* Some methods mistakenly returned a bool instead of QueryResult
when passed an invalid `opaque of Broker::Store` handle.
* Now generates a runtime exception for store_name() and is_closed()
calls that pass an invalid `opaque of Broker::Store` handle as any
returned value can't be reasonably used in any subsequent logic.
* Descriptions of any invalid arguments are now given in the error
message.
* Variables of `string` type can now be set to an empty string
* Trying to set a variable with non-`string` type to an empty value
now emits an error instead of silently doing nothing
* Providing an invalid identifier now emits an "unknown identifier"
error instead of silently doing nothing
Previously, more data than could effectively be utilized by any remote
Zeek was published (e.g. full list of pending commands or other
transient state that may add up to non-trivial amount of bytes).
* origin/master: (33 commits)
Fix location where CI places build.tgz
Update submodule(s)
Disable some deprecation diagnostics for GCC
Compare pcap_next_ex() result to PCAP_ERROR/PCAP_ERROR_BREAK
Optimize Connection::RemovalEvent() for bare-mode usage
Rename BroType to Type
Update NEWS
Review cleanup
Move Type types to zeek namespace
Review cleanup
Restrict Cirrus CI to only zeek repo's branches
GH-977: Improve pcap error handling
Remove not-useful code in iosource::Manager::OpenPktSrc
GH-999: Stop formatting DHCP Client ID Hardware Type 0 as MAC
Remove inline from some static KeyedHash members
Improve Func.h inclusion
Fix NVT analyzer memory leak from multiple telnet authn name options
Rename aux/ to auxil/
Move Flare/Pipe from the bro namespace to zeek::detail
Move Attr to the zeek::detail namespace
...
This introduces a new sampling state-map for expired connections to fix
segfaults that previously occured when passing in a `connection` record
to `Reporter::conn_weird()` for which the internal `Connection` object
had already been expired and deleted. This also introduces a new event
called `expired_conn_weird`, which is similar to `conn_weird`, except
the full `connection` record is no longer available, just the `conn_id`
and UID string.
Merge adjustments:
- Preserved original `base_type_no_ref` argument type as ::TypeTag
- Removed superfluous #pragma guard around deprecated TableVal ctor
- Clarify NEWS regarding MetaHook{Pre,Post} deprecations
- Simplify some `::zeek::` qualifications to just `zeek::`
- Prefixed FORWARD_DECLARE_NAMESPACED macro with ZEEK_
* origin/topic/timw/266-namespaces:
Disable some deprecation diagnostics for GCC
Rename BroType to Type
Update NEWS
Review cleanup
Move Type types to zeek namespace
Move Flare/Pipe from the bro namespace to zeek::detail
Move Attr to the zeek::detail namespace
Move Trigger into the zeek::detail namespace
Move ID to the zeek::detail namespace
Move Anon.h into zeek::detail namespace
Mark all of the aliased classes in plugin/Plugin.h deprecated, and fix all of the plugins that were using them
Move all of the base plugin classes into the zeek::plugin namespace
Expr: move all classes into zeek::detail
Stmt: move Stmt classes into zeek::detail namespace
Add utility macro for creating namespaced aliases for classes
Clang automatically disables deprecation warnings for types used within
already-deprecated contexts, such as if you use a deprecated type inside
of a method that's beeen marked as deprecated. GCC doesn't have this
feature so it spews a lot more warnings. These functions are now wrapped
in pragmas that disable the warnings for the usage.
It was creating RecordVals even if they wouldn't be used by any event
handler and that situation is common/expected for `zeek -b` mode.
Normally, there's at least the tunnel scripts with a `new_connection`
handler causing the connection RecordVals to be built.
- Use sha256 for build file hash
- Use build file hash as part of the data for the HMAC digest
- Remove a few unnecessary lines from the centos8 dockerfile
- Pass timestamp in UTC
Switches from pcap_next() to pcap_next_ex() to better handle all error
conditions. This allows, for example, to have a non-zero exit code for
a Zeek process that fails to fully process all packets in a pcap file.
It's generally expected for a PktSrc to not be Open yet right after
instantiation, but rather from InitSource() called during the
registration process. Besides that, the logic in question would
potentially replace an error message that is useful/detailed with one
that is not.
For `DHCP::ClientID$hwtype` fields equal to 0, the `hwaddr` field is
no longer misformatted as a MAC and instead just contains the raw bytes
seen in the DHCP Client ID Option.
