Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18073 commits 387 branches 195 tags 255 MiB
Commit graph

18073 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
89d22f6133 Merge branch 'topic/timw/clang-tidy-iwyu-for-all-targets' 
* topic/timw/clang-tidy-iwyu-for-all-targets:
  Update src/3rdparty submodule to disable clang-format
  Disable linting for files generated by bison
  Make sure clang-tidy and iwyu are added to all targets
 2025-04-17 09:29:11 -07:00
Tim Wojtulewicz
94d742d314 Update src/3rdparty submodule to disable clang-format 2025-04-17 09:26:55 -07:00
Tim Wojtulewicz
7111d6a143 Disable linting for files generated by bison 
These files will report lots of findings in the code that we have no
control over.
 2025-04-17 09:26:55 -07:00
Tim Wojtulewicz
64e2fccc2b Make sure clang-tidy and iwyu are added to all targets 2025-04-17 09:26:55 -07:00
Tim Wojtulewicz
ce7ef3ce6a Merge remote-tracking branch 'origin/topic/timw/include-zeekjs-in-docs-by-default' 
* origin/topic/timw/include-zeekjs-in-docs-by-default:
  Add libnode-dev to docs github runner, update docs to include ZeekJS
 2025-04-17 08:59:41 -07:00
Tim Wojtulewicz
586a4fc4c5 Add libnode-dev to docs github runner, update docs to include ZeekJS 2025-04-17 08:58:54 -07:00
Arne Welzel
0cb5ec735a Merge remote-tracking branch 'origin/topic/awelzel/btest-no-bare-at-test' 
* origin/topic/awelzel/btest-no-bare-at-test:
  pre-commit: Ensure testing files have @TEST lines commented
  testing/btest/*js: Comment all @TEST lines
  testing/btest/*test: Comment all @TEST lines
  testing/btest/*evt: Comment all @TEST lines
  testing/btest/*zeek: Comment all @TEST lines
 2025-04-17 16:57:08 +02:00
Arne Welzel
dde478db6d pre-commit: Ensure testing files have @TEST lines commented 2025-04-17 16:30:23 +02:00
Arne Welzel
51f504b38f testing/btest/*js: Comment all @TEST lines 2025-04-17 16:30:23 +02:00
Arne Welzel
86249db2a3 testing/btest/*test: Comment all @TEST lines 2025-04-17 16:30:23 +02:00
Arne Welzel
6617da5bbd testing/btest/*evt: Comment all @TEST lines 2025-04-17 16:30:23 +02:00
Arne Welzel
85b8c8866b testing/btest/*zeek: Comment all @TEST lines 2025-04-17 16:30:23 +02:00
Arne Welzel
2f0be32f5f Merge branch 'topic/jgras/shutdown-session-clear' of https://github.com/J-Gras/zeek 
* 'topic/jgras/shutdown-session-clear' of https://github.com/J-Gras/zeek:
  Remove finish_run()
  Deprecate session manager's Done()
  Clear sessions when session manager is done
 2025-04-17 15:20:42 +02:00
Jan Grashoefer
7e2f33c9ee Remove finish_run() 2025-04-17 14:38:21 +02:00
Tim Wojtulewicz
9dc57225c8 Merge remote-tracking branch 'origin/topic/bbannier/ixwebsocket-warnings' 
* origin/topic/bbannier/ixwebsocket-warnings:
  Suppress warnings from compilation of external ixwebsocket dependency
 2025-04-16 15:41:05 -07:00
Tim Wojtulewicz
63837a44ed Update docs submodule [nomail] [skip ci] 2025-04-16 13:53:02 -07:00
Benjamin Bannier
d3d49727ee Suppress warnings from compilation of external ixwebsocket dependency 
Clang warns about declared but unused parameters somewhere in the guts of
IXWebSocket (internal code, not its headers). We are not interested in
this or similar warnings since we do not control this code, so suppress
all warnings for this target.
 2025-04-16 20:42:14 +02:00
Arne Welzel
a2a535d0c9 Merge remote-tracking branch 'origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss' 
* origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss:
  ldap: Clean up from code review
  ldap: Add Sicily Authentication constants
  ldap: Only switch into MS_KRB5 mode if responseToken exists
 2025-04-16 09:40:05 +02:00
zeek-bot
e24be6ba3f Update doc submodule [nomail] [skip ci] 2025-04-16 00:15:39 +00:00
Arne Welzel
b8e573a3b9 ldap: Clean up from code review 
Co-authored-by: Benjamin Bannier <benjamin.bannier@corelight.com>
 2025-04-15 20:10:56 +02:00
Arne Welzel
07bf7f8b18 ldap: Add Sicily Authentication constants 
The aduser1-ntlm.pcap contains bindRequest messages using Microsoft AD
specific Sicily Authentication [1]. Add the entries to the enum so we
don't log undefined for these and also check the NTLMSSP signature.

[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8b9dbfb2-5b6a-497a-a533-7e709cb9a982
 2025-04-15 20:10:56 +02:00
Arne Welzel
ff58be2f36 ldap: Only switch into MS_KRB5 mode if responseToken exists 
If the server doesn't include a responseToken within negTokenResp,
assume there won't be signing or sealing happening on the
connection. Don't switch into MS_KRB5 mode.

Closes #4275
 2025-04-15 20:10:52 +02:00
Jan Grashoefer
124f2a7d28 Deprecate session manager's Done() 2025-04-15 18:55:56 +02:00
Arne Welzel
ee5ebc1b2a Merge remote-tracking branch 'origin/topic/awelzel/bump-websocket-ixwewbsocket' 
* origin/topic/awelzel/bump-websocket-ixwewbsocket:
  IXWebSocket: Bump to latest upstream master
 2025-04-15 18:31:55 +02:00
Tim Wojtulewicz
4472d600e5 Merge remote-tracking branch 'origin/topic/timw/enable-krb5-on-not-linux' 
* origin/topic/timw/enable-krb5-on-not-linux:
  CI: Add krb5 to FreeBSD
  Switch libkrb5 check to exclude only Darwin
 2025-04-15 08:58:06 -07:00
Jan Grashoefer
013dc2010f Clear sessions when session manager is done 
It looks like there is no reason to keep sessions in the map beyond the
point where the session manager is considered done. This hopefully
simplifies the shutdown control flow a tiny bit.
 2025-04-15 14:23:03 +02:00
zeek-bot
349fdccfb3 Update doc submodule [nomail] [skip ci] 2025-04-15 00:26:29 +00:00
Tim Wojtulewicz
22a8c35734 CI: Add krb5 to FreeBSD 2025-04-14 15:15:05 -07:00
Tim Wojtulewicz
2f48229f28 Switch libkrb5 check to exclude only Darwin 2025-04-14 14:58:08 -07:00
Tim Wojtulewicz
6ecb8f0f5f Merge remote-tracking branch 'origin/topic/timw/storage-serialization' 
* origin/topic/timw/storage-serialization:
  Add STORAGE_ prefixes for backends and serializers
  Add versioning to JSON serializer
  Remove unnecessary includes in Val.h
  Move byte_buffer types from cluster and storage into util
  Remove unnecessary <array> and <memory> includes from util.h
  Mark storage classes as final where appropriate
  Add JSON storage serializer, use with existing backends/tests
  Make ValFromJSON return zeek::expected instead of a variant
  Ground work for pluggable storage serializers
 2025-04-14 10:12:29 -07:00
Tim Wojtulewicz
cb1ef47a31 Add STORAGE_ prefixes for backends and serializers 2025-04-14 10:11:13 -07:00
Tim Wojtulewicz
9593db1974 Add versioning to JSON serializer 2025-04-14 10:11:13 -07:00
Tim Wojtulewicz
dbb3144e2d Remove unnecessary includes in Val.h 2025-04-14 10:11:13 -07:00
Tim Wojtulewicz
1169fcf2a2 Move byte_buffer types from cluster and storage into util 2025-04-14 10:11:13 -07:00
Tim Wojtulewicz
40b75cb809 Remove unnecessary <array> and <memory> includes from util.h 2025-04-14 10:11:13 -07:00
Tim Wojtulewicz
98bd85b805 Mark storage classes as final where appropriate 2025-04-14 10:11:13 -07:00
Tim Wojtulewicz
88786a28a2 Add JSON storage serializer, use with existing backends/tests 2025-04-14 10:11:13 -07:00
Arne Welzel
26d56a3732 IXWebSocket: Bump to latest upstream master 
The PR for the threading issue was merged. Still keeping the submodule
to point at our own fork as I have a hunch there might be more.
