While reviewing/understanding the analyzer setup, it didn't seem like
GTPv1 implements packet_analysis::Analyzer::DetectProtocol(), so
should not register it for protocol_detection either.
Alternatively, maybe DetectProtocol() should've been implemented in
which case maybe this should be an issue?
Avoid the issue outlined in #2289 where the @if or @else is taken as the
statement of an `if`, `for` or `while` by rejecting such constructs.
Effectively this means the following scripts are now rejected:
# Print's "cond true" with Zeek 5.0 even though the `if ( F )`
# should be in effect.
if ( F )
@if ( T )
print "cond true";
@else
print "cond false";
@endif
or
# Print's "hello" once with Zeek 5.0
local v = vector( 1, 2, 3 );
for ( i in v )
@if ( T )
print("hello")
@endif
To make above work as intended, additional braces can be used.
if ( T )
{
@if ( cond )
print "cond true";
@else
print "cond false";
@endif
}
for ( i in v )
{
@if ( T )
print("hello")
@endif
}
* simeonmiteff/master:
Pull changes from zeek/cmake fork
Skip test based on preprocessor flag set by cmake
Set flag for libpcap without DLT_LINUX_SLL2
Force event order in core/init-error btest
Update some coverage baselines
Update plugins/hooks baseline
Add support for DLT_LINUX_SLL2 PCAP link-type
spicy-plugin can find Spicy in paths given by `SPICY_ROOT_DIR` while
`./configure` instead set `SPICY_ROOT`. With this patch we now set the
correct variable.
We also adjust variations of the previous variable name with different
capitalization which caused us to not properly configure spicy-plugin
(which triggers finding Spicy in its given prefix).
Closes#2363.
* topic/christian/zeekygen-add-plugin-labels:
Bump doc to pull in Sphinx exclusion for autogenerated files
Remove long-unused BRO_DISABLE_BROXYGEN env var from btests
Add Sphinx label to Zeekygen-generated plugin docs
It turns out that this can be *very* spammy on networks where we're receiving
lots of these packets, and can fill up the reporter log very quickly. Weirds are
already reported in all of these cases anyways, so it doesn't make sense to log
a reporter warning too.
I ran into wanting to iterate over just the values of a vector and wondering
whether that could just work.
This adds support for the following, where v will be value of vec[i].
local vec = vector("zero", "one", "two");
for ( i, v in vec )
print i, v;
Plugin documentation generated by Zeekygen is currently difficult to reference
from elsewhere in the docs because references prefer labels for unique
identification. This expands the plugin section headings with a unique label,
based on the plugin name.
For example, the documentation for a plugin called Zeek::Foobar becomes linkable
from anywhere via :ref:`plugin-zeek-foobar`.
In the (private) zeek-security repo we currently hit the 2GB storage limit
whenever CI runs happen multiple times in one day, because our Docker Github
workflow preserves the output of the first job (the image build) for the second
job (the cluster tests).
For successful runs, there's no need for the Docker image to survive the CI
run. (For failures, it might help to grab the image for local testing.)
There's no Github-official way to delete an attachment within a workflow, so
this simply truncates the artifact if the workflow succeeds.
