Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
12680 commits 386 branches 195 tags 258 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Daniel Thayer
fd74eb8e30 fixed a couple typos in comments 2012-01-09 16:59:29 -06:00
Jon Siwek
b8778026a6 Add summary documentation to bif files. 2012-01-09 16:11:41 -06:00
Jon Siwek
69a0206a82 Merge branch 'master' into topic/script-reference 
Conflicts:
	scripts/base/frameworks/notice/actions/pp-alarms.bro
	scripts/base/frameworks/notice/main.bro
	scripts/base/init-bare.bro
	src/event.bif
 2012-01-09 15:49:14 -06:00
Seth Hall
1ebd938bed Adding the unified2 analyzer. 
- This isn't connected to anything yet.
 2012-01-09 12:55:24 -05:00
Robin Sommer
2efab49e12 Merge remote-tracking branch 'origin/topic/jsiwek/openbsd-support' 
* origin/topic/jsiwek/openbsd-support:
  Tweaks for OpenBSD support.

Closes #743.

[I've moved the OpenBSD note about the Makefile into the FAQ. There
might be more stuff to add there over time.]
 2012-01-08 21:02:53 -08:00
Bernhard Amann
a8d4a3c35b Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2012-01-07 09:16:23 -08:00
Robin Sommer
7646ef1aed Merge remote-tracking branch 'origin/master' into topic/script-reference 
Conflicts:
	scripts/base/frameworks/notice/actions/pp-alarms.bro
	scripts/base/frameworks/notice/main.bro
	scripts/base/init-bare.bro
	src/event.bif
 2012-01-06 12:11:49 -08:00
Jon Siwek
d661ccfc8e Tweaks for OpenBSD support. 
- Add note about top-level Makefile possibly lacking OpenBSD support.
- Extend config.h with missing/different preprocessor definitions
 2012-01-06 11:39:38 -06:00
Bernhard Amann
5bef49d625 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/parse.y
 2012-01-05 01:11:13 -08:00
Jon Siwek
aae60a6d76 Allow local table variables to be initialized with {} list expressions. 2012-01-04 16:44:25 -06:00
Jon Siwek
645c80f974 Reduce snaplen default from 65535 to old default of 8192. (fixes #720) 
Also replaced the --snaplen/-l command line option with a
scripting-layer option called "snaplen" (which can also be
redefined on the command line, e.g. `bro -i eth0 snaplen=65535`).
 2012-01-04 16:30:15 -06:00
Robin Sommer
e5b3d318a6 Merge remote-tracking branch 'origin/topic/seth/ssl-improvements' 
* origin/topic/seth/ssl-improvements:
  Removed the SSLv2.cc file since it's not used.
  Added the ssl_session_ticket_handshake event back.
  Added the ssl_session_ticket_handshake event and fixed a few SSL bugs.
 2012-01-04 12:48:39 -08:00
Seth Hall
e5bb76e684 Removed the SSLv2.cc file since it's not used. 2012-01-04 14:51:19 -05:00
Seth Hall
0b93b071ea Added the ssl_session_ticket_handshake event back. 2012-01-04 13:53:26 -05:00
Seth Hall
3d0722f0e5 Merge branch 'master' into topic/seth/ssl-improvements 
Conflicts:
	src/event.bif
	src/ssl-protocol.pac
 2012-01-04 13:51:31 -05:00
Jon Siwek
a4117016e9 Merge branch 'master' into topic/script-reference 
Conflicts:
	aux/broccoli
	aux/broctl
	scripts/base/frameworks/notice/main.bro
	src/event.bif
 2011-12-19 16:17:58 -06:00
Jon Siwek
436be4e07b Remove dead code related to record type inheritance. 2011-12-19 15:06:52 -06:00
Bernhard Amann
59967d40ac Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/LogMgr.cc
	src/LogMgr.h
 2011-12-19 12:36:53 -08:00
Robin Sommer
c1e656d89e In log headers, only escape information when necessary. 2011-12-19 08:44:41 -08:00
Robin Sommer
01e4588737 Merge remote branch 'origin/topic/jsiwek/record-coerce-default' 
* origin/topic/jsiwek/record-coerce-default:
  Fix &default fields in records not being initialized in coerced assignments.

Closes #722.
 2011-12-19 06:54:32 -08:00
Robin Sommer
5ee605f244 Merge remote branch 'origin/topic/bernhard/log-set-description' 
* origin/topic/bernhard/log-set-description:
  update baseline
  make LogWriter output the type of data stored inside a set or vector.
 2011-12-19 06:39:02 -08:00
Robin Sommer
3220bbce55 Merge remote branch 'origin/topic/jsiwek/log-escaping' 
* origin/topic/jsiwek/log-escaping:
  Add missing ascii writer options to log header.
  Escape the ASCII log's set separator (addresses #712)
  Rewrite ODesc character escaping functionality. (addresses #681)

Closes #712.
 2011-12-19 06:37:54 -08:00
Robin Sommer
f3c2811e14 Merge remote branch 'origin/topic/seth/ssl-updates-for-2.0' 
* origin/topic/seth/ssl-updates-for-2.0:
  Added is_orig fields to the SSL events and adapted script.

