Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'zeek:master' into topic/jasonlu/dict-clone-performance

Browse source
This commit is contained in:
jasonlue 2022-10-13 11:41:50 -07:00 committed by GitHub
commit 6c052bf926
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
83 changed files with 1396 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.clang-tidy
View file

@ -1,4 +1,5 @@
Checks: '-*,
bugprone-*,
-bugprone-easily-swappable-parameters,
clang-analyzer-*,
performance-*'

2
.github/workflows/coverity-scan.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3.1.0
with:
submodules: "recursive"

16
.github/workflows/docker.yml vendored
View file

@ -28,7 +28,7 @@ jobs:
TEST_TAG: zeek:latest
CONFFLAGS: --generator=Ninja --build-type=Release
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3.1.0
with:
submodules: "recursive"
@ -77,7 +77,7 @@ jobs:
fi
- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v2
# Don't publish on forks. Also note that secrets for the login are not
# available for pull requests, so trigger on pushes only.
if: github.repository == 'zeek/zeek' && github.event_name == 'push'
@ -99,14 +99,14 @@ jobs:
zeekurity/${{ steps.target.outputs.tag }}
- name: Preserve image artifact
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: ${{ env.IMAGE_NAME }}
path: ${{ env.IMAGE_FILE }}
retention-days: 1
- name: Preserve btest artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
if: failure()
with:
name: docker-btest
@ -122,7 +122,7 @@ jobs:
# Grab the sources so we have access to btest. Could also use pip, but it
# seems appealing to be using the in-tree version of btest. btest is in a
# submodule; we check it out selectively to save time.
- uses: actions/checkout@v2
- uses: actions/checkout@v3.1.0
- name: Check out btest
run: git submodule update --init ./auxil/btest
@ -144,7 +144,7 @@ jobs:
echo "TESTSUITE_COMMIT=$(cat ./testing/external/commit-hash.zeek-testing-cluster)" >> $GITHUB_ENV
- name: Retrieve cluster testsuite
uses: actions/checkout@v2
uses: actions/checkout@v3.1.0
with:
repository: zeek/zeek-testing-cluster
path: testing/external/zeek-testing-cluster
@ -162,7 +162,7 @@ jobs:
find testing/external/zeek-testing-cluster/.tmp -depth -execdir rename 's/[":<>|*?\r\n]/./g' "{}" \;
- name: Preserve btest artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
if: failure()
with:
name: cluster-btest
@ -176,7 +176,7 @@ jobs:
truncate -s0 ${{ env.IMAGE_FILE }}
- name: Store truncated image artifact
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v3
with:
name: ${{ env.IMAGE_NAME }}
path: ${{ env.IMAGE_FILE }}

6
.github/workflows/generate-docs.yml vendored
View file

@ -24,12 +24,12 @@ jobs:
# event, so we only need to authenticate in that case. Use
# unauthenticated access otherwise so this action can e.g., also run from
# clones.
- uses: actions/checkout@v2
- uses: actions/checkout@v3.1.0
if: github.event_name == 'schedule'
with:
submodules: "recursive"
token: ${{ secrets.ZEEK_BOT_TOKEN }}
- uses: actions/checkout@v2
- uses: actions/checkout@v3.1.0
if: github.event_name != 'schedule'
with:
submodules: "recursive"
@ -121,7 +121,7 @@ jobs:
# Only send notifications for scheduled runs. Runs from pull requests
# show failures in the Github UI.
if: failure() && github.event_name == 'schedule'
uses: dawidd6/action-send-mail@v3.6.1
uses: dawidd6/action-send-mail@v3.7.0
with:
server_address: ${{secrets.SMTP_HOST}}
server_port: ${{secrets.SMTP_PORT}}

4
.github/workflows/pre-commit.yml vendored
View file

@ -9,6 +9,6 @@ jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
- uses: actions/checkout@v3.1.0
- uses: actions/setup-python@v4
- uses: pre-commit/action@v3.0.0

125
CHANGES
View file

@ -1,3 +1,128 @@
5.2.0-dev.90 | 2022-10-13 08:57:45 -0500
* ZAM maintenance for recent test suite changes (and fixups missed last time) (Vern Paxson, Corelight)
5.2.0-dev.86 | 2022-10-12 15:56:23 -0500
* Update gen-zam and paraglob submodules for Coverity/clang-tidy fixes (Tim Wojtulewicz, Corelight)
* Fix some compiler warnings in script_opt (Tim Wojtulewicz, Corelight)
* Fix recent Coverity findings (Tim Wojtulewicz, Corelight)
1491334: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
1498652: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
1498745: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
5.2.0-dev.82 | 2022-10-12 20:02:36 +0200
* Move API for disabling packet analyzers into component. (Robin Sommer)
Before, that API was part of the analyzers themselves, which meant
we couldn't disable a packet analyzer before it had been
instantiated. That was different from protocol/file analyzers,
where we disable them through the corresponding component.
* Suppress warning on an existing packet analyzer being remapped. (Robin Sommer)
5.2.0-dev.79 | 2022-10-12 09:32:38 -0700
* smtp: Prevent script errors when smtp$entity is not set (Tim Wojtulewicz, Corelight)
This is the same issue presented in 38e226bf75772dad8769fa4b5ae61fabb5fb34b9 but
for SMTP instead of HTTP.
5.2.0-dev.77 | 2022-10-10 11:10:31 -0700
* Disable robust iteration for ordered dictionaries (Tim Wojtulewicz, Corelight)
This also includes some minor commenting cleanup in that class
* Add support for itertors with ordered dictionaries (Tim Wojtulewicz, Corelight)
* Add equality, inequality, copy, and move operators to HashKey (Tim Wojtulewicz, Corelight)
* Disable annoying bugprone-easily-swappable-parameters clang-tidy check [skip ci] (Tim Wojtulewicz, Corelight)
5.2.0-dev.70 | 2022-10-06 14:18:18 -0700
* Remove stray `/` at the end of directory name. (Benjamin Bannier, Corelight)
This variable is used to construct a path where the trailing `/` lead to
full paths like `/foo/spicy-plugin//spicyz`.
* Remove commented out code. (Benjamin Bannier, Corelight)
* Bump spicy-plugin to v1.3.19. (Benjamin Bannier, Corelight)
5.2.0-dev.66 | 2022-10-06 14:15:01 -0700
* Update CT log list. (Johanna Amann, Corelight)
This uses the v3 json as a source for the first time. The test needed
some updating because Google removed a couple more logs - in the future
this should hopefully not be neccessary anymore because I think v3
should retain all logs.
In theory this might be neat in 5.1.
5.2.0-dev.51 | 2022-10-05 13:27:08 +0200
* analyzer: Add file_analyzer support to enable_analyzer()/disable_analyzer() (Arne Welzel, Corelight)
5.2.0-dev.46 | 2022-10-03 09:45:05 -0700
* use dynamic rather than static initialization of globals for scripts compiled to C++ (Vern Paxson, Corelight)
* safety checking for initializing scripts compiled to C++ (Vern Paxson, Corelight)
* fixes for initializing scripts compiled to C++ (Vern Paxson, Corelight)
* restructured tracking of initializations of globals for script compilation (Vern Paxson, Corelight)
5.2.0-dev.40 | 2022-10-03 09:44:40 -0700
* http: Prevent script errors when http$current_entity is not set (Arne Welzel, Corelight)
The current_entity tracking in HTTP assumes that client/server never
send HTTP entities at the same time. The attached pcap (generated
artificially) violates this and triggers:
1663698249.307259 expression error in <...>base/protocols/http/./entities.zeek, line 89: field value missing (HTTP::c$http$current_entity)
For the http-no-crlf test, include weird.log as baseline. Now that weird is
@load'ed from http, it is actually created and seems to make sense
to btest-diff it, too.
5.2.0-dev.38 | 2022-10-03 09:08:42 -0700
* Fix some Coverity issues in the recent ZAM updates (Tim Wojtulewicz, Corelight)
5.2.0-dev.35 | 2022-09-30 16:40:22 -0700
* fixes for compiling "standalone" C++ scripts (Vern Paxson, Corelight)
5.2.0-dev.33 | 2022-09-30 12:36:34 -0700
* fix for deprecated when's where the inner frame is larger than the outer frame (Vern Paxson, Corelight)
5.2.0-dev.31 | 2022-09-30 10:03:00 +0200
* const: Deprecate tunnel-specific enable_* flags (Arne Welzel, Corelight)
With packet analyzers being toggle-able at runtime these can go.
They hadn't been consistently implemented either (VXLAN, Geneve).
* packet_analysis: Introduce PacketAnalyzer::__disable_analyzer() (Arne Welzel, Corelight)
This adds machinery to the packet_analysis manager for disabling
and enabling packet analyzers and implements two low-level bifs
to use it.
Extend Analyzer::enable_analyzer() and Analyzer::disable_analyzer()
to transparently work with packet analyzers, too. This also allows
to add packet analyzers to Analyzer::disabled_analyzers.
5.2.0-dev.27 | 2022-09-28 10:34:28 +0200
* Bump `bifcl` and `doc` submodules. (Robin Sommer)

6
CMakeLists.txt
View file

@ -94,14 +94,14 @@ execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh
"export ZEEKPATH=`${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n"
"export ZEEK_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${ZEEK_PLUGIN_PATH}\n"
"export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin/\":$PATH\n"
"export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin\":$PATH\n"
"export SPICY_PATH=\"`${CMAKE_CURRENT_BINARY_DIR}/spicy-path`\"\n"
"export HILTI_CXX_INCLUDE_DIRS=\"`${CMAKE_CURRENT_BINARY_DIR}/hilti-cxx-include-dirs`\"\n")
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
"setenv ZEEKPATH `${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n"
"setenv ZEEK_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${ZEEK_PLUGIN_PATH}\n"
"setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin/\":$PATH\n"
"setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin\":$PATH\n"
"setenv SPICY_PATH \"`${CMAKE_CURRENT_BINARY_DIR}/spicy-path`\"\n"
"setenv HILTI_CXX_INCLUDE_DIRS \"`${CMAKE_CURRENT_BINARY_DIR}/hilti-cxx-include-dirs`\"\n")
@ -444,8 +444,6 @@ if ( NOT DISABLE_SPICY )
set(SPICY_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/spicy-plugin)
endif ()
# set(ZEEK_SPICY_PLUGIN_BUILD_LIBDIR ${CMAKE_BINARY_DIR}/auxil/spicy-plugin)
# set(ZEEK_SPICY_PLUGIN_BUILD_LIBDIR ${CMAKE_BINARY_DIR}/src/builtin-plugins/spicy-plugin)
string(APPEND ZEEK_INCLUDE_PLUGINS ";${SPICY_PLUGIN_PATH}")
endif ()

32
NEWS
View file

@ -6,6 +6,17 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
Zeek 5.2.0
==========
Breaking Changes
----------------
- Zeekctl now assigns network ports to workers starting at port 27760. This
fixes an issue where workers were starting up with ports within Linux's
ephemeral port range, and were potentiall failing to startup due the ports
already being in use. This change may require changes in firewall/routing
configurations between hosts in a Zeek cluster. This should not affect
clusters running on FreeBSD, as that OS uses a different range for ephemeral
ports.
New Functionality
-----------------
@ -22,6 +33,12 @@ New Functionality
- File analyzers can now raise analyzer violations to the script-layer via
the new ``AnalyzerViolation()`` method.
- Packet and file analyzers can now be disabled and enabled at runtime using
the ``Analyzer::enable_analyzer()`` and ``Analyzer::disable_analyzer()``
wrappers. While initially for protocol analyzers only, these have
been extended to work for packet and file analyzers. This now allows to
leverage ``Analyzer::disabled_analyzers`` for these kinds of analyzers.
Changed Functionality
---------------------
@ -36,6 +53,21 @@ Deprecated Functionality
deprecated in favor of the more generic ``analyzer_confirmation_info`` and
``analyzer_violation_info`` events.
- The const values for toggling individual tunnel packet analyzers have
been deprecated in favor of using ``Analyzer::disable_analyzer()``
directly. This affects:
Tunnel::enable_ip
Tunnel::enable_ayiya
Tunnel::enable_teredo
Tunnel::enable_gtpv1
Tunnel::enable_gre
Setting these explicitly to F can be achieved by leveraging
``Analyzers::disabled_analyzers``, for example:
redef Analyzer::disabled_analyzers += { PacketAnalyzer::ANALYZER_GRE };
Zeek 5.1.0
==========

