diff --git a/src/Frag.cc b/src/Frag.cc index 85a817735c..61bde3e0a2 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -9,8 +9,10 @@ #include "Sessions.h" #include "Reporter.h" -#define MIN_ACCEPTABLE_FRAG_SIZE 64 -#define MAX_ACCEPTABLE_FRAG_SIZE 64000 +constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64; +constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000; + +namespace zeek::detail { FragTimer::~FragTimer() { @@ -332,3 +334,5 @@ void FragReassembler::DeleteTimer() expire_timer = nullptr; // timer manager will delete it } } + +} // namespace zeek::detail diff --git a/src/Frag.h b/src/Frag.h index 6d72fa061d..f2f9792956 100644 --- a/src/Frag.h +++ b/src/Frag.h @@ -13,11 +13,10 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(FragReassembler, zeek::detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(FragTimer, zeek::detail); -class FragReassembler; -class FragTimer; - -typedef void (FragReassembler::*frag_timer_func)(double t); +namespace zeek::detail { using FragReassemblerKey = std::tuple; @@ -67,3 +66,5 @@ public: protected: FragReassembler* f; }; + +} // namespace zeek::detail diff --git a/src/IP.h b/src/IP.h index 6bce8bbaf5..66275524e0 100644 --- a/src/IP.h +++ b/src/IP.h @@ -19,8 +19,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek); - -class FragReassembler; +ZEEK_FORWARD_DECLARE_NAMESPACED(FragReassembler, zeek::detail); namespace zeek { using RecordValPtr = zeek::IntrusivePtr; @@ -243,7 +242,7 @@ public: protected: // for access to protected ctor that changes next header values that // point to a fragment - friend class ::FragReassembler; + friend class detail::FragReassembler; IPv6_Hdr_Chain() = default; diff --git a/src/Reassem.cc b/src/Reassem.cc index 35b9053403..f9c5983e3d 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -9,6 +9,8 @@ using std::min; +namespace zeek { + uint64_t Reassembler::total_size = 0; uint64_t Reassembler::sizes[REASSEM_NUM]; @@ -384,3 +386,5 @@ uint64_t Reassembler::MemoryAllocation(ReassemblerType rtype) { return Reassembler::sizes[rtype]; } + +} // namespace zeek diff --git a/src/Reassem.h b/src/Reassem.h index d46cbc7679..57a3fcc33f 100644 --- a/src/Reassem.h +++ b/src/Reassem.h @@ -11,6 +11,8 @@ #include // for u_char #include +namespace zeek { + // Whenever subclassing the Reassembler class // you should add to this for known subclasses. enum ReassemblerType { @@ -314,3 +316,17 @@ protected: static uint64_t total_size; static uint64_t sizes[REASSEM_NUM]; }; + +} // namespace zeek + +using ReassemblerType [[deprecated("Remove in v4.1. Use zeek::ReassemblerType.")]] = zeek::ReassemblerType; +constexpr auto REASSEM_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::REASSEM_UNKNOWN.")]] = zeek::REASSEM_UNKNOWN; +constexpr auto REASSEM_TCP [[deprecated("Remove in v4.1. Use zeek::REASSEM_TCP.")]] = zeek::REASSEM_TCP; +constexpr auto REASSEM_FRAG [[deprecated("Remove in v4.1. Use zeek::REASSEM_FRAG.")]] = zeek::REASSEM_FRAG; +constexpr auto REASSEM_FILE [[deprecated("Remove in v4.1. Use zeek::REASSEM_FILE.")]] = zeek::REASSEM_FILE; +constexpr auto REASSEM_NUM [[deprecated("Remove in v4.1. Use zeek::REASSEM_NUM.")]] = zeek::REASSEM_NUM; + +using DataBlock [[deprecated("Remove in v4.1. Use zeek::DataBlock.")]] = zeek::DataBlock; +using DataBlockMap [[deprecated("Remove in v4.1. Use zeek::DataBlockMap.")]] = zeek::DataBlockMap; +using DataBlockList [[deprecated("Remove in v4.1. Use zeek::DataBlockList.")]] = zeek::DataBlockList; +using Reassembler [[deprecated("Remove in v4.1. Use zeek::Reassembler.")]] = zeek::Reassembler; diff --git a/src/Sessions.cc b/src/Sessions.cc index 441a5381f4..46690b080a 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -285,7 +285,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP if ( discarder && discarder->NextPacket(ip_hdr, len, caplen) ) return; - FragReassembler* f = nullptr; + detail::FragReassembler* f = nullptr; if ( ip_hdr->IsFragment() ) { @@ -901,21 +901,21 @@ bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen, return false; } -FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip, - const u_char* pkt) +detail::FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip, + const u_char* pkt) { uint32_t frag_id = ip->ID(); - FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id); + detail::FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id); - FragReassembler* f = nullptr; + detail::FragReassembler* f = nullptr; auto it = fragments.find(key); if ( it != fragments.end() ) f = it->second; if ( ! f ) { - f = new FragReassembler(this, ip, pkt, key, t); + f = new detail::FragReassembler(this, ip, pkt, key, t); fragments[key] = f; if ( fragments.size() > stats.max_fragments ) stats.max_fragments = fragments.size(); @@ -1052,7 +1052,7 @@ void NetSessions::Remove(Connection* c) } } -void NetSessions::Remove(FragReassembler* f) +void NetSessions::Remove(detail::FragReassembler* f) { if ( ! f ) return; diff --git a/src/Sessions.h b/src/Sessions.h index 5fa1e5505f..138801ce38 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -59,8 +59,8 @@ public: // Returns a reassembled packet, or nil if there are still // some missing