Resolve conflicts for cherry-pick to 7.0

scripts/base/init-bare.zeek

@@ -388,264 +388,6 @@ type endpoint_stats: record {
 	endian_type: count;
 };
 
-<<<<<<< HEAD
-=======
-## Record containing information about a tag.
-##
-## .. zeek:see:: get_tags_by_category
-type tag_component: record {
-	name: string;
-	canonical_name: string;
-	tag: string;
-	enabled: bool;
-};
-
-type tag_component_vec : vector of tag_component;
-
-## Arguments given to Zeek from the command line. In order to use this, Zeek
-## must use a ``--`` command line argument immediately followed by a script
-## file and additional arguments after that. For example::
-##
-##   zeek --bare-mode -- myscript.zeek -a -b -c
-##
-## To use Zeek as an executable interpreter, include a line at the top of a script
-## like the following and make the script executable::
-##
-##   #!/usr/local/zeek/bin/zeek --
-const zeek_script_args: vector of string = vector();
-
-## BPF filter the user has set via the -f command line options. Empty if none.
-const cmd_line_bpf_filter = "" &redef;
-
-## Base time of log rotations in 24-hour time format (``%H:%M``), e.g. "12:00".
-const log_rotate_base_time = "0:00" &redef;
-
-## Whether to attempt to automatically detect SYN/FIN/RST-filtered trace
-## and not report missing segments for such connections.
-## If this is enabled, then missing data at the end of connections may not
-## be reported via :zeek:see:`content_gap`.
-const detect_filtered_trace = F &redef;
-
-## Whether we want :zeek:see:`content_gap` for partial
-## connections. A connection is partial if it is missing a full handshake. Note
-## that gap reports for partial connections might not be reliable.
-##
-## .. zeek:see:: content_gap partial_connection
-const report_gaps_for_partial = F &redef;
-
-## Flag to prevent Zeek from exiting automatically when input is exhausted.
-## Normally Zeek terminates when all packet sources have gone dry
-## and communication isn't enabled. If this flag is set, Zeek's main loop will
-## instead keep idling until :zeek:see:`terminate` is explicitly called.
-##
-## This is mainly for testing purposes when termination behaviour needs to be
-## controlled for reproducing results.
-const exit_only_after_terminate = F &redef;
-
-## Default mode for Zeek's user-space dynamic packet filter. If true, packets
-## that aren't explicitly allowed through, are dropped from any further
-## processing.
-##
-## .. note:: This is not the BPF packet filter but an additional dynamic filter
-##    that Zeek optionally applies just before normal processing starts.
-##
-## .. zeek:see:: install_dst_addr_filter install_dst_net_filter
-##    install_src_addr_filter install_src_net_filter  uninstall_dst_addr_filter
-##    uninstall_dst_net_filter uninstall_src_addr_filter uninstall_src_net_filter
-const packet_filter_default = F &redef;
-
-## Maximum size of regular expression groups for signature matching.
-const sig_max_group_size = 50 &redef;
-
-## Description transmitted to remote communication peers for identification.
-const peer_description = "zeek" &redef;
-
-## Reassemble the beginning of all TCP connections before doing
-## signature matching. Enabling this provides more accurate matching at the
-## expense of CPU cycles.
-##
-## .. zeek:see:: dpd_buffer_size
-##    dpd_match_only_beginning dpd_ignore_ports
-##
-## .. note:: Despite the name, this option affects *all* signature matching, not
-##    only signatures used for dynamic protocol detection.
-const dpd_reassemble_first_packets = T &redef;
-
-## Size of per-connection buffer used for dynamic protocol detection. For each
-## connection, Zeek buffers this initial amount of payload in memory so that
-## complete protocol analysis can start even after the initial packets have
-## already passed through (i.e., when a DPD signature matches only later).
-## However, once the buffer is full, data is deleted and lost to analyzers that
-## are activated afterwards. Then only analyzers that can deal with partial
-## connections will be able to analyze the session.
-##
-## .. zeek:see:: dpd_reassemble_first_packets dpd_match_only_beginning
-##    dpd_ignore_ports dpd_max_packets
-const dpd_buffer_size = 1024 &redef;
-
-## Maximum number of per-connection packets that will be buffered for dynamic
-## protocol detection. For each connection, Zeek buffers up to this amount
-## of packets in memory so that complete protocol analysis can start even after
-## the initial packets have already passed through (i.e., when a DPD signature
-## matches only later). However, once the buffer is full, data is deleted and lost
-## to analyzers that are activated afterwards. Then only analyzers that can deal
-## with partial connections will be able to analyze the session.
-##
-## .. zeek:see:: dpd_reassemble_first_packets dpd_match_only_beginning
-##    dpd_ignore_ports dpd_buffer_size
-const dpd_max_packets = 100 &redef;
-
-## If true, stops signature matching if :zeek:see:`dpd_buffer_size` has been
-## reached.
-##
-## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size
-##    dpd_ignore_ports
-##
-## .. note:: Despite the name, this option affects *all* signature matching, not
-##    only signatures used for dynamic protocol detection.
-const dpd_match_only_beginning = T &redef;
-
-## If true, stops signature matching after a late match. A late match may occur
-## in case the DPD buffer is exhausted but a protocol signature matched. To
-## allow late matching, :zeek:see:`dpd_match_only_beginning` must be disabled.
-##
-## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size
-##    dpd_match_only_beginning
-##
