Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00

Author	SHA1	Message	Date
Tim Wojtulewicz	fd67206865	Minor review nits	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	43e77a3338	Fixes for community ID hashing with new proto values	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	5a3d16e16f	Use new_connection instead of connection_state_remove	2024-11-13 14:08:30 -07:00
Tim Wojtulewicz	623fea9014	Add policy script to remove ip_proto field, rename protocol naming script	2024-11-13 14:08:04 -07:00
Tim Wojtulewicz	5e5aceb6f7	Rename protocol_id field to ip_proto and similar renaming for name field	2024-11-13 12:02:00 -07:00
Tim Wojtulewicz	d0896e81d6	Increase size of proto fields to uint16_t, add common default value	2024-11-13 11:25:46 -07:00
Tim Wojtulewicz	f762a45e83	Disable part of core/dict-iteration-expire5 btest to avoid iteration bug The second set of seeds in this test trip the bug reported in #3538	2024-11-13 11:25:46 -07:00
Tim Wojtulewicz	35ec9733c0	Add conn.log entries for connections with unhandled IP protocols	2024-11-13 11:25:40 -07:00
Johanna Amann	a96515a2e8	Merge remote-tracking branch 'origin/topic/johanna/ci-u2410' * origin/topic/johanna/ci-u2410: CI: Add Ubuntu 24.10	2024-11-13 14:52:29 +00:00
Johanna Amann	2f5f8bdd36	CI: Add Ubuntu 24.10	2024-11-13 12:58:20 +00:00
Tim Wojtulewicz	0217208c49	Merge remote-tracking branch 'origin/topic/timw/remove-abspath-cleanup' * origin/topic/timw/remove-abspath-cleanup: diff-remove-abspath: Add separate handling of Windows paths diff-remove-abspath: Remove capture of windows drive letters from POSIX regex	2024-11-12 12:26:56 -07:00
Robin Sommer	0ea2a35d7a	Merge remote-tracking branch 'origin/topic/robin/spicy-bump' * origin/topic/robin/spicy-bump: Bump Spicy to current `main`.	2024-11-12 16:16:23 +01:00
Arne Welzel	d0bf4e428a	Merge remote-tracking branch 'origin/topic/awelzel/pseudo-realtime-again' * origin/topic/awelzel/pseudo-realtime-again: PktSrc: Remove first_timestamp condition check PktSrc: Fix includes PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState RunState.h: Deprecate misleadingly named current_packet_timestamp() debug: Add processing suspended/continued to debug.log	2024-11-12 16:00:19 +01:00
Robin Sommer	f68d43bc02	Bump Spicy to current `main`.	2024-11-12 15:00:01 +01:00
Arne Welzel	fcab5fd6cf	PktSrc: Remove first_timestamp condition check The comment is stale and first_timestamp is only relevant/available in pseudo_realtime.	2024-11-12 10:46:55 +01:00
Arne Welzel	ffa1fafa03	PktSrc: Fix includes	2024-11-12 10:46:55 +01:00
Arne Welzel	d9a7f9f36f	PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState check_pseudo_time() used zeek_start_time which skews things sufficiently around being in the past when ZAM compilation takes multiple seconds. Switch to using first_wallclock instead. Further, move setting of first_timestamp and first_wallclock from PktSrc into RunState's dispatch_packet(), so it's more centralized now. The only pseudo_realtime piece left in PktSrc() is in GetNextTimeout() to determine how long the PktSrc is idle until the next packet is ready.	2024-11-12 10:46:55 +01:00
Arne Welzel	54d28a2179	RunState.h: Deprecate misleadingly named current_packet_timestamp() This returns current_pseudo, naming it current_packet_timestamp() is actively misleading.	2024-11-12 10:46:55 +01:00
