* origin/topic/jsiwek/gh-1119-conn-removal-callbacks:
GH-1119: add base/protcols/conn/removal-hooks.zeek
Avoid run-time cost of find-filtered-trace.zeek for live traffic
Remove connection_successful and successful_connection_remove events
Historically, a 'when' condition performed an AST-traversal to locate
any index-expressions like `x[9]` and evaluated them so that it could
register the associated value as something for which it needs to receive
"modification" notifications.
Evaluating arbitrary expressions during an AST-traversal like that ignores
the typical order-of-evaluation/short-circuiting you'd expect if the
condition was evaluated normally, from its root expression.
Now, a new subclass of IndexExpr is used to keep track of all IndexExpr
results in the context of evaluating a 'when' condition without having
to do a secondary AST-traversal-and-eval. i.e. the first evaluation of
the full 'when' condition follows the typical expression-evaluation
semantics (as always), but additionally now captures all the values
a Trigger needs to monitor for modifications.
Those operations done between a vector-of-interval and a
vector-of-arithmetic-type previously threw a runtime expression error
due to an incorrect coercion being used internally.
If the inner packet of a decapsulated GTPv1 frame maps to the same
Connection as the outer packet and also contains another GTPv1
encapsulation, the same GTPv1 analyzer attempts to parse the inner
packet. In the process, the inner parsing method overwrites pointers to
memory resources the outer parsing method has not yet released and
results in a memory leak.
If the inner packet of a decapsulated AYIYA frame maps to the same
Connection as the outer packet and also contains another AYIYA
encapsulation, the same AYIYA analyzer attempts to parse the inner
packet. In the process, the inner parsing method overwrites pointers to
memory resources the outer parsing method has not yet released and
results in a memory leak.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25256
- Merge adjustments:
- Minor whitespace/style tweaks
- Fixed portability of the btest due to differences in `uniq -c`
output format
* origin/topic/robin/gh-623-sampling:
Extend weird sampling with option to track selected weirds globally.
* origin/topic/jsiwek/gh-1122:
GH-165: Fix global initializations that indirectly use builtin types
Improve how primary/top-level BIFs get initialized
GH-1122: Allow initializing globals with calls to subdir BIFs
GH-1122: Improve error for global record initialization exceptions
- Replaced "tag" with "attribute" in the error message since the former
is not exactly the same concept/meaning and also not user-facing
terminology
* origin/topic/timw/174-duplicate-attributes:
Allow duplicate attributes in full redefs
Short-circuit checking of whether attr exists
Expanded check for other tag types, fixed btest to cover more tags
GH-174: Add warning for duplicate attributes
Turns out I mistyped a filename when switching over to highwayhash.
Which went unnoticed since we do not really test against any power
architecure machines.
- Did a few whitespace re-adjustments during merge
* origin/topic/timw/266-namespaces-part5:
Update plugin btests for namespace changes
Plugins: Clean up explicit uses of namespaces in places where they're not necessary.
Base: Clean up explicit uses of namespaces in places where they're not necessary.
* origin/topic/timw/smith-waterman-iterators:
Mark Continuation.h and PacketDumper.h as deprecated
Remove vector iterator type aliases from SmithWaterman code, fix uses of them
