Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Move reassembler code to namespaces

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-07-22 11:49:35 -07:00
parent e3ee1860b8
commit 0355d13099
12 changed files with 59 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Frag.cc
View file

@ -9,8 +9,10 @@
#include "Sessions.h"
#include "Reporter.h"
#define MIN_ACCEPTABLE_FRAG_SIZE 64
#define MAX_ACCEPTABLE_FRAG_SIZE 64000
constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64;
constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000;
namespace zeek::detail {
FragTimer::~FragTimer()
{
@ -332,3 +334,5 @@ void FragReassembler::DeleteTimer()
expire_timer = nullptr; // timer manager will delete it
}
}
} // namespace zeek::detail

9
src/Frag.h
View file

@ -13,11 +13,10 @@
ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(FragReassembler, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(FragTimer, zeek::detail);
class FragReassembler;
class FragTimer;
typedef void (FragReassembler::*frag_timer_func)(double t);
namespace zeek::detail {
using FragReassemblerKey = std::tuple<zeek::IPAddr, zeek::IPAddr, bro_uint_t>;
@ -67,3 +66,5 @@ public:
protected:
FragReassembler* f;
};
} // namespace zeek::detail

5
src/IP.h
View file

@ -19,8 +19,7 @@
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
class FragReassembler;
ZEEK_FORWARD_DECLARE_NAMESPACED(FragReassembler, zeek::detail);
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
@ -243,7 +242,7 @@ public:
protected:
// for access to protected ctor that changes next header values that
// point to a fragment
friend class ::FragReassembler;
friend class detail::FragReassembler;
IPv6_Hdr_Chain() = default;

4
src/Reassem.cc
View file

@ -9,6 +9,8 @@
using std::min;
namespace zeek {
uint64_t Reassembler::total_size = 0;
uint64_t Reassembler::sizes[REASSEM_NUM];
@ -384,3 +386,5 @@ uint64_t Reassembler::MemoryAllocation(ReassemblerType rtype)
{
return Reassembler::sizes[rtype];
}
} // namespace zeek

16
src/Reassem.h
View file

@ -11,6 +11,8 @@
#include <sys/types.h> // for u_char
#include <cstdint>
namespace zeek {
// Whenever subclassing the Reassembler class
// you should add to this for known subclasses.
enum ReassemblerType {
@ -314,3 +316,17 @@ protected:
static uint64_t total_size;
static uint64_t sizes[REASSEM_NUM];
};
} // namespace zeek
using ReassemblerType [[deprecated("Remove in v4.1. Use zeek::ReassemblerType.")]] = zeek::ReassemblerType;
constexpr auto REASSEM_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::REASSEM_UNKNOWN.")]] = zeek::REASSEM_UNKNOWN;
constexpr auto REASSEM_TCP [[deprecated("Remove in v4.1. Use zeek::REASSEM_TCP.")]] = zeek::REASSEM_TCP;
constexpr auto REASSEM_FRAG [[deprecated("Remove in v4.1. Use zeek::REASSEM_FRAG.")]] = zeek::REASSEM_FRAG;
constexpr auto REASSEM_FILE [[deprecated("Remove in v4.1. Use zeek::REASSEM_FILE.")]] = zeek::REASSEM_FILE;
constexpr auto REASSEM_NUM [[deprecated("Remove in v4.1. Use zeek::REASSEM_NUM.")]] = zeek::REASSEM_NUM;
using DataBlock [[deprecated("Remove in v4.1. Use zeek::DataBlock.")]] = zeek::DataBlock;
using DataBlockMap [[deprecated("Remove in v4.1. Use zeek::DataBlockMap.")]] = zeek::DataBlockMap;
using DataBlockList [[deprecated("Remove in v4.1. Use zeek::DataBlockList.")]] = zeek::DataBlockList;
using Reassembler [[deprecated("Remove in v4.1. Use zeek::Reassembler.")]] = zeek::Reassembler;

12
src/Sessions.cc
View file

@ -285,7 +285,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP
if ( discarder && discarder->NextPacket(ip_hdr, len, caplen) )
return;
FragReassembler* f = nullptr;
detail::FragReassembler* f = nullptr;
if ( ip_hdr->IsFragment() )
{
@ -901,21 +901,21 @@ bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
return false;
}
FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip,
detail::FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip,
const u_char* pkt)
{
uint32_t frag_id = ip->ID();
FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id);
detail::FragReassemblerKey key = std::make_tuple(ip->SrcAddr(), ip->DstAddr(), frag_id);
FragReassembler* f = nullptr;
detail::FragReassembler* f = nullptr;
auto it = fragments.find(key);
if ( it != fragments.end() )
f = it->second;
if ( ! f )
{
f = new FragReassembler(this, ip, pkt, key, t);
f = new detail::FragReassembler(this, ip, pkt, key, t);
fragments[key] = f;
if ( fragments.size() > stats.max_fragments )
stats.max_fragments = fragments.size();
@ -1052,7 +1052,7 @@ void NetSessions::Remove(Connection* c)
}
}
void NetSessions::Remove(FragReassembler* f)
void NetSessions::Remove(detail::FragReassembler* f)
{
if ( ! f )
return;

