Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17617 commits 387 branches 195 tags 255 MiB
Commit graph

17617 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
7e5a9c3a82 Merge remote-tracking branch 'origin/topic/awelzel/lookup-connection-tweaks' 
* origin/topic/awelzel/lookup-connection-tweaks:
  session/Manager: Emit explicit errors for FindConnection() with proto=65535
  IPAddr/ConnKey: Protect from uninitialized conn_id
  IPAddr/ConnKey: Promote transport to uint16_t
  session/Manager: Header cleanup
 2025-01-21 16:49:09 -07:00
Arne Welzel
92f2f66a60 Merge remote-tracking branch 'origin/topic/vern/standalone-lambdas' 
* origin/topic/vern/standalone-lambdas:
  fixes for -O gen-standalone-C++ generation of lambdas
 2025-01-20 10:27:46 +01:00
Arne Welzel
17836ef7d9 session/Manager: Emit explicit errors for FindConnection() with proto=65535 
We silently broke users constructing conn_id records manually and
subsequently using them with lookup_connection() or connection_exists().

This is an attempt to at least report a runtime error about the situation
so it doesn't go completely unnoticed.
 2025-01-17 17:57:49 +01:00
Arne Welzel
ec0a85f553 IPAddr/ConnKey: Protect from uninitialized conn_id 
Check if the non-default fields exist using HasField()
and use GetField() for proto such that it'll initialize
the default value which GetFieldAs<> doesn't do.
default
 2025-01-17 17:53:02 +01:00
Arne Welzel
1105c8fe7d IPAddr/ConnKey: Promote transport to uint16_t 
Instead of a separate bool field which is also stored in the session
table, promote the transport field to uint16_t and encode an invalid
ConnKey as transport 2**16-2
 2025-01-17 17:53:02 +01:00
Arne Welzel
33fd324ebb session/Manager: Header cleanup 2025-01-17 17:45:05 +01:00
zeek-bot
eed205d1ef Update doc submodule [nomail] [skip ci] 2025-01-17 00:12:51 +00:00
Vern Paxson
a3b54b69a1 fixes for -O gen-standalone-C++ generation of lambdas 2025-01-14 17:02:12 -08:00
zeek-bot
f571ee31e0 Update doc submodule [nomail] [skip ci] 2025-01-15 00:33:48 +00:00
Arne Welzel
868eb129bf Merge remote-tracking branch 'origin/topic/awelzel/fix-writer-info-in-logging-hooks' 
* origin/topic/awelzel/fix-writer-info-in-logging-hooks:
  logging: Fix reporter message
  logging: Avoid repeated writer name lookups for plugin hooks
  logging: Fix HookLogInit() and HookLogWrite() info usage
 2025-01-14 21:39:31 +01:00
Benjamin Bannier
c6f9dfb155 Merge branch 'topic/bbannier/coverity' 2025-01-14 18:20:11 +01:00
Benjamin Bannier
0e12e68fb7 Bump auxil/spicy to latest development snapshot 2025-01-14 17:28:31 +01:00
Benjamin Bannier
a14dd511a5 Prevent unneeded copies in QUIC C++ helper code 2025-01-14 16:59:22 +01:00
Johanna Amann
b2222e97a1 Merge remote-tracking branch 'origin/topic/johanna/gh-4061' 
* origin/topic/johanna/gh-4061:
  Update BiF-tracking, add is_event_handled
  Address review comments and small updates for DNS warnings
  Raise warnings when for DNS events that are not raised due to dns_skip_all_addl
 2025-01-14 14:39:56 +00:00
Arne Welzel
5f91f8485c Merge remote-tracking branch 'origin/topic/vern/C++-standalone-record-redef' 
* origin/topic/vern/C++-standalone-record-redef:
  support for record extensions when using -O gen-standalone-C++
 2025-01-14 11:14:25 +01:00
Vern Paxson
960931ba5c support for record extensions when using -O gen-standalone-C++ 2025-01-14 11:12:10 +01:00
Arne Welzel
fd2229e7bb logging: Fix reporter message 2025-01-14 10:46:37 +01:00
Arne Welzel
345c4ca28a logging: Avoid repeated writer name lookups for plugin hooks 
If a plugin provides a write hook, the invocation for HookLogWrite() would
redo looking up the writer's name from the enum value and instantiating
a new std::string instance for every write. Avoid doing this.
 2025-01-14 10:45:34 +01:00
Arne Welzel
927a06b9ab logging: Fix HookLogInit() and HookLogWrite() info usage 
There's two instances of WriterBackend::WriterInfo for a given
writer. One in Manager::WriterInfo that's accessible via
stream.writers and a copy within WriterFrontend.

