Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12680 commits 388 branches 195 tags 264 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Bernhard Amann
2dd0d057e6 Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog 
Conflicts:
	src/NetVar.cc
	src/NetVar.h
 2013-08-30 08:43:47 -07:00
Robin Sommer
23144e44a7 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix global opaque val segfault, addresses BIT-1071
  Fix malloc/delete mismatch.
  Fix invalid pointer dereference in AsciiFormatter.
 2013-08-30 08:28:18 -07:00
Jon Siwek
dc2e3d6e04 Fix global opaque val segfault, addresses BIT-1071 
The opaque types need to be created before scripts are parsed.
 2013-08-29 17:17:40 -05:00
Jon Siwek
742a047a40 Fix malloc/delete mismatch. 2013-08-29 16:22:59 -05:00
Robin Sommer
c8a2fbeadd Merge remote-tracking branch 'origin/fastpath' 
Changed two deletes to Unrefs.

* origin/fastpath:
  Fix input framework memory leaks.
  Fix mem leak in socks analyzer for bad addr types.
  Fix bloom filter memory leaks.
 2013-08-29 14:20:59 -07:00
Jon Siwek
c4e8908c8e Fix invalid pointer dereference in AsciiFormatter. 
Using a temporary object with strtol() makes the end pointer that it
sets invalid after the call.
 2013-08-29 15:50:46 -05:00
Jon Siwek
b6e2505202 Fix input framework memory leaks. 
Couldn't figure out a test case: gperftools didn't report them (maybe
due to threading?), but valgrind did.
 2013-08-29 14:13:16 -05:00
Jon Siwek
e54ea6d7e9 Fix mem leak in socks analyzer for bad addr types. 2013-08-29 14:09:56 -05:00
Jon Siwek
fb8b78840b Fix bloom filter memory leaks. 2013-08-29 11:24:24 -05:00
Robin Sommer
6373d817a5 Merge remote-tracking branch 'origin/topic/jsiwek/uid' 
Thanks!

* origin/topic/jsiwek/uid:
  Add bits_per_uid unit test, addressing BIT0-1016.
  UID optimizations addressing BIT-1016.

BIT-1016 #merged
 2013-08-28 18:57:00 -07:00
Bernhard Amann
dc9fd36497 Merge remote branch 'origin/master' into topic/bernhard/hyperloglog 2013-08-28 17:48:59 -07:00
Jon Siwek
5c119561ad UID optimizations addressing BIT-1016. 
Max UID bit-length is now 128, but can be increased w/ trivial source
code change of BRO_UID_LEN.
 2013-08-28 15:35:18 -05:00
Robin Sommer
f46f692185 Merge remote-tracking branch 'origin/topic/bernhard/hexstr' 
BIT-1069 #merged

* origin/topic/bernhard/hexstr:
  add hexstr_to_bytestring bif that does exactly the opposite of bytestring_to_hexstr.
 2013-08-27 13:30:25 -07:00
Robin Sommer
f6b689db81 Merge remote-tracking branch 'origin/topic/jsiwek/uid' 
* origin/topic/jsiwek/uid:
  Fix UID compiler warning/error & missed baselines.
  Increase UIDs to 96 bits w/ C/F prefix - BIT-1016
 2013-08-27 12:36:12 -07:00
Bernhard Amann
8a5a2b5b39 add hexstr_to_bytestring bif that does exactly the opposite of 
bytestring_to_hexstr.
 2013-08-27 12:20:03 -07:00
Jon Siwek
50dbbab52c Fix UID compiler warning/error & missed baselines. 2013-08-26 16:11:20 -05:00
Jon Siwek
22bf3e1196 Increase UIDs to 96 bits w/ C/F prefix - BIT-1016 
- The bit-length is adjustable via redef'ing bits_per_uid.

- Prefix 'C' is used for connection UIDS (including IP tunnels) and
  'F' for files.
 2013-08-26 15:36:31 -05:00
Bernhard Amann
74f96d22ef Merge remote branch 'origin/master' into topic/bernhard/hyperloglog 
Conflicts:
	src/3rdparty
 2013-08-26 12:53:13 -07:00
Robin Sommer
df84083227 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Remove code relict pointed out by Bernhard.
  Fix wrong documentation for mkdir BIF.
  File extraction tweaks.
 2013-08-24 10:29:07 -07:00
Hui Lin
3e3ca1bb74 fixed number of object bug in dnp3-protocol pac; update two base test trases 2013-08-23 18:10:30 -05:00
Jon Siwek
6dbbce8e05 Remove code relict pointed out by Bernhard. 
The condition should never be true, it's leftover from my
hacking/debugging code.
 2013-08-23 12:03:13 -05:00
Jon Siwek
288ef20a4e Fix wrong documentation for mkdir BIF. 2013-08-23 11:57:37 -05:00
Jon Siwek
814d827c44 Use macros to create file analyzer plugin classes. 2013-08-22 17:03:50 -05:00
Jon Siwek
89ae4ffd05 Add options to limit extracted file sizes w/ 100MB default. 2013-08-22 16:37:58 -05:00
Robin Sommer
a18e0f1e15 Merge remote-tracking branch 'origin/topic/jsiwek/misc' 
* origin/topic/jsiwek/misc:
  Unlock mutex in raw input reader error cases - BIT-1060
  Fix a deadlock w/ SQLite.
  Fix a unit test.
  Make mem leak tests able to time out.
  Fix a compiler warning regarding strncat misuse.
  Add a diff canonifier to a test in need of it.
  Input framework unit test adjustments.
  Raw input reader command execution "fixes".
 2013-08-22 08:44:03 -07:00
Jon Siwek
8432f05bdb Fix memory leak w/ when statements - BIT-1058 
Specifically if the condition of a when statement uses an index
expression (e.g. table lookup).
 2013-08-21 14:28:52 -05:00
Jon Siwek
f3950da009 Unlock mutex in raw input reader error cases - BIT-1060 2013-08-20 09:54:31 -05:00
Jon Siwek
71704ab002 Merge branch 'master' into topic/jsiwek/misc 2013-08-19 14:40:09 -05:00
Jon Siwek
dc370fdd8d Fix a deadlock w/ SQLite. 
sqlite3_shutdown() was called a bit too early, when SQLite-using
threads may still have yet to fully shutdown.
 2013-08-19 14:18:18 -05:00
Robin Sommer
ab8d13889e Merge remote-tracking branch 'origin/topic/matthias/bloom-filter' 
* origin/topic/matthias/bloom-filter:
  Use Bro-style platform-independent integer types.
  Change bloom filter's dependence on size_t.
  Remove debugging code.
  Update baseline with now correct FP tests.
  Add debugging code to find FP inconsistency.

Conflicts:
	src/3rdparty
 2013-08-19 11:26:29 -07:00
Robin Sommer
95f74313d0 Merge branch 'master' of https://github.com/anthonykasza/bro 
* 'master' of https://github.com/anthonykasza/bro:
  levenshtein distance function unit test
  levenshtein distance

Conflicts:
	src/3rdparty
 2013-08-19 11:20:50 -07:00
Bernhard Amann
19932175e9 add external 3rdparty submodule 2013-08-16 18:41:25 -07:00
Bernhard Amann
96893f4c16 step 1 - delete 3rdparty 2013-08-16 18:40:45 -07:00
Matthias Vallentin
516e044e34 Use Bro-style platform-independent integer types. 2013-08-16 13:29:52 -07:00
Jon Siwek
774dadfe9a Change bloom filter's dependence on size_t. 
That type can vary across platforms, but factored in to a bloom
filter's internal state, e.g. size of the seed.
 2013-08-16 12:39:21 -05:00
Jon Siwek
59cea649c9 Fix a compiler warning regarding strncat misuse. 2013-08-14 15:13:24 -05:00
Jon Siwek
c18d1100ab Merge branch 'master' into topic/jsiwek/misc 2013-08-14 14:19:54 -05:00
Robin Sommer
f7a31ab004 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix timer type enum and timer name array mismatch.
 2013-08-14 10:30:03 -07:00
Jon Siwek
d3dad31bdc Raw input reader command execution "fixes". 
- Primarily working around an issue that occurs when threads
  concurrently create pipes and fork a child process.  See comment in
  code...

- Other minor cleanup of the code:  making sure the child process calls
  _exit() versus exit(), limits itself to few select system calls before
  the exec(), and closes more unused file descriptors.
 2013-08-14 11:37:30 -05:00
Jon Siwek
95507d5865 Fix timer type enum and timer name array mismatch. 2013-08-14 10:48:44 -05:00
Robin Sommer
83eae53f54 Merge remote-tracking branch 'origin/topic/seth/unified2-analyzer' 
BIT-1054 #merged

* origin/topic/seth/unified2-analyzer:
  Fixes in case a packet isn't seen that matches an event.
  Finished work on unified2 analyzer.
  Fixed some tests.
  Working unified2 analyzer.
  Unified2 file analyzer updated to new plugin style.
  Adding the unified2 analyzer.

Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
 2013-08-13 18:37:52 -07:00
Seth Hall
f7c6dd7f7e Finished work on unified2 analyzer. 2013-08-13 03:21:43 -04:00
Robin Sommer
b72c2a9764 Fixing bug in DNP3 analyzer flagged by compiler warning. 2013-08-12 14:38:37 -07:00
Seth Hall
091c8f3ebc Working unified2 analyzer. 
- No output by default yet.  Most of the activity is centered
   around generating the Unified2::alert event which ties together
   an IDSEvent and a packet.
 2013-08-12 14:57:12 -04:00
Robin Sommer
45f1b89f60 Merge branch 'topic/robin/dnp3-merge-v3' 
Includes a bit more docs/comments cleanup. We should eventually
document the events further but it should suffice for now.

* topic/robin/dnp3-merge-v3:
  Tiny bit of cleanup and adapting the new test.
  added a test case for dnp3 packets with only link layer
  added condition to check DNP3 packet without app layer data
  Fixing well-known port.
  Pluginizing the DNP3 analyzer, plus a basic script logging requests and replies.
 2013-08-12 11:39:03 -07:00
Bernhard Amann
baef38976d Merge remote-tracking branch 'origin/topic/bernhard/hyperloglog' into topic/bernhard/hyperloglog 2013-08-12 09:50:43 -07:00
Bernhard Amann
2a684cd486 Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog 2013-08-12 09:48:03 -07:00
Bernhard Amann
d83edf8068 Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog 
Conflicts:
	src/NetVar.cc
	src/NetVar.h
	src/SerialTypes.h
	src/probabilistic/CMakeLists.txt
	testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro
	testing/btest/scripts/base/frameworks/sumstats/basic.bro
 2013-08-12 09:47:53 -07:00
Robin Sommer
a927189bdb Tiny bit of cleanup and adapting the new test. 2013-08-11 16:20:08 -07:00
Hui Lin
21d45a435c added condition to check DNP3 packet without app layer data 
Conflicts:
	src/analyzer/protocol/dnp3/DNP3.cc
 2013-08-11 16:02:27 -07:00