Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/johanna/dtls13

Browse source 
* origin/master: (35 commits)
  Update doc submodule [nomail] [skip ci]
  Updating submodule(s) [nomail]
  zeek.bif: Add log2() and ceil()
  Use the same rules as cmake submodule to reformat Zeek
  Update cmake submodule after reformat
  Fixup Val.h/Val.cc: Actually move ValFromJSON into zeek::detail
  Implement from_json bif
  Revert "Skip version.h by default for Zeek sources"
  BTest baseline updates for -O gen-C++
  updates to C++ maintenance scripts to better handle uncompilable BTests
  added ZEEK_REPORT_UNCOMPILABLE environment variable for "-O report-uncompilable"
  Skip version.h by default for Zeek sources
  core.network_time.broker: Test reliability improvement
  cluster/supervisor: Multi-logger awareness
  Bump zeek-archiver submodule
  ci: Add public-ecr-vacuum.sh
  Update doc submodule [nomail] [skip ci]
  generate-docs: Only update submodule pointer during scheduled builds
  BTest baseline updates for ZAM
  NTP: Detect out-of-order packets
  ...
This commit is contained in:
Johanna Amann 2023-05-10 13:02:08 +01:00
commit 527c0dc09f
239 changed files with 3023 additions and 1862 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.cirrus.yml
View file

@ -612,6 +612,21 @@ container_image_manifest_docker_builder:
- arm64_container_image
- amd64_container_image
# Once we've published new images in container_image_manifest, remove any untagged
# images from the public ECR repository to stay within free-tier bounds.
public_ecr_cleanup_docker_builder:
cpu: 1
only_if: >
$CIRRUS_CRON == '' && $CIRRUS_REPO_FULL_NAME == 'zeek/zeek' && $CIRRUS_BRANCH == 'master'
env:
AWS_ACCESS_KEY_ID: ENCRYPTED[!eff52f6442e1bc78bce5b15a23546344df41bf519f6201924cb70c7af12db23f442c0e5f2b3687c2d856ceb11fcb8c49!]
AWS_SECRET_ACCESS_KEY: ENCRYPTED[!748bc302dd196140a5fa8e89c9efd148882dc846d4e723787d2de152eb136fa98e8dea7e6d2d6779d94f72dd3c088228!]
AWS_REGION: us-east-1
cleanup_script:
- ./ci/public-ecr-cleanup.sh
depends_on:
- container_image_manifest
cluster_testing_docker_builder:
cpu: *CPUS
memory: *MEMORY

80
.cmake-format.json Normal file
View file

@ -0,0 +1,80 @@
{
"parse": {
"additional_commands": {
"CheckIPProto": {
"kwargs": {
"_proto": "*"
}
},
"CheckType": {
"kwargs": {
"_type": "*",
"_alt_type": "*",
"_var": "*"
}
},
"SetPackageVersion": {
"kwargs": {
"_version": "*"
}
},
"SetPackageFileName": {
"kwargs": {
"_version": "*"
}
},
"SetPackageInstallScripts": {
"kwargs": {
"VERSION": "*"
}
},
"ConfigurePackaging": {
"kwargs": {
"_version": "*"
}
},
"SetPackageGenerators": {},
"SetPackageMetadata": {},
"FindRequiredPackage": {
"kwargs": {
"packageName": "*"
}
},
"InstallClobberImmune": {
"kwargs": {
"_srcfile": "*",
"_dstfile": "*"
}
},
"InstallPackageConfigFile": {
"kwargs": {
"_srcfile": "*",
"_dstdir": "*",
"_dstfilename": "*"
}
},
"InstallShellScript": {
"kwargs": {
"_srcfile": "*",
"_dstfile": "*"
}
},
"InstallSymLink": {
"kwargs": {
"_filepath": "*",
"_sympath": "*"
}
}
}
},
"format": {
"line_width": 100,
"tab_size": 4,
"separate_ctrl_name_with_space": true,
"max_subgroups_hwrap": 3,
"line_ending": "unix"
},
"markup": {
"enable_markup": false
}
}

6
.github/workflows/generate-docs.yml vendored
View file

@ -34,7 +34,13 @@ jobs:
with:
submodules: "recursive"
# Only reset the submodule pointer for scheduled builds. The reason to do
# this is to pick up any merge commits or anything that may have been
# missed in a merge, but not have any actual content. We don't want to do
# it otherwise because PRs should just use the submodule they're pointing
# at.
- name: Switch doc submodule to master
if: github.event_name == 'schedule'
run: cd doc && git checkout master
- name: Fetch Dependencies

6
.pre-commit-config.yaml
View file

@ -17,3 +17,9 @@ repos:
rev: v0.31.0
hooks:
- id: yapf
- repo: https://github.com/cheshirekow/cmake-format-precommit
rev: v0.6.13
hooks:
- id: cmake-format
exclude: '^auxil/.*$'

166
CHANGES
View file

@ -1,3 +1,169 @@
6.0.0-dev.533 | 2023-05-09 13:38:37 -0700
* core.network_time.broker: Test reliability improvement (Arne Welzel, Corelight)
I wasn't able to reproduce this locally, but after looking at
-B main-loop,tm for a bit it dawned that if the manager is sending
ticks too fast, the Broker IO source may consume two ticks in one go
before expiring timers and that would explain the observed baseline
differences.
Solve this by removing the reliance on realtime delays and switch to
a request-reply pattern instead.
6.0.0-dev.531 | 2023-05-09 13:38:15 -0700
* ci: Add public-ecr-vacuum.sh (Arne Welzel, Corelight)
6.0.0-dev.529 | 2023-05-09 12:54:28 -0700
* Updating submodule(s) [nomail] (Tim Wojtulewicz, Corelight)
6.0.0-dev.527 | 2023-05-09 19:11:00 +0200
* GH-2930: zeek.bif: Add log2() and ceil() (Arne Welzel, Corelight)
6.0.0-dev.525 | 2023-05-09 09:05:51 -0700
* Use the same rules as cmake submodule to reformat Zeek (Tim Wojtulewicz, Corelight)
* Update cmake submodule after reformat (Tim Wojtulewicz, Corelight)
6.0.0-dev.522 | 2023-05-09 15:19:43 +0200
* cluster/supervisor: Multi-logger awareness (Arne Welzel, Corelight)
When multiple loggers are configured in a Supervisor controlled cluster
configuration, encode extra information into the rotated filename to
identify which logger produced the log.
This is similar to the approach taken for ZeekControl, re-using the
log_suffix terminology, but as there's only a single zeek-archiver
process and no postprocessors and no other side-channel for additional
information, we encode extra metadata into the filename. zeek-archiver
is extended to recognize the special metadata part of the filename.
This also solves the issue that multiple loggers in a supervisor setup
overwrite each others log files within a single log-queue directory.
* Bump zeek-archiver submodule (Arne Welzel, Corelight)
6.0.0-dev.519 | 2023-05-09 11:03:32 +0200
* Fixup Val.h/Val.cc: Actually move ValFromJSON into zeek::detail (Arne Welzel, Corelight)
6.0.0-dev.518 | 2023-05-09 10:19:46 +0200
* Implement from_json bif (Fupeng Zhao)
6.0.0-dev.516 | 2023-05-05 14:08:15 -0700
* BTest baseline updates for -O gen-C++ (Vern Paxson, Corelight)
* updates to C++ maintenance scripts to better handle uncompilable BTests (Vern Paxson, Corelight)
* added ZEEK_REPORT_UNCOMPILABLE environment variable for "-O report-uncompilable" (Vern Paxson, Corelight)
* BTest baseline updates for ZAM (Vern Paxson, Corelight)
6.0.0-dev.511 | 2023-05-05 21:04:11 +0200
* Revert "Skip version.h by default for Zeek sources" (Arne Welzel, Corelight)
This reverts commit 8246baf25c692b658e7a39527f6652e37f5b5095.
Actually fails the include_plugins CI test and I had just
opened another related issue.
6.0.0-dev.510 | 2023-05-05 20:14:21 +0200
* Skip version.h by default for Zeek sources (Dominik Charousset, Corelight)
6.0.0-dev.508 | 2023-05-05 08:48:10 -0700
* generate-docs: Only update submodule pointer during scheduled builds (Tim Wojtulewicz, Corelight)
6.0.0-dev.505 | 2023-05-04 20:08:33 +0200
* GH-2998: NTP: Detect out-of-order packets (Arne Welzel, Corelight)
The NTP mode provides us with the identity of the endpoints. For the
simple CLIENT / SERVER modes, flip the connection if we detect
orig/resp disagreeing with what the message says. This mainly
results in the history getting a ^ and the ntp.log / conn.log
showing the corrected endpoints.
6.0.0-dev.503 | 2023-05-04 10:56:33 -0700
* Include compiler in --show-config output (Dominik Charousset, Corelight)
* Fix CMake option defaults on Windows (Dominik Charousset, Corelight)
* Move build defaults from configure to CMake (Dominik Charousset, Corelight)
Moving the defaults for build variables from the `configure` script to
`CMakeLists.txt` gives the same default behavior on platforms where the
`configure` script is not available (Windows) and also allows a pure
CMake-based work flow (e.g., the standard `cmake -S . -B build`) without
having to manually adjust the defaults.
The `configure` script also becomes much simpler as a result.
6.0.0-dev.498 | 2023-05-04 09:30:18 +0200
* scripts/smb2-main: Reset script-level state upon smb2_discarded_messages_state() (Arne Welzel, Corelight)
This is similar to what the external corelight/zeek-smb-clear-state script
does, but leverages the smb2_discarded_messages_state() event instead of
regularly checking on the state of SMB connections.
The pcap was created using the dperson/samba container image and mounting
a share with Linux's CIFS filesystem, then copying the content of a
directory with 100 files. The test uses a BPF filter to imitate mostly
"half-duplex" traffic.
* smb2: Limit per-connection read/ioctl/tree state (Arne Welzel, Corelight)
Users on Slack observed memory growth in an environment with a lot of
SMB traffic. jeprof memory profiling pointed at the offset and fid maps
kept per-connection for smb2 read requests.
These maps can grow unbounded if responses are seen before requests, there's
packet drops, just one side of the connection is visible, or we fail to parse
responses properly.
Forcefully wipe out these maps when they grow too large and raise
smb2_discarded_messages_state() to notify script land about this.
6.0.0-dev.493 | 2023-05-03 11:13:15 -0700
* Update Mozilla CA and Google CT lists (Johanna Amann, Corelight)
6.0.0-dev.491 | 2023-05-03 09:31:36 -0700
* Surround string assignments in zeek-config in quotes (Tim Wojtulewicz, Corelight)
6.0.0-dev.489 | 2023-05-03 09:31:19 -0700
* Remove parser error message for bro_init, et al (Tim Wojtulewicz, Corelight)
6.0.0-dev.487 | 2023-05-03 09:30:55 -0700
* Add additional length check to IEEE 802.11 analyzer (Tim Wojtulewicz, Corelight)
6.0.0-dev.484 | 2023-05-03 14:18:03 +0100
* SSL: do not try to disable failed analyzer (Johanna Amann, Corelight)
Currently, if a TLS/DTLS analyzer fails with a protocol violation, we
will still try to remove the analyzer later, which results in the
following error message:
error: connection does not have analyzer specified to disable
Now, instead we don't try removing the analyzer anymore, after a
violation occurred.
6.0.0-dev.480 | 2023-05-02 20:28:55 +0200
* ip4_hdr: Add DF, MF, offset and sum fields (Arne Welzel, Corelight)

