- Be explicit about setting the copied flag in session::Key. Coverity seems
confused about when that flag is set if it gets set by default
initialization. This should fix 1452757 and 1452759.
- Explicitly copy the fields in ConnKey instead of using memcpy. Fixes
1452758.
* origin/topic/vern/record-holes:
switched RecordVal's to use std::optional for tracking missing fields
added constructors for directly building ZVal's
An adequate error message was previously reported for duplicate enum
definitions, this just now prevents trying to access it as a constant in
subsequent parsing and further generating a coredump.
* origin/topic/timw/1114-sessions-manager:
Rename ConnID and ConnIDKey
Remove Session prefix from some session-related classes and files
Move session code into new directory and into zeek::session namespace
Move SessionKey into a separate file, added comments
Review cleanup
Rework stats to store handles to the counters
Rename some connection-specific methods in Session and SessionManager
Add deprecated version of Sessions.h
Rename NetSessions to SessionManager
Store a single map of Sessions instead of split maps of Connections.
Convert session stats to use the new telemetry API
Add test for get_conn_stats BIF before reworking session stats
Add new Session base class
Move packet filter out of NetSessions
Move some code out of NetSessions
- Add constructors for ConnIDKey, remove BuildConnIDKey()
- Rename protocol stats classes and move to implementation file
- Rename "num" field of protocol stats to "active"
- Explicitly delete copy operations for SessionKey
- Change argument for ProtocolStats methods to const-reference
- Make key validity methods in Session not be virtual
- Rename Session::ClearKey and Session::IsKeyValid
This also includes:
- Deprecating the NetSessions name.
- Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name.
- Renaming Sessions.{h,cc} to SessionManager.{h,cc}.
This commit also includes:
- Storing the transport protocol in ConnID and ConnIDKey to allow tcp and
udp connections from the same IP/Port combinations. This happens in the
core.cisco-fabric-path test, for example.
- Lots of test updates. The reasons for these are two fold. First, with
the change to only store a single map means that TCP, UDP, and ICMP
connections are now mixed. When Zeek drains the map at shutdown, it drains
each of those protocols together instead of separately. The second is
because of how Sessions are stored in the map. We're now storing them
keyed by the hash of the key stored by the Session objects, which causes
them to again be in the map in a different order.
* origin/topic/jsiwek/misc-table-stuff:
Add a fatal error condition for invalid Dictionary insertion distances
Fix using clear_table() within an &expire_func
Remove saving/restoring of value pointer after calling expire_func
Avoid allocating a HashKey for no-op table expiry iterations
Fixes to `decode_netbios_name`:
* Improve validation that input string is a NetBIOS encoding
(32 bytes, with characters ranging from 'A' to 'P'). This helps
prevent Undefined Behavior of left-shifting negative values.
Invalid encodings now cause a return-value of an empty string.
* More liberal in what decoded characters are allowed. Namely,
spaces are now allowed (but any trailing null-bytes and spaces
are trimmed, similar to before).
Fixes to `decode_netbios_name_type`:
* Improve validation that input string is a NetBIOS encoding
(32 bytes, with characters ranging from 'A' to 'P'). This helps
prevent Undefined Behavior of left-shifting negative values and
a heap-buffer-overread when the input string is too small.
Invalid encodings now cause a return-value of 256.
