Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19035 commits 387 branches 195 tags 255 MiB
Commit graph

19035 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
73c9a1f3d9 Update docs submodule with 8.1 deprecation removals 2025-08-12 11:00:40 -07:00
Tim Wojtulewicz
cdba3c601f Update zeekjs submodule with 8.1 deprecation fixes 2025-08-12 10:19:03 -07:00
Tim Wojtulewicz
d95affde4d Remove deprecations tagged for v8.1 2025-08-12 10:19:03 -07:00
zeek-bot
e4dab3dded Update doc submodule [nomail] [skip ci] 2025-08-12 00:44:57 +00:00
Tim Wojtulewicz
76289a8022 Merge remote-tracking branch 'origin/topic/awelzel/4730-smb-read-response-data-offset' 
* origin/topic/awelzel/4730-smb-read-response-data-offset:
  smb2/read: Parse only 1 byte for data_offset, ignore reserved1
 2025-08-11 11:37:38 -07:00
Tim Wojtulewicz
dff534962e Merge remote-tracking branch 'origin/topic/timw/docs-generation-virtualenv' 
* origin/topic/timw/docs-generation-virtualenv:
  Update docs submodule with new python packages
  Use virtualenv in docs generation/builds
 2025-08-10 21:28:48 -07:00
Tim Wojtulewicz
302f6f2787 Update docs submodule with new python packages 2025-08-10 21:21:41 -07:00
Tim Wojtulewicz
ef055ddb7c Use virtualenv in docs generation/builds 2025-08-08 20:38:31 -07:00
Arne Welzel
b2a2ad7e10 smb2/read: Parse only 1 byte for data_offset, ignore reserved1 
A user provided a SMB2 pcap with the reserved1 field of a ReadResponse
set to 1 instead of 0. This confused the padding computation due to
including this byte into the offset. Properly split data_offset and
reserved1 into individual byte fields.

Closes #4730
 2025-08-08 16:12:20 +02:00
Arne Welzel
13f613eb1d Merge remote-tracking branch 'origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks' 
* origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks:
  cluster: Add on_subscribe() and on_unsubscribe() hooks
 2025-08-08 14:24:18 +02:00
Tim Wojtulewicz
54d67c3322 Merge remote-tracking branch 'origin/topic/timw/cleanup-warnings-from-plugin-btest-builds' 
* origin/topic/timw/cleanup-warnings-from-plugin-btest-builds:
  Update zeek-aux to remove BRO_DIST from plugin skeleton
  cmake_minimum_required() should come before project()
 2025-08-07 08:39:40 -07:00
Tim Wojtulewicz
162ecc022e Update zeek-aux to remove BRO_DIST from plugin skeleton 2025-08-07 08:39:08 -07:00
Arne Welzel
bd9130a69a Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-four-thanks-clang-tidy' 
* origin/topic/awelzel/tap-analyzer-take-four-thanks-clang-tidy:
  btest/tap-analyzer: Update existing test and add new one for UpdateConnVal()
  SessionAdapter: Keep tap_analyzers until destruction
  tcp,udp,icmp adapters: Move TapPacket() to earlier
  tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call
 2025-08-07 10:49:12 +02:00
Tim Wojtulewicz
3c535ec215 cmake_minimum_required() should come before project() 2025-08-06 12:10:41 -07:00
Arne Welzel
f98508bbb0 btest/tap-analyzer: Update existing test and add new one for UpdateConnVal() 
This also changes the output of connection UIDs from the tap analyzer to be
prefixed with C for easier correlation with other logs.

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:59 +02:00
Arne Welzel
bdff2935a4 SessionAdapter: Keep tap_analyzers until destruction 
connection_state_remove() is invoked after Done(), so it's not a good
idea to remove the tap analyzers before in case they have up-to-date
information for the connection val.

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:55 +02:00
Arne Welzel
ee93213d39 tcp,udp,icmp adapters: Move TapPacket() to earlier 
Writing a test, the packet was tapped after protocol analysis at least
for TCP. Ensure tapping happens before. The adapter->Process() moving
after pkt->session made me a bit wondering if things are underspecified
here, but seems reasonable to set the session on pkt before adapter->Process().

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:51 +02:00
Arne Welzel
9d7cfcbce3 tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call 
Now that SessionAdapter implements UpdateConnVal(), the individual
adapters need to call that instead of Analyzer::UpdateConnVal()

Thanks clang-tidy.

