Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17203 commits 387 branches 195 tags 255 MiB
Commit graph

17203 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johanna Amann
09d6be7f68 CI: Use FEDORA40 crypto policy in Fedora 41 
Fedora 41 distrusts SHA-1 signatures by default. Switching to this policy is
Fedora's recommended way of re-enabling support for at least the next several
releases.

A few references:

https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
https://fedoraproject.org/wiki/SHA1SignaturesGuidance
https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
 2024-11-13 17:05:08 -08:00
Arne Welzel
6c7f2e62f2 Bump zeekjs to 0.13.0 
c0dd7bb README: Add note about supported versions
    da69053 ci: Bump to Fedora 40
    43f69bd Nodejs/Types: Make compatible with v22.11.0
    8a70a21 ci: Fix nightly job
 2024-11-13 13:43:31 +01:00
Christian Kreibich
62e8c49e66 CI: bump FreeBSD 13 to 13.4, released in September 2024-11-12 15:49:03 -08:00
Christian Kreibich
2881ff620b CI: drop Fedora 39, add 41 2024-11-12 15:32:07 -08:00
Tim Wojtulewicz
0217208c49 Merge remote-tracking branch 'origin/topic/timw/remove-abspath-cleanup' 
* origin/topic/timw/remove-abspath-cleanup:
  diff-remove-abspath: Add separate handling of Windows paths
  diff-remove-abspath: Remove capture of windows drive letters from POSIX regex
 2024-11-12 12:26:56 -07:00
Robin Sommer
0ea2a35d7a
Merge remote-tracking branch 'origin/topic/robin/spicy-bump' 
* origin/topic/robin/spicy-bump:
  Bump Spicy to current `main`.
 2024-11-12 16:16:23 +01:00
Arne Welzel
d0bf4e428a Merge remote-tracking branch 'origin/topic/awelzel/pseudo-realtime-again' 
* origin/topic/awelzel/pseudo-realtime-again:
  PktSrc: Remove first_timestamp condition check
  PktSrc: Fix includes
  PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState
  RunState.h: Deprecate misleadingly named current_packet_timestamp()
  debug: Add processing suspended/continued to debug.log
 2024-11-12 16:00:19 +01:00
Robin Sommer
f68d43bc02
Bump Spicy to current main. 2024-11-12 15:00:01 +01:00
Arne Welzel
fcab5fd6cf PktSrc: Remove first_timestamp condition check 
The comment is stale and first_timestamp is only relevant/available
in pseudo_realtime.
 2024-11-12 10:46:55 +01:00
Arne Welzel
ffa1fafa03 PktSrc: Fix includes 2024-11-12 10:46:55 +01:00
Arne Welzel
d9a7f9f36f PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState 
check_pseudo_time() used zeek_start_time which skews things sufficiently
around being in the past when ZAM compilation takes multiple seconds. Switch
to using first_wallclock instead.

Further, move setting of first_timestamp and first_wallclock from PktSrc
into RunState's dispatch_packet(), so it's more centralized now.

The only pseudo_realtime piece left in PktSrc() is in GetNextTimeout() to
determine how long the PktSrc is idle until the next packet is ready.
 2024-11-12 10:46:55 +01:00
Arne Welzel
54d28a2179 RunState.h: Deprecate misleadingly named current_packet_timestamp() 
This returns current_pseudo, naming it current_packet_timestamp()
is actively misleading.
 2024-11-12 10:46:55 +01:00
Arne Welzel
402b768787 debug: Add processing suspended/continued to debug.log 2024-11-12 10:46:55 +01:00
Arne Welzel
9e27334596 Merge remote-tracking branch 'origin/topic/vern/zam-asan-fixes' 
* origin/topic/vern/zam-asan-fixes:
  ZAM fixes for assignments involving "any" record fields
  fixes for (mostly ZAM) vector operation issues found by ASAN

