Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19575 commits 387 branches 195 tags 255 MiB
Commit graph

3785 commits

Author SHA1 Message Date
Arne Welzel
771c37b6b2 Merge branch 'rename' of https://github.com/bhaskarbhar/zeek 
* 'rename' of https://github.com/bhaskarbhar/zeek:
  Update zeek.bif
  Update init-bare.zeek
  Added Baseline
  Renamed
 2025-06-25 19:27:13 +02:00
Evan Typanski
d3593e0489 Merge remote-tracking branch 'origin/topic/etyp/remove-list' 
* origin/topic/etyp/remove-list:
  Remove `list` from Zeek grammar
 2025-06-25 10:36:08 -04:00
Arne Welzel
cd934c460b Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples' 
* origin/topic/christian/extensible-conntuples:
  btest/plugins: Add test for custom ConnKey factory
  NEWS updates for pluggable connection tuples.
  Add a VLAN-aware flow tuple implementation.
  Deprecate ConnTuple and related APIs.
  Deprecate the old Connection constructor and detail::ConnKey class.
  Switch to virtualized use of new zeek::ConnKey class tree
  Provide a connkey factory for Zeek's default five-tuples.
  Add IP-specific ConnKey implementation.
  Establish plugin infrastructure for ConnKey factories.
  Add new ConnKey abstraction.
 2025-06-25 14:17:49 +02:00
Arne Welzel
4b472f2771 Merge remote-tracking branch 'origin/topic/awelzel/telemetry-endpoint-to-node-rename' 
* origin/topic/awelzel/telemetry-endpoint-to-node-rename:
  telemetry: Rename endpoint label to node label
 2025-06-25 09:33:55 +02:00
Tim Wojtulewicz
4c2990f6ad Merge remote-tracking branch 'origin/topic/timw/available_tags' 
* origin/topic/timw/available_tags:
  Add get_tags_by_category BIF method
 2025-06-24 15:38:32 -07:00
Tim Wojtulewicz
e5afa4160c Merge remote-tracking branch 'origin/topic/timw/remove-with-binpac-bifcl' 
* origin/topic/timw/remove-with-binpac-bifcl:
  Deprecate --with-binpac/--with-bifcl configure options
  Remove deprecated --disable-archiver configure argument
 2025-06-24 12:51:15 -07:00
Arne Welzel
5e5d943273 Merge remote-tracking branch 'origin/topic/awelzel/publish-error-test-avoid-tsan-report' 
* origin/topic/awelzel/publish-error-test-avoid-tsan-report:
  btest/broker/publish-errors: Avoid exit(0)
 2025-06-24 19:07:23 +02:00
Arne Welzel
fbeb3adfe6 Merge remote-tracking branch 'origin/topic/awelzel/dns-naming-authority-pointer' 
* origin/topic/awelzel/dns-naming-authority-pointer:
  DNS: Implement NAPTR RR support
  DNS: Move extract_char_string() helper around
 2025-06-24 17:44:17 +02:00
Arne Welzel
cab4ebf513 Merge remote-tracking branch 'origin/topic/awelzel/4586-zeromq-ipv6' 
* origin/topic/awelzel/4586-zeromq-ipv6:
  cluster/zeromq: Short-circuit DoPublishLogWrite() when not initialized
  cluster/zeromq: Hook up and enable IPV6 by default
  cluster/zeromq/connect: Make failures fatal
  cluster/zeromq: Move log_push creation to DoInit()
 2025-06-24 17:16:58 +02:00
Benjamin Bannier
767ddfd8a1 Merge branch 'topic/bbannier/issue-4587' 2025-06-24 16:31:01 +02:00
Johanna Amann
72bd683c23 Merge remote-tracking branch 'origin/topic/johanna/default-canonifier-only-first-timestamp' 
* origin/topic/johanna/default-canonifier-only-first-timestamp:
  Default canonifier change to only remove first timestamp in line
  Align SMB timestamp calculation between operating systems
