Justin
Justin
Zeek could use this as well, there's a queue in zeek, but it's implemented in the script layer on top of a table: https://github.com/zeek/zeek/blob/master/scripts/base/utils/queue.zeek
It's not a timing thing, those are the wrong parameters for that hook
Could we maybe have an `as?` operator that could work like this ``` type CommonInfo: record { uid: string &log; id: conn_id &log; }; hook Log::log_stream_policy(rec: any, id: Log::ID) {...
Oh, just noticed we have `is` for this, but `rec is CommonInfo` does not work
Interesting, see https://github.com/zeek/zeek/issues/425
A problem here is that while packet loss may be the initial trigger for this issue, this issue then causes high cpu usage, which causes more packet loss and I...
If I'm understanding things correctly, when spicy is looking for a regex like "SMB" to resynchronize, it doesn't search for the regex inside buffered data, but instead tries to match...
For people using things like zeekctl, zeekctl could generate a cluster CA, generate and sign certs for each cluster process, and install them in the right places on each node....
I was mostly thinking of what Robin said: > the default is cert-less, but only until certificates get configured on the Zeek side In that case it really wouldn't be...
When i first started trying to use fuzzers against zeek using pcap files, cap length issues were the main problem it would find. Fuzzing directly using a .pcap file is...