Merge branch 'zeek:master' into master

2025-10-02 06:38:20 +00:00 · 2022-08-11 18:20:31 -07:00 · 2022-08-11 18:20:31 -07:00 · d9632631ce
commit d9632631ce
parent 660278be1f 148f5c1403
243 changed files with 44421 additions and 20773 deletions
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -588,6 +588,23 @@ type fa_metadata: record {
 	inferred: bool &default=T;
 };

+## A hook taking a connection, analyzer tag and analyzer id that can be
+## used to veto disabling analyzers. Specifically, an analyzer can be prevented
+## from being disabled by using a :zeek:see:`break` statement within the hook.
+## This hook is invoked synchronously during a :zeek:see:`disable_analyzer` call.
+##
+## Scripts implementing this hook should have other logic that will eventually
+## disable the analyzer for the given connection. That is, if a script vetoes
+## disabling an analyzer, it takes responsibility for a later call to
+## :zeek:see:`disable_analyzer`, which may be never.
+##
+## c: The connection
+##
+## atype: The type / tag of the analyzer being disabled.
+##
+## aid: The analyzer ID.
+type disabling_analyzer: hook(c: connection, atype: AllAnalyzers::Tag, aid: count);
+
 ## Fields of a SYN packet.
 ##
 ## .. zeek:see:: connection_SYN_packet