2
VERSION
View file

@ -1 +1 @@
5.2.0-dev.27
5.2.0-dev.90

2
auxil/broker

@ -1 +1 @@
Subproject commit 1933bd82d6160ecff204624199de23c61f1244a2
Subproject commit 97f55a8466428a247a177f9598506a235966bb04

2
auxil/gen-zam

@ -1 +1 @@
Subproject commit e05992ad957d986e181d447e582bdf798e5ae496
Subproject commit e9743078bdeefc6e133dbcf8ae602016611621a6

2
auxil/paraglob

@ -1 +1 @@
Subproject commit 8dbff934dfbba1c2736152831c2cf45ee68f6fc3
Subproject commit 5b9f8a110e6c4731e894cdf95c63706ae8ae3cee

2
auxil/spicy-plugin

@ -1 +1 @@
Subproject commit ab743fb55a3f45dc87c780f396e99b6227bbf25b
Subproject commit a4a7072a66488e148c0a7e2001476b1db88df355

2
auxil/zeek-aux

@ -1 +1 @@
Subproject commit 6defd7033280783894a0b31582214ba3621dc290
Subproject commit bc0c06dd8d7a7602f16c857faae2d3bb6c7052af

2
auxil/zeekctl

@ -1 +1 @@
Subproject commit 495a4f6967aedcea674141622506b2b43d8b18fd
Subproject commit 73c5d59a57be1d22db10a2b7b00a1d876ef688f2

2
doc

@ -1 +1 @@
Subproject commit 410763bfb654ed5be598dd82ecbbc169ef1ba63e
Subproject commit b68c7e814979c6ae9b13eda0b2c0faf009acf373

24
scripts/base/frameworks/analyzer/main.zeek
View file

@ -33,7 +33,7 @@ export {
## tag: The tag of the analyzer to enable.
##
## Returns: True if the analyzer was successfully enabled.
global enable_analyzer: function(tag: Analyzer::Tag) : bool;
global enable_analyzer: function(tag: AllAnalyzers::Tag) : bool;
## Disables an analyzer. Once disabled, the analyzer will not be used
## further for analysis of future connections.
@ -41,7 +41,7 @@ export {
## tag: The tag of the analyzer to disable.
##
## Returns: True if the analyzer was successfully disabled.
global disable_analyzer: function(tag: Analyzer::Tag) : bool;
global disable_analyzer: function(tag: AllAnalyzers::Tag) : bool;
## Registers a set of well-known ports for an analyzer. If a future
## connection on one of these ports is seen, the analyzer will be
@ -130,7 +130,7 @@ export {
## A set of analyzers to disable by default at startup. The default set
## contains legacy analyzers that are no longer supported.
global disabled_analyzers: set[Analyzer::Tag] = {
global disabled_analyzers: set[AllAnalyzers::Tag] = {
ANALYZER_TCPSTATS,
} &redef;
@ -142,6 +142,8 @@ export {
}
@load base/bif/analyzer.bif
@load base/bif/file_analysis.bif
@load base/bif/packet_analysis.bif
event zeek_init() &priority=5
{
@ -152,13 +154,25 @@ event zeek_init() &priority=5
disable_analyzer(a);
}
function enable_analyzer(tag: Analyzer::Tag) : bool
function enable_analyzer(tag: AllAnalyzers::Tag) : bool
{
if ( is_packet_analyzer(tag) )
return PacketAnalyzer::__enable_analyzer(tag);
if ( is_file_analyzer(tag) )
return Files::__enable_analyzer(tag);
return __enable_analyzer(tag);
}
function disable_analyzer(tag: Analyzer::Tag) : bool
function disable_analyzer(tag: AllAnalyzers::Tag) : bool
{
if ( is_packet_analyzer(tag) )
return PacketAnalyzer::__disable_analyzer(tag);
if ( is_file_analyzer(tag) )
return Files::__disable_analyzer(tag);
return __disable_analyzer(tag);
}

10
scripts/base/init-bare.zeek
View file

@ -5058,19 +5058,19 @@ export {
const max_depth: count = 2 &redef;
## Toggle whether to do IPv{4,6}-in-IPv{4,6} decapsulation.
const enable_ip = T &redef;
const enable_ip = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
## Toggle whether to do IPv{4,6}-in-AYIYA decapsulation.
const enable_ayiya = T &redef;
const enable_ayiya = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
## Toggle whether to do IPv6-in-Teredo decapsulation.
const enable_teredo = T &redef;
const enable_teredo = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
## Toggle whether to do GTPv1 decapsulation.
const enable_gtpv1 = T &redef;
const enable_gtpv1 = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
## Toggle whether to do GRE decapsulation.
const enable_gre = T &redef;
const enable_gre = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
## With this set, the Teredo analyzer waits until it sees both sides
## of a connection using a valid Teredo encapsulation before issuing

14
scripts/base/protocols/http/entities.zeek
View file

@ -1,6 +1,7 @@
##! Analysis and logging for MIME entities found in HTTP sessions.
@load base/frameworks/files
@load base/frameworks/notice/weird
@load base/utils/strings
@load base/utils/files
@load ./main
@ -83,6 +84,19 @@ event http_begin_entity(c: connection, is_orig: bool) &priority=10
event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3
{
if ( ! c$http?$current_entity )
{
local weird = Weird::Info(
$ts=network_time(),
$name="missing_HTTP_entity",
$uid=c$uid,
$id=c$id,
$source="HTTP"
);
Weird::weird(weird);
return;
}
if ( name == "CONTENT-DISPOSITION" &&
/[fF][iI][lL][eE][nN][aA][mM][eE]/ in value )
{

14
scripts/base/protocols/smtp/entities.zeek
View file

@ -1,6 +1,7 @@
##! Analysis and logging for MIME entities found in SMTP sessions.
@load base/frameworks/files
@load base/frameworks/notice/weird
@load base/utils/strings
@load base/utils/files
@load ./main
@ -48,6 +49,19 @@ event mime_one_header(c: connection, h: mime_header_rec) &priority=5
if ( ! c?$smtp )
return;
if ( ! c$smtp?$entity )
{
local weird = Weird::Info(
$ts=network_time(),
$name="missing_SMTP_entity",
$uid=c$uid,
$id=c$id,
$source="SMTP"
);
Weird::weird(weird);
return;
}
if ( h$name == "CONTENT-DISPOSITION" &&
/[fF][iI][lL][eE][nN][aA][mM][eE]/ in h$value )
c$smtp$entity$filename = extract_filename_from_content_disposition(h$value);

