Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19014 commits 387 branches 195 tags 255 MiB
Commit graph

19014 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arne Welzel
6dfccfcbaa logging/writers: Disable heartbeats 
None of the built-in log writers have a use for heartbeats, remove them.
 2025-08-06 14:28:17 +02:00
Arne Welzel
269dc23e80 logging/WriterBackend: Deprecate heartbeats 
This is done by switching to a tagged constructor to explicitly disable
heartbeats by passing NoThreadingHeartbeats. DoHeartbeat() receives a
default implementation as well.
 2025-08-06 14:28:17 +02:00
Arne Welzel
33b6869425 Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-three' 
* origin/topic/awelzel/tap-analyzer-take-three:
  TapAnalyzer: Fix docstring
  btest/plugins/tap-analyzer: Update baseline
 2025-08-06 14:27:56 +02:00
Arne Welzel
ce7c394af1 TapAnalyzer: Fix docstring 
Relates to #4337 #4725 #4734
 2025-08-06 14:19:40 +02:00
Arne Welzel
ac776b0aad btest/plugins/tap-analyzer: Update baseline 
Relates to #4337 #4725 #4734
 2025-08-06 14:17:42 +02:00
Arne Welzel
7dea987432 Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-follow-up' 
* origin/topic/awelzel/4337-tap-analyzer-follow-up:
  TapAnalyzer: More verdict to action rename
 2025-08-05 20:00:44 +02:00
Arne Welzel
b4925fbd16 TapAnalyzer: More verdict to action rename 
Relates to #4725 #4337
 2025-08-05 19:59:06 +02:00
Arne Welzel
1e05588e8e Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-sketch' 
* origin/topic/awelzel/4337-tap-analyzer-sketch:
  IPBasedAnalyzer: Call TapPacket() when skipping
  SessionAdapter: Introduce TapAnalyzer for session adapter
 2025-08-05 19:49:01 +02:00
Arne Welzel
4bc7f9532c IPBasedAnalyzer: Call TapPacket() when skipping 
When skip_further_processing() is called, a TapAnalyzer should still see
the packets as skipped with SkipReason "skipping".
 2025-08-05 19:47:04 +02:00
Arne Welzel
dc904b2216 SessionAdapter: Introduce TapAnalyzer for session adapter 
This commit introduces a mechanism to attach light weight analyzers to
the root analyzer of sessions in order to tap into the packets delivered
to child analyzer.
 2025-08-05 19:47:02 +02:00
Christian Kreibich
56325d1412 Merge branch 'topic/christian/zeek-8.0-news' 
* topic/christian/zeek-8.0-news:
  Compile contributors for Zeek 8.0 in the NEWS file
 2025-08-04 09:35:53 -07:00
Christian Kreibich
4fdd83f3f5 Compile contributors for Zeek 8.0 in the NEWS file 2025-08-04 09:32:58 -07:00
Tim Wojtulewicz
6afeeca090 Start of 8.1.0 development 2025-08-04 08:26:29 -07:00
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Arne Welzel
7a68208ecf ci/windows: No ZeroMQ cluster backend 
Doesn't seems there's libzmq available, so just skip building.
 2025-08-01 10:17:13 +02:00
Arne Welzel
993502e0b6 cluster/zeromq: Bail on missing ZeroMQ by default 2025-08-01 09:46:06 +02:00
zeek-bot
aabb36abf7 Update doc submodule [nomail] [skip ci] 2025-08-01 00:28:48 +00:00
Tim Wojtulewicz
