This allows us to create an EnumType that groups all of the analyzer
tag values into a single type, while still having the existing types
that split them up. We can then use this for certain events that benefit
from taking all of the tag types at once.
These two are almost always used in conjunction with each other, and
TaggedComponent is never used by itself. Combining them together into
a single class will help simplify some of the code around managing
the mapping between Tags and Components.
- Remove tag types for each component type (analyzer, etc)
- Add deprecated versions of the old types
- Remove unnecessary tag element from templates for TaggedComponent and ComponentManager
- Enable TaggedComponent to pass an EnumType when initializing Tag objects
- Update some tests that are affected by the tag enum values changing order
* origin/topic/johanna/openssl-3-compat:
Update cmake submodule for OpenSSL 3.0 changes
OpenSSL 3: normalize self-signed-cert error message
Make cmake & ci like OpenSSL 3.0
Add OpenSSL 3.0 CI test
OpenSSL 3: fix warnings and tests
Switch OpaqueVal hashing back to legacy OpenSSL implementation
Fixes GH-1379
Older cmake versions have problems with the version number. When
installing OpenSSL on a 64 bit linux one also needs to create an
additional symlink to get cmake to use the correct library.
This commit fixes the compile-time warnings that OpenSSL 3.0 raises for
our source-code. For the cases where this was necessary we now have two
implementations - one for OpenSSL 1.1 and earlier, and one for OpenSSL
3.0.
This also makes our testsuite pass with OpenSSL 3.0
Relates to GH-1379
If we leave files sitting around, we trigger a Docker image double-build in CI,
because the build runs once, gets tested, and then gets run again when we push
the Docker image: the additional btest files cause Docker to detect a different
source tree, causing an image layer violation.
Also rename "cleanup" target to "clean", to align with rest of our tree.
This commit switches hashing from the more modern EVP message digest to
the older direct function calls, that are deprecated as of OpenSSL 3.0.
The reason is that we require the ability to store the internal state of
hash operations to disk. This is no longer possible with the
architecture that is used by the EVP digests; it is, however, possible
when using the legacy methods.
There might be a way to do this more cleanly in OpenSSL 3.1 - but for
the moment this seems like the easiest solution - even though I am not
really happy about it.
For details see zeek/zeek#1379 and openssl/openssl#14222
* origin/topic/timw/1620-unprocessed-packets:
Added plugin.unprocessed_packet_hook btest
Fix whitespace in help output
Add command-line option to write unprocessed packets to a file
GH-1620: Add event and plugin hook to track packets not processed
This commit also changes the PcapDumper to automatically flush after
every called to Dump(). This is because pcap_dump has an internal buffer
of some sort that only writes to the file after a set amount of bytes.
When using the new option on a low-traffic network, it might be a while
before you see any packets written since it has to overcome that buffer
limit first.
* topic/AbdelSaTd/case-insensitive-find:
testing-do-find-str_case-insensitive
case-insensitive-search-features-for-do_find_str
I did a few small style-fixes while merging this and expanded the test
a bit. I also removed unecessary commits.
Closes GH-1828
* origin/topic/robin/gh-1757-loadfile2:
Tweaking a couple of debug message.
Add new hook `HookLoadFileExtended` that allows plugins to supply Zeek script code to parse.
Move logic to execute `HookLoadFile` for signatures into rule matcher code.