Arne Welzel	402b768787	debug: Add processing suspended/continued to debug.log	2024-11-12 10:46:55 +01:00
Arne Welzel	9e27334596	Merge remote-tracking branch 'origin/topic/vern/zam-asan-fixes' * origin/topic/vern/zam-asan-fixes: ZAM fixes for assignments involving "any" record fields fixes for (mostly ZAM) vector operation issues found by ASAN Including a fix for mmdb/explicit-open.zeek to avoid using assert.	2024-11-12 10:29:56 +01:00
zeek-bot	57ffa96600	Update doc submodule [nomail] [skip ci]	2024-11-12 00:11:11 +00:00
Benjamin Bannier	1d38c31071	Merge remote-tracking branch 'origin/topic/etyp/cookie-nullptr-spicy-dpd'	2024-11-11 22:30:50 +01:00
Evan Typanski	ae33aa0413	Fix nullptr deref in Spicy accept/decline input Seems like this is a continuation of #4006	2024-11-11 10:30:02 -05:00
Robin Sommer	0285196626	Merge remote-tracking branch 'origin/topic/robin/gh-3988-evt-assert' * origin/topic/robin/gh-3988-evt-assert: Spicy: Improve error messages reporting malformed unit names in EVT files. Spicy:: Remove unhelpful assertion.	2024-11-11 14:02:15 +01:00
Robin Sommer	3362d44e0c	Merge remote-tracking branch 'origin/topic/robin/gh-4007-spicy-eod' * origin/topic/robin/gh-4007-spicy-eod: Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down.	2024-11-11 14:02:05 +01:00
Arne Welzel	50c2b10cfb	Merge remote-tracking branch 'origin/topic/awelzel/run-zam-ci-if-changes-include-src-script-opt' * origin/topic/awelzel/run-zam-ci-if-changes-include-src-script-opt: ci: Run ZAM CI if src/script_opt is modified	2024-11-11 10:25:56 +01:00
Arne Welzel	43789fbccc	ci: Run ZAM CI if src/script_opt is modified ...and rework && to \|\| conditions.	2024-11-11 10:18:14 +01:00
Arne Welzel	f598c89f17	Merge remote-tracking branch 'origin/topic/timw/update-c-ares-to-latest-release' * origin/topic/timw/update-c-ares-to-latest-release: DNS_Mgr: Remove processing of dns aliases in general ci: Add dnsmasq to a few platforms for testing DNS_Mgr: Fix aliases memory issues btest: Add integration test for DNS_Mgr DNS_Mgr: Remove usage of ares_getsock from Lookup DNS_Mgr: Remove usage of ares_getsock from GetNextTimeout DNS_Mgr: Switch to ares_set_servers_csv DNS_Mgr: Use ares_dns_record methods for queries Update vcpkg submodule to pick up c-ares v1.34.2 Update c-ares submodule to v1.34.2	2024-11-11 09:53:04 +01:00
Arne Welzel	d3579c1f34	Merge remote-tracking branch 'origin/topic/awelzel/community-id-new-connection' * origin/topic/awelzel/community-id-new-connection: policy/community-id: Populate conn$community_id in new_connection()	2024-11-11 09:35:49 +01:00
Vern Paxson	197d49773c	ZAM fixes for assignments involving "any" record fields	2024-11-11 09:19:54 +01:00
Vern Paxson	c7e5e5feea	fixes for (mostly ZAM) vector operation issues found by ASAN	2024-11-11 09:19:54 +01:00
zeek-bot	35cac72984	Update doc submodule [nomail] [skip ci]	2024-11-09 00:12:14 +00:00
Tim Wojtulewicz	e3763df065	DNS_Mgr: Remove processing of dns aliases in general	2024-11-08 12:45:51 -07:00
Arne Welzel	346a9233da	Merge remote-tracking branch 'origin/topic/vern/zam-any-coerce-leak' * origin/topic/vern/zam-any-coerce-leak: Fixed ZAM memory leak when coercing values to "any"	2024-11-08 18:36:34 +01:00