-## .. note:: Despite the name, this option stops *all* signature matching, not
-##    only signatures used for dynamic protocol detection but is triggered by
-##    DPD signatures only.
-const dpd_late_match_stop = F &redef;
-
-## If true, don't consider any ports for deciding which protocol analyzer to
-## use.
-##
-## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size
-##    dpd_match_only_beginning
-const dpd_ignore_ports = F &redef;
-
-## Ports which the core considers being likely used by servers. For ports in
-## this set, it may heuristically decide to flip the direction of the
-## connection if it misses the initial handshake.
-const likely_server_ports: set[port] &redef;
-
-## Holds the filename of the trace file given with ``-w`` (empty if none).
-##
-## .. zeek:see:: record_all_packets
-const trace_output_file = "";
-
-## If a trace file is given with ``-w``, dump *all* packets seen by Zeek into it.
-## By default, Zeek applies (very few) heuristics to reduce the volume. A side
-## effect of setting this to true is that we can write the packets out before we
-## actually process them, which can be helpful for debugging in case the
-## analysis triggers a crash.
-##
-## .. zeek:see:: trace_output_file
-const record_all_packets = F &redef;
-
-## Ignore certain TCP retransmissions for :zeek:see:`conn_stats`.  Some
-## connections (e.g., SSH) retransmit the acknowledged last byte to keep the
-## connection alive. If *ignore_keep_alive_rexmit* is set to true, such
-## retransmissions will be excluded in the rexmit counter in
-## :zeek:see:`conn_stats`.
-##
-## .. zeek:see:: conn_stats
-const ignore_keep_alive_rexmit = F &redef;
-
-
-
-## Seed for hashes computed internally for probabilistic data structures. Using
-## the same value here will make the hashes compatible between independent Zeek
-## instances. If left unset, Zeek will use a temporary local seed.
-const global_hash_seed: string = "" &redef;
-
-## Number of bits in UIDs that are generated to identify connections and
-## files.  The larger the value, the more confidence in UID uniqueness.
-## The maximum is currently 128 bits.
-const bits_per_uid: count = 96 &redef;
-
-## This salt value is used for several message digests in Zeek. We
-## use a salt to help mitigate the possibility of an attacker
-## manipulating source data to, e.g., mount complexity attacks or
-## cause ID collisions.
-## This salt is, for example, used by :zeek:see:`get_file_handle`
-## to generate installation-unique file IDs (the *id* field of :zeek:see:`fa_file`).
-const digest_salt = "Please change this value." &redef;
-
-## Maximum string length allowed for calls to the :zeek:see:`find_all` and
-## :zeek:see:`find_all_ordered` BIFs.
-const max_find_all_string_length: int = 10000 &redef;
-
-## How many rounds to go without checking IO sources with file descriptors
-## for readiness by default. This is used when reading from traces.
-##
-## Very roughly, when reading from a pcap, setting this to 100 results in
-## 100 packets being processed without checking FD based IO sources.
-##
-## .. note:: This should not be changed outside of development or when
-##    debugging problems with the main-loop, or developing features with
-##    tight main-loop interaction.
-##
-## .. zeek:see:: io_poll_interval_live
-const io_poll_interval_default = 100 &redef;
-
-## How often to check IO sources with file descriptors for readiness when
-## monitoring with a live packet source.
-##
-## The poll interval gets defaulted to 100 which is good for cases like reading
-## from pcap files and when there isn't a packet source, but is a little too
-## infrequent for live sources (especially fast live sources). Set it down a
-## little bit for those sources.
-##
-## .. note:: This should not be changed outside of development or when
-##    debugging problems with the main-loop, or developing features with
-##    tight main-loop interaction.
-##
-## .. zeek:see:: io_poll_interval_default
-const io_poll_interval_live = 10 &redef;
-
-## Whether Zeek is being run under test. This can be used to alter functionality
-## while testing, but should be used sparingly.
-const running_under_test: bool = F &redef;
-
-## The amount of time before a connection created by the netbios analyzer times
-## out and is removed.
-const netbios_ssn_session_timeout: interval = 15 sec &redef;
-
-module EventMetadata;
-
-export {
-	## Enum type for metadata identifiers.
-	type ID: enum {
-		NETWORK_TIMESTAMP = 1,
-	};
-
-	## A event metadata entry.
-	type Entry: record {
-		id: EventMetadata::ID; ##< The registered :zeek:see:`EventMetadata::ID` value.
-		val: any;              ##< The value. Its type matches what was passed to :zeek:see:`EventMetadata::register`.
-	};
-
-	## Add network timestamp metadata to all events.
-	##
-	## Adding network timestamp metadata affects local and
-	## remote events. Events scheduled have a network timestamp
-	## of when the scheduled timer was supposed to expire, which
-	## might be a value before the network_time() when the event
-	## was actually dispatched.
-	const add_network_timestamp: bool = F &redef;
-
-	## By default, remote events without network timestamp metadata
-	## will yield a negative zeek:see:`current_event_time` during
-	## processing. To have the receiving Zeek node set the event's
-	## network timestamp metadata with its current local network time,
-	## set this option to true.
-	##
-	## This setting is only in effect if :zeek:see:`EventMetadata::add_network_timestamp`
-	## is also set to true.
-	const add_missing_remote_network_timestamp: bool = F &redef;
-}
-
 module ConnKey;
 
