mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
f97a33e14d
The logging manager's Manager::TraverseRecord(), called when adding a log filter to a stream, skipped any fields intoduced by a filter's $ext_func when such fields weren't mentioned in a $include restriction or mentioned in an $exclude restriction. This was inconsistent with Manager::RecordToFilterVals, used when actually writing log entries, which does include those values. The result was that the record indices descent in Manager::RecordToFilterVals expects to find only record values, when in fact only the record provided by ext_func is present. This leads to type mismatches and hard Zeek exits like this one: 1300475173.475401 fatal error in zeek/share/zeek//base/init-bare.zeek, line 4810: Val::CONVERTER (string/record) (zeek) The fix makes ext_func's field additions decisive, meaning the filter's include/exclude lists don't apply to it. If a user really wants to override this, they can reset the filter's ext_func back to our no-op default. The included btest produces the above error when the fix is not present. |
||
|---|---|---|
| .. | ||
| files | ||
| frameworks | ||
| misc | ||
| protocols | ||
| utils | ||