From ec89d6ffff6ccf35e696bdb0e458d6763278eea0 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Wed, 2 Apr 2025 18:08:30 -0700 Subject: [PATCH 1/6] Make Zeekygen docs generation (-X) imply parse-only (-a) Nobody generates docs at startup while then moving on to regular Zeek operation, and the generated runtime output when loading scripts/zeekygen is both noisy and confusing. --- src/Options.cc | 2 +- src/zeek-setup.cc | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Options.cc b/src/Options.cc index de49298435..b01e859087 100644 --- a/src/Options.cc +++ b/src/Options.cc @@ -133,7 +133,7 @@ void usage(const char* prog) { printf(" -T|--re-level | set 'RE_level' for rules\n"); printf(" -U|--status-file | Record process status in file\n"); printf(" -W|--watchdog | activate watchdog timer\n"); - printf(" -X|--zeekygen | generate documentation based on config file\n"); + printf(" -X|--zeekygen | generate documentation based on config file; implies -a\n"); #ifdef USE_PERFTOOLS_DEBUG printf(" -m|--mem-leaks | show leaks [perftools]\n"); diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index 8e79f3a5a8..68bc62647c 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -641,6 +641,10 @@ SetupResult setup(int argc, char** argv, Options* zopts) { auto zeekygen_cfg = options.zeekygen_config_file.value_or(""); zeekygen_mgr = new zeekygen::detail::Manager(zeekygen_cfg, zeek_argv[0]); + // Zeekygen documentation generation (via -X) implies we only parse: + if ( ! zeekygen_cfg.empty() ) + detail::parse_only = true; + add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("builtin-plugins/__preload__.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -985,7 +989,7 @@ SetupResult setup(int argc, char** argv, Options* zopts) { } } - if ( options.parse_only ) { + if ( detail::parse_only ) { if ( analysis_options.usage_issues > 0 ) analyze_scripts(options.no_unused_warnings); From 678a22461c6702e552ca4b10d3587830d4b98795 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Wed, 2 Apr 2025 18:10:21 -0700 Subject: [PATCH 2/6] Stop suppressing stdout during Zeekygen docs generation It's no longer needed to suppress noise, and any output is now actually of interest. --- ci/update-zeekygen-docs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/update-zeekygen-docs.sh b/ci/update-zeekygen-docs.sh index 278588752b..4884994f24 100755 --- a/ci/update-zeekygen-docs.sh +++ b/ci/update-zeekygen-docs.sh @@ -28,7 +28,7 @@ cd $build_dir export ZEEK_SEED_FILE=$source_dir/testing/btest/random.seed function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 zeek -X $conf_file zeekygen >/dev/null + ZEEK_ALLOW_INIT_ERRORS=1 zeek -X $conf_file zeekygen if [ $? -ne 0 ]; then echo "Failed running zeek with zeekygen config file $conf_file" >&2 From c1cec7aec7e1a175b3ef1db53ebfb105fe0f21d9 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 5 Jun 2025 17:22:01 -0700 Subject: [PATCH 3/6] Suppress warnings on deprecated DPD scripts during Zeekygen Also fix corresponding baseline. --- scripts/zeekygen/__load__.zeek | 10 ++++++++++ .../btest/Baseline/coverage.bare-mode-errors/errors | 2 -- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/zeekygen/__load__.zeek b/scripts/zeekygen/__load__.zeek index eaec660a80..c2c2832940 100644 --- a/scripts/zeekygen/__load__.zeek +++ b/scripts/zeekygen/__load__.zeek @@ -2,7 +2,12 @@ # Scripts which are commented out in test-all-policy.zeek. @load frameworks/analyzer/deprecated-dpd-log.zeek + +# Remove in v8.1: replaced by frameworks/analyzer/detect-protocols.zeek +@pragma push ignore-deprecations @load frameworks/dpd/detect-protocols.zeek +@pragma pop ignore-deprecations + @load protocols/ssl/decryption.zeek @ifdef ( Cluster::CLUSTER_BACKEND_ZEROMQ ) @load frameworks/cluster/backend/zeromq/connect.zeek @@ -10,7 +15,12 @@ @load frameworks/cluster/nodes-experimental/manager.zeek @load frameworks/control/controllee.zeek @load frameworks/control/controller.zeek + +# Remove in v8.1: replaced by frameworks/analyzer/packet-segment-logging.zeek +@pragma push ignore-deprecations @load frameworks/dpd/packet-segment-logging.zeek +@pragma pop ignore-deprecations + @load frameworks/management/agent/main.zeek @load frameworks/management/controller/main.zeek @load frameworks/management/node/__load__.