Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19032 commits 387 branches 195 tags 255 MiB
Commit graph

19032 commits

This branch
This branch
All branches
Author SHA1 Message Date
Evan Typanski
7f93ff5ecd Deprecate record_type_to_vector 
After #4682, record_fields is ordered so this is redundant. Furthermore,
it is incorrectly documented, as it says nested records are flattened.
 2025-07-28 11:11:33 -04:00
Arne Welzel
120f061bcd ConnStats: Expose num_packets_unprocessed 
Not sure it's the best place to put, but we don't have packet analysis stats
bif and also num_packets is already there, so seems reasonable to put the
num_packets_unprocessed into
 2025-07-28 14:10:53 +02:00
Arne Welzel
fa476746bf packet_analysis/Manager: Rename GetUnprocessedCount() to PacketsUnprocessed() 
Mostly to align with PacketsProcessed()
 2025-07-28 13:41:32 +02:00
zeek-bot
7894d88461 Update doc submodule [nomail] [skip ci] 2025-07-26 00:28:44 +00:00
Tim Wojtulewicz
a09b4108c8 Merge remote-tracking branch 'origin/topic/timw/odesc-size-t' 
* origin/topic/timw/odesc-size-t:
  Use size_t for byte sizes in SerializationFormat
  Add ODesc::Size() that returns size_t, deprecate ODesc::Len()
 2025-07-25 09:14:01 -07:00
Tim Wojtulewicz
e1342ff72d Use size_t for byte sizes in SerializationFormat 2025-07-25 09:13:10 -07:00
Tim Wojtulewicz
7a5209855f Add ODesc::Size() that returns size_t, deprecate ODesc::Len() 2025-07-25 09:13:10 -07:00
Arne Welzel
3f810e038b dce-rpc: Make named_pipe filed docs extensive 
Closes #3935
 2025-07-25 11:12:38 +02:00
Arne Welzel
6e2a18ce4f Merge remote-tracking branch 'origin/topic/awelzel/conn-id-ctx-singleton' 
* origin/topic/awelzel/conn-id-ctx-singleton:
  RecordType: Allow field init deferral of deferrable record constructors
  Conn: Use conn_id_ctx singleton
  Conn: Add InitPostScript() and conn_id_ctx singleton
  ID: Add conn_id_ctx
 2025-07-25 10:59:07 +02:00
Arne Welzel
2cb26eda51 RecordType: Allow field init deferral of deferrable record constructors 
The ctx: conn_id_ctx &default=conn_id_ctx() field was not optimized
as deferrable even though by default its an empty record and so deferring
initialization seems safe. Open-code the special record constructor
expression case in ExprFieldInit so that the ctx field is not default
initialized at record construction anymore. I am wondering a bit if the
same applies to &default=set() and &default=table().
 2025-07-25 10:55:51 +02:00
zeek-bot
8a6aca6175 Update doc submodule [nomail] [skip ci] 2025-07-25 00:19:51 +00:00
Tim Wojtulewicz
90da71ef16 Merge remote-tracking branch 'origin/topic/timw/update-broker' 
* origin/topic/timw/update-broker:
  Update broker submodule to pull in clang 20 fix [nomail]
 2025-07-24 12:46:27 -07:00
Tim Wojtulewicz
73f2cadd88 Update broker submodule to pull in clang 20 fix [nomail] 2025-07-24 10:43:57 -07:00
Tim Wojtulewicz
9c845d9979 Merge remote-tracking branch 'origin/topic/timw/pid-start-time-metric' 
* origin/topic/timw/pid-start-time-metric:
  Add process_start_time_seconds and process_pid metrics
 2025-07-24 10:39:52 -07:00
Tim Wojtulewicz
d5db359772 Add process_start_time_seconds and process_pid metrics 2025-07-24 10:39:14 -07:00
Arne Welzel
906cec9adb Conn: Use conn_id_ctx singleton 2025-07-24 17:35:07 +02:00
Arne Welzel
eba6355b84 Conn: Add InitPostScript() and conn_id_ctx singleton 2025-07-24 17:28:31 +02:00
Arne Welzel
a2922cdde9 ID: Add conn_id_ctx 
Seemed a bit unfortunate to use id::connection and id::conn_id, but
then do something different for conn_id_ctx.
 2025-07-24 17:27:51 +02:00
Tim Wojtulewicz
d12b381e3e Merge remote-tracking branch 'origin/topic/timw/no-weekly-tasks-on-master-pushes' 
* origin/topic/timw/no-weekly-tasks-on-master-pushes:
  CI: Only run weekly tasks as part of cron
 2025-07-24 08:01:07 -07:00
Johanna Amann
383dce9343 Fix parsing of EDNS rcode 
The EDNS rcode was incorrectly calculated. The extended rcode is formed
by taking the upper 8 bits of the extended rcode field, plus the lower 4
bits of the existing rcode.

This also adds a new trace with an extended rcode, and a testcase
parsing it.

Reported by dwhitemv25.

Fixes GH-4656
 2025-07-24 14:57:00 +01:00
Arne Welzel
e231efac0b Merge remote-tracking branch 'origin/topic/awelzel/4645-icmp-conns-inconsistent' 
* origin/topic/awelzel/4645-icmp-conns-inconsistent:
  conn_key/fivetuple: Handle one-way ICMP conns in DoConnKeyFromVal()
 2025-07-24 09:49:07 +02:00
Arne Welzel
785bb2ee13 conn_key/fivetuple: Handle one-way ICMP conns in DoConnKeyFromVal() 
When a conn_id represents a ICMP "connection", we need to determine the
is_one_way flag for InitTuple() in order to skip any flipping of address
and ports for one-way ICMP connections.