 export {
@@ -659,24 +401,6 @@ export {
 	const factory = ConnKey::CONNKEY_FIVETUPLE &redef;
 }
 
-module FTP;
-
-export {
-	## Limits the size of commands accepted by the FTP analyzer. Longer commands
-	## raise a FTP_max_command_length_exceeded weird and are discarded.
-	const max_command_length = 100 &redef;
-}
-
-module SMTP;
-
-export {
-	## The maximum line length within a BDAT chunk before a forceful linebreak
-	## is introduced and a weird is raised. Conventionally, MIME messages
-	## have a maximum line length of 1000 octets when properly encoded.
-	const bdat_max_line_length = 4096 &redef;
-}
-
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 module TCP;
 export {
 	## A TCP Option field parsed from a TCP header.

scripts/zeekygen/__load__.zeek

@@ -1,17 +1,8 @@
 @load test-all-policy.zeek
 
 # Scripts which are commented out in test-all-policy.zeek.
-<<<<<<< HEAD
-=======
-@load frameworks/analyzer/deprecated-dpd-log.zeek
 @load frameworks/conn_key/vlan_fivetuple.zeek
 
-# Remove in v8.1: replaced by frameworks/analyzer/detect-protocols.zeek
-@pragma push ignore-deprecations
-@load frameworks/dpd/detect-protocols.zeek
-@pragma pop ignore-deprecations
-
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 @load protocols/ssl/decryption.zeek
 @load frameworks/cluster/nodes-experimental/manager.zeek
 @load frameworks/control/controllee.zeek

src/CMakeLists.txt

@@ -173,11 +173,7 @@ gen_zam_target(${GEN_ZAM_SRC_DIR})
 option(USE_SQLITE "Should Zeek use SQLite?" ON)
 
 add_subdirectory(analyzer)
-<<<<<<< HEAD
-=======
 add_subdirectory(conn_key)
-add_subdirectory(cluster)
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 add_subdirectory(packet_analysis)
 add_subdirectory(broker)
 add_subdirectory(telemetry)

src/Conn.cc

@@ -48,15 +48,15 @@ Connection::Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const
 
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+/*
+ * awelzel: This is deprecated and a mess make work, so commented out.
+ *
 Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt)
     : Session(t, connection_timeout, connection_status_update, detail::connection_status_update_interval) {
     orig_addr = id->src_addr;
     resp_addr = id->dst_addr;
     orig_port = id->src_port;
     resp_port = id->dst_port;
-<<<<<<< HEAD
-    proto = TRANSPORT_UNKNOWN;
-=======
 
     switch ( id->proto ) {
         case IPPROTO_TCP: proto = TRANSPORT_TCP; break;
@@ -72,6 +72,7 @@ Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id,
 
     Init(flow, pkt);
 }
+*/
 #pragma GCC diagnostic pop
 
 Connection::~Connection() {
@@ -89,7 +90,6 @@ Connection::~Connection() {
 }
 
 void Connection::Init(uint32_t flow, const Packet* pkt) {
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
     orig_flow_label = flow;
     resp_flow_label = 0;
     saw_first_orig_packet = 1;

src/Conn.h

@@ -30,15 +30,9 @@ class RecordVal;
 using ValPtr = IntrusivePtr<Val>;
 using RecordValPtr = IntrusivePtr<RecordVal>;
 
-<<<<<<< HEAD
-namespace session {
-class Manager;
-}
-=======
 class IPBasedConnKey;
 using IPBasedConnKeyPtr = std::unique_ptr<IPBasedConnKey>;
 
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 namespace detail {
 
 class Specific_RE_Matcher;
@@ -66,23 +60,14 @@ enum ConnEventToFlag {
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 struct ConnTuple {
-<<<<<<< HEAD
-    IPAddr src_addr;
-    IPAddr dst_addr;
-    uint32_t src_port = 0;
-    uint32_t dst_port = 0;
-    bool is_one_way = false; // if true, don't canonicalize order
-    TransportProto proto = TRANSPORT_UNKNOWN;
-=======
 #pragma GCC diagnostic pop
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr src_addr;
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] IPAddr dst_addr;
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t src_port = 0;
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint32_t dst_port = 0;
-    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] uint16_t proto = UNKNOWN_IP_PROTO;
+    [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] TransportProto transport = TRANSPORT_UNKNOWN;
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] bool is_one_way =
         false; // if true, don't canonicalize order
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 };
 
 static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, const IPAddr& addr2, uint32_t p2) {
@@ -93,8 +78,10 @@ class Connection final : public session::Session {
 public:
     Connection(zeek::IPBasedConnKeyPtr k, double t, uint32_t flow, const Packet* pkt);
 
-    [[deprecated("Remove in v8.1. Switch to ConnKey factories and the new zeek::ConnKey tree.")]]
+    /* awelzel: Commented because it's a hard to make this work and it's deprecated anyhow.
-    Connection(const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt);
+    [[deprecated("Remove in v8.1. Switch to ConnKey factories and the new zeek::ConnKey tree.")]] Connection(
+        const detail::ConnKey& k, double t, const ConnTuple* id, uint32_t flow, const Packet* pkt);
+    */
 
     ~Connection() override;
 

src/ConnKey.h

@@ -67,7 +67,7 @@ protected:
      *
      * @param pkt The packet that's currently being processed.
      */
-    virtual void DoInit(const Packet& pkt) {};
+    virtual void DoInit(const Packet& pkt){};
 
     /**
      * Hook method for ConnKey::PopulateConnIdVal.

src/IP.h

@@ -32,6 +32,9 @@ namespace detail {
 class FragReassembler;
 }
 
+// From Zeek 8.0 for proto support.
+constexpr uint16_t UNKNOWN_IP_PROTO = 65535;
+
 #ifndef IPPROTO_MOBILITY
 #define IPPROTO_MOBILITY 135
 #endif

src/IPAddr.cc

@@ -28,7 +28,7 @@ ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 ConnKey::ConnKey(const ConnTuple& id) {
-    Init(id.src_addr, id.dst_addr, id.src_port, id.dst_port, id.proto, id.is_one_way);
+    Init(id.src_addr, id.dst_addr, id.src_port, id.dst_port, id.transport, id.is_one_way);
 }
 
 ConnKey& ConnKey::operator=(const ConnKey& rhs) {

src/IPAddr.h

@@ -8,6 +8,7 @@
 #include <memory>
 #include <string>
 
+#include "zeek/net_util.h"
 #include "zeek/threading/SerialTypes.h"
 
 using in4_addr = in_addr;
@@ -29,22 +30,15 @@ public:
     in6_addr ip2;
     uint16_t port1 = 0;
     uint16_t port2 = 0;
-    TransportProto transport = TRANSPORT_UNKNOWN;
+    TransportProto transport = TRANSPORT_UNKNOWN; // awelzel: In 8.0 this is proto. It's not used, so shrug.
     bool valid = true;
 
-<<<<<<< HEAD
-    ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, TransportProto t, bool one_way);
-    ConnKey(const ConnTuple& conn);
-    ConnKey(const ConnKey& rhs) { *this = rhs; }
-    ConnKey(Val* v);
-=======
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const IPAddr& src, const IPAddr& dst,
                                                                                uint16_t src_port, uint16_t dst_port,
-                                                                               uint16_t proto, bool one_way);
+                                                                               TransportProto t, bool one_way);
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnTuple& conn);
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(const ConnKey& rhs) { *this = rhs; }
     [[deprecated("Remove in v8.1: Switch to new conn_key framework")]] ConnKey(Val* v);
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 
     bool operator<(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) < 0; }
     bool operator<=(const ConnKey& rhs) const { return memcmp(this, &rhs, sizeof(ConnKey)) <= 0; }

src/analyzer/Analyzer.cc

@@ -5,21 +5,13 @@
 #include <binpac.h>
 #include <algorithm>
 
-<<<<<<< HEAD
+#include "zeek/3rdparty/doctest.h"
-=======
 #include "zeek/Conn.h"
 #include "zeek/Event.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h"
 #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
 
