Event: Deprecate default network timestamp metadata

This deprecates the Event constructor and the ``ts`` parameter of Enqueue() Instead, versions are introduced that take a detail::MetadataVectorPtr which can hold the network timestamp metadata and is meant to be allocated by the caller instead of automatically during Enqueue() or within the Event constructor. This also introduces a BifConst ``EventMetadata::add_network_timestamp`` to opt-in adding network timestamps to events globally. It's disabled by default as there are not a lot of known use cases that need this.
2025-10-02 06:38:20 +00:00 · 2025-05-21 16:20:31 +02:00 · 2025-05-21 16:20:31 +02:00 · 53b0f0ad64
commit 53b0f0ad64
parent 12c523f3f7
13 changed files with 167 additions and 10 deletions
--- a/testing/btest/broker/remote_event_auto_ts.zeek
+++ b/testing/btest/broker/remote_event_auto_ts.zeek
@ -17,6 +17,7 @@
 # @TEST-START-FILE send.zeek

 redef exit_only_after_terminate = T;
+redef EventMetadata::add_network_timestamp = T;

 global runs = 0;
 global ping: event(msg: string, intended_ts: time);
@ -58,6 +59,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 # @TEST-START-FILE recv.zeek

 redef exit_only_after_terminate = T;
+redef EventMetadata::add_network_timestamp = T;

 global msg_count = 0;

--- a/testing/btest/broker/remote_event_schedule_ts.zeek
+++ b/testing/btest/broker/remote_event_schedule_ts.zeek
@ -17,6 +17,7 @@
 # @TEST-START-FILE send.zeek

 redef exit_only_after_terminate = T;
+redef EventMetadata::add_network_timestamp = T;

 global runs = 0;
 global ping: event(msg: string, intended_ts: time, publish_ts: time);
@ -64,6 +65,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 # @TEST-START-FILE recv.zeek

 redef exit_only_after_terminate = T;
+redef EventMetadata::add_network_timestamp = T;

 global msg_count = 0;

--- a/testing/btest/broker/remote_event_ts.zeek
+++ b/testing/btest/broker/remote_event_ts.zeek
@ -15,6 +15,7 @@
 # @TEST-START-FILE send.zeek

 redef exit_only_after_terminate = T;
+redef EventMetadata::add_network_timestamp = T;

 global runs = 0;
 global ping: event(msg: string, intended_ts: time);
@ -54,6 +55,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 # @TEST-START-FILE recv.zeek

 redef exit_only_after_terminate = T;
+redef EventMetadata::add_network_timestamp = T;

 global msg_count = 0;

--- a/testing/btest/broker/remote_event_ts_compat.zeek
+++ b/testing/btest/broker/remote_event_ts_compat.zeek
@ -17,6 +17,7 @@

 redef exit_only_after_terminate = T;
 redef allow_network_time_forward = F;
+redef EventMetadata::add_network_timestamp = T;

 event zeek_init()
 	{
--- a/testing/btest/broker/web-socket-events-metadata.zeek
+++ b/testing/btest/broker/web-socket-events-metadata.zeek
@ -16,6 +16,7 @@
 redef allow_network_time_forward = F;
 redef exit_only_after_terminate = T;
 redef Broker::disable_ssl = T;
+redef EventMetadata::add_network_timestamp = T;

 global event_count = 0;

--- a/testing/btest/language/event-ts-scheduled.zeek
+++ b/testing/btest/language/event-ts-scheduled.zeek
@ -1,6 +1,8 @@
 # @TEST-EXEC: zeek -b -r $TRACES/ticks-dns-1hr.pcap %INPUT > out
 # @TEST-EXEC: btest-diff out

+redef EventMetadata::add_network_timestamp = T;
+
 global runs = 0;

 event test(schedule_time: time)
--- a/testing/btest/language/event-ts.zeek
+++ b/testing/btest/language/event-ts.zeek
@ -4,6 +4,8 @@
 # Note: We use a PCAP with DNS queries only so that we have a single packet per
 # time step. Thus the run loop will be executed only once per time step.

+redef EventMetadata::add_network_timestamp = T;
+
 global runs = -1;

 event test(depth: count)