71
scripts/base/protocols/ssl/ct-list.zeek
View file

@ -1,43 +1,44 @@
#
# Do not edit this file. This file is automatically generated by gen-ct-list.pl
# File generated at Thu Apr 28 13:46:41 2022
# File generated from https://www.gstatic.com/ct/log_list/log_list.json
# File generated at Thu Oct 6 13:17:02 2022
# File generated from https://www.gstatic.com/ct/log_list/v3/log_list.json
# Source file generated at: 2022-10-05T12:55:24Z
# Source file version: 13.6
#
@load base/protocols/ssl
module SSL;
redef ct_logs += {
["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"),
["\xbc\x78\xe1\xdf\xc5\xf6\x3c\x68\x46\x49\x33\x4d\xa1\x0f\xa1\x5f\x09\x79\x69\x20\x09\xc0\x81\xb4\xf3\xf6\x91\x7f\x3e\xd9\xb8\xa5"] = CTInfo($description="Symantec 'Vega' log", $operator="DigiCert", $url="vega.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xea\x95\x9e\x02\xff\xee\xf1\x33\x6d\x4b\x87\xbc\xcd\xfd\x19\x17\x62\xff\x94\xd3\xd0\x59\x07\x3f\x02\x2d\x1c\x90\xfe\xc8\x47\x30\x3b\xf1\xdd\x0d\xb8\x11\x0c\x5d\x1d\x86\xdd\xab\xd3\x2b\x46\x66\xfb\x6e\x65\xb7\x3b\xfd\x59\x68\xac\xdf\xa6\xf8\xce\xd2\x18\x4d"),
["\x15\x97\x04\x88\xd7\xb9\x97\xa0\x5b\xeb\x52\x51\x2a\xde\xe8\xd2\xe8\xb4\xa3\x16\x52\x64\x12\x1a\x9f\xab\xfb\xd5\xf8\x5a\xd9\x3f"] = CTInfo($description="Symantec 'Sirius' log", $operator="DigiCert", $url="sirius.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa3\x02\x64\x84\x22\xbb\x25\xec\x0d\xe3\xbc\xc2\xc9\x89\x7d\xdd\x45\xd0\xee\xe6\x15\x85\x8f\xd9\xe7\x17\x1b\x13\x80\xea\xed\xb2\x85\x37\xad\x6a\xc5\xd8\x25\x9d\xfa\xf4\xb4\xf3\x6e\x16\x28\x25\x37\xea\xa3\x37\x64\xb2\xc7\x0b\xfd\x51\xe5\xc1\x05\xf4\x0e\xb5"),
["\xcd\xb5\x17\x9b\x7f\xc1\xc0\x46\xfe\xea\x31\x13\x6a\x3f\x8f\x00\x2e\x61\x82\xfa\xf8\x89\x6f\xec\xc8\xb2\xf5\xb5\xab\x60\x49\x00"] = CTInfo($description="Certly.IO log", $operator="Certly", $url="log.certly.io/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x0b\x23\xcb\x85\x62\x98\x61\x48\x04\x73\xeb\x54\x5d\xf3\xd0\x07\x8c\x2d\x19\x2d\x8c\x36\xf5\xeb\x8f\x01\x42\x0a\x7c\x98\x26\x27\xc1\xb5\xdd\x92\x93\xb0\xae\xf8\x9b\x3d\x0c\xd8\x4c\x4e\x1d\xf9\x15\xfb\x47\x68\x7b\xba\x66\xb7\x25\x9c\xd0\x4a\xc2\x66\xdb\x48"),
["\x74\x61\xb4\xa0\x9c\xfb\x3d\x41\xd7\x51\x59\x57\x5b\x2e\x76\x49\xa4\x45\xa8\xd2\x77\x09\xb0\xcc\x56\x4a\x64\x82\xb7\xeb\x41\xa3"] = CTInfo($description="Izenpe log", $operator="Izenpe", $url="ct.izenpe.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x64\x39\x0c\x2d\xdc\x50\x18\xf8\x21\x00\xa2\x0e\xed\x2c\xea\x3e\x75\xba\x9f\x93\x64\x09\x00\x11\xc4\x11\x17\xab\x5c\xcf\x0f\x74\xac\xb5\x97\x90\x93\x00\x5b\xb8\xeb\xf7\x27\x3d\xd9\xb2\x0a\x81\x5f\x2f\x0d\x75\x38\x94\x37\x99\x1e\xf6\x07\x76\xe0\xee\xbe"),
["\x41\xb2\xdc\x2e\x89\xe6\x3c\xe4\xaf\x1b\xa7\xbb\x29\xbf\x68\xc6\xde\xe6\xf9\xf1\xcc\x04\x7e\x30\xdf\xfa\xe3\xb3\xba\x25\x92\x63"] = CTInfo($description="WoSign log", $operator="WoSign", $url="ctlog.wosign.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x11\x88\x7b\x2d\x66\xcb\xae\x8f\x4d\x30\x66\x27\x19\x25\x22\x93\x21\x46\xb4\x2f\x01\xd3\xc6\xf9\x2b\xd5\xc8\xba\x73\x9b\x06\xa2\xf0\x8a\x02\x9c\xd0\x6b\x46\x18\x30\x85\xba\xe9\x24\x8b\x0e\xd1\x5b\x70\x28\x0c\x7e\xf1\x3a\x45\x7f\x5a\xf3\x82\x42\x60\x31"),
["\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d"] = CTInfo($description="Venafi log", $operator="Venafi", $url="ctlog.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1\x02\x03\x01\x00\x01"),
["\xa5\x77\xac\x9c\xed\x75\x48\xdd\x8f\x02\x5b\x67\xa2\x41\x08\x9d\xf8\x6e\x0f\x47\x6e\xc2\x03\xc2\xec\xbe\xdb\x18\x5f\x28\x26\x38"] = CTInfo($description="CNNIC CT log", $operator="CNNIC", $url="ctserver.cnnic.cn/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbf\xb5\x08\x61\x9a\x29\x32\x04\xd3\x25\x63\xe9\xd8\x85\xe1\x86\xe0\x1f\xd6\x5e\x9a\xf7\x33\x3b\x80\x1b\xe7\xb6\x3e\x5f\x2d\xa1\x66\xf6\x95\x4a\x84\xa6\x21\x56\x79\xe8\xf7\x85\xee\x5d\xe3\x7c\x12\xc0\xe0\x89\x22\x09\x22\x3e\xba\x16\x95\x06\xbd\xa8\xb9\xb1\xa9\xb2\x7a\xd6\x61\x2e\x87\x11\xb9\x78\x40\x89\x75\xdb\x0c\xdc\x90\xe0\xa4\x79\xd6\xd5\x5e\x6e\xd1\x2a\xdb\x34\xf4\x99\x3f\x65\x89\x3b\x46\xc2\x29\x2c\x15\x07\x1c\xc9\x4b\x1a\x54\xf8\x6c\x1e\xaf\x60\x27\x62\x0a\x65\xd5\x9a\xb9\x50\x36\x16\x6e\x71\xf6\x1f\x01\xf7\x12\xa7\xfc\xbf\xf6\x21\xa3\x29\x90\x86\x2d\x77\xde\xbb\x4c\xd4\xcf\xfd\xd2\xcf\x82\x2c\x4d\xd4\xf2\xc2\x2d\xac\xa9\xbe\xea\xc3\x19\x25\x43\xb2\xe5\x9a\x6c\x0d\xc5\x1c\xa5\x8b\xf7\x3f\x30\xaf\xb9\x01\x91\xb7\x69\x12\x12\xe5\x83\x61\xfe\x34\x00\xbe\xf6\x71\x8a\xc7\xeb\x50\x92\xe8\x59\xfe\x15\x91\xeb\x96\x97\xf8\x23\x54\x3f\x2d\x8e\x07\xdf\xee\xda\xb3\x4f\xc8\x3c\x9d\x6f\xdf\x3c\x2c\x43\x57\xa1\x47\x0c\x91\x04\xf4\x75\x4d\xda\x89\x81\xa4\x14\x06\x34\xb9\x98\xc3\xda\xf1\xfd\xed\x33\x36\xd3\x16\x2d\x35\x02\x03\x01\x00\x01"),
["\x34\xbb\x6a\xd6\xc3\xdf\x9c\x03\xee\xa8\xa4\x99\xff\x78\x91\x48\x6c\x9d\x5e\x5c\xac\x92\xd0\x1f\x7b\xfd\x1b\xce\x19\xdb\x48\xef"] = CTInfo($description="StartCom log", $operator="StartCom", $url="ct.startssl.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xf3\x59\xf3\xf6\x05\x18\xd3\xdb\xb2\xed\x46\x7e\xcf\xc8\x11\xb5\x57\xb1\xa8\xd6\x4c\xe6\x9f\xb7\x4a\x1a\x14\x86\x43\xa9\x48\xb0\xcb\x5a\x3f\x3c\x4a\xca\xdf\xc4\x82\x14\x55\x9a\xf8\xf7\x8e\x40\x55\xdc\xf4\xd2\xaf\xea\x75\x74\xfb\x4e\x7f\x60\x86\x2e\x51"),
["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
["\xee\xcd\xd0\x64\xd5\xdb\x1a\xce\xc5\x5c\xb7\x9d\xb4\xcd\x13\xa2\x32\x87\x46\x7c\xbc\xec\xde\xc3\x51\x48\x59\x46\x71\x1f\xb5\x9b"] = CTInfo($description="Google 'Argon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/us1/argon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\xb9\x6c\xa9\xcb\x69\x94\xc5\x5c\xe6\xb6\xa6\x03\xbb\xd2\xb8\xdc\x54\x43\x17\x28\x99\x0c\x06\x01\x50\x1d\x9d\x64\xc0\x59\x46\x2b\xdc\xc8\x03\x1d\x05\xb4\x2d\xa8\x09\xf7\x99\x41\xed\x04\xfb\xe5\x57\xba\x26\x04\xf6\x11\x52\xce\x14\x65\x3b\x2f\x76\x2b\xc0"),
["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
["\x76\xff\x88\x3f\x0a\xb6\xfb\x95\x51\xc2\x61\xcc\xf5\x87\xba\x34\xb4\xa4\xcd\xbb\x29\xdc\x68\x42\x0a\x9f\xe6\x67\x4c\x5a\x3a\x74"] = CTInfo($description="Google 'Xenon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/eu1/xenon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb9\x60\xe0\x34\x1e\x35\xe4\x65\x00\x93\x4f\x90\x09\xbd\x5a\xec\x44\xdd\x8c\x0f\xce\xed\x11\x3e\x2a\x59\x46\x9a\x31\xb6\xc7\x99\xf7\xdc\xef\x3d\xcd\x8f\x86\xc2\x35\xa5\x3e\xdc\x29\xba\xbb\xf2\x54\xe2\xa8\x0c\x83\x08\x51\x06\xde\x21\x6d\x36\x50\x8e\x38\x4d"),
["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="https://ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="https://ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="https://ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="https://ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
["\xda\xb6\xbf\x6b\x3f\xb5\xb6\x22\x9f\x9b\xc2\xbb\x5c\x6b\xe8\x70\x91\x71\x6c\xbb\x51\x84\x85\x34\xbd\xa4\x3d\x30\x48\xd7\xfb\xab"] = CTInfo($description="Cloudflare 'Nimbus2024' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x77\xb1\x9b\x7b\x8f\xe6\x8b\x35\xfe\x3a\x92\x29\x2d\xac\x8a\x8d\x51\x8a\x25\xfc\x93\xb6\xd7\xa0\x8b\x29\x37\x71\x1d\x33\xca\xcc\x33\xea\x28\xb9\x1f\xe2\xac\xc3\xa9\x5d\xdd\x97\xbe\xf6\x9e\x94\x25\xdd\x36\x81\xd1\xeb\x5d\x29\xc3\x2b\x44\xf1\x5b\xca\x15\x48"),
["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="https://ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="https://ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="https://yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="https://yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
["\x48\xb0\xe3\x6b\xda\xa6\x47\x34\x0f\xe5\x6a\x02\xfa\x9d\x30\xeb\x1c\x52\x01\xcb\x56\xdd\x2c\x81\xd9\xbb\xbf\xab\x39\xd8\x84\x73"] = CTInfo($description="DigiCert Yeti2024 Log", $operator="DigiCert", $url="https://yeti2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x57\xb8\xc1\x6f\x30\xa4\x7f\x2e\xe4\xf0\xd0\xd9\x60\x62\x13\x95\xe3\x7a\xe3\x4e\x53\xc3\xb3\xb8\x73\x85\xc1\x18\x0d\x23\x0e\x58\x84\xd2\x78\xef\x9b\xb3\x1e\x2c\x1a\xde\xc1\x8f\x81\x1b\x19\x44\x58\xb7\x00\x77\x60\x20\x1a\x72\xd8\x82\xde\xae\x9e\xb1\xc6\x4b"),
["\x7d\x59\x1e\x12\xe1\x78\x2a\x7b\x1c\x61\x67\x7c\x5e\xfd\xf8\xd0\x87\x5c\x14\xa0\x4e\x95\x9e\xb9\x03\x2f\xd9\x0e\x8c\x2e\x79\xb8"] = CTInfo($description="DigiCert Yeti2025 Log", $operator="DigiCert", $url="https://yeti2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xdf\x95\x00\x5e\x10\xc1\x01\xf7\x37\xe3\x10\x74\xd1\xff\xb2\xca\x90\xed\x32\x99\x5f\x0c\x39\xfe\xa1\xd1\x13\x11\xac\xd1\xb3\x73\x93\x20\xc2\x13\x3c\x4c\xb5\x7a\x52\x86\x86\x3d\xe3\x95\x24\x7c\xd8\x91\x98\x48\x3b\xf0\xf0\xdf\x21\xf1\xb0\x81\x5a\x59\x25\x43"),
["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="https://nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="https://nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
["\x73\xd9\x9e\x89\x1b\x4c\x96\x78\xa0\x20\x7d\x47\x9d\xe6\xb2\xc6\x1c\xd0\x51\x5e\x71\x19\x2a\x8c\x6b\x80\x10\x7a\xc1\x77\x72\xb5"] = CTInfo($description="DigiCert Nessie2024 Log", $operator="DigiCert", $url="https://nessie2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\xfc\xa2\x7b\x36\xbf\x56\x91\xe9\xfe\x3f\xe8\x3d\xfc\xc3\xa7\xe0\x61\x52\xea\x2c\xe9\x05\xa3\x9f\x27\x17\x81\x05\x70\x6b\x81\x61\x44\x8a\xf8\x3b\x10\x80\x42\xed\x03\x2f\x00\x50\x21\xfc\x41\x54\x84\xa3\x54\xd5\x2e\xb2\x7a\x16\x4b\x2a\x1f\x2b\x66\x04\x2b"),
["\xe6\xd2\x31\x63\x40\x77\x8c\xc1\x10\x41\x06\xd7\x71\xb9\xce\xc1\xd2\x40\xf6\x96\x84\x86\xfb\xba\x87\x32\x1d\xfd\x1e\x37\x8e\x50"] = CTInfo($description="DigiCert Nessie2025 Log", $operator="DigiCert", $url="https://nessie2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\xf0\xf0\xa7\x8b\x81\x2e\x09\x39\x3b\x9f\x42\xda\x38\x44\x5f\xb4\xcc\xed\x36\xbb\xd8\x43\x7f\x16\x49\x57\x87\x04\x7f\xa5\x01\x34\xf7\xe8\x68\x3f\xb7\x78\x1f\x60\x66\x2d\x67\x9a\x75\x80\xb7\x53\xa7\x85\xd5\xbc\xab\x47\x06\x55\xdb\xb5\xdf\x88\xa1\x6f\x38"),
["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="https://yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="https://sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="https://mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
["\x3b\x53\x77\x75\x3e\x2d\xb9\x80\x4e\x8b\x30\x5b\x06\xfe\x40\x3b\x67\xd8\x4f\xc3\xf4\xc7\xbd\x00\x0d\x2d\x72\x6f\xe1\xfa\xd4\x17"] = CTInfo($description="Let's Encrypt 'Oak2024H1' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h1/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x56\x43\xd7\x7e\x7b\xd4\x72\xb7\xba\xa9\x51\xbd\x36\x93\xb7\xe9\xb5\x92\x0f\xea\x5e\xb7\x45\xa3\x92\xfd\xc9\xa5\x3c\x80\xac\x1a\x20\xef\x25\x2f\xb8\xe1\x20\xf7\xa8\x3a\x2e\x07\x8d\xe6\xeb\xa4\xe2\x7d\x24\x63\x9f\x46\xbf\x94\x73\x52\x8d\x96\xae\xa9\x26\xfd"),
["\x3f\x17\x4b\x4f\xd7\x22\x47\x58\x94\x1d\x65\x1c\x84\xbe\x0d\x12\xed\x90\x37\x7f\x1f\x85\x6a\xeb\xc1\xbf\x28\x85\xec\xf8\x64\x6e"] = CTInfo($description="Let's Encrypt 'Oak2024H2' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h2/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\x73\xd6\x53\x47\xe9\xf3\xc9\xd5\x7c\x16\xc2\xd6\x8f\x70\x65\xfa\xf2\x51\x36\xa9\x13\x80\x2f\xed\xf9\x94\xd3\x5a\x8b\xe8\x4f\x33\xcf\xc3\xd3\x89\xd4\x5f\x5a\x66\x89\xba\x20\x1f\x71\xcb\xca\xbb\x9f\x9f\xf3\x5c\x2d\x1e\xa3\x81\x59\xaf\x92\xb3\x6d\x30\x68"),
["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="https://ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="https://ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
};

2
src/3rdparty

@ -1 +1 @@
Subproject commit 76eb27d2f5bea28e8e60ed0a4a29fc1ec2ec6b4e
Subproject commit 3ce86be0c0588fbe26178d1da9683ff75cb5e982

