Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17620 commits 387 branches 195 tags 255 MiB
Commit graph

17620 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
f6e091452b Merge Tunnel module sections in init-bare 2025-01-23 11:21:08 -07:00
Arne Welzel
cb44a6ca53 Merge remote-tracking branch 'origin/topic/awelzel/lookup-connection-zam-follow-up' 
* origin/topic/awelzel/lookup-connection-zam-follow-up:
  script_opt: Use emit_builtin_error() for Lookup-Conn
 2025-01-23 16:46:43 +01:00
Arne Welzel
3b4b379950 script_opt: Use emit_builtin_error() for Lookup-Conn 
Still create a separate baseline file because ZAM doesn't provide
detailed location information.

Patch for ZBI.op provided by @vpax
 2025-01-23 09:35:22 +01:00
Tim Wojtulewicz
7e5a9c3a82 Merge remote-tracking branch 'origin/topic/awelzel/lookup-connection-tweaks' 
* origin/topic/awelzel/lookup-connection-tweaks:
  session/Manager: Emit explicit errors for FindConnection() with proto=65535
  IPAddr/ConnKey: Protect from uninitialized conn_id
  IPAddr/ConnKey: Promote transport to uint16_t
  session/Manager: Header cleanup
 2025-01-21 16:49:09 -07:00
Arne Welzel
92f2f66a60 Merge remote-tracking branch 'origin/topic/vern/standalone-lambdas' 
* origin/topic/vern/standalone-lambdas:
  fixes for -O gen-standalone-C++ generation of lambdas
 2025-01-20 10:27:46 +01:00
Arne Welzel
17836ef7d9 session/Manager: Emit explicit errors for FindConnection() with proto=65535 
We silently broke users constructing conn_id records manually and
subsequently using them with lookup_connection() or connection_exists().

This is an attempt to at least report a runtime error about the situation
so it doesn't go completely unnoticed.
 2025-01-17 17:57:49 +01:00
Arne Welzel
ec0a85f553 IPAddr/ConnKey: Protect from uninitialized conn_id 
Check if the non-default fields exist using HasField()
and use GetField() for proto such that it'll initialize
the default value which GetFieldAs<> doesn't do.
default
 2025-01-17 17:53:02 +01:00
Arne Welzel
1105c8fe7d IPAddr/ConnKey: Promote transport to uint16_t 
Instead of a separate bool field which is also stored in the session
table, promote the transport field to uint16_t and encode an invalid
ConnKey as transport 2**16-2
 2025-01-17 17:53:02 +01:00
Arne Welzel
33fd324ebb session/Manager: Header cleanup 2025-01-17 17:45:05 +01:00
zeek-bot
eed205d1ef Update doc submodule [nomail] [skip ci] 2025-01-17 00:12:51 +00:00
Vern Paxson
a3b54b69a1 fixes for -O gen-standalone-C++ generation of lambdas 2025-01-14 17:02:12 -08:00
zeek-bot
f571ee31e0 Update doc submodule [nomail] [skip ci] 2025-01-15 00:33:48 +00:00
Arne Welzel
868eb129bf Merge remote-tracking branch 'origin/topic/awelzel/fix-writer-info-in-logging-hooks' 
* origin/topic/awelzel/fix-writer-info-in-logging-hooks:
  logging: Fix reporter message
  logging: Avoid repeated writer name lookups for plugin hooks
  logging: Fix HookLogInit() and HookLogWrite() info usage
 2025-01-14 21:39:31 +01:00
Benjamin Bannier
c6f9dfb155 Merge branch 'topic/bbannier/coverity' 2025-01-14 18:20:11 +01:00
Benjamin Bannier
0e12e68fb7 Bump auxil/spicy to latest development snapshot 2025-01-14 17:28:31 +01:00
Benjamin Bannier
a14dd511a5 Prevent unneeded copies in QUIC C++ helper code 2025-01-14 16:59:22 +01:00
Johanna Amann
b2222e97a1 Merge remote-tracking branch 'origin/topic/johanna/gh-4061' 
* origin/topic/johanna/gh-4061:
  Update BiF-tracking, add is_event_handled
  Address review comments and small updates for DNS warnings
  Raise warnings when for DNS events that are not raised due to dns_skip_all_addl
 2025-01-14 14:39:56 +00:00
Arne Welzel
5f91f8485c Merge remote-tracking branch 'origin/topic/vern/C++-standalone-record-redef' 
* origin/topic/vern/C++-standalone-record-redef:
  support for record extensions when using -O gen-standalone-C++
 2025-01-14 11:14:25 +01:00
Vern Paxson
960931ba5c support for record extensions when using -O gen-standalone-C++ 2025-01-14 11:12:10 +01:00
Arne Welzel
fd2229e7bb logging: Fix reporter message 2025-01-14 10:46:37 +01:00
Arne Welzel
345c4ca28a logging: Avoid repeated writer name lookups for plugin hooks 
If a plugin provides a write hook, the invocation for HookLogWrite() would
redo looking up the writer's name from the enum value and instantiating
a new std::string instance for every write. Avoid doing this.
 2025-01-14 10:45:34 +01:00
Arne Welzel
927a06b9ab logging: Fix HookLogInit() and HookLogWrite() info usage 
There's two instances of WriterBackend::WriterInfo for a given
writer. One in Manager::WriterInfo that's accessible via
stream.writers and a copy within WriterFrontend.

