And switch Zeek's base scripts over to using it in place of
"connection_state_remove". The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets). There can be performance benefits
to this change for some use-cases.
There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.
python3.7:/usr/local/lib/libbroker.so.2: undefined symbol '__inet_ntop'
python3.7:/usr/local/lib/libbroker.so.2: undefined symbol '__inet_pton'
An independent Broker build doesn't have that problem because it
usually picks up those functions from libc. But when building Broker
as part of Zeek, include search paths were already modified to reflect
Zeek's libbind dependency and Broker ends up using libbind headers
which defines its own version of these, but then does not link to
libbind (since it's a dependency of Zeek, not Broker) to actually get
those symbols (e.g. when dlopen'ing independently from Zeek, like for
the Python bindings). Solution is to re-order include_directories()
for Zeek dependencies such that they won't effect sub-projects.
Some Zeek script statement descriptions were exceeding the hardcoded
maximum length and also could contain tab characters which were
supposed to be reserved for use as a delimiter in the file format.
- Stem environment wasn't inherited if it needs to be exec()'d
- Fix node creation message format when reviving Stem via exec()
- Cluster node type for workers was set wrong
* origin/topic/neverlord/intrusive-ptr:
Add API documentation to IntrusivePtr
Rename make{ Counted => _intrusive }
Remove braces around single return statements
Integrate review feedback
Add and use new IntrusivePt type in Zeek
Minor cleanup in merge: remove print statements and unnecessary @if
directive.
* 'topic/jsbarber/ftp-cluster-fix-patch' of https://github.com/jsbarber/zeek:
Publish ftp_data_expected updates to other workers for synchronization
- Simplified this to just return result of inet_pton
* 'master' of https://github.com/redsand/zeek:
adds missing ipv6 support for patricia trie index (white/blacklist) under *nix. only worked for nt before..
Or more generally, signatures would not work correctly for any case
where the first TCP packet seen contained payload data, regardless of
its TCP flags.
Manual memory management via Ref/Unref is verbose and prone to error. An
intrusive smart pointer automates the reference counting, makes code
more robust (in particular w.r.t. to exceptions) and reduces boilerplate
code. A big benefit of the intrusive smart pointers for Zeek is that
they can co-exist with the manual memory management. Rather than having
to port the entire code base at once, we can migrate components
one-by-one. In this first step, we add the new template
`IntrusivePtr<T>` and start using it in the Broker Manager. This makes
the previous `unref_guard` obsolete.
* origin/topic/jsiwek/gh-654-coerce-unspecified-table-defaults:
GH-654: allow table() in function &default expressions
GH-654: allow table() in record &default expressions
Fixes GH-654
