Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19492 commits 387 branches 195 tags 255 MiB
Commit graph

3756 commits

Author SHA1 Message Date
Tim Wojtulewicz
0848ddfb9f Merge remote-tracking branch 'origin/topic/vern/ZAM-incr-op-opt-fix' 
* origin/topic/vern/ZAM-incr-op-opt-fix:
  ZAM optimizer fix for += / -= set operations
 2025-07-09 15:10:17 -07:00
Christian Kreibich
9322687823 Merge branch 'topic/christian/rdp-cookie-clarification' 
* topic/christian/rdp-cookie-clarification:
  Clarify the cookie field's origin in the RDP log.
 2025-07-08 17:45:27 -07:00
Arne Welzel
0c60f2a70a Merge branch 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek 
* 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek:
  Add NEWS entry for generic packet thresholds
  Allow for multiple generic packet thresholds
  Add btest for conn_generic_packet_threshold_crossed event
  Update dump-events btest baseline
  Add conn_generic_packet_threshold_crossed event
 2025-07-08 17:54:27 +02:00
Johanna Amann
8ba77da152 Merge remote-tracking branch 'origin/topic/johanna/gh-4602' 
* origin/topic/johanna/gh-4602:
  PPPoE: don't forward more bytes than header indicates
 2025-07-08 11:44:53 +01:00
Arne Welzel
d42d467965 Merge remote-tracking branch 'origin/topic/vern/line-number-ordering' 
* origin/topic/vern/line-number-ordering:
  Bump ZeekJS to work with new Location constructor
  remove non-functional column information from Location objects
  isolate Location specifics to private class variables to enforce correct line number ordering
 2025-07-08 10:40:58 +02:00
Arne Welzel
3c941a6d3e Merge remote-tracking branch 'origin/topic/awelzel/id-opt-info-branch-clone-no-lint' 
* origin/topic/awelzel/id-opt-info-branch-clone-no-lint:
  script_opt/IDOptInfo: Add NOLINT(bugprone-branch-clone)
 2025-07-07 20:07:35 +02:00
Arne Welzel
b034fd3f55 Merge remote-tracking branch 'origin/topic/awelzel/bump-zeekjs-0-18-0' 
* origin/topic/awelzel/bump-zeekjs-0-18-0:
  Bump zeekjs to v0.18.0
 2025-07-07 18:17:25 +02:00
Arne Welzel
869bd181b2 Merge remote-tracking branch 'origin/topic/vern/ZAM-const-prop-fix' 
* origin/topic/vern/ZAM-const-prop-fix:
  fix for error in ZAM's constant propagation logic
 2025-07-07 18:15:57 +02:00
Arne Welzel
eb6b4a0c46 Merge remote-tracking branch 'origin/topic/awelzel/revert-to-tpe' 
* origin/topic/awelzel/revert-to-tpe:
  scripts: Use tpe instead of type_, again
 2025-07-03 20:44:04 +02:00
Arne Welzel
388cbcee48 Merge remote-tracking branch 'origin/topic/awelzel/4605-conn-id-context' 
* origin/topic/awelzel/4605-conn-id-context:
  NEWS: Adapt for conn_id$ctx introduction
  conn_key/fivetuple: Drop support for non conn_id records
  Conn: Move conn_id init and flip to IPBasedConnKey
  IPBasedConnKey: Add GetTransportProto() helper
  input/Manager: Ignore empty record types
  external: Bump commit hashes for external suites
  ip/vlan_fivetuple: Populate nested conn_id_context, not conn_id
  ConnKey: Extend DoPopulateConnIdVal() with ctx
  btest: Update tests and baselines after adding ctx to conn_id
  init-bare: Add conn_id_ctx to conn_id
 2025-07-03 18:42:48 +02:00
Johanna Amann
2a34cf3f46 Merge remote-tracking branch 'origin/topic/johanna/ssl-small-tweaks' 
