[pull] master from zeek:master #1027
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
* origin/topic/awelzel/ctu-sme-11-vm-win7ad: zeek-testing: Add Experiment-VM-Microsoft-Windows7AD-1 PCAP and baselines
...and remove from NetVar, seems left-over.
* origin/topic/vern/zam-pattern-comparison: update of BTest that tracks number of (and validates) ZAM operations ZAM support for pattern equality/inequality operations expanded ZAM operations for bit-shifting to allow for int/count shift values added type coercion for bit-shifting expressions
* origin/topic/vern/ZAM-empty-hook-opt: ZAM optimization now removes hook calls to hooks without any bodies
* origin/topic/vern/script-opt-keep-asserts:
ZAM documentation updates for asserts and event handler run-time errors
BTest updates for ZAM support of (optionally) keeping "assert" statements
command-line options for controlling script optimization: keeping asserts, avoiding event handler coalescence
ZAM support for option to not coalesce event handlers
ZAM support for keeping "assert" statements
internal support for script optimization options for keeping asserts, not consolidating event handlers
ZAM operations to support asserts
simplified "assert" by not trying to catch messages that themselves have errors
Fixed some TEST-REQUIRES "${ZEEK_ZAM}" == "1" to use "=" instead to
be /bin/sh compatible.
…sembler-ports' * origin/topic/awelzel/deprecate-tcp-reassembler-ports: init-bare: Deprecate tcp_reassembler_ports
* origin/topic/vern/zam-assert-fix: fix for ZAM "assert" statements potentially evaluating invalid expressions
This was just done via sed. There's a number of files that don't have a license entry at all.
This analyzer can be used to transport raw stream data for a given connection to the script layer. For example, adding this analyzer into the HTTP::upgrade_analyzer or using it to configure a child WebSocket analyzer allows to get access to the raw stream data in script land when no more appropriate protocol analyzer is available.
…content-type' * origin/topic/awelzel/4068-http-upgrade-content-type: btest/http: Demo StreamEvent analyzer with HTTP::upgrade_analyzers protocol: Add StreamEvent analyzer
This adds re-peering at the Broker level for peers that Broker decided to unpeer. We keep this at the Broker level since this behavior is specific to it (as opposed to other cluster backends). Includes baseline updates for btests that pick up on the new script's @load.
This translates backend-specific node identifiers (like Broker IDs) to cluster nodes and their names, if available.
This module is loaded by the telemetry framework, which we're now loading via the cluster framework, i.e. also in bare mode. The resulting additional thread (for creating reporter.log) trips up a number of btest baselines. version.zeek doesn't use any of the string helper functions.
…etry
This adds a Broker-specific script to the cluster framework, loaded only when
Zeek is running in cluster mode. It adds logging in cluster.log as well as
telemetry via a metrics counter for Broker-observed backpressure disconnects.
The new zeek_broker_backpressure_disconnects counter, labeled by the neighboring
peer that the reporting node has determined to be unresponsive, counts the
number of unpeerings for this reason.
Here the node "worker" has observed node "proxy" falling behind once:
# HELP zeek_broker_backpressure_disconnects_total Number of Broker peering drops due to a neighbor falling too far behind in message I/O
# TYPE zeek_broker_backpressure_disconnects_total counter
zeek_broker_backpressure_disconnects_total{endpoint="worker",peer="proxy"} 1
Includes small btest baseline update to reflect @load of a new script.
also preserves type names (useful for -O gen-C++)
…rather than aggregate profile
This appears to have been broken by feec451.
* origin/topic/timw/non-routeable-subnets: Update zeekctl submodule [nomail]
* topic/timw/add-security-md: Add SECURITY.md, pointing at the website
…ludes' * origin/topic/bbannier/fix-spicy-ssl-includes: Fix incomplete includes in Spicy SSL analyer C++ code
This commit addresses review feedback for DH-4155. Furthermore it fixes test failures, and adds a new test for the is_event_handled bif.
There's two instances of WriterBackend::WriterInfo for a given writer. One in Manager::WriterInfo that's accessible via stream.writers and a copy within WriterFrontend. Commit 78999d1 switched to use the address of the frontend's info instance for HookLogWrite() invocations, breaking users using the address for identification purposes.
If a plugin provides a write hook, the invocation for HookLogWrite() would redo looking up the writer's name from the enum value and instantiating a new std::string instance for every write. Avoid doing this.
…-redef' * origin/topic/vern/C++-standalone-record-redef: support for record extensions when using -O gen-standalone-C++
* origin/topic/johanna/gh-4061: Update BiF-tracking, add is_event_handled Address review comments and small updates for DNS warnings Raise warnings when for DNS events that are not raised due to dns_skip_all_addl
…-logging-hooks' * origin/topic/awelzel/fix-writer-info-in-logging-hooks: logging: Fix reporter message logging: Avoid repeated writer name lookups for plugin hooks logging: Fix HookLogInit() and HookLogWrite() info usage
Instead of a separate bool field which is also stored in the session table, promote the transport field to uint16_t and encode an invalid ConnKey as transport 2**16-2
Check if the non-default fields exist using HasField() and use GetField() for proto such that it'll initialize the default value which GetFieldAs<> doesn't do. default
…=65535 We silently broke users constructing conn_id records manually and subsequently using them with lookup_connection() or connection_exists(). This is an attempt to at least report a runtime error about the situation so it doesn't go completely unnoticed.
* origin/topic/vern/standalone-lambdas: fixes for -O gen-standalone-C++ generation of lambdas
…tweaks' * origin/topic/awelzel/lookup-connection-tweaks: session/Manager: Emit explicit errors for FindConnection() with proto=65535 IPAddr/ConnKey: Protect from uninitialized conn_id IPAddr/ConnKey: Promote transport to uint16_t session/Manager: Header cleanup
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )