This has come up a few times and the motivation is mainly better "first timer"
experience with Zeek. Concretely, if one wants to run a Zeek cluster with
multiple workers and reasonable load balancing on Linux, AF_PACKET is a decent
start. Without AF_PACKET support being built into Zeek, however, a new user's
next experience is that of setting up a development environment in order
to compile an external plugin (think compiler, kernel headers, zkg, ...).
Only to get what could be termed basic functionality.
This is using the ZEEK_INCLUDE_PLUGINS infrastructure. I've used the all
upper case spelling of AF_PACKET in the help output because it seems everyone
else references/writes it like that. I think we should also write it
like that in the docs.
* origin/topic/timw/coverity-fixes:
Update gen-zam and paraglob submodules for Coverity/clang-tidy fixes
Fix some compiler warnings in script_opt
Fix recent Coverity findings
1491334: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
1498652: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
1498745: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
* origin/topic/robin/disable-packet-analyzers-in-component:
Move API for disabling packet analyzers into component.
Suppress warning on an existing packet analyzer being remapped.
This goes the hard-exit on conflicts route as IMO it provides better
messaging that something is wrong, rather than defaulting to something
the user may not expect.
Fixes#2403
We already added the toplevel build dir to the paths exposed by
`build/zeek-path-dev`, but never made the matching change for
`build/zeek-path-dev.[sh,csh]`. Due to that a shell would have never
found `zeek-config` from the build env like it would have been found for
installations, and could potentially even have picked up a different
one.
* origin/topic/timw/2392-ordered-dict-iteration:
Disable robust iteration for ordered dictionaries
Add support for itertors with ordered dictionaries
Add equality, inequality, copy, and move operators to HashKey
Before, that API was part of the analyzers themselves, which meant we
couldn't disable a packet analyzer before it had been instantiated.
That's different from protocol/file analyzers, where we disable them
through the corresponding component. The lack of the component-side
API prevented Spicy from replacing packet analyzers at startup.
The reason we had put this into analyzer originally was performance so
that we don't need a component lookup for every packet. This change
keeps that optimization by caching the on/off state in the analyzer
itself as well, but now with the component being the one controlling
it.
There was a check generating an internal warning if a new packet
analyzer mapping overwrote an existing one. However, replacing
an existing analyzer with a new one seems a legitimate use case (and
will be supported by Spicy soon). So removing that warning.
This uses the v3 json as a source for the first time. The test needed
some updating because Google removed a couple more logs - in the future
this should hopefully not be neccessary anymore because I think v3
should retain all logs.
In theory this might be neat in 5.1.
* 'topic/jgras/dependabot-updates' of https://github.com/J-Gras/zeek:
Bump actions/checkout from 2 to 3
Bump actions/upload-artifact from 2 to 3
Bump dawidd6/action-send-mail from 3.6.1 to 3.7.0
Bump actions/setup-python from 2 to 4
Bump docker/login-action from 1 to 2
* origin/topic/vern/CPP-global-init:
updates to -O C++ user and maintenance documentation
use dynamic rather than static initialization of globals for scripts compiled to C++
safety checking for initializing scripts compiled to C++
fixes for initializing scripts compiled to C++
restructured tracking of initializations of globals for script compilation
