- Squashed the original commit set
- Cleaned up formatting
- Fixed register_for_ports() for right RDPEUDP analyzer
* topic/ak/rdpeudp:
Add RDP over UDP analyzer
The alternates must be some subset of the canonical prototype (the one
that's first declared) and allows users to define handlers for any
such prototype. Example:
# Prototype declarations
global my_event: event(s: string, c: count);
global my_event: event(c: count);
global my_event: event();
# Handler definitions
event my_event(s: string, c: count) { print s, c; }
event my_event(c: count) { print c; }
event my_event() { }
This allows handlers to consume a subset of the arguments or even
re-order them. This makes it easier to either extend an existing
event/hook's arguments and/or deprecate usages of certain prototypes.
* origin/topic/jsiwek/misc-lambda-fixes:
GH-725: fix logic for finding a lambda's usage of outer IDs
Change record field anonymous functions to use lambda expressions
* origin/topic/timw/override:
Mark input/output message classes as final, since nothing should be inheriting from them
Add missing override specifier to a number of methods, remove virtual from some as well
Add override specifier to Configure() method in almost all of the internal plugins
* origin/topic/timw/expr-cleanup:
Don't use xor operator for boolean operations
Fix whitespace issues
Fix a variable-name-shadowing issue
Don't allocate a value during a loop if avoidable
Fix type narrowing on a couple of subtractions
Fold multiple if cases with the same return value into a single return
Fold a number of allocations into the if statement where they're used
Remove unused ListExpr::AllConst method
Constify a couple of method arguments
Mark RuntimeError methods in Reporter as noreturn since they throw exceptions
This changes the decapsulation logic for GRE/ERSPAN payloads to re-use
existing Layer 2 parsing logic that already handles things like 802.1Q
tags correctly before going on to process the inner IPv4/IPv6 payload.
* origin/topic/jsiwek/runtime-exception-leak-cleanup:
Func::DescribeDebug: move a NumFields() call out of loop
Use const-ref parameter for zeek::val_list_to_args()
Fix missing IntrusivePtr.h include and ambiguous ODesc::Add call
Remove TimerMgr arg from event queuing/scheduling methods
Deprecate Analyzer::ConnectionEvent()
Deprecate file_analysis::File::FileEvent methods using val_list args
Deprecate Connection::ConnectionEvent methods
Deprecate EventMgr::QueueEventFast() and update usages to Enqueue()
Deprecate EventMgr::QueueEvent() and update usages to Enqueue()
Deprecate Func::Call(val_list*, ...)
Use vector<IntrusivePtr<Val>> for Func::Call and Event queuing args
Fix memory leak in Zeek when-statement bodies with runtime errors
Change TableVal::RecoverIndex() to return IntrusivePtr
Use IntrusivePtr in TableVal::CallExpireFunc
Fix memory leak when runtime error occurs in a Zeek for-loop
Enable leak checks for btests that produce runtime exceptions
There was an alternate syntax to assign anonymous functions to record
fields that was never migrated to use the new lambda expression
machinery (and so didn't allow referencing variables in outer scope):
type myrec: record {
foo: function(a: string);
};
local o = "o";
local mr = myrec($foo(a: string) = { print a + o; });
