* origin/topic/awelzel/cheaper-hex-printing:
zeek.bif: Booleanate String constructor calls
Conn/net_utils/fmt_mac: Avoid snprintf(), memcpy() and allocation
bytestring_to_hexstr: Use bytetohex() instead of snprintf()
digest/digest_print: Use bytetohex() instead of snprintf()
The fmt_mac() function returning a std::string means the resulting mac
is copied at least once upon returning. Then, the Assign() in GetVal()
taking a std::string internally allocates a new zeek::String which
hits a malloc (no short-string optimization for zeek::String) and then
also copies the content from the std::string into the malloced memory.
Save a few cycles by directly using the allocated memory with the
String instance. This change improves runtime for a SYN-only pcap
with just base/protocols/conn loaded by some 1-2%.
* origin/topic/timw/update-vcpkg:
Update .gitignore to add Emacs and Vim temp files
Update vcpkg submodule to pull in c-ares 1.26.0 to match other platforms
The Spicy analyzer is added as a child analyzer when enabled and the
WebSocket.cc logic dispatches between the BinPac and Spicy version.
It substantially slower when tested against a somewhat artificial
2.4GB PCAP. The first flamegraph indicates that the unmask() function
stands out with 35% of all samples, and above it shared_ptr samples.
This isn't used in-tree and has been misused by some external plugins
of mine (zeekjs and zeek-perf-support) for their own Stmt subclasses.
These plugins should be updated to use the new STMT_EXTERN statement.
Handle STMT_ANY explicitly in stmt_name() for the time being
to fix#3529 until we remove STMT_ANY for good.
It's currently possible for plugin's to implement their own statement
subclasses and override the Exec() implementation. This has been leveraged
by ZeekJS [1] and zeek-perf-support [2] as well as a private WASM plugin.
All of these used STMT_ANY as the tag of their own statement subclasses.
With STMT_EXTERN, we make the possibility to add external code into the AST
somewhat more supported. It's all in detail space and plugin authors have
no guarantee for stability, but it seems such a powerful extension point
that IMO we should keep it.
I'm conscious there's the broader topic how this interacts with ZAM
optimization like in-lining or rewriting of statements. However, this
already applies to the STMT_ANY usage of the mentioned plugins.
[1] https://github.com/corelight/zeekjs
[2] https://github.com/zeek/zeek-perf-support
* origin/topic/johanna/netcontrol-updates:
Netcontrol: add rule_added_policy
Netcontrol: more logging in catch-and-release
Netcontrol: allow supplying explicit name to Debug plugin
* origin/topic/christian/cluster-pool-nodetype-default:
Do not default PoolSpec topics to the empty string.
Do not default to proxy nodes in Broker::PoolSpec
* origin/topic/timw/fix-alpine-ci-image:
Add missing include for int32_t in DebugCmds.h
CI: Remove emacs backup file of fedora-38 Dockerfile
CI: Fix building of alpine image with regards to python packages
This requires pool creation to spell out a spec explicitly, which the only code
using these types already does. There's no reason for pools to automatically
refer to proxies.
rule_added_policy allows the modification of rules just after they have
been added. This allows the implementation of some more complex features
- like changing rule states depending on insertion in other plugins.
Catch-and-release logs now include the plugin that is responsible for an
action. Furthermore, the catch-and-release log also includes instances
where a rule already existed, and where an error occurred during an
operation.
This change extends the arguments of NetControl::create_debug, and
allows the specification of an optional name argument, which can be used
instead of the default-generated name.
This is helpful when one wants to attach several plugins to verify
behavior in those cases.
