Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
12680 commits 387 branches 195 tags 258 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Tim Wojtulewicz
ecd970ffde Store packet's ip header as unique_ptr 2020-10-15 12:49:08 -07:00
Tim Wojtulewicz
2000f89b12 Remove some unused includes from Packet.h 2020-10-15 12:49:07 -07:00
Tim Wojtulewicz
41dcd0cde0 Use shared_ptr for encapsulation data instead of raw pointer 2020-10-15 12:49:05 -07:00
Tim Wojtulewicz
a7d4364334 Review cleanup 2020-10-15 12:44:45 -07:00
Tim Wojtulewicz
c4a7a4eaea Reorder Packet member variables slightly for better packing 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
665d0d9814 Store the ip header in the packet after processing, reuse other places 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
7d2c35174f Change to store data in packet directly instead of keystore 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
d0ef05c748 Don't always insert data into keystore for tunnels 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
02ed03adaa Add comment about packet header size and session analysis 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
d0cc30eccd Set data to ip header's payload instead of advancing the pointer 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
afdc08085f Move packet dumping to packet_mgr 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
8ece1cf484 Make Sessions::NextPacket call packet_mgr, fix fuzzer code to do the same 2020-10-15 12:18:32 -07:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Tim Wojtulewicz
69da2d7b1d Prep work for IP changes 
- Move all of the time handling code out of PktSrc into RunState
- Call packet_mgr->ProcessPacket() from various places to setup layer 2 data in packets
 2020-10-15 12:12:07 -07:00
Johanna Amann
e95e9b8a5d Merge remote-tracking branch 'origin/master' into topic/johanna/GH-169 2020-10-15 15:31:23 +00:00
Jon Siwek
5f1ee35d31 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1211-improve-already-defined-error' into master 
* origin/topic/jsiwek/gh-1211-improve-already-defined-error:
  GH-1211: Improve error message for already-defined functions
 2020-10-14 10:48:05 -07:00
Jon Siwek
3c4de51f40 GH-1208: Use Dictionary validity assertions only during CI 2020-10-13 14:59:11 -07:00
Jon Siwek
a90d978cd4 Merge remote-tracking branch 'origin/topic/timw/remove-loginconn' 
* origin/topic/timw/remove-loginconn:
  Remove unused LoginConn type and variable in Conn.h
 2020-10-13 13:42:01 -07:00
Jon Siwek
d62fb3ab9a Merge remote-tracking branch 'origin/topic/jsiwek/zeek-script-args' 
* origin/topic/jsiwek/zeek-script-args:
  Improve zeek_script_args test case and documentation
  Apply suggestions from code review
  Add a test for script args.
  Fixed an option processing bug
  Make it possible to pass command line options through to scripts.
 2020-10-13 13:34:18 -07:00
Jon Siwek
2d3b4dab74 Improve zeek_script_args test case and documentation 2020-10-13 12:40:53 -07:00
Tim Wojtulewicz
8a7730f4c8 Remove unused LoginConn type and variable in Conn.h 2020-10-13 11:13:02 -07:00
Jon Siwek
961532a8f7 Merge remote-tracking branch 'origin/topic/seth/pcap_findalldevs' 
- Minor adjustments to whitespace/formatting

* origin/topic/seth/pcap_findalldevs:
  Finishing changes from code review.
  Update src/iosource/pcap/pcap.bif
  Update src/iosource/pcap/pcap.bif
  Update scripts/base/init-bare.zeek
  Update src/iosource/pcap/pcap.bif
  I accidentally missed a paren
  New bif to wrap pcap_findalldevs
 2020-10-13 10:52:14 -07:00
Jon Siwek
aa148831f5 Merge remote-tracking branch 'origin/topic/jsiwek/remove-rule-condition-dtors' 
* origin/topic/jsiwek/remove-rule-condition-dtors:
  Remove superfluous RuleCondition destructors
 2020-10-13 10:39:32 -07:00
Jon Siwek
dff7e59a21 Merge remote-tracking branch 'origin/topic/jsiwek/gh-1200-addon' 
* origin/topic/jsiwek/gh-1200-addon:
  Silence Clang's warning about ignoring GCC's maybe-uninitialized warning
 2020-10-13 10:39:07 -07:00
Jon Siwek
08339f071e Add reference to network_time_init from zeek_init docs 2020-10-13 10:38:01 -07:00
Seth Hall
92eb7c10da Finishing changes from code review. 2020-10-13 08:35:45 -04:00
Seth Hall
5d6800f6bd
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:57 -04:00
Seth Hall
928faeaad3
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:12:50 -04:00
Seth Hall
e532991bf2
Update src/iosource/pcap/pcap.bif 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-13 08:09:58 -04:00
Jon Siwek
d827e8b2d2 Improve documentation for zeek_init event scheduling pitfalls 2020-10-12 17:45:24 -07:00
Jon Siwek
8c85f2135e GH-1211: Improve error message for already-defined functions 2020-10-12 16:19:19 -07:00
Jon Siwek
cbe47650d1 Remove superfluous RuleCondition destructors 2020-10-12 11:20:50 -07:00
Seth Hall
36d75a0296 I accidentally missed a paren 2020-10-12 12:59:40 -04:00
Seth Hall
7bcbc57401 New bif to wrap pcap_findalldevs 2020-10-12 12:47:23 -04:00
Johanna Amann
f4d9cf5f89 Introduce generate_all_events bif and add option to misc/dump-events 
generate_all_events causes all events to be raised internally; this
makes it possible for dump_events to really capture all events (and not
just those that were handled).

