Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17244 commits 387 branches 195 tags 255 MiB
Commit graph

17244 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arne Welzel
0f1c1cb754 clang-format: Sort doctest header at the bottom 2024-11-15 17:00:00 +01:00
Arne Welzel
a02ae82778 RuleMatcher: Move plugin/Manager.h include from .h to .cc 2024-11-15 16:00:23 +01:00
Arne Welzel
c380ee68ca iosource/Manager: Remove superflous includes 2024-11-15 15:55:46 +01:00
Arne Welzel
da291272f9 telemetry/Manager: Remove broker header include, add fnmatch.h 2024-11-15 15:55:42 +01:00
Arne Welzel
65037fa822 logging/Manager: Fix using filename from input.h in debug log 
...and remove network_time, it's always included.
 2024-11-15 15:46:24 +01:00
zeek-bot
b4ddf73e22 Update doc submodule [nomail] [skip ci] 2024-11-15 00:22:21 +00:00
Arne Welzel
42cf86b503 Update external commit hashes 2024-11-14 14:37:05 +01:00
Arne Welzel
8ff49f9910 Merge remote-tracking branch 'origin/topic/awelzel/communityid-non-tcp-udp-icmp' 
* origin/topic/awelzel/communityid-non-tcp-udp-icmp:
  communityid: Do not include ports for non TCP, UDP, ICMP
 2024-11-14 14:21:36 +01:00
Arne Welzel
18bfdb8a2b Merge remote-tracking branch 'origin/topic/awelzel/deprecate-broker-auto-publish' 
* origin/topic/awelzel/deprecate-broker-auto-publish:
  sumstats: Remove copy() for Broker::publish() calls
  broker/Publish: Use event time instead of network time
  broker/Eventhandler: Deprecate Broker::auto_publish() for v8.1
  btest: Remove Broker::auto_publish() usages
  frameworks/control: Remove Broker::auto_publish()
  catch-and-release: Remove Broker::auto_publish()
  ssl/validate-certs: Remove Broker::auto_publish()
  sumstats: Remove Broker::auto_publish()
  cluster_started: No Broker::auto_publish() use
  openflow: Remove Broker::auto_publish()
  dhcp: Remove Broker::auto_publish()
  frameworks/notice: Remove Broker::auto_publish()
  netcontrol: Replace Broker::auto_publish()
  intel: Switch to Cluster::publish()
  broker: Support publish() of unspecified set() / table()
  types: Fix table() resulting in table_type->IsSet() == true
 2024-11-14 14:17:13 +01:00
Arne Welzel
aabc4a4114 sumstats: Remove copy() for Broker::publish() calls 
Serialization happens immediately at Broker::publish() time, there
should be no caching issues.
 2024-11-14 12:59:22 +01:00
Arne Welzel
831614f907 broker/Publish: Use event time instead of network time 
Discussed with @J-Gras, calling Broker::publish() within a scheduled
should use the "intended timestamp" implicitly.

