diff --git a/CHANGES b/CHANGES index 5e5251bc6c..3001bf5715 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,77 @@ +3.3.0-dev.177 | 2020-08-21 08:36:48 -0700 + + * Add missing namespace to usage of get_exe_path in fuzzer (Tim Wojtulewicz, Corelight) + + * Rename methods in RunState to remove 'net' from their names (Tim Wojtulewicz, Corelight) + + * Move zeek::net namespace to zeek::run_state namespace. + + This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated (Tim Wojtulewicz, Corelight) + + * Move ScannedFile class and associated globals into ScannedFile.h and out of Net.h and scan.l (Tim Wojtulewicz, Corelight) + + * Rename types in ZeekList.h to be consistent with the style guide (Tim Wojtulewicz, Corelight) + + * Move NetVar from zeek to zeek::detail namespace (Tim Wojtulewicz, Corelight) + + * Remove PRI_PTR_COMPAT macros (Tim Wojtulewicz, Corelight) + + * Fix indentation of namespaced aliases (Tim Wojtulewicz, Corelight) + + * Move zeek-setup code into namespaces (Tim Wojtulewicz, Corelight) + + * Move ZeekList types to zeek namespace (Tim Wojtulewicz, Corelight) + + * Move __RegisterBif from zeek::detail::plugin to zeek::plugin::detail (Tim Wojtulewicz, Corelight) + + * Remove unimplemented zeek_magic_path/bro_magic_path method (Tim Wojtulewicz, Corelight) + + * Move all plugin classes into zeek::plugin::detail namespaces (Tim Wojtulewicz, Corelight) + + * Rename BroList.h to ZeekList.h (Tim Wojtulewicz, Corelight) + + * Move a few smaller files to zeek namespaces (Tim Wojtulewicz, Corelight) + + * Tag the end of some namespaces for consistency (Tim Wojtulewicz, Corelight) + + * Move a few of the zeek::util methods and variables to zeek::util::detail (Tim Wojtulewicz, Corelight) + + * Move zeekygen code to zeek::zeekygen::detail namespace (Tim Wojtulewicz, Corelight) + + * Mark zeek::util::pad_size as constexpr, which provides a small performance improvement (Tim Wojtulewicz, Corelight) + + * Move everything in util.h to zeek::util namespace. + + This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_. (Tim Wojtulewicz, Corelight) + + * Deprecate ptr_compat_uint and ptr_compat_int in util.h (Tim Wojtulewicz, Corelight) + + * Move NetVar.h to zeek namespace (Tim Wojtulewicz, Corelight) + + * Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. (Tim Wojtulewicz, Corelight) + + * Add namespaced version of trigger_mgr, fix a couple uses of event_registry (Tim Wojtulewicz, Corelight) + + * Move the remainder of the analyzers to zeek namespaces (Tim Wojtulewicz, Corelight) + + * Move arp, tcp, udp, pia, and stepping stone analyzers (Tim Wojtulewicz, Corelight) + + * Move bro_broker code to zeek::Broker namespace (Tim Wojtulewicz, Corelight) + + * Move notifier code to zeek::notifier::detail namespace (Tim Wojtulewicz, Corelight) + + * Move threading classes to zeek namespaces (Tim Wojtulewicz, Corelight) + + * Move probabilistic code into zeek namespaces (Tim Wojtulewicz, Corelight) + + * Move iosource code to zeek namespaces (Tim Wojtulewicz, Corelight) + + * Move logging code to zeek namespaces (Tim Wojtulewicz, Corelight) + + * Move input code to zeek namespaces (Tim Wojtulewicz, Corelight) + + * Move file_analysis code to zeek namespaces (Tim Wojtulewicz, Corelight) + 3.3.0-dev.142 | 2020-08-20 16:26:06 -0700 diff --git a/NEWS b/NEWS index 1367b16894..58c719001d 100644 --- a/NEWS +++ b/NEWS @@ -44,6 +44,11 @@ Removed Functionality - The counter type was removed. This type was never fully functional/used anywhere. +- Removed the PRI_PTR_COMPAT_INT, PRI_PTR_COMPAT_UINT, and PRI_SOURCE_ID + macros. There are no deprecation warnings for these because they were C + macros. Use the PRIdPTR and PRIuPTR macros from the standard library + instead. + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index 137faccbcf..d76f8573e2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.3.0-dev.142 +3.3.0-dev.177 diff --git a/auxil/bifcl b/auxil/bifcl index 2affd6a4fd..1f7e277dd4 160000 --- a/auxil/bifcl +++ b/auxil/bifcl @@ -1 +1 @@ -Subproject commit 2affd6a4fd7b2543a533c481334828d3a47890d6 +Subproject commit 1f7e277dd43fb69acaf44aaac4d2fe04207ff6ad diff --git a/src/Anon.cc b/src/Anon.cc index 9df45b2480..d2365e46ca 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -20,7 +20,7 @@ AnonymizeIPAddr* zeek::detail::ip_anonymizer[NUM_ADDR_ANONYMIZATION_METHODS] = { static uint32_t rand32() { - return ((zeek::random_number() & 0xffff) << 16) | (zeek::random_number() & 0xffff); + return ((zeek::util::detail::random_number() & 0xffff) << 16) | (zeek::util::detail::random_number() & 0xffff); } // From tcpdpriv. @@ -104,7 +104,7 @@ ipaddr32_t AnonymizeIPAddr_RandomMD5::anonymize(ipaddr32_t input) uint8_t digest[16]; ipaddr32_t output = 0; - hmac_md5(sizeof(input), (u_char*)(&input), digest); + zeek::util::detail::hmac_md5(sizeof(input), (u_char*)(&input), digest); for ( int i = 0; i < 4; ++i ) output = (output << 8) | digest[i]; @@ -132,7 +132,7 @@ ipaddr32_t AnonymizeIPAddr_PrefixMD5::anonymize(ipaddr32_t input) prefix.prefix = htonl((input & ~(prefix_mask>>i)) | (1<<(31-i))); // HK(PAD(x_0 ... x_{i-1})). - hmac_md5(sizeof(prefix), (u_char*) &prefix, digest); + zeek::util::detail::hmac_md5(sizeof(prefix), (u_char*) &prefix, digest); // f_{i-1} = LSB(HK(PAD(x_0 ... x_{i-1}))). ipaddr32_t bit_mask = (digest[0] & 1) << (31-i); diff --git a/src/Anon.h b/src/Anon.h index c9b1db8553..ce82bd2b38 100644 --- a/src/Anon.h +++ b/src/Anon.h @@ -129,4 +129,4 @@ ipaddr32_t anonymize_ip(ipaddr32_t ip, enum ip_addr_anonymization_class_t cl); #define LOG_ANONYMIZATION_MAPPING void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output); -} +} // namespace zeek::detail diff --git a/src/Attr.cc b/src/Attr.cc index 5fbced8740..8f6b54a13c 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -150,7 +150,7 @@ void Attr::AddTag(ODesc* d) const d->Add(attr_name(Tag())); } -Attributes::Attributes(attr_list* a, TypePtr t, bool arg_in_record, bool is_global) +Attributes::Attributes(AttrPList* a, TypePtr t, bool arg_in_record, bool is_global) { attrs_list.resize(a->length()); attrs.reserve(a->length()); @@ -537,7 +537,7 @@ void Attributes::CheckAttr(Attr* a) const auto& table_index_types = the_table->GetIndexTypes(); - type_list expected_args(1 + static_cast(table_index_types.size())); + TypePList expected_args(1 + static_cast(table_index_types.size())); expected_args.push_back(type->AsTableType()); for ( const auto& t : table_index_types ) diff --git a/src/Attr.h b/src/Attr.h index 0e18f0ace2..5c110bfe7f 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -6,7 +6,7 @@ #include #include "Obj.h" -#include "BroList.h" +#include "ZeekList.h" #include "IntrusivePtr.h" ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); @@ -107,7 +107,7 @@ protected: class Attributes final : public Obj { public: [[deprecated("Remove in v4.1. Construct using IntrusivePtrs instead.")]] - Attributes(attr_list* a, zeek::TypePtr t, bool in_record, bool is_global); + Attributes(AttrPList* a, zeek::TypePtr t, bool in_record, bool is_global); Attributes(std::vector a, zeek::TypePtr t, bool in_record, bool is_global); @@ -133,7 +133,7 @@ public: void DescribeReST(ODesc* d, bool shorten = false) const; [[deprecated("Remove in v4.1. Use GetAttrs().")]] - const attr_list* Attrs() const + const AttrPList* Attrs() const { return &attrs_list; } const std::vector& GetAttrs() const @@ -148,7 +148,7 @@ protected: std::vector attrs; // Remove in v4.1. This is used by Attrs(), which is deprecated. - attr_list attrs_list; + AttrPList attrs_list; bool in_record; bool global_var; }; diff --git a/src/Base64.cc b/src/Base64.cc index 7f1a17e50a..a50f6121d3 100644 --- a/src/Base64.cc +++ b/src/Base64.cc @@ -193,7 +193,7 @@ int Base64Converter::Decode(int len, const char* data, int* pblen, char** pbuf) else { if ( ++errored == 1 ) - IllegalEncoding(fmt("character %d ignored by Base64 decoding", (int) (data[dlen]))); + IllegalEncoding(zeek::util::fmt("character %d ignored by Base64 decoding", (int) (data[dlen]))); } ++dlen; @@ -210,7 +210,8 @@ int Base64Converter::Done(int* pblen, char** pbuf) if ( base64_group_next != 0 ) { if ( base64_group_next < 4 ) - IllegalEncoding(fmt("incomplete base64 group, padding with %d bits of 0", (4-base64_group_next) * 6)); + IllegalEncoding(zeek::util::fmt("incomplete base64 group, padding with %d bits of 0", + (4-base64_group_next) * 6)); Decode(4 - base64_group_next, padding, pblen, pbuf); return -1; } diff --git a/src/BroList.h b/src/BroList.h index 73b28a5426..1956e71971 100644 --- a/src/BroList.h +++ b/src/BroList.h @@ -1,27 +1,2 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#pragma once - -#include "List.h" - -ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); -using val_list = zeek::PList; - -ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); -using expr_list = zeek::PList; - -ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail); -using id_list = zeek::PList; - -ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); -using stmt_list = zeek::PList; - -namespace zeek { class Type; } -using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type; -using type_list = zeek::PList; - -ZEEK_FORWARD_DECLARE_NAMESPACED(Attr, zeek::detail); -using attr_list = zeek::PList; - -ZEEK_FORWARD_DECLARE_NAMESPACED(Timer, zeek::detail); -using timer_list = zeek::PList; +#warning "BroList.h is deprecated and will be removed in v4.1. Use ZeekList.h instead." +#include "ZeekList.h" diff --git a/src/CCL.cc b/src/CCL.cc index 6f36c100c6..6c015c6a55 100644 --- a/src/CCL.cc +++ b/src/CCL.cc @@ -31,7 +31,7 @@ void CCL::Negate() void CCL::Add(int sym) { - ptr_compat_int sym_p = ptr_compat_int(sym); + auto sym_p = static_cast(sym); // Check to see if the character is already in the ccl. for ( auto sym : *syms ) @@ -48,7 +48,7 @@ void CCL::Sort() unsigned int CCL::MemoryAllocation() const { - return padded_sizeof(*this) + padded_sizeof(*syms) + pad_size(syms->size() * sizeof(int_list::value_type)); + return padded_sizeof(*this) + padded_sizeof(*syms) + zeek::util::pad_size(syms->size() * sizeof(int_list::value_type)); } } // namespace zeek::detail diff --git a/src/CCL.h b/src/CCL.h index 4407cef767..9e5cc30bb0 100644 --- a/src/CCL.h +++ b/src/CCL.h @@ -2,12 +2,12 @@ #pragma once +#include #include -#include "util.h" // for ptr_compat_int namespace zeek::detail { -using int_list = std::vector; +using int_list = std::vector; class CCL { public: diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index befe21c7ea..e75d4f3a0b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -253,8 +253,8 @@ set(MAIN_SRCS List.cc Reporter.cc NFA.cc - Net.cc NetVar.cc + Notifier.cc Obj.cc OpaqueVal.cc Options.cc @@ -270,12 +270,13 @@ set(MAIN_SRCS RuleAction.cc RuleCondition.cc RuleMatcher.cc - SmithWaterman.cc + RunState.cc + ScannedFile.cc Scope.cc ScriptCoverageManager.cc SerializationFormat.cc Sessions.cc - Notifier.cc + SmithWaterman.cc Stats.cc Stmt.cc Tag.cc diff --git a/src/CompHash.h b/src/CompHash.h index b46fff9bf1..50c72482d2 100644 --- a/src/CompHash.h +++ b/src/CompHash.h @@ -36,7 +36,7 @@ public: zeek::ListValPtr RecoverVals(const zeek::detail::HashKey* k) const { return RecoverVals(*k); } - unsigned int MemoryAllocation() const { return padded_sizeof(*this) + pad_size(size); } + unsigned int MemoryAllocation() const { return padded_sizeof(*this) + zeek::util::pad_size(size); } protected: std::unique_ptr ComputeSingletonHash(const zeek::Val* v, bool type_check) const; diff --git a/src/Conn.cc b/src/Conn.cc index 6de529c26c..91cef11484 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -7,7 +7,7 @@ #include #include "Desc.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "Event.h" #include "Sessions.h" @@ -194,8 +194,8 @@ void Connection::NextPacket(double t, bool is_orig, // arguments for reproducing packets const zeek::Packet *pkt) { - current_timestamp = t; - current_pkt = pkt; + zeek::run_state::current_timestamp = t; + zeek::run_state::current_pkt = pkt; if ( Skipping() ) return; @@ -218,13 +218,13 @@ void Connection::NextPacket(double t, bool is_orig, else last_time = t; - current_timestamp = 0; - current_pkt = nullptr; + zeek::run_state::current_timestamp = 0; + zeek::run_state::current_pkt = nullptr; } void Connection::SetLifetime(double lifetime) { - ADD_TIMER(&Connection::DeleteTimer, network_time + lifetime, 0, + ADD_TIMER(&Connection::DeleteTimer, zeek::run_state::network_time + lifetime, 0, zeek::detail::TIMER_CONN_DELETE); } @@ -326,10 +326,10 @@ void Connection::SetInactivityTimeout(double timeout) void Connection::EnableStatusUpdateTimer() { - if ( connection_status_update && connection_status_update_interval ) + if ( connection_status_update && zeek::detail::connection_status_update_interval ) { ADD_TIMER(&Connection::StatusUpdateTimer, - network_time + connection_status_update_interval, 0, + zeek::run_state::network_time + zeek::detail::connection_status_update_interval, 0, zeek::detail::TIMER_CONN_STATUS_UPDATE); installed_status_timer = 1; } @@ -339,7 +339,7 @@ void Connection::StatusUpdateTimer(double t) { EnqueueEvent(connection_status_update, nullptr, ConnVal()); ADD_TIMER(&Connection::StatusUpdateTimer, - network_time + connection_status_update_interval, 0, + zeek::run_state::network_time + zeek::detail::connection_status_update_interval, 0, zeek::detail::TIMER_CONN_STATUS_UPDATE); } @@ -389,7 +389,7 @@ const zeek::RecordValPtr& Connection::ConnVal() conn_val->Assign(6, zeek::val_mgr->EmptyString()); // history if ( ! uid ) - uid.Set(bits_per_uid); + uid.Set(zeek::detail::bits_per_uid); conn_val->Assign(7, zeek::make_intrusive(uid.Base62("C").c_str())); @@ -439,7 +439,7 @@ void Connection::AppendAddl(const char* str) const char* old = cv->GetField(6)->AsString()->CheckString(); const char* format = *old ? "%s %s" : "%s%s"; - cv->Assign(6, zeek::make_intrusive(fmt(format, old, str))); + cv->Assign(6, zeek::make_intrusive(zeek::util::fmt(format, old, str))); } // Returns true if the character at s separates a version number. @@ -502,7 +502,7 @@ void Connection::Event(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* analyz zeek::IntrusivePtr{zeek::AdoptRef{}, v1}); } -void Connection::ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list vl) +void Connection::ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* a, ValPList vl) { auto args = zeek::val_list_to_args(vl); @@ -512,17 +512,17 @@ void Connection::ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyz return; // "this" is passed as a cookie for the event - zeek::event_mgr.Enqueue(f, std::move(args), SOURCE_LOCAL, a ? a->GetID() : 0, this); + zeek::event_mgr.Enqueue(f, std::move(args), zeek::util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this); } -void Connection::ConnectionEventFast(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list vl) +void Connection::ConnectionEventFast(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* a, ValPList vl) { // "this" is passed as a cookie for the event - zeek::event_mgr.Enqueue(f, zeek::val_list_to_args(vl), SOURCE_LOCAL, + zeek::event_mgr.Enqueue(f, zeek::val_list_to_args(vl), zeek::util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this); } -void Connection::ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* a, val_list* vl) +void Connection::ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* a, ValPList* vl) { auto args = zeek::val_list_to_args(*vl); delete vl; @@ -535,7 +535,7 @@ void Connection::EnqueueEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* zeek::Args args) { // "this" is passed as a cookie for the event - zeek::event_mgr.Enqueue(f, std::move(args), SOURCE_LOCAL, a ? a->GetID() : 0, this); + zeek::event_mgr.Enqueue(f, std::move(args), zeek::util::detail::SOURCE_LOCAL, a ? a->GetID() : 0, this); } void Connection::Weird(const char* name, const char* addl) @@ -572,7 +572,7 @@ void