Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19003 commits 387 branches 195 tags 255 MiB
Commit graph

9610 commits

Author SHA1 Message Date
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Arne Welzel
993502e0b6 cluster/zeromq: Bail on missing ZeroMQ by default 2025-08-01 09:46:06 +02:00
Tim Wojtulewicz
647da4f970 Fix use-after-move reported by clang-tidy 
This was introduced by 9eb94ee151.
 2025-07-31 09:55:43 -07:00
Arne Welzel
10e7f14f78 Merge remote-tracking branch 'origin/topic/awelzel/defer-more-stuff' 
* origin/topic/awelzel/defer-more-stuff:
  RecordType: Ensure &default fields are always re-initialized
  Attr: Deprecate using &default and &optional together on record fields
  RecordType: Allow deferring &default=vector(), set(), table() fields
 2025-07-30 10:35:56 +02:00
Arne Welzel
9eb94ee151 RecordType: Ensure &default fields are always re-initialized 
This started working partly after the deferral logic introduced with
Zeek 6.0 so this finishes it :-)
 2025-07-30 10:26:06 +02:00
Arne Welzel
473723cc47 Attr: Deprecate using &default and &optional together on record fields 
If &default implies re-initialization of the field, using them together
doesn't make much sense.
 2025-07-30 10:26:06 +02:00
Arne Welzel
23181e4811 RecordType: Allow deferring &default=vector(), set(), table() fields 2025-07-30 10:26:06 +02:00
Arne Welzel
d7fbd49d9e Merge remote-tracking branch 'origin/topic/vern/zam-record-fields-fixes' 
* origin/topic/vern/zam-record-fields-fixes:
  fixes for specialized ZAM operations needing to check whether record fields exist
 2025-07-30 10:08:21 +02:00
Vern Paxson
47bf6af6a5 fixes for specialized ZAM operations needing to check whether record fields exist 2025-07-30 08:36:04 +02:00
Johanna Amann
a22b45c69e Merge remote-tracking branch 'origin/topic/johanna/gh-4202' 
* origin/topic/johanna/gh-4202:
  Update NEWS for Conn::set_conn changes
  DNS-fuzzer: raise new_connection event
  Optimize Conn::set_conn to minimize operations
  Move Conn::set_conn() from connection_state_remove to new_connection
 2025-07-29 21:01:51 +01:00
Johanna Amann
5e74eefd88 DNS-fuzzer: raise new_connection event 
The conn protocol scripts now assume that new_connection is run before
connection_state_remove. Update the DNS analyzer to raise the
new_connection event.
 2025-07-29 18:41:59 +01:00
Arne Welzel
ab282e3637 Merge remote-tracking branch 'origin/topic/awelzel/cluster-event-out-of-detail' 
* origin/topic/awelzel/cluster-event-out-of-detail:
  cluster::Event: Move implementation into cluster/Event.{h,cc}
  cluster: Move cluster::detail::Event to cluster::Event
 2025-07-29 18:24:20 +02:00
Arne Welzel
40389603c2 cluster::Event: Move implementation into cluster/Event.{h,cc} 2025-07-29 18:13:59 +02:00
Arne Welzel
bda70067ec cluster: Move cluster::detail::Event to cluster::Event 
This class is a parameter of virtual methods of the Backend API for users
to implement and also a parameter to the HookPublishEvent() API. Seems it
shouldn't be in detail and instead we should own it.

Alternatively, could mark the cluster APIs as not-stable-yet, but I
think we can move forward and make it non-detail for 8.0.
