Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19010 commits 387 branches 195 tags 255 MiB
Commit graph

19010 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
56e55ba3ee Updating CHANGES and VERSION. 2025-08-12 12:43:40 -07:00
Tim Wojtulewicz
04c4d792d1 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump pre-commit hooks
  Bump auxil/spicy to latest development snapshot

(cherry picked from commit cc59bfa5d8)
 2025-08-12 12:42:54 -07:00
Tim Wojtulewicz
84d28bc30c Update docs submodule with 8.0.0-rc2 changes [nomail] [skip ci] 2025-08-12 11:07:04 -07:00
Tim Wojtulewicz
fcdfe2aca2 Merge remote-tracking branch 'origin/topic/awelzel/4730-smb-read-response-data-offset' 
* origin/topic/awelzel/4730-smb-read-response-data-offset:
  smb2/read: Parse only 1 byte for data_offset, ignore reserved1

(cherry picked from commit 76289a8022)
 2025-08-11 11:39:22 -07:00
Arne Welzel
1511ca00df Merge remote-tracking branch 'origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks' 
* origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks:
  cluster: Add on_subscribe() and on_unsubscribe() hooks

(cherry picked from commit 13f613eb1d)
 2025-08-11 11:36:42 -07:00
Johanna Amann
a76b2148c6 Merge remote-tracking branch 'origin/topic/johanna/analyzer-log-proto' 
* origin/topic/johanna/analyzer-log-proto:
  Add proto to analyzer.log

(cherry picked from commit 2f2f328a72)
 2025-08-11 11:34:08 -07:00
Tim Wojtulewicz
8e7482de4b Update zeek-aux submodule with c++20 changes 2025-08-07 08:33:44 -07:00
Tim Wojtulewicz
1addeab4fe Updating CHANGES and VERSION. 2025-08-04 09:44:48 -07:00
Christian Kreibich
c1cb1a2e5f Compile contributors for Zeek 8.0 in the NEWS file 
(cherry picked from commit 4fdd83f3f5)
 2025-08-04 09:39:08 -07:00
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Arne Welzel
7a68208ecf ci/windows: No ZeroMQ cluster backend 
Doesn't seems there's libzmq available, so just skip building.
 2025-08-01 10:17:13 +02:00
Arne Welzel
993502e0b6 cluster/zeromq: Bail on missing ZeroMQ by default 2025-08-01 09:46:06 +02:00
zeek-bot
aabb36abf7 Update doc submodule [nomail] [skip ci] 2025-08-01 00:28:48 +00:00
Tim Wojtulewicz
f2e155d7fa Merge remote-tracking branch 'origin/topic/timw/update-ct-ca-lists' 
* origin/topic/timw/update-ct-ca-lists:
  Update CT/CA lists to versions from NSS 3.114
 2025-07-31 14:32:21 -07:00
Tim Wojtulewicz
528f0d9766 Merge remote-tracking branch 'origin/topic/timw/update-submodules-ahead-of-8.0' 
* origin/topic/timw/update-submodules-ahead-of-8.0:
  Updating submodule(s) [nomail]
 2025-07-31 14:29:48 -07:00
Tim Wojtulewicz
1daead9edd Update CT/CA lists to versions from NSS 3.114 2025-07-31 11:34:23 -07:00
Tim Wojtulewicz
74a3fe5856 Updating submodule(s) [nomail] 2025-07-31 10:37:45 -07:00
Tim Wojtulewicz
b9a5a635bd Merge remote-tracking branch 'origin/topic/timw/clang-tidy-fix' 
* origin/topic/timw/clang-tidy-fix:
  Fix use-after-move reported by clang-tidy
 2025-07-31 10:34:58 -07:00
Tim Wojtulewicz
647da4f970 Fix use-after-move reported by clang-tidy 
This was introduced by 9eb94ee151.
 2025-07-31 09:55:43 -07:00
Johanna Amann
136bdb43fd Merge remote-tracking branch 'origin/topic/johanna/gh-4694' 
* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek
 2025-07-31 16:11:00 +01:00
Tim Wojtulewicz
3e0012ea30 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump `auxil/spicy` to latest development snapshot
 2025-07-31 07:58:05 -07:00
Benjamin Bannier
c0ce3f19fb Bump auxil/spicy to latest development snapshot 2025-07-31 13:47:32 +02:00
zeek-bot
defc0c96d8 Update doc submodule [nomail] [skip ci] 2025-07-31 00:18:15 +00:00
Arne Welzel
10e7f14f78 Merge remote-tracking branch 'origin/topic/awelzel/defer-more-stuff' 
* origin/topic/awelzel/defer-more-stuff:
  RecordType: Ensure &default fields are always re-initialized
  Attr: Deprecate using &default and &optional together on record fields
  RecordType: Allow deferring &default=vector(), set(), table() fields
 2025-07-30 10:35:56 +02:00
Arne Welzel
9eb94ee151 RecordType: Ensure &default fields are always re-initialized 
This started working partly after the deferral logic introduced with
Zeek 6.0 so this finishes it :-)
 2025-07-30 10:26:06 +02:00
Arne Welzel
473723cc47 Attr: Deprecate using &default and &optional together on record fields 
If &default implies re-initialization of the field, using them together
doesn't make much sense.
 2025-07-30 10:26:06 +02:00
Arne Welzel
23181e4811 RecordType: Allow deferring &default=vector(), set(), table() fields 2025-07-30 10:26:06 +02:00
Arne Welzel
d7fbd49d9e Merge remote-tracking branch 'origin/topic/vern/zam-record-fields-fixes' 
* origin/topic/vern/zam-record-fields-fixes:
  fixes for specialized ZAM operations needing to check whether record fields exist
 2025-07-30 10:08:21 +02:00
Johanna Amann
a90969800c Add tests for the deprecated-dpd-log.zeek policy script 
This re-adds baselines for the old dpd.log to check functionality until
its removal in 8.1
 2025-07-30 07:58:36 +01:00
Johanna Amann
8de178d923 Move c$service_violation to deprecated-dpd-log.zeek 
This moves c$service_violation to the deprecated-dpd-log policy script.

