Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
16116 commits 386 branches 195 tags 256 MiB
Commit graph

3053 commits

Author SHA1 Message Date
Tim Wojtulewicz
a3af4a4b51 Merge branch 'topic/timw/more-string-view-usage' 
* topic/timw/more-string-view-usage:
  Change to use ToStdStringView() in a few other BIFs
  Convert remove_prefix/suffix BIFs to use std::string_view
  Rework starts_with BIF similarly to ends_with changes in 1649e3e7cc
 2024-01-23 10:41:37 -07:00
Arne Welzel
822ca99e80 Merge remote-tracking branch 'origin/topic/awelzel/3424-http-upgrade-websocket-v1' 
* origin/topic/awelzel/3424-http-upgrade-websocket-v1:
  websocket: Handle breaking from WebSocket::configure_analyzer()
  websocket: Address review feedback for BinPac code
  fuzzers: Add WebSocket fuzzer
  websocket: Fix crash for fragmented messages
  websocket: Verify Sec-WebSocket-Key/Accept headers and review feedback
  btest/websocket: Test for coalesced reply-ping
  HTTP/CONNECT: Also weird on extra data in reply
  HTTP/Upgrade: Weird when more data is available
  ContentLine: Add GetDeliverStreamRemainingLength() accessor
  HTTP: Drain event queue after instantiating upgrade analyzer
  btest/http: Explain switching-protocols test change as comment
  WebSocket: Introduce new analyzer and log
  HTTP: Add mechanism to instantiate Upgrade analyzer
 2024-01-23 18:17:50 +01:00
Tim Wojtulewicz
b5f9e5a3b1 Merge remote-tracking branch 'origin/topic/timw/remove-bifreturnval' 
* origin/topic/timw/remove-bifreturnval:
  Make BIFs just return ValPtr directly instead of BifReturnVal
 2024-01-22 10:36:30 -07:00
Tim Wojtulewicz
13fde341d2 Merge remote-tracking branch 'security/topic/awelzel/topic/awelzel/208-http-mime-nested-v2' 
* security/topic/awelzel/topic/awelzel/208-http-mime-nested-v2:
  MIME: Cap nested MIME analysis depth to 100
 2024-01-21 19:31:14 -07:00
Arne Welzel
029c44c789 Merge remote-tracking branch 'origin/topic/awelzel/smtp-bdat-follow-up-2' 
* origin/topic/awelzel/smtp-bdat-follow-up-2:
  SMTP/BDAT: Use strtoull and bail on UULONG_MAX values
  SMTP/BDAT: Fix int/int64_t/uint64_t confusion
  SMTP: Reject BDAT chunks larger than int64_t's max value
 2024-01-19 21:19:05 +01:00
Christian Kreibich
832ce9f9a1 Merge branch 'topic/christian/more-feature-tests' 
* topic/christian/more-feature-tests:
  Default to setting ZEEK_HAVE_JAVASCRIPT=no in CMakeLists.txt
  Show --disable-javascript in `configure --help`
  Show AF_PACKET support status in cmake output, and sort features
  Add feature tests for AF_PACKET, GeoIP, and JavaScript to zeek-config
 2024-01-19 10:26:23 -08:00
Benjamin Bannier
638e8a0519 Merge branch 'topic/bbannier/issue-3177' 2024-01-19 12:27:59 +01:00
Christian Kreibich
6d10082cc3 Merge branch 'topic/christian/a-couple-of-nits' 
* topic/christian/a-couple-of-nits:
  Fix a zeek_init -> zeek_done confusion in a docstring [skip ci]
  Fix typo in docstring [skip ci]
 2024-01-18 16:17:21 -08:00
