- rotate_file
- rotate_file_by_name
- calc_next_rotate
These still have use-cases even though no longer used for our logging
functionality. E.g. rotate_file_by_name may be used to rotate
pcap dump files.
Also the log_rotate_base_time option was marked deprecated, but still
used in the new logging framework.
Currently, creating a StringVal from a std::string did not work with
data that contains \0 characters. This easy fix changes this - and
should also lead to a small speed increase for code using this
constructor.
This obviously means that more data might copied now in some cases that
were previously cut off at the first 0-byte. Our test-suite did not
reveal any such cases.
In the past they were processed on the manager - which requires big
records to be sent around.
This has a potential of incompatibilities if someone relied on global
state for notice processing.
GH-214
The default value of an ID is now truly the one used to initialize it,
unaltered by any subsequent redefs.
Redefs are now shown separately, along with the expression that
modifies the ID's value.
* 'paraglob' of https://github.com/ZekeMedley/zeek:
Add leak test to paraglob.
Catch paraglob serialization errors in DoClone.
Update paraglob serialization.
Stop execution on paraglob error.
Update paraglob submodule
Change C++11 detection in paraglob.
Make paraglob serializable and copyable.
Initial paraglob integration.
I made a bunch of small changes:
* paraglob now deals better with \0 characters
* I rolled back the changes to Binary Serialization format,
* there were some small formatting issue
* the error output was slightly unsafe
* build_unique is now in util.h.
and perhaps a few more small things.
Was possible for some failed parsing calls in
RPC_Interpreter::DeliverRPC to set buf to a null-pointer, only for it
to later access it when checking whether the message length appeared
to be legit.
Adding the null-initialization of buf in RPC_Interpreter::Timeout()
was just precautionary -- didn't look like any real bugs with anyone
accessing its uninitialized state at the moment.
* origin/topic/timw/171-deprecation-warnings:
GH-171: support warning messages alongside deprecated attributes
Made a minor tweak to give a better error message when using
&deprecated= with something other than a string literal expression.
* 'rdp_client_cluster_data' of https://github.com/neslog/zeek:
Fixing types.
Correcting types.
Removing misc data from Client Cluster data trying to assign values.
Adding options field to RDP::ClientChannelDef Adding Client Cluster Data
Adjustments:
- Reformatting
- Added comments
- Changed the REDIRECTED_SESSIONID_FIELD_VALID field to a bool
This allows anonymous functions in Zeek to capture their closures.
they do so by creating a copy of their enclosing frame and joining
that with their own frame.
There is no way to specify what specific items to capture from the
closure like C++, nor is there a nonlocal keyword like Python.
Attemptying to declare a local variable that has already been caught
by the closure will error nicely. At the worst this is an inconvenience
for people who are using lambdas which use the same variable names
as their closures.
As a result of functions copying their enclosing frames there is no
way for a function with a closure to reach back up and modify the
state of the frame that it was created in. This lets functions that
generate functions work as expected. The function can reach back and
modify its copy of the frame that it is captured in though.
Implementation wise this is done by creating two new subclasses in
Zeek. The first is a LambdaExpression which can be thought of as a
function generator. It gathers all of the ingredients for a function
at parse time, and then when evaluated creats a new version of that
function with the frame it is being evaluated in as a closure. The
second subclass is a ClosureFrame. This acts for most intents and
purposes like a regular Frame, but it routes lookups of values to its
closure as needed.