542
CMakeLists.txt
View file

@ -9,12 +9,67 @@ endif()
project(Zeek C CXX)
# We want to set ENABLE_DEBUG to ON by default if the build type is Debug.
set(ENABLE_DEBUG_DEFAULT OFF)
if (NOT GENERATOR_IS_MULTI_CONFIG)
string(TOLOWER "${CMAKE_BUILD_TYPE}" build_type_lower)
if (build_type_lower STREQUAL "debug")
set(ENABLE_DEBUG_DEFAULT ON)
endif ()
unset(build_type_lower)
endif ()
# On UNIX, install additional Zeek tools by default and build shared objects.
if (NOT WIN32)
set(ZEEK_INSTALL_TOOLS_DEFAULT ON)
option(BUILD_SHARED_LIBS "Build targets as shared libraries." ON)
else ()
set(ZEEK_INSTALL_TOOLS_DEFAULT OFF)
endif ()
# CMake options (Boolean flags).
option(ENABLE_DEBUG "Build Zeek with additional debugging support." ${ENABLE_DEBUG_DEFAULT})
option(ENABLE_JEMALLOC "Link against jemalloc." OFF)
option(ENABLE_PERFTOOLS "Build with support for Google perftools." OFF)
option(ENABLE_ZEEK_UNIT_TESTS "Build the C++ unit tests." ON)
option(INSTALL_AUX_TOOLS "Install additional tools from auxil." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(INSTALL_BTEST "Install btest alongside Zeek." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(INSTALL_BTEST_PCAPS "Install pcap files for testing." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(INSTALL_ZEEKCTL "Install zeekctl." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(INSTALL_ZEEK_ARCHIVER "Install the zeek-archiver." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(INSTALL_ZEEK_CLIENT "Install the zeek-client." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(INSTALL_ZKG "Install zkg." ${ZEEK_INSTALL_TOOLS_DEFAULT})
option(PREALLOCATE_PORT_ARRAY "Pre-allocate all ports for zeek::Val." ON)
option(ZEEK_STANDALONE "Build Zeek as stand-alone binary?" ON)
option(ENABLE_ZEEK_UNIT_TESTS "Build the C++ (doctest) unit tests?" ON)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON
CACHE INTERNAL "Write JSON compile commands database")
# Non-boolean options.
if (NOT WIN32)
if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
set(CMAKE_INSTALL_PREFIX "/usr/local/zeek"
CACHE PATH "Install directory used by install()." FORCE)
endif ()
# On windows, this defaults to "c:/Program Files/${PROJECT_NAME}":
# https://cmake.org/cmake/help/v3.15/variable/CMAKE_INSTALL_PREFIX.html.
endif ()
set(ZEEK_SCRIPT_INSTALL_PATH "${CMAKE_INSTALL_PREFIX}/share/zeek"
CACHE PATH "Install directory for Zeek scripts.")
set(ZEEK_ETC_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/etc"
CACHE PATH "Install directory for Zeek configuration files.")
set(CMAKE_EXPORT_COMPILE_COMMANDS ON CACHE INTERNAL
"Whether to write a JSON compile commands database")
set(ZEEK_CXX_STD cxx_std_17 CACHE STRING "The C++ standard to use.")
set(ZEEK_SANITIZERS "" CACHE STRING "Sanitizers to use when building.")
set(CPACK_SOURCE_IGNORE_FILES "" CACHE STRING "Files to be ignored by CPack")
set(ZEEK_INCLUDE_PLUGINS "" CACHE STRING "Extra plugins to add to the build.")
# Look into the build tree for additional CMake modules.
list(APPEND CMAKE_MODULE_PATH ${CMAKE_BINARY_DIR})
list(APPEND CMAKE_PREFIX_PATH ${CMAKE_BINARY_DIR})
@ -29,8 +84,7 @@ if ( MSVC )
CMAKE_C_FLAGS
CMAKE_C_FLAGS_DEBUG
CMAKE_C_FLAGS_RELEASE
CMAKE_C_FLAGS_RELWITHDEBINFO
)
CMAKE_C_FLAGS_RELWITHDEBINFO)
foreach (CompilerFlag ${CompilerFlags})
string(REGEX REPLACE "[/|-]MDd" "" ${CompilerFlag} "${${CompilerFlag}}")
string(REGEX REPLACE "[/|-]MD" "" ${CompilerFlag} "${${CompilerFlag}}")
@ -42,12 +96,10 @@ if ( MSVC )
endforeach ()
# Set compilation flags for Windows
add_compile_options(
/guard:cf # required by CheckCFlags
add_compile_options(/guard:cf # required by CheckCFlags
/Z7) # required by CheckCFlags
add_link_options(
/debug:full # required by CheckCFlags
add_link_options(/debug:full # required by CheckCFlags
)
# Set always to static runtime
@ -69,8 +121,7 @@ if ( MSVC )
conan_cmake_autodetect(settings)
# Install packages from conanfile
conan_cmake_install(PATH_OR_REFERENCE ${CMAKE_SOURCE_DIR}/ci/windows/conanfile_windows.txt
BUILD missing
SETTINGS ${settings})
BUILD missing SETTINGS ${settings})
endif ()
# Set LibPCAP to point to libpcap binaries.
@ -95,7 +146,8 @@ if ( MSVC )
add_definitions(-DCARES_STATICLIB)
add_subdirectory(auxil/libunistd)
set(UNISTD_INCLUDES ${CMAKE_SOURCE_DIR}/auxil/libunistd/unistd ${CMAKE_SOURCE_DIR}/auxil/libunistd/regex)
set(UNISTD_INCLUDES ${CMAKE_SOURCE_DIR}/auxil/libunistd/unistd
${CMAKE_SOURCE_DIR}/auxil/libunistd/regex)
include_directories(BEFORE ${UNISTD_INCLUDES})
# Required for `check_include_files` to operate correctly
list(APPEND CMAKE_REQUIRED_INCLUDES ${UNISTD_INCLUDES})
@ -117,8 +169,8 @@ include(cmake/CommonCMakeConfig.cmake)
include(cmake/FindClangTidy.cmake)
include(cmake/CheckCompilerArch.cmake)
########################################################################
## Main targets and utilities.
# ##############################################################################
# Main targets and utilities.
# Variable for referring back to Zeek's top-level source dir. Used for plugins
# to tell them where to find the Zeek headers.
@ -128,8 +180,8 @@ set(ZEEK_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}")
# zeek-plugin-create-package.sh. Needed by ZeekPluginConfig.cmake.in.
set(ZEEK_PLUGIN_SCRIPTS_PATH "${PROJECT_SOURCE_DIR}/cmake")
# Our C++17 base target for propagating compiler and linker flags.
# Note: for now, we only use it for passing library dependencies around.
# Our C++17 base target for propagating compiler and linker flags. Note: for
# now, we only use it for passing library dependencies around.
add_library(zeek_internal INTERFACE)
add_library(Zeek::Internal ALIAS zeek_internal)
set_target_properties(zeek_internal PROPERTIES EXPORT_NAME Internal)
@ -216,39 +268,26 @@ endfunction()
# loaded plugins. Also propagates include paths and C++17 mode on the install
# interface.
add_library(zeek_dynamic_plugin_base INTERFACE)
target_link_libraries(zeek_dynamic_plugin_base
INTERFACE
$<BUILD_INTERFACE:zeek_internal>)
target_include_directories(zeek_dynamic_plugin_base
INTERFACE
$<INSTALL_INTERFACE:include>
$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
target_link_libraries(zeek_dynamic_plugin_base INTERFACE $<BUILD_INTERFACE:zeek_internal>)
target_include_directories(
zeek_dynamic_plugin_base
INTERFACE $<INSTALL_INTERFACE:include> $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/src>)
target_compile_features(zeek_dynamic_plugin_base INTERFACE ${ZEEK_CXX_STD})
add_library(Zeek::DynamicPluginBase ALIAS zeek_dynamic_plugin_base)
set_target_properties(
zeek_dynamic_plugin_base PROPERTIES
EXPORT_NAME DynamicPluginBase)
set_target_properties(zeek_dynamic_plugin_base PROPERTIES EXPORT_NAME DynamicPluginBase)
install(TARGETS zeek_dynamic_plugin_base EXPORT ZeekTargets)
# On macOS, we need to tell the linker that the modules are allowed to have
# undefined symbols.
if (CMAKE_SYSTEM_NAME MATCHES "Darwin")
target_link_options(
zeek_dynamic_plugin_base
INTERFACE
-undefined
dynamic_lookup
target_link_options(zeek_dynamic_plugin_base INTERFACE -undefined dynamic_lookup
-Wl,-bind_at_load)
endif ()
function (add_zeek_dynamic_plugin_build_interface_include_directories)
foreach (path ${ARGV})
target_include_directories(
zeek_dynamic_plugin_base
INTERFACE
$<BUILD_INTERFACE:${path}>
)
target_include_directories(zeek_dynamic_plugin_base INTERFACE $<BUILD_INTERFACE:${path}>)
endforeach ()
endfunction ()
@ -261,21 +300,13 @@ add_zeek_dynamic_plugin_build_interface_include_directories(
${CMAKE_BINARY_DIR}/src
${CMAKE_BINARY_DIR}/src/include
${CMAKE_BINARY_DIR}/auxil/binpac/lib
${CMAKE_BINARY_DIR}/auxil/broker/include
)
${CMAKE_BINARY_DIR}/auxil/broker/include)
# Convenience function for adding an OBJECT library that feeds directly into the
# main target(s).
#
# Usage:
# zeek_add_subdir_library(
# <name>
# SOURCES ...
# [INCLUDE_DIRS ...]
# [DEPENDENCIES ...]
# [INTERNAL_DEPENDENCIES ...]
# [BIFS ...]
# )
# Usage: zeek_add_subdir_library( <name> SOURCES ... [INCLUDE_DIRS ...]
# [DEPENDENCIES ...] [INTERNAL_DEPENDENCIES ...] [BIFS ...] )
function (zeek_add_subdir_library name)
# Parse arguments.
set(fn_varargs INCLUDE_DIRS DEPENDENCIES INTERNAL_DEPENDENCIES SOURCES BIFS)
@ -301,11 +332,7 @@ function(zeek_add_subdir_library name)
# Optionally add include directories and extra dependencies.
if (FN_ARGS_INCLUDE_DIRS)
target_include_directories(
${target_name}
BEFORE
PRIVATE
${FN_ARGS_INCLUDE_DIRS})
target_include_directories(${target_name} BEFORE PRIVATE ${FN_ARGS_INCLUDE_DIRS})
endif ()
if (FN_ARGS_DEPENDENCIES)
target_link_libraries(${target_name} PRIVATE ${FN_ARGS_DEPENDENCIES})
@ -318,19 +345,15 @@ function(zeek_add_subdir_library name)
zeek_target_link_libraries(${target_name})
endfunction ()
########################################################################
## Utility function for forcing CMake to re-run if files change on disk.
# ##############################################################################
# Utility function for forcing CMake to re-run if files change on disk.
function (zeek_watch_files)
set_property(
DIRECTORY
APPEND
PROPERTY CMAKE_CONFIGURE_DEPENDS ${ARGN}
)
set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${ARGN})
endfunction ()
########################################################################
## Create empty __load__.zeek stubs (override pre-existing ones).
# ##############################################################################
# Create empty __load__.zeek stubs (override pre-existing ones).
function (zeek_create_load_script_stubs)
set(file_comment "# Warning, this is an autogenerated file!\n")
@ -341,14 +364,11 @@ function(zeek_create_load_script_stubs)
endfunction ()
# Note: these files are filled from BifCl.cmake via `file(APPEND ...)`
zeek_create_load_script_stubs(
scripts/builtin-plugins/__load__.zeek
scripts/base/bif/plugins/__load__.zeek
scripts/base/bif/__load__.zeek
)
zeek_create_load_script_stubs(scripts/builtin-plugins/__load__.zeek
scripts/base/bif/plugins/__load__.zeek scripts/base/bif/__load__.zeek)
########################################################################
## Create empty __all__*.cc stubs (override pre-existing ones).
# ##############################################################################
# Create empty __all__*.cc stubs (override pre-existing ones).
function (zeek_create_bif_autogen_stubs)
set(file_comment "// Warning, this is an autogenerated file!\n")
@ -359,14 +379,11 @@ function(zeek_create_bif_autogen_stubs)
endfunction ()
# Note: these files are filled from BifCl.cmake via `file(APPEND ...)`.
zeek_create_bif_autogen_stubs(
src/__all__.bif.cc
src/__all__.bif.init.cc
src/__all__.bif.register.cc
)
zeek_create_bif_autogen_stubs(src/__all__.bif.cc src/__all__.bif.init.cc
src/__all__.bif.register.cc)
########################################################################
## Project/Build Configuration
# ##############################################################################
# Project/Build Configuration
if (ZEEK_ENABLE_FUZZERS)
# Fuzzers use shared lib to save disk space, so need -fPIC on everything
@ -403,18 +420,17 @@ if (NOT ZEEK_MAN_INSTALL_PATH)
set(ZEEK_MAN_INSTALL_PATH ${ZEEK_ROOT_DIR}/share/man)
endif ()
# sanitize the Zeek script install directory into an absolute path
# (CMake is confused by ~ as a representation of home directory)
get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH}
ABSOLUTE)
# sanitize the Zeek script install directory into an absolute path (CMake is
# confused by ~ as a representation of home directory)
get_filename_component(ZEEK_SCRIPT_INSTALL_PATH ${ZEEK_SCRIPT_INSTALL_PATH} ABSOLUTE)
# A folder for library-like Zeek-specific things: Python modules, Zeek
# plugins, etc.
# A folder for library-like Zeek-specific things: Python modules, Zeek plugins,
# etc.
set(ZEEK_LIBDIR_PATH ${CMAKE_INSTALL_FULL_LIBDIR}/zeek)
if (NOT ZEEK_PLUGIN_DIR)
set(ZEEK_PLUGIN_DIR ${ZEEK_LIBDIR_PATH}/plugins
CACHE STRING "Installation path for plugins" FORCE)
set(ZEEK_PLUGIN_DIR ${ZEEK_LIBDIR_PATH}/plugins CACHE STRING "Installation path for plugins"
FORCE)
endif ()
set(cmake_binary_dir "${CMAKE_BINARY_DIR}")
@ -423,15 +439,18 @@ set(cmake_install_prefix "${CMAKE_INSTALL_PREFIX}")
set(cmake_source_dir "${CMAKE_SOURCE_DIR}")
set(zeek_script_install_path "${ZEEK_SCRIPT_INSTALL_PATH}")
if (MSVC)
# This has to happen before we modify the paths below so that
# the pure Windows paths are stored in the output file.
# This has to happen before we modify the paths below so that the pure Windows
# paths are stored in the output file.
configure_file(zeek-path-dev.bat.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.bat)
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_binary_dir "${cmake_binary_dir}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_current_binary_dir "${cmake_current_binary_dir}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_install_prefix "${cmake_install_prefix}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_current_binary_dir
"${cmake_current_binary_dir}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_install_prefix
"${cmake_install_prefix}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" cmake_source_dir "${cmake_source_dir}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" zeek_script_install_path "${zeek_script_install_path}")
string(REGEX REPLACE "^([A-Za-z]):/(.*)" "/\\1/\\2" zeek_script_install_path
"${zeek_script_install_path}")
endif ()
# Set the path where we install the ZeekConfig.cmake file and related files.
@ -464,14 +483,16 @@ install(DIRECTORY DESTINATION ${ZEEK_LOG_DIR})
configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh
file(
WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh
"export ZEEKPATH=`${cmake_binary_dir}/zeek-path-dev`\n"
"export ZEEK_PLUGIN_PATH=\"${cmake_binary_dir}/src\":$\{ZEEK_PLUGIN_PATH\}\n"
"export PATH=\"${cmake_binary_dir}\":\"${cmake_binary_dir}/src\":\"${cmake_binary_dir}/auxil/spicy/spicy/bin\":\"${cmake_binary_dir}/src/builtin-plugins/spicy-plugin/bin\":$\{PATH\}\n"
"export SPICY_PATH=`${cmake_binary_dir}/spicy-path`\n"
"export HILTI_CXX_INCLUDE_DIRS=`${cmake_binary_dir}/hilti-cxx-include-dirs`\n")
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
file(
WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
"setenv ZEEKPATH `${cmake_binary_dir}/zeek-path-dev`\n"
"setenv ZEEK_PLUGIN_PATH \"${cmake_binary_dir}/src\":$\{ZEEK_PLUGIN_PATH\}\n"
"setenv PATH \"${cmake_binary_dir}\":\"${cmake_binary_dir}/src\":\"${cmake_binary_dir}/auxil/spicy/spicy/bin\":\"${cmake_binary_dir}/src/builtin-plugins/spicy-plugin/bin\":$\{PATH\}\n"
@ -479,7 +500,8 @@ file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
"setenv HILTI_CXX_INCLUDE_DIRS \"`${cmake_binary_dir}/hilti-cxx-include-dirs`\"\n")
file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1)
execute_process(COMMAND grep "^constexpr int PLUGIN_API_VERSION"
execute_process(
COMMAND grep "^constexpr int PLUGIN_API_VERSION"
INPUT_FILE ${CMAKE_CURRENT_SOURCE_DIR}/src/plugin/Plugin.h
OUTPUT_VARIABLE API_VERSION
OUTPUT_STRIP_TRAILING_WHITESPACE)
@ -508,7 +530,8 @@ endif()
if (NOT BINARY_PACKAGING_MODE)
macro (_make_install_dir_symlink _target _link)
install(CODE "
install(
CODE "
if ( \"\$ENV{DESTDIR}\" STREQUAL \"\" )
if ( EXISTS \"${_target}\" AND NOT EXISTS \"${_link}\" )
message(STATUS \"WARNING: installed ${_link} as symlink to ${_target}\")
@ -520,24 +543,26 @@ if ( NOT BINARY_PACKAGING_MODE )
endmacro ()
if ("${CMAKE_INSTALL_PREFIX}" STREQUAL "/usr/local/zeek")
# If we're installing into the default prefix, check if the
# old default prefix already exists and symlink to it.
# This is done to help keep custom user configuration/installation
# if they're upgrading from a version before Zeek 3.0.
# If we're installing into the default prefix, check if the old default
# prefix already exists and symlink to it. This is done to help keep custom
# user configuration/installation if they're upgrading from a version before
# Zeek 3.0.
_make_install_dir_symlink("/usr/local/bro" "/usr/local/zeek")
endif ()
# Check whether we need to symlink directories used by versions
# before Zeek 3.0.
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/include/bro" "${CMAKE_INSTALL_PREFIX}/include/zeek")
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/share/bro" "${CMAKE_INSTALL_PREFIX}/share/zeek")
# Check whether we need to symlink directories used by versions before Zeek
# 3.0.
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/include/bro"
"${CMAKE_INSTALL_PREFIX}/include/zeek")
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/share/bro"
"${CMAKE_INSTALL_PREFIX}/share/zeek")
_make_install_dir_symlink("${CMAKE_INSTALL_PREFIX}/lib/bro" "${CMAKE_INSTALL_FULL_LIBDIR}/zeek")
endif ()
if (ZEEK_SANITIZERS)
# Check the thread library info early as setting compiler flags seems to
# interfere with the detection and cause CMAKE_THREAD_LIBS_INIT to not
# include -lpthread when it should.
# interfere with the detection and cause CMAKE_THREAD_LIBS_INIT to not include
# -lpthread when it should.
find_package(Threads)
string(REPLACE "," " " _sanitizer_args "${ZEEK_SANITIZERS}")
@ -563,37 +588,42 @@ if ( ZEEK_SANITIZERS )
# list(APPEND _check_list "alignment") # TODO: fix associated errors
list(APPEND _check_list "bool")
# list(APPEND _check_list "builtin") # Not implemented in older GCCs
list(APPEND _check_list "bounds") # Covers both array/local bounds options below
list(APPEND _check_list "bounds") # Covers both array/local bounds
# options below
# list(APPEND _check_list "array-bounds") # Not implemented by GCC
# list(APPEND _check_list "local-bounds") # Not normally part of "undefined"
# list(APPEND _check_list "local-bounds") # Not normally part of
# "undefined"
list(APPEND _check_list "enum")
list(APPEND _check_list "float-cast-overflow")
list(APPEND _check_list "float-divide-by-zero")
# list(APPEND _check_list "function") # Not implemented by GCC
# list(APPEND _check_list "implicit-unsigned-integer-truncation") # Not truly UB
# list(APPEND _check_list "implicit-signed-integer-truncation") # Not truly UB
# list(APPEND _check_list "implicit-integer-sign-change") # Not truly UB
# list(APPEND _check_list "implicit-unsigned-integer-truncation") # Not
# truly UB list(APPEND _check_list "implicit-signed-integer-truncation")
# # Not truly UB list(APPEND _check_list "implicit-integer-sign-change")
# # Not truly UB
list(APPEND _check_list "integer-divide-by-zero")
list(APPEND _check_list "nonnull-attribute")
list(APPEND _check_list "null")
# list(APPEND _check_list "nullability-arg") # Not normally part of "undefined"
# list(APPEND _check_list "nullability-assign") # Not normally part of "undefined"
# list(APPEND _check_list "nullability-return") # Not normally part of "undefined"
# list(APPEND _check_list "objc-cast") # Not truly UB
# list(APPEND _check_list "pointer-overflow") # Not implemented in older GCCs
# list(APPEND _check_list "nullability-arg") # Not normally part of
# "undefined" list(APPEND _check_list "nullability-assign") # Not
# normally part of "undefined" list(APPEND _check_list
# "nullability-return") # Not normally part of "undefined" list(APPEND
# _check_list "objc-cast") # Not truly UB list(APPEND _check_list
# "pointer-overflow") # Not implemented in older GCCs
list(APPEND _check_list "return")
list(APPEND _check_list "returns-nonnull-attribute")
list(APPEND _check_list "shift")
# list(APPEND _check_list "unsigned-shift-base") # Not implemented by GCC
# list(APPEND _check_list "unsigned-shift-base") # Not implemented by
# GCC
list(APPEND _check_list "signed-integer-overflow")
list(APPEND _check_list "unreachable")
# list(APPEND _check_list "unsigned-integer-overflow") # Not truly UB
list(APPEND _check_list "vla-bound")
list(APPEND _check_list "vptr")
# Clang complains if this one is defined and the optimizer is set to -O0. We
# only set that optimization level if NO_OPTIMIZATIONS is passed, so disable
# the option if that's set.
# Clang complains if this one is defined and the optimizer is set to
# -O0. We only set that optimization level if NO_OPTIMIZATIONS is
# passed, so disable the option if that's set.
if (NOT DEFINED ENV{NO_OPTIMIZATIONS})
list(APPEND _check_list "object-size")
endif ()
@ -610,9 +640,10 @@ if ( ZEEK_SANITIZERS )
set(_sanitizer_flags "-fsanitize=${ZEEK_SANITIZERS}")
# The linker command used by check_cxx_compiler_flag requires you to also pass the sanitizer to
# it or it fails. The best way to do this is to set CMAKE_REQUIRED_LINK_OPTIONS, but save off a
# copy of it so it can be reset back to what it was previously afterwards.
# The linker command used by check_cxx_compiler_flag requires you to also pass
# the sanitizer to it or it fails. The best way to do this is to set
# CMAKE_REQUIRED_LINK_OPTIONS, but save off a copy of it so it can be reset
# back to what it was previously afterwards.
set(_temp_link_options ${CMAKE_REQUIRED_LINK_OPTIONS})
list(APPEND CMAKE_REQUIRED_LINK_OPTIONS ${_sanitizer_flags})
include(CheckCXXCompilerFlag)
@ -623,7 +654,8 @@ if ( ZEEK_SANITIZERS )
set(CMAKE_REQUIRED_LINK_OPTIONS ${_temp_link_options})
if (ZEEK_SANITIZER_UB_CHECKS)
set(_sanitizer_flags "${_sanitizer_flags} -fno-sanitize-recover=${ZEEK_SANITIZER_UB_CHECKS}")
set(_sanitizer_flags
"${_sanitizer_flags} -fno-sanitize-recover=${ZEEK_SANITIZER_UB_CHECKS}")
endif ()
set(_sanitizer_flags "${_sanitizer_flags} -fno-omit-frame-pointer")
@ -632,10 +664,10 @@ if ( ZEEK_SANITIZERS )
if (NOT DEFINED ZEEK_SANITIZER_OPTIMIZATIONS)
if (DEFINED ENV{NO_OPTIMIZATIONS})
# Using -O1 is generally the suggestion to get more reasonable
# performance. The one downside is it that the compiler may
# optimize out code that otherwise generates an error/leak in a -O0
# build, but that should be rare and users mostly will not be
# running unoptimized builds in production anyway.
# performance. The one downside is it that the compiler may optimize out
# code that otherwise generates an error/leak in a -O0 build, but that
# should be rare and users mostly will not be running unoptimized builds
# in production anyway.
set(ZEEK_SANITIZER_OPTIMIZATIONS false CACHE INTERNAL "" FORCE)
else ()
set(ZEEK_SANITIZER_OPTIMIZATIONS true CACHE INTERNAL "" FORCE)
@ -646,16 +678,16 @@ if ( ZEEK_SANITIZERS )
set(_sanitizer_flags "${_sanitizer_flags} -O1")
endif ()
# Technically, the we also need to use the compiler to drive linking and
# give the sanitizer flags there, too. However, CMake, by default, uses
# the compiler for linking and so the automatically flags get used. See
# Technically, the we also need to use the compiler to drive linking and give
# the sanitizer flags there, too. However, CMake, by default, uses the
# compiler for linking and so the automatically flags get used. See
# https://cmake.org/pipermail/cmake/2014-August/058268.html
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_sanitizer_flags}")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${_sanitizer_flags}")