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
-#include "zeek/3rdparty/doctest.h"
-#include "zeek/Event.h"
-#include "zeek/ZeekString.h"
-#include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
-
 namespace zeek::analyzer {
 
 class AnalyzerTimer final : public zeek::detail::Timer {

src/conn_key/Factory.h

@@ -2,7 +2,7 @@
 #pragma once
 
 #include "zeek/ConnKey.h"
-#include "zeek/util-types.h"
+#include "zeek/util.h"
 
 namespace zeek {
 

src/packet_analysis/protocol/gtpv1/GTPv1.cc

@@ -22,18 +22,13 @@ bool GTPv1_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
     const auto& key = conn->Key();
     auto sk = key.SessionKey();
 
-<<<<<<< HEAD
-    auto cm_it = conn_map.find(conn_key);
-    if ( cm_it == conn_map.end() )
-        cm_it = conn_map.insert(cm_it, {conn_key, std::make_unique<binpac::GTPv1::GTPv1_Conn>(this)});
-=======
     auto cm_it = conn_map.find(sk);
     if ( cm_it == conn_map.end() ) {
         sk.CopyData(); // Copy key data to store in map.
         auto [it, inserted] = conn_map.emplace(std::move(sk), std::make_unique<binpac::GTPv1::GTPv1_Conn>(this));
         assert(inserted);
         cm_it = it;
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
+    }
 
     try {
         cm_it->second->set_raw_packet(packet);

src/packet_analysis/protocol/icmp/ICMP.cc

@@ -38,13 +38,6 @@ bool ICMPAnalyzer::InitConnKey(size_t len, const uint8_t* data, Packet* packet,
     if ( ! CheckHeaderTrunc(ICMP_MINLEN, len, packet) )
         return false;
 
-<<<<<<< HEAD
-    tuple.src_addr = packet->ip_hdr->SrcAddr();
-    tuple.dst_addr = packet->ip_hdr->DstAddr();
-    tuple.proto = TRANSPORT_ICMP;
-
-=======
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
     const struct icmp* icmpp = (const struct icmp*)data;
 
     uint32_t icmp_counter_type = 0;

src/packet_analysis/protocol/ip/CMakeLists.txt

@@ -1,5 +1,4 @@
 zeek_add_plugin(
-<<<<<<< HEAD
     PacketAnalyzer
     IP
     SOURCES
@@ -7,9 +6,5 @@ zeek_add_plugin(
     IPBasedAnalyzer.cc
     SessionAdapter.cc
     Plugin.cc)
-=======
-    PacketAnalyzer IP
-    SOURCES IP.cc IPBasedAnalyzer.cc SessionAdapter.cc Plugin.cc)
 
 add_subdirectory(conn_key)
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')

src/packet_analysis/protocol/ip/IPBasedAnalyzer.h

@@ -118,8 +118,8 @@ protected:
     /**
      * Parse the header from the packet into a ConnTuple object.
      */
-    [[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]]
+    [[deprecated("Remove in v8.1. Switch to InitConnKey() and key-only initialization.")]] virtual bool BuildConnTuple(
-    virtual bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) {
+        size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) {
         return false;
     }
 

src/packet_analysis/protocol/ip/conn_key/fivetuple/CMakeLists.txt

@@ -1,3 +1 @@
-zeek_add_plugin(
+zeek_add_plugin(Zeek ConnKey_Fivetuple SOURCES Factory.cc Plugin.cc)
-    Zeek ConnKey_Fivetuple
-    SOURCES Factory.cc Plugin.cc)

src/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.cc

@@ -5,7 +5,7 @@
 #include "zeek/IP.h"
 #include "zeek/Val.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h"
-#include "zeek/util-types.h"
+#include "zeek/util.h"
 
 namespace zeek::conn_key::fivetuple {
 

src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/CMakeLists.txt

@@ -1,3 +1 @@
-zeek_add_plugin(
+zeek_add_plugin(Zeek Conntuple_VLAN SOURCES Factory.cc Plugin.cc)
-    Zeek Conntuple_VLAN
-    SOURCES Factory.cc Plugin.cc)

src/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/Factory.cc

@@ -9,7 +9,7 @@
 #include "zeek/iosource/Packet.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.h"
-#include "zeek/util-types.h"
+#include "zeek/util.h"
 
 namespace zeek::conn_key::vlan_fivetuple {
 

src/packet_analysis/protocol/tcp/TCP.cc

@@ -33,21 +33,8 @@ bool TCPAnalyzer::InitConnKey(size_t len, const uint8_t* data, Packet* packet, I
     if ( ! CheckHeaderTrunc(min_hdr_len, len, packet) )
         return false;
 
