Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
15378 commits 387 branches 195 tags 264 MiB
Commit graph

15378 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
db161bd6df Reduce startup time on Windows by using std::filesystem::canonical 
realpath() apparently doesn't handle Windows symlinks very well. This
causes plugin::Manager and ScannedFile to rescan a bunch of extra
paths that they should be skipping. This commit reduces the startup
time on Windows by 3-4 seconds (~8.5s to ~5s).
 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
d6ce5894a7 Fix diff-remove-abspath to ignore Windows drive letters 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
3750396aed Re-enable the float/double versions of hton{d,f} on Windows 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
1f0860b5e2 Make sure the DEBUG flag is defined when building in debug mode 
MSVC uses _DEBUG, unlike all of the other compilers, so we aren't
properly enabling/disabling varying bits of code that are dependent
on DEBUG being defined.
 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
4cb77c1743 Don't close the kqueue manually on shutdown on Windows 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
a757ba12f3 Fix MSVC compiler warning due to a type mismatch 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
bc02962d4c GH-2565: Update libunistd submodule to fix builds on VS2022 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
a1e8af7745 GH-2641: Lazy-load syslog to avoid creating bro.log on Windows 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
991652f479 Use newer diff on Alpine for --strip-trailing-ci 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
94d3b19e23 Update btest submodule to version that supports Windows 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
7623e9f290 Use pathsep btest value in btest.cfg 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
b3498da983 Use build_dir btest value in btest.cfg 2023-01-19 09:13:33 -07:00
Tim Wojtulewicz
e44eb3522e Fix zeek-path-dev.sh creation to better support Windows 2023-01-19 09:13:33 -07:00
Johanna Amann
593ad25521 Merge remote-tracking branch 'origin/topic/johanna/more-ci-removals' 
* origin/topic/johanna/more-ci-removals:
  Remove outdated distributions from CI.
 2023-01-19 13:48:51 +00:00
Arne Welzel
b4cb5e753a Merge branch 'topic/awelzel/fix-zam-memory-leak' 
* topic/awelzel/fix-zam-memory-leak:
  testing/btest: Add ZAM basic test
  Fix ZAM memory leak as reported in #2634
 2023-01-18 17:14:56 +01:00
Arne Welzel
69c7d91af0 Merge branch 'topic/awelzel/parse-eftp-squelch-errors-warnings' 
* topic/awelzel/parse-eftp-squelch-errors-warnings:
  bifs/parse_eftp: Prevent reporter warnings/errors on invalid input
 2023-01-18 17:12:20 +01:00
Johanna Amann
12dd21cbe5 Remove outdated distributions from CI. 
Fedora 35: CI folder was forgotten during removal

Opensuse Leap 15.3: EOL was 2022

Openssl-3: No longer necessary, since part of distributions (e.g. Ubuntu
22.10)
 2023-01-18 14:42:54 +00:00
Arne Welzel
eb09662d48 bifs/parse_eftp: Prevent reporter warnings/errors on invalid input 
When passing invalid IPs or an out-of range port to parse_eftp()
a warning or error was generated on stderr (in addition to setting
the $valid field to F). Prevent the output by adding safe-guarding
and using IPAddr::ConvertString() instead.
 2023-01-16 15:20:02 +01:00
Vern Paxson
18f4fcb5a4 Maintenance updates for -O gen-C++ / -O gen-standalone-C++ 
fixes for using BiFs in standalone global initializations
  avoiding redundant global initializations
  updates to maintenance scripts and notes
  removal of an unused member variable
 2023-01-12 14:08:45 -08:00
Arne Welzel
d4a84e7442 Merge remote-tracking branch 'origin/topic/vern/dup-rec-fields2' 
* origin/topic/vern/dup-rec-fields2:
  fix for crashes when record definitions repeat a field name

Removed dead if !init code during merge.
 2023-01-12 09:42:50 +01:00
Christian Kreibich
144cadf6cd Merge branch 'topic/christian/ci-updates' 
* topic/christian/ci-updates:
  CI: remove Fedora 35, now EOL
  CI: avoid deprecated ::set-output use
  CI: move action/checkout use to v3
 2023-01-11 17:02:55 -08:00
Christian Kreibich
67cea914c9 Bump submodules [nomail] [skip ci] 
This includes CI updates for zeek-af_packet-plugin, zeek-archiver, and doc, plus
the Python 3.7 minimum version requirement in the install docs.
 2023-01-11 16:57:14 -08:00
Tim Wojtulewicz
5827e2ce5d Merge remote-tracking branch 'origin/topic/timw/2575-npcap-support' 
* origin/topic/timw/2575-npcap-support:
  Fixes to support the Npcap library on Windows
 2023-01-11 11:44:18 -07:00
Tim Wojtulewicz
58f4ff91d8 Fixes to support the Npcap library on Windows 
- Ignore conan libpcap if PCAP_ROOT_DIR is passed
- Update the cmake submodule to pick up changes for finding the right
  paths to npcap
- Add lazy-loading of npcap so the library path gets set correctly
  at startup
 2023-01-11 11:42:58 -07:00
Johanna Amann
7c54d1aa1c Merge remote-tracking branch 'origin/topic/vern/gh-2645' 
* origin/topic/vern/gh-2645:
  fix for crash when specifying an unwriteable file to --profile-scripts (GH-2645)
 2023-01-11 09:00:47 +00:00
Christian Kreibich
7bf2d1f6e2 Update doc submodule [nomail] [skip ci] 2023-01-10 19:01:21 -08:00
Christian Kreibich
12885c7475 Fix a docstring typo 2023-01-10 18:49:19 -08:00
Christian Kreibich
1697bf13b1 CI: remove Fedora 35, now EOL 2023-01-10 17:27:23 -08:00
Christian Kreibich
e5e09cffe9 CI: avoid deprecated ::set-output use 
This pattern is deprecated in favor of environment files and throwing warnings
in the CI runs. Details below.

