Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6022 commits 390 branches 195 tags 268 MiB
Commit graph

6022 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jon Siwek
ff61737212 Simplify a conditional with equivalent branches. 2014-09-02 16:29:52 -05:00
Jon Siwek
782b4d0eae Change EDNS parsing code to use rdlength more cautiously. 
It shouldn't ever be negative, but if it were, using it to modify the
data pointer/length isn't appropriate.
 2014-09-02 16:22:15 -05:00
Jon Siwek
d57b161c40 Fix a memory leak when bind() fails due to EADDRINUSE. 2014-09-02 16:18:55 -05:00
Jon Siwek
dde0ce234f Fix possible buffer over-read in DNS TSIG parsing 2014-09-02 14:22:26 -05:00
Vlad Grigorescu
51373b0592 SSH: Misc. updates to the new analyzer. 2014-09-02 00:15:32 -04:00
Hui Lin
dd830db38a remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test 2014-08-28 20:35:28 -05:00
Vlad Grigorescu
0a50688afc Move auth method detection into script-land, to make it easier to change. 2014-08-28 18:23:30 -04:00
Jon Siwek
675fba3fde Remove timeouts from remote communication loop. 
The select() now blocks until there's work to do instead of relying on a
small timeout value which can cause unproductive use of cpu cycles.
 2014-08-28 13:13:30 -05:00
Robin Sommer
5e4f498083 Adding test creating a dynamic pktsrc plugin. 2014-08-28 00:53:15 -04:00
Robin Sommer
3e669daa05 Interface tweaks for PktSrc, plus docs for PktSrc and PktDumper. 2014-08-28 00:52:36 -04:00
Vlad Grigorescu
214e6b3ea9 Move the SIP analyzer to uint64 sequences, and a number of other small SIP fixes. 2014-08-26 22:26:42 -04:00
Jon Siwek
d5513a0757 Improve multipart HTTP/MIME entity file analysis. 
Singular CR or LF characters in multipart body content are no longer
converted to a full CRLF (thus corrupting the file) and it also no
longer considers the CRLF before the multipart boundary as part of the
content.

Addresses BIT-1235.
 2014-08-26 17:54:41 -05:00
Vlad Grigorescu
ee7ebc72e9 Update baselines. 2014-08-26 17:44:18 -04:00
Jon Siwek
73cc81f44a Merge branch 'topic/jimmyjones2/string-doc' of https://github.com/jimmyjones2/bro 2014-08-26 09:26:00 -05:00
Vlad Grigorescu
e87b2080d1 Small Kerberos tweaks and fixes. 2014-08-25 11:33:32 -04:00
Hui Lin
81606e7ff4 Renameing the DNP3 TCP analyzer 2014-08-25 10:33:28 -05:00
Robin Sommer
5f817513d0 A set of various fixes and smaller API tweaks, plus tests. 
Also moving PCAP-related bifs to iosource/pcap.bif.
 2014-08-24 19:55:26 -07:00
Jimmy Jones
9232f05f52 Better documentation for sub_bytes 2014-08-23 15:05:20 +01:00
Jon Siwek
121fcdbb5b Fix build on systems that already have ntohll/htonll 
BIT-1234 #close
 2014-08-22 19:56:27 -05:00
Robin Sommer
ce9f16490c Moving some of the BPF filtering code into base class. 
This will allow packet sources that don't support BPF natively to
emulate the filtering via libpcap.
 2014-08-22 17:50:03 -07:00
Robin Sommer
0186061aa8 Small packet dumper API change. 2014-08-22 16:49:32 -07:00
Robin Sommer
caa55ad352 Moving Pkt{Src,Dumper} a directory level up. 
Also renaming PktSourceComponent to PktSrcComponent.
 2014-08-22 16:46:15 -07:00
Robin Sommer
ecf1e32f60 Removing FlowSrc. 
We could bring this back, now derived from PktSrc (though strickly
speaking it's of course not *packets). But not sure if we want that,
as the input framework seems the better place to host it. Then it
would turns into a reader.
 2014-08-22 16:33:55 -07:00
Vlad Grigorescu
f93f2af748 Merge tag 'v2.3' into topic/vladg/sip 
Version tag

Conflicts:
	scripts/base/init-default.bro
 2014-08-22 19:25:43 -04:00
Robin Sommer
93e6a4a9db Removing netmap, remaining pieces of the 2ndary path, and left-over 
files of packet sorter.