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 34e3f35578..e62eb8dd19 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,7 +1,5 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### NOTE: This file has been sorted with diff-sort. -warning in <...>/detect-protocols.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:5 ("frameworks<...>/detect-protocols.zeek moved to frameworks<...>/detect-protocols.zeek. Please switch to frameworks<...>/detect-protocols.zeek. Remove in 8.1") warning in <...>/detect-protocols.zeek, line 1: deprecated script loaded from command line arguments ("frameworks<...>/detect-protocols.zeek moved to frameworks<...>/detect-protocols.zeek. Please switch to frameworks<...>/detect-protocols.zeek. Remove in 8.1") warning in <...>/detect-sqli.zeek, line 16: deprecated script loaded from command line arguments "Remove in v8.1: Switch to the improved detect-sql-injection script" -warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:13 ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1") warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from command line arguments ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1") From fc29aae18376eab7b8791a358fae2b427cc84faf Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 5 Jun 2025 17:28:38 -0700 Subject: [PATCH 4/6] Remove adjustments and custom terminate() for Zeekygen invocation. --- scripts/zeekygen/__load__.zeek | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/scripts/zeekygen/__load__.zeek b/scripts/zeekygen/__load__.zeek index c2c2832940..c5717b310e 100644 --- a/scripts/zeekygen/__load__.zeek +++ b/scripts/zeekygen/__load__.zeek @@ -40,17 +40,3 @@ @endif @load ./example.zeek - -event zeek_init() &priority=1000 - { - # Disable events in modules that use zeek_init() to do stuff and may - # fail when run under zeekygen. For the purpose of zeekygen, we could - # probably disable all modules, too. - disable_module_events("Control"); - disable_module_events("Cluster::Backend::ZeroMQ"); - disable_module_events("Cluster::Experimental"); - disable_module_events("Management::Agent::Runtime"); - disable_module_events("Management::Controller::Runtime"); - disable_module_events("Management::Node"); - terminate(); - } From aa4c1768354c895c971f7db9c638c8ce25b21772 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 5 Jun 2025 17:27:58 -0700 Subject: [PATCH 5/6] Update NEWS for Zeekygen parse-only change. --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 89630a0c9a..a760d948cd 100644 --- a/NEWS +++ b/NEWS @@ -156,6 +156,9 @@ Changed Functionality - `detect-protocol.zeek was the last non-deprecated policy script left in `frameworks/dpd`. It was moved to `frameworks/analyzer/detect-protocol.zeek`. +- Running Zeek with Zeekygen for documentation extraction (-X|--zeekygen + ) now implies -a, i.e., parse-only mode. + Removed Functionality --------------------- From 1dcd13a01941d37303d08c4bc8ca95703aee6d7d Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 5 Jun 2025 17:24:34 -0700 Subject: [PATCH 6/6] Fix a typo. --- scripts/base/frameworks/analyzer/dpd.zeek | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/frameworks/analyzer/dpd.zeek b/scripts/base/frameworks/analyzer/dpd.zeek index 6780b920cd..1b898a5868 100644 --- a/scripts/base/frameworks/analyzer/dpd.zeek +++ b/scripts/base/frameworks/analyzer/dpd.zeek @@ -1,4 +1,4 @@ -##! Disables analyzers if protocol violations occur, and add service information +##! Disables analyzers if protocol violations occur, and adds service information ##! to connection log. @load ./main