Jan
Jan
So far, Zeek assumes to deal with Ethernet II frames when handling VLAN tags. Actually, VLAN tags can be inserted in all Ethernet frame types including LLC and SNAP. While...
Looking at the broker debug output, it seems some of the output for logging is truncated. **Steps to reproduce:** 1. In `testing/btest/broker/remote_log.zeek` add `-B broker` to the invocations of Zeek...
As far as I can tell the current design allows only a single `ext_func` per `Log::Filter`. This may result in a conflict if multiple packages try to use this feature...
While this works in script-land, calls to `InstantiateAnalyzer` in C++ will not pick up the new [replaced] analyzer, for example: https://github.com/zeek/zeek/blob/13fde341d25302f46901693a05d191591781c6ea/src/analyzer/protocol/smtp/SMTP.cc#L388 In my case, I had to use the new...
The current API allows to forward data from Spicy analyzers using the following functions: * `protocol_begin` / `protocol_handle_get_or_create` * `protocol_data_in` / `protocol_gap` * `protocol_end` / `protocol_handle_close` These functions work with...
As mentioned in https://github.com/zeek/zeek-af_packet-plugin/issues/60#issuecomment-1518194023, it might make sense to expose the complete VLAN TCI including PCP and DEI. Currently, this information is dropped at the analyzer-level.
Reproducer: ``` module Test; public type Foo = unit { x: bitfield(8) { a: 0..3 &convert=($$ == 2); b: 4..7; }; on %done { print self; } }; ``` The...
In some situations it could be handy for field hooks to have access to the original value before a `&convert` takes place. One example I encountered would be parsing a...
I was trying to adapt the [example](https://docs.zeek.org/projects/spicy/en/latest/programming/parsing.html#unit-parameters) for using `inout` parameters with basic types from the docs to use a unit variable instead of a global: ``` module Test; type...
I have some external project that uses Zeek's `FindBroker.cmake` to link against broker. With the current zeek master the build stopped working. Configure exists with the following error: ``` CMake...