 2025-04-14 19:03:12 +02:00
Tim Wojtulewicz
201d4508e6 Make ValFromJSON return zeek::expected instead of a variant 2025-04-14 10:02:35 -07:00
Tim Wojtulewicz
e545fe8256 Ground work for pluggable storage serializers 2025-04-14 10:02:35 -07:00
Arne Welzel
faac36f4cd Merge remote-tracking branch 'origin/topic/awelzel/bump-zeekjs-0-17-0' 
* origin/topic/awelzel/bump-zeekjs-0-17-0:
  Bump zeekjs to v0.17.0
 2025-04-14 18:59:13 +02:00
Arne Welzel
ffaeeb6b12 Bump zeekjs to v0.17.0 
fc005a5 Plugin: Drop unneeded zeekjs.bif.h
    cbf737f Plugin: Remove unneeded zeek::Args copy
    2129feb Plugin/Nodejs: Remove intermediate Event instance
    5de78b4 Ignore the typescript test.
    550a0f3 Force users to specify to Node that they want to run typescript.
    7a44aad Add a test for typescript support.
    cda2d69 Begin support for the Node's new experimental typescript support
 2025-04-14 17:43:29 +02:00
Tim Wojtulewicz
c4d0273ffa Update bifcl submodule [nomail] 2025-04-14 08:11:51 -07:00
Arne Welzel
c2e039f14d Merge remote-tracking branch 'origin/topic/awelzel/generic-metadata-pre-work' 
* origin/topic/awelzel/generic-metadata-pre-work:
  cluster/Backend: Add name and lookup component tag
  cluster/Event: Hide members behind accessors
  cluster/PublishEvent:: Make event non-const
  broker/Manager: Re-use broker serializer for conversion
  EventMgr: Add Dispatch() with handler and args
  plugin/Manager: Fix MetaHookPre and MetaHookPost using HOOK_CALL_FUNCTION
 2025-04-13 17:16:46 +02:00
Arne Welzel
f1ae944c9c Merge branch 'topic/jgras/fix-future-event-ts' of https://github.com/J-Gras/zeek 
* 'topic/jgras/fix-future-event-ts' of https://github.com/J-Gras/zeek:
  Prevent event timestamps set to future
 2025-04-11 15:17:11 +02:00
Jan Grashoefer
3858a2920e Prevent event timestamps set to future 
For scheduled events, the event timestamp is the intended timestamp. If
we force timer expiration, the timestamp might be in the future. Today,
this happens on shutdown. This change guarantees that event timestamps
are never set beyond network time.
 2025-04-11 13:06:33 +02:00
Robin Sommer
75b3bca7de
Bump Spicy. 2025-04-11 13:00:30 +02:00
Robin Sommer
6bf6e695b5
Merge remote-tracking branch 'origin/topic/robin/gh-4301-with-spicy' 
* origin/topic/robin/gh-4301-with-spicy:
  Fix `--with-spicy`.
 2025-04-11 12:59:29 +02:00
Robin Sommer
a2f4588a15
Merge remote-tracking branch 'origin/topic/robin/gh-3522-spicy-docs-state' 
* origin/topic/robin/gh-3522-spicy-docs-state:
  Spicy: Document lifetime semantics of Zeek analyzers created from Spicy.
 2025-04-11 12:59:05 +02:00
Arne Welzel
3946856f06 cluster/Backend: Add name and lookup component tag 
This adds two new accessors on Backend, Name() and Tag() that can
be used for introspection of a Backend instance.
 2025-04-11 10:01:30 +02:00