This is subtle, but supposedly more expected when running
a pcap replay cluster.
 2024-11-14 12:59:22 +01:00
Arne Welzel
6abb9d7eda broker/Eventhandler: Deprecate Broker::auto_publish() for v8.1 
Relates to #3637
 2024-11-14 12:59:22 +01:00
Arne Welzel
455e05bc2e btest: Remove Broker::auto_publish() usages 
The ones that seemed to test Broker::auto_publish() were annotated
for removal.
 2024-11-14 12:59:22 +01:00
Arne Welzel
927e936653 frameworks/control: Remove Broker::auto_publish() 2024-11-14 12:59:22 +01:00
Arne Welzel
6aca4d1dc7 catch-and-release: Remove Broker::auto_publish() 2024-11-14 12:59:22 +01:00
Arne Welzel
44c4a91cc8 ssl/validate-certs: Remove Broker::auto_publish() 2024-11-14 12:59:22 +01:00
Arne Welzel
883ae3694c sumstats: Remove Broker::auto_publish() 2024-11-14 12:59:22 +01:00
Arne Welzel
416887157c cluster_started: No Broker::auto_publish() use 2024-11-14 12:59:22 +01:00
Arne Welzel
b32153037a openflow: Remove Broker::auto_publish() 2024-11-14 12:59:22 +01:00
Arne Welzel
cb10852f99 dhcp: Remove Broker::auto_publish() 
This isn't prettier, but neither worse IMO. A test would be good.
 2024-11-14 12:59:22 +01:00
Arne Welzel
08f2198d3e frameworks/notice: Remove Broker::auto_publish() 2024-11-14 12:59:22 +01:00
Arne Welzel
b05f7a4d0e communityid: Do not include ports for non TCP, UDP, ICMP 
Checked against the result of pycommunityid. The SCTP case
isn't quite right, because Zeek's core will not have extracted
any ports for SCTP.
 2024-11-14 11:05:43 +01:00
Christian Kreibich
af4c21763f Merge branch 'topic/christian/ci-updates' 
* topic/christian/ci-updates:
  CI: Use FEDORA40 crypto policy in Fedora 41
  Bump zeekjs to 0.13.0
  CI: bump FreeBSD 13 to 13.4, released in September
  CI: drop Fedora 39, add 41
 2024-11-13 17:29:23 -08:00
Johanna Amann
09d6be7f68 CI: Use FEDORA40 crypto policy in Fedora 41 
Fedora 41 distrusts SHA-1 signatures by default. Switching to this policy is
Fedora's recommended way of re-enabling support for at least the next several
releases.

A few references:

https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
https://fedoraproject.org/wiki/SHA1SignaturesGuidance
https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
 2024-11-13 17:05:08 -08:00
zeek-bot
ba0e8290ed Update doc submodule [nomail] [skip ci] 2024-11-14 00:24:48 +00:00
Tim Wojtulewicz
3c08c57be3 Merge remote-tracking branch 'origin/topic/timw/3915-unknown-ip-protocol' 
* origin/topic/timw/3915-unknown-ip-protocol:
  Add NEWS entry for ip_proto feature
  Move IP protocol names table out of policy script to init-bare
  Minor review nits
  Fixes for community ID hashing with new proto values
  Use new_connection instead of connection_state_remove
  Add policy script to remove ip_proto field, rename protocol naming script
  Rename protocol_id field to ip_proto and similar renaming for name field
  Increase size of proto fields to uint16_t, add common default value
  Disable part of core/dict-iteration-expire5 btest to avoid iteration bug
  Add conn.log entries for connections with unhandled IP protocols
 2024-11-13 14:36:22 -07:00
Tim Wojtulewicz
ec3794b43e Add NEWS entry for ip_proto feature 2024-11-13 14:15:57 -07:00
Tim Wojtulewicz
e33aee8ca2 Move IP protocol names table out of policy script to init-bare 2024-11-13 14:08:30 -07:00
Tim Wojtulewicz
fd67206865 Minor review nits 2024-11-13 14:08:30 -07:00
Tim Wojtulewicz
43e77a3338 Fixes for community ID hashing with new proto values 2024-11-13 14:08:30 -07:00
Tim Wojtulewicz
5a3d16e16f Use new_connection instead of connection_state_remove 2024-11-13 14:08:30 -07:00
Tim Wojtulewicz
623fea9014 Add policy script to remove ip_proto field, rename protocol naming script 2024-11-13 14:08:04 -07:00
Tim Wojtulewicz
5e5aceb6f7 Rename protocol_id field to ip_proto and similar renaming for name field 2024-11-13 12:02:00 -07:00
Tim Wojtulewicz
d0896e81d6 Increase size of proto fields to uint16_t, add common default value 2024-11-13 11:25:46 -07:00
Tim Wojtulewicz
f762a45e83 Disable part of core/dict-iteration-expire5 btest to avoid iteration bug 
The second set of seeds in this test trip the bug reported in #3538
 2024-11-13 11:25:46 -07:00
Tim Wojtulewicz
35ec9733c0 Add conn.log entries for connections with unhandled IP protocols 2024-11-13 11:25:40 -07:00
Johanna Amann
a96515a2e8 Merge remote-tracking branch 'origin/topic/johanna/ci-u2410' 
* origin/topic/johanna/ci-u2410:
  CI: Add Ubuntu 24.10
 2024-11-13 14:52:29 +00:00
Johanna Amann
2f5f8bdd36 CI: Add Ubuntu 24.10 2024-11-13 12:58:20 +00:00
Arne Welzel
6c7f2e62f2 Bump zeekjs to 0.13.0 
c0dd7bb README: Add note about supported versions
    da69053 ci: Bump to Fedora 40
    43f69bd Nodejs/Types: Make compatible with v22.11.0
    8a70a21 ci: Fix nightly job
 2024-11-13 13:43:31 +01:00
Christian Kreibich
62e8c49e66 CI: bump FreeBSD 13 to 13.4, released in September 2024-11-12 15:49:03 -08:00
Christian Kreibich
2881ff620b CI: drop Fedora 39, add 41 2024-11-12 15:32:07 -08:00
Tim Wojtulewicz
0217208c49 Merge remote-tracking branch 'origin/topic/timw/remove-abspath-cleanup' 
* origin/topic/timw/remove-abspath-cleanup:
  diff-remove-abspath: Add separate handling of Windows paths
  diff-remove-abspath: Remove capture of windows drive letters from POSIX regex
 2024-11-12 12:26:56 -07:00
Robin Sommer
0ea2a35d7a
Merge remote-tracking branch 'origin/topic/robin/spicy-bump' 
* origin/topic/robin/spicy-bump:
  Bump Spicy to current `main`.
 2024-11-12 16:16:23 +01:00
Arne Welzel
d0bf4e428a Merge remote-tracking branch 'origin/topic/awelzel/pseudo-realtime-again' 
* origin/topic/awelzel/pseudo-realtime-again:
  PktSrc: Remove first_timestamp condition check
  PktSrc: Fix includes
  PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState
  RunState.h: Deprecate misleadingly named current_packet_timestamp()
  debug: Add processing suspended/continued to debug.log
 2024-11-12 16:00:19 +01:00
Robin Sommer
f68d43bc02
Bump Spicy to current main. 2024-11-12 15:00:01 +01:00
Arne Welzel
fcab5fd6cf PktSrc: Remove first_timestamp condition check 
The comment is stale and first_timestamp is only relevant/available
in pseudo_realtime.
 2024-11-12 10:46:55 +01:00
Arne Welzel
ffa1fafa03 PktSrc: Fix includes 2024-11-12 10:46:55 +01:00
Arne Welzel
d9a7f9f36f PktSrc/RunState: Scale on first_wallclock and move pseudo realtime logic to RunState 
check_pseudo_time() used zeek_start_time which skews things sufficiently
around being in the past when ZAM compilation takes multiple seconds. Switch
to using first_wallclock instead.

Further, move setting of first_timestamp and first_wallclock from PktSrc
into RunState's dispatch_packet(), so it's more centralized now.

The only pseudo_realtime piece left in PktSrc() is in GetNextTimeout() to
determine how long the PktSrc is idle until the next packet is ready.
 2024-11-12 10:46:55 +01:00
Arne Welzel
54d28a2179 RunState.h: Deprecate misleadingly named current_packet_timestamp() 
This returns current_pseudo, naming it current_packet_timestamp()
is actively misleading.
 2024-11-12 10:46:55 +01:00
Arne Welzel
402b768787 debug: Add processing suspended/continued to debug.log 2024-11-12 10:46:55 +01:00