* origin/topic/johanna/ssl-small-tweaks:
  Spicy SSL analyzer: move unknown version out of possible range
  Spicy SSL analyzer: move exceptions to &requires & throw
 2025-07-02 07:50:33 +01:00
Evan Typanski
310a82e7fd Merge remote-tracking branch 'origin/topic/etyp/redis-resp3' 
* origin/topic/etyp/redis-resp3:
  Touchup TODOs in the Redis analyzer
  Handle more Redis RESP3 protocol pieces
  Stringify all Redis-RESP serialized data
  Handle Redis protocol `message` separately
  Add Redis analyzer array stringification
 2025-07-01 14:20:19 -04:00
Benjamin Bannier
e3b0d1d2be Merge branch 'topic/bbannier/bump-pre-commit-hooks' 2025-07-01 11:09:23 +02:00
Arne Welzel
6d272038fe Merge remote-tracking branch 'origin/topic/timw/4617-reset-expire-time-on-overwrite' 
* origin/topic/timw/4617-reset-expire-time-on-overwrite:
  SQLite: Reset expiration time on overwrite
 2025-07-01 09:20:58 +02:00
Tim Wojtulewicz
5daa83bfa4 Merge remote-tracking branch 'origin/topic/bbannier/readability-isolate-declaration' 
* origin/topic/bbannier/readability-isolate-declaration:
  Make clang-tidy warnings report as errors to cause CI build to fail
  Fix a clang-tidy finding in cluster telemetry code
  Fix clang-tidy readability-isolate-declaration warnings
 2025-06-30 14:19:37 -07:00
Arne Welzel
c725311d07 Merge remote-tracking branch 'origin/topic/awelzel/cluster-log-websocket-application-name' 
* origin/topic/awelzel/cluster-log-websocket-application-name:
  cluster/WebSocket: Include X-Application-Name in cluster.log
 2025-06-30 17:56:19 +02:00
Arne Welzel
5847a2d32e Merge remote-tracking branch 'origin/topic/awelzel/cluster-telemetry-follow-up' 
* origin/topic/awelzel/cluster-telemetry-follow-up:
  Bump cluster test suite
  cluster/Telemetry: Cache CallExpr locations
  cluster/Telemetry: Avoid unneeded StringVal() construction
  Val: Switch TablePatternMatcher to std::string_view
  RE: Add MatchAll() and MatchSet() for std::string_view
  cluster/websocket: Fix and test for invalid X-Application-Name
  cluster/telemetry: Move topic_normalization redef to zeromq
 2025-06-30 13:30:04 +02:00
Johanna Amann
dbeadc65ba Merge remote-tracking branch 'origin/topic/johanna/gh-4547' 
* origin/topic/johanna/gh-4547:
  Spicy SSL analyzer: make record layer version parsing more strict
 2025-06-26 20:21:54 +01:00
Arne Welzel
3cd6e1ca06 Merge remote-tracking branch 'origin/topic/vern/if-coverage' 
* origin/topic/vern/if-coverage:
  extend script coverage profiling to track whether conditionals evaluate to true/false
 2025-06-26 18:49:42 +02:00
Arne Welzel
22958f7cdf Merge remote-tracking branch 'origin/topic/awelzel/1474-cluster-telemetry' 
* origin/topic/awelzel/1474-cluster-telemetry:
  btest/cluster/telemetry: Add smoke testing for telemetry
  cluster/WebSocket: Fetch X-Application-Name header as app label
  cluster/WebSocket: Pass X-Application-Name to dispatcher
  broker/WebSocketShim: Add calls to Telemetry hooks
  cluster/WebSocket: Configure telemetry for WebSocket backends
  broker: Hook up generic cluster telemetry
  cluster: Introduce telemetry component

One bug fix removing static from a variable that shouldn't be static.
