Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18272 commits 387 branches 195 tags 255 MiB
Commit graph

18272 commits

This branch
This branch
All branches
Author SHA1 Message Date
zeek-bot
adc0937bf5 Update doc submodule [nomail] [skip ci] 2025-05-15 00:14:11 +00:00
zeek-bot
734fd62325 Update doc submodule [nomail] [skip ci] 2025-05-14 00:15:11 +00:00
Arne Welzel
2255fa23b8 Merge remote-tracking branch 'origin/topic/vern/zam-aggr-change-in-loop' 
* origin/topic/vern/zam-aggr-change-in-loop:
  fix for ZAM optimization when an aggregate is modified inside of a loop
 2025-05-13 19:50:56 +02:00
Tim Wojtulewicz
5aa6734042 Merge remote-tracking branch 'origin/topic/timw/allow-macos-libkrb5' 
* origin/topic/timw/allow-macos-libkrb5:
  Allow macOS to search for libkrb5, but disallow system version of library
 2025-05-13 10:03:55 -07:00
Tim Wojtulewicz
051c191f63 Allow macOS to search for libkrb5, but disallow system version of library 2025-05-13 10:03:26 -07:00
Arne Welzel
8f60d37ad0 Merge remote-tracking branch 'origin/topic/awelzel/4440-websocket-pong-timeout' 
* origin/topic/awelzel/4440-websocket-pong-timeout:
  btest/cluster/websocket: Update tests for new event signature
  cluster/websocket: Propagate code and reason to websocket_client_lost()
  cluster/websocket: Support configurable ping interval
  IXWebSocket: Bump to improve O^2 rxbuf erase()
 2025-05-13 18:58:54 +02:00
Arne Welzel
6d2bd93f1f btest/cluster/websocket: Update tests for new event signature 2025-05-13 18:26:03 +02:00
Arne Welzel
a61aff010f cluster/websocket: Propagate code and reason to websocket_client_lost() 
This allows to get visibility into the reason why ixwebsocket or the
client decided to disconnect.

Closed #4440
 2025-05-13 18:26:03 +02:00
Arne Welzel
aaddeb19ad cluster/websocket: Support configurable ping interval 
Primarily for testing purposes and maybe the hard-coded 5 seconds is too
aggressive for some deployments, so makes sense for it to be
configurable.
 2025-05-13 18:26:03 +02:00
Tim Wojtulewicz
912356deac Merge remote-tracking branch 'origin/topic/bbannier/fix-spicy-main' 
* origin/topic/bbannier/fix-spicy-main:
  Fix clang-tidy `bugprone-inc-dec-in-conditions` report in Spicy plugins glue compiler
  Fix clang-tidy `performance-enum-size` reports in Spicy plugin's glue compiler
  Remove unneeded copies in Spicy plugin glue compiler
  Adjust for renamed function flavor in Spicy development version
 2025-05-12 11:33:54 -07:00
Vern Paxson
da689f1835 fix for ZAM optimization when an aggregate is modified inside of a loop 2025-05-09 15:01:55 -07:00
Arne Welzel
6b6c3dbbb7 Merge remote-tracking branch 'origin/topic/justin/file_analysis_speedup' 
* origin/topic/justin/file_analysis_speedup:
  speed up file analysis, remove IncrementByteCount
 2025-05-09 17:25:55 +02:00
Benjamin Bannier
24071118eb Fix clang-tidy bugprone-inc-dec-in-conditions report in Spicy plugins glue compiler 2025-05-09 16:58:22 +02:00
Justin Azoff
7f350587b0 speed up file analysis, remove IncrementByteCount 
Avoid creating and recreating count objects for each chunk of file
analyzed.  This replaces counts inside of records with c++ uint64_ts.

