Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18992 commits 387 branches 195 tags 255 MiB
Commit graph

18992 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
7e3ed2010d Add flag to force synchronous mode when calling storage script-land functions 2025-07-23 13:14:34 -07:00
Tim Wojtulewicz
7b858cf270 CI: Only run weekly tasks as part of cron 2025-07-23 12:15:10 -07:00
Arne Welzel
ee5ffdf42c Merge remote-tracking branch 'origin/topic/awelzel/control-switch-to-cluster' 
* origin/topic/awelzel/control-switch-to-cluster:
  NEWS: ZeekControl, ZeroMQ and WebSocket
  Update zeekctl module for ClusterBackend and UseWebSocket
  control: Use Cluster::publish() for replying
 2025-07-23 19:31:45 +02:00
Tim Wojtulewicz
f5500a718f Merge remote-tracking branch 'origin/topic/timw/clang-tidy-bif-code' 
* origin/topic/timw/clang-tidy-bif-code:
  Fix clang-tidy findings in embedded C++ from bif files
 2025-07-23 10:20:26 -07:00
Tim Wojtulewicz
3b6a27d0a3 Fix clang-tidy findings in embedded C++ from bif files 2025-07-23 10:19:32 -07:00
Tim Wojtulewicz
83c914ce2d Merge remote-tracking branch 'origin/topic/timw/ci-weekly-compiler-task' 
* origin/topic/timw/ci-weekly-compiler-task:
  CI: Add weekly task for running builds with newest compilers
 2025-07-23 08:21:31 -07:00
Tim Wojtulewicz
2e612fc493 Merge remote-tracking branch 'origin/topic/timw/commit-info-for-plugin-ci-build' 
* origin/topic/timw/commit-info-for-plugin-ci-build:
  Output more information when cloning repos for include_plugins CI task
 2025-07-23 08:20:43 -07:00
Johanna Amann
9ab7b768c6 Update external tests for pppoe-session-id conn.log changes 2025-07-23 14:09:17 +01:00
Johanna Amann
e5a434c392 PPPoE: add session id logging 
This adds a new PacketAnalyzer::PPPoE::session_id bif, which extracts
the PPPoE session ID from the current packet.

Furthermore, a new policy script is added which adds the pppoe session
id to the connection log.

