Move reassembler code to namespaces

src/Frag.cc

@@ -9,8 +9,10 @@
 #include "Sessions.h"
 #include "Reporter.h"
 
-#define MIN_ACCEPTABLE_FRAG_SIZE 64
+constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64;
-#define MAX_ACCEPTABLE_FRAG_SIZE 64000
+constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000;
+
+namespace zeek::detail {
 
 FragTimer::~FragTimer()
 	{
@@ -332,3 +334,5 @@ void FragReassembler::DeleteTimer()
 		expire_timer = nullptr;	// timer manager will delete it
 		}
 	}
+
+} // namespace zeek::detail

src/Frag.h

@@ -13,11 +13,10 @@
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
+ZEEK_FORWARD_DECLARE_NAMESPACED(FragReassembler, zeek::detail);
+ZEEK_FORWARD_DECLARE_NAMESPACED(FragTimer, zeek::detail);
 
-class FragReassembler;
+namespace zeek::detail {
-class FragTimer;
-
-typedef void (FragReassembler::*frag_timer_func)(double t);
 
 using FragReassemblerKey = std::tuple<zeek::IPAddr, zeek::IPAddr, bro_uint_t>;
 
@@ -67,3 +66,5 @@ public:
 protected:
 	FragReassembler* f;
 };
+
+} // namespace zeek::detail

src/IP.h

@@ -19,8 +19,7 @@
 ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
-
+ZEEK_FORWARD_DECLARE_NAMESPACED(FragReassembler, zeek::detail);
-class FragReassembler;
 
 namespace zeek {
 using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
@@ -243,7 +242,7 @@ public:
 protected:
 	// for access to protected ctor that changes next header values that
 	// point to a fragment
-	friend class ::FragReassembler;
+	friend class detail::FragReassembler;
 
 	IPv6_Hdr_Chain() = default;
 

src/Reassem.cc

@@ -9,6 +9,8 @@
 
 using std::min;
 
+namespace zeek {
+
 uint64_t Reassembler::total_size = 0;
 uint64_t Reassembler::sizes[REASSEM_NUM];
 
@@ -384,3 +386,5 @@ uint64_t Reassembler::MemoryAllocation(ReassemblerType rtype)
 	{
 	return Reassembler::sizes[rtype];
 	}
+
+} // namespace zeek

src/Reassem.h

@@ -11,6 +11,8 @@
 #include <sys/types.h> // for u_char
 #include <cstdint>
 
+namespace zeek {
+
 // Whenever subclassing the Reassembler class
 // you should add to this for known subclasses.
 enum ReassemblerType {
@@ -314,3 +316,17 @@ protected:
 	static uint64_t total_size;
 	static uint64_t sizes[REASSEM_NUM];
 };
+
+} // namespace zeek
+
+using ReassemblerType [[deprecated("Remove in v4.1. Use zeek::ReassemblerType.")]] = zeek::ReassemblerType;
+constexpr auto REASSEM_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::REASSEM_UNKNOWN.")]] = zeek::REASSEM_UNKNOWN;
+constexpr auto REASSEM_TCP [[deprecated("Remove in v4.1. Use zeek::REASSEM_TCP.")]] = zeek::REASSEM_TCP;
+constexpr auto REASSEM_FRAG [[deprecated("Remove in v4.1. Use zeek::REASSEM_FRAG.")]] = zeek::REASSEM_FRAG;
+constexpr auto REASSEM_FILE [[deprecated("Remove in v4.1. Use zeek::REASSEM_FILE.")]] = zeek::REASSEM_FILE;
+constexpr auto REASSEM_NUM [[deprecated("Remove in v4.1. Use zeek::REASSEM_NUM.")]] = zeek::REASSEM_NUM;
+
+using DataBlock [[deprecated("Remove in v4.1. Use zeek::DataBlock.")]] = zeek::DataBlock;
+using DataBlockMap [[deprecated("Remove in v4.1. Use zeek::DataBlockMap.")]] = zeek::DataBlockMap;
+using DataBlockList [[deprecated("Remove in v4.1. Use zeek::DataBlockList.")]] = zeek::DataBlockList;
+using Reassembler [[deprecated("Remove in v4.1. Use zeek::Reassembler.")]] = zeek::Reassembler;

src/Sessions.cc

@@ -285,7 +285,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
 	if ( discarder && discarder->NextPacket(ip_hdr, len, caplen) )
 		return;
 
-	FragReassembler* f = nullptr;
+	detail::FragReassembler* f = nullptr;
 
 	if ( ip_hdr->IsFragment() )
 		{
@@ -901,21 +901,21 @@ bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
 	return false;
 	}
 
-FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip,
+detail::FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip,
                                                    const u_char* pkt)
 	{
 	uint32_t frag_id = ip->ID();
 
-	FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id);
+	detail::FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id);
 
-	FragReassembler* f = nullptr;
+	detail::FragReassembler* f = nullptr;
 	auto it = fragments.find(key);
 	if ( it != fragments.end() )
 		f = it->second;
 
 	if ( ! f )
 		{
-		f = new FragReassembler(this, ip, pkt, key, t);
+		f = new detail::FragReassembler(this, ip, pkt, key, t);
 		fragments[key] = f;
 		if ( fragments.size() > stats.max_fragments )
 			stats.max_fragments = fragments.size();
@@ -1052,7 +1052,7 @@ void NetSessions::Remove(Connection* c)
 		}
 	}
 
