Merge remote-tracking branch 'origin/topic/awelzel/telemetry-net-lag'

* origin/topic/awelzel/telemetry-net-lag:
  stats: Add zeek-net-packet-lag-seconds metric

CHANGES

@@ -1,3 +1,9 @@
+6.0.0-dev.636 | 2023-05-24 09:41:01 +0200
+
+  * stats: Add zeek-net-packet-lag-seconds metric (Arne Welzel, Corelight)
+
+  * GH-3060: Support negative index lookups for vectors (Tim Wojtulewicz, Corelight)
+
 6.0.0-dev.628 | 2023-05-23 19:32:05 +0200
 
   * ci: Disable openh264 repository on tumbleweed (Arne Welzel, Corelight)

NEWS

@@ -161,6 +161,18 @@ New Functionality
 - Add logging metrics for streams (``zeek-log-stream-writes``) and writers
   (``zeek-log-writer-writes-total``).
 
+- Add networking metrics via the telemetry framework. These are enabled
+  when the ``misc/stats`` script is loaded.
+
+	zeek-net-dropped-packets
+	zeek-net-link-packets
+	zeek-net-received-bytes
+	zeek-net-packet-lag-seconds
+	zeek-net-received-packets-total
+
+  Except for lag, metrics originate from the ``get_net_stats()`` bif and are
+  updated through the ``Telemetry::sync()`` hook every 15 seconds by default.
+
 - The DNS analyzer now parses RFC 2535's AD ("authentic data") and CD ("checking
   disabled") flags from DNS requests and responses,  making them available in
   the ``dns_msg`` record provided by many of the ``dns_*`` events. The existing

VERSION

@@ -1 +1 @@
-6.0.0-dev.632
+6.0.0-dev.636

scripts/policy/misc/stats.zeek

@@ -123,21 +123,32 @@ global packets_filtered_cf = Telemetry::register_counter_family([
     $help_text="Total number of packets filtered",
 ]);
 
+global packet_lag_gf = Telemetry::register_gauge_family([
+    $prefix="zeek",
+    $name="net-packet-lag",
+    $unit="seconds",
+    $help_text="Difference of network time and wallclock time in seconds.",
+]);
+
+global no_labels: vector of string;
+
 hook Telemetry::sync() {
 	local net_stats = get_net_stats();
-	Telemetry::counter_family_set(bytes_received_cf, vector(), net_stats$bytes_recvd);
+	Telemetry::counter_family_set(bytes_received_cf, no_labels, net_stats$bytes_recvd);
-	Telemetry::counter_family_set(packets_received_cf, vector(), net_stats$pkts_recvd);
+	Telemetry::counter_family_set(packets_received_cf, no_labels, net_stats$pkts_recvd);
 
 	if ( reading_live_traffic() )
 		{
-		Telemetry::counter_family_set(packets_dropped_cf, vector(), net_stats$pkts_dropped);
+		Telemetry::counter_family_set(packets_dropped_cf, no_labels, net_stats$pkts_dropped);
-		Telemetry::counter_family_set(link_packets_cf, vector(), net_stats$pkts_link);
+		Telemetry::counter_family_set(link_packets_cf, no_labels, net_stats$pkts_link);
 
 		if ( net_stats?$pkts_filtered )
-			Telemetry::counter_family_set(packets_filtered_cf, vector(), net_stats$pkts_filtered);
+			Telemetry::counter_family_set(packets_filtered_cf, no_labels, net_stats$pkts_filtered);
-		}
-}
 
+		Telemetry::gauge_family_set(packet_lag_gf, no_labels,
+		                            interval_to_double(current_time() - network_time()));
+		}
+}
 
 event zeek_init() &priority=5
 	{