-<<<<<<< HEAD
-    tuple.src_addr = packet->ip_hdr->SrcAddr();
-    tuple.dst_addr = packet->ip_hdr->DstAddr();
-
-    data = packet->ip_hdr->Payload();
-
-    const struct tcphdr* tp = (const struct tcphdr*)data;
-    tuple.src_port = tp->th_sport;
-    tuple.dst_port = tp->th_dport;
-    tuple.is_one_way = false;
-    tuple.proto = TRANSPORT_TCP;
-=======
     const struct tcphdr* tp = (const struct tcphdr*)packet->ip_hdr->Payload();
     key.InitTuple(packet->ip_hdr->SrcAddr(), tp->th_sport, packet->ip_hdr->DstAddr(), tp->th_dport, packet->proto);
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 
     return true;
 }

src/packet_analysis/protocol/teredo/Teredo.cc

@@ -153,12 +153,8 @@ bool TeredoAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
         return false;
     }
 
+    // awelzel: This is the code in 7.0. Creepy.
     conn = static_cast<Connection*>(packet->session);
-    zeek::detail::ConnKey conn_key = conn->Key();
-
-    OrigRespMap::iterator or_it = orig_resp_map.find(conn_key);
-    if ( or_it == orig_resp_map.end() )
-        or_it = orig_resp_map.insert(or_it, {conn_key, {}});
 
     detail::TeredoEncapsulation te(this);
     if ( ! te.Parse(data, len) ) {
@@ -188,8 +184,6 @@ bool TeredoAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
         return false;
     }
 
-<<<<<<< HEAD
-=======
     const auto& k = conn->Key();
     auto sk = k.SessionKey();
     OrigRespMap::iterator or_it = orig_resp_map.find(sk);
@@ -204,10 +198,9 @@ bool TeredoAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
         assert(inserted);
         or_it = it;
 
-        packet->session->EnqueueEvent(new_teredo_state, nullptr, packet->session->GetVal());
+        // packet->session->EnqueueEvent(new_teredo_state, nullptr, packet->session->GetVal());
     }
 
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
     if ( packet->is_orig )
         or_it->second.valid_orig = true;
     else

src/packet_analysis/protocol/udp/UDP.cc

@@ -60,14 +60,7 @@ bool UDPAnalyzer::InitConnKey(size_t len, const uint8_t* data, Packet* packet, I
         return false;
 
     const struct udphdr* up = (const struct udphdr*)packet->ip_hdr->Payload();
-<<<<<<< HEAD
-    tuple.src_port = up->uh_sport;
-    tuple.dst_port = up->uh_dport;
-    tuple.is_one_way = false;
-    tuple.proto = TRANSPORT_UDP;
-=======
     key.InitTuple(packet->ip_hdr->SrcAddr(), up->uh_sport, packet->ip_hdr->DstAddr(), up->uh_dport, packet->proto);
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 
     return true;
 }

src/plugin/Component.cc

@@ -39,21 +39,8 @@ void Component::Describe(ODesc* d) const {
 
         case component::SESSION_ADAPTER: d->Add("Session Adapter"); break;
 
-<<<<<<< HEAD
-=======
-        case component::CLUSTER_BACKEND: d->Add("Cluster Backend"); break;
-
-        case component::EVENT_SERIALIZER: d->Add("Event Serializer"); break;
-
-        case component::LOG_SERIALIZER: d->Add("Log Serializer"); break;
-
-        case component::STORAGE_BACKEND: d->Add("Storage Backend"); break;
-
-        case component::STORAGE_SERIALIZER: d->Add("Storage Serializer"); break;
-
         case component::CONNKEY: d->Add("ConnKey Factory"); break;
 
