Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
16116 commits 388 branches 195 tags 269 MiB
Commit graph

16116 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robin Sommer
cdadd934ce
[Spicy] Extend functionality of export in EVT files. 
We now support selecting which fields of a unit type get exported into
the automatically created Zeek record; as well as selecting which
fields get a `&log` attribute added automatically to either all fields
or to selected fields.

Syntax:

- To export only selected fields:

    export Foo::X with { field1, field3 };

- To export all but selected fields:

    export Foo::X without { field2, field3 };

- To `&log` all fields:

    export Foo::X &log;

- To `&log` only selected fields:

    export Foo::X with { field1 &log, field3 }; # exports (only) field1 and field3, and marks field1 for logging

Syntax is still subject to change.

Closes #3218.
Closes #3219.
 2023-08-21 10:26:25 +02:00
Arne Welzel
f5c339f246 Merge remote-tracking branch 'origin/topic/awelzel/shfmt-py-pin-to-latest' 
* origin/topic/awelzel/shfmt-py-pin-to-latest:
  pre-commit: Pin to latest shfmt-py version
 2023-08-17 16:35:45 +02:00
Arne Welzel
3082902d32 pre-commit: Pin to latest shfmt-py version 
This allows users to run shfmt-py with Python > 3.9. Also drop
the explicit Python version for the setup-python action.
 2023-08-17 16:30:50 +02:00
Vern Paxson
4928e074d4 addressed some nits re "-O gen-C++" script optimization 2023-08-16 17:04:39 -07:00
Vern Paxson
6af0014a7b fixes for compiling lambdas to C++ 2023-08-16 17:03:37 -07:00
Vern Paxson
4991693a9c fixes to avoid ambiguities in analyzing captures for script optimization 2023-08-16 17:00:57 -07:00
Vern Paxson
3e0f814635 disambiguate lambdas by adding scoping and consideration of captures 2023-08-16 16:58:05 -07:00
Vern Paxson
3925ff4592 addressed performance and correctness issues flagged by Coverity 2023-08-15 16:07:49 -07:00
Johanna Amann
61296ce052 Update broker submodule [nomail] 2023-08-15 17:40:40 +01:00
Johanna Amann
0b8b81f426 Merge remote-tracking branch 'origin/topic/johanna/posix_spawn' 
* origin/topic/johanna/posix_spawn:
  Raw reader: better error handling for posix_spawn
  Raw reader: use posix_spawn instead of fork + exec
 2023-08-15 17:34:25 +01:00
Tim Wojtulewicz
5637643798 Merge remote-tracking branch 'origin/topic/timw/pre-commit-python-version' 
* origin/topic/timw/pre-commit-python-version:
  Force pre-commit to use python 3.9
 2023-08-15 09:20:09 -07:00
Tim Wojtulewicz
97c2d195cc Force pre-commit to use python 3.9 2023-08-15 09:18:45 -07:00
Tim Wojtulewicz
9357a5879b Merge remote-tracking branch 'origin/topic/timw/update-zeek-aux' 
* origin/topic/timw/update-zeek-aux:
  CI: update freebsd to 13.2 and 12.4
  Update zeek-aux submodule [nomail]
 2023-08-14 11:18:28 -07:00
Tim Wojtulewicz
6761aebef7 CI: update freebsd to 13.2 and 12.4 2023-08-14 11:17:39 -07:00
Tim Wojtulewicz
4dce283a04 Update zeek-aux submodule [nomail] 2023-08-14 11:17:39 -07:00
zeek-bot
c9277bda74 Update doc submodule [nomail] [skip ci] 2023-08-12 00:25:28 +00:00
Tim Wojtulewicz
6bfe78fbcb Update docs submodule [nomail] 2023-08-11 10:36:45 -07:00
Tim Wojtulewicz
e8ef169b27 Merge remote-tracking branch 'origin/topic/timw/3059-set-vector-conversion' 
* origin/topic/timw/3059-set-vector-conversion:
  Fix conversion with record types
  Add conversion between set and vector using 'as' keyword
  Add std::move for a couple of variables passed by value
 2023-08-11 10:35:06 -07:00
Tim Wojtulewicz
7137a267ad Merge remote-tracking branch 'origin/topic/timw/modbus-overflow' 
* origin/topic/timw/modbus-overflow:
  Modbus: Add early return in case of data being too short to parse
 2023-08-11 09:52:38 -07:00
Robin Sommer
83029ecafc
[Spicy] Refactor parsing of export in EVT files. 
Moving that into its own function and preparing for storing additional
information.
 2023-08-11 12:42:55 +02:00
Tim Wojtulewicz
d6ccb85c4c Modbus: Add early return in case of data being too short to parse 2023-08-10 18:06:58 -07:00
Tim Wojtulewicz
fe9926e538 Fix conversion with record types 2023-08-10 13:42:23 -07:00
Johanna Amann
fdd3c55d42 Raw reader: better error handling for posix_spawn 
Addressed feedback in GH-3216
 2023-08-10 13:20:29 +01:00
Tim Wojtulewicz
af9e852c28 Add conversion between set and vector using 'as' keyword 2023-08-09 14:41:54 -07:00
Tim Wojtulewicz
4022573d48 Merge remote-tracking branch 'origin/topic/bbannier/issue-3177' 
* origin/topic/bbannier/issue-3177:
  Explicitly link Zeek executable against Spicy libraries in binary packaging mode.
 2023-08-09 09:08:47 -07:00
Johanna Amann
e97f63dbbe Raw reader: use posix_spawn instead of fork + exec 
This commit switchexisd the Raw reader to use posix_spawn, instead of
the combination of fork + exec. This should be much more efficient, and
also makes the code smaller, and easier to read and understand.
 2023-08-09 16:51:47 +01:00
Benjamin Bannier
26a6bc7dfe Explicitly link Zeek executable against Spicy libraries in binary packaging mode. 
Closes #3177.
 2023-08-09 11:31:27 +02:00
zeek-bot
646b301b65 Update doc submodule [nomail] [skip ci] 2023-08-09 00:19:23 +00:00
Tim Wojtulewicz
16a69864b4 Merge remote-tracking branch 'origin/topic/timw/3184-modbus-extensions' 
* origin/topic/timw/3184-modbus-extensions:
  Pass parsed file record information with ReadFile/WriteFile events
  Add length field from header to ModbusHeaders record type
  Modbus: Add support for Encapsulation Interface Transport (FC=2B) requests and responses
  Modbus: Add support for Diagnostics (FC=8) requests and responses
 2023-08-08 10:55:25 -07:00
Tim Wojtulewicz
e3a34e44b5 Revert "Merge remote-tracking branch 'origin/topic/timw/3184-modbus-extensions'" 
This reverts commit 30b2afe2ad, reversing
changes made to bacc0dcae3.
 2023-08-08 10:54:33 -07:00
zeek-bot
b7a082b145 Update doc submodule [nomail] [skip ci] 2023-08-08 00:31:55 +00:00
Tim Wojtulewicz
30b2afe2ad Merge remote-tracking branch 'origin/topic/timw/3184-modbus-extensions' 
* origin/topic/timw/3184-modbus-extensions:
  Pass parsed file record information with ReadFile/WriteFile events
  Add length field from header to ModbusHeaders record type
  Modbus: Add support for Encapsulation Interface Transport (FC=2B) requests and responses
  Modbus: Add support for Diagnostics (FC=8) requests and responses
 2023-08-07 14:34:43 -07:00
Tim Wojtulewicz
1dc9235cee Pass parsed file record information with ReadFile/WriteFile events 2023-08-07 13:44:38 -07:00
Tim Wojtulewicz
18fd384469 Add length field from header to ModbusHeaders record type 2023-08-07 13:44:37 -07:00
Tim Wojtulewicz
406a406813 Modbus: Add support for Encapsulation Interface Transport (FC=2B) requests and responses 2023-08-07 13:44:37 -07:00
Tim Wojtulewicz
f14be0de29 Modbus: Add support for Diagnostics (FC=8) requests and responses 2023-08-07 13:44:37 -07:00
Tim Wojtulewicz
bacc0dcae3 Merge remote-tracking branch 'origin/topic/timw/cmake-find-package' 
* origin/topic/timw/cmake-find-package:
  Change VERSION variable in CMake config to ZEEK_VERSION_FULL
  Update bifcl and binpac for FindPackage fixes
  Remove usage of FindRequiredPackage
  Update zeekctl and cmake to deprecate FindRequiredPackage
  Update broker submodule for pybind11 + cmake changes
 2023-08-07 09:42:02 -07:00
Tim Wojtulewicz
67c8e5192a Change VERSION variable in CMake config to ZEEK_VERSION_FULL 2023-08-07 09:33:52 -07:00
Tim Wojtulewicz
cb649795c0 Update bifcl and binpac for FindPackage fixes 2023-08-07 09:33:52 -07:00
Tim Wojtulewicz
c743be0c54 Remove usage of FindRequiredPackage 2023-08-07 09:33:52 -07:00
Tim Wojtulewicz
2ce94e9855 Update zeekctl and cmake to deprecate FindRequiredPackage 2023-08-07 09:33:52 -07:00
Tim Wojtulewicz
0772e205ec Update broker submodule for pybind11 + cmake changes 2023-08-07 08:15:09 -07:00
Arne Welzel
6524127d61 Merge remote-tracking branch 'origin/topic/awelzel/centos-7-bump' 
* origin/topic/awelzel/centos-7-bump:
  ci: Bump centos-7
 2023-08-07 16:27:05 +02:00
Arne Welzel
7d3ded06c7 ci: Bump centos-7 
Failing currently with:

    Failed to start an instance! Failed to pull null image! Repository does not exist or may require authentication.
    Container errored with 'ImagePullBackOff: Back-off pulling image "gcr.io/cirrus-ci-community/zeek/zeek/ci/centos-7/dockerfile:a0c25357a3a7dc08f6c1e61e6f81ad36"'
 2023-08-07 15:47:40 +02:00
Arne Welzel
bb9faab83b Merge remote-tracking branch 'origin/topic/timw/tsan-upgrade' 
* origin/topic/timw/tsan-upgrade:
  Suppress new tsan findings from Ubuntu 22 upgrade
  Update tsan build to ubuntu22
 2023-08-07 10:22:38 +02:00
Tim Wojtulewicz
f56b6bdb2b Pass parsed file record information with ReadFile/WriteFile events 2023-08-04 19:15:25 -07:00
Tim Wojtulewicz
8318dfc169 Add length field from header to ModbusHeaders record type 2023-08-04 16:16:49 -07:00
Tim Wojtulewicz
0fdff44cf0 Suppress new tsan findings from Ubuntu 22 upgrade 2023-08-04 14:18:00 -07:00
Tim Wojtulewicz
60d0241782 Update tsan build to ubuntu22 2023-08-04 14:16:54 -07:00
Arne Welzel
0d229ee84a Merge remote-tracking branch 'origin/topic/awelzel/2668-default-create-insert-assign-or-so' 
* origin/topic/awelzel/2668-default-create-insert-assign-or-so:
  TableVal: Unify &default and &default_insert lookups
  Add &default_insert attribute for tables
 2023-08-04 12:32:06 +02:00