Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
19668 commits 388 branches 197 tags 276 MiB
Commit graph

1011 commits

Author SHA1 Message Date
Johanna Amann
ba6f34d849 Merge remote-tracking branch 'origin/topic/johanna/sha512-bifs-opaqueval'
Some checks are pending
pre-commit / pre-commit (push) Waiting to run
Details 
* origin/topic/johanna/sha512-bifs-opaqueval:
  Add SHA512 BiFs and OpaqueVals
 2025-10-09 14:03:32 +01:00
Arne Welzel
586b7b94cb QUIC: Introduce discarded_packet() event 
And include its occurrence into the history as X. The event raising is
configurable with a new const redef QUIC::max_discarded_packet_events.
 2025-10-09 13:11:24 +02:00
Arne Welzel
14429cf297 QUIC: Skip packets with fixed_bit 0 
The RFC specifies that QUIC packets with unset fixed_bit need to be
discarded. Do so.

Fixes #4847
 2025-10-09 09:14:56 +02:00
Arne Welzel
4de7a2b947 Merge remote-tracking branch 'origin/topic/awelzel/4845-get-current-packet-header-fragmented-syn'
Some checks failed
pre-commit / pre-commit (push) Has been cancelled
Details 
* origin/topic/awelzel/4845-get-current-packet-header-fragmented-syn:
  iosource/Packet: Allow ToRawPktHdrVal() for reassembled packets
 2025-10-02 14:12:22 +02:00
Tim Wojtulewicz
483d9a3a93 Merge remote-tracking branch 'klemensn/openbsd-libressl'
Some checks are pending
pre-commit / pre-commit (push) Waiting to run
Details 
* klemensn/openbsd-libressl:
  OpaqueVal, OCSP, X509: drop outdated LibreSSL guards to fix OpenBSD build
 2025-09-26 11:21:17 -07:00
Tim Wojtulewicz
5f8a89ea40 Bump libkqueue to latest upstream master 2025-09-22 07:33:13 -07:00
Tim Wojtulewicz
cff4edd732 NEWS: Add note about DNS SVCB changes 2025-09-03 15:38:47 -07:00
Christian Kreibich
2929f1eb17 Merge branch 'topic/christian/news-typos' 
* topic/christian/news-typos:
  Minor fixes to a few NEWS entries.
 2025-08-21 17:10:17 -07:00
Christian Kreibich
ade7b0a9a2 Minor fixes to a few NEWS entries. 2025-08-21 15:16:41 -07:00
Tim Wojtulewicz
469bd8d562 Add NEWS entries for submodule moves 2025-08-20 08:52:26 -07:00
Tim Wojtulewicz
963ee89528 CI: Update CentOS 9 to Python 3.13 2025-08-19 10:43:40 -07:00
Evan Typanski
59e84e06f6 Merge remote-tracking branch 'origin/topic/etyp/fix-optional-attr-errors' 
* origin/topic/etyp/fix-optional-attr-errors:
  Fix parameter attributes pretending to be records
  Only allow `&optional` in records
 2025-08-18 14:49:56 -04:00
Evan Typanski
acd885b9f3 Add record_type_to_vector deprecation to NEWS 2025-08-18 11:58:51 -04:00
Arne Welzel
2c9015d247 Merge branch 'master' of https://github.com/blightzero/zeek 