Addresses GH-169
 2020-10-12 16:21:18 +02:00
Jon Siwek
5904d0708f GH-779: Add "udp-state" signature condition 
It accepts "originator" or "responder" states as a way to enforce that
the signature only matches packets in the associated direction.
The "established" state is rejected as an error since it doesn't
have a useful meaning like it does for the "tcp-state" condition.
 2020-10-09 13:43:17 -07:00
Jon Siwek
7556beac20 Rename RuleConditionTCPState::TCPState enum values 2020-10-09 12:56:23 -07:00
Jon Siwek
7b77c7e523 Rename signature parser tokens to not be TCP-specific 2020-10-09 12:41:15 -07:00
Seth Hall
39177ce8c9
Apply suggestions from code review 
Co-authored-by: Jon Siwek <jsiwek@corelight.com>
 2020-10-09 12:16:44 -04:00
Jon Siwek
d9f4f9b371 Silence Clang's warning about ignoring GCC's maybe-uninitialized warning 
Clang supports `#pragma GCC diagnostic` for "compatibility", but not
`-Wmaybe-uninitialized`, so was emitting `warning: unknown warning group
'-Wmaybe-uninitialized'`
 2020-10-08 17:57:56 -07:00
Seth Hall
97f7bf784b Fixed an option processing bug 2020-10-08 16:11:25 -04:00
Seth Hall
2bdc56dfcd Make it possible to pass command line options through to scripts. 
The feature is documented with the zeek_script_args variable in
init-bare.zeek.
 2020-10-08 15:46:28 -04:00
Jon Siwek
b3c5e9adbb Merge remote-tracking branch 'origin/topic/jsiwek/gh-1200' 
* origin/topic/jsiwek/gh-1200:
  GH-1200: ignore a maybe-uninitialized warning
 2020-10-08 12:07:58 -07:00
Jon Siwek
164cac2563 GH-1200: ignore a maybe-uninitialized warning 2020-10-07 14:49:27 -07:00
Jon Siwek
6902b645ba Merge: Fix multipart MIME leak of sub-part found after closing-boundary 2020-10-07 10:46:51 -07:00
Robin Sommer
b0bf9f02c8 Merge remote-tracking branch 'origin/topic/christian/364-logfilter-hooks' into master 
(Adding a NEWS entry.)

* origin/topic/christian/364-logfilter-hooks:
  Update testing/btest/scripts/base/frameworks/logging/hooks.zeek
  Btests for log filter policy hooks
  Btest baseline updates to reflect new logging policy hooks
  Migrate existing use of filter predicates to policy hooks
  Support for log filter policy hooks
 2020-10-07 08:44:50 +00:00
Jon Siwek
f9f6140c15 Merge remote-tracking branch 'origin/topic/robin/gh-425-record-perf' 
- Removed a now-unused-local-variable
- Added std::move() in AssignExpr::SetOp2()

* origin/topic/robin/gh-425-record-perf:
  Avoid unnecessary temporary value when coercing a record that's already the right type.
  Optimize record constructor expression.
  Unify type comparisions for records.
 2020-10-06 12:25:39 -07:00
Jon Siwek
506d961b27 Merge branch 'logging-ascii-enable-shadow-logs' of https://github.com/awelzel/zeek into master 
- Improved documentation/comment for the new option

* 'logging-ascii-enable-shadow-logs' of https://github.com/awelzel/zeek:
  logging/ascii: Support leftover log rotation in non-supervisor setups
 2020-10-06 10:15:34 -07:00
Robin Sommer
553ce28500 Avoid unnecessary temporary value when coercing a record that's already the right type. 
The combination of this commit with the previous one now lets the
examples in #425 all execute with the same performance.

Closes #425.
 2020-10-05 10:49:03 +00:00
Robin Sommer
e9aa531b83 Optimize record constructor expression. 
We remove the inheritance from UnaryExpression because we know the
type of the operand precisely and can skip a temporary when evaluating
the expression.

#425
 2020-10-05 10:48:36 +00:00