vpax
vpax
`@conditional`'s are treated as statements in Zeek's grammar. (I imagine they're parsed, rather than dealt with by the lexer, because they can include expressions that require parsing.) This leads to...
We keep running into situations where it would be handy to have two different notions of ordering associated with sets and tables. One type of ordering is "insertion order", meaning...
Packet feeds that ultimately gather packets from multiple physical taps can wind up introducing fine-time-scale reordering across packets, leading to spurious confusion about TCP handshakes or acks for unseen data....
I realize this might not be feasible resource-wise, but here's the wish: often in large environments, packet capture winds up with multiple copies of packets, for example from inside of...
Per the discussion in https://github.com/zeek/zeek/pull/2087, it might make sense to generalize the `StartInvocation()`/`EndInvocation()` approach used for script profiling to allow other hooking into script execution. For example, you could imagine...
The purpose of [this test](https://github.com/zeek/zeek/blob/9b184c3d4afc82ae4ea6ab3065f37de5f4dd6604/testing/btest/scripts/base/frameworks/logging/field-extension-table.zeek) isn't fully clear. Presumably it's to detect the erroneous case of adding a non-loggable field with a `&log` framework. Per [the test's baseline](https://github.com/zeek/zeek/blob/9b184c3d4afc82ae4ea6ab3065f37de5f4dd6604/testing/btest/Baseline/scripts.base.frameworks.logging.field-extension-table/.stderr), however, it...
https://docs.zeek.org/en/current/script-reference/types.html#type-table mentions that tables can be indexed using patterns, such as `table[pattern] of T`, but it doesn't describe the associated semantics. As best as I can tell, these aren't documented...
https://github.com/zeek/zeek/blob/686eb54f9590fb491582f1bab10b754c9bd419fc/testing/btest/bifs/table_values.zeek#L8 constructs a complex table using: > table( ["web"] = { [80/tcp, "http"], [443/tcp, "https"] }, ["login"] = { [21/tcp, "ftp"], [23/tcp, "telnet"] }); If you print the type of...
I have a `zeek_init` that tries to create a directory to use to stash some data later. In some configurations, this fails, which is okay and there's logic in the...
The following script: ``` global s = set(1, 3, 5); global t: table[count] of count &redef; redef t += { s = 5 }; ``` produces: ``` Assertion failed: (idx_expr->Tag()...