Including a fix for mmdb/explicit-open.zeek to avoid using assert.
 2024-11-12 10:29:56 +01:00
zeek-bot
57ffa96600 Update doc submodule [nomail] [skip ci] 2024-11-12 00:11:11 +00:00
Benjamin Bannier
1d38c31071 Merge remote-tracking branch 'origin/topic/etyp/cookie-nullptr-spicy-dpd' 2024-11-11 22:30:50 +01:00
Evan Typanski
ae33aa0413 Fix nullptr deref in Spicy accept/decline input 
Seems like this is a continuation of #4006
 2024-11-11 10:30:02 -05:00
Robin Sommer
0285196626
Merge remote-tracking branch 'origin/topic/robin/gh-3988-evt-assert' 
* origin/topic/robin/gh-3988-evt-assert:
  Spicy: Improve error messages reporting malformed unit names in EVT files.
  Spicy:: Remove unhelpful assertion.
 2024-11-11 14:02:15 +01:00
Robin Sommer
3362d44e0c
Merge remote-tracking branch 'origin/topic/robin/gh-4007-spicy-eod' 
* origin/topic/robin/gh-4007-spicy-eod:
  Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down.
 2024-11-11 14:02:05 +01:00
Arne Welzel
50c2b10cfb Merge remote-tracking branch 'origin/topic/awelzel/run-zam-ci-if-changes-include-src-script-opt' 
* origin/topic/awelzel/run-zam-ci-if-changes-include-src-script-opt:
  ci: Run ZAM CI if src/script_opt is modified
 2024-11-11 10:25:56 +01:00
Arne Welzel
43789fbccc ci: Run ZAM CI if src/script_opt is modified 
...and rework && to || conditions.
 2024-11-11 10:18:14 +01:00
Arne Welzel
f598c89f17 Merge remote-tracking branch 'origin/topic/timw/update-c-ares-to-latest-release' 
* origin/topic/timw/update-c-ares-to-latest-release:
  DNS_Mgr: Remove processing of dns aliases in general
  ci: Add dnsmasq to a few platforms for testing
  DNS_Mgr: Fix aliases memory issues
  btest: Add integration test for DNS_Mgr
  DNS_Mgr: Remove usage of ares_getsock from Lookup
  DNS_Mgr: Remove usage of ares_getsock from GetNextTimeout
  DNS_Mgr: Switch to ares_set_servers_csv
  DNS_Mgr: Use ares_dns_record methods for queries
  Update vcpkg submodule to pick up c-ares v1.34.2
  Update c-ares submodule to v1.34.2
 2024-11-11 09:53:04 +01:00
Arne Welzel
d3579c1f34 Merge remote-tracking branch 'origin/topic/awelzel/community-id-new-connection' 
* origin/topic/awelzel/community-id-new-connection:
  policy/community-id: Populate conn$community_id in new_connection()
 2024-11-11 09:35:49 +01:00
Vern Paxson
197d49773c ZAM fixes for assignments involving "any" record fields 2024-11-11 09:19:54 +01:00
Vern Paxson
c7e5e5feea fixes for (mostly ZAM) vector operation issues found by ASAN 2024-11-11 09:19:54 +01:00
zeek-bot
35cac72984 Update doc submodule [nomail] [skip ci] 2024-11-09 00:12:14 +00:00
Tim Wojtulewicz
e3763df065 DNS_Mgr: Remove processing of dns aliases in general 2024-11-08 12:45:51 -07:00
Arne Welzel
346a9233da Merge remote-tracking branch 'origin/topic/vern/zam-any-coerce-leak' 
* origin/topic/vern/zam-any-coerce-leak:
  Fixed ZAM memory leak when coercing values to "any"
 2024-11-08 18:36:34 +01:00
Arne Welzel
cb679e4d7a policy/community-id: Populate conn$community_id in new_connection() 
This wasn't possible before #3028 was fixed, but now it's safe to set
the value in new_connection() and allow other users access to the
field much earlier. We do not have to deal with connection_flipped()
because the community-id hash is symmetric.
 2024-11-08 18:19:55 +01:00
Arne Welzel
3f4de778ae ci: Add dnsmasq to a few platforms for testing 2024-11-08 09:50:35 -07:00
Arne Welzel
0a7c9365be ci: Remove -b from test_script lines for zam tasks 
Better for monitoring process.
 2024-11-08 17:13:49 +01:00
Arne Welzel
4f8ef3c792 Merge remote-tracking branch 'origin/topic/vern/zam-degenerate-CFT-propagation' 
* origin/topic/vern/zam-degenerate-CFT-propagation:
  fixes for ZAM's propagation of control flow information for some degenerate constructs
 2024-11-08 15:35:08 +01:00
Vern Paxson
148215aa87 fixes for ZAM's propagation of control flow information for some degenerate constructs 2024-11-08 15:34:21 +01:00
Arne Welzel
bc75b1811d Merge remote-tracking branch 'origin/topic/vern/zam-vector-loop-leak' 
* origin/topic/vern/zam-vector-loop-leak:
  fixed ZAM memory leak when looping over vectors of records
 2024-11-08 15:32:57 +01:00
Arne Welzel
8613f821f9 Merge remote-tracking branch 'origin/topic/vern/cat-builtin-tmp' 
* origin/topic/vern/cat-builtin-tmp:
  fixed access to uninitialized memory in ZAM's "cat" built-in
 2024-11-08 15:23:00 +01:00
Arne Welzel
8945b2b186 Merge remote-tracking branch 'origin/topic/awelzel/asan-zam-ci' 
* origin/topic/awelzel/asan-zam-ci:
  ci: Add asan and ubsan sanitizer tasks for ZAM
 2024-11-08 15:22:26 +01:00
Arne Welzel
6f9eec6c33 ci: Add asan and ubsan sanitizer tasks for ZAM 
Closes #3906
 2024-11-08 15:17:03 +01:00
Robin Sommer
d57c125942
Spicy: Improve error messages reporting malformed unit names in EVT files. 2024-11-08 13:44:09 +01:00
Robin Sommer
2d935d9668
Spicy:: Remove unhelpful assertion. 
In cases of a malformed event definition, this could fire instead of a
more helpful error message coming later.

