* origin/topic/vern/when-cleanup:
test suite update for minor change in "when" error messages
removed skeletal (non-functioning) "when" support from ZAM
simplify WhenInfo and Trigger classes given removal of old capture semantics
introduced notion of light-weight Frame clones
changed function_ingredients struct to FunctionIngredients class with accessors
Renamed Frame::LightClone() to Frame::CloneForTrigger() during merge.
* origin/topic/vern/CPP-Apr23-maint:
addressed static analysis concern about possible null pointer
tweaks for "-O C++" of BTest's with conditional code
Backed out changes from at-if-lambda during merge and instead skip
test when running with ZEEK_USE_CPP.
* origin/topic/vern/ZAM-Apr23-maint:
minor ZAM BTest baseline updates
fixed type mismatch for ssl_certificate_request event
skip ZAM optimization of invalid scripts
extended script validation to be call-able on a per-function basis
Increasing this value 10x has lowered CPU usage on a Myricom based
deployment significantly with reportedly no adverse side-effects.
After reviewing the Zeek 3 IO loop, my hunch is that previously when
no packets were available, we'd sleep 20usec every loop iteration after
calling ->Process() on the packet source. With current master ->Process()
is called 10 times on a packet source before going to sleep just once
for 20 usec. Likely this explains the increased CPU usage reported.
It's probably too risky to increase the current value, so introduce
a const &redef value for advanced users to tweak it. A middle ground
might be to lower ``io_poll_interval_live`` to 5 and increase the new
``Pcap::non_fd_timeout`` setting to 100usec.
While this doesn't really fix#2296, we now have enough knobs for tweaking.
Closes#2296.
This fixes a bug for AYIYA, Geneve and VXLAN forwarding encapsulated
content only if it's longer than their header. A new weird is introduced
to indicate empty tunnels.
It turns out that for every ListVal we construct, we also allocate
and construct a new TypeList instance, even though they are all the
same. Pre-create and cache the type instances in a new TypeManager.
The following script runs ~10% faster for me after this change.
global tbl: table[string] of string;
global i = 0;
while ( ++i < 10000000 )
tbl["a"] = "a";
In #2464 the warning when overriding a packet analyzer mapping was
removed. While a warning seems indeed excessive, some info would still
be nice to have.
GetChildAnalyzer() has the same semantics as HasChildAnalyzer(), but returns
the raw pointer to the child analyzer. Main issue is memory management: That
pointer is not guaranteed to stay valid. It might be disabled from script
land or otherwise removed from the analyzer tree and subsequent
deleted in one of the Forward* methods.
IsPreventedChildAnalyzer() provides minimal introspection for prevented
child analyzer tags and allows to remove some duplicated code.
* origin/topic/awelzel/broker-no-network-time-init:
btest/broker: Add test using Python bindings and zeek -r
Broker: Remove network time initialization
Remove the special case of initializing network time if it hasn't
happened yet. The argument about broker.log containing 0.0 timestamps
is more a problem of the log, not something that would justify modifying
network time globally. For broker.log and possibly cluster.log, it might
be more reasonable to use current time, anyway.
I was a bit wary about tables backed by broker stores being populated
with network_time set to 0.0, but there seems to exist logic and assumptions
that this is okay: It should be the same as if one populates a table with
expirations set within zeek_init().
In fact, staring a bit more, *not setting* network time might be more correct
as workers that don't see packets would never set zeek_start_network_time
which is used within the expiration computation.
* origin/topic/awelzel/try-update-network-time:
NEWS: Some notes about timing related changes
iosource: Remove non-existing ManagerBase friend
broker::Manager: use_realtime_false when allow_network_time_forward=F
A set of tests around set_network_time() and timer expiration
Remove suspend-processing test
Add a set of suspend_processing tests
btest: More verbose recursive-event output
broker::Manager: No more network_time forwarding
TimerMgr: No network_time updates in Process()
Event: No more network_time updates
RunState: Implement forward_network_time_if_applicable()
PktSrc: Add HasBeenIdleFor() method
PktSrc: Move termination pseduo_realtime special case to RunState
Run the broker in non-realtime mode when allow_network_time_forward=F.
This may need an extra option for really advanced use-cases, but for
now this seems reasonable.
This tests that timer expiration happens after a call to set_network_time()
upon the next time around the loop. This should be fairly stable, but
suspect major changes in the main loop or around timer expiration may
subtly change behavior things.
This tested that timers continue working even if one calls
suspend_processing() in zeek -r mode. The new behavior is
that timers do not function in that scenario and the test
invalid.