fragments. - FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip, - const u_char* pkt); + detail::FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip, + const u_char* pkt); // Looks up the connection referred to by the given Val, // which should be a conn_id record. Returns nil if there's @@ -68,7 +68,7 @@ public: Connection* FindConnection(zeek::Val* v); void Remove(Connection* c); - void Remove(FragReassembler* f); + void Remove(detail::FragReassembler* f); void Insert(Connection* c); @@ -177,7 +177,7 @@ protected: friend class detail::IPTunnelTimer; using ConnectionMap = std::map; - using FragmentMap = std::map; + using FragmentMap = std::map; Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id, const u_char* data, int proto, uint32_t flow_label, diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 101e1dc93b..23e4c90dc2 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -23,7 +23,7 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer, TCP_Analyzer* arg_tcp_analyzer, TCP_Reassembler::Type arg_type, TCP_Endpoint* arg_endp) - : Reassembler(1, REASSEM_TCP) + : zeek::Reassembler(1, zeek::REASSEM_TCP) { dst_analyzer = arg_dst_analyzer; tcp_analyzer = arg_tcp_analyzer; @@ -348,7 +348,7 @@ void TCP_Reassembler::RecordToSeq(uint64_t start_seq, uint64_t stop_seq, const z RecordGap(last_seq, stop_seq, f); } -void TCP_Reassembler::RecordBlock(const DataBlock& b, const zeek::FilePtr& f) +void TCP_Reassembler::RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& f) { if ( f->Write((const char*) b.block, b.Size()) ) return; @@ -378,7 +378,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, const ze ); } -void TCP_Reassembler::BlockInserted(DataBlockMap::const_iterator it) +void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it) { const auto& start_block = it->second; diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index fb4ee93b52..553ae29f8c 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -13,7 +13,7 @@ namespace analyzer::tcp { class TCP_Analyzer; -class TCP_Reassembler final : public Reassembler { +class TCP_Reassembler final : public zeek::Reassembler { public: enum Type { Direct, // deliver to destination analyzer itself @@ -89,10 +89,10 @@ private: void Gap(uint64_t seq, uint64_t len); void RecordToSeq(uint64_t start_seq, uint64_t stop_seq, const zeek::FilePtr& f); - void RecordBlock(const DataBlock& b, const zeek::FilePtr& f); + void RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& f); void RecordGap(uint64_t start_seq, uint64_t upper_seq, const zeek::FilePtr& f); - void BlockInserted(DataBlockMap::const_iterator it) override; + void BlockInserted(zeek::DataBlockMap::const_iterator it) override; void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override; TCP_Endpoint* endp; diff --git a/src/file_analysis/FileReassembler.cc b/src/file_analysis/FileReassembler.cc index d42acb5301..629f366de8 100644 --- a/src/file_analysis/FileReassembler.cc +++ b/src/file_analysis/FileReassembler.cc @@ -8,12 +8,12 @@ namespace file_analysis { class File; FileReassembler::FileReassembler(File *f, uint64_t starting_offset) - : Reassembler(starting_offset, REASSEM_FILE), the_file(f), flushing(false) + : zeek::Reassembler(starting_offset, zeek::REASSEM_FILE), the_file(f), flushing(false) { } FileReassembler::FileReassembler() - : Reassembler(), the_file(nullptr), flushing(false) + : zeek::Reassembler(), the_file(nullptr), flushing(false) { } @@ -50,7 +50,7 @@ uint64_t FileReassembler::FlushTo(uint64_t sequence) return rval; } -void FileReassembler::BlockInserted(DataBlockMap::const_iterator it) +void FileReassembler::BlockInserted(zeek::DataBlockMap::const_iterator it) { const auto& start_block = it->second; diff --git a/src/file_analysis/FileReassembler.h b/src/file_analysis/FileReassembler.h index 55b53530e7..5113981e18 100644 --- a/src/file_analysis/FileReassembler.h +++ b/src/file_analysis/FileReassembler.h @@ -11,7 +11,7 @@ namespace file_analysis { class File; -class FileReassembler final : public Reassembler { +class FileReassembler final : public zeek::Reassembler { public: FileReassembler(File* f, uint64_t starting_offset); @@ -51,7 +51,7 @@ protected: FileReassembler(); void Undelivered(uint64_t up_to_seq) override; - void BlockInserted(DataBlockMap::const_iterator it) override; + void BlockInserted(zeek::DataBlockMap::const_iterator it) override; void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override; File* the_file; diff --git a/src/stats.bif b/src/stats.bif index 34f131c4cf..86d2350e0e 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -220,10 +220,10 @@ function get_reassembler_stats%(%): ReassemblerStats auto r = zeek::make_intrusive(ReassemblerStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FILE))); - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FRAG))); - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_TCP))); - r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_UNKNOWN))); + r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FILE))); + r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FRAG))); + r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_TCP))); + r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN))); return r; %}