Tim Wojtulewicz
cea7c473ac Merge remote-tracking branch 'origin/topic/timw/security-darwin-builds' 
* origin/topic/timw/security-darwin-builds:
  Enable darwin builds for zeek-security repo
 2024-01-17 10:00:21 -07:00
Tim Wojtulewicz
1649e3e7cc Merge remote-tracking branch 'origin/topic/timw/ends-with-rework' 
* origin/topic/timw/ends-with-rework:
  Squeeze a bit more performance out of the ends_with bif
 2024-01-16 12:07:25 -07:00
Arne Welzel
378f380b71 Merge remote-tracking branch 'origin/topic/awelzel/smtp-bdat-follow-up' 
* origin/topic/awelzel/smtp-bdat-follow-up:
  SMTP: No state update for bad BDAT commands
  SMTP/BDAT: Harden BDAT argument parsing a bit
 2024-01-16 18:04:51 +01:00
Johanna Amann
273731e1ce Merge branch 'topic/johanna/fix-logging-of-ssl-log-ext-in-some-cases' 
* topic/johanna/fix-logging-of-ssl-log-ext-in-some-cases:
  Fix ssl-log-ext omitting data in some cases
 2024-01-16 13:10:35 +00:00
Arne Welzel
c375610917 Merge remote-tracking branch 'origin/topic/awelzel/conn-session-history-lift-fixup' 
* origin/topic/awelzel/conn-session-history-lift-fixup:
  Session/Conn: Follow-up fix for hist_seen and history lift
 2024-01-15 15:18:48 +01:00
Arne Welzel
ec7c02a695 Merge remote-tracking branch 'origin/topic/vern/script-opt-maint.Jan24' 
* origin/topic/vern/script-opt-maint.Jan24:
  ZAM speedup for constructing empty vectors
  fixes for ZAM optimization of "switch" statements
  BTests to catch regressions for recent ZAM fixes
  "-a zam" BTest baseline update for recent changes
  fix for needing to always flush optimization information for identifiers
  fix for logic bug in ldap base script
  better name for key variable in script optimization
  ZAM fix for tracking variable usage
  ZAM fixes for "for" loops that are only used to choose an element from a table/set
  ZAM fixes for loops indexed with variables not used in the loop body
  fix for ZAM location tracking - more extensive changes are pending
  fixes for ZAM's special-casing of that "cat" BiF
  some fixes for ZAM memory management
  streamlining of some script optimization APIs
  fixes for initializations of "-O gen-C++" script compilations
  script optimization fixes for "concretizing" vector-of-any's
 2024-01-15 15:18:16 +01:00
Arne Welzel
2182ec03b3 Merge remote-tracking branch 'origin/topic/awelzel/3264-smtp-bdat' 
* origin/topic/awelzel/3264-smtp-bdat:
  btest/smtp: Test with smtp-bdat-pipeline-8bitmime.pcap
  SMTP: Add BDAT support
 2024-01-12 10:49:28 +01:00
Arne Welzel
ffffd88bef Merge remote-tracking branch 'origin/topic/christian/mmdb-configurability' 
* origin/topic/christian/mmdb-configurability:
  Modernize various C++/Zeek-isms in the MMDB code.
  Fix MMDB code to re-open explicitly opened DBs correctly
  Add btest to verify behavior of re-opened MMDBs opened directly via BIFs
  Simplify MMDB code by moving more lookup functionality into MMDB class
  Move MMDB logic out of mmdb.bif and into MMDB.cc/h.