endif ()
########################################################################
## Dependency Configuration
# ##############################################################################
# Dependency Configuration
include(FindRequiredPackage)
@ -681,8 +713,8 @@ endif ()
FindRequiredPackage(ZLIB)
# Forward user-defined hint for OpenSSL to the plugins. Use a cache variable to
# make sure this variable survives CMake re-runs.
# Note: This variable is picked up in ZeekPluginConfig.cmake.in.
# make sure this variable survives CMake re-runs. Note: This variable is picked
# up in ZeekPluginConfig.cmake.in.
if (OPENSSL_ROOT_DIR)
set(ZeekOpenSSLHint "${OPENSSL_ROOT_DIR}" CACHE INTERNAL "" FORCE)
elseif (DEFINED ENV{OPENSSL_ROOT_DIR})
@ -690,18 +722,17 @@ elseif (DEFINED ENV{OPENSSL_ROOT_DIR})
endif ()
# Forward PKG_CONFIG_PATH to the plugins. Use a cache variable to make sure this
# variable survives CMake re-runs.
# Note: This variable is picked up in ZeekPluginConfig.cmake.in.
# variable survives CMake re-runs. Note: This variable is picked up in
# ZeekPluginConfig.cmake.in.
if (DEFINED ENV{PKG_CONFIG_PATH})
set(ZeekPkgConfigPath "$ENV{PKG_CONFIG_PATH}" CACHE INTERNAL "" FORCE)
endif ()
# Installation directory for the distribution's Python modules. An
# override via configure's --python-dir wins, specifying a directory
# explicitly. Next is --python-prefix, which includes a versioned
# Python folder as the --prefix option in distutils does. Next
# consider a distutils --home style override via --python-home, and
# finally default to "zeek/python" in our libdir.
# Installation directory for the distribution's Python modules. An override via
# configure's --python-dir wins, specifying a directory explicitly. Next is
# --python-prefix, which includes a versioned Python folder as the --prefix
# option in distutils does. Next consider a distutils --home style override via
# --python-home, and finally default to "zeek/python" in our libdir.
if (ZEEK_PYTHON_DIR)
set(py_mod_install_dir ${ZEEK_PYTHON_DIR})
elseif (ZEEK_PYTHON_PREFIX)
@ -712,8 +743,8 @@ elseif (ZEEK_PYTHON_HOME)
else ()
set(py_mod_install_dir ${ZEEK_LIBDIR_PATH}/python)
endif ()
set(PY_MOD_INSTALL_DIR ${py_mod_install_dir}
CACHE STRING "Installation path for Python modules" FORCE)
set(PY_MOD_INSTALL_DIR ${py_mod_install_dir} CACHE STRING "Installation path for Python modules"
FORCE)
if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/auxil/binpac/CMakeLists.txt)
@ -729,8 +760,8 @@ if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/auxil/binpac/CMakeLists.txt)
add_subdirectory(auxil/binpac)
set(ENABLE_STATIC_ONLY ${ENABLE_STATIC_ONLY_SAVED})
# FIXME: avoid hard-coding a path for multi-config generator support.
# See the TODO in ZeekPluginConfig.cmake.in.
# FIXME: avoid hard-coding a path for multi-config generator support. See the
# TODO in ZeekPluginConfig.cmake.in.
set(BINPAC_EXE_PATH "${CMAKE_BINARY_DIR}/auxil/binpac/src/binpac${CMAKE_EXECUTABLE_SUFFIX}")
endif ()
FindRequiredPackage(BinPAC)
@ -741,14 +772,13 @@ add_executable(Zeek::BinPAC ALIAS binpac)
if (NOT BIFCL_EXE_PATH)
add_subdirectory(auxil/bifcl)
add_executable(Zeek::BifCl ALIAS bifcl)
# FIXME: avoid hard-coding a path for multi-config generator support.
# See the TODO in ZeekPluginConfig.cmake.in.
# FIXME: avoid hard-coding a path for multi-config generator support. See the
# TODO in ZeekPluginConfig.cmake.in.
set(BIFCL_EXE_PATH "${CMAKE_BINARY_DIR}/auxil/bifcl/bifcl${CMAKE_EXECUTABLE_SUFFIX}")
set(_bifcl_exe_path "included")
else ()
add_executable(Zeek::BifCl IMPORTED)
set_property(TARGET Zeek::BifCl PROPERTY
IMPORTED_LOCATION "${BIFCL_EXE_PATH}")
set_property(TARGET Zeek::BifCl PROPERTY IMPORTED_LOCATION "${BIFCL_EXE_PATH}")
set(_bifcl_exe_path "BIFCL_EXE_PATH")
endif ()
@ -831,9 +861,7 @@ else ()
list(APPEND zeekdeps broker)
endif ()
set(
broker_includes
${CMAKE_CURRENT_SOURCE_DIR}/auxil/broker/include
set(broker_includes ${CMAKE_CURRENT_SOURCE_DIR}/auxil/broker/include
${CMAKE_CURRENT_BINARY_DIR}/auxil/broker/include)
if (BUILD_STATIC_BROKER)
@ -843,8 +871,8 @@ else ()
endif ()
set(ZEEK_HAS_EXTERNAL_BROKER OFF)
# Tell plugins where to find the Broker CMake package in the source tree.
# This variable is picked up in ZeekPluginConfig.cmake.in.
# Tell plugins where to find the Broker CMake package in the source tree. This
# variable is picked up in ZeekPluginConfig.cmake.in.
set(ZEEK_PLUGIN_BROKER_PATH "${CMAKE_CURRENT_BINARY_DIR}/auxil/broker")
endif ()
@ -875,21 +903,14 @@ if ( NOT DISABLE_SPICY )
set(SPICY_LIBRARY_RT_DEBUG spicy-rt-debug)
# Needed only for logging from CMake configure phase.
get_directory_property(
SPICY_VERSION
DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
get_directory_property(SPICY_VERSION DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
DEFINITION SPICY_VERSION)
get_directory_property(
SPICY_VERSION_NUMBER
DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
DEFINITION SPICY_VERSION_NUMBER)
get_directory_property(
SPICY_PREFIX
DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
SPICY_VERSION_NUMBER DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy DEFINITION
SPICY_VERSION_NUMBER)
get_directory_property(SPICY_PREFIX DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
DEFINITION CMAKE_INSTALL_PREFIX)
get_directory_property(
SPICY_BUILD_MODE
DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
get_directory_property(SPICY_BUILD_MODE DIRECTORY ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy
DEFINITION CMAKE_BUILD_TYPE)
set(SPICYC "<bundled>")
endif ()
@ -909,13 +930,8 @@ endif ()
set(USE_SPICY_ANALYZERS "${USE_SPICY_ANALYZERS}" CACHE BOOL "Use built-in Spicy analyzers")
include(BuiltInSpicyAnalyzer)
include_directories(BEFORE
${PCAP_INCLUDE_DIR}
${BIND_INCLUDE_DIR}
${BinPAC_INCLUDE_DIR}
${ZLIB_INCLUDE_DIR}
${JEMALLOC_INCLUDE_DIR}
)
include_directories(BEFORE ${PCAP_INCLUDE_DIR} ${BIND_INCLUDE_DIR} ${BinPAC_INCLUDE_DIR}
${ZLIB_INCLUDE_DIR} ${JEMALLOC_INCLUDE_DIR})
install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/auxil/rapidjson/include/rapidjson
DESTINATION include/zeek/3rdparty/rapidjson/include)
@ -927,7 +943,9 @@ install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/auxil/filesystem/include/ghc
# "zeek/3rdparty/ghc/filesystem.hpp" works within the build tree.
execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
"${CMAKE_CURRENT_BINARY_DIR}/3rdparty/")
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
execute_process(
COMMAND
"${CMAKE_COMMAND}" -E create_symlink
"${CMAKE_CURRENT_SOURCE_DIR}/auxil/filesystem/include/ghc"
"${CMAKE_CURRENT_BINARY_DIR}/3rdparty/ghc")
@ -976,10 +994,10 @@ if ( ENABLE_PERFTOOLS )
endif ()
endif ()
# Making sure any non-standard OpenSSL includes get searched earlier
# than other dependencies which tend to be in standard system locations
# and thus cause the system OpenSSL headers to still be picked up even
# if one specifies --with-openssl (which may be common).
# Making sure any non-standard OpenSSL includes get searched earlier than other
# dependencies which tend to be in standard system locations and thus cause the
# system OpenSSL headers to still be picked up even if one specifies
# --with-openssl (which may be common).
include_directories(BEFORE ${OPENSSL_INCLUDE_DIR})
# Determine if libfts is external to libc, i.e. musl
@ -989,26 +1007,26 @@ if ( FTS_FOUND )
include_directories(BEFORE ${FTS_INCLUDE_DIR})
endif ()
# Any headers that are possibly bundled in the Zeek source-tree and that are supposed
# to have priority over any preexisting/system-wide headers need to appear early in
# compiler search path.
# Any headers that are possibly bundled in the Zeek source-tree and that are
# supposed to have priority over any preexisting/system-wide headers need to
# appear early in compiler search path.
include_directories(BEFORE ${broker_includes})
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/highwayhash)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/paraglob/include)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/rapidjson/include)
set(zeekdeps ${zeekdeps}
set(zeekdeps
${zeekdeps}
${BinPAC_LIBRARY}
${PCAP_LIBRARY}
${OPENSSL_LIBRARIES}
${BIND_LIBRARY}
${ZLIB_LIBRARY}
${JEMALLOC_LIBRARIES}
${OPTLIBS}
)
${OPTLIBS})
########################################################################
## System Introspection
# ##############################################################################
# System Introspection
include(TestBigEndian)
test_big_endian(WORDS_BIGENDIAN)
@ -1055,7 +1073,10 @@ if ( NOT DISABLE_JAVASCRIPT )
if (NODEJS_FOUND)
if (${NODEJS_VERSION} VERSION_LESS "16.13.0")
message(STATUS "Node.js version ${NODEJS_VERSION} is too old, need 16.13 or later. Not enabling JavaScript support.")
message(
STATUS
"Node.js version ${NODEJS_VERSION} is too old, need 16.13 or later. Not enabling JavaScript support."
)
set(ZEEK_HAVE_JAVASCRIPT no)
else ()
set(ZEEKJS_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/zeekjs)
@ -1069,7 +1090,9 @@ endif ()
set(ZEEK_HAVE_JAVASCRIPT ${ZEEK_HAVE_JAVASCRIPT} CACHE INTERNAL "Zeek has JavaScript support")
set(DEFAULT_ZEEKPATH_PATHS . ${ZEEK_SCRIPT_INSTALL_PATH} ${ZEEK_SCRIPT_INSTALL_PATH}/policy ${ZEEK_SCRIPT_INSTALL_PATH}/site ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins)
set(DEFAULT_ZEEKPATH_PATHS
. ${ZEEK_SCRIPT_INSTALL_PATH} ${ZEEK_SCRIPT_INSTALL_PATH}/policy
${ZEEK_SCRIPT_INSTALL_PATH}/site ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins)
if (MSVC)
list(JOIN DEFAULT_ZEEKPATH_PATHS ";" DEFAULT_ZEEKPATH)
else ()
@ -1088,9 +1111,7 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.h.in
${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h)
include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR})
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeek-config.h DESTINATION include/zeek)
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
"."
"${CMAKE_CURRENT_BINARY_DIR}/zeek")
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink "." "${CMAKE_CURRENT_BINARY_DIR}/zeek")
if (BinPAC_ROOT_DIR)
set(ZEEK_CONFIG_BINPAC_ROOT_DIR ${BinPAC_ROOT_DIR})
@ -1123,11 +1144,13 @@ endif ()
set(ZEEK_CONFIG_BTEST_TOOLS_DIR ${ZEEK_ROOT_DIR}/share/btest)
install(DIRECTORY DESTINATION ${ZEEK_CONFIG_BTEST_TOOLS_DIR})
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in
${CMAKE_CURRENT_BINARY_DIR}/zeek-config @ONLY)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zeek-config.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-config
@ONLY)
install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/zeek-config DESTINATION bin)
install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake DESTINATION share/zeek
install(
DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cmake
DESTINATION share/zeek
USE_SOURCE_PERMISSIONS
PATTERN ".git" EXCLUDE)
@ -1137,32 +1160,32 @@ if ( NOT MSVC )
include(InstallSymlink)
endif ()
########################################################################
## zkg configuration
# ##############################################################################
# zkg configuration
if (INSTALL_ZKG)
# An etc/zkg directory for zkg's config file simplifies zkg's
# config file code.
# An etc/zkg directory for zkg's config file simplifies zkg's config file
# code.
set(ZEEK_ZKG_CONFIG_DIR "${ZEEK_ETC_INSTALL_DIR}/zkg")
set(ZEEK_ZKG_STATE_DIR "${ZEEK_STATE_DIR}/zkg")
configure_file(
${CMAKE_CURRENT_SOURCE_DIR}/zkg-config.in
${CMAKE_CURRENT_BINARY_DIR}/zkg-config @ONLY)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/zkg-config.in ${CMAKE_CURRENT_BINARY_DIR}/zkg-config
@ONLY)
install(DIRECTORY DESTINATION var/lib/zkg)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config
DESTINATION ${ZEEK_ZKG_CONFIG_DIR} RENAME config)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config DESTINATION ${ZEEK_ZKG_CONFIG_DIR}
RENAME config)
endif ()
########################################################################
## Look for external plugins to build in
# ##############################################################################
# Look for external plugins to build in
string(REPLACE "," " " _build_in_plugins "${ZEEK_INCLUDE_PLUGINS}")
separate_arguments(_build_in_plugins)
foreach (plugin_dir ${_build_in_plugins})
if (NOT IS_ABSOLUTE "${plugin_dir}/CMakeLists.txt")
message(FATAL_ERROR "Plugins to build in need to be defined with absolute path! ${plugin_dir}")
message(
FATAL_ERROR "Plugins to build in need to be defined with absolute path! ${plugin_dir}")
endif ()
if (NOT EXISTS "${plugin_dir}/CMakeLists.txt")
@ -1171,7 +1194,8 @@ foreach(plugin_dir ${_build_in_plugins})
get_filename_component(plugin_name ${plugin_dir} NAME)
# Create a list of plugin directories that will then be added in the src/CMakeLists.txt
# Create a list of plugin directories that will then be added in the
# src/CMakeLists.txt
list(APPEND BUILTIN_PLUGIN_LIST ${plugin_dir})
message(STATUS " Building in plugin: ${plugin_name} (${plugin_dir})")
@ -1183,20 +1207,22 @@ foreach(plugin_dir ${_build_in_plugins})
endif ()
endforeach ()
########################################################################
## Populate the ZEEK_BUILD_INFO for use in src/version.c.in
# ##############################################################################
# Populate the ZEEK_BUILD_INFO for use in src/version.c.in
if (WIN32)
# Windows installs Python to C:\Python311\python, but doesn't create a version
# or symlink to python3. Call python with the script directly since the shebang
# in the script won't work here.
execute_process(COMMAND "python" "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
# or symlink to python3. Call python with the script directly since the
# shebang in the script won't work here.
execute_process(
COMMAND "python" "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
OUTPUT_VARIABLE ZEEK_BUILD_INFO
RESULT_VARIABLE ZEEK_BUILD_INFO_RESULT
OUTPUT_STRIP_TRAILING_WHITESPACE)
else ()
execute_process(COMMAND "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
execute_process(
COMMAND "${PROJECT_SOURCE_DIR}/ci/collect-repo-info.py" "${ZEEK_INCLUDE_PLUGINS}"
WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
OUTPUT_VARIABLE ZEEK_BUILD_INFO
RESULT_VARIABLE ZEEK_BUILD_INFO_RESULT
@ -1208,11 +1234,11 @@ if ( NOT ZEEK_BUILD_INFO_RESULT EQUAL "0" )
endif ()
# string(JSON ... ) requires CMake 3.19, but then we could do something like:
# string(JSON ZEEK_BUILD_INFO SET "${ZEEK_BUILD_INFO}"
# compile_options cxx_flags "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}")
# string(JSON ZEEK_BUILD_INFO SET "${ZEEK_BUILD_INFO}" compile_options cxx_flags
# "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}")
########################################################################
## Recurse on sub-directories
# ##############################################################################
# Recurse on sub-directories
add_subdirectory(src)
add_subdirectory(scripts)
@ -1221,16 +1247,16 @@ add_subdirectory(testing)
include(CheckOptionalBuildSources)
CheckOptionalBuildSources(auxil/btest BTest INSTALL_BTEST)
CheckOptionalBuildSources(auxil/package-manager ZKG INSTALL_ZKG)
CheckOptionalBuildSources(auxil/zeekctl ZeekControl INSTALL_ZEEKCTL)
CheckOptionalBuildSources(auxil/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS)
CheckOptionalBuildSources(auxil/zeek-archiver ZeekArchiver INSTALL_ZEEK_ARCHIVER)
CheckOptionalBuildSources(auxil/zeek-client ZeekClient INSTALL_ZEEK_CLIENT)
checkoptionalbuildsources(auxil/btest BTest INSTALL_BTEST)
checkoptionalbuildsources(auxil/package-manager ZKG INSTALL_ZKG)
checkoptionalbuildsources(auxil/zeekctl ZeekControl INSTALL_ZEEKCTL)
checkoptionalbuildsources(auxil/zeek-aux Zeek-Aux INSTALL_AUX_TOOLS)
checkoptionalbuildsources(auxil/zeek-archiver ZeekArchiver INSTALL_ZEEK_ARCHIVER)
checkoptionalbuildsources(auxil/zeek-client ZeekClient INSTALL_ZEEK_CLIENT)
if (NOT DISABLE_SPICY)
# The `zeek` binary implicitly depends on the driver object file built
# as part of `spicy`; make that dependency explicit.
# The `zeek` binary implicitly depends on the driver object file built as part
# of `spicy`; make that dependency explicit.
zeek_add_dependencies(spicyz)
if (NOT SPICY_ROOT_DIR)
@ -1238,13 +1264,13 @@ if ( NOT DISABLE_SPICY )
add_dependencies(plugin-Zeek-Spicy spicy)
add_dependencies(spicyz spicy)
# Also install spicy-plugin's CMake files into Zeek's global `cmake/` folder.
# Also install spicy-plugin's CMake files into Zeek's global `cmake/`
# folder.
#
# NOTE: We do not install spicy-plugin's `FindZeek.cmake` since another
# version of this file is already provided by Zeek.
install(FILES auxil/spicy-plugin/cmake/ZeekSpicyAnalyzerSupport.cmake
auxil/spicy-plugin/cmake/FindSpicy.cmake
DESTINATION share/zeek/cmake)
auxil/spicy-plugin/cmake/FindSpicy.cmake DESTINATION share/zeek/cmake)
endif ()
endif ()
@ -1252,28 +1278,28 @@ endif ()
# scripts work in any build configuration. If we do not include Spicy these
# files have no actual effect.
#
# Spicy JIT relies on the path of the current executable to figure out
# whether it is run from a build or an install tree. This assumption
# gets broken for e.g., `spicyz` when running from the build tree
# (probably fixable), and also when JIT'ing directly from a `zeek`
# invocation (much harder to fix). Instead we generate shell
# definitions to support running and using Spicy or spicy-plugin
# functionality in the build tree, including JIT'ing directly from
# Spicy JIT relies on the path of the current executable to figure out whether
# it is run from a build or an install tree. This assumption gets broken for
# e.g., `spicyz` when running from the build tree (probably fixable), and also
# when JIT'ing directly from a `zeek` invocation (much harder to fix). Instead
# we generate shell definitions to support running and using Spicy or
# spicy-plugin functionality in the build tree, including JIT'ing directly from
# Zeek.
configure_file(${CMAKE_SOURCE_DIR}/auxil/spicy/spicy-path.in ${CMAKE_BINARY_DIR}/spicy-path @ONLY)
configure_file(${CMAKE_SOURCE_DIR}/auxil/spicy/hilti-cxx-include-dirs.in ${CMAKE_BINARY_DIR}/hilti-cxx-include-dirs @ONLY)
configure_file(${CMAKE_SOURCE_DIR}/auxil/spicy/hilti-cxx-include-dirs.in
${CMAKE_BINARY_DIR}/hilti-cxx-include-dirs @ONLY)
########################################################################
## Packaging Setup
# ##############################################################################
# Packaging Setup
if (INSTALL_ZEEKCTL OR INSTALL_ZKG OR INSTALL_ZEEK_CLIENT)
# CPack RPM Generator may not automatically detect this
set(CPACK_RPM_PACKAGE_REQUIRES "python >= ${ZEEK_PYTHON_MIN}")
endif ()
# If this CMake project is a sub-project of another, we will not
# configure the generic packaging because CPack will fail in the case
# that the parent project has already configured packaging
# If this CMake project is a sub-project of another, we will not configure the
# generic packaging because CPack will fail in the case that the parent project
# has already configured packaging
if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}")
include(ConfigurePackaging)
ConfigurePackaging(${VERSION})
@ -1282,8 +1308,7 @@ endif ()
# Refers back to the "distribution prefix". This is the source tree when
# referring to Zeek from the build directory and the "share" directory under the
# install preifx otherwise.
set(ZEEK_DIST_PREFIX
$<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}>
set(ZEEK_DIST_PREFIX $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_DATAROOTDIR}/foo/bar>)
# Generate extra config file for the dynamic plugins.
@ -1292,12 +1317,9 @@ configure_file(src/ZeekPluginConfig.cmake.in ZeekPluginConfig.cmake @ONLY)
# Write the CMake package and version files.
configure_package_config_file(
"${CMAKE_CURRENT_SOURCE_DIR}/src/ZeekConfig.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake"
INSTALL_DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
write_basic_package_version_file(
"${CMAKE_CURRENT_BINARY_DIR}/ZeekConfigVersion.cmake"
VERSION ${ZEEK_VERSION_NUMBER}
COMPATIBILITY ExactVersion)
"${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake" INSTALL_DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
write_basic_package_version_file("${CMAKE_CURRENT_BINARY_DIR}/ZeekConfigVersion.cmake"
VERSION ${ZEEK_VERSION_NUMBER} COMPATIBILITY ExactVersion)
# Write the CMake targets file.
export(EXPORT ZeekTargets FILE ZeekTargets.cmake NAMESPACE Zeek::)
@ -1307,20 +1329,14 @@ configure_file(src/ZeekPluginBootstrap.cmake.in ZeekPluginBootstrap.cmake @ONLY)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/ZeekPluginBootstrap.cmake"
DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
install(
FILES
"${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake"
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/ZeekConfig.cmake"
"${CMAKE_CURRENT_BINARY_DIR}/ZeekConfigVersion.cmake"
DESTINATION
"${ZEEK_CMAKE_CONFIG_DIR}")
DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}")
install(
EXPORT ZeekTargets
DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}"
NAMESPACE Zeek::)
install(EXPORT ZeekTargets DESTINATION "${ZEEK_CMAKE_CONFIG_DIR}" NAMESPACE Zeek::)
########################################################################
## Build Summary
# ##############################################################################
# Build Summary
if (CMAKE_BUILD_TYPE)
string(TOUPPER ${CMAKE_BUILD_TYPE} BuildType)
@ -1357,7 +1373,8 @@ endif ()
if (ZEEK_LEGACY_ANALYZERS)
list(JOIN ZEEK_LEGACY_ANALYZERS ", " _legacy_analyzers)
set(_legacy_analyzers "\n - Using unmaintained legacy analyzers for: ${_legacy_analyzers}")
set(_legacy_analyzers
"\n - Using unmaintained legacy analyzers for: ${_legacy_analyzers}")
endif ()
if (ZEEK_SKIPPED_ANALYZERS)
@ -1366,7 +1383,9 @@ if ( ZEEK_SKIPPED_ANALYZERS )
endif ()
if (ZEEK_LEGACY_ANALYZERS OR ZEEK_SKIPPED_ANALYZERS)
set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of built-in Spicy support:${_legacy_analyzers}${_skipped_analyzers}")
set(_analyzer_warning
"\n\n[Warning] Some analyzers are not available due to lack of built-in Spicy support:${_legacy_analyzers}${_skipped_analyzers}"
)
endif ()
message(
@ -1419,7 +1438,6 @@ message(
"\nFuzz Engine: ${ZEEK_FUZZING_ENGINE}"
"${_analyzer_warning}"
"\n"
"\n================================================================\n"
)
"\n================================================================\n")
include(UserChangedWarning)

