* origin/topic/johanna/hash-unification:
Hash unification: address PR feedback
Update architecture checks for highwayhash
Highwayhas: unbreak 32 bit compiles
Update external test suites for hash changes.
Hashing: Remove unnecessary include
Add highwayhash in a more cmake-y way
Remove highwayhash submodule.
Switch file UID hashing from md5 to highwayhash.
Switch most internal md5 calls to digest calls.
Start refactoring hashing.
Introduce calculate_digest convenience function
Remove the siphash->hmac-md5 switch after 36 bytes.
Fix plugin compile problems with highwayhash
Replace siphash with Google implementation
* origin/topic/jsiwek/fuzzing:
Use zeek::detail namespace for fuzzer utils
Set terminating flag during fuzzer cleanup
Add missing include to standalone fuzzer driver
Improve standalone fuzzer driver error messages
Test fuzzers against seed corpus under CI ASan build
Update fuzzing README with OSS-Fuzz integration notes
Link fuzzers against shared library to reduce executable sizes
Improve FuzzBuffer chunking
Fix compiler warning in standalone fuzzer driver
Adjust minor fuzzing documentation
Exit immediately after running unit tests
Add OSS-Fuzz Zeek script search path to fuzzers
Assume libFuzzer when LIB_FUZZING_ENGINE file doesn't exist
Change handling of LIB_FUZZING_ENGINE
Change --enable-fuzzing to --enable-fuzzers
Add standalone driver for fuzz targets
Add basic structure for fuzzing targets
* origin/topic/timw/unordered-lists:
Review fixups
Change timer_list in BroList to be an unordered list.
Add ability for List to be ordered/unordered
Add unit testing for List
Fix bug with List where replace() doesn't work with non-pointer types
- Adjusted the formatting during merge
* 'set_to_regex-docs' of https://github.com/jlagermann/zeek:
added examples to set_to_regex comments Signed-ff-by: James Lagermann <james.lagermann@corelight.com>
- Minor whitespace/format adjustments
* 'network-time-init' of https://github.com/J-Gras/zeek:
Fix documentation for network_time_init.
Improve network_time_init() test and add baseline.
Add network_time_init() event.
Add test for network_time behavior.
- Changed the logic significantly to just guarantee there's only ever a
single inactivity timer per connection
- Updated language.expire_subnet btest which is unduly sensitive to
timer-related changes
* origin/topic/jazoff/avoid-redundant-inactivity-timers:
avoid scheduling redundant inactivity timers
* origin/topic/seth/more-file-type-ident:
Adds a note in NEWS about the signature addition and restructuring
Fixes a small bug in one signature with a duplicate name.
Organized and added to the shipped file identification signatures.
- Added test case and adjusted whitespace in merge
* 'stats-logging-fix' of https://github.com/brittanydonowho/zeek:
Fixed stats.zeek to log all data before zeek terminates rather than return too soon
There's now a couple placeholder/unimplemented status values in Broker
related to upcoming routing features that we don't want to handle
explicitly for compatibility reasons, but also don't want the compiler
warning about unhandled values in the switch.
* origin/topic/timw/776-using-statements:
Remove 'using namespace std' from SerialTypes.h
Remove other using statements from headers
GH-776: Remove using statements added by PR 770
Includes small fixes in files that changed since the merge request was
made.
Also includes a few small indentation fixes.
* origin/topic/timw/nullptr:
The remaining nulls
plugin/probabilistic/zeekygen: Replace nulls with nullptr
file_analysis: Replace nulls with nullptr
analyzer: Replace nulls with nullptr
iosource/threading/input/logging: Replace nulls with nullptr
Minor whitespace adjusted during merge.
* 'topic/ak/rdpeudp' of https://github.com/anthonykasza/zeek:
change: -C flag to btest
add: ignore checksum added to btest script
change: update btest baselines for rdpeudp-handshake-success
add: rdpeudp2-handshake-success btest baseline
Update src/analyzer/protocol/rdp/rdpeudp-protocol.pac
Update src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
add: btest for rdpeudp2
add: more robust handling of RDPEUDP2 negotiation
change: RDPUDP_CORRELATION_ID_PAYLOAD definition
change: debugging why the orig synex flags aren't parsed correctly but the resp synex flags are...
add: handling for orig SYNEX flags
add: test trace for when RDPEUDP negotiates RDPEUDP2
add: more SYN PDU parsing structs
- Squashed the original commit set
- Cleaned up formatting
- Fixed register_for_ports() for right RDPEUDP analyzer
* topic/ak/rdpeudp:
Add RDP over UDP analyzer
* origin/topic/jsiwek/misc-lambda-fixes:
GH-725: fix logic for finding a lambda's usage of outer IDs
Change record field anonymous functions to use lambda expressions
* origin/topic/timw/override:
Mark input/output message classes as final, since nothing should be inheriting from them
Add missing override specifier to a number of methods, remove virtual from some as well
Add override specifier to Configure() method in almost all of the internal plugins
* origin/topic/jsiwek/runtime-exception-leak-cleanup:
Func::DescribeDebug: move a NumFields() call out of loop
Use const-ref parameter for zeek::val_list_to_args()
Fix missing IntrusivePtr.h include and ambiguous ODesc::Add call
Remove TimerMgr arg from event queuing/scheduling methods
Deprecate Analyzer::ConnectionEvent()
Deprecate file_analysis::File::FileEvent methods using val_list args
Deprecate Connection::ConnectionEvent methods
Deprecate EventMgr::QueueEventFast() and update usages to Enqueue()
Deprecate EventMgr::QueueEvent() and update usages to Enqueue()
Deprecate Func::Call(val_list*, ...)
Use vector<IntrusivePtr<Val>> for Func::Call and Event queuing args
Fix memory leak in Zeek when-statement bodies with runtime errors
Change TableVal::RecoverIndex() to return IntrusivePtr
Use IntrusivePtr in TableVal::CallExpireFunc
Fix memory leak when runtime error occurs in a Zeek for-loop
Enable leak checks for btests that produce runtime exceptions
* origin/topic/jsiwek/gh-857-rebuild-tables-on-record-redef:
Initialize RecordVal default fields when redef'd
GH-857: fix redefining record types used to index tables
Change RecordVals to get resized at time of RecordType redef