90
src/Dict.cc
View file

@ -246,6 +246,96 @@ TEST_CASE("dict robust iteration")
delete key3;
}
TEST_CASE("dict ordered iteration")
{
PDict<uint32_t> dict(DictOrder::ORDERED);
// These key values are specifically contrived to be inserted
// into the dictionary in a different order by default.
uint32_t val = 15;
uint32_t key_val = 5;
auto key = std::make_unique<detail::HashKey>(key_val);
uint32_t val2 = 10;
uint32_t key_val2 = 25;
auto key2 = std::make_unique<detail::HashKey>(key_val2);
uint32_t val3 = 30;
uint32_t key_val3 = 45;
auto key3 = std::make_unique<detail::HashKey>(key_val3);
uint32_t val4 = 20;
uint32_t key_val4 = 35;
auto key4 = std::make_unique<detail::HashKey>(key_val4);
// Only insert the first three to start with so we can test the order
// being the same after a later insertion.
dict.Insert(key.get(), &val);
dict.Insert(key2.get(), &val2);
dict.Insert(key3.get(), &val3);
int count = 0;
for ( const auto& entry : dict )
{
auto* v = static_cast<uint32_t*>(entry.value);
uint32_t k = *(uint32_t*)entry.GetKey();
// The keys should be returned in the same order we inserted
// them, which is 5, 25, 45.
if ( count == 0 )
CHECK(k == 5);
else if ( count == 1 )
CHECK(k == 25);
else if ( count == 2 )
CHECK(k == 45);
count++;
}
dict.Insert(key4.get(), &val4);
count = 0;
for ( const auto& entry : dict )
{
auto* v = static_cast<uint32_t*>(entry.value);
uint32_t k = *(uint32_t*)entry.GetKey();
// The keys should be returned in the same order we inserted
// them, which is 5, 25, 45, 35.
if ( count == 0 )
CHECK(k == 5);
else if ( count == 1 )
CHECK(k == 25);
else if ( count == 2 )
CHECK(k == 45);
else if ( count == 3 )
CHECK(k == 35);
count++;
}
dict.Remove(key2.get());
count = 0;
for ( const auto& entry : dict )
{
auto* v = static_cast<uint32_t*>(entry.value);
uint32_t k = *(uint32_t*)entry.GetKey();
// The keys should be returned in the same order we inserted
// them, which is 5, 45, 35.
if ( count == 0 )
CHECK(k == 5);
else if ( count == 1 )
CHECK(k == 45);
else if ( count == 2 )
CHECK(k == 35);
count++;
}
}
class DictTestDummy
{
public:

232
src/Dict.h
View file

@ -174,6 +174,8 @@ public:
bool operator!=(const DictEntry& r) const { return ! Equal(r.GetKey(), r.key_size, r.hash); }
};
using DictEntryVec = std::vector<detail::HashKey>;
} // namespace detail
template <typename T> class DictIterator
@ -209,6 +211,8 @@ public:
dict = that.dict;
curr = that.curr;
end = that.end;
ordered_iter = that.ordered_iter;
dict->IncrIters();
}
@ -226,6 +230,8 @@ public:
dict = that.dict;
curr = that.curr;
end = that.end;
ordered_iter = that.ordered_iter;
dict->IncrIters();
return *this;
@ -245,6 +251,7 @@ public:
dict = that.dict;
curr = that.curr;
end = that.end;
ordered_iter = that.ordered_iter;
that.dict = nullptr;
}
@ -263,25 +270,64 @@ public:
dict = that.dict;
curr = that.curr;
end = that.end;
ordered_iter = that.ordered_iter;
that.dict = nullptr;
return *this;
}
reference operator*() { return *curr; }
reference operator*() const { return *curr; }
pointer operator->() { return curr; }
pointer operator->() const { return curr; }
reference operator*()
{
if ( dict->IsOrdered() )
{
// TODO: how does this work if ordered_iter == end(). LookupEntry will return a nullptr,
// which the dereference will fail on. That's undefined behavior, correct? Is that any
// different than if the unordered version returns a dereference of it's end?
auto e = dict->LookupEntry(*ordered_iter);
return *e;
}
return *curr;
}
reference operator*() const
{
if ( dict->IsOrdered() )
{
auto e = dict->LookupEntry(*ordered_iter);
return *e;
}
return *curr;
}
pointer operator->()
{
if ( dict->IsOrdered() )
return dict->LookupEntry(*ordered_iter);
return curr;
}
pointer operator->() const
{
if ( dict->IsOrdered() )
return dict->LookupEntry(*ordered_iter);
return curr;
}
DictIterator& operator++()
{
// The non-robust case is easy. Just advanced the current position forward until you find
// one isn't empty and isn't the end.
if ( dict->IsOrdered() )
++ordered_iter;
else
{
// The non-robust case is easy. Just advance the current position forward until you
// find one isn't empty and isn't the end.
do
{
++curr;
} while ( curr != end && curr->Empty() );
}
return *this;
}
@ -293,7 +339,17 @@ public:
return temp;
}
bool operator==(const DictIterator& that) const { return curr == that.curr; }
bool operator==(const DictIterator& that) const
{
if ( dict != that.dict )
return false;
if ( dict->IsOrdered() )
return ordered_iter == that.ordered_iter;
return curr == that.curr;
}
bool operator!=(const DictIterator& that) const { return ! (*this == that); }
private:
@ -302,10 +358,21 @@ private:
DictIterator(const Dictionary<T>* d, detail::DictEntry<T>* begin, detail::DictEntry<T>* end)
: curr(begin), end(end)
{
// Cast away the constness so that the number of iterators can be modified in the
// dictionary. This does violate the constness guarantees of const-begin()/end() and
// cbegin()/cend(), but we're not modifying the actual data in the collection, just a
// counter in the wrapper of the collection.
dict = const_cast<Dictionary<T>*>(d);
// Make sure that we're starting on a non-empty element.
while ( curr != end && curr->Empty() )
++curr;
dict->IncrIters();
}
DictIterator(const Dictionary<T>* d, detail::DictEntryVec::iterator iter) : ordered_iter(iter)
{
// Cast away the constness so that the number of iterators can be modified in the
// dictionary. This does violate the constness guarantees of const-begin()/end() and
// cbegin()/cend(), but we're not modifying the actual data in the collection, just a
@ -317,6 +384,7 @@ private:
Dictionary<T>* dict = nullptr;
detail::DictEntry<T>* curr = nullptr;
detail::DictEntry<T>* end = nullptr;
detail::DictEntryVec::iterator ordered_iter;
};
template <typename T> class RobustDictIterator
@ -473,7 +541,7 @@ public:
}
if ( ordering == ORDERED )
order = new std::vector<detail::DictEntry<T>>;
order = std::make_unique<std::vector<detail::HashKey>>();
}
~Dictionary() { Clear(); }
@ -490,12 +558,10 @@ public:
T* Lookup(const void* key, int key_size, detail::hash_t h) const
{
// Look up possibly modifies the entry. Why? if the entry is found but not positioned
// according to the current dict (so it's before SizeUp), it will be moved to the right
// position so next lookup is fast.
Dictionary* d = const_cast<Dictionary*>(this);
int position = d->LookupIndex(key, key_size, h);
return position >= 0 ? table[position].value : nullptr;
if ( auto e = LookupEntry(key, key_size, h) )
return e->value;
return nullptr;
}
T* Lookup(const char* key) const
@ -541,13 +607,6 @@ public:
if ( ! copy_key )
delete[](char*) key;
if ( order )
{ // set new v to order too.
auto it = std::find(order->begin(), order->end(), table[position]);
ASSERT(it != order->end());
it->value = val;
}
if ( iterators && ! iterators->empty() )
// need to set new v for iterators too.
for ( auto c : *iterators )
@ -575,12 +634,15 @@ public:
"Dictionary::Insert() possibly caused iterator invalidation");
}
// Do this before the actual insertion since creating the DictEntry is going to delete
// the key data. We need a copy of it first.
if ( order )
order->emplace_back(detail::HashKey{key, static_cast<size_t>(key_size), hash});
// Allocate memory for key if necesary. Key is updated to reflect internal key if
// necessary.
detail::DictEntry<T> entry(key, key_size, hash, val, insert_distance, copy_key);
InsertRelocateAndAdjust(entry, insert_position);
if ( order )
order->push_back(entry);
num_entries++;
cum_entries++;
@ -651,7 +713,16 @@ public:
ASSERT(num_entries >= 0);
// e is about to be invalid. remove it from all references.
if ( order )
order->erase(std::remove(order->begin(), order->end(), entry), order->end());
{
for ( auto it = order->begin(); it != order->end(); ++it )
{
if ( it->Equal(key, key_size, hash) )
{
it = order->erase(it);
break;
}
}
}
T* v = entry.value;
entry.Clear();
@ -699,10 +770,13 @@ public:
{
if ( ! order || n < 0 || n >= Length() )
return nullptr;
detail::DictEntry<T> entry = (*order)[n];
key = entry.GetKey();
key_size = entry.key_size;
return entry.value;
auto& hk = order->at(n);
auto entry = Lookup(&hk);
key = hk.Key();
key_size = hk.Size();
return entry;
}
T* NthEntry(int n, const char*& key) const
@ -731,10 +805,8 @@ public:
}
if ( order )
{
delete order;
order = nullptr;
}
order.reset();
if ( iterators )
{
delete iterators;
@ -935,12 +1007,48 @@ public:
using reverse_iterator = std::reverse_iterator<iterator>;
using const_reverse_iterator = std::reverse_iterator<const_iterator>;
iterator begin() { return {this, table, table + Capacity()}; }
iterator end() { return {this, table + Capacity(), table + Capacity()}; }
const_iterator begin() const { return {this, table, table + Capacity()}; }
const_iterator end() const { return {this, table + Capacity(), table + Capacity()}; }
const_iterator cbegin() { return {this, table, table + Capacity()}; }
const_iterator cend() { return {this, table + Capacity(), table + Capacity()}; }
iterator begin()
{
if ( IsOrdered() )
return {this, order->begin()};
return {this, table, table + Capacity()};
}
iterator end()
{
if ( IsOrdered() )
return {this, order->end()};
return {this, table + Capacity(), table + Capacity()};
}
const_iterator begin() const
{
if ( IsOrdered() )
return {this, order->begin()};
return {this, table, table + Capacity()};
}
const_iterator end() const
{
if ( IsOrdered() )
return {this, order->end()};
return {this, table + Capacity(), table + Capacity()};
}
const_iterator cbegin()
{
if ( IsOrdered() )
return {this, order->begin()};
return {this, table, table + Capacity()};
}
const_iterator cend()
{
if ( IsOrdered() )
return {this, order->end()};
return {this, table + Capacity(), table + Capacity()};
}
RobustDictIterator<T> begin_robust() { return MakeRobustIterator(); }
RobustDictIterator<T> end_robust() { return RobustDictIterator<T>(); }
@ -1424,6 +1532,35 @@ private:
// previous log2_buckets.
}
/**
* Retrieves a pointer to a full DictEntry in the table based on a hash key.
*
* @param key the key to lookup.
* @return A pointer to the entry or a nullptr if no entry has a matching key.
*/
detail::DictEntry<T>* LookupEntry(const detail::HashKey& key)
{
return LookupEntry(key.Key(), key.Size(), key.Hash());
}
/**
* Retrieves a pointer to a full DictEntry in the table based on key data.
*
* @param key the key to lookup
* @param key_size the size of the key data
* @param h a hash of the key data.
* @return A pointer to the entry or a nullptr if no entry has a matching key.
*/
detail::DictEntry<T>* LookupEntry(const void* key, int key_size, detail::hash_t h) const
{
// Look up possibly modifies the entry. Why? if the entry is found but not positioned
// according to the current dict (so it's before SizeUp), it will be moved to the right
// position so next lookup is fast.
Dictionary* d = const_cast<Dictionary*>(this);
int position = d->LookupIndex(key, key_size, h);
return position >= 0 ? &(table[position]) : nullptr;
}
bool HaveOnlyRobustIterators() const
{
return (num_iterators == 0) || ((iterators ? iterators->size() : 0) == num_iterators);
@ -1431,6 +1568,10 @@ private:
RobustDictIterator<T> MakeRobustIterator()
{
if ( IsOrdered() )
reporter->InternalError(
"RobustIterators are not currently supported for ordered dictionaries");
if ( ! iterators )
iterators = new std::vector<RobustDictIterator<T>*>;
@ -1439,15 +1580,17 @@ private:
detail::DictEntry<T> GetNextRobustIteration(RobustDictIterator<T>* iter)
{
// If there are any inserted entries, return them first.
// That keeps the list small and helps avoiding searching
// a large list when deleting an entry.
// If there's no table in the dictionary, then the iterator needs to be
// cleaned up because it's not pointing at anything.
if ( ! table )
{
iter->Complete();
return detail::DictEntry<T>(nullptr); // end of iteration
}
// If there are any inserted entries, return them first.
// That keeps the list small and helps avoiding searching
// a large list when deleting an entry.
if ( iter->inserted && ! iter->inserted->empty() )
{
// Return the last one. Order doesn't matter,
@ -1457,6 +1600,7 @@ private:
return e;
}
// First iteration.
if ( iter->next < 0 )
iter->next = Next(-1);
@ -1536,8 +1680,10 @@ private:
detail::DictEntry<T>* table = nullptr;
std::vector<RobustDictIterator<T>*>* iterators = nullptr;
// Order means the order of insertion. means no deletion until exit. will be inefficient.
std::vector<detail::DictEntry<T>>* order = nullptr;
// Ordered dictionaries keep the order based on some criteria, by default the order of
// insertion. We only store a copy of the keys here for memory savings and for safety
// around reallocs and such.
std::unique_ptr<detail::DictEntryVec> order;
};
template <typename T> using PDict = Dictionary<T>;