Connection::CancelTimers() // call RemoveTimer(), which would then modify the list we're just // traversing. Thus, we first make a copy of the list which we then // iterate through. - timer_list tmp(timers.length()); + TimerPList tmp(timers.length()); std::copy(timers.begin(), timers.end(), std::back_inserter(tmp)); for ( const auto& timer : tmp ) @@ -690,7 +690,8 @@ void Connection::IDString(zeek::ODesc* d) const d->Add(ntohs(resp_port)); } -void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, ::analyzer::pia::PIA* pia) +void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, + zeek::analyzer::pia::PIA* pia) { root_analyzer = analyzer; primary_PIA = pia; diff --git a/src/Conn.h b/src/Conn.h index 5b26d339ca..3081e77f0c 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -204,7 +204,7 @@ public: // arguments used for the event are whatevever is provided in 'vl'. [[deprecated("Remove in v4.1. Use EnqueueEvent() instead.")]] void ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, - val_list vl); + ValPList vl); // Same as ConnectionEvent, except taking the event's argument list via a // pointer instead of by value. This function takes ownership of the @@ -212,7 +212,7 @@ public: // of each of its elements. [[deprecated("Remove in v4.1. Use EnqueueEvent() instead.")]] void ConnectionEvent(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, - val_list* vl); + ValPList* vl); // Queues an event without first checking if there's any available event // handlers (or remote consumes). If it turns out there's actually nothing @@ -224,7 +224,7 @@ public: // there's no handlers to consume them). [[deprecated("Remove in v4.1. Use EnqueueEvent() instead.")]] void ConnectionEventFast(zeek::EventHandlerPtr f, zeek::analyzer::Analyzer* analyzer, - val_list vl); + ValPList vl); /** * Enqueues an event associated with this connection and given analyzer. @@ -303,9 +303,9 @@ public: void DeleteTimer(double t); // Sets the root of the analyzer tree as well as the primary PIA. - void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, ::analyzer::pia::PIA* pia); + void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, zeek::analyzer::pia::PIA* pia); zeek::analyzer::TransportLayerAnalyzer* GetRootAnalyzer() { return root_analyzer; } - ::analyzer::pia::PIA* GetPrimaryPIA() { return primary_PIA; } + zeek::analyzer::pia::PIA* GetPrimaryPIA() { return primary_PIA; } // Sets the transport protocol in use. void SetTransport(TransportProto arg_proto) { proto = arg_proto; } @@ -346,7 +346,7 @@ protected: zeek::detail::ConnIDKey key; bool key_valid; - timer_list timers; + TimerPList timers; zeek::IPAddr orig_addr; zeek::IPAddr resp_addr; @@ -382,7 +382,7 @@ protected: uint32_t hist_seen; zeek::analyzer::TransportLayerAnalyzer* root_analyzer; - ::analyzer::pia::PIA* primary_PIA; + zeek::analyzer::pia::PIA* primary_PIA; zeek::UID uid; // Globally unique connection ID. zeek::detail::WeirdStateMap weird_state; diff --git a/src/DFA.cc b/src/DFA.cc index b1cc02cdb9..09aed30c25 100644 --- a/src/DFA.cc +++ b/src/DFA.cc @@ -284,9 +284,9 @@ void DFA_State::Stats(unsigned int* computed, unsigned int* uncomputed) unsigned int DFA_State::Size() { return sizeof(*this) - + pad_size(sizeof(DFA_State*) * num_sym) - + (accept ? pad_size(sizeof(int) * accept->size()) : 0) - + (nfa_states ? pad_size(sizeof(NFA_State*) * nfa_states->length()) : 0) + + zeek::util::pad_size(sizeof(DFA_State*) * num_sym) + + (accept ? zeek::util::pad_size(sizeof(int) * accept->size()) : 0) + + (nfa_states ? zeek::util::pad_size(sizeof(NFA_State*) * nfa_states->length()) : 0) + (meta_ec ? meta_ec->Size() : 0); } @@ -373,7 +373,7 @@ void DFA_State_Cache::GetStats(Stats* s) ++s->dfa_states; s->nfa_states += e->NFAStateNum(); e->Stats(&s->computed, &s->uncomputed); - s->mem += pad_size(e->Size()) + padded_sizeof(*e); + s->mem += zeek::util::pad_size(e->Size()) + padded_sizeof(*e); } } diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index fa4f79f827..43f0917749 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -34,7 +34,7 @@ #include "ZeekString.h" #include "Expr.h" #include "Event.h" -#include "Net.h" +#include "RunState.h" #include "Val.h" #include "NetVar.h" #include "ID.h" @@ -58,7 +58,7 @@ namespace zeek::detail { class DNS_Mgr_Request { public: DNS_Mgr_Request(const char* h, int af, bool is_txt) - : host(copy_string(h)), fam(af), qtype(is_txt ? 16 : 0), addr(), + : host(zeek::util::copy_string(h)), fam(af), qtype(is_txt ? 16 : 0), addr(), request_pending() { } @@ -140,7 +140,7 @@ public: if ( req_host && num_addrs == 0) return false; // nothing to expire - return current_time() > (creation_time + req_ttl); + return zeek::util::current_time() > (creation_time + req_ttl); } int Type() const { return map_type; } @@ -187,11 +187,11 @@ static zeek::TableValPtr empty_addr_set() DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl) { Init(h); - req_host = copy_string(host); + req_host = zeek::util::copy_string(host); req_ttl = ttl; if ( names && ! names[0] ) - names[0] = copy_string(host); + names[0] = zeek::util::copy_string(host); } DNS_Mapping::DNS_Mapping(const zeek::IPAddr& addr, struct hostent* h, uint32_t ttl) @@ -231,13 +231,13 @@ DNS_Mapping::DNS_Mapping(FILE* f) failed = static_cast(failed_local); if ( is_req_host ) - req_host = copy_string(req_buf); + req_host = zeek::util::copy_string(req_buf); else req_addr = zeek::IPAddr(req_buf); num_names = 1; names = new char*[num_names]; - names[0] = copy_string(name_buf); + names[0] = zeek::util::copy_string(name_buf); if ( num_addrs > 0 ) { @@ -318,7 +318,7 @@ void DNS_Mapping::Init(struct hostent* h) { no_mapping = false; init_failed = false; - creation_time = current_time(); + creation_time = zeek::util::current_time(); host_val = nullptr; addrs_val = nullptr; @@ -331,7 +331,7 @@ void DNS_Mapping::Init(struct hostent* h) map_type = h->h_addrtype; num_names = 1; // for now, just use official name names = new char*[num_names]; - names[0] = h->h_name ? copy_string(h->h_name) : nullptr; + names[0] = h->h_name ? zeek::util::copy_string(h->h_name) : nullptr; for ( num_addrs = 0; h->h_addr_list[num_addrs]; ++num_addrs ) ; @@ -411,7 +411,7 @@ void DNS_Mgr::InitSource() // script-layer option to configure the DNS resolver as it may not be // configured to the user's desired address at the time when we need to to // the lookup. - auto dns_resolver = zeekenv("ZEEK_DNS_RESOLVER"); + auto dns_resolver = zeek::util::zeekenv("ZEEK_DNS_RESOLVER"); auto dns_resolver_addr = dns_resolver ? zeek::IPAddr(dns_resolver) : zeek::IPAddr(); char err[NB_DNS_ERRSIZE]; @@ -439,7 +439,7 @@ void DNS_Mgr::InitSource() if ( nb_dns ) { - if ( ! iosource_mgr->RegisterFd(nb_dns_fd(nb_dns), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(nb_dns_fd(nb_dns), this) ) zeek::reporter->FatalError("Failed to register nb_dns file descriptor with iosource_mgr"); } else @@ -455,7 +455,7 @@ void DNS_Mgr::InitPostScript() dm_rec = zeek::id::find_type("dns_mapping"); // Registering will call Init() - iosource_mgr->Register(this, true); + zeek::iosource_mgr->Register(this, true); const char* cache_dir = dir ? dir : "."; cache_name = new char[strlen(cache_dir) + 64]; @@ -1204,7 +1204,7 @@ void DNS_Mgr::IssueAsyncRequests() continue; } - req->time = current_time(); + req->time = zeek::util::current_time(); asyncs_timeouts.push(req); ++asyncs_pending; @@ -1338,7 +1338,7 @@ double DNS_Mgr::GetNextTimeout() if ( asyncs_timeouts.empty() ) return -1; - return network_time + DNS_TIMEOUT; + return zeek::run_state::network_time + DNS_TIMEOUT; } void DNS_Mgr::Process() @@ -1350,7 +1350,7 @@ void DNS_Mgr::Process() { AsyncRequest* req = asyncs_timeouts.top(); - if ( req->time + DNS_TIMEOUT > current_time() && ! terminating ) + if ( req->time + DNS_TIMEOUT > zeek::util::current_time() && ! zeek::run_state::terminating ) break; if ( ! req->processed ) @@ -1462,7 +1462,7 @@ void DNS_Mgr::GetStats(Stats* stats) void DNS_Mgr::Terminate() { if ( nb_dns ) - iosource_mgr->UnregisterFd(nb_dns_fd(nb_dns), this); + zeek::iosource_mgr->UnregisterFd(nb_dns_fd(nb_dns), this); } } // namespace zeek::detail diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index c61cb1fffb..90d2fa7359 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -47,7 +47,7 @@ enum DNS_MgrMode { // Number of seconds we'll wait for a reply. #define DNS_TIMEOUT 5 -class DNS_Mgr final : public iosource::IOSource { +class DNS_Mgr final : public zeek::iosource::IOSource { public: explicit DNS_Mgr(DNS_MgrMode mode); ~DNS_Mgr() override; @@ -62,7 +62,7 @@ public: zeek::ValPtr LookupAddr(const zeek::IPAddr& addr); // Define the directory where to store the data. - void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); } + void SetDir(const char* arg_dir) { dir = zeek::util::copy_string(arg_dir); } void Verify(); void Resolve(); diff --git a/src/Debug.cc b/src/Debug.cc index c5385546e5..2a66e6e7bc 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -119,7 +119,7 @@ FILE* TraceState::SetTraceFile(const char* filename) { FILE* newfile; - if ( streq(filename, "-") ) + if ( zeek::util::streq(filename, "-") ) newfile = stderr; else newfile = fopen(filename, "w"); @@ -158,7 +158,7 @@ int TraceState::LogTrace(const char* fmt, ...) va_start(args, fmt); // Prefix includes timestamp and file/line info. - fprintf(trace_file, "%.6f ", network_time); + fprintf(trace_file, "%.6f ", zeek::run_state::network_time); const zeek::detail::Stmt* stmt; zeek::detail::Location loc; @@ -179,7 +179,7 @@ int TraceState::LogTrace(const char* fmt, ...) if ( ! loc.filename ) { - loc.filename = copy_string(""); + loc.filename = zeek::util::copy_string(""); loc.last_line = 0; } @@ -377,7 +377,7 @@ vector parse_location_string(const string& s) if ( ! sscanf(line_string.c_str(), "%d", &plr.line) ) plr.type = PLR_UNKNOWN; - string path(find_script_file(filename, bro_path())); + string path(zeek::util::find_script_file(filename, zeek::util::zeek_path())); if ( path.empty() ) { @@ -555,7 +555,7 @@ int dbg_execute_command(const char* cmd) if ( ! cmd ) return 0; - if ( streq(cmd, "") ) // do the GDB command completion + if ( zeek::util::streq(cmd, "") ) // do the GDB command completion { #ifdef HAVE_READLINE int i; @@ -581,7 +581,7 @@ int dbg_execute_command(const char* cmd) return 0; } - char* localcmd = copy_string(cmd); + char* localcmd = zeek::util::copy_string(cmd); string opstring; vector arguments; @@ -768,7 +768,7 @@ string get_context_description(const zeek::detail::Stmt* stmt, const zeek::detai loc = *stmt->GetLocationInfo(); else { - loc.filename = copy_string(""); + loc.filename = zeek::util::copy_string(""); loc.last_line = 0; } @@ -831,7 +831,7 @@ int dbg_handle_debug_input() // readline uses malloc, and we want to be consistent // with it. - input_line = (char*) safe_malloc(1024); + input_line = (char*) zeek::util::safe_malloc(1024); input_line[1023] = 0; // ### Maybe it's not always stdin. input_line = fgets(input_line, 1023, stdin); @@ -930,7 +930,7 @@ bool pre_execute_stmt(zeek::detail::Stmt* stmt, zeek::detail::Frame* f) return true; } -bool post_execute_stmt(zeek::detail::Stmt* stmt, zeek::detail::Frame* f, zeek::Val* result, stmt_flow_type* flow) +bool post_execute_stmt(zeek::detail::Stmt* stmt, zeek::detail::Frame* f, zeek::Val* result, zeek::detail::StmtFlowType* flow) { // Handle the case where someone issues a "next" debugger command, // but we're at a return statement, so the next statement is in diff --git a/src/Debug.h b/src/Debug.h index 0a915df07c..92efac4615 100644 --- a/src/Debug.h +++ b/src/Debug.h @@ -148,7 +148,7 @@ std::vector parse_location_string(const std::string& s); // Return true to continue execution, false to abort. bool pre_execute_stmt(zeek::detail::Stmt* stmt, zeek::detail::Frame* f); -bool post_execute_stmt(zeek::detail::Stmt* stmt, zeek::detail::Frame* f, zeek::Val* result, stmt_flow_type* flow); +bool post_execute_stmt(zeek::detail::Stmt* stmt, zeek::detail::Frame* f, zeek::Val* result, StmtFlowType* flow); // Returns 1 if successful, 0 otherwise. // If cmdfile is non-nil, it contains the location of a file of commands diff --git a/src/DebugCmds.cc b/src/DebugCmds.cc index 83a485a60a..431098765d 100644 --- a/src/DebugCmds.cc +++ b/src/DebugCmds.cc @@ -37,7 +37,7 @@ static bool string_is_regex(const string& s) static void lookup_global_symbols_regex(const string& orig_regex, vector& matches, bool func_only = false) { - if ( streq(orig_regex.c_str(), "") ) + if ( zeek::util::streq(orig_regex.c_str(), "") ) return; string regex = "^"; diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 6fe0ccc0bb..09a2869017 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -4,7 +4,7 @@ #include #include "DebugLogger.h" -#include "Net.h" +#include "RunState.h" #include "plugin/Plugin.h" zeek::detail::DebugLogger zeek::detail::debug_logger; @@ -49,7 +49,7 @@ void DebugLogger::OpenDebugLog(const char* filename) { if ( filename ) { - filename = log_file_name(filename); + filename = zeek::util::detail::log_file_name(filename); file = fopen(filename, "w"); if ( ! file ) @@ -93,7 +93,7 @@ void DebugLogger::ShowStreamsHelp() void DebugLogger::EnableStreams(const char* s) { char* brkt; - char* tmp = copy_string(s); + char* tmp = zeek::util::copy_string(s); char* tok = strtok(tmp, ","); while ( tok ) @@ -159,7 +159,7 @@ void DebugLogger::Log(DebugStream stream, const char* fmt, ...) return; fprintf(file, "%17.06f/%17.06f [%s] ", - network_time, current_time(true), g->prefix); + zeek::run_state::network_time, zeek::util::current_time(true), g->prefix); for ( int i = g->indent; i > 0; --i ) fputs(" ", file); @@ -176,13 +176,13 @@ void DebugLogger::Log(DebugStream stream, const char* fmt, ...) void DebugLogger::Log(const zeek::plugin::Plugin& plugin, const char* fmt, ...) { std::string tok = std::string("plugin-") + plugin.Name(); - tok = strreplace(tok, "::", "-"); + tok = zeek::util::strreplace(tok, "::", "-"); if ( enabled_streams.find(tok) == enabled_streams.end() ) return; fprintf(file, "%17.06f/%17.06f [plugin %s] ", - network_time, current_time(true), plugin.Name().c_str()); + zeek::run_state::network_time, zeek::util::current_time(true), plugin.Name().c_str()); va_list ap; va_start(ap, fmt); diff --git a/src/Desc.cc b/src/Desc.cc index 773f99940a..3632476c7c 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -27,7 +27,7 @@ ODesc::ODesc(desc_type t, zeek::File* arg_f) if ( f == nullptr ) { size = DEFAULT_SIZE; - base = safe_malloc(size); + base = zeek::util::safe_malloc(size); ((char*) base)[0] = '\0'; offset = 0; } @@ -335,7 +335,7 @@ void ODesc::AddBytes(const void* bytes, unsigned int n) if ( p.first ) { AddBytesRaw(s, p.first - s); - get_escaped_string(this, p.first, p.second, true); + zeek::util::get_escaped_string(this, p.first, p.second, true); s = p.first + p.second; } else @@ -388,7 +388,7 @@ void ODesc::Grow(unsigned int n) while ( offset + n + SLOP >= size ) size *= 2; - base = safe_realloc(base, size); + base = zeek::util::safe_realloc(base, size); } void ODesc::Clear() @@ -400,7 +400,7 @@ void ODesc::Clear() { free(base); size = DEFAULT_SIZE; - base = safe_malloc(size); + base = zeek::util::safe_malloc(size); ((char*) base)[0] = '\0'; } } diff --git a/src/Dict.cc b/src/Dict.cc index 3e4bfb5fa6..2536073e86 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -418,14 +418,14 @@ size_t Dictionary::MemoryAllocation() const size_t size = padded_sizeof(*this); if ( table ) { - size += pad_size(Capacity() * sizeof(detail::DictEntry)); + size += zeek::util::pad_size(Capacity() * sizeof(detail::DictEntry)); for ( int i = Capacity()-1; i>=0; i-- ) if ( ! table[i].Empty() && table[i].key_size > 8 ) - size += pad_size(table[i].key_size); + size += zeek::util::pad_size(table[i].key_size); } if ( order ) - size += padded_sizeof(std::vector) + pad_size(sizeof(detail::DictEntry) * order->capacity()); + size += padded_sizeof(std::vector) + zeek::util::pad_size(sizeof(detail::DictEntry) * order->capacity()); return size; } @@ -507,7 +507,7 @@ void Dictionary::Dump(int level) const { if ( table[i].Empty() ) continue; - key_size += pad_size(table[i].key_size); + key_size += zeek::util::pad_size(table[i].key_size); if ( ! table[i].value ) continue; } diff --git a/src/Discard.cc b/src/Discard.cc index 76c592de35..d1145d2462 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -7,7 +7,7 @@ #include #include "ZeekString.h" -#include "Net.h" +#include "RunState.h" #include "Func.h" #include "Var.h" #include "Val.h" diff --git a/src/EquivClass.cc b/src/EquivClass.cc index 7e0658ab54..c9f01c455f 100644 --- a/src/EquivClass.cc +++ b/src/EquivClass.cc @@ -4,6 +4,7 @@ #include "EquivClass.h" #include "CCL.h" +#include "util.h" namespace zeek::detail { @@ -188,7 +189,7 @@ void EquivClass::Dump(FILE* f) int EquivClass::Size() const { - return padded_sizeof(*this) + pad_size(sizeof(int) * size * (ccl_flags ? 