47
NEWS
View file

@ -59,6 +59,11 @@ Breaking Changes
- The IRC_Data analyzer declaration has been moved to protocols/irc/IRC.h.
- The error message returned when using ``bro_init``, ``bro_done``, and
``bro_script_loaded`` events is now removed. removed. Usage of these events
has returned that error during script parsing for a few years, and time has
come to finally remove it.
New Functionality
-----------------
@ -86,6 +91,19 @@ New Functionality
To disable this functionality, pass ``--disable-javascript`` to configure.
- A new bif ``from_json()`` can be used to parse JSON strings into records.
type A: record { a: addr; };
local p = from_json({\"a\": \"192.168.0.1\"}", A);
if ( p$valid )
print (p$v as A)
Implicit conversion from JSON to Zeek types is implemented for bool, int, count,
real, interval (number as seconds) and time (number as unix timestamp), port
(strings in "80/tcp" notation), patterns, addr, subnet, enum, sets, vectors
and records similar to the rules of the input framework. Optional or default
record fields are allowed to be missing or null in the input.
- Zeek now provides native "Community ID" support with a new bif called
``community_id_v1()``. Two policy scripts ``protocols/conn/community-id-logging``
and ``frameworks/notice/community-id`` extend the respective logs with a
@ -104,13 +122,17 @@ New Functionality
stats.11:18:57-11:19:00-logger-2.log.gz
Previously, in a multi-logger setup, individual logger processes would overwrite
each others log files during rotation, causing data loss.
each other's log files during rotation, causing data loss.
For setups with a single logger, there's no change in behavior. The naming
of the final logs can be customized by providing an alternative
``make-archive-name`` script and using the new ``ZEEK_ARG_LOG_SUFFIX``
environment variable.
- A supervisor controlled Zeek cluster is now multi-logger aware. This avoids
loggers overwriting each other's log files within a single log-queue directory.
By default, a logger's name is appended to the rotated logs by zeek-archiver.
- Introduce a new command-line option ``-V`` / ``--build-info``. It produces
verbose output in JSON format about the repository state and any included
plugins.
@ -211,6 +233,13 @@ New Functionality
messages being correctly parsed and raising the typical SSL/TLS events, the biggest
visible change is the newly added ``ssl_extension_connection_id`` event.
- The NTP analyzer now recognizes when client and server mode messages disagree
with the notion of "originator" and "responder" and flips the connection. This
can happen in packet loss or packet re-ordering scenarios. Such connections will
have a ``^`` added to their history.
- New bifs for ``ceil()`` and ``log2()`` have been added.
Changed Functionality
---------------------
@ -310,8 +339,20 @@ Changed Functionality
- Libpcap based packet source now avoids the 32bit wraparound of link and
dropped packet counters as reported by users.
- The ``ssl_history`` field of ``ssl.log`` now correctly logs Hello Retry Request
messages. Before, they were incorrectly logged as Server Hellos.
- The `ssl_history` field in ssl.log indicates that the letter `j` is reserved
for hello retry requests. However, this logging was never fully implemented;
instead, hello retry requests were logged like as a server hello (with the letter
`s`). This oversight was fixed, and hello retry requests are now correctly logged.
- When per-connection SMB parser state (read offsets, tree ids, ...) exceeds
``SMB::max_pending_messages`` (default 1000), Zeek discards such per-connection
state and raises a new ``smb2_discarded_messages_state()`` event. This event is
used to reset script-layer SMB state. This change provides protection against
unbounded state growth due to partial or one-sided SMB connections.
Setting ``SMB::max_pending_messages`` to 0 can be used to switch back to the
previous behavior of not discarding state. Setting ``SMB::enable_state_clear``
to ``F`` skips the script-layer state clearing logic.
Removed Functionality
---------------------

2
VERSION
View file

@ -1 +1 @@
6.0.0-dev.480
6.0.0-dev.533

2
auxil/bifcl

@ -1 +1 @@
Subproject commit b6f138be79f7d4408302b1297b0c63092b019773
Subproject commit 4ad7a297223121b91c94caea6d28ca8888ec6dc1

2
auxil/binpac

@ -1 +1 @@
Subproject commit e820c29116a50a18079e783f47b96111eb7b5b0b
Subproject commit e4c7b7027d6053c66d8c278a8dbb9a7c2bac09ad

2
auxil/broker

@ -1 +1 @@
Subproject commit 4fc4c31592c4823d675314bc981931de9e246057
Subproject commit 000834f60ab7540041c431a3657c23c7476e368d

2
auxil/btest

@ -1 +1 @@
Subproject commit f1183514cd12468d34cb01b147c8d1859a657c31
Subproject commit 0c3cafb2ed638f88a446732fa03d90af9bcf796c

2
auxil/filesystem

@ -1 +1 @@
Subproject commit 3e5b930d9690ef6b87dd034916598e0771f8688d
Subproject commit 8a2edd6d92ed820521d42c94d179462bf06b5ed3

2
auxil/gen-zam

@ -1 +1 @@
Subproject commit 8534f719a0a384769383bbd4ad71c9eb2084823d
Subproject commit 94eb4798e5cb1b749e42c84f2d4034c16f6cb9db

2
auxil/libunistd

@ -1 +1 @@
Subproject commit 8011410a8a2ba9b57a544d20efd077f83ecb7eda
Subproject commit 2766a0c45a6dbcdcf26cd1209a73a13323854961

2
auxil/package-manager

@ -1 +1 @@
Subproject commit 5ade27d716fd65342be592abf277eea114fefaa7
Subproject commit e1d8271af1f499b3d072c99ae717d2593f551645

2
auxil/zeek-archiver

@ -1 +1 @@
Subproject commit 2b40a6bafedbbf3fba16d292fd9fe8ba6e9de1bf
Subproject commit e36862b3a6e70bf8557885e12e74cbc91507a693

2
auxil/zeek-aux

@ -1 +1 @@
Subproject commit fd326e9ced4c078f19ddd32e0afcbe1fe4817a3c
Subproject commit 1f16b5047b7478cd38eeb8cae7e11479932135fe

2
auxil/zeekctl

@ -1 +1 @@
Subproject commit 7178d15edb4c737a5d6c28d100c0e457b7afed58
Subproject commit 98301f54336144272d17439ea43b889ffd79a65f

63
ci/public-ecr-cleanup.sh Executable file
View file

@ -0,0 +1,63 @@
#!/bin/bash
#
# Script to batch-delete all untagged images from ECR public repositories,
# defaulting to the zeek/zeek-dev repository.
# First scans for manifest list images that are referencing other images and
# deletes them, then deletes all remaining untagged images.
set -eu
if ! command -v aws >/dev/null; then
echo "missing aws command" >&2
exit 1
fi
REGISTRY_ID=${REGISTRY_ID:-103243056077}
REPOSITORY_NAME=${REPOSITORY_NAME:-zeek-dev}
BATCH_DELETE_SIZE=${BATCH_DELETE_SIZE:-50}
# Chunk up "$1" into BATCH_DELETE_SIZE entries and batch-delete them at once
# via aws batch-delete.
#
# Expected input looks as follows to keep things simple:
#
# imageDigest=sha256:db6...366
# imageDigest=sha256:2ad...9b0
#
function batch_delete {
while read -r batch; do
if [ -z "${batch}" ]; then
break
fi
echo "Deleting ${batch}"
aws ecr-public batch-delete-image \
--registry-id "${REGISTRY_ID}" \
--repository-name "${REPOSITORY_NAME}" \
--image-ids ${batch}
done < <(xargs -L ${BATCH_DELETE_SIZE} <<<"$1")
}
# Find all untagged manifest lists with the following media types:
#
# application/vnd.docker.distribution.manifest.list.v2+json
# application/vnd.oci.image.index.v1+json
#
# These reference other images, so we need to delete them first as
# otherwise the referenced images can not be deleted.
IMAGE_DIGESTS=$(aws ecr-public describe-images \
--registry-id "${REGISTRY_ID}" \
--repository-name "${REPOSITORY_NAME}" \
--query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) || contains(imageManifestMediaType, `image.index.v1`))].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
--output text)
batch_delete "${IMAGE_DIGESTS}"
# Now find all untagged manifests that are left.
IMAGE_DIGESTS=$(aws ecr-public describe-images \
--registry-id "${REGISTRY_ID}" \
--repository-name "${REPOSITORY_NAME}" \
--query 'imageDetails[?!imageTags].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
--output text)
batch_delete "${IMAGE_DIGESTS}"

2
cmake

@ -1 +1 @@
Subproject commit 70c6180afcc06767d0ab031d7c36cb0dd6503094
Subproject commit a90d69179607c5083158f926be6d37f3db18f110