Netmap will move to a plugin.
 2014-08-22 16:24:39 -07:00
Robin Sommer
bf6dd2e9ca Merge remote-tracking branch 'origin/master' into topic/robin/pktsrc 
Conflicts:
	configure
	src/CMakeLists.txt
	src/Net.cc
	src/PacketSort.cc
	src/PacketSort.h
	src/RemoteSerializer.cc
	src/Sessions.cc
	src/Sessions.h
 2014-08-22 15:41:42 -07:00
Robin Sommer
a3b2e3a2b4 Merge remote-tracking branch 'origin/topic/jsiwek/outer_param_binding' 
That works. Just renaming "param" to "ID", as locals are affected as
well.

BIT-1233 #merged

* origin/topic/jsiwek/outer_param_binding:
  Detect functions that try to bind variables from an outer scope.
 2014-08-22 15:23:18 -07:00
Jon Siwek
3521a92a00 Detect functions that try to bind variables from an outer scope. 
And raise an error saying that's not supported.
Addresses BIT-1233.
 2014-08-22 16:49:10 -05:00
Jon Siwek
f8895843cf Updating submodule(s). 
[nomail]
 2014-08-22 14:43:20 -05:00
Jon Siwek
1eb7d718d4 Updating submodule(s). 
[nomail]
 2014-08-22 12:26:59 -05:00
Jon Siwek
8b0678b8a8 Updating CHANGES and VERSION. 2014-08-21 16:10:58 -05:00
Jon Siwek
e7f10755c8 Merge remote-tracking branch 'origin/topic/robin/reader-writer-plugins' 
* origin/topic/robin/reader-writer-plugins:
  Adding plugin testing to Makefile's test-all.
  Fixing tests.
  Removing DataSeries and ElasticSearch from configure script.
  Updating submodule.
  Move DataSeries and ElasticSearch into plugins.
  More polishing of some of the branche's changes.
  More polishing.
  Test case for a dynamic input reader.
  Test case for a dynamic log writer.
  Final fixes, preparing for merge.
  Converting log writers and input readers to plugins.

BIT-1222 #merged
 2014-08-21 16:04:13 -05:00
Jon Siwek
4c15b386e6 Updating submodule(s). 
[nomail]
 2014-08-20 15:29:02 -05:00
Jon Siwek
6f27d3dd40 Silence some doc-related warnings when using bro -e. 
BIT-1232 #close
 2014-08-19 11:06:21 -05:00
Hui Lin
fb21236661 quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header 2014-08-16 11:01:30 -05:00
Hui Lin
ff60706742 Removing the debug printf in DNP3.cc 2014-08-15 14:26:47 -05:00
Robin Sommer
97ef77c2b7 Adding plugin testing to Makefile's test-all. 2014-08-13 21:38:18 -07:00
Robin Sommer
996d118d68 Fixing tests. 2014-08-13 21:33:03 -07:00
Robin Sommer
f884fc6c11 Removing DataSeries and ElasticSearch from configure script. 2014-08-13 21:16:01 -07:00
Hui Lin
11f7e2d74b fixed the bug of deciding the size of object 1 varition 1 in DNP3 2014-08-11 15:41:25 -05:00
Robin Sommer
58f3a715f2 Merge branch 'topic/robin/reader-writer-plugins' of git.bro.org:bro into topic/robin/reader-writer-plugins 
Conflicts:
	scripts/base/frameworks/logging/writers/dataseries.bro
 2014-08-08 18:36:09 -07:00
Robin Sommer
355314718b Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins 2014-08-08 18:32:45 -07:00
Robin Sommer
865ac94f71 Updating submodule. 2014-08-08 18:32:21 -07:00
Robin Sommer
8737eae906 Move DataSeries and ElasticSearch into plugins. 2014-08-08 18:32:21 -07:00
Robin Sommer
8031da4ee7 More polishing of some of the branche's changes. 2014-08-08 18:32:05 -07:00
Vlad Grigorescu
9bffdb7e14 Add a btest for the Wireshark sample MySQL PCAP 2014-08-08 15:02:18 -05:00
Vlad Grigorescu
250360eb55 Add support for more commands, and support quit 2014-08-08 13:53:16 -05:00
Vlad Grigorescu
1ceeafcb32 Redo the response handling.. 2014-08-08 13:46:12 -05:00
Johanna Amann
675b12c960 update test baselines 2014-08-08 10:14:11 -07:00
Johanna Amann
33053cca3a Mark everything below 2048 bit as a weak key (Browsers will stop 
accepting 1024 bits soon, so we can be of that opinion too).

Also - fix notice suppression. :/
 2014-08-08 09:26:11 -07:00