 2025-06-26 14:54:01 +02:00
Johanna Amann
14e801a709 Merge remote-tracking branch 'origin/topic/johanna/gh-4598' 
* origin/topic/johanna/gh-4598:
  Only pass session ticket data in ssl_session_ticket_handshake event
 2025-06-26 09:59:16 +01:00
Arne Welzel
771c37b6b2 Merge branch 'rename' of https://github.com/bhaskarbhar/zeek 
* 'rename' of https://github.com/bhaskarbhar/zeek:
  Update zeek.bif
  Update init-bare.zeek
  Added Baseline
  Renamed
 2025-06-25 19:27:13 +02:00
Evan Typanski
d3593e0489 Merge remote-tracking branch 'origin/topic/etyp/remove-list' 
* origin/topic/etyp/remove-list:
  Remove `list` from Zeek grammar
 2025-06-25 10:36:08 -04:00
Arne Welzel
cd934c460b Merge remote-tracking branch 'origin/topic/christian/extensible-conntuples' 
* origin/topic/christian/extensible-conntuples:
  btest/plugins: Add test for custom ConnKey factory
  NEWS updates for pluggable connection tuples.
  Add a VLAN-aware flow tuple implementation.
  Deprecate ConnTuple and related APIs.
  Deprecate the old Connection constructor and detail::ConnKey class.
  Switch to virtualized use of new zeek::ConnKey class tree
  Provide a connkey factory for Zeek's default five-tuples.
  Add IP-specific ConnKey implementation.
  Establish plugin infrastructure for ConnKey factories.
  Add new ConnKey abstraction.
 2025-06-25 14:17:49 +02:00
Arne Welzel
4b472f2771 Merge remote-tracking branch 'origin/topic/awelzel/telemetry-endpoint-to-node-rename' 
* origin/topic/awelzel/telemetry-endpoint-to-node-rename:
  telemetry: Rename endpoint label to node label
 2025-06-25 09:33:55 +02:00
Tim Wojtulewicz
4c2990f6ad Merge remote-tracking branch 'origin/topic/timw/available_tags' 
* origin/topic/timw/available_tags:
  Add get_tags_by_category BIF method
 2025-06-24 15:38:32 -07:00
Tim Wojtulewicz
e5afa4160c Merge remote-tracking branch 'origin/topic/timw/remove-with-binpac-bifcl' 
* origin/topic/timw/remove-with-binpac-bifcl:
  Deprecate --with-binpac/--with-bifcl configure options
  Remove deprecated --disable-archiver configure argument
 2025-06-24 12:51:15 -07:00
Arne Welzel
5e5d943273 Merge remote-tracking branch 'origin/topic/awelzel/publish-error-test-avoid-tsan-report' 
* origin/topic/awelzel/publish-error-test-avoid-tsan-report:
  btest/broker/publish-errors: Avoid exit(0)
 2025-06-24 19:07:23 +02:00
Arne Welzel
fbeb3adfe6 Merge remote-tracking branch 'origin/topic/awelzel/dns-naming-authority-pointer' 
* origin/topic/awelzel/dns-naming-authority-pointer:
  DNS: Implement NAPTR RR support
  DNS: Move extract_char_string() helper around
 2025-06-24 17:44:17 +02:00
Arne Welzel
cab4ebf513 Merge remote-tracking branch 'origin/topic/awelzel/4586-zeromq-ipv6' 
* origin/topic/awelzel/4586-zeromq-ipv6:
  cluster/zeromq: Short-circuit DoPublishLogWrite() when not initialized
  cluster/zeromq: Hook up and enable IPV6 by default
  cluster/zeromq/connect: Make failures fatal
  cluster/zeromq: Move log_push creation to DoInit()
 2025-06-24 17:16:58 +02:00
Benjamin Bannier
767ddfd8a1 Merge branch 'topic/bbannier/issue-4587' 2025-06-24 16:31:01 +02:00
Johanna Amann
72bd683c23 Merge remote-tracking branch 'origin/topic/johanna/default-canonifier-only-first-timestamp' 
