Open
Conversation
…onymizer' * origin/topic/timw/2505-deprecate-md5-anonymizer: Add new btest for IP anonymizer coverage Make the anonymizer bif docs more descriptive/helpful Member variable cleanup in AnonymizeIPAddr_A50 Lazily initialize the keys for HMAC-MD5 Deprecate MD5 IP anonymizers, add SHA256 versions Add SHA256 hmac methods, BIF, keys, etc Remove superfluous internal_md5() utility method
There are Brokerisms in several places of the framework, so we need to switch the cluster backend back for now.
…-certificate-logging' * origin/topic/johanna/ssl-protocol-error-certificate-logging: Fix ssl certificate logging when encountering protocol errors
SHA256 is now commonly used for IOCs. See GH-5077 for details.
…256' * origin/topic/johanna/hash-all-files-sha256: Add SHA256 to hash-all-files policy script
In the original discussion [1], they used 'doc/**', but the docs now show 'doc/*'. Try the former and if it works I'll update their documentation. [1] cirruslabs/cirrus-ci-docs#873 (comment)
…tar-changes-only-include' * origin/topic/awelzel/cirrus-ci-double-star-changes-only-include: cirrus: Try double star matching for changesIncludeOnly()
* topic/christian/management-framework-broker: Bump zeek-testing-cluster to pull in docker-compose modernization Management framework: explicitly use Broker for now
…ests-for-zam' * origin/topic/timw/skip-anonymization-btests-for-zam: Fix FuncInfo flag for ZAM for anonymize_addr BIF
I had a docs build that was spinning 2 processes without stopping. I went
in with pyspy and found this:
```
Thread 0x204D3A200 (active+gil): "MainThread"
<...>
_entries_from_toctree (sphinx/environment/adapters/toctree.py:161)
resolve (sphinx/environment/adapters/toctree.py:238)
get_and_resolve_doctree (sphinx/environment/__init__.py:595)
_write_parallel (sphinx/builders/__init__.py:612)
<...>
main (sphinx/cmd/build.py:315)
<module> (sphinx-build:8)
```
Then, I asked Gemini to find a circular dependency in docs and it found
one about 6-TOC long here. Change it in case it ever comes up again.
I don't know a better way to try to find the TOC circular dependency.
* origin/topic/etyp/toc-circular-dependency: Attempt to fix circular TOC dependency in docs
* origin/topic/bbannier/bump-spicy: Bump auxil/spicy to latest development snapshot
…master' * origin/topic/timw/update-submodules-to-master: Update c-ares to v1.34.6 Update expected-lite submodule to latest release Update submodules to master versions [nomail]
Some public classes were depending on `NDEBUG` emit different members or methods. This meant that classes had a different API and ABI depending on whether the user code was built in debug mode or not, and even not using the conditional fields could lead to random failures in user code. The correct approach would have been to use a Zeek-specific preprocessor variable so the Zeek ABI depends on the way Zeek itself was built, and not how the user code was. It seems the affected fields were not really used anymore, so this patch simply removes them. Since we now unconditionally emit debug functions we also need to unconditionally emit declarations used in the signatures of these types. Closes #5120.
We also fix a bug in how we declared the C++ enum for the `AnalyzerType` HILTI enum, and expanded tests for its behavior.
The detect-protocols script tracks confirmed protocols analyzers for connections and raises notices for detected protocols and servers. It doesn't honor analyzer violation events, however, and so in the case where a HTTP client connects to an SSH server, the HTTP request results in an analyzer confirmation, but the SSH identification string from the server tickles a violation. However, previously Zeek raised notices about an HTTP server running on port 22 despite the analyzer clearly indicating a violation. Closes #5204
…ation' * origin/topic/awelzel/5204-dpd-http-violation: analyzer/detect-protocols: Honor analyzer_failed()
* origin/topic/timw/windows-btest-fixups: Skip some tests on Windows that hang indefinitely Add note about running btests on Windows
…ndows-btest' * origin/topic/timw/disable-additional-windows-btest: Fix ZAM CI btest failure from previous Windows changes Disable an additional btest on Windows
Generally Spicy's new struct field optimization is safe in terms of only removing fields that aren't used anywhere, including inside the generated Zeek glue code. There's one exception however: when we pass a struct instance to Zeek through `to_val()`, the Spicy optimizer can't tell that all the fields are required on the receiving side (because the Zeek-side layout is statically determined, either from the Spicy-side type (if using EVT `export`), or by the Zeek user creating the corresponding `record` manually). In other words, we need to tell Spicy not to mess with structs that are passed wholesale through `to_val()`. This change adds corresponding HILTI-side `export` declarations for all types that go, directly or indirectly, through `to_val()`. Internally that needs some care because we can determine the relevant types only once our glue code has been created and fully resolved.
* origin/topic/robin/remove-unused-fields: Update Spicy integration for new struct field optimization.
For shunting, there is a problem when finding out how to unshunt. We want to use timeouts, but then clusters have issues determining who unshunts what. We do not want to stop the world to clean up the shunt map. Instead, this adds a new feature to Zeek: the ability to prevent a timeout based on external criteria. Then, shunting can rely entirely on Zeek's timeout timers, just hooking in to say "no don't timeout this connection yet, the BPF map says it's still getting shunted packets." This could be generally useful, like when sharing data between Zeek and some other monitoring system. Those are theoretical, though.
* origin/topic/etyp/prevent-timeouts: Add a hook to prevent timeouts
...and leave a note about the libkqueue/epoll fix that made it into 8.8.0. Seems PF_RING is well and alive, so would definitely keep this section around.
* origin/topic/awelzel/doc-pf-ring-update: cluster/pf_ring: Update instructions to use 9.2.0
* maor/ms/windows/build: make build pass on windows
- Replace `sleep` and `usleep` with `sleep_for` - Replace `ssize_t` with `ptrdiff_t` - Replace `pid_t` with `int` - Replace uses of `cwd` & co with `std::filesystem` - Remove `unistd.h` includes where they aren't actually needed
* origin/topic/neverlord/unistd: Remove trivial uses for unistd.h
* origin/topic/awelzel/doc-devel-cluster: doc/devel/cluster: Add overview for cluster architecture doc: Move ZeroMQ notes into devel/cluster/backend devel/websocket-api: Fix anchor
* origin/topic/timw/update-btest: Update btest submodule [nomail]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )