Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18139 commits 387 branches 195 tags 255 MiB
Commit graph

18139 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arne Welzel
18597ea49c type/id/zeekygen: Add EnumVal to enum identifiers 
Provide a direct way to go from a zeek🆔:ID value to EnumVal without
needing to go through the type.
 2025-04-04 15:36:07 +02:00
Arne Welzel
f0ccd5c7f8 Merge remote-tracking branch 'origin/topic/awelzel/4323-traverse-all-stmt-nil-fix' 
* origin/topic/awelzel/4323-traverse-all-stmt-nil-fix:
  Traverse: Do not short-circuit traverse_all() if stmts is nullptr
 2025-04-03 13:11:30 +02:00
Arne Welzel
513eede34e Traverse: Do not short-circuit traverse_all() if stmts is nullptr 
Since commit 0a813a53c7,
zeek::detail::stmts is set to a nullptr when before it was usually
an empty list of statements. This caused traverse_all() to be
short-circuited unless global statements were available.

Fixes #4323
 2025-04-03 12:19:34 +02:00
Johanna Amann
37be65dfd0 Merge remote-tracking branch 'origin/topic/johanna/remove-bind-library-check' 
* origin/topic/johanna/remove-bind-library-check:
  Remove unnecessary check for bind library.

Closes GH-432t log9
 2025-04-03 10:53:21 +01:00
Tim Wojtulewicz
8d71420d09 Merge remote-tracking branch 'origin/topic/timw/enum-val-lookup-speedup' 
* origin/topic/timw/enum-val-lookup-speedup:
  Some minor c++ modernization in EnumType methods
  Avoid O(n) search in EnumType::Lookup
 2025-04-02 16:36:08 -07:00
Tim Wojtulewicz
08101eb372 Some minor c++ modernization in EnumType methods 2025-04-02 16:35:42 -07:00
Tim Wojtulewicz
c22e54604f Avoid O(n) search in EnumType::Lookup 2025-04-02 16:35:42 -07:00
Johanna Amann
5624359f30 Remove unnecessary check for bind library. 
This has not been required since we switched to c-ares and breaks builds
on Fedora Rawhide.

Fixes GH-4329
 2025-04-02 18:32:19 +01:00
Robin Sommer
28fd2a7a7a
Merge remote-tracking branch 'origin/topic/robin/spicy-typeinfo-switch' 
* origin/topic/robin/spicy-typeinfo-switch:
  Spicy: Rework code for converting Spicy values to Zeek values.
 2025-04-02 18:50:09 +02:00
Robin Sommer
000ed528dc
Spicy: Rework code for converting Spicy values to Zeek values. 
The logic was template-based so far, which wasn't great because: (1)
conceptually, it models the Spicy types at the wrong layer (C++ rather
than HILTI types), and (2) stopped working with some recent Spicy
updates (which we have temporarily reverted in the meantime to keep
Zeek working).

The new code is based on HILTI's runtime type information and the
corresponding introspection API, pretty much like `spicy-dump` works
as well. This is the recommended approach for working with HILTI
values, and generally much cleaner.

This is on top of https://github.com/zeek/zeek/pull/4300.
 2025-04-02 17:45:19 +02:00
Robin Sommer
af46322152
Merge remote-tracking branch 'origin/topic/robin/new-tuple' 
* origin/topic/robin/new-tuple:
  Spicy: Port over to Spicy's new tuple representation.
 2025-04-02 14:53:26 +02:00
Robin Sommer
94ddd7f411
Spicy: Port over to Spicy's new tuple representation. 
Includes a fix for supporting CMake 4.0.
 2025-04-02 14:14:26 +02:00
zeek-bot
71305b0009 Update doc submodule [nomail] [skip ci] 2025-04-02 00:14:44 +00:00
Tim Wojtulewicz
b1cd502a96 Merge remote-tracking branch 'origin/topic/timw/add-ignore-docs-annotation' 
* origin/topic/timw/add-ignore-docs-annotation:
  Add comment annotation to disable copying redef value into docs
 2025-04-01 12:58:31 -07:00
Tim Wojtulewicz
55e458c5f7 Add comment annotation to disable copying redef value into docs 2025-04-01 10:23:55 -07:00
zeek-bot
b1bb4e72c5 Update doc submodule [nomail] [skip ci] 2025-04-01 00:29:33 +00:00
Arne Welzel
363fbd9e28 Merge remote-tracking branch 'origin/topic/awelzel/fix-canon-name-builtin-plugins' 
* origin/topic/awelzel/fix-canon-name-builtin-plugins:
  CI: Upgrade zeekctl task to Debian 12
  Bump cmake submodule
  CI: Add external plugins to builtin plugins task
 2025-03-31 18:59:47 +02:00
Arne Welzel
14697ea6ba Merge remote-tracking branch 'origin/topic/neverlord/broker-logging' 
* origin/topic/neverlord/broker-logging:
  Integrate review feedback
  Hook into Broker logs via its new API
 2025-03-31 18:53:43 +02:00
Christian Kreibich
f068f0da4f Merge branch 'topic/christian/quic-history-u' 
* topic/christian/quic-history-u:
  Add "U" to QUIC history docstrings and expand version string docs
 2025-03-31 09:37:19 -07:00
Benjamin Bannier
06e41cec3a Merge remote-tracking branch 'origin/topic/bbannier/warning-arg-counting' 2025-03-31 15:08:18 +02:00
Arne Welzel
4f8a6a1dfc Merge remote-tracking branch 'origin/topic/awelzel/4177-4178-custom-event-metadata-prework' 
* origin/topic/awelzel/4177-4178-custom-event-metadata-prework:
  Event/EventMgr: protected to private
  EventHandler: Deprecate Call(args, no_remote, ts), add Call(args)
  EventHandler: Header cleanup
  EventMgr: Do not cache current event attributes
  EventMgr: Drop src_val
  Event: Header cleanup
 2025-03-31 14:22:17 +02:00
Arne Welzel
dfa2d96d22 CI: Upgrade zeekctl task to Debian 12 2025-03-31 14:19:21 +02:00
Arne Welzel
e269b34df1 Bump cmake submodule 2025-03-31 14:19:21 +02:00
Arne Welzel
c45625b909 CI: Add external plugins to builtin plugins task 
This clones a few external plugins to include them in a build. Except
for zeek-kafka, the others are maintained by the Zeek project.

Closes #3535
 2025-03-31 14:19:18 +02:00
Benjamin Bannier
b1ddf9e476 Use one-based index in warning message 
This was surfacing a zero-based counter to users which was confusing.
 2025-03-28 14:09:11 +01:00
zeek-bot
92d2d0c6b8 Update doc submodule [nomail] [skip ci] 2025-03-28 00:23:27 +00:00
Tim Wojtulewicz
edbe8f0831 Merge remote-tracking branch 'origin/topic/timw/pass-tags-for-storage-events' 
* origin/topic/timw/pass-tags-for-storage-events:
  Make storage events take a tag for the backend instead of a string
  Add move constructor to Tag class
 2025-03-27 16:12:53 -07:00
Tim Wojtulewicz
32ae8f4eaa Make storage events take a tag for the backend instead of a string 2025-03-27 16:12:24 -07:00
Tim Wojtulewicz
989e4adf90 Add move constructor to Tag class 2025-03-27 16:12:24 -07:00
Tim Wojtulewicz
ed47eedd6a Merge remote-tracking branch 'origin/topic/timw/storage-timeout-testing' 
* origin/topic/timw/storage-timeout-testing:
  Fix handling of timeout conditions from storage backends
  Reformat plugin.storage btest to be more consistent with other storage tests
 2025-03-27 14:10:39 -07:00
Tim Wojtulewicz
85701e4514 Fix handling of timeout conditions from storage backends 2025-03-27 13:52:11 -07:00
Tim Wojtulewicz
046f32a6df Reformat plugin.storage btest to be more consistent with other storage tests 2025-03-27 13:52:11 -07:00
Christian Kreibich
98c203b8cb Add "U" to QUIC history docstrings and expand version string docs 
Looks like we overlooked documenting "U" in zeek/zeek#3526 .
 2025-03-27 13:29:40 -07:00
Christian Kreibich
656e88eaa8 Merge branch 'topic/christian/unexperimental-quic-histories' 
* topic/christian/unexperimental-quic-histories:
  Remove "experimental" from the QUIC history field's comment string [skip ci]
 2025-03-27 12:41:03 -07:00
Arne Welzel
2f9b1e21bd Event/EventMgr: protected to private 
These classes are final, so deriving isn't possible. No reason to have
protected members.
 2025-03-27 19:23:47 +01:00
Arne Welzel
f7425b805d EventHandler: Deprecate Call(args, no_remote, ts), add Call(args) 
The ts parameter was only added to Call() for the Broker::auto_publish()
functionality and propagating the network timestamp. By now, the auto-publish
functionality is deprecated, so it'd be good to cleanup that signature. There
won't be any need for no_remote in the future either.

