* origin/master: (139 commits)
Given the -C flag, set script-layer ignore_checksums to true.
Add btest for "-C" flag vs the script-layer ignore_checksums global.
Update doc submodule [nomail] [skip ci]
Remove references to bro_broker in broker/Manager.h
cmake: Fixup BRO_PLUGIN_INSTALL_PATH references
testing/external: Bump hashes for community_id addition
NEWS: Add entry for Community ID
policy: Import zeek-community-id scripts into protocols/conn frameworks/notice
Add irc_dcc_send_ack event and fix missing fields
Fix install directory for plugins
Update doc submodule [nomail] [skip ci]
Add community_id_v1() based on corelight/zeek-community-id
Update NEWS to cover cluster framework changes.
Add cluster_started restart tests.
Add basic cluster_started tests.
Add cluster_started and node_fully_connected events.
Add hook into cluster connection setup.
Add broadcast_topics set.
Generalize Cluster::worker_count.
Edit pass over the current 6.0 NEWS entries. [nomail] [skip ci]
...
* origin/topic/christian/sync-ignore_checksums-from-cli:
Given the -C flag, set script-layer ignore_checksums to true.
Add btest for "-C" flag vs the script-layer ignore_checksums global.
* Mask VLAN ID from tp_vlan_tci field to fix vlan > 4095 reported by Zeek
when PCP and/or DEI bits are set.
* Descriptive error message when interface is down. Instead of
"Invalid argument", Zeek now reports "interface is down".
* Performance improvements for the Redis Log::log_stream_policy example
around PortVal wrapping and caching field offsets for property lookups.
* Debug output is now channeled through PLUGIN_DBG_LOG() and available via
zeek -B plugin-Zeek-JavaScript instead of unconditionally on stderr.
* Reduced CMake output when Node.js isn't found
* 'topic/amazingpp/irc-fuid-missing' of github.com:AmazingPP/zeek:
Add irc_dcc_send_ack event and fix missing fields
I've moved IRC_Data back into the zeek::analyzer::file namespace, but
we did move the declaration from protocol/file/File.h to protocol/irc/IRC.h.
But, if someone actually customized IRC_Data and didn't include protocol/irc/IRC.h
for other reasons, I'll be surprised (and also just suggest to update the include).
Add a define for `ZEEK_CONFIG_SKIP_VERSION_H` to static plugins as well
as to dynamic plugins that we build alongside Zeek. When including
`zeek-config.h` with this macro defined, the header skips including
`zeek-version.h`.
* origin/topic/awelzel/add-community-id:
testing/external: Bump hashes for community_id addition
NEWS: Add entry for Community ID
policy: Import zeek-community-id scripts into protocols/conn frameworks/notice
Add community_id_v1() based on corelight/zeek-community-id
"Community ID" has become an established flow hash for connection correlation
across different monitoring and storage systems. Other NSMs have had native
and built-in support for Community ID since late 2018. And even though the
roots of "Community ID" are very close to Zeek, Zeek itself has never provided
out-of-the-box support and instead required users to install an external plugin.
While we try to make that installation as easy as possible, an external plugin
always sets the bar higher for an initial setup and can be intimidating.
It also requires a rebuild operation of the plugin during upgrades. Nothing
overly complicated, but somewhat unnecessary for such popular functionality.
This isn't a 1:1 import. The options are parameters and the "verbose"
functionality has been removed. Further, instead of a `connection`
record, the new bif works with `conn_id`, allowing computation of the
hash with little effort on the command line:
$ zeek -e 'print community_id_v1([$orig_h=1.2.3.4, $orig_p=1024/tcp, $resp_h=5.6.7.8, $resp_p=80/tcp])'
1:RcCrCS5fwYUeIzgDDx64EN3+okU
Reference: https://github.com/corelight/zeek-community-id/
This set contains the topics to reach all cluster nodes. Due to broker's
forwarding mechanism, we cannot define a single broadcast topic, as it
would create routing loops.
* origin/topic/awelzel/2935-publish-hrw-rr-type-check:
zeek.bif: Remove cat_sep() fully var_arg changes
broker/messaging: Runtime type checks for pool
bifcl: Bump for runtime-type checks in var_arg bifs
publish_hrw() and publish_rr() are excluded from type checking due to their
variadic nature. Passing a wrong type for the pool argument previously triggered
an abort, now the result is runtime errors. This isn't great, but it's
better than crashing Zeek.
Closes#2935
The file_analysis/Manager.h header only needs run_state::terminating, so
declare just that similar to what Val.h does. This breaks ZBody compilation
due to OP_READING_LIVE_TRAFFIC_V and OP_READING_TRACES_V accessing
run-state::reading_live and run_state::reading_traces. Add the include to
ZBody.cc as a fix.
This may break external plugins, too, but then they didn't have the
right includes setup to begin with.
* origin/topic/vern/record-optimizations.Apr23B:
different fix for MSVC compiler issues
more general approach for addressing MSVC compiler issues with IntrusivePtr
restored RecordType::Create, now marked as deprecated tidying of namespaces and private class members simplification of flagging record field initializations that should be skipped address peculiar MSVC compilation complaint for IntrusivePtr's
clarifications and tidying for record field initializations
optimize record construction by deferring initializations of aggregates
compile-scripts-to-C++ speedups by switching to raw record access
logging speedup by switching to raw record access
remove redundant record coercions
Removed the `#if 0` hunk during merging: Probably could have gone with a
doctest instead.
* origin/topic/neverlord/gh-2953:
Improve CMake variables, update cmake submodule
Fix builds with plugins that use zeek-config
Bumped cmake and used update-changes with explicit -p because
it wasn't detecting the right commit to start with. Suspect
something went off with the last bump.