This is the only script in the distribution that uses the field, and it
is unlikely to be used externally. It is also responsible for a
significant amount of memory use by itself.

This also restores the field being populated, which was broken in
GH-4362
 2025-07-30 07:58:36 +01:00
Vern Paxson
47bf6af6a5 fixes for specialized ZAM operations needing to check whether record fields exist 2025-07-30 08:36:04 +02:00
zeek-bot
86ab82c0df Update doc submodule [nomail] [skip ci] 2025-07-30 00:25:27 +00:00
Johanna Amann
a22b45c69e Merge remote-tracking branch 'origin/topic/johanna/gh-4202' 
* origin/topic/johanna/gh-4202:
  Update NEWS for Conn::set_conn changes
  DNS-fuzzer: raise new_connection event
  Optimize Conn::set_conn to minimize operations
  Move Conn::set_conn() from connection_state_remove to new_connection
 2025-07-29 21:01:51 +01:00
Johanna Amann
8de1357e52 Update NEWS for Conn::set_conn changes 2025-07-29 18:41:59 +01:00
Johanna Amann
5e74eefd88 DNS-fuzzer: raise new_connection event 
The conn protocol scripts now assume that new_connection is run before
connection_state_remove. Update the DNS analyzer to raise the
new_connection event.
 2025-07-29 18:41:59 +01:00
Arne Welzel
ab282e3637 Merge remote-tracking branch 'origin/topic/awelzel/cluster-event-out-of-detail' 
* origin/topic/awelzel/cluster-event-out-of-detail:
  cluster::Event: Move implementation into cluster/Event.{h,cc}
  cluster: Move cluster::detail::Event to cluster::Event
 2025-07-29 18:24:20 +02:00
Arne Welzel
40389603c2 cluster::Event: Move implementation into cluster/Event.{h,cc} 2025-07-29 18:13:59 +02:00
Arne Welzel
bda70067ec cluster: Move cluster::detail::Event to cluster::Event 
This class is a parameter of virtual methods of the Backend API for users
to implement and also a parameter to the HookPublishEvent() API. Seems it
shouldn't be in detail and instead we should own it.