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
         default:
             reporter->InternalWarning("unknown component type in plugin::Component::Describe");
             d->Add("<unknown component type>");

src/plugin/Component.h

@@ -20,7 +20,6 @@ namespace component {
 /**
  * Component types.
  */
-<<<<<<< HEAD
 enum Type {
     READER,          /// An input reader (not currently used).
     WRITER,          /// A logging writer (not currently used).
@@ -31,24 +30,7 @@ enum Type {
     PKTSRC,          /// A packet source.
     PKTDUMPER,       /// A packet dumper.
     SESSION_ADAPTER, /// A session adapter analyzer.
-=======
+    CONNKEY,         /// A factory for connection keys.
-enum Type : uint8_t {
-    READER,             /// An input reader (not currently used).
-    WRITER,             /// A logging writer (not currently used).
-    ANALYZER,           /// A protocol analyzer.
-    PACKET_ANALYZER,    /// A packet analyzer.
-    FILE_ANALYZER,      /// A file analyzer.
-    IOSOURCE,           /// An I/O source, excluding packet sources.
-    PKTSRC,             /// A packet source.
-    PKTDUMPER,          /// A packet dumper.
-    SESSION_ADAPTER,    /// A session adapter analyzer.
-    CLUSTER_BACKEND,    /// A cluster backend.
-    EVENT_SERIALIZER,   /// A serializer for events, used by cluster backends.
-    LOG_SERIALIZER,     /// A serializer for log batches, used by cluster backends.
-    STORAGE_BACKEND,    /// A backend for the storage framework.
-    STORAGE_SERIALIZER, /// A serializer for the storage framework.
-    CONNKEY,            /// A factory for connection keys.
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 };
 
 } // namespace component

src/script_opt/ZAM/OPs/ZAM.op

@@ -2514,8 +2514,11 @@ type V
 eval	auto teredo = zeek::packet_mgr->GetAnalyzer("Teredo");
 	if ( teredo )
 		{
-		zeek::detail::ConnKey conn_key(frame[z.v1].record_val);
+		auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v1].record_val);
-		static_cast<zeek::packet_analysis::teredo::TeredoAnalyzer*>(teredo.get())->RemoveConnection(conn_key);
+		if ( ! r.has_value() )
+			return zeek::val_mgr->False();
+		auto sk = r.value()->SessionKey();
+		static_cast<zeek::packet_analysis::teredo::TeredoAnalyzer*>(teredo.get())->RemoveConnection(sk);
 		}
 
 internal-op Remove-Teredo
@@ -2524,8 +2527,11 @@ type VV
 eval	auto teredo = zeek::packet_mgr->GetAnalyzer("Teredo");
 	if ( teredo )
 		{
-		zeek::detail::ConnKey conn_key(frame[z.v2].record_val);
+		auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v2].record_val);
-		static_cast<zeek::packet_analysis::teredo::TeredoAnalyzer*>(teredo.get())->RemoveConnection(conn_key);
+		if ( ! r.has_value() )
+			return zeek::val_mgr->False();
+		auto sk = r.value()->SessionKey();
+		static_cast<zeek::packet_analysis::teredo::TeredoAnalyzer*>(teredo.get())->RemoveConnection(sk);
 		}
 	frame[z.v1].int_val = 1;
 
@@ -2535,8 +2541,11 @@ type V
 eval	auto gtpv1 = zeek::packet_mgr->GetAnalyzer("GTPv1");
 	if ( gtpv1 )
 		{
-		zeek::detail::ConnKey conn_key(frame[z.v1].record_val);
+		auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v1].record_val);
-		static_cast<zeek::packet_analysis::gtpv1::GTPv1_Analyzer*>(gtpv1.get())->RemoveConnection(conn_key);
+		if ( ! r.has_value() )
+			return zeek::val_mgr->False();
+		auto sk = r.value()->SessionKey();
+		static_cast<zeek::packet_analysis::gtpv1::GTPv1_Analyzer*>(gtpv1.get())->RemoveConnection(sk);
 		}
 
 internal-op Remove-GTPv1
@@ -2545,8 +2554,11 @@ type VV
 eval	auto gtpv1 = zeek::packet_mgr->GetAnalyzer("GTPv1");
 	if ( gtpv1 )
 		{
-		zeek::detail::ConnKey conn_key(frame[z.v2].record_val);
+		auto r = zeek::conn_key_mgr->GetFactory().ConnKeyFromVal(*frame[z.v2].record_val);
-		static_cast<zeek::packet_analysis::gtpv1::GTPv1_Analyzer*>(gtpv1.get())->RemoveConnection(conn_key);
+		if ( ! r.has_value() )
+			return zeek::val_mgr->False();
+		auto sk = r.value()->SessionKey();
+		static_cast<zeek::packet_analysis::gtpv1::GTPv1_Analyzer*>(gtpv1.get())->RemoveConnection(sk);
 		}
 	frame[z.v1].int_val = 1;
 

src/script_opt/ZAM/ZBody.cc

@@ -10,6 +10,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/Traverse.h"
 #include "zeek/Trigger.h"
+#include "zeek/conn_key/Manager.h"
 #include "zeek/script_opt/ScriptOpt.h"
 #include "zeek/script_opt/ZAM/Compile.h"
 #include "zeek/session/Manager.h"

