This makes dependencies explicit that Zeek provides built-in for
`zkg`. It's in support of
https://github.com/zeek/package-manager/pull/157.
For now, `zkg_provides` contains the same data as `included_plugins`
plus an entry for `spicy-plugin`.
With an anonymous Spicy-side tuple type, we'd be missing an ID to
create a Zeek-side record, leading to undefined behavior. To still
support this case, we now make up an ID. In addition, we also could
end up not correctly tracking type ID during conversion; using a stack
now to handle recursion correctly.
We actually already have a test exercising the tuple code path, but it
took ASAN to spot the issue. Not sure how to test this beyond that.
Note: Need to backport this to the external plugin.
This reflects the `spicy-plugin` code as of `d8c296b81cc2a11`.
In addition to moving the code into Zeek's source tree, this comes
with a couple small functional changes:
- `spicyz` no longer tries to infer if it's running from the build
directory. Instead `ZEEK_SPICY_LIBRARY` can be set to a custom
location. `zeek-set-path.sh` does that now.
- ZEEK_CONFIG can be set to change what `spicyz -z` print out. This is
primarily for backwards compatibility.
Some further notes on specifics:
- We raise the minimum Spicy version to 1.8 (i.e., current `main`
branch).
- Renamed the `compiler/` subdirectory to `spicyz` to avoid
include-path conflicts with the Spicy headers.
- In `cmake/`, the corresponding PR brings a new/extended version of
`FindZeek`, which Spicy analyzer packages need. We also now install
some of the files that the Spicy plugin used to bring for testing,
so that existing packages keep working.
- For now, this all remains backwards compatible with the current
`zkg` analyzer templates so that they work with both external and
integrated Spicy support. Later, once we don't need to support any
external Spicy plugin versions anymore, we can clean up the
templates as well.
- All the plugin's tests have moved into the standard test suite. They
are skipped if configure with `--disable-spicy`.
This holds off on adapting the new code further to Zeek's coding
conventions, so that it remains easier to maintain it in parallel to
the (now legacy) external plugin. We'll make a pass over the
formatting for (presumable) Zeek 6.1.
* origin/topic/vern/event-tracing-update.May23B:
enhancements for event-tracing: - reporting of potentially sensitive constants - tracking of unsupported types enabling hand-editing to fix them - fixed generation of "unspecified" aggregates - fixed generation of IPv6 constants - fixed generation when running without a packet source
- reporting of potentially sensitive constants
- tracking of unsupported types enabling hand-editing to fix them
- fixed generation of "unspecified" aggregates
- fixed generation of IPv6 constants
- fixed generation when running without a packet source
For "individually different but deterministic" runs specifying Zeek's
seed as an environment variable eases setups as one can avoid creating
extra seed files for each of the individual processes.
It is an error to specify the new ZEEK_SEED_VALUES variable together
with the existing ZEEK_SEED_FILE and -G. ZEEK_SEED takes precedence over
deterministic mode (-D) like ZEEK_SEED_FILE does today already.
* jgras/topic/jgras/event-ts:
Add compatibility tests for timestamped events.
Add timestamps to auto published broker events.
Add timestamps to manually published broker events.
Annotate scheduled events with intended timestamp.
Add timestamp to events.
One timestamp to ts rename during the merge.
This adds compatibility tests for receiving non-timestamped events as
well as providing timestamps via broker websockets.
Co-authored-by: Arne Welzel <arne.welzel@corelight.com>
* origin/topic/neverlord/version-header:
testing/zeek-version-link: Assume nm is there
Drop dependency for zeek_dynamic_plugin_base
Fixup ifdef check in Plugin.h
Update cmake_minimum_required() in test plugins
testing: Add zeek-version-link tests
Clean up ZEEK_CONFIG_SKIP_VERSION_H issues
cmake-format during merge
Issue #3028 tracks how a flipped connections reset a connection's value
including any state set during new_connection(). For the time being,
update community-id functionality back to the original connection_state_remove()
approach to avoid missing community_ids on flipped connections.
This commit adds support for the connection_id extension, adds a trace
that uses DTLS 1.3 connection IDs, and adds parsing for the DTLS 1.3
unified header, in case connection IDs are not used.
In case connection IDs are used, parsing of the DTLS 1.3 unified header
is skipped. This is due to the fact, that the header then contains a
variable length element, with the length of the element not given in the
header. Instead, the length is given in the client/server hello message
of the opposite side of the connection (which we might have missed).
Furthermore, parsing is not of a high importance, since we are not
passing the connection ID, or any of the other parsed values of the
unified header into scriptland.
