Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
16629 commits 385 branches 195 tags 260 MiB
Commit graph

16629 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vern Paxson
4b39e1f5f5 shift ZAM maintenance monitoring of new BiFs to a BTest so it automatically runs 2024-04-25 09:15:12 -07:00
Vern Paxson
9fe7d8581f make externally available the expression used for initializating a record field 2024-04-25 09:15:12 -07:00
Vern Paxson
88ef6cb5b6 record field initialization optimization: do coercions at compile-time if applicable 2024-04-25 09:15:12 -07:00
Vern Paxson
b3dacce3e1 $ZAM_PROFILE_ALL set tells ZAM to profile function bodies even if not executed 2024-04-25 09:15:12 -07:00
Vern Paxson
c11c2830b1 performance speed-up for SMB base scripts 2024-04-25 09:15:12 -07:00
Vern Paxson
39c3a0ec0b fix for ZAM optimization pruning of unnecessary instructions 2024-04-25 09:15:12 -07:00
Vern Paxson
6c696f7c55 bug fix for ZAM code generation 2024-04-25 09:15:12 -07:00
Vern Paxson
4e253aae0a optimize generation of "-O gen-C++" code for table/vector size operations 2024-04-25 09:15:12 -07:00
Vern Paxson
5311904bb1 removing vestigial same_val() function 2024-04-25 09:15:12 -07:00
Vern Paxson
9c4da40e39 fix for ZAM optimization of '!' expressions 2024-04-25 09:15:12 -07:00
Vern Paxson
a72b1af2ea fix for ZAM tracking of return values when in-lining 2024-04-25 09:15:12 -07:00
Vern Paxson
8c4c224c93 fix for ZAM profiling potentially accessing freed memory 2024-04-25 09:15:12 -07:00
Benjamin Bannier
d611452116 Merge branch 'topic/bbannier/spicy-hook-priority' 2024-04-25 13:52:03 +02:00
Benjamin Bannier
3c89a5492c Fix typo in hook name 
While in Spicy code a hook priority is spelled `priority=4711` the
attribute is still called `&priority` (like in HILTI) and we rely on
exactly that name when e.g., extracting hook priorities for scheduling.

This change was introduced as part of
db98dc4193 and caused the default hook
priority for hooks defined in EVT files (intended to be -1000 to likely
schedule after e.g., hooks in the Spicy grammars) to be ignored. This
could then e.g., introduce issue when a `%done` hook would mutate state
exposed in an EVT hook (which now might not have seen the updated state
due to different scheduling).
 2024-04-25 13:43:09 +02:00
Benjamin Bannier
ef60de0059 Bump Spicy to latest dev snapshot 2024-04-25 13:43:09 +02:00
Johanna Amann
9132cdacd5 Updating broker submodule [nomail] 
Only updates 3rdparty submodule in broker
 2024-04-23 11:50:53 +01:00
Tim Wojtulewicz
cbf9ff47e8 Merge remote-tracking branch 'origin/topic/timw/3662-ignore-disabled-writer-frontends' 
* origin/topic/timw/3662-ignore-disabled-writer-frontends:
  Don't attempt to stop or flush disabled writer frontends
 2024-04-22 17:08:33 -07:00
Tim Wojtulewicz
c3e869b827 Don't attempt to stop or flush disabled writer frontends 2024-04-22 16:45:55 -07:00
Tim Wojtulewicz
4f9049278b Merge remote-tracking branch 'origin/topic/timw/3593-smb-multi-request-header' 
* origin/topic/timw/3593-smb-multi-request-header:
  Allow SMB_TCP record to contain multiple protocol identifiers/headers
 2024-04-22 15:56:02 -07:00
Tim Wojtulewicz
bac6ad62b5 Allow SMB_TCP record to contain multiple protocol identifiers/headers 2024-04-22 15:55:25 -07:00
Tim Wojtulewicz
5aa18287f1 Merge remote-tracking branch 'origin/topic/timw/3456-when-unknown-capture' 
* origin/topic/timw/3456-when-unknown-capture:
  Check for valid identifier in WhenStmt::Describe
 2024-04-22 15:16:16 -07:00
Christian Kreibich
11f5c60b09 Add NEWS entry for zeek-archiver migration. 2024-04-22 12:55:41 -07:00
Christian Kreibich
56da8ba29a Bump zeek-aux submodule to pull in zeek-archiver addition 2024-04-22 12:55:38 -07:00
Christian Kreibich
9743023d48 Remove zeek-archiver from build config, deprecate --disable-archiver in configure 2024-04-19 12:10:55 -07:00
Christian Kreibich
b071693538 Drop zeek-archiver submodule 
zeek-archiver now lives in the zeek-aux submodule.
 2024-04-19 12:10:52 -07:00
zeek-bot
3014982399 Update doc submodule [nomail] [skip ci] 2024-04-19 00:11:03 +00:00
Peter Cullen
dc54b14ae9 reformat changes 2024-04-18 18:52:17 +00:00
Peter Cullen
49123d3a94 Gracefully handle empty/missing shadow file 
When a shadow file is empty/missing during rotation, Zeek aborts
with an error message, but if the shadow file was empty, it'll still
be there after the restart, causing an endless restart loop. This
solution gracefully handles the rotation in such cases using the
default file extension and post processing function.