135
src/Hash.cc
View file

@ -8,6 +8,7 @@
#include <highwayhash/instruction_sets.h>
#include <highwayhash/sip_hash.h>
#include "zeek/3rdparty/doctest.h"
#include "zeek/DebugLogger.h"
#include "zeek/Desc.h"
#include "zeek/Reporter.h"
@ -184,6 +185,29 @@ HashKey::HashKey(const void* arg_key, size_t arg_size, hash_t arg_hash, bool /*
key = (char*)arg_key;
}
HashKey::HashKey(const HashKey& other) : HashKey(other.key, other.size, other.hash) { }
HashKey::HashKey(HashKey&& other) noexcept
{
hash = other.hash;
size = other.size;
write_size = other.write_size;
read_size = other.read_size;
is_our_dynamic = other.is_our_dynamic;
key = other.key;
other.size = 0;
other.is_our_dynamic = false;
other.key = nullptr;
}
HashKey::~HashKey()
{
if ( is_our_dynamic )
delete[] reinterpret_cast<char*>(key);
}
hash_t HashKey::Hash() const
{
if ( hash == 0 )
@ -543,4 +567,115 @@ void HashKey::EnsureReadSpace(size_t n) const
n, size - read_size);
}
bool HashKey::operator==(const HashKey& other) const
{
// Quick exit for the same object.
if ( this == &other )
return true;
return Equal(other.key, other.size, other.hash);
}
bool HashKey::operator!=(const HashKey& other) const
{
// Quick exit for different objects.
if ( this != &other )
return true;
return ! Equal(other.key, other.size, other.hash);
}
bool HashKey::Equal(const void* other_key, size_t other_size, hash_t other_hash) const
{
// If the key memory is the same just return true.
if ( key == other_key && size == other_size )
return true;
// If either key is nullptr, return false. If they were both nullptr, it
// would have fallen in to the above block already.
if ( key == nullptr || other_key == nullptr )
return false;
return (hash == other_hash) && (size == other_size) && (memcmp(key, other_key, size) == 0);
}
HashKey& HashKey::operator=(const HashKey& other)
{
if ( this == &other )
return *this;
if ( is_our_dynamic && IsAllocated() )
delete[] key;
hash = other.hash;
size = other.size;
is_our_dynamic = true;
write_size = other.write_size;
read_size = other.read_size;
key = CopyKey(other.key, other.size);
return *this;
}
HashKey& HashKey::operator=(HashKey&& other) noexcept
{
if ( this == &other )
return *this;
hash = other.hash;
size = other.size;
write_size = other.write_size;
read_size = other.read_size;
if ( is_our_dynamic && IsAllocated() )
delete[] key;
is_our_dynamic = other.is_our_dynamic;
key = other.key;
other.size = 0;
other.is_our_dynamic = false;
other.key = nullptr;
return *this;
}
TEST_SUITE_BEGIN("Hash");
TEST_CASE("equality")
{
HashKey h1(12345);
HashKey h2(12345);
HashKey h3(67890);
CHECK(h1 == h2);
CHECK(h1 != h3);
}
TEST_CASE("copy assignment")
{
HashKey h1(12345);
HashKey h2 = h1;
HashKey h3{h1};
CHECK(h1 == h2);
CHECK(h1 == h3);
}
TEST_CASE("move assignment")
{
HashKey h1(12345);
HashKey h2(12345);
HashKey h3(12345);
HashKey h4 = std::move(h2);
HashKey h5{h3};
CHECK(h1 == h4);
CHECK(h1 == h5);
}
TEST_SUITE_END();
} // namespace zeek::detail

24
src/Hash.h
View file

@ -255,11 +255,14 @@ public:
// function from the one above; its value is not used.
HashKey(const void* key, size_t size, hash_t hash, bool dont_copy);
~HashKey()
{
if ( is_our_dynamic )
delete[](char*) key;
}
// Copy constructor. Always copies the key.
HashKey(const HashKey& other);
// Move constructor. Takes ownership of the key.
HashKey(HashKey&& other) noexcept;
// Destructor
~HashKey();
// Hands over the key to the caller. This means that if the
// key is our dynamic, we give it to the caller and mark it
@ -343,6 +346,17 @@ public:
void Describe(ODesc* d) const;
bool operator==(const HashKey& other) const;
bool operator!=(const HashKey& other) const;
bool Equal(const void* other_key, size_t other_size, hash_t other_hash) const;
// Copy operator. Always copies the key.
HashKey& operator=(const HashKey& other);
// Move operator. Takes ownership of the key.
HashKey& operator=(HashKey&& other) noexcept;
protected:
char* CopyKey(const char* key, size_t size) const;

5
src/ID.cc
View file

@ -680,11 +680,6 @@ std::vector<Func*> ID::GetOptionHandlers() const
return v;
}
void IDOptInfo::AddInitExpr(ExprPtr init_expr)
{
init_exprs.emplace_back(std::move(init_expr));
}
} // namespace detail
} // namespace zeek

14
src/Scope.cc
View file

@ -190,6 +190,20 @@ ScopePtr pop_scope()
return old_top;
}
void merge_top_scope()
{
if ( scopes.size() < 2 )
reporter->InternalError("scope merge underflow");
auto t = pop_scope();
for ( const auto& v : t->OrderedVars() )
{
v->SetOffset(top_scope->Length());
top_scope->Insert(v->Name(), v);
}
}
ScopePtr current_scope()
{
return top_scope;

5
src/Scope.h
View file

@ -92,6 +92,11 @@ extern void push_existing_scope(ScopePtr scope);
// Returns the one popped off.
extern ScopePtr pop_scope();
// Merges the elements of the current scope with the one surrounding it,
// popping it in the process.
extern void merge_top_scope();
extern ScopePtr current_scope();
extern ScopePtr global_scope();

2
src/Stmt.cc
View file

@ -1893,7 +1893,7 @@ void WhenInfo::Build(StmtPtr ws)
{
if ( IsDeprecatedSemantics(ws) )
{
pop_scope();
merge_top_scope();
return;
}

9
src/Type.cc
View file

@ -278,6 +278,15 @@ detail::TraversalCode Type::Traverse(detail::TraversalCallback* cb) const
HANDLE_TC_TYPE_POST(tc);
}
void TypeList::CheckPure()
{
if ( pure_type )
return;
if ( ! types.empty() && AllMatch(types[0], false) )
pure_type = types[0];
}
bool TypeList::AllMatch(const Type* t, bool is_init) const
{
for ( const auto& type : types )

4
src/Type.h
View file

@ -339,6 +339,10 @@ public:
// is not pure or is empty.
const TypePtr& GetPureType() const { return pure_type; }
// Retrospectively instantiates an underlying pure type, if in
// fact each element has the same type.
void CheckPure();
// True if all of the types match t, false otherwise. If
// is_init is true, then the matching is done in the context
// of an initialization.

48
src/Var.cc
View file

@ -17,6 +17,7 @@
#include "zeek/Traverse.h"
#include "zeek/Val.h"
#include "zeek/module_util.h"
#include "zeek/script_opt/IDOptInfo.h"
#include "zeek/script_opt/StmtOptInfo.h"
#include "zeek/script_opt/UsageAnalyzer.h"
@ -117,12 +118,12 @@ static bool add_prototype(const IDPtr& id, Type* t, std::vector<AttrPtr>* attrs,
return true;
}
static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
static ExprPtr initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
{
if ( ! id->HasVal() )
{
if ( c == INIT_REMOVE )
return;
return nullptr;
bool no_init = ! init;
@ -134,7 +135,7 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
auto& t = id->GetType();
if ( ! IsAggr(t) )
return;
return nullptr;
ValPtr init_val;
@ -147,7 +148,7 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
catch ( InterpreterException& )
{
id->Error("initialization failed");
return;
return nullptr;
}
}
@ -157,11 +158,11 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
else if ( t->Tag() == TYPE_VECTOR )
init_val = make_intrusive<VectorVal>(cast_intrusive<VectorType>(t));
id->SetVal(init_val);
return;
init = make_intrusive<ConstExpr>(init_val);
c = INIT_FULL;
}
if ( c == INIT_EXTRA )
else if ( c == INIT_EXTRA )
c = INIT_FULL;
}
@ -177,19 +178,12 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
assignment = make_intrusive<RemoveFromExpr>(lhs, init);
else
// This can happen due to error propagation.
return;
return nullptr;
if ( assignment->IsError() )
return;
return nullptr;
try
{
(void)assignment->Eval(nullptr);
}
catch ( InterpreterException& )
{
id->Error("initialization failed");
}
return assignment;
}
static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
@ -347,11 +341,29 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
if ( init && ((c == INIT_EXTRA && id->GetAttr(ATTR_ADD_FUNC)) ||
(c == INIT_REMOVE && id->GetAttr(ATTR_DEL_FUNC))) )
{
// Just apply the function.
id->SetVal(init, c);
id->GetOptInfo()->AddInitExpr(init, c);
}
else if ( dt != VAR_REDEF || init || ! attr )
initialize_var(id, c, init);
{
auto init_expr = initialize_var(id, c, init);
if ( init_expr )
{
id->GetOptInfo()->AddInitExpr(init_expr);
try
{
(void)init_expr->Eval(nullptr);
}
catch ( InterpreterException& )
{
id->Error("initialization failed");
}
}
}
}
if ( dt == VAR_CONST )

8
src/packet_analysis/Analyzer.cc
View file

@ -107,6 +107,14 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet,
return false;
}
if ( ! inner_analyzer->IsEnabled() )
{
DBG_LOG(DBG_PACKET_ANALYSIS,
"Analysis in %s found disabled next layer analyzer %s for identifier %#x",
GetAnalyzerName(), inner_analyzer->GetAnalyzerName(), identifier);
return false;
}
DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
GetAnalyzerName(), identifier);
return inner_analyzer->AnalyzePacket(len, data, packet);

17
src/packet_analysis/Analyzer.h
View file

@ -71,6 +71,13 @@ public:
*/
bool IsAnalyzer(const char* name);
/**
* Return whether this analyzer is enabled or not.
*
* @return true if the analyzer is enabled, else false.
*/
bool IsEnabled() const { return enabled; }
/**
* Analyzes the given packet. A common case is that the analyzed protocol
* encapsulates another protocol, which can be determined by an identifier
@ -187,6 +194,7 @@ public:
void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const;
protected:
friend class Component;
friend class Manager;
/**
@ -207,6 +215,14 @@ protected:
*/
AnalyzerPtr LoadAnalyzer(const std::string& name);
/**
* Enable or disable this analyzer. This is meant for internal use by
* manager and component.
*
* @param value The new enabled value.
*/
void SetEnabled(bool value) { enabled = value; }
/**
* Returns the module name corresponding to the analyzer, i.e. its script-land
* namespace. Configuration values for the analyzer are expected in this module.
@ -258,6 +274,7 @@ private:
zeek::Tag tag;
Dispatcher dispatcher;
AnalyzerPtr default_analyzer = nullptr;
bool enabled = true;
/**
* Flag for whether to report unknown protocols in ForwardPacket.

