Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
3375 commits 387 branches 195 tags 259 MiB
Commit graph

3375 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bernhard Amann
852de4700c automatically delete disabled input streams 2012-06-07 14:12:42 -07:00
Bernhard Amann
18f07d3a46 Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads-merge 2012-06-07 13:51:37 -07:00
Bernhard Amann
4223b5261b small documentation fixes 2012-06-07 13:51:23 -07:00
Jon Siwek
9d2a21c490 Extend weird names that occur in core packet processing during decapsulation. 
Appending a "_in_tunnel" to the weird name might help clarify that
the weird is happening with a packet that is attempting to be processed
as a result of decapsulation.
 2012-06-07 13:03:13 -05:00
Jon Siwek
6f346c8406 Add Teredo analysis option to reduce false positive decapsulation. 
The Tunnel::yielding_teredo_decapsulation (on by default) makes it so
the Teredo analyzer doesn't attempt to decapsulate payloads when
there's already a sibling analyzer that thinks it's parsing the right
protocol.  Sometimes, UDP payloads just happen to look like they are
validly Teredo-encapsulated and doing further analysis on the
decapsulated packet can quickly turn into a weird; this change helps
reduce such weirds.
 2012-06-07 13:01:10 -05:00
Jon Siwek
d1e4e6e812 Include header for usleep(), caused compile failure on Archlinux. 2012-06-06 16:11:23 -05:00
Jon Siwek
9ddb70b109 Merge branch 'master' into topic/tunnels 
Conflicts:
	scripts/base/init-bare.bro
 2012-06-06 14:53:57 -05:00
Jon Siwek
beacf581d3 Just some cleanup/documentation of new tunnel-handling code. 2012-06-06 14:40:11 -05:00
Robin Sommer
9a86a5e21f Revert "Fixed a bug with the MIME analyzer not removing whitespace on wrapped headers." 
This reverts commit 89cb103a2c.
 2012-06-06 12:21:24 -07:00
Robin Sommer
f0db2db914 Updating submodule(s). 
[nomail]
 2012-06-06 11:55:15 -07:00
Robin Sommer
45f5900547 Merge remote-tracking branch 'origin/topic/jsiwek/load-sigs' 
* origin/topic/jsiwek/load-sigs:
  Add @load-sigs directive for loading signature files (addresses #551).

Closes #551.
 2012-06-06 11:49:39 -07:00
Robin Sommer
73cefcc11c Merge remote-tracking branch 'origin/topic/dnthayer/bif-tests' 
* origin/topic/dnthayer/bif-tests:
  Improve "fmt" BIF documentation comment
  Improve tests of the type_name BIF
  Improve test cases for "order" BIF
  Fix documentation of sort BIF and add more tests
  Fix documentation for system_env BIF
  Deprecate the parse_dotted_addr BIF (use to_addr instead)
  Improve tests for to_port and type_name BIFs
  Improve tests for sort, order, and system_env BIFs
  Fix the join_string_vec BIF and add more tests
  Add more tests for previously-untested BIFs
  Add more tests for previously-untested BIFs
  Add more tests for previously-untested BIFs
  Add more tests for previously-untested BIFs
  Add tests for previously-untested strings BIFs
 2012-06-06 11:42:16 -07:00
Robin Sommer
8ae765ef68 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Memory leak fixes for bad usages of VectorVal ctor.
  Fixed a bug with the MIME analyzer not removing whitespace on wrapped headers.
 2012-06-06 11:06:03 -07:00
Jon Siwek
7599ac8f31 Memory leak fixes for bad usages of VectorVal ctor. 
Many usages of the VectorVal ctor didn't account for the fact that
it automatically Ref's the VectorType argument and end up leaking it.
 2012-06-06 11:50:15 -05:00
Jon Siwek
0bdbeb89e2 Memory leak fixes 2012-06-06 10:41:36 -05:00
Vlad Grigorescu
5e05e548ff Change time printf format to use the more compatible PRIu64. 2012-06-05 23:20:28 -04:00
Vlad Grigorescu
894dec0069 No quotes for times and doubles, since ES won't interpret them as numbers then. 2012-06-05 23:01:36 -04:00
Vlad Grigorescu
a3b330dbc6 Make default index name 'bro'. 2012-06-05 17:24:13 -04:00
Vlad Grigorescu
5db027e39f Fix timestamp overflow bug. 2012-06-05 17:23:50 -04:00
Jon Siwek
f36d96144d Add a config.h definition for IPPROTO_IPV4. 
Some older systems may only have IPPROTO_IPIP, the same value, but
less clear to read.
 2012-06-05 15:34:30 -05:00
Jon Siwek
727b7783f9 Add AYIYA tunnel decapsulation unit test. 2012-06-05 15:17:27 -05:00
Jon Siwek
854c625275 Add Teredo-specific events. 
