* origin/master: (73 commits)
Spicy: allow providing file id in zeek::file_begin
Spicy: allow providing file id in zeek::file_begin
Update doc submodule [nomail] [skip ci]
Spicy: allow providing file id in zeek::file_begin
Spicy: allow providing file id in zeek::file_begin
Bump cmake submodule for INCLUDE_DIRS fix
Update doc submodule [nomail] [skip ci]
Integrate review feedback
Add jq to final.Dockerfile
TableVal: Replace raw subnets/pattern_matcher with unique_ptr
TablePatternMatcher: Drop Insert()/Remove(), use Clear()
TableType: Simplify and inline Is...Index tests
NEWS: Add small table[pattern] section
Expr/Val: Add support for in set[pattern]
zeek.bif: Implement table_pattern_matcher_stats() bif for introspection
DFA: Extract inner Stats struct from DFA_State_Cache
Expr: Implement string in table[pattern] of X
RE: Remove RE_DisjunctiveMatcher and re-use MatchAll()
TablePatternMatcher: Use const StringValPtr& instead of const StringVal*
Val: Move TablePatternMatcher into detail namespace
...
Allow spicy parsers to generate their own file IDs and provide them to
Zeek. This duplicates functionality that is currently possible (and
used) by some binpac-based analyzers. One example for an analyzer
creating its own file IDs is the SSL analyzer.
* origin/topic/neverlord/avoid-openssl-header-deps:
Integrate review feedback
Avoid OpenSSL header dependencies
Added NEWS during merge and removed never set OPENSSL_INCLUDE_DIR reference
in main CMakeLists.txt.
* origin/topic/awelzel/pattern-tables-reuse-compile-set:
TableVal: Replace raw subnets/pattern_matcher with unique_ptr
TablePatternMatcher: Drop Insert()/Remove(), use Clear()
TableType: Simplify and inline Is...Index tests
NEWS: Add small table[pattern] section
Expr/Val: Add support for in set[pattern]
zeek.bif: Implement table_pattern_matcher_stats() bif for introspection
DFA: Extract inner Stats struct from DFA_State_Cache
Expr: Implement string in table[pattern] of X
RE: Remove RE_DisjunctiveMatcher and re-use MatchAll()
TablePatternMatcher: Use const StringValPtr& instead of const StringVal*
Val: Move TablePatternMatcher into detail namespace
TablePatternMatcher: Use unique_ptr
IndexType: Add IsPatternIndex(), like IsSubNetIndex()
btest: Add test for pattern tables and when
Reuse CompileSet() instead of || string formatting
script optimization support for using strings to index table[pattern] values
BTests for indexing "table[pattern] of T" with strings
support for indexing "table[pattern] of T" with strings to get multi-matches
Provide a script accessible way to introspect the DFA stats that can be
leveraged to gather runtime statistics of the underlying DFA. This
re-uses the existing MatcherStats used by ``get_matcher_stats()``.
Not sure how useful this is (and the implementation isn't optimized in
any way), but seems reasonable for consistency.
Vern suggested that set[pattern] can already be achieved via
set_to_regex(), so left out any set[pattern] variants.
Seems we can just open code the CompileSet() usage in the TablePatternMatcher
helper without indirecting through another class. Further, add the collection
of indices into MatchAll() rather than duplicating its code in
MatchDisjunction(). Doesn't seem like MatchAll() is used widely.
We already had these declared in dns/const.zeek, so extend the parser
as well to avoid raising weirds and add some test pcaps:
$ dig @8.8.8.8 DNSKEY ed448.no
$ dig @8.8.8.8 ed448.no +dnssec
And the same for the ed25519.no domain.
Closes#3453
This seems like a bug: If one feeds one byte at a time, current_pos
is being reset for every byte, possibly reporting the wrong offsets
in the accepted_matches map.
* origin/topic/vern/zam-EH-coalesce:
BTest updates to accommodate event handler coalescence differences
BTests for testing that event handler coalescence operates as expected
coalescing of event handlers (ZAM optimization)
Minor fixups during merge as commented on the PR.
There was some confusion around which value was used subsequent to a strip(),
but sub not respecting anchors make it appear to work. Also seems that the
`\(?` part seems redundant.
Anchors within pattern passed to sub() or gsub() were previously ignored,
replacing any occurrence of '<text>' even when '^<text>' was used as a
pattern.
This is a pretty user-visible change (and we even have anchored patterns
within the base scripts), but seems "the right thing to do".
Relates to #3455
* origin/topic/awelzel/3455-do-split-string-2:
strings.bif/do_split_string: Pass bol and eol to MatchPrefix()
RE_Matcher: Add MatchPrefix with bol/eol control
