Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19536 commits 387 branches 195 tags 255 MiB
Commit graph

3782 commits

Author SHA1 Message Date
Evan Typanski
22f77248f5 Merge remote-tracking branch 'origin/topic/etyp/fix-record-vec-type-conflict' 
* origin/topic/etyp/fix-record-vec-type-conflict:
  Fix record coercion with compatible types
 2025-08-06 09:10:19 -04:00
Arne Welzel
33b6869425 Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-three' 
* origin/topic/awelzel/tap-analyzer-take-three:
  TapAnalyzer: Fix docstring
  btest/plugins/tap-analyzer: Update baseline
 2025-08-06 14:27:56 +02:00
Arne Welzel
7dea987432 Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-follow-up' 
* origin/topic/awelzel/4337-tap-analyzer-follow-up:
  TapAnalyzer: More verdict to action rename
 2025-08-05 20:00:44 +02:00
Arne Welzel
1e05588e8e Merge remote-tracking branch 'origin/topic/awelzel/4337-tap-analyzer-sketch' 
* origin/topic/awelzel/4337-tap-analyzer-sketch:
  IPBasedAnalyzer: Call TapPacket() when skipping
  SessionAdapter: Introduce TapAnalyzer for session adapter
 2025-08-05 19:49:01 +02:00
Christian Kreibich
56325d1412 Merge branch 'topic/christian/zeek-8.0-news' 
* topic/christian/zeek-8.0-news:
  Compile contributors for Zeek 8.0 in the NEWS file
 2025-08-04 09:35:53 -07:00
Arne Welzel
4ecc62322e Merge remote-tracking branch 'origin/topic/awelzel/depend-on-libzmq' 
* origin/topic/awelzel/depend-on-libzmq:
  ci/windows: No ZeroMQ cluster backend
  cluster/zeromq: Bail on missing ZeroMQ by default
 2025-08-01 17:10:32 +02:00
Arne Welzel
3c2d01e19e Merge remote-tracking branch 'origin/topic/neverlord/std-span' 
* origin/topic/neverlord/std-span:
  Remove zeek::Span and use std::span instead
 2025-08-01 14:50:02 +02:00
Tim Wojtulewicz
f2e155d7fa Merge remote-tracking branch 'origin/topic/timw/update-ct-ca-lists' 
* origin/topic/timw/update-ct-ca-lists:
  Update CT/CA lists to versions from NSS 3.114
 2025-07-31 14:32:21 -07:00
Tim Wojtulewicz
b9a5a635bd Merge remote-tracking branch 'origin/topic/timw/clang-tidy-fix' 
* origin/topic/timw/clang-tidy-fix:
  Fix use-after-move reported by clang-tidy
 2025-07-31 10:34:58 -07:00
Johanna Amann
136bdb43fd Merge remote-tracking branch 'origin/topic/johanna/gh-4694' 
* origin/topic/johanna/gh-4694:
  Add tests for the deprecated-dpd-log.zeek policy script
  Move c$service_violation to deprecated-dpd-log.zeek
 2025-07-31 16:11:00 +01:00
Tim Wojtulewicz
3e0012ea30 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump `auxil/spicy` to latest development snapshot
 2025-07-31 07:58:05 -07:00
Arne Welzel
10e7f14f78 Merge remote-tracking branch 'origin/topic/awelzel/defer-more-stuff' 
* origin/topic/awelzel/defer-more-stuff:
  RecordType: Ensure &default fields are always re-initialized
  Attr: Deprecate using &default and &optional together on record fields
  RecordType: Allow deferring &default=vector(), set(), table() fields
 2025-07-30 10:35:56 +02:00
Arne Welzel
d7fbd49d9e Merge remote-tracking branch 'origin/topic/vern/zam-record-fields-fixes' 
* origin/topic/vern/zam-record-fields-fixes:
  fixes for specialized ZAM operations needing to check whether record fields exist
 2025-07-30 10:08:21 +02:00
Johanna Amann
a22b45c69e Merge remote-tracking branch 'origin/topic/johanna/gh-4202' 
* origin/topic/johanna/gh-4202:
  Update NEWS for Conn::set_conn changes
  DNS-fuzzer: raise new_connection event
  Optimize Conn::set_conn to minimize operations
  Move Conn::set_conn() from connection_state_remove to new_connection
 2025-07-29 21:01:51 +01:00
Arne Welzel
