Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
12680 commits 385 branches 195 tags 258 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
a16454b151 vector entries also have to be atomic. 2011-11-21 15:55:45 -08:00
Bernhard Amann
18591b53d4 rename filter to tablefilter in preparation of event filters... 2011-11-21 15:20:52 -08:00
Bernhard Amann
f0e5303330 make want_record field for tablefilter work... 2011-11-21 15:09:00 -08:00
Matthias Vallentin
0325b5ea32 to_port() now parses a string instead of a count. 
Addresses #684.
 2011-11-20 21:41:41 -08:00
Bernhard Amann
7eb4d99341 very basic functionality kind of works again 2011-11-20 12:27:34 -08:00
Bernhard Amann
b3f01915fb compiles with basic new filter framework - but crashes on use. 2011-11-20 12:07:50 -08:00
Bernhard Amann
e2c521fc4e start reworking input framework... 
does not compile at the moment, but there are a few uncommitted changes that will be reverted in the next commit.
 2011-11-18 10:49:20 -08:00
Bernhard Amann
988f859761 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-11-16 23:55:02 -08:00
Bernhard Amann
4dd95fcf3c support for uninitialized fields & empty sets and tables. 
The only snag is... with the default output format of the log-file writer, the input reader cannot tell if a table or set is empty or uninitialized (both cases use the same character by default). In this case, by default it is assumed that the field/vector is uninitalized.
 2011-11-16 23:51:51 -08:00
Bernhard Amann
4fef1e3f8c set & entry separator configuration (with the restriction that they have to be exactly one character long) 2011-11-16 22:47:28 -08:00
Bernhard Amann
ab68d84007 reading of enum types (thanks, Seth) 2011-11-16 22:13:36 -08:00
Robin Sommer
5fbebe1e22 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix small bug: sets that are written to logfiles may only contain atomic types. (trying to write sets of records, etc. leads to a bro segfault)
 2011-11-16 08:40:09 -08:00
Robin Sommer
7696c8b365 Merge remote-tracking branch 'origin/topic/jsiwek/require-libmagic-libz' 
* origin/topic/jsiwek/require-libmagic-libz:
  Promote libz and libmagic to required dependencies.

Conflicts:
	doc/quickstart.rst

Closes #674
 2011-11-15 17:08:24 -08:00
Robin Sommer
8de3614afa Merge remote-tracking branch 'origin/topic/jsiwek/custom-b64-alphabet' 
* origin/topic/jsiwek/custom-b64-alphabet:
  Add decode_base64_custom BiF to allow alternate base64 alphabets.

Simplified the code a little bit.

