* origin/topic/christian/fix-zeekygen-crash:
Avoid segfault when generating Zeekygen docs on Zeek-internal identifiers.
Add btest for Zeekygen docs extraction on identifiers defined by the Zeek core.
* origin/topic/robin/gh-3573-replaces-cleanup:
Fix packet analyzer replacement.
Spicy: Wenn replacing an analyzer add a component mapping.
Add component API to transparently remap one component to another one.
Move enabled/disabled functionality from analyzers into `Component` base class API.
This uses the new API to replace components internally.
With these changes in place, replacing protocol analyzers now don't
need to register their ports anymore if they match what the original
analyzer was using (because the old one's registrations will map
over).
Packet analyzer replacement doesn't quite work yet but will be fixed
in next commit.
Closes#3573.
When a specific component is requested through its tag or name, one
can now have the component manager transparently return a different
one that has been registered to replace the original one. We limit
this to disabled components to avoid unnecessary confusion. That also
means that remappings are currently only supported for analyzers
(because other types of components cannot be disabled for now, per the
previous change).
The different analyzers types all had their own methods for
enabling/disabling their availability. This change abstracts that into
a new API inside their base class (`plugin::Component`) so that they
can be toggled in a unified way.
In principle, other types of components could/should use this as well
now, so that, e.g., an input reader's availability could be toggled at
runtime. The code doesn't make that broader change for now because it
would requires a series of changes wherever these other component
types are being used. However, that means that one now could try
toggling some other component through the new API without that having
any effect. To catch that, there's a runtime check in place that turns
any such attempt into an internal error.
Like traditional file analyzers, we now query Zeek's
`get_file_handle()` event for handles when a connection begins
analyzing an embedded file. That means that Spicy-side protocol
analyzers that are forwarding data into file analysis now need to call
Zeek's `Files::register_protocol()` and provide a callback for
computing file handles. If that's missing, Zeek will now issue a
warning. This aligns with the requirements Zeek's traditional protocol
analyzers. (If the EVT file defines a protocol analyzer to `replace`
an existing one, that one's `register_protocol()` will be consulted.)
Because Zeek's `get_file_handle()` event requires a current
connection, if a Spicy file analyzer isn't directly part of a
connection context (e.g., with nested files), we continue to use
hardcoded, built-in file handle. Scriptland won't be consulted in
that case, just like before.
Closes#3440.
IANA's IPv6 special-purpose address registry now has members that technically
meet the definition of not being globally reachable, but don't imply operating
locally. An example: https://datatracker.ietf.org/doc/draft-ietf-6man-sids/06/
This change just explains that distinction.
Identifiers that Zeek generates explicitly in-core for example during component management
("Analyzer::ANALYZER_FOO", "Input::READER_FOO", etc), aren't associated with any
scripts and would lead to nullpointer derefs when trying to identify
modification time.
This fix returns a zero timestamp in such cases, ensuring it never triggers docs
refreshes. We do the same e.g. in PackageInfo instances.
Mainly, this should not crash. :-) The baseline output file also should remain
empty, since Zeekygen's staleness test should conclude that it's sufficiently
fresh.
* origin/topic/vern/script-opt.May24:
factored BTest constants into globals to prevent premature ZAM optimization when testing
addressed minor issues flagged by Coverity