ab282e3637 Merge remote-tracking branch 'origin/topic/awelzel/cluster-event-out-of-detail' 
* origin/topic/awelzel/cluster-event-out-of-detail:
  cluster::Event: Move implementation into cluster/Event.{h,cc}
  cluster: Move cluster::detail::Event to cluster::Event
 2025-07-29 18:24:20 +02:00
Tim Wojtulewicz
9f3a1a135f Merge remote-tracking branch 'origin/topic/timw/fix-fuzzer-conn-key-deprecation' 
* origin/topic/timw/fix-fuzzer-conn-key-deprecation:
  Fix ConnKey deprecation warnings from generic fuzzer
 2025-07-29 07:41:23 -07:00
Tim Wojtulewicz
743b9e27cc Merge remote-tracking branch 'origin/topic/timw/fix-irc-analyzer-event-types' 
* origin/topic/timw/fix-irc-analyzer-event-types:
  Fix types passed to some of the IRC analyzer events
 2025-07-29 07:19:36 -07:00
Tim Wojtulewicz
06ec03046d Merge remote-tracking branch 'origin/topic/timw/fix-ranges-debian-11-build-failure' 
* origin/topic/timw/fix-ranges-debian-11-build-failure:
  Fix build failure with std::ranges on Debian 11
 2025-07-29 07:19:11 -07:00
Arne Welzel
cd7836dda2 Merge remote-tracking branch 'origin/topic/awelzel/4431-zeromq-drop-policy-v2' 
* origin/topic/awelzel/4431-zeromq-drop-policy-v2:
  cluster.bif: Improve Cluster::publish() docstring
  btest/cluster/zeromq: Add tests for overload behavior
  cluster/zeromq: Metric for msg errors
  cluster/zeromq: Drop events when overloaded
  cluster/zeromq: Comments and move lookups to InitPostScript()
  cluster/zeromq: Rework lambdas to member functions
  cluster/zeromq: Support local XPUB/XSUB hwm and buf configurability
  cluster/OnLoop: Support DontBlock and Force flags for queueing
  cluster/ThreadedBackend: Injectable OnLoopProcess instance
 2025-07-29 11:38:49 +02:00
Arne Welzel
12518e8256 Merge remote-tracking branch 'origin/topic/awelzel/expose-num-packets-unprocessed' 
* origin/topic/awelzel/expose-num-packets-unprocessed:
  ConnStats: Expose num_packets_unprocessed
  packet_analysis/Manager: Rename GetUnprocessedCount() to PacketsUnprocessed()
 2025-07-29 10:12:46 +02:00
Arne Welzel
96f9cc73c3 Merge remote-tracking branch 'origin/topic/awelzel/spicy-format-for-8.0' 
* origin/topic/awelzel/spicy-format-for-8.0:
  Update .git-blame-ignore-revs
  analyzer/protocol: Reformat with spicy-format
  pre-commit-config: Bump spicy-format to 0.26.0
 2025-07-29 10:05:33 +02:00
Tim Wojtulewicz
73d56407b1 Merge remote-tracking branch 'origin/topic/awelzel/3935-dce-rpc-named-pipe-docs' 
* origin/topic/awelzel/3935-dce-rpc-named-pipe-docs:
  dce-rpc: Make named_pipe filed docs extensive
 2025-07-28 14:18:23 -07:00
Tim Wojtulewicz
22fc57a90a Merge remote-tracking branch 'origin/topic/johanna/gh-4656' 
* origin/topic/johanna/gh-4656:
  Fix parsing of EDNS rcode
 2025-07-28 14:16:24 -07:00
Tim Wojtulewicz
8063be111a Merge remote-tracking branch 'origin/topic/timw/more-irc-coverage' 
* origin/topic/timw/more-irc-coverage:
  Expand coverage of IRC analyzer with more commands
  Add support for ircv3 tags
 2025-07-28 14:15:47 -07:00
Tim Wojtulewicz
8aeaed69c5 Merge remote-tracking branch 'origin/topic/timw/lazy-allocate-id-option-handlers' 
* origin/topic/timw/lazy-allocate-id-option-handlers:
  Move ID::type in structure to fill memory padding
  Use sorted forward_list instead of multimap for ID option change handlers
 2025-07-28 13:57:26 -07:00
Tim Wojtulewicz
020dd1a848 Merge remote-tracking branch 'origin/topic/timw/cpp20-modernization' 
* origin/topic/timw/cpp20-modernization:
  Remove intermediate cipher vectors in ssl-analyzer.pac
  Reduce the size of Func::Body quite a bit with some extra packing
  Switch to using std::ranges algorithms
