* origin/topic/awelzel/cluster-backends-pre-work-v1:
NEWS: Update
scripts/base/cluster: Move active node management into node_down()
logging/Manager: Extract another CreateWriter() helper
logging/Manager: Extract path_func invocation into helper
logging: Dedicated log flush timer
all: Change to use Func::GetName()
script_opt: Use Func::GetName()
Func: Add std::string name accessors, deprecate const char* versions
plugin/ComponentManager: Support lookup by EnumValPtr
For other cluster backends, CreateWriter() will use a logger's filter
configuration rather than receiving all configuration through CreateLog.
Extract a helper out from WriteToFilters() for reuse.
Log flushing is currently triggered based on the threading heartbeat timer
of WriterBackends and the hard-coded WRITE_BUFFER_SIZE 1000.
This change introduces a separate timer that is managed by the logger
manager instead of piggy-backing on the heartbeat timer, as well as a
const &redef for the buffer size.
This allows to modify the log flush frequency and batch size independently
of the threading heartbeat interval. Later, this will allow to re-use the
buffering and flushing logic of writer frontends for non-Broker cluster
backends, too.
One change here is that even frontends that do not have a backend will
be flushed regularly. This is wanted for non-Broker backends and should be
very cheap. Possibly, Broker can piggy back on this timer down the road, too,
rather than using its own script-level timer (see Broker::log_flush()).
For debugging btests, it can be convenient to enable debug streams
by setting an environment variable rather than editing zeek invocations
and adding -B selectively.
Sample use case:
$ export ZEEK_DEBUG_LOG_STREAMS=all
$ btest -d core/failing-test.zeek
$ less .tmp/core/failing-test/debug.log
This change makes Zeek's -B option and ZEEK_DEBUG_LOG_STREAMS are additive.
The tests `core.sigterm-regular` and `core.sigterm-stdin` rely on `ps`
to be present which is not the case anymore on OpenSuse Leap; install it
explicitly there.
The cmds list may grow unbounded due to the POP3 analyzer being in
multiLine mode after seeing `AUTH` in a Redis connection, but never
a `.` terminator. This can easily be provoked by the Redis ping
command.
This adds two heuristics: 1) Forcefully process the oldest commands in
the cmds list and cap it at max_pending_commands. 2) Start raising
analyzer violations if the client has been using more than
max_unknown_client_commands commands (default 10).
Closes#3936
* origin/topic/awelzel/teredo-gtpv1-conn-removal-hook:
btest: Update baselines for removal-hooks addition
gtpv1: Replace connection_state_remove() with RemovalHook
teredo: Replace connection_state_remove() with RemovalHook
teredo: Move conn member from analyzer to encapsulation
Remove overhead of unconditionally calling remove_teredo_connection()
for *every* connection by installing a connection removal hook for only
when state was allocated.
There's only a single instance of the Teredo analyzer. Mutating the conn
member for every new packet and leaving it set after processing the
packet is confusing. Move conn into TeredoEncapsulation instead, or pass
it explicitly.
