* Deprecates ListVal::Index() methods and replaces with ListVal::Idx()
* Replaces ListVal::Vals() method with one that returns
std::vector<IntrusivePtr<Val>> rather than val_list
* origin/master:
Use zeek::detail namespace for fuzzer utils
Set terminating flag during fuzzer cleanup
Add missing include to standalone fuzzer driver
Improve standalone fuzzer driver error messages
Test fuzzers against seed corpus under CI ASan build
Update fuzzing README with OSS-Fuzz integration notes
Link fuzzers against shared library to reduce executable sizes
Improve FuzzBuffer chunking
Fix compiler warning in standalone fuzzer driver
Adjust minor fuzzing documentation
Exit immediately after running unit tests
Add OSS-Fuzz Zeek script search path to fuzzers
Assume libFuzzer when LIB_FUZZING_ENGINE file doesn't exist
Change handling of LIB_FUZZING_ENGINE
Change --enable-fuzzing to --enable-fuzzers
Add standalone driver for fuzz targets
Add basic structure for fuzzing targets
* origin/topic/jsiwek/fuzzing:
Use zeek::detail namespace for fuzzer utils
Set terminating flag during fuzzer cleanup
Add missing include to standalone fuzzer driver
Improve standalone fuzzer driver error messages
Test fuzzers against seed corpus under CI ASan build
Update fuzzing README with OSS-Fuzz integration notes
Link fuzzers against shared library to reduce executable sizes
Improve FuzzBuffer chunking
Fix compiler warning in standalone fuzzer driver
Adjust minor fuzzing documentation
Exit immediately after running unit tests
Add OSS-Fuzz Zeek script search path to fuzzers
Assume libFuzzer when LIB_FUZZING_ENGINE file doesn't exist
Change handling of LIB_FUZZING_ENGINE
Change --enable-fuzzing to --enable-fuzzers
Add standalone driver for fuzz targets
Add basic structure for fuzzing targets
Now we use cmake to determine which compiler flags are set to
determine which implementation of highwayhash to compile. This should
be much more robust.
Also - fix missing include on old ubuntus.
If there's some bad state we can be in where MMDB lookup/open operations
consistently fail, then the volume of associated reporter messages can
get overwhelmingly large especially if a lookup operation is being done
for each network connection.
This adds a limit of an arbitrary 20 messages every 5 minutes, which
should be enough information to understand the overall
open/close/lookup-failure pattern.
* origin/topic/timw/unordered-lists:
Review fixups
Change timer_list in BroList to be an unordered list.
Add ability for List to be ordered/unordered
Add unit testing for List
Fix bug with List where replace() doesn't work with non-pointer types
- Minor whitespace/format adjustments
* 'network-time-init' of https://github.com/J-Gras/zeek:
Fix documentation for network_time_init.
Improve network_time_init() test and add baseline.
Add network_time_init() event.
Add test for network_time behavior.
- Changed the logic significantly to just guarantee there's only ever a
single inactivity timer per connection
- Updated language.expire_subnet btest which is unduly sensitive to
timer-related changes
* origin/topic/jazoff/avoid-redundant-inactivity-timers:
avoid scheduling redundant inactivity timers
The IP fragment reassembly process assumes a packet contains at least
the minimum IP header, but such a check did not previously occur,
resulting in a heap buffer over-read. For example, a self-reported
IPv4 IHL field with a value less than minimum IPv4 header length of
20 bytes. Such packets likely aren't routable on their own, but one
can create an artifical pcap like that or possibly encapsulate it
within another protocol to trigger this bug.
This type is used by Conn and Analyzer to hold onto timers being added and removed. We
don't expect the elements in those lists to maintain an order as the list is being
modified.