These are called "teredo_packet", "teredo_authentication",
"teredo_origin_indication", and "teredo_bubble" and may be raised
on a per-packet basis depending on Teredo encapsulation method.
 2012-06-05 15:07:56 -05:00
Jon Siwek
b52436a53b Refactor some of the NetSessions routines that recurse on IP packets. 
Separating the IP packet validation/parsing from the recursive
call to DoNextPacket to make it easier for analyzers to get
access to the inner IP_Hdr.
 2012-06-05 12:23:16 -05:00
Seth Hall
89cb103a2c Fixed a bug with the MIME analyzer not removing whitespace on wrapped headers. 
- No test due to lack of tracefile with wrapped header.
 2012-06-05 11:25:10 -04:00
Jon Siwek
976e8db155 Add independent options to toggle the different decapsulation methods 2012-06-05 10:17:41 -05:00
Jon Siwek
8540c4d0cd Add more sanity checks before recursing on encapsulated IP packets. 
i.e. the IP protocol version and payload length get checked for
consistency before attempting further analysis.
 2012-06-05 09:58:44 -05:00
Jon Siwek
ae85bd1b95 Suppress Teredo weirds unless decapsulation was successful once before. 2012-06-04 16:57:46 -05:00
Jon Siwek
9851591317 Tunnel support performance optimization. 
Looks better to allocate Encapsulation objects on-demand when tunnels
are discovered rather than always have an automatic, empty one for
every packet.
 2012-06-04 16:14:30 -05:00
Jon Siwek
47c2fda88e Merge branch 'master' into topic/tunnels 2012-06-04 11:09:45 -05:00
Vlad Grigorescu
5915a2d304 Minor documentation formatting change 2012-06-03 23:02:07 -04:00
Vlad Grigorescu
bf852b51f5 Minor documentation formatting change 2012-06-03 23:01:18 -04:00
Vlad Grigorescu
3d8b86c00a Minor documentation formatting change 2012-06-03 23:00:10 -04:00
Vlad Grigorescu
360d7e2eda Minor documentation formatting change 2012-06-03 22:59:29 -04:00
Vlad Grigorescu
b3216906fe Minor documentation formatting change 2012-06-03 22:56:38 -04:00
Vlad Grigorescu
d09fc15b2d Minor documentation formatting change 2012-06-03 22:54:19 -04:00
Vlad Grigorescu
c8e770a499 Some basic documentation in doc/logging-elasticsearch.rst 2012-06-03 22:51:21 -04:00
Vlad Grigorescu
7bee0b0d8e Added sending messages to ElasticSearch over HTTP. 2012-06-03 22:07:20 -04:00
Vlad Grigorescu
95f000738b ElasticSearch log writer implementation test 1 - writes out JSON to file instead of sending it over HTTP for now. 2012-06-03 12:40:09 -04:00
Daniel Thayer
6e5eb187dd Improve "fmt" BIF documentation comment 
Also update test cases for fmt.
 2012-06-01 18:11:46 -05:00
Daniel Thayer
6292083b74 Improve tests of the type_name BIF 2012-06-01 16:23:40 -05:00
Daniel Thayer
2b0db01874 Improve test cases for "order" BIF 
Also fixed some comments and error messages in the "order" BIF.
 2012-06-01 15:50:49 -05:00
Daniel Thayer
2eddaffc90 Fix documentation of sort BIF and add more tests 2012-06-01 14:24:42 -05:00
Jon Siwek
dd4dd0ca6e Add @load-sigs directive for loading signature files (addresses #551). 2012-06-01 14:10:23 -05:00
Daniel Thayer
19e3f2ee56 Fix documentation for system_env BIF 2012-06-01 13:12:55 -05:00
Daniel Thayer
3b2ac75e91 Deprecate the parse_dotted_addr BIF (use to_addr instead) 2012-06-01 12:36:30 -05:00
Daniel Thayer
13f0711af5 Merge remote-tracking branch 'origin/master' into topic/dnthayer/bif-tests 2012-06-01 10:59:38 -05:00
Daniel Thayer
5f8cbf8a51 Change alarm summary email interval to 24hrs 2012-05-31 17:30:48 -05:00
Robin Sommer
c5ae071500 Updating submodule(s). 
[nomail]
 2012-05-31 14:27:50 -07:00
Robin Sommer
36de4bf3f3 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Change Input::update_finished lookup to happen at init time.
  Fix format specifier on RemoteSerializer::Connect.
 2012-05-31 14:27:36 -07:00
Bernhard Amann
85e29a9471 Documentation 2012-05-31 14:26:25 -07:00