5 : 4)); + return padded_sizeof(*this) + zeek::util::pad_size(sizeof(int) * size * (ccl_flags ? 5 : 4)); } } // namespace zeek::detail diff --git a/src/Event.cc b/src/Event.cc index 4792f79326..c2d5528e3d 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -11,7 +11,7 @@ #include "plugin/Manager.h" #include "iosource/Manager.h" #include "iosource/PktSrc.h" -#include "Net.h" +#include "RunState.h" zeek::EventMgr zeek::event_mgr; zeek::EventMgr& mgr = zeek::event_mgr; @@ -19,7 +19,8 @@ zeek::EventMgr& mgr = zeek::event_mgr; namespace zeek { Event::Event(EventHandlerPtr arg_handler, zeek::Args arg_args, - SourceID arg_src, zeek::analyzer::ID arg_aid, Obj* arg_obj) + zeek::util::detail::SourceID arg_src, zeek::analyzer::ID arg_aid, + Obj* arg_obj) : handler(arg_handler), args(std::move(arg_args)), src(arg_src), @@ -48,7 +49,7 @@ void Event::Describe(ODesc* d) const void Event::Dispatch(bool no_remote) { - if ( src == SOURCE_BROKER ) + if ( src == zeek::util::detail::SOURCE_BROKER ) no_remote = true; if ( handler->ErrorHandler() ) @@ -75,7 +76,7 @@ void Event::Dispatch(bool no_remote) EventMgr::EventMgr() { head = tail = nullptr; - current_src = SOURCE_LOCAL; + current_src = zeek::util::detail::SOURCE_LOCAL; current_aid = 0; src_val = nullptr; draining = false; @@ -93,15 +94,15 @@ EventMgr::~EventMgr() Unref(src_val); } -void EventMgr::QueueEventFast(const EventHandlerPtr &h, val_list vl, - SourceID src, analyzer::ID aid, zeek::detail::TimerMgr* mgr, +void EventMgr::QueueEventFast(const EventHandlerPtr &h, ValPList vl, + zeek::util::detail::SourceID src, analyzer::ID aid, zeek::detail::TimerMgr* mgr, Obj* obj) { QueueEvent(new Event(h, zeek::val_list_to_args(vl), src, aid, obj)); } -void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list vl, - SourceID src, analyzer::ID aid, +void EventMgr::QueueEvent(const EventHandlerPtr &h, ValPList vl, + zeek::util::detail::SourceID src, analyzer::ID aid, zeek::detail::TimerMgr* mgr, Obj* obj) { auto args = zeek::val_list_to_args(vl); @@ -110,8 +111,8 @@ void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list vl, Enqueue(h, std::move(args), src, aid, obj); } -void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list* vl, - SourceID src, analyzer::ID aid, +void EventMgr::QueueEvent(const EventHandlerPtr &h, ValPList* vl, + zeek::util::detail::SourceID src, analyzer::ID aid, zeek::detail::TimerMgr* mgr, Obj* obj) { auto args = zeek::val_list_to_args(*vl); @@ -122,7 +123,8 @@ void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list* vl, } void EventMgr::Enqueue(const EventHandlerPtr& h, zeek::Args vl, - SourceID src, zeek::analyzer::ID aid, Obj* obj) + zeek::util::detail::SourceID src, + zeek::analyzer::ID aid, Obj* obj) { QueueEvent(new Event(h, std::move(vl), src, aid, obj)); } @@ -199,7 +201,7 @@ void EventMgr::Drain() // Make sure all of the triggers get processed every time the events // drain. - trigger_mgr->Process(); + zeek::detail::trigger_mgr->Process(); } void EventMgr::Describe(ODesc* d) const @@ -223,9 +225,9 @@ void EventMgr::Process() // If we don't have a source, or the source is closed, or we're // reading live (which includes pseudo-realtime), advance the time // here to the current time since otherwise it won't move forward. - iosource::PktSrc* pkt_src = iosource_mgr->GetPktSrc(); - if ( ! pkt_src || ! pkt_src->IsOpen() || reading_live ) - net_update_time(current_time()); + zeek::iosource::PktSrc* pkt_src = zeek::iosource_mgr->GetPktSrc(); + if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::run_state::reading_live ) + zeek::run_state::detail::update_network_time(zeek::util::current_time()); queue_flare.Extinguish(); @@ -233,16 +235,16 @@ void EventMgr::Process() // to call Drain() as part of this method. It will get called at // the end of net_run after all of the sources have been processed // and had the opportunity to spawn new events. We could use - // iosource_mgr->Wakeup() instead of making EventMgr an IOSource, + // zeek::iosource_mgr->Wakeup() instead of making EventMgr an IOSource, // but then we couldn't update the time above and nothing would // drive it forward. } void EventMgr::InitPostScript() { - iosource_mgr->Register(this, true, false); - if ( ! iosource_mgr->RegisterFd(queue_flare.FD(), this) ) - zeek::reporter->FatalError("Failed to register event manager FD with iosource_mgr"); + zeek::iosource_mgr->Register(this, true, false); + if ( ! zeek::iosource_mgr->RegisterFd(queue_flare.FD(), this) ) + zeek::reporter->FatalError("Failed to register event manager FD with zeek::iosource_mgr"); } } // namespace zeek diff --git a/src/Event.h b/src/Event.h index 05691fa443..97f942e541 100644 --- a/src/Event.h +++ b/src/Event.h @@ -2,7 +2,7 @@ #pragma once -#include "BroList.h" +#include "ZeekList.h" #include "analyzer/Analyzer.h" #include "iosource/IOSource.h" #include "Flare.h" @@ -19,13 +19,13 @@ namespace zeek { class Event final : public zeek::Obj { public: Event(EventHandlerPtr handler, zeek::Args args, - SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, + zeek::util::detail::SourceID src = zeek::util::detail::SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::Obj* obj = nullptr); void SetNext(Event* n) { next_event = n; } Event* NextEvent() const { return next_event; } - SourceID Source() const { return src; } + zeek::util::detail::SourceID Source() const { return src; } zeek::analyzer::ID Analyzer() const { return aid; } EventHandlerPtr Handler() const { return handler; } const zeek::Args& Args() const { return args; } @@ -41,7 +41,7 @@ protected: EventHandlerPtr handler; zeek::Args args; - SourceID src; + zeek::util::detail::SourceID src; zeek::analyzer::ID aid; zeek::Obj* obj; Event* next_event; @@ -61,8 +61,8 @@ public: // because it would be a waste of effort to construct all the event // arguments when there's no handlers to consume them). [[deprecated("Remove in v4.1. Use Enqueue() instead.")]] - void QueueEventFast(const EventHandlerPtr &h, val_list vl, - SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, + void QueueEventFast(const EventHandlerPtr &h, ValPList vl, + zeek::util::detail::SourceID src = zeek::util::detail::SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::detail::TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr); // Queues an event if there's an event handler (or remote consumer). This @@ -72,8 +72,8 @@ public: // QueueEventFast() instead of this function to prevent the redundant // existence check. [[deprecated("Remove in v4.1. Use Enqueue() instead.")]] - void QueueEvent(const EventHandlerPtr &h, val_list vl, - SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, + void QueueEvent(const EventHandlerPtr &h, ValPList vl, + zeek::util::detail::SourceID src = zeek::util::detail::SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::detail::TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr); // Same as QueueEvent, except taking the event's argument list via a @@ -81,8 +81,8 @@ public: // memory