 2025-06-24 14:02:04 +01:00
Tim Wojtulewicz
e39a1d7271 Merge remote-tracking branch 'origin/topic/timw/ipv6-chain-vector' 
* origin/topic/timw/ipv6-chain-vector:
  Switch IPv6_Hdr_Chain to a vector of objects instead of pointers
 2025-06-23 10:52:33 -07:00
Tim Wojtulewicz
33b23ef4b1 Merge remote-tracking branch 'origin/topic/timw/zeromq-include-paths' 
* origin/topic/timw/zeromq-include-paths:
  Remove unneeded include dirs in zeromq CMakeLists.txt
 2025-06-23 10:40:10 -07:00
Tim Wojtulewicz
8d92ad472c Merge branch 'topic/timw/clang-tidy-fixes' 
* topic/timw/clang-tidy-fixes: (41 commits)
  Deprecate BRO_PLUGIN_INSTALL_PATH constant
  Make constants in IP::ParseResult uppercase, deprecate the old ones
  Fix comparison against CapLen results in IPTunnel
  Fix clang-tidy cppcoreguidelines-virtual-class-destructor warnings in headers
  Fix clang-tidy cppcoreguidelines-macro-usage warnings in headers
  Fix clang-tidy modernize-use-using warnings in headers
  Fix clang-tidy modernize-use-transparent-functors warnings in headers
  Fix clang-tidy modernize-use-override warnings in headers
  Fix clang-tidy modernize-use-nullptr warnings in headers
  Fix clang-tidy modernize-use-equals-delete warnings in headers
  Fix clang-tidy modernize-use-emplace warnings in headers
  Fix clang-tidy modernize-use-default-member-init warnings in headers
  Fix clang-tidy modernize-use-bool-literals warnings in headers
  Fix clang-tidy modernize-return-braced-init-list warnings in headers
  Fix clang-tidy modernize-type-traits warnings in headers
  Fix clang-tidy modernize-redundnat-void-arg warnings in headers
  Fix clang-tidy modernize-pass-by-value warnings in headers
  Fix clang-tidy modernize-loop-convert warnings in headers
  Fix clang-tidy modernize-macro-to-enum warnings in headers
  Fix clang-tidy performance-unnecessary-copy-initialization warnings in headers
  ...
 2025-06-23 10:37:29 -07:00
Arne Welzel
b1157e4e03 Merge remote-tracking branch 'origin/topic/bbannier/issue-4594' 
* origin/topic/bbannier/issue-4594:
  Align WebSocket error in cluster with one in Broker
 2025-06-22 15:49:23 +02:00
Arne Welzel
b0a26eddaa Merge remote-tracking branch 'origin/topic/awelzel/4571-reject-cluster-event-broker-publish' 
* origin/topic/awelzel/4571-reject-cluster-event-broker-publish:
  broker: Handle Broker::publish() with non Broker::Event
 2025-06-22 15:48:36 +02:00
Johanna Amann
a22837536d Merge remote-tracking branch 'origin/topic/johanna/gh-4521' 
* origin/topic/johanna/gh-4521:
  Change x509 not_before/not_after to not be based on local timezone
 2025-06-18 13:27:57 +01:00
Benjamin Bannier
2866934792 Merge branch 'topic/bbannier/spicy-ssl-refs' 2025-06-18 13:14:13 +02:00
Arne Welzel
19f2621f7b Merge remote-tracking branch 'origin/topic/awelzel/4573-remove-is-packet-source' 
* origin/topic/awelzel/4573-remove-is-packet-source:
  IOSource: Remove IsPacketSource
 2025-06-17 09:25:39 +02:00
Arne Welzel
f4357485d2 Merge remote-tracking branch 'origin/topic/awelzel/4562-post-proc-lookup-failure' 
* origin/topic/awelzel/4562-post-proc-lookup-failure:
  btest/logging: Fly-by cleanup
  logging/Ascii: Fix abort() for non-existing postrotation functions
 2025-06-16 14:58:49 +02:00
Arne Welzel
99155f6ec6 Merge remote-tracking branch 'origin/topic/awelzel/add-ws-tls-nocert-btest' 
* origin/topic/awelzel/add-ws-tls-nocert-btest:
  btest/cluster/websocket: Add cert-less test
 2025-06-16 13:48:08 +02:00
Tim Wojtulewicz
2b8cb515b9 Merge remote-tracking branch 'origin/topic/timw/fix-master' 
* origin/topic/timw/fix-master:
  Add missing #include to packet_analysis/Component.h
 2025-06-11 13:18:43 -07:00
Tim Wojtulewicz
0a8149c185 Merge remote-tracking branch 'origin/topic/timw/util-types' 
* origin/topic/timw/util-types:
  Remove some unused #includes from spicy code
  Remove using util.h in various headers in favor of util-types.h
  Move type definitions/aliases from util.h to a separate file
 2025-06-11 11:12:27 -07:00
Christian Kreibich
62442058e7 Merge branch 'topic/christian/enumval-string-fix' 
* topic/christian/enumval-string-fix:
  Bugfix: AsString() on an EnumVal will segfault
 2025-06-11 09:01:03 -07:00
Arne Welzel
f5063bfcd4 Merge remote-tracking branch 'origin/topic/awelzel/4522-bdat-last-reply-fix' 
* origin/topic/awelzel/4522-bdat-last-reply-fix:
  smtp: Fix last_reply column in smtp.log for BDAT LAST
 2025-06-11 17:25:21 +02:00
Tim Wojtulewicz
14ca808bcf Merge remote-tracking branch 'origin/topic/timw/netbios-ssn-session-timeout-constant' 
* origin/topic/timw/netbios-ssn-session-timeout-constant:
  Move netbios_ssn_session_timeout to a script-level constant
 2025-06-10 12:08:46 -07:00
Arne Welzel
61f93f9eb6 Merge remote-tracking branch 'origin/topic/awelzel/disable-zam-bif-tracking' 
* origin/topic/awelzel/disable-zam-bif-tracking:
  btest/opt/ZAM-bif-tracking: Disable by default
 2025-06-10 18:50:54 +02:00
Christian Kreibich
2f8bbeab1f Merge branch 'topic/christian/btest-trace-cleanup' 
* topic/christian/btest-trace-cleanup:
  Btests: don't use -C in Zeek invocations that don't actually need it
  Remove executable file permission bits from a bunch of our pcaps
 2025-06-09 18:00:44 -07:00
Tim Wojtulewicz
ac9ee9f219 Merge remote-tracking branch 'origin/topic/timw/clang-tidy-modernize-fixes' 
* origin/topic/timw/clang-tidy-modernize-fixes:
  Move initialization of RandTest members to header
  Update .clang-tidy to have modernize-* enabled with some exclusions
  Fix clang-tidy modernize-use-transparent-functors findings
  Fix clang-tidy modernize-use-override findings
  Fix clang-tidy modernize-use-nullptr findings
  Fix clang-tidy modernize-use-emplace findings
  Fix clang-tidy modernize-use-default-member-init findings
  Fix clang-tidy modernize-use-bool-literals findings
  Fix clang-tidy modernize-return-braced-init-list findings
  Fix clang-tidy modernize-redundant-void-arg findings
  Fix clang-tidy modernize-pass-by-value findings
  Fix clang-tidy modernize-min-max-use-initializer-list findings
  Fix clang-tidy modernize-make-unique findings
  Fix clang-tidy modernize-loop-convert findings (LOOP_OVER_ macros)
  Fix clang-tidy modernize-loop-convert findings
  Update bifcl submodule with clang-tidy fixes [nomail]
 2025-06-06 11:45:59 -07:00
Christian Kreibich
b95f1b0925 Merge branch 'topic/christian/zeekygen-parse-only' 
* topic/christian/zeekygen-parse-only:
  Fix a typo.
  Update NEWS for Zeekygen parse-only change.
  Remove adjustments and custom terminate() for Zeekygen invocation.
  Suppress warnings on deprecated DPD scripts during Zeekygen
  Stop suppressing stdout during Zeekygen docs generation
  Make Zeekygen docs generation (-X) imply parse-only (-a)
 2025-06-06 10:43:32 -07:00
Arne Welzel
2468fe2355 Merge branch 't/gh-4448' of https://github.com/AmazingPP/zeek 
* 't/gh-4448' of https://github.com/AmazingPP/zeek:
  Fix `&ordered` attribute not preserved in table initializer assignments
 2025-06-06 17:35:54 +02:00
Arne Welzel
8189716adc Merge branch 'topic/ado/final-docker' of https://github.com/edoardomich/zeek 
* 'topic/ado/final-docker' of https://github.com/edoardomich/zeek:
  docker: Add `net-tools` and `procps` dependencies
 2025-06-06 10:26:45 +02:00
Tim Wojtulewicz
1ba2f62b4e Merge remote-tracking branch 'origin/topic/timw/configure-output-follow-up' 
* origin/topic/timw/configure-output-follow-up:
  Follow-ups to configure output reformatting
 2025-06-05 20:31:11 -07:00
Tim Wojtulewicz
e6492f7c7b Merge remote-tracking branch 'origin/topic/timw/storage-expire-contention' 
* origin/topic/timw/storage-expire-contention:
  Add busy_timeout script-level option, override any busy_timeout pragma
  Handle potential contention when running sqlite expiration
  Add expiration to sqlite-cluster.btest
  Use unique_ptr to avoid needing to call sqlite3_reset manually
  Move Deferred class from ZeroMQ to util
 2025-06-05 12:43:50 -07:00
Tim Wojtulewicz
a289307e50 Merge remote-tracking branch 'origin/topic/timw/clang-20-build-warnings' 
* origin/topic/timw/clang-20-build-warnings:
  Silence -Wnontrivial-memcall warning in ConnKey methods
 2025-06-05 08:22:40 -07:00
Tim Wojtulewicz
badca1e604 Merge remote-tracking branch 'origin/topic/timw/update-broker' 
* origin/topic/timw/update-broker:
  Update broker submodule [nomail]
 2025-06-05 08:21:42 -07:00
Johanna Amann
e6755325e1 Merge remote-tracking branch 'origin/topic/johanna/new-style-analyzer-log' 
* origin/topic/johanna/new-style-analyzer-log:
  NEWS entries for analyzer log changes
  Move detect-protocol from frameworks/dpd to frameworks/analyzer
  Introduce new c$failed_analyzers field
  Settle on analyzer.log for the dpd.log replacement
  dpd->analyzer.log change - rename files
  Analyzer failure logging: tweaks and test fixes
  Introduce analyzer-failed.log, as a replacement for dpd.log
  Rename analyzer.log to analyzer.debug log; move to policy
  Move dpd.log to policy script
 2025-06-05 07:22:35 +01:00
Tim Wojtulewicz
62dc6ce7bc Merge remote-tracking branch 'origin/topic/timw/clang-tidy-cppcoreguidelines-fixes' 
* origin/topic/timw/clang-tidy-cppcoreguidelines-fixes:
  Add some notes about missing/disabled cppcoreguildlines clang-tidy checkers
  Fix clang-tidy cppcoreguidelines-macro-usage findings (macro functions)
  Fix clang-tidy cppcoreguidelines-macro-usage findings (macros as constants)
  script_opt: Add missing virtual destructor (cppcoreguidelines-virtual-class-destructor)
 2025-06-04 09:38:38 -07:00
Evan Typanski
14fa756d31 Merge remote-tracking branch 'origin/topic/etyp/fix-reenable-analyzer-log' 
* origin/topic/etyp/fix-reenable-analyzer-log:
  Fix Spicy re-enable builtin analyzer debug message
 2025-06-04 08:40:27 -04:00
Tim Wojtulewicz
3ae9d8ba90 Merge remote-tracking branch 'origin/topic/timw/4350-redis-passwords' 
* origin/topic/timw/4350-redis-passwords:
  Redis: Add support for sending AUTH commands during connection
  Redis: disconnect cleanly if INFO request fails
  Fix segfault if storage sync open_backend returns bad code
  Add ToStdString and ToStdStringView to ZeekString
 2025-06-03 11:54:23 -07:00
Tim Wojtulewicz
f76a2437cd Merge remote-tracking branch 'origin/topic/timw/update-windows-ci' 
* origin/topic/timw/update-windows-ci:
  Update libunistd submodule [nomail]
  Update Windows CI image to Visual Studio 2022
 2025-06-02 14:53:01 -07:00
Tim Wojtulewicz
237c7da47a Merge remote-tracking branch 'origin/topic/timw/bump-opensuse-tumbleweed-docker-image' 
* origin/topic/timw/bump-opensuse-tumbleweed-docker-image:
  CI: Force rebuild of opensuse tumbleweed docker image
 2025-06-02 14:31:39 -07:00
Tim Wojtulewicz
aea614be56 Merge remote-tracking branch 'origin/topic/robin/gh-4501-eod-abort' 
* origin/topic/robin/gh-4501-eod-abort:
  Bump Spicy to pull in fix.