Alternatively, could mark the cluster APIs as not-stable-yet, but I
think we can move forward and make it non-detail for 8.0.
 2025-07-29 18:13:59 +02:00
Tim Wojtulewicz
9f3a1a135f Merge remote-tracking branch 'origin/topic/timw/fix-fuzzer-conn-key-deprecation' 
* origin/topic/timw/fix-fuzzer-conn-key-deprecation:
  Fix ConnKey deprecation warnings from generic fuzzer
 2025-07-29 07:41:23 -07:00
Tim Wojtulewicz
743b9e27cc Merge remote-tracking branch 'origin/topic/timw/fix-irc-analyzer-event-types' 
* origin/topic/timw/fix-irc-analyzer-event-types:
  Fix types passed to some of the IRC analyzer events
 2025-07-29 07:19:36 -07:00
Tim Wojtulewicz
06ec03046d Merge remote-tracking branch 'origin/topic/timw/fix-ranges-debian-11-build-failure' 
* origin/topic/timw/fix-ranges-debian-11-build-failure:
  Fix build failure with std::ranges on Debian 11
 2025-07-29 07:19:11 -07:00
Arne Welzel
cd7836dda2 Merge remote-tracking branch 'origin/topic/awelzel/4431-zeromq-drop-policy-v2' 
* origin/topic/awelzel/4431-zeromq-drop-policy-v2:
  cluster.bif: Improve Cluster::publish() docstring
  btest/cluster/zeromq: Add tests for overload behavior
  cluster/zeromq: Metric for msg errors
  cluster/zeromq: Drop events when overloaded
  cluster/zeromq: Comments and move lookups to InitPostScript()
  cluster/zeromq: Rework lambdas to member functions
  cluster/zeromq: Support local XPUB/XSUB hwm and buf configurability
  cluster/OnLoop: Support DontBlock and Force flags for queueing
  cluster/ThreadedBackend: Injectable OnLoopProcess instance
 2025-07-29 11:38:49 +02:00
Arne Welzel
55ecd90928 cluster.bif: Improve Cluster::publish() docstring 2025-07-29 11:23:53 +02:00
Arne Welzel
c8307487d1 btest/cluster/zeromq: Add tests for overload behavior 
The overload-drop.zeek and overload-no-drop.zeek tests have proxy,
worker-1 and worker-2 publish to the manager topic. For the drop
case, we verify that both, the senders, but also the manager drops
events. For the no-drop test, the HWMs are set such that all events
are buffered.

The overload-worker-proxy-topic*.zeek tests are similar, but instead
of publishing to the manager topic, proxy, worker-1 and worker-2 publish
to the proxy and worker topics to overload each other. This had
previously resulted in lockups and these tests verify that this doesn't
happen anymore.
 2025-07-29 11:23:53 +02:00
Arne Welzel
d2bb86f8b4 cluster/zeromq: Metric for msg errors 2025-07-29 11:23:53 +02:00
Arne Welzel
073de9f5fd cluster/zeromq: Drop events when overloaded 
When either the XPUB socket's hwm is reached, or the onloop queue is
full, drop the events. Users can set ths xpub_sndhwm and
onloop_queue_hwm to 0 to avoid these drops at the risk of unbounded
memory growth.
 2025-07-29 11:23:53 +02:00
Arne Welzel
5de9296c77 cluster/zeromq: Comments and move lookups to InitPostScript() 2025-07-29 11:23:53 +02:00
Arne Welzel
85d5dda028 cluster/zeromq: Rework lambdas to member functions 2025-07-29 11:23:53 +02:00
Arne Welzel
5dc4586b70 cluster/zeromq: Support local XPUB/XSUB hwm and buf configurability 2025-07-29 11:23:53 +02:00