13
src/packet_analysis/Component.cc
View file

@ -3,6 +3,7 @@
#include "zeek/packet_analysis/Component.h"
#include "zeek/Desc.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Manager.h"
using namespace zeek::packet_analysis;
@ -21,11 +22,23 @@ void Component::Initialize()
packet_mgr->RegisterComponent(this, "ANALYZER_");
}
void Component::SetEnabled(bool arg_enabled)
{
enabled = arg_enabled;
// If we already have instantiated an analyzer, update its state.
if ( auto analyzer = packet_mgr->GetAnalyzer(Tag().AsVal().get()) )
analyzer->SetEnabled(enabled);
}
void Component::DoDescribe(ODesc* d) const
{
if ( factory )
{
d->Add("ANALYZER_");
d->Add(CanonicalName());
d->Add(", ");
}
d->Add(enabled ? "enabled" : "disabled");
}

15
src/packet_analysis/Component.h
View file

@ -36,6 +36,20 @@ public:
*/
factory_callback Factory() const { return factory; }
/**
* Returns true if the analyzer is currently enabled and hence
* available for use.
*/
bool Enabled() const { return enabled; }
/**
* Enables or disables this analyzer.
*
* @param arg_enabled True to enabled, false to disable.
*
*/
void SetEnabled(bool arg_enabled);
protected:
/**
* Overriden from plugin::Component.
@ -44,6 +58,7 @@ protected:
private:
factory_callback factory; // The analyzer's factory callback.
bool enabled = true; // True if the analyzer is enabled.
};
}

4
src/packet_analysis/Dispatcher.cc
View file

@ -52,10 +52,6 @@ void Dispatcher::Register(uint32_t identifier, AnalyzerPtr analyzer)
}
int64_t index = identifier - lowest_identifier;
if ( table[index] != nullptr )
reporter->InternalWarning("Overwriting packet analyzer mapping %#8" PRIx64 " => %s with %s",
index + lowest_identifier, table[index]->GetAnalyzerName(),
analyzer->GetAnalyzerName());
table[index] = std::move(analyzer);
}

19
src/packet_analysis/Manager.cc
View file

@ -30,8 +30,11 @@ void Manager::InitPostScript(const std::string& unprocessed_output_file)
for ( const auto& analyzerComponent : GetComponents() )
{
if ( AnalyzerPtr newAnalyzer = InstantiateAnalyzer(analyzerComponent->Tag()) )
{
newAnalyzer->SetEnabled(analyzerComponent->Enabled());
analyzers.emplace(analyzerComponent->Name(), newAnalyzer);
}
}
// Initialize all analyzers
for ( auto& [name, analyzer] : analyzers )
@ -88,6 +91,22 @@ AnalyzerPtr Manager::GetAnalyzer(const std::string& name)
return analyzer_it->second;
}
bool Manager::EnableAnalyzer(EnumVal* tag)
{
Component* c = Lookup(tag);
c->SetEnabled(true);
return true;
}
bool Manager::DisableAnalyzer(EnumVal* tag)
{
Component* c = Lookup(tag);
c->SetEnabled(false);
return true;
}
void Manager::ProcessPacket(Packet* packet)
{
#ifdef DEBUG

40
src/packet_analysis/Manager.h
View file

@ -82,6 +82,46 @@ public:
*/
AnalyzerPtr GetAnalyzer(const std::string& name);
/**
* Enables an analyzer type. Only enabled analyzers will participate
* in packet processing.
*
* @param tag The analyzer's tag.
*
* @return True if successful.
*/
bool EnableAnalyzer(zeek::EnumVal* tag);
/**
* Enables an analyzer type. Only enabled analyzers will participate
* in packet processing.
*
* @param tag The analyzer's tag.
*
* @return True if successful.
*/
bool EnableAnalyzer(const zeek::Tag& tag) { return EnableAnalyzer(tag.AsVal().get()); }
/**
* Disables an analyzer type. Disabled analyzers will not participate
* in packet processing.
*
* @param tag The packet analyzer's tag.
*
* @return True if successful.
*/
bool DisableAnalyzer(zeek::EnumVal* tag);
/**
* Disables an analyzer type. Disabled analyzers will not participate
* in packet processing.
*
* @param tag The packet analyzer's tag.
*
* @return True if successful.
*/
bool DisableAnalyzer(const zeek::Tag& tag) { return DisableAnalyzer(tag.AsVal().get()); };
/**
* Processes a packet by applying the configured packet analyzers.
*

14
src/packet_analysis/packet_analysis.bif
View file

@ -77,3 +77,17 @@ function register_protocol_detection%(parent: PacketAnalyzer::Tag, child: Packet
parent_analyzer->RegisterProtocolDetection(child_analyzer);
return zeek::val_mgr->True();
%}
## Internal function to disable a packet analyzer.
function PacketAnalyzer::__disable_analyzer%(id: PacketAnalyzer::Tag%) : bool
%{
bool result = zeek::packet_mgr->DisableAnalyzer(id->AsEnumVal());
return zeek::val_mgr->Bool(result);
%}
## Internal function to enable a packet analyzer.
function PacketAnalyzer::__enable_analyzer%(id: PacketAnalyzer::Tag%) : bool
%{
bool result = zeek::packet_mgr->EnableAnalyzer(id->AsEnumVal());
return zeek::val_mgr->Bool(result);
%}

5
src/parse.y
View file

@ -102,7 +102,6 @@
#include "zeek/zeekygen/Manager.h"
#include "zeek/module_util.h"
#include "zeek/IntrusivePtr.h"
#include "zeek/script_opt/IDOptInfo.h"
extern const char* filename; // Absolute path of file currently being parsed.
extern const char* last_filename; // Absolute path of last file parsed.
@ -321,8 +320,6 @@ static void build_global(ID* id, Type* t, InitClass ic, Expr* e,
add_global(id_ptr, std::move(t_ptr), ic, e_ptr, std::move(attrs_ptr), dt);
id->GetOptInfo()->AddInitExpr(e_ptr);
if ( dt == VAR_REDEF )
zeekygen_mgr->Redef(id, ::filename, ic, std::move(e_ptr));
else
@ -342,8 +339,6 @@ static StmtPtr build_local(ID* id, Type* t, InitClass ic, Expr* e,
auto init = add_local(std::move(id_ptr), std::move(t_ptr), ic,
e_ptr, std::move(attrs_ptr), dt);
id->GetOptInfo()->AddInitExpr(std::move(e_ptr));
if ( do_coverage )
script_coverage_mgr.AddStmt(init.get());

4
src/script_opt/CPP/Attrs.cc
View file

@ -18,7 +18,7 @@ shared_ptr<CPP_InitInfo> CPPCompile::RegisterAttributes(const AttributesPtr& att
if ( pa != processed_attrs.end() )
return pa->second;
attributes.AddKey(attrs);
attributes.AddKey(attrs, pfs.HashAttrs(attrs));
// The cast is just so we can make an IntrusivePtr.
auto a_rep = const_cast<Attributes*>(attributes.GetRep(attrs));
@ -49,7 +49,7 @@ shared_ptr<CPP_InitInfo> CPPCompile::RegisterAttr(const AttrPtr& attr)
const auto& e = a->GetExpr();
if ( e && ! IsSimpleInitExpr(e) )
init_exprs.AddKey(e);
init_exprs.AddKey(e, p_hash(e));
auto gi = make_shared<AttrInfo>(this, attr);
attr_info->AddInstance(gi);

4
src/script_opt/CPP/Compile.h
View file

@ -1015,6 +1015,10 @@ private:
// Generate code to initialize indirect references to constants.
void InitializeConsts();
// Generate code to initialize globals (using dynamic statements
// rather than constants).
void InitializeGlobals();
// Generate the initialization hook for this set of compiled code.
void GenInitHook();

9
src/script_opt/CPP/Driver.cc
View file

@ -5,6 +5,7 @@
#include <cerrno>
#include "zeek/script_opt/CPP/Compile.h"
#include "zeek/script_opt/IDOptInfo.h"
extern std::unordered_set<std::string> files_with_conditionals;
@ -310,6 +311,9 @@ void CPPCompile::RegisterCompiledBody(const string& f)
void CPPCompile::GenEpilog()
{
NL();
InitializeGlobals();
NL();
for ( const auto& ii : init_infos )
GenInitExpr(ii.second);
@ -449,7 +453,7 @@ void CPPCompile::GenFinishInit()
NL();
int max_cohort = 0;
for ( auto gi : all_global_info )
for ( const auto& gi : all_global_info )
max_cohort = std::max(max_cohort, gi->MaxCohort());
for ( auto c = 0; c <= max_cohort; ++c )
@ -468,6 +472,9 @@ void CPPCompile::GenFinishInit()
NL();
Emit("load_BiFs__CPP();");
NL();
Emit("init_globals__CPP();");
EndBlock();
}

44
src/script_opt/CPP/Inits.cc
View file

@ -188,6 +188,50 @@ void CPPCompile::InitializeConsts()
EndBlock(true);
}
void CPPCompile::InitializeGlobals()
{
Emit("static void init_globals__CPP()");
StartBlock();
Emit("Frame* f__CPP = nullptr;");
NL();
for ( const auto& ginit : IDOptInfo::GetGlobalInitExprs() )
{
auto g = ginit.Id();
if ( pfs.Globals().count(g) == 0 )
continue;
auto ic = ginit.IC();
auto& init = ginit.Init();
if ( ic == INIT_NONE )
{
IDPtr gid = {NewRef{}, const_cast<ID*>(g)};
auto gn = make_intrusive<RefExpr>(make_intrusive<NameExpr>(gid));
auto ae = make_intrusive<AssignExpr>(gn, init, true);
Emit(GenExpr(ae.get(), GEN_NATIVE, true) + ";");
}
else
{
// This branch occurs for += or -= initializations that
// use associated functions.
string ics;
if ( ic == INIT_EXTRA )
ics = "INIT_EXTRA";
else if ( ic == INIT_REMOVE )
ics = "INIT_REMOVE";
else
reporter->FatalError("bad initialization class in CPPCompile::InitializeGlobals()");
Emit("%s->SetValue(%s, %s);", globals[g->Name()], GenExpr(init, GEN_NATIVE, true), ics);
}
}
EndBlock();
}
void CPPCompile::GenInitHook()
{
NL();

14
src/script_opt/CPP/InitsInfo.cc
View file

@ -339,16 +339,7 @@ GlobalInitInfo::GlobalInitInfo(CPPCompile* c, const ID* g, string _CPP_name)
attrs = -1;
exported = g->IsExport();
auto v = g->GetVal();
if ( v && gt->Tag() == TYPE_OPAQUE )
{
reporter->Error("cannot compile to C++ global \"%s\" initialized to opaque value",
g->Name());
v = nullptr;
}
val = ValElem(c, v);
val = ValElem(c, nullptr); // empty because we initialize dynamically
}
void GlobalInitInfo::InitializerVals(std::vector<std::string>& ivs) const
@ -439,6 +430,9 @@ ListTypeInfo::ListTypeInfo(CPPCompile* _c, TypePtr _t)
if ( gi )
init_cohort = max(init_cohort, gi->InitCohort());
}
if ( ! types.empty() )
++init_cohort;
}
void ListTypeInfo::AddInitializerVals(std::vector<std::string>& ivs) const

3
src/script_opt/CPP/README.md
View file

@ -173,9 +173,6 @@ as currently done, to instead be in a pseudo-event handler.
code requires initializing a global variable that specifies extend fields in
an extensible record (i.e., fields added using `redef`).
* The compiler will not compile bodies that include "when" statements
This is fairly involved to fix.
* If a lambda generates an event that is not otherwise referred to, that
event will not be registered upon instantiating the lambda. This is not
particularly difficult to fix.

5
src/script_opt/CPP/RuntimeInits.cc
View file

@ -377,6 +377,8 @@ TypePtr CPP_TypeInits::BuildTypeList(InitsManager* im, ValElemVec& init_vals, in
while ( iv_it != iv_end )
tl->Append(im->Types(*(iv_it++)));
tl->CheckPure();
return tl;
}
@ -485,12 +487,11 @@ void CPP_GlobalInit::Generate(InitsManager* im, std::vector<void*>& /* inits_vec
global = lookup_global__CPP(name, im->Types(type), exported);
if ( ! global->HasVal() && val >= 0 )
{
global->SetVal(im->ConstVals(val));
if ( attrs >= 0 )
global->SetAttrs(im->Attributes(attrs));
}
}
void generate_indices_set(int* inits, std::vector<std::vector<int>>& indices_set)
{

41
src/script_opt/CPP/RuntimeInits.h
View file

@ -66,12 +66,41 @@ public:
// Accessors for the sundry initialization vectors, each retrieving
// a specific element identified by an index/offset.
const std::vector<int>& Indices(int offset) const { return indices[offset]; }
const char* Strings(int offset) const { return strings[offset]; }
const p_hash_type Hashes(int offset) const { return hashes[offset]; }
const TypePtr& Types(int offset) const { return types[offset]; }
const AttributesPtr& Attributes(int offset) const { return attributes[offset]; }
const AttrPtr& Attrs(int offset) const { return attrs[offset]; }
const CallExprPtr& CallExprs(int offset) const { return call_exprs[offset]; }
const char* Strings(int offset) const
{
ASSERT(offset >= 0 && offset < static_cast<int>(strings.size()));
ASSERT(strings[offset]);
return strings[offset];
}
const p_hash_type Hashes(int offset) const
{
ASSERT(offset >= 0 && offset < static_cast<int>(hashes.size()));
return hashes[offset];
}
const TypePtr& Types(int offset) const
{
ASSERT(offset >= 0 && offset < static_cast<int>(types.size()));
ASSERT(types[offset]);
return types[offset];
}
const AttributesPtr& Attributes(int offset) const
{
ASSERT(offset >= 0 && offset < static_cast<int>(attributes.size()));
ASSERT(attributes[offset]);
return attributes[offset];
}
const AttrPtr& Attrs(int offset) const
{
ASSERT(offset >= 0 && offset < static_cast<int>(attrs.size()));
ASSERT(attrs[offset]);
return attrs[offset];
}
const CallExprPtr& CallExprs(int offset) const
{
ASSERT(offset >= 0 && offset < static_cast<int>(call_exprs.size()));
ASSERT(call_exprs[offset]);
return call_exprs[offset];
}
private:
std::vector<CPP_ValElem>& const_vals;