f2e155d7fa Merge remote-tracking branch 'origin/topic/timw/update-ct-ca-lists' 
* origin/topic/timw/update-ct-ca-lists:
  Update CT/CA lists to versions from NSS 3.114
 2025-07-31 14:32:21 -07:00
Tim Wojtulewicz
528f0d9766 Merge remote-tracking branch 'origin/topic/timw/update-submodules-ahead-of-8.0' 
* origin/topic/timw/update-submodules-ahead-of-8.0:
  Updating submodule(s) [nomail]
 2025-07-31 14:29:48 -07:00
Tim Wojtulewicz
1daead9edd Update CT/CA lists to versions from NSS 3.114 2025-07-31 11:34:23 -07:00
Tim Wojtulewicz
74a3fe5856 Updating submodule(s) [nomail] 2025-07-31 10:37:45 -07:00
Tim Wojtulewicz
b9a5a635bd Merge remote-tracking branch 'origin/topic/timw/clang-tidy-fix' 
* origin/topic/timw/clang-tidy-fix:
  Fix use-after-move reported by clang-tidy
 2025-07-31 10:34:58 -07:00
Tim Wojtulewicz
647da4f970 Fix use-after-move reported by clang-tidy 
This was introduced by 9eb94ee151.
 2025-07-31 09:55:43 -07:00
Johanna Amann
136bdb43fd Merge remote-tracking branch 'origin/topic/johanna/gh-4694' 
* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek
 2025-07-31 16:11:00 +01:00
Tim Wojtulewicz
3e0012ea30 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump `auxil/spicy` to latest development snapshot
 2025-07-31 07:58:05 -07:00
Benjamin Bannier
c0ce3f19fb Bump auxil/spicy to latest development snapshot 2025-07-31 13:47:32 +02:00
zeek-bot
defc0c96d8 Update doc submodule [nomail] [skip ci] 2025-07-31 00:18:15 +00:00
Arne Welzel
10e7f14f78 Merge remote-tracking branch 'origin/topic/awelzel/defer-more-stuff' 
* origin/topic/awelzel/defer-more-stuff:
  RecordType: Ensure &default fields are always re-initialized
  Attr: Deprecate using &default and &optional together on record fields
  RecordType: Allow deferring &default=vector(), set(), table() fields
 2025-07-30 10:35:56 +02:00
Arne Welzel
9eb94ee151 RecordType: Ensure &default fields are always re-initialized 
This started working partly after the deferral logic introduced with
Zeek 6.0 so this finishes it :-)
 2025-07-30 10:26:06 +02:00
Arne Welzel
473723cc47 Attr: Deprecate using &default and &optional together on record fields 
If &default implies re-initialization of the field, using them together
doesn't make much sense.
 2025-07-30 10:26:06 +02:00
Arne Welzel
23181e4811 RecordType: Allow deferring &default=vector(), set(), table() fields 2025-07-30 10:26:06 +02:00
Arne Welzel
d7fbd49d9e Merge remote-tracking branch 'origin/topic/vern/zam-record-fields-fixes' 
* origin/topic/vern/zam-record-fields-fixes:
  fixes for specialized ZAM operations needing to check whether record fields exist
 2025-07-30 10:08:21 +02:00
Johanna Amann
a90969800c Add tests for the deprecated-dpd-log.zeek policy script 
This re-adds baselines for the old dpd.log to check functionality until
its removal in 8.1
 2025-07-30 07:58:36 +01:00
Johanna Amann
8de178d923 Move c$service_violation to deprecated-dpd-log.zeek 
This moves c$service_violation to the deprecated-dpd-log policy script.