57
configure vendored
View file

@ -12,6 +12,9 @@ command="$0 $*"
usage="\
Usage: $0 [OPTION]... [VAR=VALUE]...
-h, --help display this help and exit
--show-config display the most relevant config parameters of an existing build
Build Options:
--cmake=PATH custom path to a CMake binary
--builddir=DIR place build files in directory [build]
@ -149,42 +152,10 @@ append_cache_entry() {
CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3"
}
# Function to remove a CMake cache entry definition from the
# CMakeCacheEntries variable
# $1 is the cache entry variable name
remove_cache_entry() {
CMakeCacheEntries="$CMakeCacheEntries -U $1"
# Even with -U, cmake still warns by default if
# added previously with -D.
CMakeCacheEntries="$CMakeCacheEntries --no-warn-unused-cli"
}
# set defaults
builddir=build
prefix=/usr/local/zeek
CMakeCacheEntries=""
display_cmake=0
append_cache_entry CMAKE_INSTALL_PREFIX PATH $prefix
append_cache_entry ZEEK_ROOT_DIR PATH $prefix
append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
append_cache_entry ENABLE_DEBUG BOOL false
append_cache_entry ENABLE_PERFTOOLS BOOL false
append_cache_entry ENABLE_JEMALLOC BOOL false
append_cache_entry ENABLE_ZEEK_UNIT_TESTS BOOL true
append_cache_entry BUILD_SHARED_LIBS BOOL true
append_cache_entry INSTALL_AUX_TOOLS BOOL true
append_cache_entry INSTALL_BTEST BOOL true
append_cache_entry INSTALL_BTEST_PCAPS BOOL true
append_cache_entry INSTALL_ZEEK_ARCHIVER BOOL true
append_cache_entry INSTALL_ZEEK_CLIENT BOOL true
append_cache_entry INSTALL_ZEEKCTL BOOL true
append_cache_entry INSTALL_ZKG BOOL true
append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING
append_cache_entry ZEEK_SANITIZERS STRING ""
append_cache_entry ZEEK_INCLUDE_PLUGINS STRING ""
append_cache_entry PREALLOCATE_PORT_ARRAY BOOL true
# parse arguments
while [ $# -ne 0 ]; do
@ -198,6 +169,14 @@ while [ $# -ne 0 ]; do
echo "${usage}" 1>&2
exit 1
;;
--show-config)
if [ ! -f "$builddir/CMakeCache.txt" ]; then
echo "Error: no CMake build found under '$builddir'." 1>&2
exit 1
fi
grep -E "^ENABLE_|^ZEEK_|^INSTALL_|^CMAKE_INSTALL_PRE|^CMAKE_C.*_FLAGS|^CMAKE_C.*_COMPILER|^CMAKE_.*_LINKER_FLAGS|^CMAKE_BUILD" "$builddir/CMakeCache.txt" | grep -v ':INTERNAL'
exit 0
;;
-D)
shift
if [ $# -eq 0 ]; then
@ -217,10 +196,6 @@ while [ $# -ne 0 ]; do
;;
--build-type=*)
append_cache_entry CMAKE_BUILD_TYPE STRING $optarg
if [ $(echo "$optarg" | tr [:upper:] [:lower:]) = "debug" ]; then
append_cache_entry ENABLE_DEBUG BOOL true
fi
;;
--generator=*)
CMakeGenerator="$optarg"
@ -235,9 +210,7 @@ while [ $# -ne 0 ]; do
append_cache_entry ZEEK_INCLUDE_PLUGINS STRING \"$optarg\"
;;
--prefix=*)
prefix=$optarg
append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg
append_cache_entry ZEEK_ROOT_DIR PATH $optarg
;;
--libdir=*)
append_cache_entry CMAKE_INSTALL_LIBDIR PATH $optarg
@ -454,14 +427,6 @@ if [ -z "$CMakeCommand" ]; then
fi
fi
if [ "$user_set_scriptdir" != "true" ]; then
append_cache_entry ZEEK_SCRIPT_INSTALL_PATH STRING $prefix/share/zeek
fi
if [ "$user_set_conffilesdir" != "true" ]; then
append_cache_entry ZEEK_ETC_INSTALL_DIR PATH $prefix/etc
fi
if [ -d $builddir ]; then
# If build directory exists, check if it has a CMake cache
if [ -f $builddir/CMakeCache.txt ]; then

2
doc

@ -1 +1 @@
Subproject commit f3f85f68ecec844e5770900aa871361627451ae1
Subproject commit 6da8036bebf01361acee8b15fc3239ccea3e15b4

10
man/CMakeLists.txt
View file

@ -1,5 +1,5 @@
install(DIRECTORY . DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8 FILES_MATCHING
PATTERN "*.8"
)
install(
DIRECTORY .
DESTINATION ${ZEEK_MAN_INSTALL_PATH}/man8
FILES_MATCHING
PATTERN "*.8")

20
scripts/CMakeLists.txt
View file

@ -1,21 +1,21 @@
include(InstallPackageConfigFile)
install(DIRECTORY ./ DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH} FILES_MATCHING
install(
DIRECTORY ./
DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}
FILES_MATCHING
PATTERN "site/local*" EXCLUDE
PATTERN "*.zeek"
PATTERN "*.sig"
PATTERN "*.fp"
)
PATTERN "*.fp")
# Install local script as a config file since it's meant to be modified directly.
InstallPackageConfigFile(
${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
${ZEEK_SCRIPT_INSTALL_PATH}/site
local.zeek)
# Install local script as a config file since it's meant to be modified
# directly.
InstallPackageConfigFile(${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek
${ZEEK_SCRIPT_INSTALL_PATH}/site local.zeek)
# Substitute values in templated script files, and install them.
configure_file(
${CMAKE_CURRENT_SOURCE_DIR}/base/misc/installation.zeek.in
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/base/misc/installation.zeek.in
${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek @ONLY)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/base/misc/installation.zeek

38
scripts/base/frameworks/cluster/nodes/logger.zeek
View file

@ -22,6 +22,32 @@ redef Log::default_rotation_interval = 1 hrs;
## Alarm summary mail interval.
redef Log::default_mail_alarms_interval = 24 hrs;
## Generic log metadata rendered into the filename that zeek-archiver may interpret.
## This is populated with a log_suffix entry within zeek_init() when multiple
## logger nodes are defined in cluster-layout.zeek.
global log_metadata: table[string] of string;
## Encode the given table as zeek-archiver understood metadata part.
function encode_log_metadata(tbl: table[string] of string): string
{
local metadata_vec: vector of string;
for ( k, v in log_metadata )
{
if ( |v| == 0 ) # Assume concious decision to skip this entry.
next;
if ( /[,=]/ in k || /[,=]/ in v )
{
Reporter::warning(fmt("Invalid log_metadata: k='%s' v='%s'", k, v));
next;
}
metadata_vec += fmt("%s=%s", strip(k), strip(v));
}
return join_string_vec(metadata_vec, ",");
}
## This function will rotate logs in a format compatible with zeek-archiver.
## If you're using the Supervisor framework, this function will be used,
## if not, you can set :zeek:see:`Log::rotation_format_func` to this function.
@ -30,6 +56,10 @@ function archiver_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationP
local open_str = strftime(Log::default_rotation_date_format, ri$open);
local close_str = strftime(Log::default_rotation_date_format, ri$close);
local base = fmt("%s__%s__%s__", ri$path, open_str, close_str);
if ( |log_metadata| > 0 )
base = fmt("%s%s__", base, encode_log_metadata(log_metadata));
local rval = Log::RotationPath($file_basename=base);
return rval;
}
@ -42,6 +72,14 @@ redef Log::rotation_format_func = archiver_rotation_format_func;
redef LogAscii::enable_leftover_log_rotation = T;
event zeek_init()
{
if ( "log_suffix" in log_metadata )
return;
if ( Cluster::get_node_count(Cluster::LOGGER) > 1 )
log_metadata["log_suffix"] = Cluster::node;
}
@else
## Use the cluster's archive logging script.

1
scripts/base/frameworks/notice/weird.zeek
View file

@ -210,6 +210,7 @@ export {
["spontaneous_FIN"] = ACTION_IGNORE,
["spontaneous_RST"] = ACTION_IGNORE,
["SMB_parsing_error"] = ACTION_LOG,
["SMB_discarded_messages_state"] = ACTION_LOG,
["no_smb_session_using_parsesambamsg"] = ACTION_LOG,
["smb_andx_command_failed_to_parse"] = ACTION_LOG,
["smb_tree_connect_andx_response_without_tree"] = ACTION_LOG_PER_CONN,

18
scripts/base/init-bare.zeek
View file

@ -1094,6 +1094,14 @@ type entropy_test_result: record {
serial_correlation: double; ##< Serial correlation coefficient.
};
## Return type for from_json BIF.
##
## .. zeek:see:: from_json
type from_json_result: record {
v: any &optional; ##< Parsed value.
valid: bool; ##< True if parsing was successful.
};
# TCP values for :zeek:see:`endpoint` *state* field.
# todo:: these should go into an enum to make them autodoc'able.
const TCP_INACTIVE = 0; ##< Endpoint is still inactive.
@ -2988,6 +2996,16 @@ export {
##
## .. zeek:see:: smb_pipe_connect_heuristic
const SMB::pipe_filenames: set[string] &redef;
## The maximum number of messages for which to retain state
## about offsets, fids, or tree ids within the parser. When
## the limit is reached, internal parser state is discarded
## and :zeek:see:`smb2_discarded_messages_state` raised.
##
## Setting this to zero will disable the functionality.
##
## .. zeek:see:: smb2_discarded_messages_state
const SMB::max_pending_messages = 1000 &redef;
}
module SMB1;

7
scripts/base/protocols/smb/main.zeek
View file

@ -44,6 +44,13 @@ export {
PRINT_CLOSE,
};
## Whether to reset a connection's SMB script state whenever a
## :zeek:see:`smb2_discarded_messages_state` event is raised.
##
## This setting protects from unbounded script state growth in
## environments with high capture loss or traffic anomalies.
option enable_clear_script_state = T;
## This record is for the smb_files.log
type FileInfo: record {
## Time when the file was first discovered.

24
scripts/base/protocols/smb/smb2-main.zeek
View file

@ -1,3 +1,5 @@
@load base/frameworks/notice/weird
@load ./main
module SMB2;
@ -344,3 +346,25 @@ event smb2_close_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID)
#Reporter::warning("attempting to close an unknown file!");
}
}
event smb2_discarded_messages_state(c: connection, state: string)
{
if ( ! c?$smb_state )
return;
local addl = fmt("state=%s fid_map=%s tid_map=%s pending_cmds=%s pipe_map=%s",
state, |c$smb_state$fid_map|, |c$smb_state$tid_map|,
|c$smb_state$pending_cmds|, |c$smb_state$pipe_map|);
Reporter::conn_weird("SMB_discarded_messages_state", c, addl, "SMB2");
if ( ! SMB::enable_clear_script_state )
return;
# Wipe out script-level state for this connection.
c$smb_state$fid_map = table();
c$smb_state$pending_cmds = table();
# Not expected to grow overly large and the original
# zeek-smb-clear-state package didn't reset these either.
# c$smb_state$tid_map = table();
# c$smb_state$pipe_map = table();
}

17
scripts/base/protocols/ssl/ct-list.zeek
View file

@ -1,44 +1,35 @@
#
# Do not edit this file. This file is automatically generated by gen-ct-list.pl
# File generated at Thu Oct 6 13:17:02 2022
# File generated at Wed May 3 10:30:21 2023
# File generated from https://www.gstatic.com/ct/log_list/v3/log_list.json
# Source file generated at: 2022-10-05T12:55:24Z
# Source file version: 13.6
# Source file generated at: 2023-05-02T12:55:51Z
# Source file version: 20.60
#
@load base/protocols/ssl
module SSL;
redef ct_logs += {
["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
["\xee\xcd\xd0\x64\xd5\xdb\x1a\xce\xc5\x5c\xb7\x9d\xb4\xcd\x13\xa2\x32\x87\x46\x7c\xbc\xec\xde\xc3\x51\x48\x59\x46\x71\x1f\xb5\x9b"] = CTInfo($description="Google 'Argon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/us1/argon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\xb9\x6c\xa9\xcb\x69\x94\xc5\x5c\xe6\xb6\xa6\x03\xbb\xd2\xb8\xdc\x54\x43\x17\x28\x99\x0c\x06\x01\x50\x1d\x9d\x64\xc0\x59\x46\x2b\xdc\xc8\x03\x1d\x05\xb4\x2d\xa8\x09\xf7\x99\x41\xed\x04\xfb\xe5\x57\xba\x26\x04\xf6\x11\x52\xce\x14\x65\x3b\x2f\x76\x2b\xc0"),
["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
["\x76\xff\x88\x3f\x0a\xb6\xfb\x95\x51\xc2\x61\xcc\xf5\x87\xba\x34\xb4\xa4\xcd\xbb\x29\xdc\x68\x42\x0a\x9f\xe6\x67\x4c\x5a\x3a\x74"] = CTInfo($description="Google 'Xenon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/eu1/xenon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb9\x60\xe0\x34\x1e\x35\xe4\x65\x00\x93\x4f\x90\x09\xbd\x5a\xec\x44\xdd\x8c\x0f\xce\xed\x11\x3e\x2a\x59\x46\x9a\x31\xb6\xc7\x99\xf7\xdc\xef\x3d\xcd\x8f\x86\xc2\x35\xa5\x3e\xdc\x29\xba\xbb\xf2\x54\xe2\xa8\x0c\x83\x08\x51\x06\xde\x21\x6d\x36\x50\x8e\x38\x4d"),
["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="https://ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="https://ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="https://ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="https://ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
["\xda\xb6\xbf\x6b\x3f\xb5\xb6\x22\x9f\x9b\xc2\xbb\x5c\x6b\xe8\x70\x91\x71\x6c\xbb\x51\x84\x85\x34\xbd\xa4\x3d\x30\x48\xd7\xfb\xab"] = CTInfo($description="Cloudflare 'Nimbus2024' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x77\xb1\x9b\x7b\x8f\xe6\x8b\x35\xfe\x3a\x92\x29\x2d\xac\x8a\x8d\x51\x8a\x25\xfc\x93\xb6\xd7\xa0\x8b\x29\x37\x71\x1d\x33\xca\xcc\x33\xea\x28\xb9\x1f\xe2\xac\xc3\xa9\x5d\xdd\x97\xbe\xf6\x9e\x94\x25\xdd\x36\x81\xd1\xeb\x5d\x29\xc3\x2b\x44\xf1\x5b\xca\x15\x48"),
["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="https://ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="https://ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="https://yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="https://yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
["\x48\xb0\xe3\x6b\xda\xa6\x47\x34\x0f\xe5\x6a\x02\xfa\x9d\x30\xeb\x1c\x52\x01\xcb\x56\xdd\x2c\x81\xd9\xbb\xbf\xab\x39\xd8\x84\x73"] = CTInfo($description="DigiCert Yeti2024 Log", $operator="DigiCert", $url="https://yeti2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x57\xb8\xc1\x6f\x30\xa4\x7f\x2e\xe4\xf0\xd0\xd9\x60\x62\x13\x95\xe3\x7a\xe3\x4e\x53\xc3\xb3\xb8\x73\x85\xc1\x18\x0d\x23\x0e\x58\x84\xd2\x78\xef\x9b\xb3\x1e\x2c\x1a\xde\xc1\x8f\x81\x1b\x19\x44\x58\xb7\x00\x77\x60\x20\x1a\x72\xd8\x82\xde\xae\x9e\xb1\xc6\x4b"),
["\x7d\x59\x1e\x12\xe1\x78\x2a\x7b\x1c\x61\x67\x7c\x5e\xfd\xf8\xd0\x87\x5c\x14\xa0\x4e\x95\x9e\xb9\x03\x2f\xd9\x0e\x8c\x2e\x79\xb8"] = CTInfo($description="DigiCert Yeti2025 Log", $operator="DigiCert", $url="https://yeti2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xdf\x95\x00\x5e\x10\xc1\x01\xf7\x37\xe3\x10\x74\xd1\xff\xb2\xca\x90\xed\x32\x99\x5f\x0c\x39\xfe\xa1\xd1\x13\x11\xac\xd1\xb3\x73\x93\x20\xc2\x13\x3c\x4c\xb5\x7a\x52\x86\x86\x3d\xe3\x95\x24\x7c\xd8\x91\x98\x48\x3b\xf0\xf0\xdf\x21\xf1\xb0\x81\x5a\x59\x25\x43"),
["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="https://nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="https://nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
["\x73\xd9\x9e\x89\x1b\x4c\x96\x78\xa0\x20\x7d\x47\x9d\xe6\xb2\xc6\x1c\xd0\x51\x5e\x71\x19\x2a\x8c\x6b\x80\x10\x7a\xc1\x77\x72\xb5"] = CTInfo($description="DigiCert Nessie2024 Log", $operator="DigiCert", $url="https://nessie2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\xfc\xa2\x7b\x36\xbf\x56\x91\xe9\xfe\x3f\xe8\x3d\xfc\xc3\xa7\xe0\x61\x52\xea\x2c\xe9\x05\xa3\x9f\x27\x17\x81\x05\x70\x6b\x81\x61\x44\x8a\xf8\x3b\x10\x80\x42\xed\x03\x2f\x00\x50\x21\xfc\x41\x54\x84\xa3\x54\xd5\x2e\xb2\x7a\x16\x4b\x2a\x1f\x2b\x66\x04\x2b"),
["\xe6\xd2\x31\x63\x40\x77\x8c\xc1\x10\x41\x06\xd7\x71\xb9\xce\xc1\xd2\x40\xf6\x96\x84\x86\xfb\xba\x87\x32\x1d\xfd\x1e\x37\x8e\x50"] = CTInfo($description="DigiCert Nessie2025 Log", $operator="DigiCert", $url="https://nessie2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\xf0\xf0\xa7\x8b\x81\x2e\x09\x39\x3b\x9f\x42\xda\x38\x44\x5f\xb4\xcc\xed\x36\xbb\xd8\x43\x7f\x16\x49\x57\x87\x04\x7f\xa5\x01\x34\xf7\xe8\x68\x3f\xb7\x78\x1f\x60\x66\x2d\x67\x9a\x75\x80\xb7\x53\xa7\x85\xd5\xbc\xab\x47\x06\x55\xdb\xb5\xdf\x88\xa1\x6f\x38"),
["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="https://yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="https://sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="https://mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
["\x3b\x53\x77\x75\x3e\x2d\xb9\x80\x4e\x8b\x30\x5b\x06\xfe\x40\x3b\x67\xd8\x4f\xc3\xf4\xc7\xbd\x00\x0d\x2d\x72\x6f\xe1\xfa\xd4\x17"] = CTInfo($description="Let's Encrypt 'Oak2024H1' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h1/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x56\x43\xd7\x7e\x7b\xd4\x72\xb7\xba\xa9\x51\xbd\x36\x93\xb7\xe9\xb5\x92\x0f\xea\x5e\xb7\x45\xa3\x92\xfd\xc9\xa5\x3c\x80\xac\x1a\x20\xef\x25\x2f\xb8\xe1\x20\xf7\xa8\x3a\x2e\x07\x8d\xe6\xeb\xa4\xe2\x7d\x24\x63\x9f\x46\xbf\x94\x73\x52\x8d\x96\xae\xa9\x26\xfd"),
["\x3f\x17\x4b\x4f\xd7\x22\x47\x58\x94\x1d\x65\x1c\x84\xbe\x0d\x12\xed\x90\x37\x7f\x1f\x85\x6a\xeb\xc1\xbf\x28\x85\xec\xf8\x64\x6e"] = CTInfo($description="Let's Encrypt 'Oak2024H2' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h2/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\x73\xd6\x53\x47\xe9\xf3\xc9\xd5\x7c\x16\xc2\xd6\x8f\x70\x65\xfa\xf2\x51\x36\xa9\x13\x80\x2f\xed\xf9\x94\xd3\x5a\x8b\xe8\x4f\x33\xcf\xc3\xd3\x89\xd4\x5f\x5a\x66\x89\xba\x20\x1f\x71\xcb\xca\xbb\x9f\x9f\xf3\x5c\x2d\x1e\xa3\x81\x59\xaf\x92\xb3\x6d\x30\x68"),
["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="https://ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="https://ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
["\x87\x4f\xb5\x0d\xc0\x29\xd9\x93\x1d\xe5\x73\xe9\xf2\x89\x9e\x8e\x45\x33\xb3\x92\xd3\x8b\x0a\x46\x25\x74\xbf\x0f\xee\xb2\xfc\x1e"] = CTInfo($description="Trust Asia Log2024-2", $operator="TrustAsia", $url="https://ct2024.trustasia.com/log2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa7\x64\xe2\x79\x81\x3f\x61\xd7\xec\xc6\xf8\x65\x28\x1d\xa0\xb4\x66\x33\xc3\x25\xd5\x0a\x95\x78\x9c\x8f\xfe\xa4\x2a\xd8\x8f\x7e\x72\xe0\xfe\xa8\x7f\xf8\xb1\x2d\x85\xc0\x8e\x12\x74\x0d\x2f\x8c\xab\xd7\x7f\x7a\x1e\xd9\x84\x33\x39\xe8\xfd\x89\x5f\x96\x48\x08"),
};

