new string BIFs 2015-02-06 20:00:38 -05:00
Vlad Grigorescu
dde3ce90f8 SIP: Move to new analyzer format. 2015-02-06 19:57:48 -05:00
Vlad Grigorescu
d852fe8b52 Merge remote-tracking branch 'origin/master' into topic/vladg/sip 2015-02-06 19:49:23 -05:00
Vlad Grigorescu
95f3696c91 Kerberos: Remove debugging output. 2015-02-06 19:44:57 -05:00
Vlad Grigorescu
843afce7d9 Kerberos: Fix a memleak. 2015-02-06 19:42:34 -05:00
Vlad Grigorescu
3190ca275e SSH: Fix some memleaks. 2015-02-06 19:32:08 -05:00
Vlad Grigorescu
fc721d2d25 Merge remote-tracking branch 'origin/master' into topic/vladg/ssh 2015-02-06 18:58:38 -05:00
Jon Siwek
0253f49a94 broker integration: adapt to change in expiration_time 2015-02-06 16:54:01 -06:00
Vlad Grigorescu
9f19c74a10 Kerberos: A couple small tweaks. 2015-02-06 13:05:09 -05:00