Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17728 commits 387 branches 195 tags 255 MiB
Commit graph

17728 commits

This branch
This branch
All branches
Author SHA1 Message Date
Benjamin Bannier
7f1d3ae559 Bump auxil/spicy to latest development snapshot 2025-01-10 11:42:26 +01:00
Tim Wojtulewicz
c10b18253a Merge remote-tracking branch 'origin/topic/timw/non-routeable-subnets' 
* origin/topic/timw/non-routeable-subnets:
  Update btests for new local-only subnets
  Add recommended non-routable subnets
 2025-01-09 22:18:03 -07:00
Tim Wojtulewicz
0fcbc8546e Update btests for new local-only subnets 2025-01-09 22:16:42 -07:00
JW-Corelight
05e3de9b81 Add recommended non-routable subnets 
224.0.0.0/24 (and 6to4 conversion 2002:e000::/40) from RFC5771	"Multicast Local Network Control Block" defined as non-routable.

239.0.0.0/8 (and 6to4 conversion 2002:ef00::/24) from RFC2365 "Administratively Scoped IP Multicast"

fec0::/10 from RFC3879 "Deprecated Site Local Addresses"
(cherry picked from commit 821ab2dbed)
 2025-01-09 22:15:45 -07:00
Tim Wojtulewicz
5fbbbe9548 Fix another typo in the Coverity workflow script 2025-01-09 18:45:56 -07:00
zeek-bot
a4d9067327 Update doc submodule [nomail] [skip ci] 2025-01-10 00:14:49 +00:00
Tim Wojtulewicz
a919226b24 Merge remote-tracking branch 'origin/topic/vern/macro-descriptions' 
* origin/topic/vern/macro-descriptions:
  Add missing include for <vector>
  Extended ZAM validation to include macros
 2025-01-09 13:47:57 -07:00
Tim Wojtulewicz
c30af24aee Add missing include for <vector> 2025-01-09 12:28:24 -07:00
Tim Wojtulewicz
7df5298fcd Merge remote-tracking branch 'origin/topic/vern/zam-header-factoring' 
* origin/topic/vern/zam-header-factoring:
  factoring of some ZAM header files for better modularity
 2025-01-09 12:09:16 -07:00
Tim Wojtulewicz
f57e650242 Merge remote-tracking branch 'origin/topic/vern/CPP-standalone-fixes' 
* origin/topic/vern/CPP-standalone-fixes:
  fixes for initializing globals when using -O gen-standalone-C++
 2025-01-09 12:02:55 -07:00
Evan Typanski
34f13e7291 Harden flaky test based on creating a file 
Closes #4102

Surely it won't take over 10 seconds to create the file
 2025-01-09 11:06:04 -05:00
Arne Welzel
0fc7a8ca4b Merge remote-tracking branch 'origin/topic/etyp/copying-2025' 
* origin/topic/etyp/copying-2025:
  Update COPYING date to now and fix some [skip CI]
 2025-01-09 16:34:28 +01:00
Evan Typanski
fe44022ee7 Update COPYING date to now and fix some [skip CI] 2025-01-09 08:38:45 -05:00
Christian Kreibich
597e137b46 Merge remote-tracking branch 'origin/topic/etyp/help-stdout' 
* origin/topic/etyp/help-stdout:
  Try to be more careful with `--help` printing
 2025-01-08 21:44:49 -08:00
zeek-bot
b76cc88f3a Update doc submodule [nomail] [skip ci] 2025-01-09 00:12:41 +00:00
Johanna Amann
ac1c55c02a Merge remote-tracking branch 'origin/topic/johanna/yet-another-curve-for-ssl' 
* origin/topic/johanna/yet-another-curve-for-ssl:
  Add CECPQ2 curve number to SSL consts
 2025-01-08 16:22:28 +00:00
Tim Wojtulewicz
e0961da7b9 Merge remote-tracking branch 'origin/topic/timw/fix-coverity-request' 
* origin/topic/timw/fix-coverity-request:
  CI: Fix escaping in coverity workflow
 2025-01-08 08:38:39 -07:00
Tim Wojtulewicz
5d55d40764 CI: Fix escaping in coverity workflow 2025-01-08 08:37:59 -07:00
Evan Typanski
0b2f843db9 Try to be more careful with --help printing 
Namely, this will:

 - print --help to stdout rather than stderr
 - not print full usage when errors happen
 - add a prompt to use --help for more info on error

This should make it more greppable, clearer, and less spammy.
 2025-01-08 07:54:18 -05:00
Johanna Amann
8b85acfc05 Add CECPQ2 curve number to SSL consts 
This one was hard to find, as it never was officially specified
anywhere.

Source: https://boringssl.googlesource.com/boringssl/+/4ae4fb76c809bfc48a5ab100670395ce404244ce%5E%21/#F4
 2025-01-08 09:36:48 +00:00
zeek-bot
adf02b487f Update doc submodule [nomail] [skip ci] 2025-01-08 00:15:06 +00:00
Tim Wojtulewicz
f1c054f8f3 Merge remote-tracking branch 'origin/topic/christian/news-7-1-contribs' 
* origin/topic/christian/news-7-1-contribs:
  Add 7.1 contributors to NEWS file [skip ci]
 2025-01-07 11:41:44 -07:00
Christian Kreibich
0ff3fbb7ce Add 7.1 contributors to NEWS file [skip ci] 2025-01-07 10:38:51 -08:00
Johanna Amann
9f72353a41 Raise warnings when for DNS events that are not raised due to dns_skip_all_addl 
By default, dns_skip_all_addl is set to false. This causes several
events to not be raised. This change emits warnings when a user defines
event handlers for events that will not be raised.

Furthermore, it adds notes about this behavior to the documentation. We
also introduce a new BIF, `is_event_handled`, which checks if an event
is handled.