-void NetSessions::Remove(FragReassembler* f)
+void NetSessions::Remove(detail::FragReassembler* f)
 	{
 	if ( ! f )
 		return;

src/Sessions.h

@@ -59,7 +59,7 @@ public:
 
 	// Returns a reassembled packet, or nil if there are still
 	// some missing fragments.
-	FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip,
+	detail::FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip,
 	                                      const u_char* pkt);
 
 	// Looks up the connection referred to by the given Val,
@@ -68,7 +68,7 @@ public:
 	Connection* FindConnection(zeek::Val* v);
 
 	void Remove(Connection* c);
-	void Remove(FragReassembler* f);
+	void Remove(detail::FragReassembler* f);
 
 	void Insert(Connection* c);
 
@@ -177,7 +177,7 @@ protected:
 	friend class detail::IPTunnelTimer;
 
 	using ConnectionMap = std::map<zeek::detail::ConnIDKey, Connection*>;
-	using FragmentMap = std::map<FragReassemblerKey, FragReassembler*>;
+	using FragmentMap = std::map<detail::FragReassemblerKey, detail::FragReassembler*>;
 
 	Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
 			const u_char* data, int proto, uint32_t flow_label,

src/analyzer/protocol/tcp/TCP_Reassembler.cc

@@ -23,7 +23,7 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer,
                                  TCP_Analyzer* arg_tcp_analyzer,
                                  TCP_Reassembler::Type arg_type,
                                  TCP_Endpoint* arg_endp)
-	: Reassembler(1, REASSEM_TCP)
+	: zeek::Reassembler(1, zeek::REASSEM_TCP)
 	{
 	dst_analyzer = arg_dst_analyzer;
 	tcp_analyzer = arg_tcp_analyzer;
@@ -348,7 +348,7 @@ void TCP_Reassembler::RecordToSeq(uint64_t start_seq, uint64_t stop_seq, const z
 			RecordGap(last_seq, stop_seq, f);
 	}
 
-void TCP_Reassembler::RecordBlock(const DataBlock& b, const zeek::FilePtr& f)
+void TCP_Reassembler::RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& f)
 	{
 	if ( f->Write((const char*) b.block, b.Size()) )
 		return;
@@ -378,7 +378,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, const ze
 		);
 	}
 
-void TCP_Reassembler::BlockInserted(DataBlockMap::const_iterator it)
+void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it)
 	{
 	const auto& start_block = it->second;
 

src/analyzer/protocol/tcp/TCP_Reassembler.h

@@ -13,7 +13,7 @@ namespace analyzer::tcp {
 
 class TCP_Analyzer;
 
-class TCP_Reassembler final : public Reassembler {
+class TCP_Reassembler final : public zeek::Reassembler {
 public:
 	enum Type {
 		Direct,		// deliver to destination analyzer itself
@@ -89,10 +89,10 @@ private:
 	void Gap(uint64_t seq, uint64_t len);
 
 	void RecordToSeq(uint64_t start_seq, uint64_t stop_seq, const zeek::FilePtr& f);
-	void RecordBlock(const DataBlock& b, const zeek::FilePtr& f);
+	void RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& f);
 	void RecordGap(uint64_t start_seq, uint64_t upper_seq, const zeek::FilePtr& f);
 
-	void BlockInserted(DataBlockMap::const_iterator it) override;
+	void BlockInserted(zeek::DataBlockMap::const_iterator it) override;
 	void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override;
 
 	TCP_Endpoint* endp;

src/file_analysis/FileReassembler.cc

@@ -8,12 +8,12 @@ namespace file_analysis {
 class File;
 
 FileReassembler::FileReassembler(File *f, uint64_t starting_offset)
-	: Reassembler(starting_offset, REASSEM_FILE), the_file(f), flushing(false)
+	: zeek::Reassembler(starting_offset, zeek::REASSEM_FILE), the_file(f), flushing(false)
 	{
 	}
 
 FileReassembler::FileReassembler()
-	: Reassembler(), the_file(nullptr), flushing(false)
+	: zeek::Reassembler(), the_file(nullptr), flushing(false)
 	{
 	}
 
@@ -50,7 +50,7 @@ uint64_t FileReassembler::FlushTo(uint64_t sequence)
 	return rval;
 	}
 
-void FileReassembler::BlockInserted(DataBlockMap::const_iterator it)
+void FileReassembler::BlockInserted(zeek::DataBlockMap::const_iterator it)
 	{
 	const auto& start_block = it->second;
 

src/file_analysis/FileReassembler.h

@@ -11,7 +11,7 @@ namespace file_analysis {
 
 class File;
 
-class FileReassembler final : public Reassembler {
+class FileReassembler final : public zeek::Reassembler {
 public:
 
 	FileReassembler(File* f, uint64_t starting_offset);
@@ -51,7 +51,7 @@ protected:
 	FileReassembler();
 
 	void Undelivered(uint64_t up_to_seq) override;
-	void BlockInserted(DataBlockMap::const_iterator it) override;
+	void BlockInserted(zeek::DataBlockMap::const_iterator it) override;
 	void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override;
 
 	File* the_file;

src/stats.bif

@@ -220,10 +220,10 @@ function get_reassembler_stats%(%): ReassemblerStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(ReassemblerStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FILE)));
+	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FILE)));
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FRAG)));
+	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FRAG)));
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_TCP)));
+	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_TCP)));
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_UNKNOWN)));
+	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN)));
 
 	return r;
 	%}