 2024-04-18 18:52:17 +00:00
Tim Wojtulewicz
d566961da5 Merge remote-tracking branch 'pbcullen/topic/pbcullen/remove_exclude' 
* pbcullen/topic/pbcullen/remove_exclude:
  Update core.pcap.filter-warning baseline
  Add PacketFilter::remove_exclude function
 2024-04-18 09:03:57 -07:00
Peter Cullen
f1941186eb Update core.pcap.filter-warning baseline 
Only the line numbers changed.
 2024-04-18 12:27:46 +00:00
zeek-bot
eb0e20f0ac Update doc submodule [nomail] [skip ci] 2024-04-18 00:10:31 +00:00
Christian Kreibich
d09584e52e Merge branch 'topic/christian/localversion' 
* topic/christian/localversion:
  Parse and store localversion string
  Remove commented-out code
  Check ZEEK_VERSION_LOCAL for dashes
  Update version string btests for localversion
  Modify version parsing for localversion
  Update version used by spicyz
  Update build script
  Support for configurable localversion
 2024-04-17 15:00:11 -07:00
Tim Wojtulewicz
9c668212ff Merge remote-tracking branch 'origin/topic/vern/zam-while-fix' 
* origin/topic/vern/zam-while-fix:
  fix for ZAM optimization of "while" loops
 2024-04-17 14:34:03 -07:00
Vern Paxson
6f0441d6f9 fix for ZAM optimization of "while" loops 2024-04-17 14:33:31 -07:00
Peter Cullen
81856cc391 Add PacketFilter::remove_exclude function 
This adds a public function to the PacketFilter framework that
allows the caller to remove an exclude filter by filter id.
 2024-04-17 21:25:35 +00:00
Peter Cullen
187f93cb96 Parse and store localversion string 
Add localversion to the VersionDescription record and populate it
during version string parsing.
This change also modifies the version string syntax, removing the
deprecated dash (-) between beta|dev|rc and the commmit count; those
must now be separated by a period.
The test version strings were updated accordingly along with the
baseline.
 2024-04-17 14:17:22 -07:00
Peter Cullen
610799b0f9 Remove commented-out code 2024-04-17 14:17:18 -07:00
Peter Cullen
5e3008df89 Check ZEEK_VERSION_LOCAL for dashes 
Insist that ZEEK_VERSION_LOCAL not contain dashes
in order to preserve overall structure of version strings.
 2024-04-17 14:17:14 -07:00
Peter Cullen
32289521f5 Update version string btests for localversion 
Added some more version strings to be tested that include
a localversion component. Baseline updates, as well.
 2024-04-17 14:17:10 -07:00
Peter Cullen
e4942d45b9 Modify version parsing for localversion 
The regex used for validating version strings was updated to allow
for an optional localversion component. The piece of the version string
also needs to be removed before parsing a possible commit number.
 2024-04-17 14:17:05 -07:00
Peter Cullen
e97ba8a4f6 Update version used by spicyz 
Update the version string in the VERSION macro which is used
by spicyz and need to be the same as the Zeek version string.
 2024-04-17 14:16:58 -07:00
Peter Cullen
cf09f137bd Update build script 
Add back a couple changes that got lost during cleanup.
 2024-04-17 14:16:55 -07:00
Peter Cullen
d57679e3dd Support for configurable localversion 
Adds a new --localversion option to configure.
The value of localversion becomes part of the Zeek version string.
Docker builds allow an environment variable (LOCALVERSION) to set
the localversion string.
 2024-04-17 14:16:47 -07:00
Tim Wojtulewicz
1563814c4a Merge remote-tracking branch 'origin/topic/johanna/opensuse-leap-15.6-ci' 
* origin/topic/johanna/opensuse-leap-15.6-ci:
  Add Opensuse leap 15.6 to CI
 2024-04-17 09:21:12 -07:00
Johanna Amann
f0acb19823 Add Opensuse leap 15.6 to CI 2024-04-16 10:00:01 +01:00
Robin Sommer
5236c73e39
Merge remote-tracking branch 'origin/topic/robin/bump-spicy' 
* origin/topic/robin/bump-spicy:
  Bump Spicy.
  Remove support for old Spicy versions from QUIC analyzer.
 2024-04-15 17:53:26 +02:00
Robin Sommer
ed4aed40c1
Bump Spicy. 
Includes a couple of updates for the QUIC analyzer.
 2024-04-15 17:25:12 +02:00
Robin Sommer
cfbe8de3e8
Remove support for old Spicy versions from QUIC analyzer. 
Seems too old to be worth the trouble.
 2024-04-15 11:18:38 +02:00
Tim Wojtulewicz
6c88bd115c Merge remote-tracking branch 'origin/topic/timw/fix-pcap-override' 
* origin/topic/timw/fix-pcap-override:
  Make sure that vcpkg isn't preferred if pcap_root_dir is passed in
 2024-04-11 15:28:18 -07:00
Tim Wojtulewicz
eedd0fbe8c Make sure that vcpkg isn't preferred if pcap_root_dir is passed in 2024-04-11 15:25:49 -07:00