Commit 78999d147d switched to use the
address of the frontend's info instance for HookLogWrite() invocations,
breaking users using the address for identification purposes.
 2025-01-14 10:44:50 +01:00
Johanna Amann
6bfa55904c Update BiF-tracking, add is_event_handled 2025-01-14 09:33:49 +00:00
Johanna Amann
13f042cc27 Address review comments and small updates for DNS warnings 
This commit addresses review feedback for DH-4155. Furthermore it fixes
test failures, and adds a new test for the is_event_handled bif.
 2025-01-14 09:33:48 +00:00
Benjamin Bannier
300b3788e2 Merge branch 'topic/bbannier/coverity' 2025-01-14 08:44:22 +01:00
Benjamin Bannier
3f5fd5c414 Bump auxil/spicy to latest development snapshot 2025-01-13 23:03:27 +01:00
Benjamin Bannier
2fd20f71ad Prevent copies in various places 2025-01-13 22:19:16 +01:00
Tim Wojtulewicz
8931c352ef Merge remote-tracking branch 'origin/topic/bbannier/fix-spicy-ssl-includes' 
* origin/topic/bbannier/fix-spicy-ssl-includes:
  Fix incomplete includes in Spicy SSL analyer C++ code
 2025-01-13 08:31:04 -07:00
Tim Wojtulewicz
3ae6904b7c Merge branch 'topic/timw/add-security-md' 
* topic/timw/add-security-md:
  Add SECURITY.md, pointing at the website
 2025-01-13 08:22:13 -07:00
Tim Wojtulewicz
1ff5569762 Add SECURITY.md, pointing at the website 2025-01-13 08:21:28 -07:00
Tim Wojtulewicz
36737657ea Merge remote-tracking branch 'origin/topic/timw/non-routeable-subnets' 
* origin/topic/timw/non-routeable-subnets:
  Update zeekctl submodule [nomail]
 2025-01-13 08:20:09 -07:00
Tim Wojtulewicz
16809435a7 Update zeekctl submodule [nomail] 2025-01-13 08:18:47 -07:00
Benjamin Bannier
097088085e Fix incomplete includes in Spicy SSL analyer C++ code 
This appears to have been broken by
feec451bce.
 2025-01-12 14:00:51 +01:00
zeek-bot
436d23204e Update doc submodule [nomail] [skip ci] 2025-01-12 00:22:54 +00:00
Benjamin Bannier
8910415659 Merge branch 'topic/bbannier/bump-spicy' 2025-01-11 17:36:54 +01:00
zeek-bot
7b3126689f Update doc submodule [nomail] [skip ci] 2025-01-11 00:13:58 +00:00
Christian Kreibich
f2d54db694 Merge remote-tracking branch 'origin/topic/etyp/harden-flaky-test' 
* origin/topic/etyp/harden-flaky-test:
  Harden flaky test based on creating a file
 2025-01-10 11:15:45 -08:00
Benjamin Bannier
a17ca4f870 Mark swap specialization noexcept 2025-01-10 11:42:27 +01:00
Benjamin Bannier
feec451bce Clean up some includes 2025-01-10 11:42:27 +01:00
Benjamin Bannier
3ea2d2760a Prevent exception in noexcept function. 2025-01-10 11:42:26 +01:00
Benjamin Bannier
85ad6084e8 Prevent exception escape. 2025-01-10 11:42:26 +01:00
Benjamin Bannier
a4ab0af70d Prevent unnecessary copies in Spicy bindings 2025-01-10 11:42:26 +01:00
Benjamin Bannier
7f1d3ae559 Bump auxil/spicy to latest development snapshot 2025-01-10 11:42:26 +01:00
Tim Wojtulewicz
c10b18253a Merge remote-tracking branch 'origin/topic/timw/non-routeable-subnets' 
* origin/topic/timw/non-routeable-subnets:
  Update btests for new local-only subnets
  Add recommended non-routable subnets
 2025-01-09 22:18:03 -07:00
Tim Wojtulewicz
0fcbc8546e Update btests for new local-only subnets 2025-01-09 22:16:42 -07:00
JW-Corelight
05e3de9b81 Add recommended non-routable subnets 
224.0.0.0/24 (and 6to4 conversion 2002:e000::/40) from RFC5771	"Multicast Local Network Control Block" defined as non-routable.

239.0.0.0/8 (and 6to4 conversion 2002:ef00::/24) from RFC2365 "Administratively Scoped IP Multicast"

fec0::/10 from RFC3879 "Deprecated Site Local Addresses"
(cherry picked from commit 821ab2dbed)
 2025-01-09 22:15:45 -07:00
Tim Wojtulewicz
5fbbbe9548 Fix another typo in the Coverity workflow script 2025-01-09 18:45:56 -07:00
zeek-bot
a4d9067327 Update doc submodule [nomail] [skip ci] 2025-01-10 00:14:49 +00:00
Tim Wojtulewicz
a919226b24 Merge remote-tracking branch 'origin/topic/vern/macro-descriptions' 
* origin/topic/vern/macro-descriptions:
  Add missing include for <vector>
  Extended ZAM validation to include macros
 2025-01-09 13:47:57 -07:00
Tim Wojtulewicz
c30af24aee Add missing include for <vector> 2025-01-09 12:28:24 -07:00
Tim Wojtulewicz
7df5298fcd Merge remote-tracking branch 'origin/topic/vern/zam-header-factoring' 
* origin/topic/vern/zam-header-factoring:
  factoring of some ZAM header files for better modularity
 2025-01-09 12:09:16 -07:00
Tim Wojtulewicz
f57e650242 Merge remote-tracking branch 'origin/topic/vern/CPP-standalone-fixes' 
* origin/topic/vern/CPP-standalone-fixes:
  fixes for initializing globals when using -O gen-standalone-C++
 2025-01-09 12:02:55 -07:00
Evan Typanski
34f13e7291 Harden flaky test based on creating a file 
Closes #4102

Surely it won't take over 10 seconds to create the file
 2025-01-09 11:06:04 -05:00