 2025-07-29 18:13:59 +02:00
Tim Wojtulewicz
9f3a1a135f Merge remote-tracking branch 'origin/topic/timw/fix-fuzzer-conn-key-deprecation' 
* origin/topic/timw/fix-fuzzer-conn-key-deprecation:
  Fix ConnKey deprecation warnings from generic fuzzer
 2025-07-29 07:41:23 -07:00
Tim Wojtulewicz
743b9e27cc Merge remote-tracking branch 'origin/topic/timw/fix-irc-analyzer-event-types' 
* origin/topic/timw/fix-irc-analyzer-event-types:
  Fix types passed to some of the IRC analyzer events
 2025-07-29 07:19:36 -07:00
Tim Wojtulewicz
06ec03046d Merge remote-tracking branch 'origin/topic/timw/fix-ranges-debian-11-build-failure' 
* origin/topic/timw/fix-ranges-debian-11-build-failure:
  Fix build failure with std::ranges on Debian 11
 2025-07-29 07:19:11 -07:00
Arne Welzel
cd7836dda2 Merge remote-tracking branch 'origin/topic/awelzel/4431-zeromq-drop-policy-v2' 
* origin/topic/awelzel/4431-zeromq-drop-policy-v2:
  cluster.bif: Improve Cluster::publish() docstring
  btest/cluster/zeromq: Add tests for overload behavior
  cluster/zeromq: Metric for msg errors
  cluster/zeromq: Drop events when overloaded
  cluster/zeromq: Comments and move lookups to InitPostScript()
  cluster/zeromq: Rework lambdas to member functions
  cluster/zeromq: Support local XPUB/XSUB hwm and buf configurability
  cluster/OnLoop: Support DontBlock and Force flags for queueing
  cluster/ThreadedBackend: Injectable OnLoopProcess instance
 2025-07-29 11:38:49 +02:00
Arne Welzel
55ecd90928 cluster.bif: Improve Cluster::publish() docstring 2025-07-29 11:23:53 +02:00
Arne Welzel
d2bb86f8b4 cluster/zeromq: Metric for msg errors 2025-07-29 11:23:53 +02:00
Arne Welzel
073de9f5fd cluster/zeromq: Drop events when overloaded 
When either the XPUB socket's hwm is reached, or the onloop queue is
full, drop the events. Users can set ths xpub_sndhwm and
onloop_queue_hwm to 0 to avoid these drops at the risk of unbounded
memory growth.
 2025-07-29 11:23:53 +02:00
Arne Welzel
5de9296c77 cluster/zeromq: Comments and move lookups to InitPostScript() 2025-07-29 11:23:53 +02:00
Arne Welzel
85d5dda028 cluster/zeromq: Rework lambdas to member functions 2025-07-29 11:23:53 +02:00
Arne Welzel
5dc4586b70 cluster/zeromq: Support local XPUB/XSUB hwm and buf configurability 2025-07-29 11:23:53 +02:00
Arne Welzel
d79d4b1b2a cluster/OnLoop: Support DontBlock and Force flags for queueing 
Also allow max_queue_size to be 0 for unlimited queueing.
 2025-07-29 11:23:53 +02:00
Arne Welzel
12518e8256 Merge remote-tracking branch 'origin/topic/awelzel/expose-num-packets-unprocessed' 
* origin/topic/awelzel/expose-num-packets-unprocessed:
  ConnStats: Expose num_packets_unprocessed
  packet_analysis/Manager: Rename GetUnprocessedCount() to PacketsUnprocessed()
 2025-07-29 10:12:46 +02:00
Arne Welzel
d70bcd07b9 analyzer/protocol: Reformat with spicy-format 2025-07-29 10:01:32 +02:00
Dominik Charousset
690a2a1122 Remove zeek::Span and use std::span instead 2025-07-29 07:51:29 +02:00
Tim Wojtulewicz
d8e93f1b2d Fix types passed to some of the IRC analyzer events 2025-07-28 17:43:08 -07:00
Tim Wojtulewicz
fe689ecf60 Fix ConnKey deprecation warnings from generic fuzzer 2025-07-28 17:29:16 -07:00
Tim Wojtulewicz
6b4b3b41cd Fix build failure with std::ranges on Debian 11 2025-07-28 15:58:46 -07:00
Tim Wojtulewicz
22fc57a90a Merge remote-tracking branch 'origin/topic/johanna/gh-4656' 
* origin/topic/johanna/gh-4656:
  Fix parsing of EDNS rcode
 2025-07-28 14:16:24 -07:00
Tim Wojtulewicz
a33f100880 Add support for ircv3 tags 
This also replaces the irc-dcc-send.trace file in our pcap library with
a cleaner one that includes ircv3 tags.
