This commit removes the stepping stone analyzer. It has been deactivated
by default since at least Zeek 2.0, is dysfunctional in cluster settings
and has a bunch of other issued.
Relates to GH-1573
This fixes problems where printing floating point numbers less than
10^-6 output as "0.0". Such numbers now use using scientific notation
and preserve the value's actual floating point representation.
* origin/topic/vern/cpp: (34 commits)
fixed cut-and-paste botch (redundant line of code)
Fix LGTM warnings in script_opt/CPP code
bug fixes for stand-alone compiles with empty records
remove -O force-C++, and also some inadvertently replicated code
better initial workflow, thanks to Jon Siwek
remove optimization no longer needed
removed redundant Traverse invocation
style nit: removed std:: where not needed due to "using" clause
Fix various compiler/linter warnings in script_opt/CPP code
first cut at embedding filenames in C++ function names - for Justin to test
fixes for personal build scripts - will go away once workflow is streamlined
whoops removed a std:: from generated code
decluttered code by removing "std::" - no semantic changes (also some whitespace fixes)
porting fixes from Justin
documenting poor run-time error messages
README documentation
minor tweaks tidyness tweaks
notes for tests that are problematic when using compile-to-C++
new "-a cpp" btest alternative
hooks for activating the compiler & associated BiF
...
* origin/topic/christian/install-btest-tooling:
Explain zeek-config options in help output
Sort variables at top of zeek-config alphabetically
Install Zeek's btest tooling with the distribution
An adequate error message was previously reported for duplicate enum
definitions, this just now prevents trying to access it as a constant in
subsequent parsing and further generating a coredump.
This also includes:
- Deprecating the NetSessions name.
- Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name.
- Renaming Sessions.{h,cc} to SessionManager.{h,cc}.
This commit also includes:
- Storing the transport protocol in ConnID and ConnIDKey to allow tcp and
udp connections from the same IP/Port combinations. This happens in the
core.cisco-fabric-path test, for example.
- Lots of test updates. The reasons for these are two fold. First, with
the change to only store a single map means that TCP, UDP, and ICMP
connections are now mixed. When Zeek drains the map at shutdown, it drains
each of those protocols together instead of separately. The second is
because of how Sessions are stored in the map. We're now storing them
keyed by the hash of the key stored by the Session objects, which causes
them to again be in the map in a different order.
Fixes to `decode_netbios_name`:
* Improve validation that input string is a NetBIOS encoding
(32 bytes, with characters ranging from 'A' to 'P'). This helps
prevent Undefined Behavior of left-shifting negative values.
Invalid encodings now cause a return-value of an empty string.
* More liberal in what decoded characters are allowed. Namely,
spaces are now allowed (but any trailing null-bytes and spaces
are trimmed, similar to before).
Fixes to `decode_netbios_name_type`:
* Improve validation that input string is a NetBIOS encoding
(32 bytes, with characters ranging from 'A' to 'P'). This helps
prevent Undefined Behavior of left-shifting negative values and
a heap-buffer-overread when the input string is too small.
Invalid encodings now cause a return-value of 256.
This patch adds the ability to decap Geneve packets to process the inner
payload. The structure of the analyzer borrows heavily from the VXLAN
analyzer.
This previously crashed since clear_table()/TableVal::RemoveAll() left
behind a stale iterator to the old table causing a heap-use-after-free
when resuming table expiry iteration in TableVal::DoExpire().