This is the only script in the distribution that uses the field, and it
is unlikely to be used externally. It is also responsible for a
significant amount of memory use by itself.

This also restores the field being populated, which was broken in
GH-4362
 2025-07-30 07:58:36 +01:00
Vern Paxson
47bf6af6a5 fixes for specialized ZAM operations needing to check whether record fields exist 2025-07-30 08:36:04 +02:00
zeek-bot
86ab82c0df Update doc submodule [nomail] [skip ci] 2025-07-30 00:25:27 +00:00
Johanna Amann
a22b45c69e Merge remote-tracking branch 'origin/topic/johanna/gh-4202' 
* origin/topic/johanna/gh-4202:
  Update NEWS for Conn::set_conn changes
  DNS-fuzzer: raise new_connection event
  Optimize Conn::set_conn to minimize operations
  Move Conn::set_conn() from connection_state_remove to new_connection
 2025-07-29 21:01:51 +01:00
Johanna Amann
8de1357e52 Update NEWS for Conn::set_conn changes 2025-07-29 18:41:59 +01:00
Johanna Amann
5e74eefd88 DNS-fuzzer: raise new_connection event 
The conn protocol scripts now assume that new_connection is run before
connection_state_remove. Update the DNS analyzer to raise the
new_connection event.
 2025-07-29 18:41:59 +01:00
Arne Welzel
ab282e3637 Merge remote-tracking branch 'origin/topic/awelzel/cluster-event-out-of-detail' 
* origin/topic/awelzel/cluster-event-out-of-detail:
  cluster::Event: Move implementation into cluster/Event.{h,cc}
  cluster: Move cluster::detail::Event to cluster::Event
 2025-07-29 18:24:20 +02:00
Arne Welzel
40389603c2 cluster::Event: Move implementation into cluster/Event.{h,cc} 2025-07-29 18:13:59 +02:00
Arne Welzel
bda70067ec cluster: Move cluster::detail::Event to cluster::Event 
This class is a parameter of virtual methods of the Backend API for users
to implement and also a parameter to the HookPublishEvent() API. Seems it
shouldn't be in detail and instead we should own it.

Alternatively, could mark the cluster APIs as not-stable-yet, but I
think we can move forward and make it non-detail for 8.0.
 2025-07-29 18:13:59 +02:00
Tim Wojtulewicz
9f3a1a135f Merge remote-tracking branch 'origin/topic/timw/fix-fuzzer-conn-key-deprecation' 
* origin/topic/timw/fix-fuzzer-conn-key-deprecation:
  Fix ConnKey deprecation warnings from generic fuzzer
 2025-07-29 07:41:23 -07:00
Tim Wojtulewicz
743b9e27cc Merge remote-tracking branch 'origin/topic/timw/fix-irc-analyzer-event-types' 
* origin/topic/timw/fix-irc-analyzer-event-types:
  Fix types passed to some of the IRC analyzer events
 2025-07-29 07:19:36 -07:00
Tim Wojtulewicz
06ec03046d Merge remote-tracking branch 'origin/topic/timw/fix-ranges-debian-11-build-failure' 
* origin/topic/timw/fix-ranges-debian-11-build-failure:
  Fix build failure with std::ranges on Debian 11
 2025-07-29 07:19:11 -07:00
Arne Welzel
cd7836dda2 Merge remote-tracking branch 'origin/topic/awelzel/4431-zeromq-drop-policy-v2' 
* origin/topic/awelzel/4431-zeromq-drop-policy-v2:
  cluster.bif: Improve Cluster::publish() docstring
  btest/cluster/zeromq: Add tests for overload behavior
  cluster/zeromq: Metric for msg errors
  cluster/zeromq: Drop events when overloaded
  cluster/zeromq: Comments and move lookups to InitPostScript()
  cluster/zeromq: Rework lambdas to member functions
  cluster/zeromq: Support local XPUB/XSUB hwm and buf configurability
  cluster/OnLoop: Support DontBlock and Force flags for queueing
  cluster/ThreadedBackend: Injectable OnLoopProcess instance
 2025-07-29 11:38:49 +02:00
Arne Welzel
55ecd90928 cluster.bif: Improve Cluster::publish() docstring 2025-07-29 11:23:53 +02:00
Arne Welzel
c8307487d1 btest/cluster/zeromq: Add tests for overload behavior 
The overload-drop.zeek and overload-no-drop.zeek tests have proxy,
worker-1 and worker-2 publish to the manager topic. For the drop
case, we verify that both, the senders, but also the manager drops
events. For the no-drop test, the HWMs are set such that all events
are buffered.

The overload-worker-proxy-topic*.zeek tests are similar, but instead
of publishing to the manager topic, proxy, worker-1 and worker-2 publish
to the proxy and worker topics to overload each other. This had
previously resulted in lockups and these tests verify that this doesn't
happen anymore.
 2025-07-29 11:23:53 +02:00
Arne Welzel
d2bb86f8b4 cluster/zeromq: Metric for msg errors 2025-07-29 11:23:53 +02:00