Closes #670.
 2011-11-15 17:03:23 -08:00
Bernhard Amann
821878835a read vector. 
still missing: enums, empty fields for optional parameters.
 2011-11-15 16:32:35 -08:00
Bernhard Amann
fb5f26e7fc make default values work (thanks to robin) 2011-11-15 15:23:46 -08:00
Bernhard Amann
5e8dd4f06a Fix small bug: sets that are written to logfiles may only contain atomic types. 
(trying to write sets of records, etc. leads to a bro segfault)
 2011-11-15 12:07:31 -08:00
Bernhard Amann
3d0162bcdc isCompatibleType works correctly for tables. 2011-11-15 11:18:48 -08:00
Bernhard Amann
4a3c992325 InputReader can read Sets. 2011-11-15 10:57:45 -08:00
Bernhard Amann
cde8153c18 switch to set if record or simple value is desired. 2011-11-15 08:36:03 -08:00
Seth Hall
908b1a17d1 Adding PPPoE support to Bro. 
- Still needs a small test tracefile and test.
 2011-11-15 09:51:02 -05:00
Bernhard Amann
1a642f3568 tried enum support - doesn't yet work due to internal bro interface problems... 2011-11-14 17:18:28 -08:00
Jon Siwek
5865bf3850 Add decode_base64_custom BiF to allow alternate base64 alphabets. 
Addresses #670
 2011-11-11 13:48:11 -06:00
Jon Siwek
d750c3ba74 Promote libz and libmagic to required dependencies. 2011-11-11 12:39:00 -06:00
Bernhard Amann
5983d44d95 read header line in bro logfile format 2011-11-08 15:33:32 -08:00
Bernhard Amann
1d39eaf32d small fixes, less leakiness 2011-11-04 15:03:40 -07:00
Bernhard Amann
2aa0f6da57 beautify script calls, track filters 2011-11-04 14:33:34 -07:00
Bernhard Amann
72736510de Merge remote-tracking branch 'origin/master' into input 2011-11-04 14:12:59 -07:00
Bernhard Amann
5f37040c96 filters really working as intented (though probably still memleaky) 2011-11-04 13:59:43 -07:00
Bernhard Amann
2e3874331d support for filters and little event fix 2011-11-04 12:41:10 -07:00
Robin Sommer
3b1f13b861 Merge remote-tracking branch 'origin/topic/jsiwek/compiler-warnings' 
* origin/topic/jsiwek/compiler-warnings:
  Fixing compiler warnings (addresses #388)
 2011-11-03 15:18:11 -07:00
Bernhard Amann
4845c3a9a6 send events when input entries change 2011-11-03 14:04:13 -07:00
Bernhard Amann
b5a77aa77b reading seems to work with all atomic types + records... 2011-11-02 15:36:36 -07:00
Bernhard Amann
638976791e hashing seems to work _correctly_ now... 2011-11-02 15:36:36 -07:00
Bernhard Amann
f20125d22d little snag with hashing functionality... 2011-11-02 15:36:36 -07:00
Bernhard Amann
86730c13dd more complex types... 2011-11-02 15:36:35 -07:00
Bernhard Amann
b245d4168a yay, basic table assignment. 2011-11-02 15:36:35 -07:00
Bernhard Amann
5b0c307f87 very basic input to event working... 2011-11-02 15:36:34 -07:00
amannb
d7a3b85fcd many helper functions 2011-11-02 15:36:34 -07:00
Bernhard Amann
3654060246 compiles. sill doesn't do much. 2011-11-02 15:36:34 -07:00
Bernhard Amann
9c8b0dec3b event from c++ to script works (at last...) 2011-11-02 15:36:33 -07:00
Bernhard Amann
f8be3519c7 well, it compiles. and perhaps it sends an event. billiant. 2011-11-02 15:36:33 -07:00
Bernhard Amann
0eafeb0369 works (thanks to robin) 2011-11-02 15:36:33 -07:00
Bernhard Amann
6e6073ff4c it compiles (but doesn't do anything useful) 2011-11-02 15:36:33 -07:00
Jon Siwek
cec4600d2e Fixing compiler warnings (addresses #388) 2011-11-01 14:44:38 -05:00
Robin Sommer
2f2fad1f80 Adding a dummy log writer WRITER_NONE that just discards everything. 
This can be handy when oen doesn't want any output but still get
access to filter functionality, including rotation; and also for
general testing.
 2011-10-26 10:39:56 -07:00
Robin Sommer
f61fcf219a Fixing bug in log managers predicate evaluation. 2011-10-25 19:08:56 -07:00
Robin Sommer
5e5e29f345 Fixing crash with unknown debug streams. 
Closes #643.
 2011-10-21 10:48:46 -07:00
Robin Sommer
c8dfdb4492 Merge remote-tracking branch 'origin/topic/robin/interpreter-exceptions' 
* origin/topic/robin/interpreter-exceptions:
  Adding test for new error handling.
  Experimental code to better handle interpreter errors.

This seems to work fine and it catches some potentially nasty crashes
so I'm merging it in even though it's not the final word on error
handling yet. #646 tracks the work scheduled for later.
 2011-10-21 10:35:32 -07:00