9
src/script_opt/CPP/maint/README
View file

@ -15,7 +15,7 @@ The maintenance workflow:
to check in updates to the list of how the compiler currently fares
on various btests (see end of this doc):
Fri Sep 16 16:13:49 PDT 2022
Thu Sep 29 14:49:49 PDT 2022
2. Run "find-test-files.sh" to generate a list (to stdout) of all of the
possible Zeek source files found in the test suite.
@ -74,18 +74,11 @@ These BTests won't successfully run due to the indicated issue:
Database Of Known Issues (keep sorted)
../testing/btest/bifs/table_values.zeek bad-constructor
../testing/btest/core/global_opaque_val.zeek opaque
../testing/btest/language/alternate-event-hook-prototypes.zeek deprecated
../testing/btest/language/global-init-calls-bif.zeek opaque
../testing/btest/language/redef-same-prefixtable-idx.zeek deprecated
../testing/btest/language/table-redef.zeek deprecated
../testing/btest/language/when-aggregates.zeek bad-when
../testing/btest/scripts/base/protocols/krb/smb2_krb.test skipped
../testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test skipped
../testing/btest/scripts/base/utils/active-http.test test-glitch
../testing/btest/scripts/policy/frameworks/telemetry/log-prefixes.zeek opaque
../testing/btest/scripts/policy/frameworks/telemetry/log.zeek opaque
../testing/btest/scripts/policy/misc/dump-events.zeek skipped
../testing/btest/telemetry/counter.zeek opaque
../testing/btest/telemetry/gauge.zeek opaque
../testing/btest/telemetry/histogram.zeek opaque

13
src/script_opt/IDOptInfo.cc
View file

@ -51,6 +51,8 @@ void IDDefRegion::Dump() const
printf("\n");
}
std::vector<IDInitInfo> IDOptInfo::global_init_exprs;
void IDOptInfo::Clear()
{
static bool did_init = false;
@ -69,6 +71,17 @@ void IDOptInfo::Clear()
tracing = trace_ID && util::streq(trace_ID, my_id->Name());
}
void IDOptInfo::AddInitExpr(ExprPtr init_expr, InitClass ic)
{
if ( ! init_expr )
return;
if ( my_id->IsGlobal() )
global_init_exprs.emplace_back(IDInitInfo(my_id, init_expr, ic));
init_exprs.emplace_back(std::move(init_expr));
}
void IDOptInfo::DefinedAfter(const Stmt* s, const ExprPtr& e,
const std::vector<const Stmt*>& conf_blocks, zeek_uint_t conf_start)
{

41
src/script_opt/IDOptInfo.h
View file

@ -105,6 +105,24 @@ protected:
ExprPtr def_expr;
};
// Class tracking information associated with a (global) identifier's
// (re-)initialization.
class IDInitInfo
{
public:
IDInitInfo(const ID* _id, ExprPtr _init, InitClass _ic) : id(_id), init(_init), ic(_ic) { }
const ID* Id() const { return id; }
const ExprPtr& Init() const { return init; }
InitClass IC() const { return ic; }
private:
const ID* id;
ExprPtr init;
InitClass ic;
};
// Class tracking optimization information associated with identifiers.
class IDOptInfo
@ -118,11 +136,19 @@ public:
void Clear();
// Used to track expressions employed when explicitly initializing
// the identifier. These are needed by compile-to-C++ script
// optimization. They're not used by ZAM optimization.
void AddInitExpr(ExprPtr init_expr);
// the (global) identifier. These are needed by compile-to-C++ script
// optimization, and for tracking variable usage. An initialization
// class other than INIT_NONE indicates that initialization should
// be done with the ExprPtr form of ID::SetVal.
void AddInitExpr(ExprPtr init_expr, InitClass ic = INIT_NONE);
// Returns the initialization expressions for this identifier.
const std::vector<ExprPtr>& GetInitExprs() const { return init_exprs; }
// Returns a list of the initialization expressions seen for all
// globals, ordered by when they were processed.
static auto& GetGlobalInitExprs() { return global_init_exprs; }
// Associated constant expression, if any. This is only set
// for identifiers that are aliases for a constant (i.e., there
// are no other assignments to them).
@ -224,6 +250,9 @@ private:
// one of the earlier instances rather than the last one.
std::vector<ExprPtr> init_exprs;
// Tracks initializations of globals in the order they're seen.
static std::vector<IDInitInfo> global_init_exprs;
// If non-nil, a constant that this identifier always holds
// once initially defined.
const ConstExpr* const_expr = nullptr;
@ -256,8 +285,12 @@ private:
// Whether the identifier is a temporary variable.
bool is_temp = false;
// Only needed for debugging purposes.
// Associated identifier, to enable tracking of initialization
// expressions for globals (for C++ compilation), and for debugging
// output.
const ID* my_id;
// Only needed for debugging purposes.
bool tracing = false;
// Track whether we've already generated usage errors.

3
src/script_opt/ProfileFunc.cc
View file

@ -917,7 +917,10 @@ p_hash_type ProfileFuncs::HashAttrs(const AttributesPtr& Attrs)
// can vary in structure due to compilation of elements. We
// do though enforce consistency for their types.
if ( e )
{
h = merge_p_hashes(h, HashType(e->GetType()));
h = merge_p_hashes(h, p_hash(e.get()));
}
}
return h;

2
src/script_opt/ScriptOpt.cc
View file

@ -412,7 +412,7 @@ static void use_CPP()
}
}
if ( num_used == 0 )
if ( num_used == 0 && standalone_activations.empty() )
reporter->FatalError("no C++ functions found to use");
// Now that we've loaded all of the compiled scripts

22
src/script_opt/ZAM/BuiltIn.cc
View file

@ -313,23 +313,23 @@ ZInstAux* ZAMCompiler::BuildCatAux(const ExprPList& args)
switch ( t->Tag() )
{
TYPE_BOOL:
TYPE_INT:
TYPE_COUNT:
TYPE_DOUBLE:
TYPE_TIME:
TYPE_ENUM:
TYPE_PORT:
TYPE_ADDR:
TYPE_SUBNET:
case TYPE_BOOL:
case TYPE_INT:
case TYPE_COUNT:
case TYPE_DOUBLE:
case TYPE_TIME:
case TYPE_ENUM:
case TYPE_PORT:
case TYPE_ADDR:
case TYPE_SUBNET:
ca = std::make_unique<FixedCatArg>(t);
break;
TYPE_STRING:
case TYPE_STRING:
ca = std::make_unique<StringCatArg>();
break;
TYPE_PATTERN:
case TYPE_PATTERN:
ca = std::make_unique<PatternCatArg>();
break;

40
src/script_opt/ZAM/BuiltInSupport.cc
View file

@ -12,41 +12,41 @@ FixedCatArg::FixedCatArg(const TypePtr& _t) : t(_t)
{
switch ( t->Tag() )
{
TYPE_BOOL:
case TYPE_BOOL:
max_size = 1;
break;
TYPE_INT:
case TYPE_INT:
max_size = 20; // sufficient for 64 bits
break;
TYPE_COUNT:
case TYPE_COUNT:
max_size = 20; // sufficient for 64 bits
break;
TYPE_DOUBLE:
TYPE_TIME:
case TYPE_DOUBLE:
case TYPE_TIME:
max_size = 32; // from modp_dtoa2 documentatino
break;
TYPE_ENUM:
case TYPE_ENUM:
{
size_t n = 0;
for ( auto e : t->AsEnumType()->Names() )
for ( const auto& e : t->AsEnumType()->Names() )
n += e.first.size();
max_size = n;
break;
}
TYPE_PORT:
case TYPE_PORT:
max_size = 5 + 1 + 7; // <number> + / + "unknown
break;
TYPE_ADDR:
case TYPE_ADDR:
max_size = 39; // for IPv6
break;
TYPE_SUBNET:
case TYPE_SUBNET:
max_size = 39 + 1 + 3; // for IPv6 + / + <3-digits>
break;
@ -64,27 +64,27 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res)
switch ( t->Tag() )
{
TYPE_BOOL:
case TYPE_BOOL:
*(res++) = z.AsInt() ? 'T' : 'F';
break;
TYPE_INT:
case TYPE_INT:
n = modp_litoa10(z.AsInt(), res);
res += n;
break;
TYPE_COUNT:
case TYPE_COUNT:
n = modp_ulitoa10(z.AsCount(), res);
res += n;
break;
TYPE_DOUBLE:
TYPE_TIME:
case TYPE_DOUBLE:
case TYPE_TIME:
n = modp_dtoa2(z.AsDouble(), res, 6);
res += n;
break;
TYPE_PATTERN:
case TYPE_PATTERN:
text = z.AsPattern()->AsPattern()->PatternText();
*(res++) = '/';
strcpy(res, text);
@ -92,13 +92,13 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res)
*(res++) = '/';
break;
TYPE_ENUM:
case TYPE_ENUM:
text = t->AsEnumType()->Lookup(z.AsInt());
strcpy(res, text);
res += strlen(text);
break;
TYPE_PORT:
case TYPE_PORT:
{
uint32_t full_p = static_cast<uint32_t>(z.AsCount());
zeek_uint_t p = full_p & ~PORT_SPACE_MASK;
@ -132,13 +132,13 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res)
break;
}
TYPE_ADDR:
case TYPE_ADDR:
str = z.AsAddr()->Get().AsString();
strcpy(res, str.c_str());
res += strlen(str.c_str());
break;
TYPE_SUBNET:
case TYPE_SUBNET:
str = z.AsSubNet()->Get().AsString();
strcpy(res, str.c_str());
res += strlen(str.c_str());

2
src/script_opt/ZAM/BuiltInSupport.h
View file

@ -88,7 +88,7 @@ public:
protected:
size_t ComputeMaxSize(ZVal* zframe, int slot) override;
const char* text;
const char* text = nullptr;
size_t n = 0;
};

5
testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout Normal file
View file

@ -0,0 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3, SSH-2.0-mod_sftp/0.9.7
analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code [SSH-2.0-mod_sftp/0.9.7], [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3

5
testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout Normal file
View file

@ -0,0 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3

2
testing/btest/Baseline.zam/core.file-analyzer-violation/.stdout Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
AllAnalyzers::FILES_ANALYZER_PE, Binpac exception: binpac exception: &enforce violation : DOS_Header:AddressOfNewExeHeader, FKPuH630Tmj6UQUMP7, {\x0aPE\x0a}

10
testing/btest/Baseline.zam/core.file-analyzer-violation/files.log Normal file
View file

@ -0,0 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path files
#open XXXX-XX-XX-XX-XX-XX
#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid
#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string
XXXXXXXXXX.XXXXXX FKPuH630Tmj6UQUMP7 - - - - - ./myfile.exe 0 PE application/x-dosexec - 0.000000 - - 64 - 0 0 F -

6
testing/btest/Baseline.zam/language.vector-deprecated/.stderr
View file

@ -1,7 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/vector-deprecated.zeek, line 18: mixing vector and scalar operands is deprecated (vector) (string)
warning in <...>/vector-deprecated.zeek, line 21: mixing vector and scalar operands is deprecated (string) (vector)
warning in <...>/vector-deprecated.zeek, line 24: mixing vector and scalar operands is deprecated (string) (vector)
warning in <...>/vector-deprecated.zeek, line 19: mixing vector and scalar operands is deprecated (vector) (string)
warning in <...>/vector-deprecated.zeek, line 22: mixing vector and scalar operands is deprecated (string) (vector)
warning in <...>/vector-deprecated.zeek, line 25: mixing vector and scalar operands is deprecated (string) (vector)
error: deprecated mixed vector/scalar operation not supported for ZAM compiling
error: deprecated mixed vector/scalar operation not supported for ZAM compiling
error: deprecated mixed vector/scalar operation not supported for ZAM compiling