  Fix mmdb.temporary-error testcase when MMDBs are installed on system
  Adapt MMDB BiF code to new script-layer variables
  Update btest baselines to reflect introduction of mmdb.bif
  Move MaxMind/GeoIP BiF functionality into separate file
  Provide script-level configurability of MaxMind DB placement on disk
  Sort toplevel .bif list in CMakeLists
 2024-01-12 09:28:36 +01:00
Arne Welzel
2ce4823c7a Merge remote-tracking branch 'origin/topic/awelzel/3540-known-hosts-expire-time' 
* origin/topic/awelzel/3540-known-hosts-expire-time:
  Known: Keep &create_expire on local tables/sets valid
 2024-01-11 20:18:22 +01:00
Arne Welzel
28b33b5c0d Merge remote-tracking branch 'origin/topic/neverlord/backward-compatibility' 
* origin/topic/neverlord/backward-compatibility:
  Document upcoming breaking change for OpaqueVal
  Integrate review feedback
  Fix formatting
  Backward compatibility for OpaqueVal serialization
 2024-01-11 12:38:39 +01:00
Arne Welzel
1ba0d4e31c Merge remote-tracking branch 'origin/topic/awelzel/3439-bump-tunnel-max-depth' 
* origin/topic/awelzel/3439-bump-tunnel-max-depth:
  NEWS: Update news for tunnel depth changes
  tunnels: Add 'X' to history when reaching Tunnel::max_depth
  Session/TCP/UDP: Reserve HIST_UNKNOWN_PKT mask
  Conn: Deprecated AppendAddl
  Conn/Session: Lift history logic into Session
  init-bare: Default Tunnel::max_depth to 4
 2024-01-11 11:03:15 +01:00
Tim Wojtulewicz
2b4005b820 Merge branch 'topic/timw/move-bifs' 
* topic/timw/move-bifs:
  Use std::move in return values from bif methods to avoid copies
  Use bool return values instead of int in a couple zeek.bif static methods
 2024-01-10 12:32:58 -07:00
Arne Welzel
bddd74dcc1 Merge remote-tracking branch 'origin/topic/awelzel/quic-draft-mvfst-versions' 
* origin/topic/awelzel/quic-draft-mvfst-versions:
  quic: Handle and log unhandled_version
  quic: Support decryption of a few more versions
 2024-01-10 14:08:01 +01:00
Arne Welzel
f1e94594f9 Merge remote-tracking branch 'origin/topic/awelzel/3523-expiration-iteration-at-termination' 
* origin/topic/awelzel/3523-expiration-iteration-at-termination:
  Dict: Invalidate iterators during Clear()
 2024-01-09 09:16:01 +01:00
Tim Wojtulewicz
985e1f9024 Merge branch 'topic/timw/werror' 
* topic/timw/werror:
  CI: Remove unused openssl30_config
  CPP-gen: Don't emit extra braces if only one element
  Use <poll.h> instead of <sys/poll.h>
  ZAM: Create ListValPtr directly instead of a stack object
  Bump zeekjs to pick up dprintf warning fix
  Avoid unused-result warning in Supervisor
  Update src/3rdparty submodule to fix sprintf warning in modp
  Fix warning with attribute string lookup
  Set -Werror / /WX via target_compile_options to force warnings as errors
 2024-01-08 14:10:55 -07:00
Tim Wojtulewicz
3f70998896 Merge remote-tracking branch 'origin/topic/timw/update-broker' 
* origin/topic/timw/update-broker:
  Update broker to pick up Windows 2-minute exception fix
 2024-01-08 10:05:14 -07:00
Arne Welzel
e52d401c85 Bump cmake submodule 2024-01-05 16:08:40 +01:00
Arne Welzel
23a47181b3 Merge remote-tracking branch 'origin/topic/awelzel/ldap-search-substring-parsing' 
* origin/topic/awelzel/ldap-search-substring-parsing:
  ldap: Fix substring filter parsing and rendering
 2024-01-05 16:07:16 +01:00
Arne Welzel
fe0f981f87 Merge remote-tracking branch 'origin/topic/awelzel/3503-quic-v2' 
* origin/topic/awelzel/3503-quic-v2:
  quic: tests: Require have-spicy
  quic: analyzer: Recognize and report unknown versions better
  quic: tests: Add QUIC v2 test cases
  quic: analyzer: Support QUIC v2
  quic: decrypt_crypto: Support QUIC v2
 2024-01-05 14:44:20 +01:00