Allow users to just use Call() instead.
 2025-03-27 19:23:47 +01:00
Arne Welzel
b535f03382 EventHandler: Header cleanup 2025-03-27 19:23:47 +01:00
Arne Welzel
7dadbb0c1d EventMgr: Do not cache current event attributes 
Avoid proliferation of various members on EventMgr by storing the
pointer of the current event instead.

This subtly changes the behavior of some builtin functions as they would
have returned the prior event's data when executed outside of event
draining (e.g. C++ level hook invocations), but I think that's actually
for the better.
 2025-03-27 19:23:30 +01:00
Arne Welzel
bef923ebeb EventMgr: Drop src_val 
This is a left over and hasn't been used since a while.
 2025-03-27 11:16:31 +01:00
Arne Welzel
277e6d4129 Event: Header cleanup 2025-03-27 11:16:29 +01:00
Christian Kreibich
2199cb1ddd Remove "experimental" from the QUIC history field's comment string [skip ci] 
We're unlikely to fundamentally change (or remove) this field at this point, and
some users wondered whether we might do so, given the labeling.
 2025-03-26 14:03:52 -07:00
Arne Welzel
acab4236e2 Merge remote-tracking branch 'origin/topic/awelzel/zeromq-no-fprintf-at-overload' 
* origin/topic/awelzel/zeromq-no-fprintf-at-overload:
  cluster/zeromq: Improve XPUB stall behavior, add a metric
 2025-03-26 14:24:02 +01:00
Arne Welzel
bfffc8dac8 cluster/zeromq: Improve XPUB stall behavior, add a metric 
Instead of fprintf, track the number of occurrences via a metric and
change the sleep loop to a blocking send instead.
 2025-03-26 14:23:09 +01:00
Arne Welzel
cd9b37e4a5 Merge remote-tracking branch 'origin/topic/awelzel/4309-telemetry-collect-calbacks' 
* origin/topic/awelzel/4309-telemetry-collect-calbacks:
  telemetry: Run callbacks at collect time
 2025-03-26 14:08:40 +01:00
Arne Welzel
c3c6ee5a2b telemetry: Run callbacks at collect time 
Calling collect_metrics() from a script would not invoke metric
callbacks, resulting in most of the process metrics to be zero
when a Zeek process isn't scraped via Prometheus.

Fixes #4309
 2025-03-26 12:07:27 +01:00
Tim Wojtulewicz
195b87b873 Make SNAP analyzer use both OUI and protocol for forwarding 2025-03-24 15:20:50 -07:00
Tim Wojtulewicz
e5d628548b Change packet analyzer identifiers to be 64-bit 2025-03-24 15:19:33 -07:00
Arne Welzel
33d7e5a7bf Merge remote-tracking branch 'origin/topic/awelzel/zeromq-unsubscription-visibility' 
* origin/topic/awelzel/zeromq-unsubscription-visibility:
  cluster/OnLoop: Add metric for queue stalling instead of fprintf
  btest/cluster/websocket: ZeroMQ backend test
  cluster/OnLoop: Switch to condition variable
  cluster/zeromq: Fix node_topic() and nodeid_topic()
  cluster/websocket: Fix null deref at WebSocket server shutdown
  btest/cluster/websocket: Harden multi-client tests
  cluster/zeromq: Fix unsubscription visibility
 2025-03-24 19:46:20 +01:00
Arne Welzel
52143a5712 cluster/OnLoop: Add metric for queue stalling instead of fprintf 2025-03-24 19:44:08 +01:00
Arne Welzel
50b26fcea8 btest/cluster/websocket: ZeroMQ backend test 
This test ensures that WebSocket clients connected to the same node see
each other's messages.
 2025-03-24 18:36:52 +01:00