Fixes #4645
 2025-07-24 09:48:33 +02:00
Johanna Amann
4399f171ae Merge remote-tracking branch 'origin/topic/johanna/pppoe-session-id-logging' 
* origin/topic/johanna/pppoe-session-id-logging:
  Update external tests for pppoe-session-id conn.log changes
  PPPoE: add session id logging
 2025-07-24 07:57:18 +01:00
zeek-bot
106831bc62 Update doc submodule [nomail] [skip ci] 2025-07-24 00:29:42 +00:00
Tim Wojtulewicz
acdf8f4d4d Merge remote-tracking branch 'origin/topic/timw/coverity-fixes' 
* origin/topic/timw/coverity-fixes:
  Fix a few other minor issues reported by Coverity
  Add a few extra null checks, plus a missing initialization that led to a bad null check
  Fix some integer overflow issues reported by Coverity
  Ignore a couple of known-unused results reported by Coverity
  Fix some bit-shifting overflow/UB issues reported by Coverity
  Reset the value of a status variable in SQLite backend before using it in a loop
  Fix a potential memory leak reported by Coverity
  Avoid some string copies in IRC analyzer
  Add some additional std::moves reported by Coverity
  Fix an unsigned integer comparison reported by Coverity
  Fix uninitialized class member Coverity findings
  Handle uncaught exception during setup
  Update gen-zam submodule for Coverity findings
 2025-07-23 15:26:29 -07:00
Tim Wojtulewicz
64bca5ce4c Fix a few other minor issues reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
d22810e476 Add a few extra null checks, plus a missing initialization that led to a bad null check 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
2e5db823ef Fix some integer overflow issues reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
2da3b3a2a6 Ignore a couple of known-unused results reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
d4cb3c8225 Fix some bit-shifting overflow/UB issues reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
22e78c3c24 Reset the value of a status variable in SQLite backend before using it in a loop 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
0b3b5e2ef2 Fix a potential memory leak reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
dea44003a1 Avoid some string copies in IRC analyzer 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
205c72d26f Add some additional std::moves reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
2ce26f1be0 Fix an unsigned integer comparison reported by Coverity 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
4c58fb26c4 Fix uninitialized class member Coverity findings 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
923ffbf25a Handle uncaught exception during setup 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
382dfca7a8 Update gen-zam submodule for Coverity findings 2025-07-23 15:17:53 -07:00
Tim Wojtulewicz
ca3b670d0f Merge remote-tracking branch 'origin/topic/timw/storage-forced-sync' 
* origin/topic/timw/storage-forced-sync:
  Fix swapped storage metrics names
  Add flag to force synchronous mode when calling storage script-land functions
 2025-07-23 14:03:56 -07:00
Tim Wojtulewicz
146837fe73 Fix swapped storage metrics names 2025-07-23 13:14:46 -07:00
Tim Wojtulewicz
7e3ed2010d Add flag to force synchronous mode when calling storage script-land functions 2025-07-23 13:14:34 -07:00
Tim Wojtulewicz
7b858cf270 CI: Only run weekly tasks as part of cron 2025-07-23 12:15:10 -07:00
Arne Welzel
ee5ffdf42c Merge remote-tracking branch 'origin/topic/awelzel/control-switch-to-cluster' 
* origin/topic/awelzel/control-switch-to-cluster:
  NEWS: ZeekControl, ZeroMQ and WebSocket
  Update zeekctl module for ClusterBackend and UseWebSocket
  control: Use Cluster::publish() for replying
 2025-07-23 19:31:45 +02:00
Tim Wojtulewicz
f5500a718f Merge remote-tracking branch 'origin/topic/timw/clang-tidy-bif-code' 
* origin/topic/timw/clang-tidy-bif-code:
  Fix clang-tidy findings in embedded C++ from bif files
 2025-07-23 10:20:26 -07:00
Tim Wojtulewicz
3b6a27d0a3 Fix clang-tidy findings in embedded C++ from bif files 2025-07-23 10:19:32 -07:00
Tim Wojtulewicz
83c914ce2d Merge remote-tracking branch 'origin/topic/timw/ci-weekly-compiler-task' 
* origin/topic/timw/ci-weekly-compiler-task:
  CI: Add weekly task for running builds with newest compilers
 2025-07-23 08:21:31 -07:00
Tim Wojtulewicz
2e612fc493 Merge remote-tracking branch 'origin/topic/timw/commit-info-for-plugin-ci-build' 
* origin/topic/timw/commit-info-for-plugin-ci-build:
  Output more information when cloning repos for include_plugins CI task
 2025-07-23 08:20:43 -07:00
Johanna Amann
9ab7b768c6 Update external tests for pppoe-session-id conn.log changes 2025-07-23 14:09:17 +01:00
Johanna Amann
e5a434c392 PPPoE: add session id logging 
This adds a new PacketAnalyzer::PPPoE::session_id bif, which extracts
the PPPoE session ID from the current packet.

Furthermore, a new policy script is added which adds the pppoe session
id to the connection log.

Related to GH-4602
 2025-07-23 13:43:45 +01:00
Arne Welzel
84cbd3784f Merge remote-tracking branch 'origin/topic/awelzel/make-record-fields-ordered' 
* origin/topic/awelzel/make-record-fields-ordered:
  Type/RecordType: Make table returned by GetRecordFieldsVal() ordered
 2025-07-23 13:38:05 +02:00