6
src/Sessions.h
View file

@ -59,7 +59,7 @@ public:
// Returns a reassembled packet, or nil if there are still
// some missing fragments.
FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip,
detail::FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip,
const u_char* pkt);
// Looks up the connection referred to by the given Val,
@ -68,7 +68,7 @@ public:
Connection* FindConnection(zeek::Val* v);
void Remove(Connection* c);
void Remove(FragReassembler* f);
void Remove(detail::FragReassembler* f);
void Insert(Connection* c);
@ -177,7 +177,7 @@ protected:
friend class detail::IPTunnelTimer;
using ConnectionMap = std::map<zeek::detail::ConnIDKey, Connection*>;
using FragmentMap = std::map<FragReassemblerKey, FragReassembler*>;
using FragmentMap = std::map<detail::FragReassemblerKey, detail::FragReassembler*>;
Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
const u_char* data, int proto, uint32_t flow_label,

6
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -23,7 +23,7 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer,
TCP_Analyzer* arg_tcp_analyzer,
TCP_Reassembler::Type arg_type,
TCP_Endpoint* arg_endp)
: Reassembler(1, REASSEM_TCP)
: zeek::Reassembler(1, zeek::REASSEM_TCP)
{
dst_analyzer = arg_dst_analyzer;
tcp_analyzer = arg_tcp_analyzer;
@ -348,7 +348,7 @@ void TCP_Reassembler::RecordToSeq(uint64_t start_seq, uint64_t stop_seq, const z
RecordGap(last_seq, stop_seq, f);
}
void TCP_Reassembler::RecordBlock(const DataBlock& b, const zeek::FilePtr& f)
void TCP_Reassembler::RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& f)
{
if ( f->Write((const char*) b.block, b.Size()) )
return;
@ -378,7 +378,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, const ze
);
}
void TCP_Reassembler::BlockInserted(DataBlockMap::const_iterator it)
void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it)
{
const auto& start_block = it->second;

6
src/analyzer/protocol/tcp/TCP_Reassembler.h
View file

@ -13,7 +13,7 @@ namespace analyzer::tcp {
class TCP_Analyzer;
class TCP_Reassembler final : public Reassembler {
class TCP_Reassembler final : public zeek::Reassembler {
public:
enum Type {
Direct, // deliver to destination analyzer itself
@ -89,10 +89,10 @@ private:
void Gap(uint64_t seq, uint64_t len);
void RecordToSeq(uint64_t start_seq, uint64_t stop_seq, const zeek::FilePtr& f);
void RecordBlock(const DataBlock& b, const zeek::FilePtr& f);
void RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& f);
void RecordGap(uint64_t start_seq, uint64_t upper_seq, const zeek::FilePtr& f);
void BlockInserted(DataBlockMap::const_iterator it) override;
void BlockInserted(zeek::DataBlockMap::const_iterator it) override;
void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override;
TCP_Endpoint* endp;

6
src/file_analysis/FileReassembler.cc
View file

@ -8,12 +8,12 @@ namespace file_analysis {
class File;
FileReassembler::FileReassembler(File *f, uint64_t starting_offset)
: Reassembler(starting_offset, REASSEM_FILE), the_file(f), flushing(false)
: zeek::Reassembler(starting_offset, zeek::REASSEM_FILE), the_file(f), flushing(false)
{
}
FileReassembler::FileReassembler()
: Reassembler(), the_file(nullptr), flushing(false)
: zeek::Reassembler(), the_file(nullptr), flushing(false)
{
}
@ -50,7 +50,7 @@ uint64_t FileReassembler::FlushTo(uint64_t sequence)
return rval;
}
void FileReassembler::BlockInserted(DataBlockMap::const_iterator it)
void FileReassembler::BlockInserted(zeek::DataBlockMap::const_iterator it)
{
const auto& start_block = it->second;

4
src/file_analysis/FileReassembler.h
View file

@ -11,7 +11,7 @@ namespace file_analysis {
class File;
class FileReassembler final : public Reassembler {
class FileReassembler final : public zeek::Reassembler {
public:
FileReassembler(File* f, uint64_t starting_offset);
@ -51,7 +51,7 @@ protected:
FileReassembler();
void Undelivered(uint64_t up_to_seq) override;
void BlockInserted(DataBlockMap::const_iterator it) override;
void BlockInserted(zeek::DataBlockMap::const_iterator it) override;
void Overlap(const u_char* b1, const u_char* b2, uint64_t n) override;
File* the_file;

8
src/stats.bif
View file

@ -220,10 +220,10 @@ function get_reassembler_stats%(%): ReassemblerStats
auto r = zeek::make_intrusive<zeek::RecordVal>(ReassemblerStats);
int n = 0;
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FILE)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_FRAG)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_TCP)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(REASSEM_UNKNOWN)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FILE)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FRAG)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_TCP)));
r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN)));
return r;
%}