Coverity Scan builds currently encounter catastrophic error, claiming
alignas requires use on both declaration and definition, so appears to
actually not understand "static inline" in combo with alignas.
Now forward declares some Broker types since Broker/CAF headers
generally slow things down and also Coverity Scan currently has a
catastrophic error on some CAF headers.
Also a few other changes to EventHandler/BifReturnVal to reduce number
of places that depend on Func.h.
This commit fixes a few more loose ends to actually make the
Zeek Table<->brokerstore syncing work. This mostly slightly changes the
TableVal assign/remove operators to prevent loops when a remote change
arrives.
The tests inserts a value into a table on the manager, and it pops out
in a table on a clone - which is the easiest case.
Timeouts are still not handled at all; the behavior when inserting into
a clone is untested.
* origin/master:
Fix use-after-move of proc_status_file breaking -U flag
Change Cirrus CI config to use org-level secured variable
Deprecate Val(double, TypeTag) ctor, add TimeVal/DoubleVal subclasses
GH-973: Fix the return type of topk_get_top()
* origin/master: (172 commits)
GH-985: Fix descriptions of double_to_interval() return values
Decrease number of CPUs/memory for Cirrus CI tasks
Change CI script to compile from build/Makefile
Add missing include in util.cc
Remove Analyzer.h from bro-bif.h
Remove IPAddr.h from Reporter.h
Remove the inclusion of Func.h from NetVar.h, which reduces the inclusion of Func.h overall.
Update submodule(s)
Update submodule(s)
Integrate review feedback
Update submodule(s)
Fix crash on using some deprecated environment variables
Update NEWS
Update test baselines for new Broker connection status/error strings
Switch Broker Val converter visitor to return IntrusivePtr
Change BroFunc ctor to take const-ref IntrusivePtr<ID>
Add version of Frame::SetElement() taking IntrusivePtr<ID>
Change Scope/Func inits from id_list* to vector<IntrusivePtr<ID>>
Change Scope::GenerateTemporary() to return IntrusivePtr
Deprecate Scope::ReturnType(), replace with GetReturnType()
...
This also updates all usages of the deprecated Val ctor to use
either IntervalVal, TimeVal, or DoubleVal ctors. The reason for
doing away with the old constructor is that using it with TYPE_INTERVAL
isn't strictly correct since there exists a more specific subclass,
IntervalVal, with overriden ValDescribe() method that ought to be used
to print such values in a more descriptive way.
The BIF was not returning an IntervalVal which has an overriden
ValDescribe() method that allows for prettier printing like "6.0 secs"
instead of just "6.0".
New concurrency limits are 16 Linux CPUs per user rather than 8 Linux
Tasks per user (at a max of 8 CPUs per Task, they essentially allowed 64
CPUs per user before the change in policy).
- Minor tweaks to some odd includes during merge
* origin/topic/timw/reduce-func-inclusion:
Remove Analyzer.h from bro-bif.h
Remove IPAddr.h from Reporter.h
Remove the inclusion of Func.h from NetVar.h, which reduces the inclusion of Func.h overall.
* origin/topic/jsiwek/gh-893-intrusive-ptr-migration: (151 commits)
Integrate review feedback
Switch Broker Val converter visitor to return IntrusivePtr
Change BroFunc ctor to take const-ref IntrusivePtr<ID>
Add version of Frame::SetElement() taking IntrusivePtr<ID>
Change Scope/Func inits from id_list* to vector<IntrusivePtr<ID>>
Change Scope::GenerateTemporary() to return IntrusivePtr
Deprecate Scope::ReturnType(), replace with GetReturnType()
Deprecate Scope::ScopeID(), replace with GetID()
Switch parsing to use vector<IntrusivePtr<Attr>> from attr_list
Deprecate TableVal::FindAttr(), replace with GetAttr()
Deprecate TypeDecl::FindAttr(), replace with GetAttr()
Deprecate ID::FindAttr(), replace with GetAttr()
Deprecate Attributes::FindAttr(), replace with Find()
Deprecate Attributes::AddAttrs(Attributes*)
Add Attributes ctor that takes IntrusivePtrs
Change Attributes to store std:vector<IntrusivePtr<Attr>>
Change Attr::SetAttrExpr() to non-template
Deprecate Attr::AttrExpr(), replace with GetExpr()
Deprecate ID::Attrs(), replace with GetAttrs()
Remove weak_ref param from ID::SetVal()
...
* Add deprecation for MIME_Entity::ContentType(), use GetContentType()
* Add deprecation for MIME_Entity::ContentSubType(), use GetContentSubType()
* Add deprecation for MIME_Message::BuildHeaderVal(), use ToHeaderVal()
* Add deprecation for MIME_Message::BuildHeaderTable(), use ToHeaderTable()
* Add deprecation for mime::new_string_val(), use mime::to_stringval()
* Add deprecation for ARP_Analyzer::ConstructAddrVal(), use ToAddrVal()
* Add deprecation for ARP_Analyzer::EthAddrToStr(), use ToEthAddrStr()
* Change the Func::Call() replacement to be named Func::Invoke()
In this commit we change our approach and just store table keys as
broker keys and table values as broker indexes. This means we only can
have a single table in a broker store.
This seems to work perfectly - and leads to vastly less complex code.
Code should work, but is actually pretty untested. Might break with
certain types. Does not yet handle item expiration.
Also - this has the tiny issue that all remote operations currently lead
to loops (the operation will immediately be sent to the broker-store
again), which is not quite optimal.
- Updated the logic significantly: still filters out ICMP from being
considered an active service (like before) and adds a new
"Known::service_udp_requires_response" option (defaults to true) for
whether to require UDP server response before being considered an
active service.
* 'topic/dopheide/known-services' of https://github.com/dopheide-esnet/zeek:
Log services with unknown protocols
This compiles, but besides giving debug messages (and partially
performing inserts/updates) it is not really helpful and definitely WIP.
This also shows that I might have to re-think the approach that we will
take here. So far, we actually insert tables as tables into
Brokerstores. This opens up the potential to just have several tables
synchronized via a single brokerstore.
However, it turns out, that the current store_event API sends the
complete table with each update. Which is problematic for obvious
reasons - and not really sustainable.
If the global Reporter hasn't been created before trying to use a
deprecated environment variable, emit the warning to stderr directly
instead of via Reporter.
Fixes GH-989
- Added check in rdp_connect_request before accessing member of the
switch since it wasn't necessarily the case that got parsed (guard
against nullptr deref).
* 'topic/ak/rdp-nego-flags' of https://github.com/anthonykasza/zeek:
change: now using alternate event prototypes
add: two new RDP scriptland events for negotiation flags
