Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12680 commits 388 branches 195 tags 268 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Vlad Grigorescu
ca55d203cb Kerberos analyzer 2014-07-24 21:55:41 -04:00
Vlad Grigorescu
6a34de5dd8 SMB & NTLM analyzers. 2014-07-24 21:46:38 -04:00
Vlad Grigorescu
101d340b18 MySQL analyzer 2014-07-24 15:52:42 -04:00
Robin Sommer
c6e204fbe2 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
Conflicts:
	aux/btest
 2014-07-22 20:27:00 -07:00
Robin Sommer
48b251abd1 Merge branch 'topic/robin/dynamic-plugins-2.3' into topic/robin/reader-writer-plugins 2014-07-22 17:27:16 -07:00
Robin Sommer
9f0bc0fdf1 Starting to implement the proposed PACF API. 2014-07-22 03:57:05 +02:00
Robin Sommer
fa1ba06414 Merge remote-tracking branch 'origin/topic/hui/modbus-events' 
* origin/topic/hui/modbus-events:
  adding another trace file to test read and write coil function codes
  add/update test file and baseline result
  add implementation of bytestring_to_coils for modbusy analyzer
  adding a missing field in record ModbusHeaders
  add event handlers for modbus
 2014-07-22 01:03:48 +02:00
Robin Sommer
9e74fcaf2a The HOOK_CALL_FUNCTION plugin hook is now also triggered for builtin 
functions.
 2014-07-22 00:26:20 +02:00
Robin Sommer
38c69f9cd0 Allow to activate plugins from the command line by specifying their 
fully-qualified name.
 2014-07-21 16:58:10 +02:00
Robin Sommer
c9524757d2 Adding Files::register_for_mime_type() to associate a file analyzer 
with a MIME type.

Whenever that MIME is detected, Bro will now automatically activate
the analyzer. The interface mimics how well-known ports are defined
for protocol analyzers.

This isn't actually used by any existing file analyzer (because we
don't have any yet that target a specific file format), but there's a
test making sure it works.
 2014-07-21 16:31:22 +02:00
Robin Sommer
f4cbcb9b03 Converting log writers and input readers to plugins. 2014-07-20 19:17:58 +02:00
Robin Sommer
6d9e261384 Moving component's CanonicalName() method into base class. 2014-07-12 18:31:00 -07:00
Robin Sommer
9616cd8e61 Further polishing and cleanup in preparation for merge. 2014-07-12 18:12:09 -07:00
Robin Sommer
aeb8e71e8c Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
Conflicts:
	aux/bro-aux
	aux/broccoli
 2014-07-10 20:11:52 -07:00
Jon Siwek
3cea6ab1eb Include yield of vectors in Broxygen's type descriptions. 
BIT-1217 #close
 2014-07-10 19:23:49 -05:00
Robin Sommer
6298b4cf71 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
Conflicts:
	aux/broctl
 2014-06-26 20:00:57 -07:00
mlaterman
413871af79 DataSeries compilation issue fixed. 
BIT-1121 #merged
 2014-06-26 17:25:07 -07:00
Robin Sommer
83457b2974 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix a reference counting bug in ListVal ctor.
 2014-06-26 17:24:00 -07:00
Jon Siwek
45e714844c Support tilde expansion when Bro tries to find its own path. 2014-06-26 15:44:45 -05:00
Jon Siwek
bfaa082aee Fix a reference counting bug in ListVal ctor. 2014-06-25 10:44:57 -05:00
Vlad Grigorescu
d98b5b88b5 Parse PE section headers. 2014-06-22 07:18:12 -04:00
Vlad Grigorescu
8ffa81f390 Updated PE analyzer to work with changes in master. 2014-06-21 13:30:14 -04:00
Vlad Grigorescu
b91b0646b8 Merge remote-tracking branch 'origin/master' into topic/vladg/file-analysis-exe-analyzer 
Conflicts:
	scripts/base/init-default.bro
	src/file_analysis/analyzer/CMakeLists.txt
 2014-06-21 13:15:14 -04:00
Robin Sommer
48c6b934f4 Plugin fixes for FreeBSD. 2014-06-19 13:22:52 -07:00
Robin Sommer
62d07a3fc4 Merge branch 'topic/robin/dynamic-plugins-2.3' of git.bro.org:bro into topic/robin/dynamic-plugins-2.3 2014-06-18 14:44:26 -07:00
Robin Sommer
cd5409de34 Adding missing method implementation. 2014-06-18 14:33:42 -07:00
Robin Sommer
55de5c60f4 Enabling to specific a set of plugins with the -N option. 
Bro will then print information only about the plugins specified.
 2014-06-18 14:33:42 -07:00
Robin Sommer
60cf0ddf26 Polishing, mostly documentation updates. 2014-06-17 11:50:23 -07:00
Robin Sommer
ba7af428a7 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 2014-06-13 09:27:02 -07:00
Robin Sommer
ba229f798d Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix use-after-free in some cases of reassigning a table index.
 2014-06-10 18:17:04 -07:00
Jon Siwek
e616554ab8 Fix use-after-free in some cases of reassigning a table index. 
Specifically observed when redef'ing the same index of a table that uses
subnets as indices, though the bug seems like it applies more generally
to anytime TableVal::Assign is provided with just the HashKey parameter
and not the index Val.

Addresses BIT-1202.
 2014-06-10 13:38:32 -05:00
Robin Sommer
c289a2743b Merge remote-tracking branch 'origin/topic/bernhard/ssl-new-events' 
* origin/topic/bernhard/ssl-new-events:
  Add two more ssl events - one triggered for each handshake message and one triggered for the tls change cipherspec message.

BIT-1201 #merged
 2014-06-06 13:24:17 -07:00
Bernhard Amann
67c0cc118d Add two more ssl events - one triggered for each handshake message and one 
triggered for the tls change cipherspec message.

Also - fix small bug. In case SSL::disable_analyzer_after_detection was set
to F, the ssl_established event would fire after each data packet after the
session is established.
 2014-06-06 12:50:54 -07:00
Robin Sommer
0f372c99df Merge remote-tracking branch 'origin/topic/matthias/bloomfilter-fix' 
* origin/topic/matthias/bloomfilter-fix:
  Switch to double hashing.
  Use full digest length instead of just one byte.

BIT-1140 #merged
 2014-06-05 14:42:26 -07:00
Matthias Vallentin
673607f9a7 Switch to double hashing. 
For large k, standard hashing imposes an unnecessary overhead. By switchting to
double hashing, we invoke the hash function code at most two times.
 2014-06-05 16:02:25 +02:00
Matthias Vallentin
1d50874256 Use full digest length instead of just one byte. 
When our universal hash function fell back to MD5 for inputs larger than
supported by H3, the computation only returned the first byte of the MD5 result
instead of as many bytes as needed to cover sizeof(Hasher::digest).
 2014-06-05 16:01:20 +02:00
Hui Lin
6280eb6d6e add implementation of bytestring_to_coils for modbusy analyzer 2014-06-04 14:44:42 -05:00
Hui Lin
da261b4ca4 adding a missing field in record ModbusHeaders 2014-06-04 12:29:01 -05:00
Robin Sommer
cfde6225b0 Merge remote-tracking branch 'origin/topic/bernhard/ticket-1195' 
* origin/topic/bernhard/ticket-1195:
  update test baseline
  Make buffer for certificate subjects bigger. Flush buffer between reads (in case we still get something with a longer subject).

BIT-1195 #merged
 2014-06-03 12:39:42 -07:00
Hui Lin
bc4b5773c8 add event handlers for modbus 2014-06-02 21:39:04 -05:00
Bernhard Amann
bb09de7828 Make buffer for certificate subjects bigger. 
Flush buffer between reads (in case we still get something with a longer subject).

Addresses BIT-1195
 2014-05-30 15:31:33 -07:00
Robin Sommer
551950c438 Adding environment variable BRO_PLUGIN_ACTIVATE that unconditionally 
activates plugins.

Plugins are specified with a comma-separated list of names.
 2014-05-29 18:15:18 -07:00
Robin Sommer
d88b333353 A number of smaller API extensions to provide plugins with access to 
information.
 2014-05-29 18:15:14 -07:00
Jon Siwek
8383828b02 Fix potential mem leak in remote function/event unserialization. 
I say potential because a code path to get in the required state is
not obvious (if one even exists).
 2014-05-28 15:12:38 -05:00
Jon Siwek
ed7273ccf1 Fix reference counting bug in table coercion expressions. 2014-05-28 14:54:18 -05:00
Seth Hall
8d72cd20a8 Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
 2014-05-27 10:59:43 -04:00
Seth Hall
8d9940c8c3 Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
 2014-05-27 10:56:11 -04:00
Jon Siwek
ad6c58ce43 Fix an "unused value" warning. 2014-05-27 09:30:17 -05:00
Jon Siwek
7211d73ee6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  last ssl fixes - missed three more.
  and more tiny ssl script fixes
  a few more small fixes for chains containing broken certs.
  fix expression errors in x509 policy scrips when unparseable data is in certificate chain.
 2014-05-21 15:59:26 -05:00
Bernhard Amann
ff00c0786a a few more small fixes for chains containing broken certs. 2014-05-21 11:01:33 -07:00