Commit 78999d147d switched to use the
address of the frontend's info instance for HookLogWrite() invocations,
breaking users using the address for identification purposes.
 2025-01-14 10:44:50 +01:00
Johanna Amann
6bfa55904c Update BiF-tracking, add is_event_handled 2025-01-14 09:33:49 +00:00
Johanna Amann
13f042cc27 Address review comments and small updates for DNS warnings 
This commit addresses review feedback for DH-4155. Furthermore it fixes
test failures, and adds a new test for the is_event_handled bif.
 2025-01-14 09:33:48 +00:00
Benjamin Bannier
300b3788e2 Merge branch 'topic/bbannier/coverity' 2025-01-14 08:44:22 +01:00
Benjamin Bannier
3f5fd5c414 Bump auxil/spicy to latest development snapshot 2025-01-13 23:03:27 +01:00
Benjamin Bannier
2fd20f71ad Prevent copies in various places 2025-01-13 22:19:16 +01:00
Tim Wojtulewicz
8931c352ef Merge remote-tracking branch 'origin/topic/bbannier/fix-spicy-ssl-includes' 
* origin/topic/bbannier/fix-spicy-ssl-includes:
  Fix incomplete includes in Spicy SSL analyer C++ code
 2025-01-13 08:31:04 -07:00
Tim Wojtulewicz
3ae6904b7c Merge branch 'topic/timw/add-security-md' 
* topic/timw/add-security-md:
  Add SECURITY.md, pointing at the website
 2025-01-13 08:22:13 -07:00
Tim Wojtulewicz
1ff5569762 Add SECURITY.md, pointing at the website 2025-01-13 08:21:28 -07:00
Tim Wojtulewicz
36737657ea Merge remote-tracking branch 'origin/topic/timw/non-routeable-subnets' 
* origin/topic/timw/non-routeable-subnets:
  Update zeekctl submodule [nomail]
 2025-01-13 08:20:09 -07:00
Tim Wojtulewicz
16809435a7 Update zeekctl submodule [nomail] 2025-01-13 08:18:47 -07:00
Benjamin Bannier
097088085e Fix incomplete includes in Spicy SSL analyer C++ code 
This appears to have been broken by
feec451bce.
 2025-01-12 14:00:51 +01:00
zeek-bot
436d23204e Update doc submodule [nomail] [skip ci] 2025-01-12 00:22:54 +00:00
Benjamin Bannier
8910415659 Merge branch 'topic/bbannier/bump-spicy' 2025-01-11 17:36:54 +01:00
zeek-bot
7b3126689f Update doc submodule [nomail] [skip ci] 2025-01-11 00:13:58 +00:00
Christian Kreibich
f2d54db694 Merge remote-tracking branch 'origin/topic/etyp/harden-flaky-test' 
* origin/topic/etyp/harden-flaky-test:
  Harden flaky test based on creating a file
 2025-01-10 11:15:45 -08:00
Benjamin Bannier
a17ca4f870 Mark swap specialization noexcept 2025-01-10 11:42:27 +01:00
Benjamin Bannier
feec451bce Clean up some includes 2025-01-10 11:42:27 +01:00
Benjamin Bannier
3ea2d2760a Prevent exception in noexcept function. 2025-01-10 11:42:26 +01:00
Benjamin Bannier
85ad6084e8 Prevent exception escape. 2025-01-10 11:42:26 +01:00
Benjamin Bannier
a4ab0af70d Prevent unnecessary copies in Spicy bindings 2025-01-10 11:42:26 +01:00
Benjamin Bannier
7f1d3ae559 Bump auxil/spicy to latest development snapshot 2025-01-10 11:42:26 +01:00
Tim Wojtulewicz
c10b18253a Merge remote-tracking branch 'origin/topic/timw/non-routeable-subnets' 
* origin/topic/timw/non-routeable-subnets:
  Update btests for new local-only subnets
  Add recommended non-routable subnets
 2025-01-09 22:18:03 -07:00
Tim Wojtulewicz
0fcbc8546e Update btests for new local-only subnets 2025-01-09 22:16:42 -07:00
JW-Corelight
05e3de9b81 Add recommended non-routable subnets 
224.0.0.0/24 (and 6to4 conversion 2002:e000::/40) from RFC5771	"Multicast Local Network Control Block" defined as non-routable.

239.0.0.0/8 (and 6to4 conversion 2002:ef00::/24) from RFC2365 "Administratively Scoped IP Multicast"

fec0::/10 from RFC3879 "Deprecated Site Local Addresses"
(cherry picked from commit 821ab2dbed)
 2025-01-09 22:15:45 -07:00
Tim Wojtulewicz
5fbbbe9548 Fix another typo in the Coverity workflow script 2025-01-09 18:45:56 -07:00
zeek-bot
a4d9067327 Update doc submodule [nomail] [skip ci] 2025-01-10 00:14:49 +00:00
Tim Wojtulewicz
a919226b24 Merge remote-tracking branch 'origin/topic/vern/macro-descriptions' 
* origin/topic/vern/macro-descriptions:
  Add missing include for <vector>
  Extended ZAM validation to include macros
 2025-01-09 13:47:57 -07:00
Tim Wojtulewicz
c30af24aee Add missing include for <vector> 2025-01-09 12:28:24 -07:00