spicy-plugin can find Spicy in paths given by `SPICY_ROOT_DIR` while
`./configure` instead set `SPICY_ROOT`. With this patch we now set the
correct variable.
We also adjust variations of the previous variable name with different
capitalization which caused us to not properly configure spicy-plugin
(which triggers finding Spicy in its given prefix).
Closes#2363.
* topic/christian/zeekygen-add-plugin-labels:
Bump doc to pull in Sphinx exclusion for autogenerated files
Remove long-unused BRO_DISABLE_BROXYGEN env var from btests
Add Sphinx label to Zeekygen-generated plugin docs
It turns out that this can be *very* spammy on networks where we're receiving
lots of these packets, and can fill up the reporter log very quickly. Weirds are
already reported in all of these cases anyways, so it doesn't make sense to log
a reporter warning too.
I ran into wanting to iterate over just the values of a vector and wondering
whether that could just work.
This adds support for the following, where v will be value of vec[i].
local vec = vector("zero", "one", "two");
for ( i, v in vec )
print i, v;
Plugin documentation generated by Zeekygen is currently difficult to reference
from elsewhere in the docs because references prefer labels for unique
identification. This expands the plugin section headings with a unique label,
based on the plugin name.
For example, the documentation for a plugin called Zeek::Foobar becomes linkable
from anywhere via :ref:`plugin-zeek-foobar`.
In the (private) zeek-security repo we currently hit the 2GB storage limit
whenever CI runs happen multiple times in one day, because our Docker Github
workflow preserves the output of the first job (the image build) for the second
job (the cluster tests).
For successful runs, there's no need for the Docker image to survive the CI
run. (For failures, it might help to grab the image for local testing.)
There's no Github-official way to delete an attachment within a workflow, so
this simply truncates the artifact if the workflow succeeds.
The change to the capture-loss test is actually a fix for a bug exposed by the
code change. Previously it wasn't firing the scheduled event because of a failed
name lookup. Now that the lookup has been fixed, the event happens twice.
* ssh://github.com/fatemabw/zeek:
Update options.zeek
Create out-27
Add files via upload
Update src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
Updating the weird names to use all lower case
Fixing whitespaces..
Fixing clang pre-commit error
Add check for option 27
Add the parsed fields for TCP option 27
Add TCP options bad length check
I removed `deprecated-txhosts-rxhosts-connuids.zeek` from
`local.zeek`, seems preferable not to have a script-to-go-away in the
standard configuration for new users. Also tweaked `NEWS` just a tiny
bit.
* origin/topic/awelzel/files-log-unrolling:
files.log: Unroll and introduce uid and id fields
This is a script-only change that unrolls File::Info records into
multiple files.log entries if the same file was seen over different
connections by single worker. Consequently, the File::Info record
gets the commonly used uid and id fields added. These fields are
optional for File::Info - a file may be analyzed without relation
to a network connection (e.g by using Input::add_analysis()).
The existing tx_hosts, rx_hosts and conn_uids fields of Files::Info
are not meaningful after this change and removed by default. Therefore,
files.log will have them removed, too.
The tx_hosts, rx_hosts and conn_uids fields can be revived by using the
policy script frameworks/files/deprecated-txhosts-rxhosts-connuids.zeek
included in the distribution. However, with v6.1 this script will be
removed.
* micrictor/master:
Add a field to Modbus/TCP log to indicate the Modbus PDU type
Add modbus transaction and unit ids to logs
Enable modbus logging for requests
* origin/topic/timw/2142-more-fuzzers:
Fix a crash related to a broken IPv6 chain
Add a couple of ICMP files to corpus for packet-fuzzer
Trick event handlers into returning that they exist during fuzzing
Add http, ftp, imap, and smtp fuzzers and corpora
Add section to fuzzer README about generating corpus from pcaps
Rename fuzzers/README to README.rst so github renders it