Closes #692.
 2011-12-18 15:15:57 -08:00
Robin Sommer
719557a05b Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Enable warnings for malformed Broxygen xref roles.
  Broxygen fix for function parameter recognition; better than 80b2451.
  Allow Broxygen markup "##<" for more general use.
 2011-12-18 15:10:49 -08:00
Jon Siwek
cc1459ef35 Fix some malformed Broxygen xref roles. 2011-12-16 14:30:36 -06:00
Jon Siwek
8394829fb1 Broxygen fix for function parameter recognition; better than 80b2451. 2011-12-16 11:59:55 -06:00
Jon Siwek
3b91df8cf5 Allow Broxygen markup "##<" for more general use. 2011-12-16 11:21:49 -06:00
Robin Sommer
4e17ef63f0 Merge remote branch 'origin/fastpath' 
* origin/fastpath:
  Fix missing action in notice policy for looking up GeoIP data.
  Better persistent state config warning messages (fixes #433).
  A few updates for SQL injection detection.
  Fixed some DPD signatures for IRC.  Fixes ticket #311.
  Removing Off_Port_Protocol_Found notice.
  SSH::Interesting_Hostname_Login cleanup.  Fixes #664.
  Teach Broxygen to more generally reference attribute values by name.
  Fixed a really dumb bug that was causing the malware hash registry script to break.
  Fix Broxygen confusing scoped id at start of line as function parameter.
  Remove remnant of libmagic optionality
 2011-12-16 02:36:43 -08:00
Matthias Vallentin
3ab03874b5 Merge branch 'topic/script-reference' into topic/bif_cleanup 
Conflicts:
	src/bro.bif
 2011-12-15 22:54:52 -08:00
Jon Siwek
f302f2f3f2 Fix &default fields in records not being initialized in coerced assignments. 
Addresses #722
 2011-12-15 12:16:42 -06:00
Robin Sommer
28c0733dca Adding todo to all protocol events that aren't generated yet because 
2.0 doesn't activate the analyzer.

Seth, can you double-check whether I got the right events?
 2011-12-15 06:40:21 -08:00
Robin Sommer
55c982fa14 Adding Broxygen comments to init-bare.bro. 
I've left a few TODOs in there for protocol-specific fields that I
couldn't directly figure out in their meaning. Feel free to fill in
where you can.
 2011-12-15 06:38:59 -08:00
Jon Siwek
ae57cbe5fc Better persistent state config warning messages (fixes #433). 2011-12-13 09:52:26 -06:00
Matthias Vallentin
362b8105fd More directive fixes. 2011-12-12 13:18:55 -08:00
Matthias Vallentin
6ba62b200d Remove X.509 from first-sentence documention. 
It turns out that Doxygen uses the first dot (in X.509) as marker for the
one-sentence summary.
 2011-12-12 13:12:52 -08:00
Matthias Vallentin
b04b5fea16 Mark match_signatures as internal. 2011-12-12 13:12:24 -08:00
Jon Siwek
ff7a1ed9d5 Fix some sphinx warnings. 2011-12-12 11:07:18 -06:00
Matthias Vallentin
72a7814657 Document currently dysfunctional anonymization BiFs. 2011-12-11 19:10:21 -08:00
Matthias Vallentin
50d5571939 Give mode2string a more generic name. 2011-12-11 18:49:00 -08:00
Matthias Vallentin
3814313b0b Merge branch 'master' into topic/bif_cleanup 2011-12-11 18:47:19 -08:00
Matthias Vallentin
1b646c9119 Reorder and group BiFs. 2011-12-10 23:13:04 -08:00
Matthias Vallentin
e17206e7ff Merge branch 'topic/script-reference' of ssh://git.bro-ids.org/bro into topic/script-reference 2011-12-10 22:15:03 -08:00
Matthias Vallentin
4a9a17292f Finish documenting bro.bif. 2011-12-10 22:14:48 -08:00
Seth Hall
ec721dffec Added is_orig fields to the SSL events and adapted script. 
- Added a field named $last_alert to the SSL log.  This doesn't even
  indicate the direction the alert was sent, but we need to start somewhere.

- The x509_certificate function has an is_orig field now instead of
  is_server and it's position in the argument list has moved.

- A bit of reorganization and cleanup in the core analyzer.
 2011-12-09 16:56:12 -05:00
Jon Siwek
2cf7bb5788 Teach Broxygen to more generally reference attribute values by name. 2011-12-09 15:39:31 -06:00
Jon Siwek
1f57827e54 Add more logging framework documentation. 2011-12-09 14:30:21 -06:00
Bernhard Amann
e0b7dc0451 fix compile warnings 2011-12-08 14:12:59 -08:00
Jon Siwek
80b24513e7 Fix Broxygen confusing scoped id at start of line as function parameter. 2011-12-07 17:08:38 -06:00
Jon Siwek
5126b65493 Add reporter bif/framework documentation. 2011-12-07 16:54:40 -06:00
Jon Siwek
9ac338341e Merge branch 'master' into topic/script-reference 2011-12-07 15:47:29 -06:00