Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3375 commits 385 branches 195 tags 258 MiB
Commit graph

3375 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
3c27267223 Improvements for the "bad checksums" detector to make it detect bad TCP checksums. 2012-12-13 11:09:41 -05:00
Seth Hall
0cf98ac325 Improved file name extraction for SMTP when file name is included in Content-Type header. 2012-12-13 10:27:08 -05:00
Matthias Vallentin
09aa14d037 Use more descriptive error message. 2012-12-12 15:13:28 -08:00
Matthias Vallentin
c3428ea491 Fix the fix :-/. 2012-12-12 15:12:25 -08:00
Matthias Vallentin
8454f69203 Fix initialization of hash values. 2012-12-12 15:04:12 -08:00
Matthias Vallentin
652a015522 Be clearer about delegation. 
Bro uses the Do* prefix to signify the implementation of an aspect. This commit
adopts the opaque values to use this pattern.
 2012-12-12 14:54:07 -08:00
Matthias Vallentin
238cffaac4 Implement serialization of opaque types. 
This means that, conceptually, incremental hash computations now can start at
one node and finish at another one.
 2012-12-12 14:44:28 -08:00
Robin Sommer
6603b851fe Updating submodule(s). 
[nomail]
 2012-12-12 14:29:10 -08:00
Robin Sommer
3438a8d8f9 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Trick for parallelizing input framework unit tests.
  Maybe fix reliability of a unit test that relies on when statements.
  Remove unused attributes
 2012-12-12 14:26:45 -08:00
Jon Siwek
f6d5da423c Fix record constructors in table initializer indices. Addresses #660. 
For an index expression list, ListExpr::InitVal() passed the TypeList
to Expr::InitVal() for each expression element in the list instead of
the type for that element.  This made RecordConstructorExpr::InitVal()
complain since it expects a RecordType and not a TypeList with a
RecordType element as an argument.  In most other cases, Expr::InitVal()
worked because check_and_promote() "flattens" the list to a single type.
 2012-12-12 14:52:08 -06:00
Matthias Vallentin
97e3ea1efe Update hash BiF documentation. 2012-12-12 10:39:48 -08:00
Matthias Vallentin
ddd306f00f Migrate free SHA* functions to SHA*Val::digest(). 2012-12-12 10:28:56 -08:00
Matthias Vallentin
91f2cb2b64 Add missing type name that caused failing tests. 2012-12-11 16:49:33 -08:00
Matthias Vallentin
816965f3c7 Merge remote-tracking branch 'origin/master' into topic/matthias/opaque 2012-12-11 16:32:01 -08:00
Matthias Vallentin
30bab14dbf Update base scripts and unit tests. 2012-12-11 16:26:17 -08:00
Matthias Vallentin
833a559cac Simplify hash function BiFs. 2012-12-11 16:25:56 -08:00
Matthias Vallentin
624003f036 Add support for opaque hash values. 2012-12-11 16:25:11 -08:00
Jon Siwek
43ed437daa Trick for parallelizing input framework unit tests. 
Instead of loading listen.bro to block until files are read, just read
a pcap file in pseudo-realtime.  Seems to work well.
 2012-12-11 17:06:54 -06:00
Jon Siwek
aff5898442 Maybe fix reliability of a unit test that relies on when statements. 2012-12-11 16:26:01 -06:00
Jon Siwek
4c278ce387 Merge branch 'master' into fastpath 2012-12-11 16:21:23 -06:00
Matthias Vallentin
23ca1c90ef Adapt BiF & Bro parser to handle opaque types. 2012-12-10 18:29:06 -08:00
Robin Sommer
b867333c2e Merge remote-tracking branch 'origin/topic/jsiwek/gtp' 
* origin/topic/jsiwek/gtp:
  Change binpac exceptions in AYIYA/GTP analyzers to do protocol_violation
  Add GTP tunnel analyzer memory leak unit test.
  Add GPRS Tunnelling Protocol (GTPv1) decapsulation.

Closes #690.
 2012-12-10 14:48:18 -08:00
Daniel Thayer
cb7fd7c87c Remove unused attributes 
Removed attributes &postprocessor and &match from documentation
and source code.  Removed undocumented attribute &attr from
source code.  Removed internal attribute (&tracked) from documentation.
 2012-12-10 15:43:13 -06:00
Robin Sommer
e8482fef99 Updating CHANGES and VERSION. 2012-12-08 12:05:32 -08:00
Matthias Vallentin
622190b4ef More lexer/parser work. 2012-12-07 22:37:59 -10:00
Robin Sommer
e2d20cb7bc Changing the HTTP parser to accept methods that align with the RFC. 2012-12-07 19:42:03 -08:00
Robin Sommer
5598e1ca9b Updating submodule(s). 
[nomail]
 2012-12-06 15:52:36 -08:00
Robin Sommer
a31161ef26 Updating submodule(s). 
[nomail]
 2012-12-06 08:34:46 -08:00
Seth Hall
dda36672ac Merge remote-tracking branch 'origin/master' into topic/seth/metrics-merge 2012-12-06 11:07:35 -05:00
Matthias Vallentin
2494940d95 Implement equivalence relation for opaque types. 2012-12-05 18:52:52 -10:00
Robin Sommer
57510464a1 Adapting the HTTP request line parsing to only accept methods 
consisting of letters [A-Za-z].