  Enable modernize-std-numbers clang-tidy checker, fix findings
  Switch to using c++20 constraints instead of std::enable_if
 2025-07-28 13:13:02 -07:00
Evan Typanski
c00314746a Merge branch 'topic/etyp/deprecate-record-ty-to-vec' 
* topic/etyp/deprecate-record-ty-to-vec:
  Deprecate `record_type_to_vector`
 2025-07-28 12:25:44 -04:00
Tim Wojtulewicz
a09b4108c8 Merge remote-tracking branch 'origin/topic/timw/odesc-size-t' 
* origin/topic/timw/odesc-size-t:
  Use size_t for byte sizes in SerializationFormat
  Add ODesc::Size() that returns size_t, deprecate ODesc::Len()
 2025-07-25 09:14:01 -07:00
Arne Welzel
6e2a18ce4f Merge remote-tracking branch 'origin/topic/awelzel/conn-id-ctx-singleton' 
* origin/topic/awelzel/conn-id-ctx-singleton:
  RecordType: Allow field init deferral of deferrable record constructors
  Conn: Use conn_id_ctx singleton
  Conn: Add InitPostScript() and conn_id_ctx singleton
  ID: Add conn_id_ctx
 2025-07-25 10:59:07 +02:00
Tim Wojtulewicz
90da71ef16 Merge remote-tracking branch 'origin/topic/timw/update-broker' 
* origin/topic/timw/update-broker:
  Update broker submodule to pull in clang 20 fix [nomail]
 2025-07-24 12:46:27 -07:00
Tim Wojtulewicz
9c845d9979 Merge remote-tracking branch 'origin/topic/timw/pid-start-time-metric' 
* origin/topic/timw/pid-start-time-metric:
  Add process_start_time_seconds and process_pid metrics
 2025-07-24 10:39:52 -07:00
Tim Wojtulewicz
d12b381e3e Merge remote-tracking branch 'origin/topic/timw/no-weekly-tasks-on-master-pushes' 
* origin/topic/timw/no-weekly-tasks-on-master-pushes:
  CI: Only run weekly tasks as part of cron
 2025-07-24 08:01:07 -07:00
Arne Welzel
e231efac0b Merge remote-tracking branch 'origin/topic/awelzel/4645-icmp-conns-inconsistent' 
* origin/topic/awelzel/4645-icmp-conns-inconsistent:
  conn_key/fivetuple: Handle one-way ICMP conns in DoConnKeyFromVal()
 2025-07-24 09:49:07 +02:00
Johanna Amann
4399f171ae Merge remote-tracking branch 'origin/topic/johanna/pppoe-session-id-logging' 
* origin/topic/johanna/pppoe-session-id-logging:
  Update external tests for pppoe-session-id conn.log changes
  PPPoE: add session id logging
 2025-07-24 07:57:18 +01:00
Tim Wojtulewicz
acdf8f4d4d Merge remote-tracking branch 'origin/topic/timw/coverity-fixes' 
* origin/topic/timw/coverity-fixes:
  Fix a few other minor issues reported by Coverity
  Add a few extra null checks, plus a missing initialization that led to a bad null check
  Fix some integer overflow issues reported by Coverity
  Ignore a couple of known-unused results reported by Coverity
  Fix some bit-shifting overflow/UB issues reported by Coverity
  Reset the value of a status variable in SQLite backend before using it in a loop
  Fix a potential memory leak reported by Coverity
  Avoid some string copies in IRC analyzer
  Add some additional std::moves reported by Coverity
  Fix an unsigned integer comparison reported by Coverity
  Fix uninitialized class member Coverity findings
  Handle uncaught exception during setup
  Update gen-zam submodule for Coverity findings
 2025-07-23 15:26:29 -07:00
Tim Wojtulewicz
ca3b670d0f Merge remote-tracking branch 'origin/topic/timw/storage-forced-sync' 
* origin/topic/timw/storage-forced-sync:
  Fix swapped storage metrics names
  Add flag to force synchronous mode when calling storage script-land functions
 2025-07-23 14:03:56 -07:00
Arne Welzel
ee5ffdf42c Merge remote-tracking branch 'origin/topic/awelzel/control-switch-to-cluster' 
* origin/topic/awelzel/control-switch-to-cluster:
  NEWS: ZeekControl, ZeroMQ and WebSocket
