Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
19003 commits 386 branches 195 tags 256 MiB
Commit graph

136 commits

Author SHA1 Message Date
Tim Wojtulewicz
fb55c8856e Fix clang-tidy modernize-use-default-member-init warnings in headers 2025-06-23 08:35:24 -07:00
Tim Wojtulewicz
456c1fa42c Remove unnecessary #includes in analyzer/packet analyzer/file analyzer headers 2025-05-19 10:25:05 -07:00
Justin Azoff
7f350587b0 speed up file analysis, remove IncrementByteCount 
Avoid creating and recreating count objects for each chunk of file
analyzed.  This replaces counts inside of records with c++ uint64_ts.

On a pcap containing a 100GB file download this gives a 9% speedup

    Benchmark 1 (3 runs): zeek-master/bin/zeek -Cr http_100g_zeroes.pcap tuning/json-logs frameworks/files/hash-all-files
      measurement          mean ± σ            min … max           outliers         delta
      wall_time           102s  ± 1.23s      101s  …  103s           0 ( 0%)        0%
      peak_rss            108MB ±  632KB     107MB …  109MB          0 ( 0%)        0%
      cpu_cycles          381G  ±  862M      380G  …  382G           0 ( 0%)        0%
      instructions        663G  ± 5.16M      663G  …  663G           0 ( 0%)        0%
      cache_references   1.03G  ±  109M      927M  … 1.15G           0 ( 0%)        0%
      cache_misses       12.3M  ±  587K     11.7M  … 12.9M           0 ( 0%)        0%
      branch_misses      1.23G  ± 2.10M     1.22G  … 1.23G           0 ( 0%)        0%
    Benchmark 2 (3 runs): zeek-file_analysis_speedup/bin/zeek -Cr http_100g_zeroes.pcap tuning/json-logs frameworks/files/hash-all-files
      measurement          mean ± σ            min … max           outliers         delta
      wall_time          92.9s  ± 1.85s     91.8s  … 95.1s           0 ( 0%)        -  9.0% ±  3.5%
      peak_rss            108MB ±  393KB     108MB …  109MB          0 ( 0%)          +  0.1% ±  1.1%
      cpu_cycles          341G  ±  695M      341G  …  342G           0 ( 0%)        - 10.4% ±  0.5%
      instructions        605G  ±  626M      605G  …  606G           0 ( 0%)        -  8.7% ±  0.2%
      cache_references    831M  ± 16.9M      813M  …  846M           0 ( 0%)        - 19.6% ± 17.2%
      cache_misses       12.4M  ± 1.48M     11.4M  … 14.1M           0 ( 0%)          +  0.3% ± 20.8%
      branch_misses      1.02G  ± 3.45M     1.02G  … 1.02G           0 ( 0%)        - 16.8% ±  0.5%
 2025-05-09 10:50:04 -04:00
Tim Wojtulewicz
35ec9733c0 Add conn.log entries for connections with unhandled IP protocols 2024-11-13 11:25:40 -07:00
Benjamin Bannier
f5a76c1aed Reformat Zeek in Spicy style 
This largely copies over Spicy's `.clang-format` configuration file. The
one place where we deviate is header include order since Zeek depends on
headers being included in a certain order.
 2023-10-30 09:40:55 +01:00
Arne Welzel
7a043e5e8f all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
Arne Welzel
fbdc433386 file_analysis/File: Report overflowing chunks as weird and discard/truncate 
This is one level above the Reassembler where we still have information
about the file and source. A weird entry may looks as follows:

    1679759398.237353  ... file_offset_overflow    FXPLGt4SeMmlMKahJc: offset=fffffffffffffff7 len=10      F       zeek    HTTP
 2023-04-03 16:45:29 +02:00
Tim Wojtulewicz
47e7fe2cd1 Convert Dictionary types to be templated classes 
This has the fortunate side-effect of also making it so we can store
the value objects as typed pointers, instead of void*.
 2022-07-05 13:33:34 -07:00
Tim Wojtulewicz
8b544d648d Remove uses of deprecated Tag types 2021-11-23 19:36:49 -07:00
Tim Wojtulewicz
b2f171ec69 Reformat the world 2021-09-16 15:35:39 -07:00
Tim Wojtulewicz
63fd1611ca Rename some connection-specific methods in Session and SessionManager 2021-04-29 10:59:08 -07:00
Vern Paxson
2f47cce8a6 fixes for now-incorrect assumption that GetField always returns an existing ValPtr 2021-02-28 07:23:06 -08:00
Vern Paxson
62bab66114 migration to using new differentiated methods for setting record fields 2021-02-25 16:59:26 -08:00
Tim Wojtulewicz
0618be792f Remove all of the random single-file deprecations 
These are the changes that don't require a ton of changes to other files outside
of the original removal.
 2021-01-27 10:52:40 -07:00
Tim Wojtulewicz
892124378c Implement standard-library-compatible iterators for Dictionary 2021-01-14 13:49:40 -07:00
Tim Wojtulewicz
4962986df1 Remove GET_FIELD_AS macro, replace with template methods 2021-01-14 11:58:59 -07:00
Vern Paxson
7f92a573d2 Remove BroValUnion by hoisting underlying Val subclass values into subclasses 2021-01-14 11:58:59 -07:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
fe0c22c789 Base: Clean up explicit uses of namespaces in places where they're not necessary. 
This commit covers all of the common and base classes.
 2020-08-24 12:07:00 -07:00
Tim Wojtulewicz
0ac3fafe13 Move zeek::net namespace to zeek::run_state namespace. 
This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
01ce18894b Rename types in ZeekList.h to be consistent with the style guide 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
8d2d867a65 Move everything in util.h to zeek::util namespace. 
This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_.
 2020-08-20 16:00:33 -07:00
Tim Wojtulewicz
e7c6d51ae7 Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
14408235b8 Move file_analysis code to zeek namespaces 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
7fefdd97af Move Conn and related types to zeek namespace 2020-07-31 16:25:54 -04:00
Tim Wojtulewicz
c9ab1f93e7 Move a few low-use classes to namespaces 2020-07-31 16:25:47 -04:00
Tim Wojtulewicz
886fc102b8 Move DebugLogger to zeek namespaces 2020-07-31 16:23:34 -04:00
Tim Wojtulewicz
45b5a98420 Move EventMgr, EventHandler, and EventRegistry code to zeek namespace. Rename mgr to event_mgr. 2020-07-31 16:23:32 -04:00
Tim Wojtulewicz
1c17700c48 Move Timer and PriorityQueue classes to namespaces 2020-07-31 16:23:02 -04:00
Tim Wojtulewicz
bfab224d7c Move Reporter to zeek namespace 2020-07-31 16:22:41 -04:00
Tim Wojtulewicz
382812298d Move all of the rule matching code to zeek::detail 2020-07-31 16:22:04 -04:00
Tim Wojtulewicz
9400b863ea Move all base analyzer classes to zeek::analyzer namespace 2020-07-31 16:21:46 -04:00
Tim Wojtulewicz
736a3f53d4 Rename BroString to zeek::String 2020-07-02 16:15:01 -07:00
Tim Wojtulewicz
86fdf0eaa9 Mark global val_mgr as deprecated and fix uses of it to use namespaced version 2020-07-02 16:15:00 -07:00
Tim Wojtulewicz
58c6e10b62 Move BroString to zeek namespace 2020-06-30 21:12:26 -07:00
Tim Wojtulewicz
464efbe66a Move Dictionary/PDict, List/PList, and Queue/PQueue to zeek namespace 2020-06-30 21:12:26 -07:00
Tim Wojtulewicz
64332ca22c Move all Val classes to the zeek namespaces 2020-06-30 20:48:09 -07:00
Tim Wojtulewicz
ec9eff0bd5 Use type aliases for IntrusivePtr definitions 2020-06-30 20:37:30 -07:00
Tim Wojtulewicz
9364e6a5b7 Move IntrusivePtr and utility methods to the zeek namespace 2020-06-30 20:19:12 -07:00
Tim Wojtulewicz
ed13972924 Move Type types to zeek namespace 2020-06-09 17:20:45 -07:00
Jon Siwek
5b4313b593 Deprecate Val(double, TypeTag) ctor, add TimeVal/DoubleVal subclasses 
This also updates all usages of the deprecated Val ctor to use
either IntervalVal, TimeVal, or DoubleVal ctors.  The reason for
doing away with the old constructor is that using it with TYPE_INTERVAL
isn't strictly correct since there exists a more specific subclass,
IntervalVal, with overriden ValDescribe() method that ought to be used
to print such values in a more descriptive way.
 2020-06-02 23:33:40 -07:00
Jon Siwek
b1042e2824 Port remaining file analysis API to use IntrusivePtr 2020-05-22 16:32:40 -07:00
Jon Siwek
ecb7c7c27e Deprecate file_analysis::Analyzer::Args(), replace with GetArgs() 2020-05-22 12:34:40 -07:00
Jon Siwek
faa4738807 Deprecate file_analysis::File::GetVal(), replace with ToVal() 2020-05-22 12:27:37 -07:00
Jon Siwek
85a0ddd62d Deprecate TableVal::Lookup(), replace with Find()/FindOrDefault() 2020-05-20 18:00:50 -07:00
Jon Siwek
7e89c8f0df Deprecate TableVal::Assign methods with Val*, add IntrusivePtr overloads 2020-05-20 12:46:51 -07:00
Jon Siwek
2b4d80c849 Deprecate RecordVal::LookupWithDefault() replace with GetFieldOrDefault() 
(The former was previously changed during this release cycle to return
Intrusive pointer, but this just changes it back to return Val* and
deprecates it).
 2020-05-19 20:11:06 -07:00
Jon Siwek
f729247778 Deprecate RecordVal::Lookup(int), replace with GetField(int) 2020-05-19 18:19:58 -07:00
Jon Siwek
f3d160d034 Deprecate RecordVal::Assign(int, Val*) 
And adapt all usages to the existing overload taking IntrusivePtr.
 2020-05-19 15:44:15 -07:00
Jon Siwek
a5762c12cc Move various elements into ID.h and zeek::id namespace 
* A handful of generic/useful/common global type pointers that used
  to be in NetVar.h

* Lookup functions that used to be Var.h
 2020-05-14 17:24:20 -07:00