This allows to select the Upgrade analyzer based on the tuple
of [Upgrade, Content-Type] as motivated by the Docker API trace
that sets a very specific Content-Type in the HTTP response.
Closes#4068
This analyzer can be used to transport raw stream data for a given
connection to the script layer. For example, adding this analyzer into
the HTTP::upgrade_analyzer or using it to configure a child WebSocket
analyzer allows to get access to the raw stream data in script land
when no more appropriate protocol analyzer is available.
* origin/topic/vern/script-opt-keep-asserts:
ZAM documentation updates for asserts and event handler run-time errors
BTest updates for ZAM support of (optionally) keeping "assert" statements
command-line options for controlling script optimization: keeping asserts, avoiding event handler coalescence
ZAM support for option to not coalesce event handlers
ZAM support for keeping "assert" statements
internal support for script optimization options for keeping asserts, not consolidating event handlers
ZAM operations to support asserts
simplified "assert" by not trying to catch messages that themselves have errors
Fixed some TEST-REQUIRES "${ZEEK_ZAM}" == "1" to use "=" instead to
be /bin/sh compatible.
* origin/topic/vern/zam-pattern-comparison:
update of BTest that tracks number of (and validates) ZAM operations
ZAM support for pattern equality/inequality operations
expanded ZAM operations for bit-shifting to allow for int/count shift values
added type coercion for bit-shifting expressions
The pcap comes from the following dataset [1]:
CTU-SME-11: a labeled dataset with real benign and malicious network
traffic mimicking a small medium-size enterprise environment
[1] https://zenodo.org/records/7958259
* origin/topic/awelzel/pluggable-cluster-backends-part3:
init-bare/zeek-setup: Groundwork for instantiating cluster backends
cluster/serializer: Add binary-serialization-format
logging/WriterFrontend: Add logic for non-broker cluster backends
logging/WriterBackend: Include logging/Types.h
logging/Manager: Implement new WriteBatchFromRemote()
logging/WriterFrontend: Add LogWriteHeader as member
logging: Add filter_name to WriterInfo
This is a serializer for log records that is using SerialTypes
for serializing and un-serializing rather. Essentially, this is
similar to what broker does except for the envelope.
If cluster::backend isn't broker_mgr, use the WriterFrontend's buffering
logic and send a whole batch of log writes during FlushWriteBuffer().
This is a different path than broker's own logging logic.
Preferably we adapt broker to a model where it isn't
buffering either.
...with this change, it'll be possible to identify WriterFrontend's
based on (stream, filter_name, path) pairs in addition to (stream,
writer, path) pairs.
* origin/topic/timw/json-interval-conversion:
Add interval_as_double argument to control how intervals are converted to JSON
Add btest for round-trip JSON conversion
Allow comparing two PatternVals
Handle conversion between data from Val::ToJSON and ValFromJSON better
The old `c_str_safe` utility function allowed Zeek to operator on
`broker::data` and `broker::variant`. The former grants access to actual
`std::string` objects while the latter only provides access to fields
via `std::string_view`. Since the Zeek formatting functions need null
terminated strings, we need to copy the characters into a
null-terminated container first.
After removing support for `broker::data` and `broker::variant` from the
same code paths, we can drop `c_str_safe` and always do the copying
(since we are always dealing with `broker::variant` now).
Since the transition to broker::variant has been long finalized, there
is no more need to be able to go back to a pre-variant version of
Broker. Hence, we can drop various utilities that allow Zeek to run with
older Broker releases.