* origin/topic/johanna/default-canonifier-only-first-timestamp:
  Default canonifier change to only remove first timestamp in line
  Align SMB timestamp calculation between operating systems
 2025-06-24 14:02:04 +01:00
Tim Wojtulewicz
e39a1d7271 Merge remote-tracking branch 'origin/topic/timw/ipv6-chain-vector' 
* origin/topic/timw/ipv6-chain-vector:
  Switch IPv6_Hdr_Chain to a vector of objects instead of pointers
 2025-06-23 10:52:33 -07:00
Tim Wojtulewicz
33b23ef4b1 Merge remote-tracking branch 'origin/topic/timw/zeromq-include-paths' 
* origin/topic/timw/zeromq-include-paths:
  Remove unneeded include dirs in zeromq CMakeLists.txt
 2025-06-23 10:40:10 -07:00
Tim Wojtulewicz
8d92ad472c Merge branch 'topic/timw/clang-tidy-fixes' 
* topic/timw/clang-tidy-fixes: (41 commits)
  Deprecate BRO_PLUGIN_INSTALL_PATH constant
  Make constants in IP::ParseResult uppercase, deprecate the old ones
  Fix comparison against CapLen results in IPTunnel
  Fix clang-tidy cppcoreguidelines-virtual-class-destructor warnings in headers
  Fix clang-tidy cppcoreguidelines-macro-usage warnings in headers
  Fix clang-tidy modernize-use-using warnings in headers
  Fix clang-tidy modernize-use-transparent-functors warnings in headers
  Fix clang-tidy modernize-use-override warnings in headers
  Fix clang-tidy modernize-use-nullptr warnings in headers
  Fix clang-tidy modernize-use-equals-delete warnings in headers
  Fix clang-tidy modernize-use-emplace warnings in headers
  Fix clang-tidy modernize-use-default-member-init warnings in headers
  Fix clang-tidy modernize-use-bool-literals warnings in headers
  Fix clang-tidy modernize-return-braced-init-list warnings in headers
  Fix clang-tidy modernize-type-traits warnings in headers
  Fix clang-tidy modernize-redundnat-void-arg warnings in headers
  Fix clang-tidy modernize-pass-by-value warnings in headers
  Fix clang-tidy modernize-loop-convert warnings in headers
  Fix clang-tidy modernize-macro-to-enum warnings in headers
  Fix clang-tidy performance-unnecessary-copy-initialization warnings in headers
  ...
 2025-06-23 10:37:29 -07:00
Arne Welzel
b1157e4e03 Merge remote-tracking branch 'origin/topic/bbannier/issue-4594' 
* origin/topic/bbannier/issue-4594:
  Align WebSocket error in cluster with one in Broker
 2025-06-22 15:49:23 +02:00
Arne Welzel
b0a26eddaa Merge remote-tracking branch 'origin/topic/awelzel/4571-reject-cluster-event-broker-publish' 
* origin/topic/awelzel/4571-reject-cluster-event-broker-publish:
  broker: Handle Broker::publish() with non Broker::Event
 2025-06-22 15:48:36 +02:00
Johanna Amann
a22837536d Merge remote-tracking branch 'origin/topic/johanna/gh-4521' 
* origin/topic/johanna/gh-4521:
  Change x509 not_before/not_after to not be based on local timezone
 2025-06-18 13:27:57 +01:00
Benjamin Bannier
2866934792 Merge branch 'topic/bbannier/spicy-ssl-refs' 2025-06-18 13:14:13 +02:00
Arne Welzel
19f2621f7b Merge remote-tracking branch 'origin/topic/awelzel/4573-remove-is-packet-source' 
* origin/topic/awelzel/4573-remove-is-packet-source:
  IOSource: Remove IsPacketSource
 2025-06-17 09:25:39 +02:00
Arne Welzel
f4357485d2 Merge remote-tracking branch 'origin/topic/awelzel/4562-post-proc-lookup-failure' 