Benjamin Bannier
6c4a9510da Merge branch 'topic/bbannier/bump-spicy' 2024-01-04 16:40:24 +01:00
Arne Welzel
4ebd81fb23 Merge remote-tracking branch 'origin/topic/awelzel/3504-ldap-logs-scalars' 
* origin/topic/awelzel/3504-ldap-logs-scalars:
  Update external baselines
  ldap: Use scalar values in logs where appropriate
  ldap: Rename LDAP::search_result to LDAP::search_result_entry
 2024-01-03 12:35:51 +01:00
Arne Welzel
d01b0bafdb Merge remote-tracking branch 'origin/topic/awelzel/no-more-segment-profiler' 
* origin/topic/awelzel/no-more-segment-profiler:
  segment_profiling: Remove SegmentProfiler and load_sample event
 2024-01-03 12:25:20 +01:00
Johanna Amann
df37cadbe8 Merge remote-tracking branch 'origin/topic/neverlord/data-to-threading-field' 
* origin/topic/neverlord/data-to-threading-field:
  Avoid extra copies in threading_field_to_data
 2024-01-03 09:44:35 +00:00
Tim Wojtulewicz
5740dbcf20 Merge remote-tracking branch 'origin/topic/awelzel/smb-unbounded-recent-files-growth' 
* origin/topic/awelzel/smb-unbounded-recent-files-growth:
  smb: Fix &read_expire not in effect due to &default=string_set() usage
 2024-01-02 11:13:36 -07:00
Arne Welzel
7a9a40f822 Merge remote-tracking branch 'origin/topic/vern/table-create-opt' 
* origin/topic/vern/table-create-opt:
  TableType: Convert table_hash unique_ptr
  streamlining of constructing script-level tables
 2023-12-16 17:57:58 +01:00
Tim Wojtulewicz
d1d9b9a1be Merge remote-tracking branch 'origin/topic/neverlord/broker-format' 
* origin/topic/neverlord/broker-format:
  Update broker submodule
 2023-12-15 14:59:42 -07:00
Tim Wojtulewicz
43edd3c945 Merge remote-tracking branch 'stevesmoot/master' 
* stevesmoot/master:
  improve search-ability in  zeek.spicy
 2023-12-15 13:10:48 -07:00
Arne Welzel
83caf6108e Merge remote-tracking branch 'origin/topic/awelzel/3494-no-more-btest-script-coverage-locally' 
* origin/topic/awelzel/3494-no-more-btest-script-coverage-locally:
  ci/btest: Remove ZEEK_PROFILER_FILE from btest.cfg, set in ci/test.sh explicitly
  ci: Remove ZEEK_CI_DISABLE_SCRIPT_PROFILING logic
 2023-12-15 18:58:25 +01:00
Christian Kreibich
36ae384a9c Updating CHANGES and VERSION. 2023-12-14 20:17:24 -08:00
Christian Kreibich
98e70d3cfc Merge branch 'topic/christian/ci-updates' 
* topic/christian/ci-updates:
  CI: Move Debian variations from 11 to 12
  CI: Bump Ubuntu 23.04 to 23.10
  CI: Drop openSUSE Leap 15.4, about to EOL.
  CI: FreeBSD 14 is out now, 12 is about to EOL.
  CI: distro EOL comment tweaks
  CI: drop Fedora 37, add Fedora 39
 2023-12-14 19:56:07 -08:00
Christian Kreibich
ba6fe9afe9 Updating CHANGES and VERSION. 2023-12-14 19:55:24 -08:00
Arne Welzel
0f56758d08 Merge remote-tracking branch 'origin/topic/awelzel/less-clunky-signature-event' 
* origin/topic/awelzel/less-clunky-signature-event:
  rule-parse: Remove [event_name] syntax, deprecate msg as identifier
 2023-12-14 10:28:35 +01:00
Arne Welzel
0b5126f650 Merge remote-tracking branch 'origin/topic/vern/script-opt-maint.Dec23' 
* origin/topic/vern/script-opt-maint.Dec23:
  recent BTests that should be skipped when using -O gen-C++
  expanded ZAM maintenance notes & support scripts
  script optimization tracking of functions called by event engine or indirectly
  memory-handling fixes for information associated with low-level ZAM instructions
  fix for -O C++ lambda functions reporting errors/warnings
  revert problems with profiling attributes introduced by recent script-opt PR
  script optimization fixes for pattern tables
  regularized (some) types of pointers used in script optimization
  splitting off script optimization CSE into its own source files