21
testing/btest/Baseline.zam/plugins.file/output Normal file
View file

@ -0,0 +1,21 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
[File Analyzer] Foo (ANALYZER_FOO, enabled)
[Event] foo_piece
===
analyzer_confirmation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri
foo_piece, FCceqBvpMfirSN0Ri, The National Center
foo_piece, FCceqBvpMfirSN0Ri, net, consult your lo
foo_piece, FCceqBvpMfirSN0Ri, most everything else
foo_piece, FCceqBvpMfirSN0Ri, low:\x0a\x0a /Mac
foo_piece, FCceqBvpMfirSN0Ri, es and directories o
analyzer_violation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri, test violation 5, es and directori
foo_piece, FCceqBvpMfirSN0Ri, r example, here is a
foo_piece, FCceqBvpMfirSN0Ri, application, StuffIt
foo_piece, FCceqBvpMfirSN0Ri, tion BinHex by doubl
foo_piece, FCceqBvpMfirSN0Ri, laced, or are going
foo_piece, FCceqBvpMfirSN0Ri, sers several documen
analyzer_violation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri, test violation 10, sers several doc
foo_piece, FCceqBvpMfirSN0Ri, er or can be printed
foo_piece, FCceqBvpMfirSN0Ri, \x0a\x0aBug reports shoul

2
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -27,6 +27,7 @@ scripts/base/init-bare.zeek
scripts/base/frameworks/analyzer/main.zeek
scripts/base/frameworks/packet-filter/utils.zeek
build/scripts/base/bif/analyzer.bif.zeek
build/scripts/base/bif/file_analysis.bif.zeek
scripts/base/packet-protocols/root/__load__.zeek
scripts/base/packet-protocols/root/main.zeek
scripts/base/packet-protocols/ip/__load__.zeek
@ -115,7 +116,6 @@ scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/analyzer/dpd.zeek
scripts/base/frameworks/files/__load__.zeek
scripts/base/frameworks/files/main.zeek
build/scripts/base/bif/file_analysis.bif.zeek
scripts/base/utils/site.zeek
scripts/base/utils/patterns.zeek
scripts/base/frameworks/files/magic/__load__.zeek

2
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -27,6 +27,7 @@ scripts/base/init-bare.zeek
scripts/base/frameworks/analyzer/main.zeek
scripts/base/frameworks/packet-filter/utils.zeek
build/scripts/base/bif/analyzer.bif.zeek
build/scripts/base/bif/file_analysis.bif.zeek
scripts/base/packet-protocols/root/__load__.zeek
scripts/base/packet-protocols/root/main.zeek
scripts/base/packet-protocols/ip/__load__.zeek
@ -115,7 +116,6 @@ scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/analyzer/dpd.zeek
scripts/base/frameworks/files/__load__.zeek
scripts/base/frameworks/files/main.zeek
build/scripts/base/bif/file_analysis.bif.zeek
scripts/base/utils/site.zeek
scripts/base/utils/patterns.zeek
scripts/base/frameworks/files/magic/__load__.zeek

18
testing/btest/Baseline/plugins.hooks/output
View file

@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <no result>
@ -59,7 +59,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <no result>
@ -716,6 +716,8 @@
0.000000 MetaHookPost CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
0.000000 MetaHookPost CallFunction(global_options, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(gsub, ..., ...) -> <no result>
0.000000 MetaHookPost CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
0.000000 MetaHookPost CallFunction(lstrip, ..., ...) -> <no result>
0.000000 MetaHookPost CallFunction(network_time, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
@ -1512,7 +1514,7 @@
0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false
0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false
0.000000 MetaHookPost QueueEvent(zeek_init()) -> false
0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp))
@ -1572,7 +1574,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5222/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5269/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp))
@ -2229,6 +2231,8 @@
0.000000 MetaHookPre CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
0.000000 MetaHookPre CallFunction(global_options, <frame>, ())
0.000000 MetaHookPre CallFunction(gsub, ..., ...)
0.000000 MetaHookPre CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
0.000000 MetaHookPre CallFunction(lstrip, ..., ...)
0.000000 MetaHookPre CallFunction(network_time, <frame>, ())
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2123/udp))
@ -3025,7 +3029,7 @@
0.000000 MetaHookPre QueueEvent(NetControl::init())
0.000000 MetaHookPre QueueEvent(filter_change_tracking())
0.000000 MetaHookPre QueueEvent(zeek_init())
0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_TCPSTATS)
0.000000 | HookCallFunction Analyzer::__disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 67/udp)
@ -3085,7 +3089,7 @@
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp)
0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_TCPSTATS)
0.000000 | HookCallFunction Analyzer::disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 67/udp)
@ -3741,6 +3745,8 @@
0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
0.000000 | HookCallFunction global_options()
0.000000 | HookCallFunction gsub(...)
0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
0.000000 | HookCallFunction lstrip(...)
0.000000 | HookCallFunction network_time()
0.000000 | HookCallFunction port_to_count(2123/udp)

4
testing/btest/Baseline/plugins.packet-protocol/output_build
View file

@ -1,7 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
PacketDemo::Bar - Demo packet analyzers (RawLayer, LLC). (dynamic, version 1.0.0)
[Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO)
[Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER)
[Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO, enabled)
[Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER, enabled)
[Event] raw_layer_message
[Event] llc_demo_message

11
testing/btest/Baseline/scripts.base.frameworks.analyzer.disabled-packet-analyzers/output Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
packet, 1
packet, 2
packet, 3
packet, 4
packet, 5
packet, 6
packet, 7
packet, 8
packet, 9
packet, 10

17
testing/btest/Baseline/scripts.base.frameworks.analyzer.toggle-packet-analyzers/output Normal file
View file

@ -0,0 +1,17 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
packet, 1
packet, 2
vxlan_packet, C4J4Th3PJpwUYZZ6gc, inner, [hl=20, tos=0, len=84, id=12111, ttl=64, p=1, src=10.0.0.1, dst=10.0.0.2]
packet, 3
vxlan_packet, CtPZjS20MLrsMUOJi2, inner, [hl=20, tos=0, len=84, id=36913, ttl=64, p=1, src=10.0.0.2, dst=10.0.0.1]
packet, 4
Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN), T
packet, 5
packet, 6
packet, 7
packet, 8
Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN), T
vxlan_packet, C4J4Th3PJpwUYZZ6gc, inner, [hl=20, tos=0, len=84, id=12684, ttl=64, p=1, src=10.0.0.1, dst=10.0.0.2]
packet, 9
vxlan_packet, CtPZjS20MLrsMUOJi2, inner, [hl=20, tos=0, len=84, id=37295, ttl=64, p=1, src=10.0.0.2, dst=10.0.0.1]
packet, 10

11
testing/btest/Baseline/scripts.base.protocols.http.http-no-crlf/weird.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
#types time string addr port addr port string string bool string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.6.206 49783 5.2.136.90 80 line_terminated_without_CRLF - F zeek CONTENTLINE
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/http.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35474 127.0.0.1 8080 1 POST interleave.me / - 1.1 - - 10 3 200 OK - - (empty) - - - FtWn3S3nVYQ9iA3uu8 - text/plain F2bxt6qiQGYTYxTgg - -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/weird.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
#types time string addr port addr port string string bool string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35474 127.0.0.1 8080 missing_HTTP_entity - F zeek HTTP
#close XXXX-XX-XX-XX-XX-XX

BIN
testing/btest/Traces/http/interleaved-http-entity.pcap Normal file
View file

Binary file not shown.

6
testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test
View file

File diff suppressed because one or more lines are too long

4
testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test
View file

@ -3,6 +3,10 @@
@load base/protocols/ssl
redef SSL::ct_logs += {
["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
};
event zeek_init()
{
Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");

20
testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek Normal file
View file

@ -0,0 +1,20 @@
# @TEST-DOC: Add the PE analyzer to Analyzer::disabled_analyzers and ensure no pe.log is created.
# First, cross-check that pe.log is indeed generated.
# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT
# @TEST-EXEC: test -f pe.log
# @TEST-EXEC: rm *log
# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }'
# @TEST-EXEC: test ! -f pe.log
# @TEST-EXEC: test -f conn.log
# @TEST-EXEC: rm *log
# Finally, explicitly enable the analyzer via Analyzer::enable_analyzer() during zeek_init() and expect pe.log to be generated.
# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }' -e 'event zeek_init() { Analyzer::enable_analyzer(Files::ANALYZER_PE); }'
# @TEST-EXEC: test -f pe.log
# @TEST-EXEC: test -f conn.log
@load base/protocols/conn
@load base/protocols/ftp
@load base/files/pe

21
testing/btest/scripts/base/frameworks/analyzer/disabled-packet-analyzers.zeek Normal file
View file

@ -0,0 +1,21 @@
# @TEST-DOC: Add a packet analyzer to Analyzer::disabled_analyzers and ensure it does not generate events (vxlan in this case).
# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT > output
# @TEST-EXEC: btest-diff output
#
# Removing this line triggers vxlan events from all but the first two packets.
redef Analyzer::disabled_analyzers += { PacketAnalyzer::ANALYZER_VXLAN };
global all_packets = 0;
event raw_packet(hdr: raw_pkt_hdr)
{
++all_packets;
print "packet", all_packets;
}
# Should never run.
event vxlan_packet(outer: connection, inner: pkt_hdr, vni: count)
{
print "vxlan_packet", outer$uid, "inner", inner$ip;
}

30
testing/btest/scripts/base/frameworks/analyzer/toggle-packet-analyzers.zeek Normal file
View file

@ -0,0 +1,30 @@
# @TEST-DOC: Use Analyzer::disable_analyzer() and Analyzer::enable_analyzer() to disable the VXLAN packet analyzers at runtime based on total raw packet count.
# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT > output
# @TEST-EXEC: btest-diff output
#
global all_packets = 0;
event raw_packet(hdr: raw_pkt_hdr)
{
++all_packets;
print "packet", all_packets;
if ( all_packets == 4 )
{
local er = Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN);
print "Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN)", er;
}
# Packets 5 to 8 don't produce vxlan_packet events.
if ( all_packets == 8 )
{
local dr = Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN);
print "Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN)", dr;
}
}
event vxlan_packet(outer: connection, inner: pkt_hdr, vni: count)
{
print "vxlan_packet", outer$uid, "inner", inner$ip;
}

2
testing/btest/scripts/base/protocols/http/http-no-crlf.zeek
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/http/no_crlf.pcap %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: test ! -f weird.log
# @TEST-EXEC: btest-diff weird.log
@load base/protocols/conn
@load base/protocols/http

7
testing/btest/scripts/base/protocols/http/missing-http-entity.zeek Normal file
View file

@ -0,0 +1,7 @@
# @TEST-DOC: The server starts sending a response while the client is still uploading the POST payload. This causes http_header to be raised while no entity is set.
# @TEST-EXEC: zeek -b -r $TRACES/http/interleaved-http-entity.pcap %INPUT
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff weird.log
@load base/protocols/http
@load base/frameworks/notice/weird

5
testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test
View file

@ -11,6 +11,11 @@
# @TEST-EXEC: btest-diff .stdout
# @TEST-EXEC: test ! -f dpd.log
redef SSL::ct_logs += {
["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = SSL::CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"),
};
export {
type LogInfo: record {
version: count;

7
testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek
View file

@ -9,6 +9,8 @@
redef SSL::ct_logs += {
["\x03\x01\x9d\xf3\xfd\x85\xa6\x9a\x8e\xbd\x1f\xac\xc6\xda\x9b\xa7\x3e\x46\x97\x74\xfe\x77\xf5\x79\xfc\x5a\x08\xb8\x32\x8c\x1d\x6b"] = SSL::CTInfo($description="Venafi Gen2 CT log", $operator="Venafi", $url="ctlog-gen2.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8e\x27\x27\x7a\xb6\x55\x09\x74\xeb\x6c\x4b\x94\x84\x65\xbc\xe4\x15\xf1\xea\x5a\xd8\x7c\x0e\x37\xce\xba\x3f\x6c\x09\xda\xe7\x29\x96\xd3\x45\x50\x6f\xde\x1e\xb4\x1c\xd2\x83\x88\xff\x29\x2f\xce\xa9\xff\xdf\x34\xde\x75\x0f\xc0\xcc\x18\x0d\x94\x2e\xfc\x37\x01"),
["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
["\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d"] = SSL::CTInfo($description="Venafi log", $operator="Venafi", $url="ctlog.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1\x02\x03\x01\x00\x01"),
};
module SSL;
@ -19,7 +21,12 @@ event ssl_established(c: connection)
for ( i in c$ssl$ct_proofs )
{
local proof = c$ssl$ct_proofs[i];
if ( proof$logid !in SSL::ct_logs )
print "Logid unknown: ", proof$logid;
else
{
local log = SSL::ct_logs[proof$logid];
print log$description, proof$valid;
}
}
}