* origin/topic/robin/spicy-export-extensions:
[Spicy] Clean up representation of EVT record fields.
[Spicy] Extend functionality of `export` in EVT files.
[Spicy] Refactor parsing of `export` in EVT files.
We now support selecting which fields of a unit type get exported into
the automatically created Zeek record; as well as selecting which
fields get a `&log` attribute added automatically to either all fields
or to selected fields.
Syntax:
- To export only selected fields:
export Foo::X with { field1, field3 };
- To export all but selected fields:
export Foo::X without { field2, field3 };
- To `&log` all fields:
export Foo::X &log;
- To `&log` only selected fields:
export Foo::X with { field1 &log, field3 }; # exports (only) field1 and field3, and marks field1 for logging
Syntax is still subject to change.
Closes#3218.
Closes#3219.
* origin/topic/timw/3059-set-vector-conversion:
Fix conversion with record types
Add conversion between set and vector using 'as' keyword
Add std::move for a couple of variables passed by value
This is based on the discussion in zeek/zeek#2668. Using &default with tables
can be confusing as the default value is not inserted. The following example
prints an empty table at the end even new Service records was instantiated.
type Service: record {
occurrences: count &default=0;
last_seen: time &default=network_time();
};
global services: table[string] of Service &default=Service();
event zeek_init()
{
services["http"]$occurrences += 1;
services["http"]$last_seen = network_time();
print services;
}
Changing above &default to &default_insert will insert the newly created
default value upon a missed lookup and act less surprising.
Other examples that caused confusion previously revolved around table of sets
or table of vectors and `add` or `+=` not working as expected.
tbl_of_vector["http"] += 1
add tbl_of_set["http"][1];
This is similar to GH-3206. There do not seem to be practical
consequences - but we should still fix it.
This also includes the udp-testcase that was forgotten in GH-3206.
This marks every identifier used within an attribute as seeds. The scenario
this avoids is functions referenced through attributes on unused tables or
record types (&default, &expire_func, ...) being dinged as unused as
that's rather confusing.
Also adds test for the above and a light smoke test into language/ as it
doesn't appear we had coverage here.
Closes#3122
* origin/topic/vern/zam-memory-reduction:
Baseline "-a zam" update
increase BTest wait time to abide ZAM compilation times
avoid script coverage overhead (especially memory) when using ZAM
fixes for correctly tracking which functions have been fully inlined
support for discarding ASTs once compiled via ZAM script optimization
some code simplifications and streamlining
The input framework currently gives a rather opaque error message when
encountering a line in which a required value is not provided. This
change updates this behavior; the error message now provides the record
element (or the name or the index element) which was not set in the
input data, even though it is required to be set by the underlying Zeek
type.
* origin/topic/awelzel/3145-dcerpc-state-clean:
dce-rpc: Test cases for unbounded state growth
dce-rpc: Handle smb2_close_request() in scripts
smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them
dce-rpc: Do not repeatedly register removal hooks
Ad-hoc include module names in the global_ids() table. Table values will
have the type_name field set to "module" and their key in the table is
prefixed with "module " to avoid clashes with existing global identifiers
shadowing module names (Management::Node being an existing example).
Closes#3136
Avoids loosing state on a connection value when a connection is flipped.
Fixes up the NTP baseline as well where this was visible: analyzer_confirmation_info()
was raised for a connection value which was immediately forgotten due to
the subsequent connection flipping.
Closed#3028
* origin/topic/vern/zam-feature-complete: (23 commits)
documentation updates
updates to ZAM-specific BTest baseline
Address PR review feedback on zam-feature-complete
Updates to BTest baselines due to previous BTest tweaks
tweaks to BTests for ZAM feature completeness; new ZAM-only btest
removal of unused functionality and some follow-on simplifications
feature completeness for ZAM
-O gen-C++ tweaks to be compatible with ZAM changes
ZAM support for "when" statements
ZAM changes intermixed with lambda and "when" support
WhenStmt/WhenInfo restructuring in support of ZAM "when" statements
ZAM support for lambdas
ZAM internals have a notion of "captures" as global-like variables
AST profiling enhnacements in support of script optimization for lambdas/whens
refinements to LambdaExpr's to provide flexibility, support for ZVal captures
support in ScriptFunc class for ZVal-oriented vector of captures
simplifications to the Frame class now that it no longer has to support old-style captures
use Ingredients directly for constructing functions
the "Capture" struct is now a class
more debugging information when dumping script optimization data structures
...
When a JSON document contains key names containing colons or other
special characters that are not valid in Zeek identifiers, from_json()
cannot be used to parse such input.
This change allows a customizable normalization function.
Closes#3142.