  some very minor tidying of script optimization code/documentation
  fix for Trigger's whose termination leads to deleting other Trigger's
  bug fix for delayed logging
 2023-12-12 09:52:15 +01:00
Benjamin Bannier
84b2e493a1 Merge branch 'topic/bbannier/bump-spicy' 2023-12-11 13:11:33 +01:00
Tim Wojtulewicz
fd254dece5 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Audit creation of temporary strings in Spicy bindings
  Bump auxil/spicy to latest development snapshot
 2023-12-08 11:54:14 -07:00
Tim Wojtulewicz
9e8a738a8a Merge remote-tracking branch 'origin/topic/vern/CSE-opt' 
* origin/topic/vern/CSE-opt:
  incorporate latest version of gen-zam to correctly generate indirect calls
  added sub-directory for tracking ZAM maintenance issues
  BTest to stress-test AST optimizer's assessment of side effects
  reworked AST optimizers analysis of side effects during aggregate operations & calls
  script optimization support for tracking information associated with BiFs/functions
  fix for AST analysis of inlined functions
  improved AST optimizer's analysis of variable usage in inlined functions
  new method for Stmt nodes to report whether they could execute a "return"
  bug fixes for indirect function calls when using ZAM
  minor fixes for script optimization, exporting of attr_name, script layout tweak
 2023-12-08 10:01:23 -07:00
Arne Welzel
e7b8d064af Merge remote-tracking branch 'origin/topic/awelzel/no-global-libkqueue-includes' 
* origin/topic/awelzel/no-global-libkqueue-includes:
  Bump cmake submodule
  iosource: Specify libkqueue dependency for subdir lib
 2023-12-06 18:42:43 +01:00
Arne Welzel
d1e7c8b81c Merge remote-tracking branch 'origin/topic/awelzel/spicy-rt-raise-event-vector-unsafe' 
* origin/topic/awelzel/spicy-rt-raise-event-vector-unsafe:
  spicy/runtime-support: Use Vector::unsafeBegin() for args iteration
  Bump spicy submodule
 2023-12-06 11:41:40 +01:00
Arne Welzel
f39f1b0c68 Merge remote-tracking branch 'origin/topic/awelzel/random-perf-things' 
* origin/topic/awelzel/random-perf-things:
  SegmentProfiler: Do not initialize initial_rusage
  EventMgr: Remove queue_flare, use GetNextTimeout() instead
  UpdateConnVal: Avoid FieldOffset() calls
 2023-12-05 16:01:15 +01:00
Christian Kreibich
0aef842f05 Merge branch 'topic/neverlord/broker-data' 
* topic/neverlord/broker-data:
  Integrate review feedback
  Add facade types to avoid using raw Broker types
 2023-12-04 12:32:35 -08:00
Arne Welzel
c3762ba9d3 Merge remote-tracking branch 'origin/topic/awelzel/log-delay-coverity-follow-up' 
* origin/topic/awelzel/log-delay-coverity-follow-up:
  logging: Fix coverity std::move suggestions
  logging/Manager: Fix coverity null-deref
 2023-12-04 18:57:55 +01:00
Arne Welzel
28eef9e4b2 Merge remote-tracking branch 'origin/topic/awelzel/log-write-delay-3' 
* origin/topic/awelzel/log-write-delay-3:
  logging: ref() to record_ref() renaming
  logging: Fix typos from review
  logging/Manager: Make LogDelayExpiredTimer an implementation detail
  logging/WriteToFilters: Use range-based for loop
  testing/btest: Log::delay() from JavaScript
  NEWS: Entry for delayed log writes
  Bump doc submodule to branch
  logging: Do not keep delay state persistent
  logging: delay documentation polishing
  logging: Better error messages for invalid Log::delay() calls
  logging/Manager: Implement DelayTokenType as an actual opaque
  logging: Implement get_delay_queue_size()
  logging: Introduce Log::delay() and Log::delay_finish()
  logging/Manager: zeek::detail'ify
  logging/Manager: Split Write()
  Timer: Add LOG_DELAY_EXPIRE timer type
  Ascii: Remove extra include
 2023-12-01 12:05:02 +01:00