* origin/topic/timw/906-find-all-urls-regex:
Restore previous url scheme capture group
GH-906: Fix the regex in url.zeek to better match for find_all_urls
* origin/topic/johanna/hash-unification:
Hash unification: address PR feedback
Update architecture checks for highwayhash
Highwayhas: unbreak 32 bit compiles
Update external test suites for hash changes.
Hashing: Remove unnecessary include
Add highwayhash in a more cmake-y way
Remove highwayhash submodule.
Switch file UID hashing from md5 to highwayhash.
Switch most internal md5 calls to digest calls.
Start refactoring hashing.
Introduce calculate_digest convenience function
Remove the siphash->hmac-md5 switch after 36 bytes.
Fix plugin compile problems with highwayhash
Replace siphash with Google implementation
* origin/master:
Use zeek::detail namespace for fuzzer utils
Set terminating flag during fuzzer cleanup
Add missing include to standalone fuzzer driver
Improve standalone fuzzer driver error messages
Test fuzzers against seed corpus under CI ASan build
Update fuzzing README with OSS-Fuzz integration notes
Link fuzzers against shared library to reduce executable sizes
Improve FuzzBuffer chunking
Fix compiler warning in standalone fuzzer driver
Adjust minor fuzzing documentation
Exit immediately after running unit tests
Add OSS-Fuzz Zeek script search path to fuzzers
Assume libFuzzer when LIB_FUZZING_ENGINE file doesn't exist
Change handling of LIB_FUZZING_ENGINE
Change --enable-fuzzing to --enable-fuzzers
Add standalone driver for fuzz targets
Add basic structure for fuzzing targets
* origin/topic/jsiwek/fuzzing:
Use zeek::detail namespace for fuzzer utils
Set terminating flag during fuzzer cleanup
Add missing include to standalone fuzzer driver
Improve standalone fuzzer driver error messages
Test fuzzers against seed corpus under CI ASan build
Update fuzzing README with OSS-Fuzz integration notes
Link fuzzers against shared library to reduce executable sizes
Improve FuzzBuffer chunking
Fix compiler warning in standalone fuzzer driver
Adjust minor fuzzing documentation
Exit immediately after running unit tests
Add OSS-Fuzz Zeek script search path to fuzzers
Assume libFuzzer when LIB_FUZZING_ENGINE file doesn't exist
Change handling of LIB_FUZZING_ENGINE
Change --enable-fuzzing to --enable-fuzzers
Add standalone driver for fuzz targets
Add basic structure for fuzzing targets
Now we use cmake to determine which compiler flags are set to
determine which implementation of highwayhash to compile. This should
be much more robust.
Also - fix missing include on old ubuntus.
If there's some bad state we can be in where MMDB lookup/open operations
consistently fail, then the volume of associated reporter messages can
get overwhelmingly large especially if a lookup operation is being done
for each network connection.
This adds a limit of an arbitrary 20 messages every 5 minutes, which
should be enough information to understand the overall
open/close/lookup-failure pattern.
* origin/topic/timw/unordered-lists:
Review fixups
Change timer_list in BroList to be an unordered list.
Add ability for List to be ordered/unordered
Add unit testing for List
Fix bug with List where replace() doesn't work with non-pointer types
- Adjusted the formatting during merge
* 'set_to_regex-docs' of https://github.com/jlagermann/zeek:
added examples to set_to_regex comments Signed-ff-by: James Lagermann <james.lagermann@corelight.com>
- Minor whitespace/format adjustments
* 'network-time-init' of https://github.com/J-Gras/zeek:
Fix documentation for network_time_init.
Improve network_time_init() test and add baseline.
Add network_time_init() event.
Add test for network_time behavior.
- Changed the logic significantly to just guarantee there's only ever a
single inactivity timer per connection
- Updated language.expire_subnet btest which is unduly sensitive to
timer-related changes
* origin/topic/jazoff/avoid-redundant-inactivity-timers:
avoid scheduling redundant inactivity timers
The IP fragment reassembly process assumes a packet contains at least
the minimum IP header, but such a check did not previously occur,
resulting in a heap buffer over-read. For example, a self-reported
IPv4 IHL field with a value less than minimum IPv4 header length of
20 bytes. Such packets likely aren't routable on their own, but one
can create an artifical pcap like that or possibly encapsulate it
within another protocol to trigger this bug.