* 'master' of https://github.com/blightzero/zeek:
  Changed behavior of var-extraction-uri.zeek from policy/protocol/http to extract only the URI parameter names. Do not include the path in the first parameter name. Only extract uri vars if parameters actually exist.
 2025-08-18 13:14:34 +02:00
Tim Wojtulewicz
a1c201fb8f Add NEWS entry for field length limiting 2025-08-12 17:31:29 -07:00
Arne Welzel
13f613eb1d Merge remote-tracking branch 'origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks' 
* origin/topic/awelzel/4176-cluster-on-sub-unsub-hooks:
  cluster: Add on_subscribe() and on_unsubscribe() hooks
 2025-08-08 14:24:18 +02:00
Arne Welzel
dc904b2216 SessionAdapter: Introduce TapAnalyzer for session adapter 
This commit introduces a mechanism to attach light weight analyzers to
the root analyzer of sessions in order to tap into the packets delivered
to child analyzer.
 2025-08-05 19:47:02 +02:00
Christian Kreibich
4fdd83f3f5 Compile contributors for Zeek 8.0 in the NEWS file 2025-08-04 09:32:58 -07:00
Tim Wojtulewicz
6afeeca090 Start of 8.1.0 development 2025-08-04 08:26:29 -07:00
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Arne Welzel
1a87ebab72 cluster: Add on_subscribe() and on_unsubscribe() hooks 
Closes #4176
 2025-08-01 14:06:19 +02:00
Arne Welzel
993502e0b6 cluster/zeromq: Bail on missing ZeroMQ by default 2025-08-01 09:46:06 +02:00
Johanna Amann
136bdb43fd Merge remote-tracking branch 'origin/topic/johanna/gh-4694' 
* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek
 2025-07-31 16:11:00 +01:00
Arne Welzel
10e7f14f78 Merge remote-tracking branch 'origin/topic/awelzel/defer-more-stuff' 
* origin/topic/awelzel/defer-more-stuff:
  RecordType: Ensure &default fields are always re-initialized
  Attr: Deprecate using &default and &optional together on record fields
  RecordType: Allow deferring &default=vector(), set(), table() fields
 2025-07-30 10:35:56 +02:00
Arne Welzel
9eb94ee151 RecordType: Ensure &default fields are always re-initialized 
This started working partly after the deferral logic introduced with
Zeek 6.0 so this finishes it :-)
 2025-07-30 10:26:06 +02:00
Arne Welzel
473723cc47 Attr: Deprecate using &default and &optional together on record fields 
If &default implies re-initialization of the field, using them together
doesn't make much sense.
 2025-07-30 10:26:06 +02:00
Arne Welzel
23181e4811 RecordType: Allow deferring &default=vector(), set(), table() fields 2025-07-30 10:26:06 +02:00
Johanna Amann
8de178d923 Move c$service_violation to deprecated-dpd-log.zeek 
This moves c$service_violation to the deprecated-dpd-log policy script.