Closes #3988.
 2024-11-08 12:54:14 +01:00
Robin Sommer
9e1592d5c4
Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down. 
So far, when Zeek didn't see a connection's regular tear-down (e.g.,
because its state timed-out before we got to the end), we'd still
signal a regular end-of-data to Spicy parsers. As a result, they would
then typically raise a parse error because they were probably still
expecting data and would now declare it missing. That's not very
useful because semantically it's not really a protocol issue if the
data just doesn't make it over to us; it's a transport-layer issue
that Zeek already handles elsewhere. So we now switch to signaling
end-of-data to Spicy analyzers only if the connection indeed shuts
down regularly. This is also matches how BinPAC handles it.

This also comes with a test exercising various combinations of
end-of-data behavior so that we ensure consistent/desired behavior.

Closes #4007.
 2024-11-08 12:20:29 +01:00
Arne Welzel
5859a7e28c DNS_Mgr: Fix aliases memory issues 2024-11-08 11:29:40 +01:00
Arne Welzel
f3fbe45c4c btest: Add integration test for DNS_Mgr 
This makes use of an ephemeral dnsmasq instance
 2024-11-08 11:29:31 +01:00
Vern Paxson
6c2b2819c7 fixed access to uninitialized memory in ZAM's "cat" built-in 2024-11-07 17:13:22 -08:00
Vern Paxson
cf1de7e6b7 Fixed ZAM memory leak when coercing values to "any" 2024-11-07 08:28:34 -08:00
Tim Wojtulewicz
b8b14537a9 diff-remove-abspath: Add separate handling of Windows paths 2024-11-06 16:06:17 -07:00
Tim Wojtulewicz
9cc7b05064 diff-remove-abspath: Remove capture of windows drive letters from POSIX regex 2024-11-06 16:05:08 -07:00
Tim Wojtulewicz
d95057d618 DNS_Mgr: Remove usage of ares_getsock from Lookup 2024-11-06 16:01:04 -07:00
Tim Wojtulewicz
6739fca645 DNS_Mgr: Remove usage of ares_getsock from GetNextTimeout 2024-11-06 16:01:04 -07:00
Tim Wojtulewicz
16474ed77f DNS_Mgr: Switch to ares_set_servers_csv 2024-11-06 16:01:04 -07:00
Tim Wojtulewicz
65a59419b0 DNS_Mgr: Use ares_dns_record methods for queries 2024-11-06 16:01:04 -07:00