https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
 2023-01-10 17:18:52 -08:00
Christian Kreibich
b5777aa54e CI: move action/checkout use to v3 
Being less specific here automatically pulls in their point releases.
 2023-01-10 17:04:29 -08:00
zeek-bot
f5305ade7f Update doc submodule [nomail] [skip ci] 2023-01-11 00:35:58 +00:00
Vern Paxson
a172617250 fix for crashes when record definitions repeat a field name 2023-01-10 13:56:47 -08:00
Dominik Charousset
f7806f640d Update Broker submodule 2023-01-10 17:29:18 +01:00
Arne Welzel
4396124d89 Merge remote-tracking branch 'origin/topic/christian/file-event-docstrings' 
* origin/topic/christian/file-event-docstrings:
  Expand docstrings of file_new and file_over_new_connection events
 2023-01-10 10:31:17 +01:00
Arne Welzel
2d852209b0 Merge remote-tracking branch 'origin/topic/awelzel/analyzer-log' 
* origin/topic/awelzel/analyzer-log:
  btest/net-control: Use different expiration times for rules
  analyzer: Add analyzer.log for logging violations/confirmations
 2023-01-10 10:22:58 +01:00
Arne Welzel
a004bdf5d9 Merge remote-tracking branch 'origin/topic/awelzel/2647-intel-seen-file-names' 
* origin/topic/awelzel/2647-intel-seen-file-names:
  intel/seen/file-names: Use file_over_new_connection()
 2023-01-10 10:12:04 +01:00
Arne Welzel
ebf1a199c2 Merge branch 'topic/awelzel/analyzer-requested-analyzers' 
* topic/awelzel/analyzer-requested-analyzers:
  scripts/analyzer: Introduce Analyzer::requested_analyzers
 2023-01-10 10:11:37 +01:00
Arne Welzel
6d19c49efe intel/seen/file-names: Use file_over_new_connection() 
The seen/file-names script relies on f$info$filename to be populated.
For HTTP and other network protocols, however, this field is only
populated during file_over_new_connection() that's running after
file_new().

Use the file_new() event only for files without connections and
file_over_new_connection() implies that f$conns is populated, anyway.

Special case SMB to avoid finding files twice, because there's a
custom implementation in seen/smb-filenames.zeek.

Fixes #2647
 2023-01-10 10:10:28 +01:00
Christian Kreibich
9cfa36bcf9 Expand docstrings of file_new and file_over_new_connection events 2023-01-09 19:06:27 -08:00
Arne Welzel
56833fcfd9 btest/net-control: Use different expiration times for rules 
There's some non-determinism here: Force the expiration of the
shunt_flow rules first.
 2023-01-09 18:11:55 +01:00
Arne Welzel
17d0ade26a analyzer: Add analyzer.log for logging violations/confirmations 
By default this only logs all the violations, regardless of the
confirmation state (for which there's still dpd.log). It includes
packet, protocol and file analyzers.

This uses options, change handlers and event groups for toggling
the functionality at runtime.

Closes #2031
 2023-01-09 18:11:49 +01:00
Arne Welzel
51376191f7 testing/btest: Add ZAM basic test 
While there's a btest environment for ZAM, it's currently not run by
default. Add a single zam/basic.test so that we catch memory leaks or
dead-on-arrival cases with the current CI setup.
 2023-01-09 12:30:26 +01:00
Vern Paxson
450f6a97c8 Fix ZAM memory leak as reported in #2634 2023-01-09 12:15:52 +01:00
Vern Paxson
7bf87b6347 fix for crash when specifying an unwriteable file to --profile-scripts (GH-2645) 2023-01-08 18:03:18 -08:00
zeek-bot
e12baf08a7 Update doc submodule [nomail] [skip ci] 2023-01-07 00:21:43 +00:00
zeek-bot
b38c5ab80b Update doc submodule [nomail] [skip ci] 2023-01-06 00:43:33 +00:00
Tim Wojtulewicz
873134f70e Merge remote-tracking branch 'origin/topic/timw/all-the-fuzzing' 
* origin/topic/timw/all-the-fuzzing:
  Add error and abort if fuzzer requested is not found
  Add a bunch of new fuzzers and corpus data
 2023-01-05 09:53:58 -07:00
Tim Wojtulewicz
bc31e4872c Add error and abort if fuzzer requested is not found 2023-01-05 09:45:45 -07:00
Tim Wojtulewicz
f33fc95bcc Add a bunch of new fuzzers and corpus data 2023-01-05 09:45:44 -07:00
Arne Welzel
3b10d0f6de Merge remote-tracking branch 'origin/topic/awelzel/topic/awelzel/improved-event-disabling' 
* origin/topic/awelzel/topic/awelzel/improved-event-disabling:
  EventRegistry/Func: Disable events when all bodies are disabled
 2023-01-05 12:13:36 +01:00