On a pcap containing a 100GB file download this gives a 9% speedup

    Benchmark 1 (3 runs): zeek-master/bin/zeek -Cr http_100g_zeroes.pcap tuning/json-logs frameworks/files/hash-all-files
      measurement          mean ± σ            min … max           outliers         delta
      wall_time           102s  ± 1.23s      101s  …  103s           0 ( 0%)        0%
      peak_rss            108MB ±  632KB     107MB …  109MB          0 ( 0%)        0%
      cpu_cycles          381G  ±  862M      380G  …  382G           0 ( 0%)        0%
      instructions        663G  ± 5.16M      663G  …  663G           0 ( 0%)        0%
      cache_references   1.03G  ±  109M      927M  … 1.15G           0 ( 0%)        0%
      cache_misses       12.3M  ±  587K     11.7M  … 12.9M           0 ( 0%)        0%
      branch_misses      1.23G  ± 2.10M     1.22G  … 1.23G           0 ( 0%)        0%
    Benchmark 2 (3 runs): zeek-file_analysis_speedup/bin/zeek -Cr http_100g_zeroes.pcap tuning/json-logs frameworks/files/hash-all-files
      measurement          mean ± σ            min … max           outliers         delta
      wall_time          92.9s  ± 1.85s     91.8s  … 95.1s           0 ( 0%)        -  9.0% ±  3.5%
      peak_rss            108MB ±  393KB     108MB …  109MB          0 ( 0%)          +  0.1% ±  1.1%
      cpu_cycles          341G  ±  695M      341G  …  342G           0 ( 0%)        - 10.4% ±  0.5%
      instructions        605G  ±  626M      605G  …  606G           0 ( 0%)        -  8.7% ±  0.2%
      cache_references    831M  ± 16.9M      813M  …  846M           0 ( 0%)        - 19.6% ± 17.2%
      cache_misses       12.4M  ± 1.48M     11.4M  … 14.1M           0 ( 0%)          +  0.3% ± 20.8%
      branch_misses      1.02G  ± 3.45M     1.02G  … 1.02G           0 ( 0%)        - 16.8% ±  0.5%
 2025-05-09 10:50:04 -04:00
Arne Welzel
2041306772 IXWebSocket: Bump to improve O^2 rxbuf erase() 
Part of #4440
 2025-05-09 16:38:36 +02:00
Benjamin Bannier
37b095f39b Fix clang-tidy performance-enum-size reports in Spicy plugin's glue compiler 2025-05-09 16:08:14 +02:00
Benjamin Bannier
9355512adc Remove unneeded copies in Spicy plugin glue compiler 2025-05-09 16:08:14 +02:00
Benjamin Bannier
fbe8dbce5e Adjust for renamed function flavor in Spicy development version 
With zeek/spicy#2048 the flavor for functions was renamed from
`Standard` to `Function`. This patch adapts the code for that while
still allowing using earlier Spicy versions.
 2025-05-09 16:08:14 +02:00
Arne Welzel
20ada619c5 Updating submodules binpac, broker and zeek-aux [nomail] 2025-05-09 09:52:20 +02:00
zeek-bot
b629b6bfe6 Update doc submodule [nomail] [skip ci] 2025-05-09 00:23:30 +00:00
Tim Wojtulewicz
957098af1c Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump auxil/spicy to latest development snapshot
 2025-05-08 15:14:37 -07:00
Christian Kreibich
8d79429555 Merge branch 'topic/christian/fix-broker-peering-overflows-metric' 
* topic/christian/fix-broker-peering-overflows-metric:
  Bugfix: accurately track Broker buffer overflows w/ multiple peerings
 2025-05-08 15:07:39 -07:00
Tim Wojtulewicz
2c17c85f55 Merge branch 'topic/timw/switch-broker-error-to-error' 
* topic/timw/switch-broker-error-to-error:
  Downgrade broker clone FatalError to an Error
 2025-05-08 13:47:06 -07:00
Tim Wojtulewicz
e00942c021 Downgrade broker clone FatalError to an Error 2025-05-08 13:46:21 -07:00
Benjamin Bannier
abbc4f23b8 Bump auxil/spicy to latest development snapshot 2025-05-08 21:54:15 +02:00
Arne Welzel
7583651bec Merge remote-tracking branch 'origin/topic/awelzel/ci-fedora-42' 
* origin/topic/awelzel/ci-fedora-42:
  probabilistic/BitVector: Add include <cstdint>
  Bump spicy to fix build with GCC 15.1
  CI: Drop fedora-40
  CI: Add fedora-42
 2025-05-08 13:19:30 +02:00
Arne Welzel
f80abe9d45 probabilistic/BitVector: Add include <cstdint> 2025-05-08 10:37:32 +02:00
Arne Welzel
43c20f41da Bump spicy to fix build with GCC 15.1 2025-05-08 10:37:32 +02:00
Arne Welzel
368a38a050 CI: Drop fedora-40 
Still 3 weeks to go, but not quite seeing why we should support 3
different Fedora releases with Zeek 7.2.
 2025-05-08 10:37:32 +02:00
Arne Welzel
aacc484543 CI: Add fedora-42 
This ships with gcc 15.1.1 and Python 3.13.3
 2025-05-08 10:37:29 +02:00
Arne Welzel
60efc7741d Merge branch 'gcc15' of https://github.com/i2z1/zeek 
* 'gcc15' of https://github.com/i2z1/zeek:
  Include cstdint header to support uint8_t/uint64_t in GCC 15+
 2025-05-08 09:25:28 +02:00
Christian Kreibich
738ce1c235 Bugfix: accurately track Broker buffer overflows w/ multiple peerings 
When a node restarts or a peering between two nodes starts over for other
reasons, the internal tracking in the Broker manager resets its state (since
it's per-peering), and thus the message overflow counter. The script layer was
unaware of this, and threw errors when trying to reset the corresponding counter
metric down to zero at sync time.