  Update zeekctl module for ClusterBackend and UseWebSocket
  control: Use Cluster::publish() for replying
 2025-07-23 19:31:45 +02:00
Tim Wojtulewicz
83c914ce2d Merge remote-tracking branch 'origin/topic/timw/ci-weekly-compiler-task' 
* origin/topic/timw/ci-weekly-compiler-task:
  CI: Add weekly task for running builds with newest compilers
 2025-07-23 08:21:31 -07:00
Tim Wojtulewicz
2e612fc493 Merge remote-tracking branch 'origin/topic/timw/commit-info-for-plugin-ci-build' 
* origin/topic/timw/commit-info-for-plugin-ci-build:
  Output more information when cloning repos for include_plugins CI task
 2025-07-23 08:20:43 -07:00
Arne Welzel
84cbd3784f Merge remote-tracking branch 'origin/topic/awelzel/make-record-fields-ordered' 
* origin/topic/awelzel/make-record-fields-ordered:
  Type/RecordType: Make table returned by GetRecordFieldsVal() ordered
 2025-07-23 13:38:05 +02:00
Tim Wojtulewicz
07a1c6b699 Merge remote-tracking branch 'origin/topic/timw/update-af-packet' 
* origin/topic/timw/update-af-packet:
  Update zeek-af_packet-plugin submodule to fix initialization [nomail]
 2025-07-22 11:40:27 -07:00
Tim Wojtulewicz
ed81e251dc Merge remote-tracking branch 'origin/topic/timw/update-broker' 
* origin/topic/timw/update-broker:
  Update broker submodule [nomail]
 2025-07-22 08:05:22 -07:00
Tim Wojtulewicz
cb2e193452 Merge remote-tracking branch 'origin/topic/timw/storage-metrics' 
* origin/topic/timw/storage-metrics:
  Add SQLite page_count and file_size metrics
  Add btests to cover storage metrics
  Add storage metrics for operations, expirations, data transferred
  Fix ordering of telemtry metrics when running under test
  Make RunPragma take an optional value parser to return data
  Make SQLite::Step take a callback function for parsing result data
 2025-07-18 14:28:46 -07:00
Tim Wojtulewicz
1dc7d88efd Merge remote-tracking branch 'origin/topic/timw/update-libkqueue' 
* origin/topic/timw/update-libkqueue:
  Update libkqueue submodule [nomail]
 2025-07-17 12:59:10 -07:00
Tim Wojtulewicz
beb70e27b5 Merge remote-tracking branch 'origin/topic/timw/cpp20-starts-and-ends-with' 
* origin/topic/timw/cpp20-starts-and-ends-with:
  Use std::string/string_view versions of starts_with/ends_with where appropriate
 2025-07-17 09:09:40 -07:00
Tim Wojtulewicz
6218643347 Merge remote-tracking branch 'origin/topic/timw/hilti-nolint-enum' 
* origin/topic/timw/hilti-nolint-enum:
  Add nolint for enum size for HILTI_RT_ENUM use
 2025-07-17 08:40:58 -07:00
Robin Sommer
c94ce6b946
Merge remote-tracking branch 'origin/topic/robin/gh-4481-test-analyzer' 
* origin/topic/robin/gh-4481-test-analyzer:
  Spicy: Fix missing include.
  Bump Spicy.
  Spicy: Add functions to check if Zeek provides an analyzer of a given name.
 2025-07-16 17:47:08 +02:00
Arne Welzel
8f4470926f Merge remote-tracking branch 'origin/topic/awelzel/eml-extraction-v3' 
* origin/topic/awelzel/eml-extraction-v3:
  NEWS: Add entry about SMTP::enable_rfc822_msg_file_analysis
  btest: Add tests for full email extraction
  SMTP: Adapt scripts for enable_rfc822_msg_file_analysis
  SMTP: Add missing Undelivered() call
  SMTP: Add enable_rfc822_msg_file_analysis
 2025-07-16 12:38:29 +02:00
Christian Kreibich
fba319857b Merge branch 'topic/bbannier/named-ctr' 
* topic/bbannier/named-ctr:
  Prefer explicit construction to coercion in record initialization
 2025-07-15 17:38:04 -07:00
Christian Kreibich
907ddce581 Merge branch 'topic/christian/fix-debuglogger-stdsort' 
* topic/christian/fix-debuglogger-stdsort:
  Add missing header to allow std::sort() on GCC 15.1
 2025-07-15 17:37:02 -07:00