I had some bogus HTTP sessions now with the test-suite that reported
data as HTTP because it started with "<!... ". Requiring letters seems
a reasonable constraint.
 2012-12-05 16:56:54 -08:00
Robin Sommer
c8d264f105 Updating submodule(s). 
[nomail]
 2012-12-05 15:50:46 -08:00
Robin Sommer
90fc5c97e5 Reporting warnings if kill/waitpid fail in communication system. Also 
replace bzero with memset(). Patches from Bill Parker.
 2012-12-05 15:50:15 -08:00
Robin Sommer
177c014cb7 Merge remote-tracking branch 'vlad/topic/vladg/http-verbs' 
* vlad/topic/vladg/http-verbs:
  A test for HTTP methods, including some horribly illegal requests.
  Remove hardcoded HTTP verbs from the analyzer (#741)

I added a "bad_HTTP_request" weird for HTTP request lines that don't
have more than a single word.

Closes #741.
 2012-12-05 15:27:42 -08:00
Robin Sommer
4877f8344d Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  ok, this one is a bit... embarrassing.
  Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66)
  Bad record constructor initializers now give an error (addresses #34).
  Invalid vector indices now generate error message (addresses #24).
  Bump CPack RPM package requirement to python >= 2.6.0.
  Interpreter exceptions occurring in "when" blocks are now handled.
 2012-12-05 14:39:26 -08:00
Bernhard Amann
3973cb1075 Merge remote-tracking branch 'origin/fastpath' into fastpath 2012-12-05 12:42:02 -08:00
Bernhard Amann
d367e227c1 ok, this one is a bit... embarrassing. 
Delete the correct entry in case of error. Fixes a segfault when the faulty
data is of type string and not the last field of the input...
 2012-12-05 12:40:00 -08:00
Jon Siwek
f403e537ec Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66) 
Synchronization of state between connecting peers now skips over
identifiers that aren't initialized with a value yet.  If they're
assigned a value later, that will be synchronized like usual.
 2012-12-05 12:36:09 -06:00
Matthias Vallentin
fa9aeeaaf1 Support basic serialization of opaque. 2012-12-04 21:44:28 -10:00
Jon Siwek
32239ea633 Bad record constructor initializers now give an error (addresses #34). 
As opposed to a segfault.
 2012-12-04 16:29:23 -06:00
Jon Siwek
75278af8a1 Invalid vector indices now generate error message (addresses #24). 
The error/behavior is the same as accessing tables at invalid indices.
 2012-12-04 15:22:16 -06:00
Jon Siwek
7758f4dc9c Bump CPack RPM package requirement to python >= 2.6.0. 2012-12-04 12:45:52 -06:00
Jon Siwek
f7440375f1 Interpreter exceptions occurring in "when" blocks are now handled. 
The scripting error that caused the exception is still reported, but
it no longer causes Bro to terminate.  Addresses #779
 2012-12-04 12:38:09 -06:00
Seth Hall
d0e8a6eef3 Comment updates and revised scan detection duration logging. 
- Detection duration tracking is now logged in notices as 2m43s and
  only goes down to seconds.  Previously is was proceeding to milli-
  and micro seconds which aren't particularly useful.

- Inline docu-comment updates from Vlad Grigorescu.
 2012-12-04 11:54:39 -05:00
Seth Hall
3af4517e2a Adding an $end time for result values to measure the length of time a measurement took. 2012-12-04 11:04:01 -05:00
Seth Hall
d61d175a04 Merge remote-tracking branch 'origin/master' into topic/seth/metrics-merge 2012-12-04 00:17:43 -05:00
Seth Hall
e769ab469f Comment and indentation cleanup. 2012-12-04 00:15:49 -05:00
Seth Hall
3ca0333294 Fix to checking metrics thresholds at the end of the break interval ($every field). 2012-12-04 00:15:19 -05:00
Robin Sommer
05e6289719 Catching out-of-memory in patricia tree code. 
Based on patch by Bill Parker.
 2012-12-03 15:42:43 -08:00
Robin Sommer
63d43e6545 Renaming ASCII writer filter option 'only_single_header_row' to 'tsv'. 
Also clarifying usage.

Closes #912.
 2012-12-03 14:40:38 -08:00