We now track past buffer overflows via a separate epoch table, using Broker peer
ID comparisons to identify new peerings, and set the counter to the sum of past
and current overflows.

I considered just making this a gauge, but it seems more helpful to be able to
look at a counter to see whether any messages have ever been dropped over the
lifetime of the node process.

As an aside, this now also avoids repeatedly creating the labels vector,
re-using the same one for each metric.

Thanks to @pbcullen for identifying this one!
 2025-05-07 17:27:38 -07:00
zeek-bot
42365b85f0 Update doc submodule [nomail] [skip ci] 2025-05-08 00:14:52 +00:00
Tim Wojtulewicz
1dfbd33929 Merge remote-tracking branch 'origin/topic/timw/storage-timeout-option' 
* origin/topic/timw/storage-timeout-option:
  Move options to redis backend options instead of module-level options
  Add operation_timeout and command_timeout storage backend options
 2025-05-07 15:39:35 -07:00
Tim Wojtulewicz
fd10dd015f Move options to redis backend options instead of module-level options 2025-05-07 15:38:58 -07:00
Tim Wojtulewicz
824b91216f Add operation_timeout and command_timeout storage backend options 2025-05-07 15:38:58 -07:00
Tim Wojtulewicz
507974a1d8 Merge remote-tracking branch 'origin/topic/christian/news-fix' 
* origin/topic/christian/news-fix:
  Fix Broker metrics naming bugs that snuck in w/ last-minute renaming [skip ci]
 2025-05-07 14:09:52 -07:00
i2z1
c0da0642b1
Include cstdint header to support uint8_t/uint64_t in GCC 15+ 2025-05-07 22:42:01 +03:00
Christian Kreibich
6657e4efbd Fix Broker metrics naming bugs that snuck in w/ last-minute renaming [skip ci] 2025-05-07 12:32:43 -07:00
Tim Wojtulewicz
6f8924596f Merge remote-tracking branch 'origin/topic/johanna/fix-failed-service-logging' 
* origin/topic/johanna/fix-failed-service-logging:
  Fix policy/protocols/conn/failed-service-logging.zeek
 2025-05-07 10:29:54 -07:00
Tim Wojtulewicz
8096388904 Update opt.ZAM-bif-tracking baseline 2025-05-07 09:12:56 -07:00
Arne Welzel
8089f5bed4 Merge remote-tracking branch 'origin/topic/awelzel/more-terminate-while-queueing-hardening' 
* origin/topic/awelzel/more-terminate-while-queueing-hardening:
  btest/cluster/generic/publish-any: Apply Christian's fix from broker/publish-any
  wstest/terminate-while-queueing: Patch close_socket()
 2025-05-07 17:24:04 +02:00
Arne Welzel
3ec3205074 btest/cluster/generic/publish-any: Apply Christian's fix from broker/publish-any 2025-05-07 17:18:01 +02:00
Tim Wojtulewicz
d7b31f5b44 Merge remote-tracking branch 'origin/topic/timw/storage-is-connected-bif' 
* origin/topic/timw/storage-is-connected-bif:
  Add Storage::is_connected BIF
  Move cast_handle from storage-async.bif to BackendHandleVal static method
 2025-05-07 08:16:59 -07:00
Tim Wojtulewicz
58ee8d3c5c Add Storage::is_connected BIF 2025-05-07 08:13:16 -07:00
Tim Wojtulewicz
cbc41e298d Move cast_handle from storage-async.bif to BackendHandleVal static method 2025-05-07 08:13:16 -07:00
Arne Welzel
82731992d9 wstest/terminate-while-queueing: Patch close_socket() 
I believe there's a bug/usage issue in the websockets library
where during send(), EOF is detected and stored, but the receiving
thread is then discarding the last received frame. Avoid the bug
by replacing the close_socket() implementation of the websockets
library just for that test and leave detecting the EOF condition
to the receiving thread.
 2025-05-07 16:33:54 +02:00
Arne Welzel
135acc7c6d Merge remote-tracking branch 'origin/topic/awelzel/fix-flaky-terminate-while-queueing' 
* origin/topic/awelzel/fix-flaky-terminate-while-queueing:
  cluster/websocket: Stop and wait for reply thread during Terminate()
 2025-05-07 13:22:13 +02:00
Arne Welzel
ca02316671 cluster/websocket: Stop and wait for reply thread during Terminate() 
The terminate-while-queueing test added for #4428 failed spuriously
indicating that sometimes WebSocket clients receive code 1000 instead of 1001.
This happens if the ixwebsocket server is shutdown before the reply thread had a
chance to process queued close messages.

Fix by signaling and waiting for the dispatcher's reply thread to terminate
before returning from Terminate().
 2025-05-07 12:45:01 +02:00
zeek-bot
ac1230fcbe Update doc submodule [nomail] [skip ci] 2025-05-07 00:15:52 +00:00