src/session/Manager.cc

@@ -18,12 +18,7 @@
 #include "zeek/RunState.h"
 #include "zeek/Timer.h"
 #include "zeek/TunnelEncapsulation.h"
-<<<<<<< HEAD
-#include "zeek/analyzer/Manager.h"
-#include "zeek/iosource/IOSource.h"
-=======
 #include "zeek/conn_key/Manager.h"
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 #include "zeek/packet_analysis/Manager.h"
 #include "zeek/session/Session.h"
 #include "zeek/telemetry/Manager.h"
@@ -95,14 +90,10 @@ Connection* Manager::FindConnection(Val* v) {
     // different builder.
     auto r = conn_key_mgr->GetFactory().ConnKeyFromVal(*v);
 
-<<<<<<< HEAD
-    if ( ! conn_key.valid )
-=======
     if ( ! r.has_value() ) {
-        // Produce a loud error for invalid script-layer conn_id records.
         zeek::emit_builtin_error(r.error().c_str());
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
         return nullptr;
+    }
 
     return FindConnection(*r.value());
 }

src/zeek-setup.cc

@@ -54,12 +54,7 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/binpac_zeek.h"
 #include "zeek/broker/Manager.h"
-<<<<<<< HEAD
-=======
-#include "zeek/cluster/Backend.h"
-#include "zeek/cluster/Manager.h"
 #include "zeek/conn_key/Manager.h"
->>>>>>> cd934c460b (Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples')
 #include "zeek/file_analysis/Manager.h"
 #include "zeek/input.h"
 #include "zeek/input/Manager.h"

testing/btest/Baseline/coverage.bare-mode-errors/errors

@@ -4,12 +4,12 @@ warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__lo
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 warning in <...>/warnings.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";

testing/btest/Baseline/coverage.test-all-policy-cluster/.stderr

@@ -1,21 +1,21 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 received termination signal
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 received termination signal
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 received termination signal
 warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
-warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
+warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:150 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
 received termination signal

testing/btest/Baseline/plugins.connkey/output

@@ -5,11 +5,31 @@ Demo::Foo - A Foo ConnKey factory (dynamic, version 1.0.0)
 ===
 DoNewConnKey (0 key all_inits)
 DoNewConnKey (1 key all_inits)
-DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, proto=6, inits=0]
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0]
 DoNewConnKey (2 key all_inits)
-DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, proto=6, inits=0]
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0]
 DoNewConnKey (6 key all_inits)
 DoNewConnKey (22 key all_inits)
 DoNewConnKey (40 key all_inits)
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=37604/tcp, resp_h=199.233.217.249, resp_p=56666/tcp, inits=1]
+DoNewConnKey (53 key all_inits)
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=37604/tcp, resp_h=199.233.217.249, resp_p=56666/tcp, inits=1]
+DoNewConnKey (53 key all_inits)
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=59378/tcp, resp_h=199.233.217.249, resp_p=56667/tcp, inits=22]
+DoNewConnKey (54 key all_inits)
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=59378/tcp, resp_h=199.233.217.249, resp_p=56667/tcp, inits=22]
+DoNewConnKey (54 key all_inits)
 DoNewConnKey (60 key all_inits)
 DoNewConnKey (78 key all_inits)
+DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61920/tcp, resp_h=141.142.220.235, resp_p=33582/tcp, inits=40]
+DoNewConnKey (90 key all_inits)
+DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61920/tcp, resp_h=141.142.220.235, resp_p=33582/tcp, inits=40]
+DoNewConnKey (90 key all_inits)
+DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61918/tcp, resp_h=141.142.220.235, resp_p=37835/tcp, inits=60]
+DoNewConnKey (95 key all_inits)
+DoConnKeyFromVal for [orig_h=199.233.217.249, orig_p=61918/tcp, resp_h=141.142.220.235, resp_p=37835/tcp, inits=60]
+DoNewConnKey (95 key all_inits)
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0]
+DoNewConnKey (95 key all_inits)
+DoConnKeyFromVal for [orig_h=141.142.220.235, orig_p=50003/tcp, resp_h=199.233.217.249, resp_p=21/tcp, inits=0]
+DoNewConnKey (95 key all_inits)

testing/btest/plugins/connkey-plugin/CMakeLists.txt

@@ -10,6 +10,4 @@ set(CMAKE_MODULE_PATH ${ZEEK_DIST}/cmake)
 
 include(ZeekPlugin)
 
-zeek_add_plugin(
+zeek_add_plugin(Demo Foo SOURCES src/Plugin.cc src/Foo.cc)
-    Demo Foo
-    SOURCES src/Plugin.cc src/Foo.cc)