6
scripts/base/protocols/ssl/main.zeek
View file

@ -528,5 +528,9 @@ event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationI
{
if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS )
if ( info$c?$ssl )
finish(info$c, T);
{
# analyzer errored out; prevent us from trying to remove it later
delete info$c$ssl$analyzer_id;
finish(info$c, F);
}
}

16
scripts/base/protocols/ssl/mozilla-ca-list.zeek
View file

File diff suppressed because one or more lines are too long

2
src/3rdparty

@ -1 +1 @@
Subproject commit 58e63b262e542895024c821e791214008604cd55
Subproject commit 410ada8bbe5839807a459a99c1b77221f790f1be

315
src/CMakeLists.txt
View file

@ -1,23 +1,15 @@
include_directories(BEFORE
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_CURRENT_BINARY_DIR}/include
)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/include
${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_BINARY_DIR}/include)
# Force creation of includes symlink. This can't just be in the src directory
# because MSVC will end up with an include loop.
execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
"${CMAKE_CURRENT_SOURCE_DIR}/include")
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
".."
execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_CURRENT_SOURCE_DIR}/include")
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ".."
"${CMAKE_CURRENT_SOURCE_DIR}/include/zeek")
# Allows header file inclusion via zeek/ within the build tree
execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory
"${CMAKE_CURRENT_BINARY_DIR}/include")
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
".."
execute_process(COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_CURRENT_BINARY_DIR}/include")
execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink ".."
"${CMAKE_CURRENT_BINARY_DIR}/include/zeek")
# Poor man's JSON escaping as this is rendered into a C string.
@ -26,27 +18,25 @@ string(REPLACE "\n" "\\n" ZEEK_BUILD_INFO_ESCAPED "${ZEEK_BUILD_INFO_ESCAPED}")
configure_file(version.c.in ${CMAKE_CURRENT_BINARY_DIR}/version.c)
configure_file(util-config.h.in ${CMAKE_CURRENT_BINARY_DIR}/util-config.h)
# This creates a custom command to transform a bison output file (inFile)
# into outFile in order to avoid symbol conflicts:
# - replaces instances of 'yylex' in inFile with yylexPrefix
# - replaces instances of 'yy' in inFile with yyPrefix
# - deletes instances of 'extern char.*getenv' in inFile
# - writes results to outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
# This creates a custom command to transform a bison output file (inFile) into
# outFile in order to avoid symbol conflicts: - replaces instances of 'yylex' in
# inFile with yylexPrefix - replaces instances of 'yy' in inFile with yyPrefix -
# deletes instances of 'extern char.*getenv' in inFile - writes results to
# outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
macro (REPLACE_YY_PREFIX_TARGET inFile outFile yylexPrefix yyPrefix)
set(args "\"/extern char.*getenv/d")
set(args "${args}\;s/yylex/${yylexPrefix}lex/")
set(args "${args}\;s/yy/${yyPrefix}/g\"" < ${inFile} > ${outFile})
add_custom_command(OUTPUT ${outFile}
COMMAND ${SED_EXE}
ARGS ${args}
add_custom_command(
OUTPUT ${outFile}
COMMAND ${SED_EXE} ARGS ${args}
DEPENDS ${inFile}
COMMENT "[sed] replacing stuff in ${inFile}"
)
COMMENT "[sed] replacing stuff in ${inFile}")
list(APPEND TRANSFORMED_BISON_OUTPUTS ${outFile})
endmacro (REPLACE_YY_PREFIX_TARGET)
########################################################################
## Create targets to generate parser and scanner code
# ##############################################################################
# Create targets to generate parser and scanner code
set(BISON_FLAGS "--debug")
@ -57,65 +47,56 @@ else()
endif ()
# Rule parser/scanner
bison_target(RuleParser rule-parse.y
${CMAKE_CURRENT_BINARY_DIR}/rup.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/rup.h
bison_target(
RuleParser rule-parse.y ${CMAKE_CURRENT_BINARY_DIR}/rup.cc HEADER
${CMAKE_CURRENT_BINARY_DIR}/rup.h
# VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/rule_parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.cc
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
rules_ rules_)
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc rules_ rules_)
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h ${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
rules_ rules_)
flex_target(RuleScanner rule-scan.l ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
COMPILE_FLAGS "-Prules_")
set_property(SOURCE rule-scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
# RE parser/scanner
bison_target(REParser re-parse.y
${CMAKE_CURRENT_BINARY_DIR}/rep.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
bison_target(
REParser re-parse.y ${CMAKE_CURRENT_BINARY_DIR}/rep.cc HEADER
${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
# VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/re_parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc
${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc ${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
re_ RE_)
flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
COMPILE_FLAGS "-Pre_")
flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc COMPILE_FLAGS "-Pre_")
add_flex_bison_dependency(REScanner REParser)
set_property(SOURCE re-scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
# Parser/Scanner
bison_target(Parser parse.y
${CMAKE_CURRENT_BINARY_DIR}/p.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/zeekparse.h
bison_target(
Parser parse.y ${CMAKE_CURRENT_BINARY_DIR}/p.cc HEADER ${CMAKE_CURRENT_BINARY_DIR}/zeekparse.h
# VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc
${CMAKE_CURRENT_BINARY_DIR}/parse.cc
zeek yy)
flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc
COMPILE_FLAGS "-Pzeek")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc ${CMAKE_CURRENT_BINARY_DIR}/parse.cc zeek
yy)
flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc COMPILE_FLAGS "-Pzeek")
set_property(SOURCE scan.cc APPEND_STRING PROPERTY COMPILE_FLAGS "${SIGN_COMPARE_FLAG}")
# Add a dependency for the generated files to zeek_autogen_files.
add_custom_target(
zeek_bison_outputs
DEPENDS
${CMAKE_CURRENT_BINARY_DIR}/parse.cc
DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/parse.cc
${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
${CMAKE_CURRENT_BINARY_DIR}/scan.cc
)
${CMAKE_CURRENT_BINARY_DIR}/scan.cc)
add_dependencies(zeek_autogen_files zeek_bison_outputs)
########################################################################
## bifcl-dependent targets
# ##############################################################################
# bifcl-dependent targets
include(BifCl)
@ -131,34 +112,30 @@ set(BIF_SRCS
strings.bif
reporter.bif
option.bif
# Note: the supervisor BIF file is treated like other top-level BIFs
# instead of contained in its own subdirectory CMake logic because
# subdirectory BIFs are treated differently and don't support being called
# *during* parsing (e.g. within an @if directive).
# Note: the supervisor BIF file is treated like other top-level BIFs instead
# of contained in its own subdirectory CMake logic because subdirectory BIFs
# are treated differently and don't support being called *during* parsing
# (e.g. within an @if directive).
supervisor/supervisor.bif
# The packet analysis BIF is treated like other top-level BIFs because
# it's needed before parsing the packet protocol scripts, which happen
# very near to the start of parsing.
# The packet analysis BIF is treated like other top-level BIFs because it's
# needed before parsing the packet protocol scripts, which happen very near
# to the start of parsing.
packet_analysis/packet_analysis.bif
# The C++ loading BIF is treated like other top-level BIFs to give
# us flexibility regarding when it's called.
script_opt/CPP/CPP-load.bif
)
# The C++ loading BIF is treated like other top-level BIFs to give us
# flexibility regarding when it's called.
script_opt/CPP/CPP-load.bif)
foreach (bift ${BIF_SRCS})
bif_target(${bift} "standard")
endforeach ()
########################################################################
## BinPAC-dependent targets
# ##############################################################################
# BinPAC-dependent targets
include(BinPAC)
set(BINPAC_AUXSRC
${CMAKE_CURRENT_SOURCE_DIR}/binpac.pac
${CMAKE_CURRENT_SOURCE_DIR}/zeek.pac
${CMAKE_CURRENT_SOURCE_DIR}/binpac_zeek.h
)
set(BINPAC_AUXSRC ${CMAKE_CURRENT_SOURCE_DIR}/binpac.pac ${CMAKE_CURRENT_SOURCE_DIR}/zeek.pac
${CMAKE_CURRENT_SOURCE_DIR}/binpac_zeek.h)
set(BINPAC_OUTPUTS "")
@ -168,8 +145,8 @@ list(APPEND BINPAC_OUTPUTS "${BINPAC_OUTPUT_CC}")
binpac_target(binpac_zeek-lib.pac)
list(APPEND BINPAC_OUTPUTS "${BINPAC_OUTPUT_CC}")
########################################################################
## Gen-ZAM setup
# ##############################################################################
# Gen-ZAM setup
include(Gen-ZAM)
@ -177,9 +154,9 @@ set(GEN_ZAM_SRC ${CMAKE_CURRENT_SOURCE_DIR}/script_opt/ZAM/Ops.in)
gen_zam_target(${GEN_ZAM_SRC})
########################################################################
## Including subdirectories.
########################################################################
# ##############################################################################
# Including subdirectories.
# ##############################################################################
option(USE_SQLITE "Should Zeek use SQLite?" ON)
@ -195,8 +172,8 @@ add_subdirectory(logging)
add_subdirectory(probabilistic)
add_subdirectory(session)
########################################################################
## Build in the discovered external plugins and create the autogenerated scripts.
# ##############################################################################
# Build in the discovered external plugins and create the autogenerated scripts.
set(PRELOAD_SCRIPT ${PROJECT_BINARY_DIR}/scripts/builtin-plugins/__preload__.zeek)
file(WRITE ${PRELOAD_SCRIPT} "# Warning, this is an autogenerated file!\n")
@ -204,8 +181,8 @@ set(LOAD_SCRIPT ${PROJECT_BINARY_DIR}/scripts/builtin-plugins/__load__.zeek)
file(WRITE ${LOAD_SCRIPT} "# Warning, this is an autogenerated file!\n")
# TODO: this really should be a function to make sure we have an isolated scope.
# However, for historic reasons, we're not doing that yet. Some plugin
# modify global state such as `zeekdeps`.
# However, for historic reasons, we're not doing that yet. Some plugin modify
# global state such as `zeekdeps`.
macro (add_extra_builtin_plugin plugin_dir)
get_filename_component(plugin_name "${plugin_dir}" NAME)
@ -231,13 +208,13 @@ endforeach()
install(FILES ${PRELOAD_SCRIPT} DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins/)
install(FILES ${LOAD_SCRIPT} DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/builtin-plugins/)
########################################################################
## This has to happen after the parts for builtin plugins, or else
## symbols are missing when it goes to link the fuzzer binaries.
# ##############################################################################
# This has to happen after the parts for builtin plugins, or else symbols are
# missing when it goes to link the fuzzer binaries.
add_subdirectory(fuzzers)
########################################################################
## zeek target
# ##############################################################################
# zeek target
find_package(Threads)
@ -249,8 +226,8 @@ if (POLICY CMP0012)
cmake_policy(SET CMP0012 NEW)
endif ()
# This macro stores associated headers for any C/C++ source files given
# as arguments (past _var) as a list in the CMake variable named "_var".
# This macro stores associated headers for any C/C++ source files given as
# arguments (past _var) as a list in the CMake variable named "_var".
macro (COLLECT_HEADERS _var)
foreach (src ${ARGN})
get_filename_component(ext ${src} EXT)
@ -270,30 +247,25 @@ endmacro(COLLECT_HEADERS _var)
cmake_policy(POP)
# define a command that's used to run the make_dbg_constants.py script
# building the zeek binary depends on the outputs of this script
add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
# define a command that's used to run the make_dbg_constants.py script building
# the zeek binary depends on the outputs of this script
add_custom_command(
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
COMMAND ${PYTHON_EXECUTABLE}
ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
COMMAND ${PYTHON_EXECUTABLE} ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.py
${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
COMMENT "[Python] Processing debug commands"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
add_custom_target(
zeek_debugcmd_gen
DEPENDS
${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
)
add_custom_target(zeek_debugcmd_gen DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc)
add_dependencies(zeek_autogen_files zeek_debugcmd_gen)
set(_gen_zeek_script_cpp ${CMAKE_CURRENT_BINARY_DIR}/../CPP-gen.cc)
add_custom_command(OUTPUT ${_gen_zeek_script_cpp}
COMMAND ${CMAKE_COMMAND} -E touch ${_gen_zeek_script_cpp})
add_custom_command(OUTPUT ${_gen_zeek_script_cpp} COMMAND ${CMAKE_COMMAND} -E touch
${_gen_zeek_script_cpp})
if (!MSVC)
set_source_files_properties(legacy-netvar-init.cc PROPERTIES COMPILE_FLAGS
@ -386,9 +358,7 @@ set(MAIN_SRCS
ZeekArgs.cc
ZeekString.cc
ZVal.cc
${SUPERVISOR_SRCS}
threading/BasicThread.cc
threading/Formatter.cc
threading/Manager.cc
@ -396,12 +366,10 @@ set(MAIN_SRCS
threading/SerialTypes.cc
threading/formatters/Ascii.cc
threading/formatters/JSON.cc
plugin/Component.cc
plugin/ComponentManager.h
plugin/Manager.cc
plugin/Plugin.cc
script_opt/CPP/Attrs.cc
script_opt/CPP/Consts.cc
script_opt/CPP/DeclFunc.cc
@ -421,9 +389,7 @@ set(MAIN_SRCS
script_opt/CPP/Types.cc
script_opt/CPP/Util.cc
script_opt/CPP/Vars.cc
${_gen_zeek_script_cpp}
script_opt/Expr.cc
script_opt/GenIDDefs.cc
script_opt/IDOptInfo.cc
@ -435,7 +401,6 @@ set(MAIN_SRCS
script_opt/TempVar.cc
script_opt/UsageAnalyzer.cc
script_opt/UseDefs.cc
script_opt/ZAM/AM-Opt.cc
script_opt/ZAM/Branches.cc
script_opt/ZAM/BuiltIn.cc
@ -450,9 +415,7 @@ set(MAIN_SRCS
script_opt/ZAM/ZBody.cc
script_opt/ZAM/ZInst.cc
script_opt/ZAM/ZOp.cc
digest.h
)
digest.h)
set(THIRD_PARTY_SRCS
3rdparty/bro_inet_ntop.c # Remove in v6.1.
@ -464,10 +427,10 @@ set(THIRD_PARTY_SRCS
3rdparty/patricia.c
3rdparty/setsignal.c
$<$<BOOL:USE_SQLITE>:3rdparty/sqlite3.c>
3rdparty/strsep.c
)
3rdparty/strsep.c)
# Highwayhash. Highwayhash is a bit special since it has architecture dependent code...
# Highwayhash. Highwayhash is a bit special since it has architecture dependent
# code...
set(hhash_dir ${PROJECT_SOURCE_DIR}/auxil/highwayhash/highwayhash)
zeek_add_subdir_library(
hhash
@ -479,54 +442,43 @@ zeek_add_subdir_library(
${hhash_dir}/instruction_sets.cc
${hhash_dir}/nanobenchmark.cc
${hhash_dir}/os_specific.cc
${hhash_dir}/hh_portable.cc
)
${hhash_dir}/hh_portable.cc)
if (${COMPILER_ARCHITECTURE} STREQUAL "arm")
check_c_source_compiles("
check_c_source_compiles(
"
#if defined(__ARM_NEON__) || defined(__ARM_NEON)
int main() { return 0; }
#else
#error
#endif
" test_arm_neon)
"
test_arm_neon)
if (test_arm_neon)
target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
endif ()
target_compile_options(
zeek_hhash_obj
PRIVATE
-mfloat-abi=hard
-march=armv7-a
-mfpu=neon
)
target_compile_options(zeek_hhash_obj PRIVATE -mfloat-abi=hard -march=armv7-a -mfpu=neon)
elseif (${COMPILER_ARCHITECTURE} STREQUAL "aarch64")
target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_neon.cc)
elseif (${COMPILER_ARCHITECTURE} STREQUAL "power")
target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_vsx.cc)
set_source_files_properties(${hhash_dir}/hh_vsx.cc PROPERTIES COMPILE_FLAGS
-mvsx)
set_source_files_properties(${hhash_dir}/hh_vsx.cc PROPERTIES COMPILE_FLAGS -mvsx)
elseif (${COMPILER_ARCHITECTURE} STREQUAL "x86_64")
target_sources(
zeek_hhash_obj
PRIVATE
${hhash_dir}/hh_avx2.cc
${hhash_dir}/hh_sse41.cc)
target_sources(zeek_hhash_obj PRIVATE ${hhash_dir}/hh_avx2.cc ${hhash_dir}/hh_sse41.cc)
if (MSVC)
set(_avx_flag /arch:AVX2)
# Using an undocumentd compiler flag: https://stackoverflow.com/questions/64053597/how-do-i-enable-sse4-1-and-sse3-but-not-avx-in-msvc/69328426#69328426
# Using an undocumentd compiler flag:
# https://stackoverflow.com/questions/64053597/how-do-i-enable-sse4-1-and-sse3-but-not-avx-in-msvc/69328426#69328426
set(_sse_flag /d2archSSE42)
else ()
set(_avx_flag -mavx2)
set(_sse_flag -msse4.1)
endif ()
set_source_files_properties(${hhash_dir}/hh_avx2.cc PROPERTIES COMPILE_FLAGS
${_avx_flag})
set_source_files_properties(${hhash_dir}/hh_sse41.cc PROPERTIES COMPILE_FLAGS
${_sse_flag})
set_source_files_properties(${hhash_dir}/hh_avx2.cc PROPERTIES COMPILE_FLAGS ${_avx_flag})
set_source_files_properties(${hhash_dir}/hh_sse41.cc PROPERTIES COMPILE_FLAGS ${_sse_flag})
endif ()
set(zeek_SRCS
@ -550,8 +502,7 @@ set(zeek_SRCS
${CMAKE_CURRENT_BINARY_DIR}/ZAM-MethodDecls.h
${THIRD_PARTY_SRCS}
${HH_SRCS}
${MAIN_SRCS}
)
${MAIN_SRCS})
collect_headers(zeek_HEADERS ${zeek_SRCS})
@ -564,9 +515,10 @@ zeek_target_link_libraries(zeek_objs)
if (TARGET zeek_exe)
target_sources(zeek_exe PRIVATE main.cc ${zeek_HEADERS})
# npcap/winpcap need to be loaded in delayed mode so that we can set the load path
# correctly at runtime. See https://npcap.com/guide/npcap-devguide.html#npcap-feature-native
# for why this is necessary.
# npcap/winpcap need to be loaded in delayed mode so that we can set the load
# path correctly at runtime. See
# https://npcap.com/guide/npcap-devguide.html#npcap-feature-native for why
# this is necessary.
if (MSVC AND HAVE_WPCAP)
set(zeekdeps ${zeekdeps} delayimp.lib)
set_target_properties(zeek_exe PROPERTIES LINK_FLAGS "/DELAYLOAD:wpcap.dll")
@ -586,12 +538,7 @@ endif()
if (TARGET zeek_lib)
target_sources(zeek_lib PRIVATE ${zeek_HEADERS})
target_link_libraries(
zeek_lib
PUBLIC
${zeekdeps}
${CMAKE_THREAD_LIBS_INIT}
${CMAKE_DL_LIBS})
target_link_libraries(zeek_lib PUBLIC ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
endif ()
zeek_include_directories(
@ -601,21 +548,23 @@ zeek_include_directories(
${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
${CMAKE_SOURCE_DIR}/zeek/src
${CMAKE_SOURCE_DIR}/zeek/src/include
)
${CMAKE_SOURCE_DIR}/zeek/src/include)
# Install *.bif.zeek.
install(DIRECTORY ${PROJECT_BINARY_DIR}/scripts/base/bif DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
install(DIRECTORY ${PROJECT_BINARY_DIR}/scripts/base/bif
DESTINATION ${ZEEK_SCRIPT_INSTALL_PATH}/base)
# Create plugin directory at install time.
install(DIRECTORY DESTINATION ${ZEEK_PLUGIN_DIR})
# Make clean removes the bif directory.
set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${PROJECT_BINARY_DIR}/scripts/base/bif)
set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES
${PROJECT_BINARY_DIR}/scripts/base/bif)
# Remove some stale files and scripts that previous Zeek versions put in
# place, yet make confuse us now. This makes upgrading easier.
install(CODE "
# Remove some stale files and scripts that previous Zeek versions put in place,
# yet make confuse us now. This makes upgrading easier.
install(
CODE "
file(REMOVE_RECURSE
${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/dataseries.bro
${ZEEK_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/elasticsearch.bro
@ -623,19 +572,21 @@ install(CODE "
)
")
# Make sure to escape a bunch of special characters in the path before trying to use it as a
# regular expression below.
string(REGEX REPLACE "([][+.*()^])" "\\\\\\1" escaped_include_path "${CMAKE_CURRENT_SOURCE_DIR}/include/*")
# Make sure to escape a bunch of special characters in the path before trying to
# use it as a regular expression below.
string(REGEX REPLACE "([][+.*()^])" "\\\\\\1" escaped_include_path
"${CMAKE_CURRENT_SOURCE_DIR}/include/*")
if (WIN32)
install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/windows/usr.include/
install(
DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/windows/usr.include/
DESTINATION include/
FILES_MATCHING
PATTERN "*.h"
)
PATTERN "*.h")
endif ()
install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
install(
DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
DESTINATION include/zeek
FILES_MATCHING
PATTERN "*.h"
@ -643,15 +594,14 @@ install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/
PATTERN "3rdparty/*" EXCLUDE
# The "zeek -> ." symlink isn't needed in the install-tree
REGEX "${escaped_include_path}$" EXCLUDE
# FILES_MATCHING creates empty directories:
# https://gitlab.kitware.com/cmake/cmake/-/issues/17122
# Exclude the ones that this affects explicitly.
# https://gitlab.kitware.com/cmake/cmake/-/issues/17122 Exclude the ones that
# this affects explicitly.
PATTERN "script_opt/CPP/maint" EXCLUDE
PATTERN "fuzzers/corpora" EXCLUDE
)
PATTERN "fuzzers/corpora" EXCLUDE)
install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
install(
DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
DESTINATION include/zeek
FILES_MATCHING
PATTERN "*.bif.func_h"
@ -659,11 +609,10 @@ install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/
PATTERN "*.bif.h"
PATTERN "CMakeFiles" EXCLUDE
# The "include/zeek -> .." symlink isn't needed in the install-tree
REGEX "${escaped_include_path}$" EXCLUDE
)
REGEX "${escaped_include_path}$" EXCLUDE)
install(FILES
${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/ConvertUTF.h
install(
FILES ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/ConvertUTF.h
${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bro_inet_ntop.h # Remove in v6.1
${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/zeek_inet_ntop.h
${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/bsd-getopt-long.h
@ -672,11 +621,10 @@ install(FILES
${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/setsignal.h
$<$<BOOL:USE_SQLITE>:${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sqlite3.h>
${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/doctest.h
DESTINATION include/zeek/3rdparty
)
DESTINATION include/zeek/3rdparty)
########################################################################
## Clang-tidy target now that we have all of the sources
# ##############################################################################
# Clang-tidy target now that we have all of the sources
add_clang_tidy_files(${MAIN_SRCS})
@ -685,8 +633,8 @@ add_clang_tidy_files(${MAIN_SRCS})
# *.bif.register.cc)
create_clang_tidy_target()
########################################################################
## CTest setup.
# ##############################################################################
# CTest setup.
# Scan all .cc files for TEST_CASE macros and generate CTest targets.
if (ENABLE_ZEEK_UNIT_TESTS)
@ -699,9 +647,8 @@ if (ENABLE_ZEEK_UNIT_TESTS)
endforeach ()
endforeach ()
list(LENGTH test_cases num_test_cases)
MESSAGE(STATUS "-- Found ${num_test_cases} test cases for CTest")
message(STATUS "-- Found ${num_test_cases} test cases for CTest")
foreach (test_case ${test_cases})
add_test(NAME "\"${test_case}\""
COMMAND zeek --test "--test-case=${test_case}")
add_test(NAME "\"${test_case}\"" COMMAND zeek --test "--test-case=${test_case}")
endforeach ()
endif ()