 2025-07-28 14:06:33 -07:00
Tim Wojtulewicz
47553c79ec Move ID::type in structure to fill memory padding 2025-07-28 13:41:51 -07:00
Tim Wojtulewicz
035b4a4a8e Use sorted forward_list instead of multimap for ID option change handlers 2025-07-28 13:41:51 -07:00
Tim Wojtulewicz
d021845079 Remove intermediate cipher vectors in ssl-analyzer.pac 2025-07-28 13:03:25 -07:00
Tim Wojtulewicz
2cfa5e79fa Reduce the size of Func::Body quite a bit with some extra packing 2025-07-28 13:03:25 -07:00
Tim Wojtulewicz
72c79006ac Switch to using std::ranges algorithms 2025-07-28 13:03:25 -07:00
Tim Wojtulewicz
b4cbda4e02 Enable modernize-std-numbers clang-tidy checker, fix findings 2025-07-28 13:03:25 -07:00
Tim Wojtulewicz
414728cc71 Switch to using c++20 constraints instead of std::enable_if 2025-07-28 13:03:25 -07:00
Evan Typanski
7f93ff5ecd Deprecate record_type_to_vector 
After #4682, record_fields is ordered so this is redundant. Furthermore,
it is incorrectly documented, as it says nested records are flattened.
 2025-07-28 11:11:33 -04:00
Arne Welzel
120f061bcd ConnStats: Expose num_packets_unprocessed 
Not sure it's the best place to put, but we don't have packet analysis stats
bif and also num_packets is already there, so seems reasonable to put the
num_packets_unprocessed into
 2025-07-28 14:10:53 +02:00
Arne Welzel
fa476746bf packet_analysis/Manager: Rename GetUnprocessedCount() to PacketsUnprocessed() 
Mostly to align with PacketsProcessed()
 2025-07-28 13:41:32 +02:00
Tim Wojtulewicz
e1342ff72d Use size_t for byte sizes in SerializationFormat 2025-07-25 09:13:10 -07:00
Tim Wojtulewicz
7a5209855f Add ODesc::Size() that returns size_t, deprecate ODesc::Len() 2025-07-25 09:13:10 -07:00
Arne Welzel
6e2a18ce4f Merge remote-tracking branch 'origin/topic/awelzel/conn-id-ctx-singleton' 
* origin/topic/awelzel/conn-id-ctx-singleton:
  RecordType: Allow field init deferral of deferrable record constructors
  Conn: Use conn_id_ctx singleton
  Conn: Add InitPostScript() and conn_id_ctx singleton
  ID: Add conn_id_ctx
 2025-07-25 10:59:07 +02:00
Arne Welzel
2cb26eda51 RecordType: Allow field init deferral of deferrable record constructors 
The ctx: conn_id_ctx &default=conn_id_ctx() field was not optimized
as deferrable even though by default its an empty record and so deferring
initialization seems safe. Open-code the special record constructor
expression case in ExprFieldInit so that the ctx field is not default
initialized at record construction anymore. I am wondering a bit if the
same applies to &default=set() and &default=table().
 2025-07-25 10:55:51 +02:00
Tim Wojtulewicz
d5db359772 Add process_start_time_seconds and process_pid metrics 2025-07-24 10:39:14 -07:00
Arne Welzel
906cec9adb Conn: Use conn_id_ctx singleton 2025-07-24 17:35:07 +02:00