Arne Welzel	cb679e4d7a	policy/community-id: Populate conn$community_id in new_connection() This wasn't possible before #3028 was fixed, but now it's safe to set the value in new_connection() and allow other users access to the field much earlier. We do not have to deal with connection_flipped() because the community-id hash is symmetric.	2024-11-08 18:19:55 +01:00
Arne Welzel	3f4de778ae	ci: Add dnsmasq to a few platforms for testing	2024-11-08 09:50:35 -07:00
Arne Welzel	0a7c9365be	ci: Remove -b from test_script lines for zam tasks Better for monitoring process.	2024-11-08 17:13:49 +01:00
Arne Welzel	4f8ef3c792	Merge remote-tracking branch 'origin/topic/vern/zam-degenerate-CFT-propagation' * origin/topic/vern/zam-degenerate-CFT-propagation: fixes for ZAM's propagation of control flow information for some degenerate constructs	2024-11-08 15:35:08 +01:00
Vern Paxson	148215aa87	fixes for ZAM's propagation of control flow information for some degenerate constructs	2024-11-08 15:34:21 +01:00
Arne Welzel	bc75b1811d	Merge remote-tracking branch 'origin/topic/vern/zam-vector-loop-leak' * origin/topic/vern/zam-vector-loop-leak: fixed ZAM memory leak when looping over vectors of records	2024-11-08 15:32:57 +01:00
Arne Welzel	8613f821f9	Merge remote-tracking branch 'origin/topic/vern/cat-builtin-tmp' * origin/topic/vern/cat-builtin-tmp: fixed access to uninitialized memory in ZAM's "cat" built-in	2024-11-08 15:23:00 +01:00
Arne Welzel	8945b2b186	Merge remote-tracking branch 'origin/topic/awelzel/asan-zam-ci' * origin/topic/awelzel/asan-zam-ci: ci: Add asan and ubsan sanitizer tasks for ZAM	2024-11-08 15:22:26 +01:00
Arne Welzel	6f9eec6c33	ci: Add asan and ubsan sanitizer tasks for ZAM Closes #3906	2024-11-08 15:17:03 +01:00
Robin Sommer	d57c125942	Spicy: Improve error messages reporting malformed unit names in EVT files.	2024-11-08 13:44:09 +01:00
Robin Sommer	2d935d9668	Spicy:: Remove unhelpful assertion. In cases of a malformed event definition, this could fire instead of a more helpful error message coming later. Closes #3988.	2024-11-08 12:54:14 +01:00
Robin Sommer	9e1592d5c4	Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down. So far, when Zeek didn't see a connection's regular tear-down (e.g., because its state timed-out before we got to the end), we'd still signal a regular end-of-data to Spicy parsers. As a result, they would then typically raise a parse error because they were probably still expecting data and would now declare it missing. That's not very useful because semantically it's not really a protocol issue if the data just doesn't make it over to us; it's a transport-layer issue that Zeek already handles elsewhere. So we now switch to signaling end-of-data to Spicy analyzers only if the connection indeed shuts down regularly. This is also matches how BinPAC handles it. This also comes with a test exercising various combinations of end-of-data behavior so that we ensure consistent/desired behavior. Closes #4007.	2024-11-08 12:20:29 +01:00
Arne Welzel	5859a7e28c	DNS_Mgr: Fix aliases memory issues	2024-11-08 11:29:40 +01:00
Arne Welzel	f3fbe45c4c	btest: Add integration test for DNS_Mgr This makes use of an ephemeral dnsmasq instance	2024-11-08 11:29:31 +01:00
Vern Paxson	6c2b2819c7	fixed access to uninitialized memory in ZAM's "cat" built-in	2024-11-07 17:13:22 -08:00
Vern Paxson	cf1de7e6b7	Fixed ZAM memory leak when coercing values to "any"	2024-11-07 08:28:34 -08:00

1 2 3 4 5 ...

17209 commits