* topic/johanna/no-error-message-durning-tls-or-dtls-protocol-violations:
SSL: failing analyzer handling - address review feedback
SSL: do not try to disable failed analyzer
Also folds in minor feedback from GH-3012
Currently, if a TLS/DTLS analyzer fails with a protocol violation, we
will still try to remove the analyzer later, which results in the
following error message:
error: connection does not have analyzer specified to disable
Now, instead we don't try removing the analyzer anymore, after a
violation occurred.
* origin/topic/timw/windows-setvbuf:
Use workaround for setvbuf on Windows in DebugLogger/Extract file analyzer
Add ifdef'd implementation of setvbuf to zeek::util
For low-level packet analysis use-cases, these fields are currently
not script-land accessible via raw_packet() or so. They are accessible
on the icmp_context record, but not on the actual ip4_hdr record, so
add them.
The PktSrc::Stats object works with 64bit unsigned integers. Unfortunately,
libpcap's struct pcap_stat is using 32bit values and users have reported
the wrapping of these values being visible in their stats.log roughly every
7.5 hours (~160kpps).
This change moves tracking of link and drop counters into the PktSrc::Stats
object (like is done for received and bytes_received) and updates them
on a call to PcapSource::Statistics() with the difference to the
previous stats values to prevent the wrap from becoming visible to
script land.
This doesn't cover the case of the stats counters wrapping around multiple
times between two invocations of PktSrc::Statistics(). With the default
interval of 5 minutes for the stats script, this seems acceptable.
Closes#2791.
* jgras/topic/jgras/cluster-init-tests:
Simplify btests using cluster_started event.
Remove old cluster start tests.
Reverted removal of old cluster start tests during merge.
* origin/topic/timw/windows-ci-unit-testing:
Modify Windows test cmd file to actually run tests
Add template file and cmake call for zeek-path setup on Windows
* origin/topic/neverlord/gh-2806:
test/builtin-plugins: Add plugin using ZEEK_VERSION_NUMBER
Revert putting plugins into a fresh scope for now
Propagate zeek-version.h skip via CMake properties
* origin/topic/awelzel/zeekctl-multiple-loggers:
NEWS: Add entry for ZeekControl and multi-loggers
Bump zeekctl to multi-logger version
logging: Support rotation_postprocessor_command_env
* origin/topic/timw/2324-llc-snap-and-novell-oh-my:
Update docs and NEWS to include LLC, SNAP, and Novell packet analyzers
Fix length checks in VLAN/Ethernet analyzers for non-ethertype protocols
Add forwarding from VLAN analyzer into LLC, SNAP, and Novell 802.3 analyzers
Remove non-standard way of forwarding out of the Ethernet analyzer
Add basic LLC, SNAP, and Novell 802.3 packet analyzers
ARP: add support for IEEE802 hardware type