* origin/topic/awelzel/4562-post-proc-lookup-failure:
  btest/logging: Fly-by cleanup
  logging/Ascii: Fix abort() for non-existing postrotation functions
 2025-06-16 14:58:49 +02:00
Arne Welzel
99155f6ec6 Merge remote-tracking branch 'origin/topic/awelzel/add-ws-tls-nocert-btest' 
* origin/topic/awelzel/add-ws-tls-nocert-btest:
  btest/cluster/websocket: Add cert-less test
 2025-06-16 13:48:08 +02:00
Tim Wojtulewicz
2b8cb515b9 Merge remote-tracking branch 'origin/topic/timw/fix-master' 
* origin/topic/timw/fix-master:
  Add missing #include to packet_analysis/Component.h
 2025-06-11 13:18:43 -07:00
Tim Wojtulewicz
0a8149c185 Merge remote-tracking branch 'origin/topic/timw/util-types' 
* origin/topic/timw/util-types:
  Remove some unused #includes from spicy code
  Remove using util.h in various headers in favor of util-types.h
  Move type definitions/aliases from util.h to a separate file
 2025-06-11 11:12:27 -07:00
Christian Kreibich
62442058e7 Merge branch 'topic/christian/enumval-string-fix' 
* topic/christian/enumval-string-fix:
  Bugfix: AsString() on an EnumVal will segfault
 2025-06-11 09:01:03 -07:00
Arne Welzel
f5063bfcd4 Merge remote-tracking branch 'origin/topic/awelzel/4522-bdat-last-reply-fix' 
* origin/topic/awelzel/4522-bdat-last-reply-fix:
  smtp: Fix last_reply column in smtp.log for BDAT LAST
 2025-06-11 17:25:21 +02:00
Tim Wojtulewicz
14ca808bcf Merge remote-tracking branch 'origin/topic/timw/netbios-ssn-session-timeout-constant' 
* origin/topic/timw/netbios-ssn-session-timeout-constant:
  Move netbios_ssn_session_timeout to a script-level constant
 2025-06-10 12:08:46 -07:00
Arne Welzel
61f93f9eb6 Merge remote-tracking branch 'origin/topic/awelzel/disable-zam-bif-tracking' 
* origin/topic/awelzel/disable-zam-bif-tracking:
  btest/opt/ZAM-bif-tracking: Disable by default
 2025-06-10 18:50:54 +02:00
Christian Kreibich
2f8bbeab1f Merge branch 'topic/christian/btest-trace-cleanup' 
* topic/christian/btest-trace-cleanup:
  Btests: don't use -C in Zeek invocations that don't actually need it
  Remove executable file permission bits from a bunch of our pcaps
 2025-06-09 18:00:44 -07:00
Tim Wojtulewicz
ac9ee9f219 Merge remote-tracking branch 'origin/topic/timw/clang-tidy-modernize-fixes' 
* origin/topic/timw/clang-tidy-modernize-fixes:
  Move initialization of RandTest members to header
  Update .clang-tidy to have modernize-* enabled with some exclusions
  Fix clang-tidy modernize-use-transparent-functors findings
  Fix clang-tidy modernize-use-override findings
  Fix clang-tidy modernize-use-nullptr findings
  Fix clang-tidy modernize-use-emplace findings
  Fix clang-tidy modernize-use-default-member-init findings
  Fix clang-tidy modernize-use-bool-literals findings
  Fix clang-tidy modernize-return-braced-init-list findings
  Fix clang-tidy modernize-redundant-void-arg findings
  Fix clang-tidy modernize-pass-by-value findings
  Fix clang-tidy modernize-min-max-use-initializer-list findings
  Fix clang-tidy modernize-make-unique findings
  Fix clang-tidy modernize-loop-convert findings (LOOP_OVER_ macros)
  Fix clang-tidy modernize-loop-convert findings
  Update bifcl submodule with clang-tidy fixes [nomail]
 2025-06-06 11:45:59 -07:00