Relates to #4337 #4725 #4734 #4737
 2025-08-06 17:22:44 +02:00
Johanna Amann
2f2f328a72 Merge remote-tracking branch 'origin/topic/johanna/analyzer-log-proto' 
* origin/topic/johanna/analyzer-log-proto:
  Add proto to analyzer.log
 2025-08-06 14:38:47 +01:00
Evan Typanski
22f77248f5 Merge remote-tracking branch 'origin/topic/etyp/fix-record-vec-type-conflict' 
* origin/topic/etyp/fix-record-vec-type-conflict:
  Fix record coercion with compatible types
 2025-08-06 09:10:19 -04:00
Arne Welzel
33b6869425 Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-three' 
* origin/topic/awelzel/tap-analyzer-take-three:
  TapAnalyzer: Fix docstring
  btest/plugins/tap-analyzer: Update baseline
 2025-08-06 14:27:56 +02:00
Arne Welzel
ce7c394af1 TapAnalyzer: Fix docstring 
Relates to #4337 #4725 #4734
 2025-08-06 14:19:40 +02:00
Arne Welzel
ac776b0aad btest/plugins/tap-analyzer: Update baseline 
Relates to #4337 #4725 #4734
 2025-08-06 14:17:42 +02:00
Johanna Amann
82266b1e78 Add proto to analyzer.log 
The analyzer.log file was missing the protocol field to distinguish
tcp/udp connections.
 2025-08-06 11:34:57 +01:00
Arne Welzel
7dea987432 Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-follow-up' 
* origin/topic/awelzel/4337-tap-analyzer-follow-up:
  TapAnalyzer: More verdict to action rename
 2025-08-05 20:00:44 +02:00
Arne Welzel
b4925fbd16 TapAnalyzer: More verdict to action rename 
Relates to #4725 #4337
 2025-08-05 19:59:06 +02:00
Arne Welzel
1e05588e8e Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-sketch' 
* origin/topic/awelzel/4337-tap-analyzer-sketch:
  IPBasedAnalyzer: Call TapPacket() when skipping
  SessionAdapter: Introduce TapAnalyzer for session adapter
 2025-08-05 19:49:01 +02:00
Arne Welzel
4bc7f9532c IPBasedAnalyzer: Call TapPacket() when skipping 
When skip_further_processing() is called, a TapAnalyzer should still see
the packets as skipped with SkipReason "skipping".
 2025-08-05 19:47:04 +02:00
Arne Welzel
dc904b2216 SessionAdapter: Introduce TapAnalyzer for session adapter 
This commit introduces a mechanism to attach light weight analyzers to
the root analyzer of sessions in order to tap into the packets delivered
to child analyzer.
 2025-08-05 19:47:02 +02:00
Evan Typanski
006bef71b5 Fix record coercion with compatible types 
Fixes #4722
 2025-08-04 17:09:26 -04:00
Christian Kreibich
56325d1412 Merge branch 'topic/christian/zeek-8.0-news' 
* topic/christian/zeek-8.0-news:
  Compile contributors for Zeek 8.0 in the NEWS file
 2025-08-04 09:35:53 -07:00
Christian Kreibich
4fdd83f3f5 Compile contributors for Zeek 8.0 in the NEWS file 2025-08-04 09:32:58 -07:00
Tim Wojtulewicz
6afeeca090 Start of 8.1.0 development 2025-08-04 08:26:29 -07:00
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Arne Welzel
1a87ebab72 cluster: Add on_subscribe() and on_unsubscribe() hooks 
Closes #4176
 2025-08-01 14:06:19 +02:00
Arne Welzel
7a68208ecf ci/windows: No ZeroMQ cluster backend 
Doesn't seems there's libzmq available, so just skip building.
 2025-08-01 10:17:13 +02:00
Arne Welzel
993502e0b6 cluster/zeromq: Bail on missing ZeroMQ by default 2025-08-01 09:46:06 +02:00
zeek-bot
aabb36abf7 Update doc submodule [nomail] [skip ci] 2025-08-01 00:28:48 +00:00
Tim Wojtulewicz
f2e155d7fa Merge remote-tracking branch 'origin/topic/timw/update-ct-ca-lists' 
* origin/topic/timw/update-ct-ca-lists:
  Update CT/CA lists to versions from NSS 3.114
 2025-07-31 14:32:21 -07:00
Tim Wojtulewicz
528f0d9766 Merge remote-tracking branch 'origin/topic/timw/update-submodules-ahead-of-8.0' 
* origin/topic/timw/update-submodules-ahead-of-8.0:
  Updating submodule(s) [nomail]
 2025-07-31 14:29:48 -07:00
Tim Wojtulewicz
1daead9edd Update CT/CA lists to versions from NSS 3.114 2025-07-31 11:34:23 -07:00
Tim Wojtulewicz
74a3fe5856 Updating submodule(s) [nomail] 2025-07-31 10:37:45 -07:00
Tim Wojtulewicz
b9a5a635bd Merge remote-tracking branch 'origin/topic/timw/clang-tidy-fix' 
* origin/topic/timw/clang-tidy-fix:
  Fix use-after-move reported by clang-tidy
 2025-07-31 10:34:58 -07:00
Tim Wojtulewicz
647da4f970 Fix use-after-move reported by clang-tidy 
This was introduced by 9eb94ee151.
 2025-07-31 09:55:43 -07:00
Johanna Amann
136bdb43fd Merge remote-tracking branch 'origin/topic/johanna/gh-4694' 
* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek
 2025-07-31 16:11:00 +01:00
Tim Wojtulewicz
3e0012ea30 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump `auxil/spicy` to latest development snapshot
 2025-07-31 07:58:05 -07:00
Benjamin Bannier
c0ce3f19fb Bump auxil/spicy to latest development snapshot 2025-07-31 13:47:32 +02:00
zeek-bot
defc0c96d8 Update doc submodule [nomail] [skip ci] 2025-07-31 00:18:15 +00:00
Arne Welzel
10e7f14f78 Merge remote-tracking branch 'origin/topic/awelzel/defer-more-stuff' 
* origin/topic/awelzel/defer-more-stuff:
  RecordType: Ensure &default fields are always re-initialized
  Attr: Deprecate using &default and &optional together on record fields
  RecordType: Allow deferring &default=vector(), set(), table() fields
 2025-07-30 10:35:56 +02:00