330
src/Val.cc
View file

@ -6,6 +6,9 @@
#include <netdb.h>
#include <netinet/in.h>
#define RAPIDJSON_HAS_STDSTRING 1
#include <rapidjson/document.h>
#include <rapidjson/error/en.h>
#include <sys/param.h>
#include <sys/types.h>
#include <unistd.h>
@ -1061,6 +1064,333 @@ StringValPtr StringVal::Replace(RE_Matcher* re, const String& repl, bool do_all)
return make_intrusive<StringVal>(new String(true, result, r - result));
}
static std::variant<ValPtr, std::string> BuildVal(const rapidjson::Value& j, const TypePtr& t)
{
auto mismatch_err = [t, &j]()
{
std::string json_type;
switch ( j.GetType() )
{
case rapidjson::Type::kNullType:
json_type = "null";
break;
case rapidjson::Type::kFalseType:
case rapidjson::Type::kTrueType:
json_type = "bool";
break;
case rapidjson::Type::kObjectType:
json_type = "object";
break;
case rapidjson::Type::kArrayType:
json_type = "array";
break;
case rapidjson::Type::kStringType:
json_type = "string";
break;
case rapidjson::Type::kNumberType:
json_type = "number";
break;
default:
json_type = "unknown";
}
return util::fmt("cannot convert JSON type '%s' to Zeek type '%s'", json_type.c_str(),
type_name(t->Tag()));
};
if ( j.IsNull() )
return Val::nil;
switch ( t->Tag() )
{
case TYPE_BOOL:
{
if ( ! j.IsBool() )
return mismatch_err();
return val_mgr->Bool(j.GetBool());
}
case TYPE_INT:
{
if ( ! j.IsInt64() )
return mismatch_err();
return val_mgr->Int(j.GetInt64());
}
case TYPE_COUNT:
{
if ( ! j.IsUint64() )
return mismatch_err();
return val_mgr->Count(j.GetUint64());
}
case TYPE_TIME:
{
if ( ! j.IsNumber() )
return mismatch_err();
return make_intrusive<TimeVal>(j.GetDouble());
}
case TYPE_DOUBLE:
{
if ( ! j.IsNumber() )
return mismatch_err();
return make_intrusive<DoubleVal>(j.GetDouble());
}
case TYPE_INTERVAL:
{
if ( ! j.IsNumber() )
return mismatch_err();
return make_intrusive<IntervalVal>(j.GetDouble());
}
case TYPE_PORT:
{
if ( ! j.IsString() )
return mismatch_err();
int port = 0;
if ( j.GetStringLength() > 0 && j.GetStringLength() < 10 )
{
char* slash;
errno = 0;
port = strtol(j.GetString(), &slash, 10);
if ( ! errno )
{
++slash;
if ( util::streq(slash, "tcp") )
return val_mgr->Port(port, TRANSPORT_TCP);
else if ( util::streq(slash, "udp") )
return val_mgr->Port(port, TRANSPORT_UDP);
else if ( util::streq(slash, "icmp") )
return val_mgr->Port(port, TRANSPORT_ICMP);
else if ( util::streq(slash, "unknown") )
return val_mgr->Port(port, TRANSPORT_UNKNOWN);
}
}
return "wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp|unknown)/";
}
case TYPE_PATTERN:
{
if ( ! j.IsString() )
return mismatch_err();
std::string candidate(j.GetString(), j.GetStringLength());
if ( candidate.size() > 2 && candidate.front() == candidate.back() &&
candidate.back() == '/' )
{
// Remove the '/'s
candidate.erase(0, 1);
candidate.erase(candidate.size() - 1);
}
auto re = std::make_unique<RE_Matcher>(candidate.c_str());
if ( ! re->Compile() )
return "error compiling pattern";
return make_intrusive<PatternVal>(re.release());
}
case TYPE_ADDR:
case TYPE_SUBNET:
{
if ( ! j.IsString() )
return mismatch_err();
int width = 0;
std::string candidate;
if ( t->Tag() == TYPE_ADDR )
candidate = std::string(j.GetString(), j.GetStringLength());
else
{
std::string_view subnet_sv(j.GetString(), j.GetStringLength());
auto pos = subnet_sv.find('/');
if ( pos == subnet_sv.npos )
return util::fmt("invalid value for subnet: '%s'", j.GetString());
candidate = std::string(j.GetString(), pos);
errno = 0;
char* end;
width = strtol(subnet_sv.data() + pos + 1, &end, 10);
if ( subnet_sv.data() + pos + 1 == end || errno )
return util::fmt("invalid value for subnet: '%s'", j.GetString());
}
if ( candidate.front() == '[' )
candidate.erase(0, 1);
if ( candidate.back() == ']' )
candidate.erase(candidate.size() - 1);
if ( t->Tag() == TYPE_ADDR )
return make_intrusive<AddrVal>(candidate);
else
return make_intrusive<SubNetVal>(candidate.c_str(), width);
}
case TYPE_ENUM:
{
if ( ! j.IsString() )
return mismatch_err();
auto et = t->AsEnumType();
auto intval = et->Lookup({j.GetString(), j.GetStringLength()});
if ( intval < 0 )
return util::fmt("'%s' is not a valid enum for '%s'.", j.GetString(),
et->GetName().c_str());
return et->GetEnumVal(intval);
}
case TYPE_STRING:
{
if ( ! j.IsString() )
return mismatch_err();
return make_intrusive<StringVal>(j.GetStringLength(), j.GetString());
}
case TYPE_TABLE:
{
if ( ! j.IsArray() )
return mismatch_err();
if ( ! t->IsSet() )
return util::fmt("tables are not supported");
auto tt = t->AsSetType();
auto tl = tt->GetIndices();
auto tv = make_intrusive<TableVal>(IntrusivePtr{NewRef{}, tt});
for ( const auto& item : j.GetArray() )
{
std::variant<ValPtr, std::string> v;
if ( tl->GetTypes().size() == 1 )
v = BuildVal(item, tl->GetPureType());
else
v = BuildVal(item, tl);
if ( ! get_if<ValPtr>(&v) )
return v;
if ( ! std::get<ValPtr>(v) )
continue;
tv->Assign(std::move(std::get<ValPtr>(v)), nullptr);
}
return tv;
}
case TYPE_RECORD:
{
if ( ! j.IsObject() )
return mismatch_err();
auto rt = t->AsRecordType();
auto rv = make_intrusive<RecordVal>(IntrusivePtr{NewRef{}, rt});
for ( int i = 0; i < rt->NumFields(); ++i )
{
auto td_i = rt->FieldDecl(i);
auto m_it = j.FindMember(td_i->id);
bool has_member = m_it != j.MemberEnd();
bool member_is_null = has_member && m_it->value.IsNull();
if ( ! has_member || member_is_null )
{
if ( ! td_i->GetAttr(detail::ATTR_OPTIONAL) &&
! td_i->GetAttr(detail::ATTR_DEFAULT) )
return util::fmt("required field %s$%s is %s in JSON", t->GetName().c_str(),
td_i->id, member_is_null ? "null" : "missing");
continue;
}
auto v = BuildVal(m_it->value, td_i->type);
if ( ! get_if<ValPtr>(&v) )
return v;
rv->Assign(i, std::move(std::get<ValPtr>(v)));
}
return rv;
}
case TYPE_LIST:
{
if ( ! j.IsArray() )
return mismatch_err();
auto lt = t->AsTypeList();
if ( j.GetArray().Size() < lt->GetTypes().size() )
return "index type doesn't match";
auto lv = make_intrusive<ListVal>(TYPE_ANY);
for ( size_t i = 0; i < lt->GetTypes().size(); i++ )
{
auto v = BuildVal(j.GetArray()[i], lt->GetTypes()[i]);
if ( ! get_if<ValPtr>(&v) )
return v;
lv->Append(std::move(std::get<ValPtr>(v)));
}
return lv;
}
case TYPE_VECTOR:
{
if ( ! j.IsArray() )
return mismatch_err();
auto vt = t->AsVectorType();
auto vv = make_intrusive<VectorVal>(IntrusivePtr{NewRef{}, vt});
for ( const auto& item : j.GetArray() )
{
auto v = BuildVal(item, vt->Yield());
if ( ! get_if<ValPtr>(&v) )
return v;
if ( ! std::get<ValPtr>(v) )
continue;
vv->Assign(vv->Size(), std::move(std::get<ValPtr>(v)));
}
return vv;
}
default:
return util::fmt("type '%s' unsupport", type_name(t->Tag()));
}
}
std::variant<ValPtr, std::string> detail::ValFromJSON(std::string_view json_str, const TypePtr& t)
{
rapidjson::Document doc;
rapidjson::ParseResult ok = doc.Parse(json_str.data(), json_str.length());
if ( ! ok )
return util::fmt("JSON parse error: %s Offset: %lu", rapidjson::GetParseError_En(ok.Code()),
ok.Offset());
return BuildVal(doc, t);
}
ValPtr StringVal::DoClone(CloneState* state)
{
// We could likely treat this type as immutable and return a reference

9
src/Val.h
View file

@ -6,6 +6,7 @@
#include <array>
#include <list>
#include <unordered_map>
#include <variant>
#include <vector>
#include "zeek/IntrusivePtr.h"
@ -1794,4 +1795,12 @@ extern bool can_cast_value_to_type(const Val* v, Type* t);
// specific instance later.
extern bool can_cast_value_to_type(const Type* s, Type* t);
namespace detail
{
// Parses a JSON string into arbitrary Zeek data using std::variant to simulate functional exception
// handling. Returns a ValPtr if parsing was successful, or a std::string containing an error
// message if an error occurred.
extern std::variant<ValPtr, std::string> ValFromJSON(std::string_view json_str, const TypePtr& t);
}
} // namespace zeek

10
src/analyzer/CMakeLists.txt
View file

@ -1,12 +1,14 @@
zeek_add_subdir_library(
analyzer
INTERNAL_DEPENDENCIES ${BIF_BUILD_TARGET}
INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
INTERNAL_DEPENDENCIES
${BIF_BUILD_TARGET}
INCLUDE_DIRS
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}
SOURCES
Analyzer.cc
Component.cc
Manager.cc
)
Manager.cc)
# Treat BIFs as builtin (alternative mode).
bif_target(analyzer.bif)

3
src/analyzer/protocol/bittorrent/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
PAC
bittorrent.pac
bittorrent-analyzer.pac
bittorrent-protocol.pac
)
bittorrent-protocol.pac)