 2025-06-02 14:30:51 -07:00
Tim Wojtulewicz
d0f82d8e15 Merge remote-tracking branch 'origin/topic/awelzel/bump-zeekjs-0-17-1' 
* origin/topic/awelzel/bump-zeekjs-0-17-1:
  Bump zeekjs to v0.17.1
 2025-06-02 11:45:15 -07:00
Tim Wojtulewicz
f2b6fbe1a4 Merge remote-tracking branch 'origin/topic/bbannier/comment-fix' 
* origin/topic/bbannier/comment-fix:
  Fix incorrectly copied comment [skip CI]
 2025-06-02 11:44:05 -07:00
Arne Welzel
0a34b39e7a Merge remote-tracking branch 'origin/topic/awelzel/4177-4178-custom-event-metadata-part-2' 
* origin/topic/awelzel/4177-4178-custom-event-metadata-part-2:
  Event: Bail on add_missing_remote_network_timestamp without add_network_timestamp
  btest/plugin: Test custom metadata publish
  NEWS: Add note about generic event metadata
  cluster: Remove deprecated Event constructor
  cluster: Remove some explicit timestamp handling
  broker/Manager: Fetch and forward all metadata from events
  Event/init-bare: Add add_missing_remote_network_timestamp logic
  cluster/Backend/DoProcessEvent: Use generic metadata, not just timestamps
  cluster/Event: Support moving args and metadata from event
  cluster/serializer/broker: Support generic metadata
  cluster/Event: Generic metadata support
  Event: Use -1.0 for undefined/unset timestamps
  cluster: Use shorter obj_desc versions
  Desc: Add obj_desc() / obj_desc_short() overloads for IntrusivePtr
 2025-06-02 17:33:22 +02:00
Arne Welzel
31f51f7a87 Merge remote-tracking branch 'origin/topic/bbannier/coverity-fixes' 
* origin/topic/bbannier/coverity-fixes:
  Prefer `std::move` over copy
 2025-06-02 10:17:24 +02:00
Arne Welzel
e5bb6317fa Merge remote-tracking branch 'origin/topic/vern/CPP-maint.May25' 
* origin/topic/vern/CPP-maint.May25:
  minor BTest maintenance updates for -O gen-C++
  fix for more robustly finding BTests to assess for -O gen-C++
  fix for -O gen-C++ dealing with type constants of unnamed compound types
 2025-06-02 10:12:27 +02:00
Arne Welzel
41f04eda72 Merge remote-tracking branch 'origin/topic/awelzel/intel-indicator-hooks' 
* origin/topic/awelzel/intel-indicator-hooks:
  intel/seen/manage-event-groups: Policy script for toggling intel event groups
  intel: Add indicator_inserted and indicator_removed hooks
 2025-06-02 09:52:07 +02:00
Tim Wojtulewicz
3282bbc429 Merge remote-tracking branch 'origin/topic/vern/ZAM-maint.May25' 
* origin/topic/vern/ZAM-maint.May25:
  fix for crash when interpreting transformed ASTs that include multi-field record assignments/additions
  Remove unused ZAM compiler method
 2025-05-30 13:07:01 -07:00