* origin/topic/vern/script-inlining:
cleaner approach for localizing errors associated with duplicated ASTs: virtualize GetLocationInfo
Add commentary to Frame::GetElement(int) about lack of offset adjustment
Remove unused local in Inliner::Analyzer()
Tweak FuncInfo memory management
Switch InlineExpr from using IDPList* to vector<IDPtr>
Insert contents of #included script-opt files directly
Simplify some IntrusivePtr operations in Expr::Duplicate/Inline
Remove Func::AsScriptFunc() methods
Remove superflous std::move's from Inliner return values
Remove SetupResult::parse_only field
Rename Frame::IncreaseOffset() to Frame::AdjustOffset()
Update alternative plugins.hooks baselines
Superficial changes to script-opt related code
merge glitch
updates from test suite
inlining of Zeek script functions
inlining of Zeek script functions
A logger process being terminated/killed while in the process of creating
a new .shadow file may leave an empty (invalid) one around. This in turn
causes the logger to error and exit during startup.
$ $ ls -lha .shadow.*
-rw-r--r-- 1 root root 0 Dec 16 18:48 .shadow.dns.log
-rw-r--r-- 1 root root 0 Dec 16 18:48 .shadow.packet_filter.log
$ zeek LogAscii::enable_leftover_log_rotation=T Log::default_rotation_interval=30sec -i wlp0s20f3
error in <params>, line 1: failed to process leftover log 'dns.log': Found leftover log, 'dns.log', but the associated shadow file, '.shadow.dns.log', required to process it is invalid
error in <params>, line 1: failed to process leftover log 'packet_filter.log': Found leftover log, 'packet_filter.log', but the associated shadow file, '.shadow.packet_filter.log', required to process it is invalid
$ ...
Prevent creating invalid .shadow files by atomically creating them.
This event is raised for messages that (probably) are TLS 1.3 handshake
messages, including finished. This allows scripts to examine handshake
messages without having to handle all encrypted messages.
In TLS 1.3, the ChangeCipherSpec message is meaningless; it only is
included to convince middleboxes that the devices actually are speaking
TLS 1.2. Nowadays some TLS 1.3 implementations also just don't send the
packet.
In a push to unify our handling of TLS 1.3 connections - ignore CCS and
always go with application data packet counting to determine if
connections are or are not encrypted.
* origin/topic/jsiwek/gh-1329-fuzzer-driver-cleanup:
Rename a 'do_net_run' variable to 'do_run_loop'
GH-1329: call Zeek's cleanup function from standalone fuzzer driver
Otherwise, the global Broker manager object containing CAF/threading
logic is never destructed and can result in a heap-use-after-free if it
tries to access other global objects after they're cleaned up from
__cxa_finalize().
This commit changes the logic that is used to tracks connection
establishment - and moves it from scriptland into the core.
TLS 1.3 connection establishment is much more finnicky for us than the
establishment of earlier versions - since we cannot rely on the CCS
message anymore (which is meaningless and not sent in a lot of cases).
With this commit, the ssl_encrypted_data message gets raised for
encrypted TLS 1.3 handshake messages - which is much more correct than
the behavior before that just interpreted them as plaintext messages.
I will refine this a bit more - at the moment the connection established
event happens a bit too early - earlier than TLS 1.3 connections
actually can be estasblished.
Part of GH-1323