3
src/analyzer/protocol/conn-size/CMakeLists.txt
View file

@ -6,5 +6,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/dce-rpc/CMakeLists.txt
View file

@ -14,5 +14,4 @@ zeek_add_plugin(
dce_rpc-analyzer.pac
dce_rpc-auth.pac
endpoint-atsvc.pac
endpoint-epmapper.pac
)
endpoint-epmapper.pac)

3
src/analyzer/protocol/dhcp/CMakeLists.txt
View file

@ -11,5 +11,4 @@ zeek_add_plugin(
dhcp.pac
dhcp-protocol.pac
dhcp-analyzer.pac
dhcp-options.pac
)
dhcp-options.pac)

3
src/analyzer/protocol/dnp3/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
dnp3.pac
dnp3-analyzer.pac
dnp3-protocol.pac
dnp3-objects.pac
)
dnp3-objects.pac)

3
src/analyzer/protocol/dns/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
DNS.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/file/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
File.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/finger/CMakeLists.txt
View file

@ -5,5 +5,4 @@ spicy_add_analyzer(
finger.spicy
finger.evt
LEGACY
legacy
)
legacy)

3
src/analyzer/protocol/finger/legacy/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
Finger.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/ftp/CMakeLists.txt
View file

@ -6,5 +6,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/gnutella/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
Gnutella.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/gssapi/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
gssapi.pac
gssapi-protocol.pac
gssapi-analyzer.pac
${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
)
${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)

3
src/analyzer/protocol/http/CMakeLists.txt
View file

@ -6,5 +6,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/ident/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
Ident.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/imap/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
imap.pac
imap-analyzer.pac
imap-protocol.pac
)
imap-protocol.pac)

3
src/analyzer/protocol/irc/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
IRC.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/krb/CMakeLists.txt
View file

@ -25,5 +25,4 @@ zeek_add_plugin(
krb-defs.pac
krb-types.pac
krb-padata.pac
${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
)
${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)

3
src/analyzer/protocol/login/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/mime/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
MIME.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/modbus/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
modbus.pac
modbus-analyzer.pac
modbus-protocol.pac
)
modbus-protocol.pac)

3
src/analyzer/protocol/mqtt/CMakeLists.txt
View file

@ -23,5 +23,4 @@ zeek_add_plugin(
commands/unsubscribe.pac
commands/disconnect.pac
commands/pingreq.pac
commands/pingresp.pac
)
commands/pingresp.pac)

3
src/analyzer/protocol/mysql/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
mysql.pac
mysql-analyzer.pac
mysql-protocol.pac
)
mysql-protocol.pac)

3
src/analyzer/protocol/ncp/CMakeLists.txt
View file

@ -8,5 +8,4 @@ zeek_add_plugin(
events.bif
consts.bif
PAC
ncp.pac
)
ncp.pac)

3
src/analyzer/protocol/netbios/CMakeLists.txt
View file

@ -6,5 +6,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/ntlm/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
PAC
ntlm.pac
ntlm-protocol.pac
ntlm-analyzer.pac
)
ntlm-analyzer.pac)

3
src/analyzer/protocol/ntp/CMakeLists.txt
View file

@ -11,5 +11,4 @@ zeek_add_plugin(
ntp.pac
ntp-analyzer.pac
ntp-mode7.pac
ntp-protocol.pac
)
ntp-protocol.pac)

14
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -130,11 +130,25 @@
refine flow NTP_Flow += {
%member{
bool flipped_;
%}
%init{
flipped_ = false;
%}
function proc_ntp_message(msg: NTP_PDU): bool
%{
connection()->zeek_analyzer()->AnalyzerConfirmation();
// Flip roles for SERVER mode message from orig or a CLIENT mode message from resp.
if ( ((${msg.mode} == SERVER && is_orig()) || (${msg.mode} == CLIENT && ! is_orig())) && ! flipped_ )
{
connection()->zeek_analyzer()->Conn()->FlipRoles();
flipped_ = true;
}
if ( ! ntp_message )
return false;

9
src/analyzer/protocol/ntp/ntp-protocol.pac
View file

@ -1,5 +1,14 @@
# This is the common part in the header format.
# See RFC 5905 for details
enum NTP_Mode {
SYMMETRIC_ACTIVE = 1,
SYMMETRIC_PASSIVE = 2,
CLIENT = 3,
SERVER = 4,
BROADCAST_SERVER = 5,
BROADCAST_CLIENT = 6,
};
type NTP_PDU(is_orig: bool) = record {
# The first byte of the NTP header contains the leap indicator,
# the version and the mode

8
src/analyzer/protocol/pia/CMakeLists.txt
View file

@ -1,7 +1 @@
zeek_add_plugin(
Zeek
PIA
SOURCES
PIA.cc
Plugin.cc
)
zeek_add_plugin(Zeek PIA SOURCES PIA.cc Plugin.cc)

3
src/analyzer/protocol/pop3/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
POP3.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/radius/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
radius.pac
radius-analyzer.pac
radius-protocol.pac
)
radius-protocol.pac)

3
src/analyzer/protocol/rdp/CMakeLists.txt
View file

@ -16,5 +16,4 @@ zeek_add_plugin(
PAC
rdpeudp.pac
rdpeudp-analyzer.pac
rdpeudp-protocol.pac
)
rdpeudp-protocol.pac)

3
src/analyzer/protocol/rfb/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
rfb.pac
rfb-analyzer.pac
rfb-protocol.pac
)
rfb-protocol.pac)

3
src/analyzer/protocol/rpc/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
XDR.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/analyzer/protocol/sip/CMakeLists.txt
View file

@ -14,5 +14,4 @@ zeek_add_plugin(
PAC
sip_TCP.pac
sip-protocol.pac
sip-analyzer.pac
)
sip-analyzer.pac)

3
src/analyzer/protocol/smb/CMakeLists.txt
View file

@ -85,5 +85,4 @@ zeek_add_plugin(
smb2-com-tree-connect.pac
smb2-com-tree-disconnect.pac
smb2-com-write.pac
smb2-com-transform-header.pac
)
smb2-com-transform-header.pac)

1
src/analyzer/protocol/smb/consts.bif
View file

@ -1 +1,2 @@
const SMB::pipe_filenames: string_set;
const SMB::max_pending_messages: count;

11
src/analyzer/protocol/smb/smb2-com-ioctl.pac
View file

@ -17,6 +17,17 @@ refine connection SMB_Conn += {
function proc_smb2_ioctl_request(val: SMB2_ioctl_request) : bool
%{
if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
smb2_ioctl_fids.size() >= zeek::BifConst::SMB::max_pending_messages )
{
if ( smb2_discarded_messages_state )
zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
zeek::make_intrusive<zeek::StringVal>("ioctl"));
smb2_ioctl_fids.clear();
}
smb2_ioctl_fids[${val.header.message_id}] = ${val.file_id.persistent} + ${val.file_id._volatile};
return true;
%}

11
src/analyzer/protocol/smb/smb2-com-read.pac
View file

@ -34,6 +34,17 @@ refine connection SMB_Conn += {
${val.read_len});
}
if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
(smb2_read_offsets.size() >= zeek::BifConst::SMB::max_pending_messages ||
smb2_read_fids.size() >= zeek::BifConst::SMB::max_pending_messages) )
{
if ( smb2_discarded_messages_state )
zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
zeek::make_intrusive<zeek::StringVal>("read"));
smb2_read_offsets.clear();
smb2_read_fids.clear();
}
smb2_read_offsets[${h.message_id}] = ${val.offset};
smb2_read_fids[${h.message_id}] = ${val.file_id.persistent} + ${val.file_id._volatile};

10
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -230,6 +230,16 @@ refine connection SMB_Conn += {
%{
if ( is_orig )
{
if ( zeek::BifConst::SMB::max_pending_messages > 0 &&
smb2_request_tree_id.size() >= zeek::BifConst::SMB::max_pending_messages )
{
if ( smb2_discarded_messages_state )
zeek::BifEvent::enqueue_smb2_discarded_messages_state(zeek_analyzer(), zeek_analyzer()->Conn(),
zeek::make_intrusive<zeek::StringVal>("tree"));
smb2_request_tree_id.clear();
}
// Store the tree_id
smb2_request_tree_id[${h.message_id}] = ${h.tree_id};
}

13
src/analyzer/protocol/smb/smb2_events.bif
View file

@ -15,3 +15,16 @@
##
## .. zeek:see:: smb1_message
event smb2_message%(c: connection, hdr: SMB2::Header, is_orig: bool%);
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 connections for which pending read, ioctl or tree requests exceeds
## the :zeek:see:`SMB::max_pending_messages` setting. This event indicates either
## traffic loss, traffic load-balancing issues, or failures to parse or match
## SMB responses with SMB requests. When this event is raised, internal per-connection
## parser state has been reset.
##
## c: The affected connection.
##
## state: String describing what kind of state was affected.
## One of read, ioctl or tree.
event smb2_discarded_messages_state%(c: connection, state: string%);

3
src/analyzer/protocol/smtp/CMakeLists.txt
View file

@ -6,5 +6,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/snmp/CMakeLists.txt
View file

@ -11,5 +11,4 @@ zeek_add_plugin(
snmp.pac
snmp-protocol.pac
snmp-analyzer.pac
${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac
)
${PROJECT_SOURCE_DIR}/src/analyzer/protocol/asn1/asn1.pac)

3
src/analyzer/protocol/socks/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
socks.pac
socks-protocol.pac
socks-analyzer.pac
)
socks-analyzer.pac)

3
src/analyzer/protocol/ssh/CMakeLists.txt
View file

@ -11,5 +11,4 @@ zeek_add_plugin(
ssh.pac
ssh-analyzer.pac
ssh-protocol.pac
consts.pac
)
consts.pac)

3
src/analyzer/protocol/ssl/CMakeLists.txt
View file

@ -31,5 +31,4 @@ zeek_add_plugin(
dtls-analyzer.pac
ssl-dtls-protocol.pac
dtls-protocol.pac
ssl-defs.pac
)
ssl-defs.pac)

3
src/analyzer/protocol/syslog/CMakeLists.txt
View file

@ -5,5 +5,4 @@ spicy_add_analyzer(
syslog.spicy
syslog.evt
LEGACY
legacy
)
legacy)

3
src/analyzer/protocol/syslog/legacy/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
syslog.pac
syslog-analyzer.pac
syslog-protocol.pac
)
syslog-protocol.pac)

3
src/analyzer/protocol/tcp/CMakeLists.txt
View file

@ -10,5 +10,4 @@ zeek_add_plugin(
BIFS
events.bif
types.bif
functions.bif
)
functions.bif)

3
src/analyzer/protocol/xmpp/CMakeLists.txt
View file

@ -9,5 +9,4 @@ zeek_add_plugin(
PAC
xmpp.pac
xmpp-analyzer.pac
xmpp-protocol.pac
)
xmpp-protocol.pac)

8
src/analyzer/protocol/zip/CMakeLists.txt
View file

@ -1,7 +1 @@
zeek_add_plugin(
Zeek
ZIP
SOURCES
ZIP.cc
Plugin.cc
)
zeek_add_plugin(Zeek ZIP SOURCES ZIP.cc Plugin.cc)

7
src/broker/CMakeLists.txt
View file

@ -1,6 +1,8 @@
zeek_add_subdir_library(
comm
INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
INCLUDE_DIRS
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}
SOURCES
Data.cc
Manager.cc
@ -9,5 +11,4 @@ zeek_add_subdir_library(
comm.bif
data.bif
messaging.bif
store.bif
)
store.bif)

7
src/file_analysis/CMakeLists.txt
View file

@ -1,6 +1,8 @@
zeek_add_subdir_library(
file_analysis
INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}
INCLUDE_DIRS
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}
SOURCES
Manager.cc
File.cc
@ -10,7 +12,6 @@ zeek_add_subdir_library(
AnalyzerSet.cc
Component.cc
BIFS
file_analysis.bif
)
file_analysis.bif)
add_subdirectory(analyzer)

3
src/file_analysis/analyzer/data_event/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
DataEvent.cc
Plugin.cc
INCLUDE_DIRS
"${CMAKE_CURRENT_SOURCE_DIR}"
)
"${CMAKE_CURRENT_SOURCE_DIR}")

3
src/file_analysis/analyzer/entropy/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
Entropy.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/file_analysis/analyzer/extract/CMakeLists.txt
View file

@ -6,5 +6,4 @@ zeek_add_plugin(
Plugin.cc
BIFS
events.bif
functions.bif
)
functions.bif)

3
src/file_analysis/analyzer/hash/CMakeLists.txt
View file

@ -5,5 +5,4 @@ zeek_add_plugin(
Hash.cc
Plugin.cc
BIFS
events.bif
)
events.bif)

3
src/file_analysis/analyzer/pe/CMakeLists.txt
View file

@ -12,5 +12,4 @@ zeek_add_plugin(
pe-file-headers.pac
pe-file-idata.pac
pe-file.pac
pe-file-types.pac
)
pe-file-types.pac)

3
src/file_analysis/analyzer/x509/CMakeLists.txt
View file

@ -13,5 +13,4 @@ zeek_add_plugin(
ocsp_events.bif
PAC
x509-extension.pac
x509-signed_certificate_timestamp.pac
)
x509-signed_certificate_timestamp.pac)

35
src/fuzzers/CMakeLists.txt
View file

@ -1,5 +1,5 @@
########################################################################
## Fuzzing targets
# ##############################################################################
# Fuzzing targets
if (NOT ZEEK_ENABLE_FUZZERS)
return()
@ -10,7 +10,7 @@ if ( NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE} )
# Empty LIB_FUZZING_ENGINE, assume libFuzzer
set(ZEEK_FUZZING_ENGINE "-fsanitize=fuzzer" CACHE INTERNAL "" FORCE)
else ()
STRING(SUBSTRING "$ENV{LIB_FUZZING_ENGINE}" 0 1 _first_char)
string(SUBSTRING "$ENV{LIB_FUZZING_ENGINE}" 0 1 _first_char)
if ("${_first_char}" STREQUAL "-" OR EXISTS "$ENV{LIB_FUZZING_ENGINE}")
# Looks like a linker flag or valid file, use it
@ -23,10 +23,10 @@ if ( NOT DEFINED ZEEK_FUZZING_ENGINE AND DEFINED ENV{LIB_FUZZING_ENGINE} )
endif ()
# The bind library is handled a bit hack-ishly since it defaults to linking it
# as static library by default on Linux, but at least on one common distro,
# that static library wasn't compiled with -fPIC and so not usable in the
# shared library we're trying to build. So instead, the fuzzer executable, not
# the shared lib, links it.
# as static library by default on Linux, but at least on one common distro, that
# static library wasn't compiled with -fPIC and so not usable in the shared
# library we're trying to build. So instead, the fuzzer executable, not the
# shared lib, links it.
string(REGEX MATCH ".*\\.a$" _have_static_bind_lib "${BIND_LIBRARY}")
macro (SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
@ -42,8 +42,7 @@ macro(SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
if (DEFINED ZEEK_FUZZING_ENGINE)
target_link_libraries(${_fuzz_target} ${ZEEK_FUZZING_ENGINE})
else ()
target_link_libraries(${_fuzz_target}
$<TARGET_OBJECTS:zeek_fuzzer_standalone>)
target_link_libraries(${_fuzz_target} $<TARGET_OBJECTS:zeek_fuzzer_standalone>)
endif ()
endmacro ()
@ -78,8 +77,7 @@ foreach(_dep ${zeekdeps} )
endif ()
endforeach ()
target_link_libraries(zeek_fuzzer_shared PUBLIC
${zeek_fuzzer_shared_deps}
target_link_libraries(zeek_fuzzer_shared PUBLIC ${zeek_fuzzer_shared_deps}
${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
add_fuzz_target(packet)
@ -116,14 +114,15 @@ add_generic_analyzer_fuzz_target(syslog)
# add_generic_analyzer_fuzz_target(finger) # no pcap files
# add_generic_analyzer_fuzz_target(gssapi) # only samples are embedded in smb
# add_generic_analyzer_fuzz_target(ident) # no pcap files
#add_generic_analyzer_fuzz_target(krb) # should these just be handled by smb?
#add_generic_analyzer_fuzz_target(krb_tcp) # should these just be handled by smb?
#add_generic_analyzer_fuzz_target(rsh) # login - no pcap files
# add_generic_analyzer_fuzz_target(krb) # should these just be handled by
# smb? add_generic_analyzer_fuzz_target(krb_tcp) # should these just be handled
# by smb? add_generic_analyzer_fuzz_target(rsh) # login - no pcap files
# add_generic_analyzer_fuzz_target(rlogin) # login - no pcap files
# add_generic_analyzer_fuzz_target(telnet) # login - no pcap files
# add_generic_analyzer_fuzz_target(netbios) # no pcap files
#add_generic_analyzer_fuzz_target(ntlm) # only samples are embedded in dce-rpc or smb
#add_generic_analyzer_fuzz_target(xdr) # rpc - no pcap files
# add_generic_analyzer_fuzz_target(ntlm) # only samples are embedded in
# dce-rpc or smb add_generic_analyzer_fuzz_target(xdr) # rpc - no pcap files
# add_generic_analyzer_fuzz_target(sip_tcp) # unnecessary?
#add_generic_analyzer_fuzz_target(socks) # can this one be tested by adding SOCKS pkts to the HTTP corpus?
#add_generic_analyzer_fuzz_target(xmpp) # no pcap files
# add_generic_analyzer_fuzz_target(socks) # can this one be tested by adding
# SOCKS pkts to the HTTP corpus? add_generic_analyzer_fuzz_target(xmpp) # no
# pcap files

3
src/input/CMakeLists.txt
View file

@ -6,7 +6,6 @@ zeek_add_subdir_library(
ReaderBackend.cc
ReaderFrontend.cc
BIFS
input.bif
)
input.bif)
add_subdirectory(readers)

1
src/input/readers/CMakeLists.txt
View file

@ -1,4 +1,3 @@
add_subdirectory(ascii)
add_subdirectory(benchmark)
add_subdirectory(binary)

Some files were not shown because too many files have changed in this diff Show more