This is just a small optimization on top of what is there.
Add state to Func for tracking if any enabled bodies exist which
allows us to propagate it up to the EventHandler::bool() operator.
In turn, when all bodies of an event's Func have been runtime disabled,
the event itself will not be invoked anymore.
Experiments have shown that this allows runtime toggling of new_event()
without performance impact when disabled. This could enable use-cases
where new_packet() handlers are enabled for a split second once in a
while to either dump or sample raw packet data at runtime.
This keeps GitHub from being confused about this file being part of
the repository's license, and thus not displaying the proper linkage
to our actual COPYING file.
We may want to copy some of the current feature and lts releases
over to zeek/zeek by hand, but for now see if pushing works out
for zeek/zeek-dev, mainly.
In certain deployment scenarios, all analyzers are disabled by default.
However, conditionally/optionally loaded scripts may rely on analyzers
functioning and declare a request for them.
Add a global set set to the Analyzer module where external scripts can record
their requirement/request for a certain analyzer. Analyzers found in this
set are enabled at zeek_init() time.
* origin/topic/awelzel/fix-dump-events-test:
Func: Use std::stable_sort() for sorting bodies by priority
btest/dump-events: Do not skip everywhere and update baselines
This commit adds an optional event_groups field to the Logging::Stream record
to associated event groups with logging streams.
This can be used to disable all event groups of a logging stream when it is
disabled. It does require making an explicit connection between the
logging stream and the involved groups, however.
* origin/topic/vern/script-opt-maint.Dec22:
maintenance updates for -O C++
maintenance updates for -O ZAM
update test suite to avoid GH-2385 problems, including incorrect typing
Avoids platform/stdlib dependent sorting of bodies with the same
priority and the same handler. They should be guaranteed to be
executed in load order now.
* origin/topic/awelzel/2629-notice-file-info:
analyzer/files: handle non-analyzer names in describe_file()
frameworks/notice: Handle fa_file with no or more than a single connection better
When a fa_file object is created through the use of Input::add_analysis(),
the fa_file's source is likely not valid representation of an analyzer's
tag and a Files::describe() should not error and instead return an empty
description.
Add a new Analyzer::is_tag() helper that can be used to pre-check `f$source`.
* When a file is transferred over multiple connection, have
create_file_info() just pick the first one instead of none.
* Do not unconditionally assume cid and cuid as set on a
Notice::FileInfo object.
* 'topic/fox-ds/ssh-key-init-events' of github.com:fox-ds/zeek:
Added several events for detailed info on the SSH2 key init directions
* Straightened out the zeek:see lines in events.bif to be the same across all events.