This is the only script in the distribution that uses the field, and it
is unlikely to be used externally. It is also responsible for a
significant amount of memory use by itself.

This also restores the field being populated, which was broken in
GH-4362
 2025-07-30 07:58:36 +01:00
Johanna Amann
a22b45c69e Merge remote-tracking branch 'origin/topic/johanna/gh-4202' 
* origin/topic/johanna/gh-4202:
  Update NEWS for Conn::set_conn changes
  DNS-fuzzer: raise new_connection event
  Optimize Conn::set_conn to minimize operations
  Move Conn::set_conn() from connection_state_remove to new_connection
 2025-07-29 21:01:51 +01:00
Johanna Amann
8de1357e52 Update NEWS for Conn::set_conn changes 2025-07-29 18:41:59 +01:00
Arne Welzel
12518e8256 Merge remote-tracking branch 'origin/topic/awelzel/expose-num-packets-unprocessed' 
* origin/topic/awelzel/expose-num-packets-unprocessed:
  ConnStats: Expose num_packets_unprocessed
  packet_analysis/Manager: Rename GetUnprocessedCount() to PacketsUnprocessed()
 2025-07-29 10:12:46 +02:00
Johanna Amann
4399f171ae Merge remote-tracking branch 'origin/topic/johanna/pppoe-session-id-logging' 
* origin/topic/johanna/pppoe-session-id-logging:
  Update external tests for pppoe-session-id conn.log changes
  PPPoE: add session id logging
 2025-07-24 07:57:18 +01:00
Arne Welzel
24faa5722f NEWS: ZeekControl, ZeroMQ and WebSocket 2025-07-23 13:31:11 +02:00
Tim Wojtulewicz
a1d121e5aa Use std::string/string_view versions of starts_with/ends_with where appropriate 
The util:: versions of these methods remain as a thin wrapper around them so
they can be used with const char* arguments. Otherwise callers have to manually
make string_view objects from the input.
s Please enter the commit message for your changes. Lines starting
 2025-07-17 09:08:54 -07:00
Arne Welzel
c69ed1adf7 NEWS: Add entry about SMTP::enable_rfc822_msg_file_analysis 2025-07-16 12:37:33 +02:00
Tim Wojtulewicz
770bc0491e Remove ghc::filesystem submodule, switch to std::filesystem 2025-07-14 11:23:54 -07:00
Tim Wojtulewicz
a4acae2dfe Add NEWS entry about C++ 20 [nomail] [skip ci] 2025-07-11 11:57:24 -07:00
Arne Welzel
0c60f2a70a Merge branch 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek 
* 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek:
  Add NEWS entry for generic packet thresholds
  Allow for multiple generic packet thresholds
  Add btest for conn_generic_packet_threshold_crossed event
  Update dump-events btest baseline
  Add conn_generic_packet_threshold_crossed event
 2025-07-08 17:54:27 +02:00
Johanna Amann
8ba77da152 Merge remote-tracking branch 'origin/topic/johanna/gh-4602' 
* origin/topic/johanna/gh-4602:
  PPPoE: don't forward more bytes than header indicates
 2025-07-08 11:44:53 +01:00
Jan Grashoefer
50ab72efc2 Add NEWS entry for generic packet thresholds 2025-07-08 11:30:38 +02:00
Arne Welzel
a7bc144465 NEWS: Adapt for conn_id$ctx introduction 2025-07-03 18:21:36 +02:00
Arne Welzel
6eb0d4df32 conn_key/fivetuple: Drop support for non conn_id records 
Previously, we supported any records that happened to have orig_h,
resp_h, etc. fields, but it's not exactly clear why we ever did. Users
that relied on this can instantiate an explicit conn_id instance, too.
 2025-07-03 18:21:36 +02:00
Arne Welzel
22958f7cdf Merge remote-tracking branch 'origin/topic/awelzel/1474-cluster-telemetry' 
* origin/topic/awelzel/1474-cluster-telemetry:
  btest/cluster/telemetry: Add smoke testing for telemetry
  cluster/WebSocket: Fetch X-Application-Name header as app label
  cluster/WebSocket: Pass X-Application-Name to dispatcher
  broker/WebSocketShim: Add calls to Telemetry hooks
  cluster/WebSocket: Configure telemetry for WebSocket backends
  broker: Hook up generic cluster telemetry
  cluster: Introduce telemetry component

One bug fix removing static from a variable that shouldn't be static.
 2025-06-26 14:54:01 +02:00
Johanna Amann
14e801a709 Merge remote-tracking branch 'origin/topic/johanna/gh-4598' 
* origin/topic/johanna/gh-4598:
  Only pass session ticket data in ssl_session_ticket_handshake event
 2025-06-26 09:59:16 +01:00
Christian Kreibich
a040f550f4 NEWS updates for pluggable connection tuples. 2025-06-25 13:19:26 +02:00
Arne Welzel
4b472f2771 Merge remote-tracking branch 'origin/topic/awelzel/telemetry-endpoint-to-node-rename' 
* origin/topic/awelzel/telemetry-endpoint-to-node-rename:
  telemetry: Rename endpoint label to node label
 2025-06-25 09:33:55 +02:00
Arne Welzel
eea194ddd8 telemetry: Rename endpoint label to node label 
Using a label named "endpoint" is not intuitive and requires explaining to
users that it's really just the Cluster::node value. Change the label to
"node", so that we don't need to do the explaining.

This probably breaks some existing users of the Prometheus metrics, but after
looking more at metrics recently, "endpoint" really is a thorn in my eye.
 2025-06-25 09:33:01 +02:00
bhaskarbhar
04d6fa3cb7 Add get_tags_by_category BIF method 2025-06-24 13:47:49 -07:00
Tim Wojtulewicz
4db7d40894 Add NEWS entry about deprecation of --with-binpac and --with-bifcl 2025-06-24 12:56:03 -07:00