Fixes GH-4061
 2025-01-07 17:46:27 +00:00
Tim Wojtulewicz
2ce71a75a7 Merge remote-tracking branch 'origin/topic/johanna/even-more-tls-const-updates' 
* origin/topic/johanna/even-more-tls-const-updates:
  More updates to the SSL consts from recent protocol additions
 2025-01-07 10:05:26 -07:00
Johanna Amann
87d9ecb743 More updates to the SSL consts from recent protocol additions 2025-01-07 16:08:18 +00:00
zeek-bot
a819d7cf8a Update doc submodule [nomail] [skip ci] 2025-01-07 00:12:57 +00:00
Tim Wojtulewicz
7f4a620db6 Merge remote-tracking branch 'origin/topic/johanna/more-post-quantum-curves' 
* origin/topic/johanna/more-post-quantum-curves:
  Update ssl consts with more post-quantum curves
 2025-01-06 15:51:40 -07:00
Tim Wojtulewicz
c892594703 Merge remote-tracking branch 'origin/topic/timw/coverity-upload-large-builds' 
* origin/topic/timw/coverity-upload-large-builds:
  CI: Fix coverity workflow to support large uploads
  CI: Remove use of wget from coverity workflow
  CI: Upgrade coverity workflow to ubuntu24, add jq
 2025-01-06 10:37:50 -07:00
Johanna Amann
c99f544e1c Update ssl consts with more post-quantum curves 2025-01-06 16:54:29 +00:00
zeek-bot
01e6c2c53b Update doc submodule [nomail] [skip ci] 2025-01-06 00:14:25 +00:00
Tim Wojtulewicz
6deae2d28d Merge remote-tracking branch 'origin/topic/bbannier/fix-zeek-see-uses' 
* origin/topic/bbannier/fix-zeek-see-uses:
  Fix incorrect uses of `zeek:see`
 2025-01-05 14:19:32 -07:00
Tim Wojtulewicz
f95298f1d0 CI: Fix coverity workflow to support large uploads 
The previous setup only allowed uploads of up to 500MB, which we
eclipsed a long time ago. They recently started enforcing it, so
this switches over to use a call-and-response API for uploading
larger files.
 2025-01-05 12:22:56 -07:00
Tim Wojtulewicz
2cc2056310 CI: Remove use of wget from coverity workflow 2025-01-05 12:22:21 -07:00
Tim Wojtulewicz
b0b534dbda CI: Upgrade coverity workflow to ubuntu24, add jq 2025-01-05 10:51:24 -07:00
Vern Paxson
7a908a2876 Extended ZAM validation to include macros 2025-01-02 15:32:30 -08:00
Vern Paxson
4f48428283 factoring of some ZAM header files for better modularity 2025-01-02 08:36:42 -08:00
Vern Paxson
3d58732cb3 fixes for initializing globals when using -O gen-standalone-C++ 2025-01-01 13:26:58 -08:00
Benjamin Bannier
e8960e0efc Fix incorrect uses of zeek:see 
This fixes instances where `zeek:see` was used incorrectly so it was not
rendered correctly. All these instances have been found by looking for
`zeek:see` in the generated HTML where it should not be visible anymore.

I also removed a doc reference to `paraglob_add` which never existed.
 2025-01-01 15:35:59 +01:00
zeek-bot
9e85a0d27d Update doc submodule [nomail] [skip ci] 2025-01-01 00:12:27 +00:00
Tim Wojtulewicz
f39f0aae2d Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump auxil/spicy to latest development snapshot
 2024-12-20 15:31:34 -07:00
Benjamin Bannier
4278ab2b04 Bump auxil/spicy to latest development snapshot 2024-12-20 15:18:20 -07:00
Tim Wojtulewicz
3a0bb55244 Merge remote-tracking branch 'origin/topic/timw/require-spicy-for-analyzer-id-test' 
* origin/topic/timw/require-spicy-for-analyzer-id-test:
  Require spicy for spicy.analyzer-id btest
 2024-12-20 15:14:42 -07:00
Tim Wojtulewicz
eb8f99da92 Require spicy for spicy.analyzer-id btest 2024-12-20 14:25:04 -07:00
zeek-bot
65022614ba Update doc submodule [nomail] [skip ci] 2024-12-20 00:12:22 +00:00
Tim Wojtulewicz
15a506a5b7 Merge remote-tracking branch 'origin/topic/etyp/get-tag-doc' 
* origin/topic/etyp/get-tag-doc:
  Document `get_tag` to ensure that `name` exists
 2024-12-19 11:15:48 -07:00
Tim Wojtulewicz
f405f4ea7e Merge remote-tracking branch 'origin/topic/timw/4090-current-spicy-analyzer' 
* origin/topic/timw/4090-current-spicy-analyzer:
  Add spicy runtime-support current_analyzer_id(), use it to set id in events
 2024-12-18 15:46:17 -07:00
Tim Wojtulewicz
fd4f25965d Add spicy runtime-support current_analyzer_id(), use it to set id in events 2024-12-18 15:44:09 -07:00
Evan Typanski
77273a676d Document get_tag to ensure that name exists 
This caused confusion and I don't think it's very intuitive. If called
with a name that does not exist, this returns without a value, not even
an error value. Changing that seems like it could be more deprecation
work.
 2024-12-18 16:13:13 -05:00
Arne Welzel
991bc9644d Merge remote-tracking branch 'origin/topic/vern/ZAM-field-assign-in-op' 
* origin/topic/vern/ZAM-field-assign-in-op:
  pre-commit: Bump spicy-format to 0.23
  fix for ZAM optimization of assigning a record field to result of "in" operation
 2024-12-18 09:28:44 +01:00