Related to GH-4602
 2025-07-23 13:43:45 +01:00
Arne Welzel
84cbd3784f Merge remote-tracking branch 'origin/topic/awelzel/make-record-fields-ordered' 
* origin/topic/awelzel/make-record-fields-ordered:
  Type/RecordType: Make table returned by GetRecordFieldsVal() ordered
 2025-07-23 13:38:05 +02:00
Arne Welzel
24faa5722f NEWS: ZeekControl, ZeroMQ and WebSocket 2025-07-23 13:31:11 +02:00
Arne Welzel
7131be9fa5 Update zeekctl module for ClusterBackend and UseWebSocket 2025-07-23 13:31:08 +02:00
Arne Welzel
3f2fe6fc3d control: Use Cluster::publish() for replying 
Switching to ZeroMQ as cluster backend and dabbling with zeekctl
and WebSocket, replies didn't arrive due to the usage of
Broker::publish() rather than Cluster::publish(). Additionally,
add the node name to the topic on which we reply so that the
receiver can figure out which node sent the reply. It could've
been a separate event parameter, but the topic appears just fine.
 2025-07-23 11:59:32 +02:00
zeek-bot
55cdb707e9 Update doc submodule [nomail] [skip ci] 2025-07-23 00:29:23 +00:00
Tim Wojtulewicz
48610bef41 CI: Add weekly task for running builds with newest compilers 2025-07-22 14:27:22 -07:00
Tim Wojtulewicz
07a1c6b699 Merge remote-tracking branch 'origin/topic/timw/update-af-packet' 
* origin/topic/timw/update-af-packet:
  Update zeek-af_packet-plugin submodule to fix initialization [nomail]
 2025-07-22 11:40:27 -07:00
Tim Wojtulewicz
b0d1688fe1 Update zeek-af_packet-plugin submodule to fix initialization [nomail] 2025-07-22 10:24:29 -07:00
Tim Wojtulewicz
ed81e251dc Merge remote-tracking branch 'origin/topic/timw/update-broker' 
* origin/topic/timw/update-broker:
  Update broker submodule [nomail]
 2025-07-22 08:05:22 -07:00
Tim Wojtulewicz
94b026ee47 Update zeek-af_packet-plugin submodule [nomail] 2025-07-22 08:04:33 -07:00
Arne Welzel
9f3a3b423f Type/RecordType: Make table returned by GetRecordFieldsVal() ordered 
Seems only reasonable to provide that guarantee as pointed out in #4674.
 2025-07-22 16:58:40 +02:00
Tim Wojtulewicz
f9dbd55599 Update broker submodule [nomail] 2025-07-21 15:50:51 -07:00
Arne Welzel
b4d2af23dd cluster/ThreadedBackend: Injectable OnLoopProcess instance 
This allows injecting a custom onloop process to configure the
max_queue_size at instantiation time. Also allow access to the
instance directly and deprecate the QueueForProcessing() helper
 2025-07-21 21:36:33 +02:00
Tim Wojtulewicz
e458da944f Return weird if a log line is over a configurable size limit 2025-07-21 09:14:52 -07:00
zeek-bot
db018253fe Update doc submodule [nomail] [skip ci] 2025-07-19 00:21:36 +00:00
Tim Wojtulewicz
cb2e193452 Merge remote-tracking branch 'origin/topic/timw/storage-metrics' 
* origin/topic/timw/storage-metrics:
  Add SQLite page_count and file_size metrics
  Add btests to cover storage metrics
  Add storage metrics for operations, expirations, data transferred
  Fix ordering of telemtry metrics when running under test
  Make RunPragma take an optional value parser to return data
  Make SQLite::Step take a callback function for parsing result data
 2025-07-18 14:28:46 -07:00
Tim Wojtulewicz
d0a6d84237 Add SQLite page_count and file_size metrics 2025-07-18 14:28:04 -07:00
Tim Wojtulewicz
f73ac7089f Add btests to cover storage metrics 2025-07-18 14:28:04 -07:00
Tim Wojtulewicz
a0ffe7f748 Add storage metrics for operations, expirations, data transferred 2025-07-18 14:28:04 -07:00
Tim Wojtulewicz
cab0883254 Fix ordering of telemtry metrics when running under test 2025-07-18 14:28:04 -07:00
Tim Wojtulewicz
365e6cbc9e Make RunPragma take an optional value parser to return data 2025-07-18 14:28:04 -07:00
Tim Wojtulewicz
b44f7ca9ad Make SQLite::Step take a callback function for parsing result data 2025-07-18 14:28:04 -07:00
Benjamin Bannier
784c4537e6 Merge branch 'topic/bbannier/bump-spicy' 2025-07-18 13:32:45 +02:00
Benjamin Bannier
e470c3241d Bump auxil/spicy to latest development snapshot 2025-07-18 11:07:37 +02:00
Tim Wojtulewicz
1dc7d88efd Merge remote-tracking branch 'origin/topic/timw/update-libkqueue' 
* origin/topic/timw/update-libkqueue:
  Update libkqueue submodule [nomail]
 2025-07-17 12:59:10 -07:00
Tim Wojtulewicz
5773283e10 Update libkqueue submodule [nomail] 2025-07-17 10:38:05 -07:00
Tim Wojtulewicz
beb70e27b5 Merge remote-tracking branch 'origin/topic/timw/cpp20-starts-and-ends-with' 
* origin/topic/timw/cpp20-starts-and-ends-with:
  Use std::string/string_view versions of starts_with/ends_with where appropriate
 2025-07-17 09:09:40 -07:00
Tim Wojtulewicz
a1d121e5aa Use std::string/string_view versions of starts_with/ends_with where appropriate 
The util:: versions of these methods remain as a thin wrapper around them so
they can be used with const char* arguments. Otherwise callers have to manually
make string_view objects from the input.
s Please enter the commit message for your changes. Lines starting
 2025-07-17 09:08:54 -07:00
Tim Wojtulewicz
6218643347 Merge remote-tracking branch 'origin/topic/timw/hilti-nolint-enum' 
* origin/topic/timw/hilti-nolint-enum:
  Add nolint for enum size for HILTI_RT_ENUM use
 2025-07-17 08:40:58 -07:00
zeek-bot
79639499fb Update doc submodule [nomail] [skip ci] 2025-07-17 00:27:51 +00:00
Tim Wojtulewicz
49a7f64460 Add nolint for enum size for HILTI_RT_ENUM use 2025-07-16 09:49:57 -07:00
Robin Sommer
c94ce6b946
Merge remote-tracking branch 'origin/topic/robin/gh-4481-test-analyzer' 
* origin/topic/robin/gh-4481-test-analyzer:
  Spicy: Fix missing include.
  Bump Spicy.
  Spicy: Add functions to check if Zeek provides an analyzer of a given name.
 2025-07-16 17:47:08 +02:00
Arne Welzel
8f4470926f Merge remote-tracking branch 'origin/topic/awelzel/eml-extraction-v3' 
* origin/topic/awelzel/eml-extraction-v3:
  NEWS: Add entry about SMTP::enable_rfc822_msg_file_analysis
  btest: Add tests for full email extraction
  SMTP: Adapt scripts for enable_rfc822_msg_file_analysis
  SMTP: Add missing Undelivered() call
  SMTP: Add enable_rfc822_msg_file_analysis
 2025-07-16 12:38:29 +02:00
Arne Welzel
c69ed1adf7 NEWS: Add entry about SMTP::enable_rfc822_msg_file_analysis 2025-07-16 12:37:33 +02:00
cccs-jsjm
1b3b3892b5 btest: Add tests for full email extraction 2025-07-16 12:37:33 +02:00
Arne Welzel
4c60dfd6c5 SMTP: Adapt scripts for enable_rfc822_msg_file_analysis 
Specifically, set a MIME part's parent_id to the rfc822_msg_fuid if it
is set and take into account the current rfc822_msg_fuid for describe_file()
to avoid fuid collisions of the top-level RFC822 message and the first
MIME part.
 2025-07-16 12:37:33 +02:00
Arne Welzel
a42875d033 SMTP: Add missing Undelivered() call 
Not that it's implement, but for consistency.
 2025-07-16 11:27:00 +02:00
Arne Welzel
6f05fbf2ce SMTP: Add enable_rfc822_msg_file_analysis 
Enabling this option will instantiate a new fa_file instance for every
top-level RFC 822 message in an SMTP transaction.
 2025-07-16 11:26:49 +02:00
Robin Sommer
a840613441
Spicy: Fix missing include. 2025-07-16 09:34:22 +02:00
Robin Sommer
7575c35c68
Bump Spicy. 2025-07-16 09:34:22 +02:00
Christian Kreibich
fba319857b Merge branch 'topic/bbannier/named-ctr' 
* topic/bbannier/named-ctr:
  Prefer explicit construction to coercion in record initialization
 2025-07-15 17:38:04 -07:00