pointed to by 'vl' as well as decrementing the reference count of // each of its elements. [[deprecated("Remove in v4.1. Use Enqueue() instead.")]] - void QueueEvent(const EventHandlerPtr &h, val_list* vl, - SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, + void QueueEvent(const EventHandlerPtr &h, ValPList* vl, + zeek::util::detail::SourceID src = zeek::util::detail::SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::detail::TimerMgr* mgr = nullptr, zeek::Obj* obj = nullptr); /** @@ -98,7 +98,7 @@ public: * reference to until dispatching the event. */ void Enqueue(const EventHandlerPtr& h, zeek::Args vl, - SourceID src = SOURCE_LOCAL, zeek::analyzer::ID aid = 0, + zeek::util::detail::SourceID src = zeek::util::detail::SOURCE_LOCAL, zeek::analyzer::ID aid = 0, zeek::Obj* obj = nullptr); /** @@ -119,7 +119,7 @@ public: bool HasEvents() const { return head != nullptr; } // Returns the source ID of last raised event. - SourceID CurrentSource() const { return current_src; } + zeek::util::detail::SourceID CurrentSource() const { return current_src; } // Returns the ID of the analyzer which raised the last event, or 0 if // non-analyzer event. @@ -143,7 +143,7 @@ protected: Event* head; Event* tail; - SourceID current_src; + zeek::util::detail::SourceID current_src; zeek::analyzer::ID current_aid; zeek::RecordVal* src_val; bool draining; diff --git a/src/EventHandler.cc b/src/EventHandler.cc index e86f359e28..b28d891575 100644 --- a/src/EventHandler.cc +++ b/src/EventHandler.cc @@ -72,7 +72,7 @@ void EventHandler::Call(zeek::Args* vl, bool no_remote) for ( auto i = 0u; i < vl->size(); ++i ) { - auto opt_data = bro_broker::val_to_data((*vl)[i].get()); + auto opt_data = zeek::Broker::detail::val_to_data((*vl)[i].get()); if ( opt_data ) xs.emplace_back(std::move(*opt_data)); diff --git a/src/EventHandler.h b/src/EventHandler.h index deb78fea92..c211a1fbdb 100644 --- a/src/EventHandler.h +++ b/src/EventHandler.h @@ -2,7 +2,7 @@ #pragma once -#include "BroList.h" +#include "ZeekList.h" #include "ZeekArgs.h" #include "Type.h" diff --git a/src/Expr.cc b/src/Expr.cc index 772fb731fb..ee6a7b6abc 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -11,7 +11,7 @@ #include "Scope.h" #include "Stmt.h" #include "EventRegistry.h" -#include "Net.h" +#include "RunState.h" #include "Traverse.h" #include "Trigger.h" #include "IPAddr.h" @@ -1265,8 +1265,8 @@ AddToExpr::AddToExpr(ExprPtr arg_op1, ExprPtr arg_op2) } else if ( bt1 != bt2 && bt1 != zeek::TYPE_ANY ) - ExprError(fmt("incompatible vector append: %s and %s", - type_name(bt1), type_name(bt2))); + ExprError(zeek::util::fmt("incompatible vector append: %s and %s", + type_name(bt1), type_name(bt2))); else SetType(op1->GetType()); @@ -1487,12 +1487,12 @@ ValPtr DivideExpr::AddrFold(Val* v1, Val* v2) const if ( a.GetFamily() == IPv4 ) { if ( mask > 32 ) - RuntimeError(fmt("bad IPv4 subnet prefix length: %" PRIu32, mask)); + RuntimeError(zeek::util::fmt("bad IPv4 subnet prefix length: %" PRIu32, mask)); } else { if ( mask > 128 ) - RuntimeError(fmt("bad IPv6 subnet prefix length: %" PRIu32, mask)); + RuntimeError(zeek::util::fmt("bad IPv6 subnet prefix length: %" PRIu32, mask)); } return zeek::make_intrusive(a, mask); @@ -2249,8 +2249,8 @@ bool AssignExpr::TypeCheckArithmetics(TypeTag bt1, TypeTag bt2) { if ( ! IsArithmetic(bt2) ) { - ExprError(fmt("assignment of non-arithmetic value to arithmetic (%s/%s)", - type_name(bt1), type_name(bt2))); + ExprError(zeek::util::fmt("assignment of non-arithmetic value to arithmetic (%s/%s)", + type_name(bt1), type_name(bt2))); return false; } @@ -2459,7 +2459,7 @@ bool AssignExpr::IsRecordElement(TypeDecl* td) const { const NameExpr* n = (const NameExpr*) op1.get(); td->type = op2->GetType(); - td->id = copy_string(n->Id()->Name()); + td->id = zeek::util::copy_string(n->Id()->Name()); } return true; @@ -2519,8 +2519,8 @@ IndexExpr::IndexExpr(ExprPtr arg_op1, ListExprPtr arg_op2, bool arg_is_slice) if ( match_type == DOES_NOT_MATCH_INDEX ) { std::string error_msg = - fmt("expression with type '%s' is not a type that can be indexed", - type_name(op1->GetType()->Tag())); + zeek::util::fmt("expression with type '%s' is not a type that can be indexed", + type_name(op1->GetType()->Tag())); SetError(error_msg.data()); } @@ -2806,7 +2806,7 @@ void IndexExpr::Assign(Frame* f, ValPtr v) const auto& vt = v->GetType(); auto vtt = vt->Tag(); std::string tn = vtt == zeek::TYPE_RECORD ? vt->GetName() : type_name(vtt); - RuntimeErrorWithCallStack(fmt( + RuntimeErrorWithCallStack(zeek::util::fmt( "vector index assignment failed for invalid type '%s', value: %s", tn.data(), d.Description())); } @@ -2828,7 +2828,7 @@ void IndexExpr::Assign(Frame* f, ValPtr v) const auto& vt = v->GetType(); auto vtt = vt->Tag(); std::string tn = vtt == zeek::TYPE_RECORD ? vt->GetName() : type_name(vtt); - RuntimeErrorWithCallStack(fmt( + RuntimeErrorWithCallStack(zeek::util::fmt( "table index assignment failed for invalid type '%s', value: %s", tn.data(), d.Description())); } @@ -2875,7 +2875,7 @@ TraversalCode IndexExpr::Traverse(TraversalCallback* cb) const FieldExpr::FieldExpr(ExprPtr arg_op, const char* arg_field_name) : UnaryExpr(EXPR_FIELD, std::move(arg_op)), - field_name(copy_string(arg_field_name)), td(nullptr), field(0) + field_name(zeek::util::copy_string(arg_field_name)), td(nullptr), field(0) { if ( IsError() ) return; @@ -3022,7 +3022,7 @@ RecordConstructorExpr::RecordConstructorExpr(ListExprPtr constructor_list) // Spin through the list, which should be comprised only of // record-field-assign expressions, and build up a // record type to associate with this constructor. - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); type_decl_list* record_types = new type_decl_list(exprs.length()); for ( const auto& e : exprs ) @@ -3036,7 +3036,7 @@ RecordConstructorExpr::RecordConstructorExpr(ListExprPtr constructor_list) FieldAssignExpr* field = (FieldAssignExpr*) e; const auto& field_type = field->GetType(); - char* field_name = copy_string(field->FieldName()); + char* field_name = zeek::util::copy_string(field->FieldName()); record_types->push_back(new TypeDecl(field_name, field_type)); } @@ -3130,7 +3130,7 @@ TableConstructorExpr::TableConstructorExpr(ListExprPtr constructor_list, attrs = zeek::make_intrusive(std::move(*arg_attrs), type, false, false); const auto& indices = type->AsTableType()->GetIndices()->GetTypes(); - const expr_list& cle = op->AsListExpr()->Exprs(); + const ExprPList& cle = op->AsListExpr()->Exprs(); // check and promote all index expressions in ctor list for ( const auto& expr : cle ) @@ -3143,7 +3143,7 @@ TableConstructorExpr::TableConstructorExpr(ListExprPtr constructor_list, if ( idx_expr->Tag() != EXPR_LIST ) continue; - expr_list& idx_exprs = idx_expr->AsListExpr()->Exprs(); + ExprPList& idx_exprs = idx_expr->AsListExpr()->Exprs(); if ( idx_exprs.length() != static_cast(indices.size()) ) continue; @@ -3176,7 +3176,7 @@ ValPtr TableConstructorExpr::Eval(Frame* f) const return nullptr; auto aggr = zeek::make_intrusive(GetType(), attrs); - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); for ( const auto& expr : exprs ) expr->EvalIntoAggregate(type.get(), aggr.get(), f); @@ -3196,7 +3196,7 @@ ValPtr TableConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const auto tval = aggr ? TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} : zeek::make_intrusive(std::move(tt), attrs); - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); for ( const auto& expr : exprs ) expr->EvalIntoAggregate(t, tval.get(), nullptr); @@ -3248,7 +3248,7 @@ SetConstructorExpr::SetConstructorExpr(ListExprPtr constructor_list, attrs = zeek::make_intrusive(std::move(*arg_attrs), type, false, false); const auto& indices = type->AsTableType()->GetIndices()->GetTypes(); - expr_list& cle = op->AsListExpr()->Exprs(); + ExprPList& cle = op->AsListExpr()->Exprs(); if ( indices.size() == 1 ) { @@ -3286,7 +3286,7 @@ ValPtr SetConstructorExpr::Eval(Frame* f) const auto aggr = zeek::make_intrusive(IntrusivePtr{zeek::NewRef{}, type->AsTableType()}, attrs); - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); for ( const auto& expr : exprs ) { @@ -3307,7 +3307,7 @@ ValPtr SetConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const auto tval = aggr ? TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} : zeek::make_intrusive(std::move(tt), attrs); - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); for ( const auto& e : exprs ) { @@ -3315,7 +3315,7 @@ ValPtr SetConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const if ( ! element || ! tval->Assign(std::move(element), nullptr) ) { - Error(fmt("initialization type mismatch in set"), e); + Error(zeek::util::fmt("initialization type mismatch in set"), e); return nullptr; } } @@ -3379,7 +3379,7 @@ ValPtr VectorConstructorExpr::Eval(Frame* f) const return nullptr; auto vec = zeek::make_intrusive(GetType()); - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); loop_over_list(exprs, i) { @@ -3387,7 +3387,7 @@ ValPtr VectorConstructorExpr::Eval(Frame* f) const if ( ! vec->Assign(i, e->Eval(f)) ) { - RuntimeError(fmt("type mismatch at index %d", i)); + RuntimeError(zeek::util::fmt("type mismatch at index %d", i)); return nullptr; } } @@ -3404,7 +3404,7 @@ ValPtr VectorConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const auto vec = aggr ? VectorValPtr{zeek::AdoptRef{}, aggr.release()->AsVectorVal()} : zeek::make_intrusive(std::move(vt)); - const expr_list& exprs = op->AsListExpr()->Exprs(); + const ExprPList& exprs = op->AsListExpr()->Exprs(); loop_over_list(exprs, i) { @@ -3413,7 +3413,7 @@ ValPtr VectorConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const if ( ! v || ! vec->Assign(i, std::move(v)) ) { - Error(fmt("initialization type mismatch at index %d", i), e); + Error(zeek::util::fmt("initialization type mismatch at index %d", i), e); return nullptr; } } @@ -3460,7 +3460,7 @@ bool FieldAssignExpr::IsRecordElement(TypeDecl* td) const if ( td ) { td->type = op->GetType(); - td->id = copy_string(field_name.c_str()); + td->id = zeek::util::copy_string(field_name.c_str()); } return true; @@ -3584,8 +3584,8 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, zeek::RecordTypePtr r) int t_i = t_r->FieldOffset(sub_r->FieldName(i)); if ( t_i < 0 ) { - ExprError(fmt("orphaned field \"%s\" in record coercion", - sub_r->FieldName(i))); + ExprError(zeek::util::fmt("orphaned field \"%s\" in record coercion", + sub_r->FieldName(i))); break; } @@ -3626,7 +3626,7 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, zeek::RecordTypePtr r) if ( ! is_arithmetic_promotable(sup_t_i.get(), sub_t_i.get()) && ! is_record_promotable(sup_t_i.get(), sub_t_i.get()) ) { - std::string error_msg = fmt( + std::string error_msg = zeek::util::fmt( "type clash for field \"%s\"", sub_r->FieldName(i)); Error(error_msg.c_str(), sub_t_i.get()); SetError(); @@ -3646,7 +3646,7 @@ RecordCoerceExpr::RecordCoerceExpr(ExprPtr arg_op, zeek::RecordTypePtr r) { if ( ! t_r->FieldDecl(i)->GetAttr(ATTR_OPTIONAL) ) { - std::string error_msg = fmt( + std::string error_msg = zeek::util::fmt( "non-optional field \"%s\" missing", t_r->FieldName(i)); Error(error_msg.c_str()); SetError(); @@ -3861,7 +3861,7 @@ bool ScheduleExpr::IsPure() const ValPtr ScheduleExpr::Eval(Frame* f) const { - if ( terminating ) + if ( zeek::run_state::terminating ) return nullptr; auto when_val = when->Eval(f); @@ -3872,7 +3872,7 @@ ValPtr ScheduleExpr::Eval(Frame* f) const double dt = when_val->InternalDouble(); if ( when->GetType()->Tag() == zeek::TYPE_INTERVAL ) - dt += network_time; + dt += zeek::run_state::network_time; auto args = eval_list(f, event->Args()); @@ -4010,7 +4010,7 @@ ValPtr InExpr::Fold(Val* v1, Val* v2) const // Could do better here e.g. Boyer-Moore if done repeatedly. auto s = reinterpret_cast(s1->CheckString()); - auto res = strstr_n(s2->Len(), s2->Bytes(), s1->Len(), s) != -1; + auto res = zeek::util::strstr_n(s2->Len(), s2->Bytes(), s1->Len(), s) != -1; return zeek::val_mgr->Bool(res); } @@ -4096,7 +4096,7 @@ CallExpr::CallExpr(ExprPtr arg_func, ListExprPtr arg_args, bool in_hook) // run-time errors when we apply this analysis during // parsing. Really we should instead do it after we've // parsed the entire set of scripts. - streq(((NameExpr*) func.get())->Id()->Name(), "fmt") && + zeek::util::streq(((NameExpr*) func.get())->Id()->Name(), "fmt") && // The following is needed because fmt might not yet // be bound as a name. did_builtin_init && @@ -4210,7 +4210,7 @@ void CallExpr::ExprDescribe(ODesc* d) const } LambdaExpr::LambdaExpr(std::unique_ptr arg_ing, - id_list arg_outer_ids) : Expr(EXPR_LAMBDA) + IDPList arg_outer_ids) : Expr(EXPR_LAMBDA) { ingredients = std::move(arg_ing); outer_ids = std::move(arg_outer_ids); @@ -4594,7 +4594,7 @@ ValPtr ListExpr::InitVal(const zeek::Type* t, ValPtr aggr) const if ( ! vec->Assign(i, e->Eval(nullptr)) ) { - e->Error(fmt("type mismatch at index %d", i)); + e->Error(zeek::util::fmt("type mismatch at index %d", i)); return nullptr; } } @@ -4742,7 +4742,7 @@ TraversalCode ListExpr::Traverse(TraversalCallback* cb) const RecordAssignExpr::RecordAssignExpr(const ExprPtr& record, const ExprPtr& init_list, bool is_init) { - const expr_list& inits = init_list->AsListExpr()->Exprs(); + const ExprPList& inits = init_list->AsListExpr()->Exprs(); RecordType* lhs = record->GetType()->AsRecordType(); @@ -4834,7 +4834,7 @@ ValPtr CastExpr::Eval(Frame* f) const GetType()->Describe(&d); d.Add("'"); - if ( same_type(v->GetType(), bro_broker::DataVal::ScriptDataType()) && + if ( same_type(v->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) && ! v->AsRecordVal()->GetField(0) ) d.Add(" (nil $data field)"); @@ -4968,7 +4968,7 @@ ExprPtr check_and_promote_expr(Expr* const e, zeek::Type* t) bool check_and_promote_exprs(ListExpr* const elements, TypeList* types) { - expr_list& el = elements->Exprs(); + ExprPList& el = elements->Exprs(); const auto& tl = types->GetTypes(); if ( tl.size() == 1 && tl[0]->Tag() == zeek::TYPE_ANY ) @@ -5003,7 +5003,7 @@ bool check_and_promote_exprs(ListExpr* const elements, TypeList* types) bool check_and_promote_args(ListExpr* const args, RecordType* types) { - expr_list& el = args->Exprs(); + ExprPList& el = args->Exprs(); int ntypes = types->NumFields(); // give variadic BIFs automatic pass @@ -5012,7 +5012,7 @@ bool check_and_promote_args(ListExpr* const args, RecordType* types) if ( el.length() < ntypes ) { - expr_list def_elements; + ExprPList def_elements; // Start from rightmost parameter, work backward to fill in missing // arguments using &default expressions. @@ -5047,7 +5047,7 @@ bool check_and_promote_args(ListExpr* const args, RecordType* types) bool check_and_promote_exprs_to_type(ListExpr* const elements, zeek::Type* type) { - expr_list& el = elements->Exprs(); + ExprPList& el = elements->Exprs(); if ( type->Tag() == zeek::TYPE_ANY ) return true; @@ -5075,7 +5075,7 @@ bool check_and_promote_exprs_to_type(ListExpr* const elements, zeek::Type* type) std::optional> eval_list(Frame* f, const ListExpr* l) { - const expr_list& e = l->Exprs(); + const ExprPList& e = l->Exprs(); auto rval = std::make_optional>(); rval->reserve(e.length()); diff --git a/src/Expr.h b/src/Expr.h index 615dc93a13..dc98649e86 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -8,7 +8,7 @@ #include #include -#include "BroList.h" +#include "ZeekList.h" #include "IntrusivePtr.h" #include "Timer.h" #include "Type.h" @@ -789,7 +789,7 @@ protected: class LambdaExpr final : public Expr { public: LambdaExpr(std::unique_ptr ingredients, - id_list outer_ids); + IDPList outer_ids); ValPtr Eval(Frame* f) const override; TraversalCode Traverse(TraversalCallback* cb) const override; @@ -802,7 +802,7 @@ protected: private: std::unique_ptr ingredients; - id_list outer_ids; + IDPList outer_ids; std::string my_name; }; @@ -834,8 +834,8 @@ public: void Append(ExprPtr e); - const expr_list& Exprs() const { return exprs; } - expr_list& Exprs() { return exprs; } + const ExprPList& Exprs() const { return exprs; } + ExprPList& Exprs() { return exprs; } // True if the entire list represents pure values. bool IsPure() const override; @@ -854,7 +854,7 @@ protected: void ExprDescribe(ODesc* d) const override; - expr_list exprs; + ExprPList exprs; }; diff --git a/src/File.cc b/src/File.cc index 03f01cca32..6ee202b084 100644 --- a/src/File.cc +++ b/src/File.cc @@ -25,7 +25,7 @@ #include "Type.h" #include "Expr.h" #include "NetVar.h" -#include "Net.h" +#include "RunState.h" #include "Event.h" #include "Reporter.h" #include "Desc.h" @@ -68,8 +68,8 @@ File::File(FILE* arg_f, const char* arg_name, const char* arg_access) { Init(); f = arg_f; - name = copy_string(arg_name); - access = copy_string(arg_access); + name = zeek::util::copy_string(arg_name); + access = zeek::util::copy_string(arg_access); t = zeek::base_type(zeek::TYPE_STRING); is_open = (f != nullptr); } @@ -78,15 +78,15 @@ File::File(const char* arg_name, const char* arg_access) { Init(); f = nullptr; - name = copy_string(arg_name); - access = copy_string(arg_access); + name = zeek::util::copy_string(arg_name); + access = zeek::util::copy_string(arg_access); t = zeek::base_type(zeek::TYPE_STRING); - if ( streq(name, "/dev/stdin") ) + if ( zeek::util::streq(name, "/dev/stdin") ) f = stdin; - else if ( streq(name, "/dev/stdout") ) + else if ( zeek::util::streq(name, "/dev/stdout") ) f = stdout; - else if ( streq(name, "/dev/stderr") ) + else if ( zeek::util::streq(name, "/dev/stderr") ) f = stderr; if ( f ) @@ -119,7 +119,7 @@ const char* File::Name() const bool File::Open(FILE* file, const char* mode) { static bool fds_maximized = false; - open_time = network_time ? network_time : current_time(); + open_time = zeek::run_state::network_time ? zeek::run_state::network_time : zeek::util::current_time(); if ( ! fds_maximized ) { @@ -282,7 +282,7 @@ zeek::RecordVal* File::Rotate() static auto rotate_info = zeek::id::find_type("rotate_info"); auto* info = new zeek::RecordVal(rotate_info); - FILE* newf = rotate_file(name, info); + FILE* newf = zeek::util::detail::rotate_file(name, info); if ( ! newf ) { diff --git a/src/Flare.cc b/src/Flare.cc index b0b35f46ae..3dddef3a99 100644 --- a/src/Flare.cc +++ b/src/Flare.cc @@ -19,7 +19,7 @@ Flare::Flare() abort(); char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); if ( zeek::reporter ) zeek::reporter->FatalErrorWithCore("unexpected pipe %s failure: %s", which, buf); diff --git a/src/Frag.cc b/src/Frag.cc index 61bde3e0a2..dff8f5cb1e 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -8,6 +8,7 @@ #include "NetVar.h" #include "Sessions.h" #include "Reporter.h" +#include "RunState.h" constexpr uint32_t MIN_ACCEPTABLE_FRAG_SIZE = 64; constexpr uint32_t MAX_ACCEPTABLE_FRAG_SIZE = 64000; @@ -154,7 +155,7 @@ void FragReassembler::AddFragment(double t, const zeek::IP_Hdr* ip, const u_char pkt += hdr_len; len -= hdr_len; - NewBlock(network_time, offset, len, pkt); + NewBlock(zeek::run_state::network_time, offset, len, pkt); } void FragReassembler::Weird(const char* name) const @@ -278,7 +279,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */) { zeek::reporter->InternalWarning("bad fragment reassembly"); DeleteTimer(); - Expire(network_time); + Expire(zeek::run_state::network_time); delete [] pkt_start; return; } diff --git a/src/Frame.cc b/src/Frame.cc index deeef6b358..3575d38e51 100644 --- a/src/Frame.cc +++ b/src/Frame.cc @@ -213,14 +213,14 @@ void Frame::CloneNonFuncElement(int offset, ScriptFunc* func, Frame* other) cons other->SetElement(offset, std::move(rval)); } -Frame* Frame::SelectiveClone(const id_list& selection, ScriptFunc* func) const +Frame* Frame::SelectiveClone(const IDPList& selection, ScriptFunc* func) const { if ( selection.length() == 0 ) return nullptr; - id_list us; + IDPList us; // and - id_list them; + IDPList them; for ( const auto& we : selection ) { @@ -279,16 +279,16 @@ Frame* Frame::SelectiveClone(const id_list& selection, ScriptFunc* func) const return other; } -broker::expected Frame::Serialize(const Frame* target, const id_list& selection) +broker::expected Frame::Serialize(const Frame* target, const IDPList& selection) { broker::vector rval; if ( selection.length() == 0 ) return {std::move(rval)}; - id_list us; + IDPList us; // and - id_list them; + IDPList them; std::unordered_map new_map; if ( target->offset_map ) @@ -350,7 +350,7 @@ broker::expected Frame::Serialize(const Frame* target, const id_li zeek::TypeTag tag = val->GetType()->Tag(); - auto expected = bro_broker::val_to_data(val.get()); + auto expected = zeek::Broker::detail::val_to_data(val.get()); if ( ! expected ) return broker::ec::invalid_data; @@ -368,7 +368,7 @@ std::pair Frame::Unserialize(const broker::vector& data) if ( data.size() == 0 ) return std::make_pair(true, nullptr); - id_list outer_ids; + IDPList outer_ids; OffsetMap offset_map; FramePtr closure; @@ -477,7 +477,7 @@ std::pair Frame::Unserialize(const broker::vector& data) broker::integer g = *has_type; zeek::Type t( static_cast(g) ); - auto val = bro_broker::data_to_val(std::move(val_tuple[0]), &t); + auto val = zeek::Broker::detail::data_to_val(std::move(val_tuple[0]), &t); if ( ! val ) return std::make_pair(false, nullptr); @@ -487,7 +487,7 @@ std::pair Frame::Unserialize(const broker::vector& data) return std::make_pair(true, std::move(rf)); } -void Frame::AddKnownOffsets(const id_list& ids) +void Frame::AddKnownOffsets(const IDPList& ids) { if ( ! offset_map ) offset_map = std::make_unique(); @@ -499,7 +499,7 @@ void Frame::AddKnownOffsets(const id_list& ids) }); } -void Frame::CaptureClosure(Frame* c, id_list arg_outer_ids) +void Frame::CaptureClosure(Frame* c, IDPList arg_outer_ids) { if ( closure || outer_ids.length() ) zeek::reporter->InternalError("Attempted to override a closure."); @@ -544,7 +544,7 @@ bool Frame::IsOuterID(const zeek::detail::ID* in) const [&in](zeek::detail::ID* id)-> bool { return strcmp(id->Name(), in->Name()) == 0; }); } -broker::expected Frame::SerializeIDList(const id_list& in) +broker::expected Frame::SerializeIDList(const IDPList& in) { broker::vector rval; @@ -571,10 +571,10 @@ Frame::SerializeOffsetMap(const std::unordered_map& in) return {std::move(rval)}; } -std::pair +std::pair Frame::UnserializeIDList(const broker::vector& data) { - id_list rval; + IDPList rval; if ( data.size() % 2 != 0 ) return std::make_pair(false, std::move(rval)); @@ -587,7 +587,7 @@ Frame::UnserializeIDList(const broker::vector& data) for ( auto& i : rval ) Unref(i); - rval = id_list{}; + rval = IDPList{}; return std::make_pair(false, std::move(rval)); } @@ -599,7 +599,7 @@ Frame::UnserializeIDList(const broker::vector& data) for ( auto& i : rval ) Unref(i); - rval = id_list{}; + rval = IDPList{}; return std::make_pair(false, std::move(rval)); } diff --git a/src/Frame.h b/src/Frame.h index 416e921b1f..56e052a13b 100644 --- a/src/Frame.h +++ b/src/Frame.h @@ -2,7 +2,7 @@ #pragma once -#include "BroList.h" // for typedef val_list +#include "ZeekList.h" // for typedef val_list #include "Obj.h" #include "IntrusivePtr.h" #include "ZeekArgs.h" @@ -175,7 +175,7 @@ public: * *selection* have been cloned. All other values are made to be * null. */ - Frame* SelectiveClone(const id_list& selection, ScriptFunc* func) const; + Frame* SelectiveClone(const IDPList& selection, ScriptFunc* func) const; /** * Serializes the Frame into a Broker representation. @@ -200,7 +200,7 @@ public: * @return the broker representaton, or an error if the serialization * failed. */ - static broker::expected Serialize(const Frame* target, const id_list& selection); + static broker::expected Serialize(const Frame* target, const IDPList& selection); /** * Instantiates a Frame from a serialized one. @@ -218,7 +218,7 @@ public: * * @param ids the ids that the frame will intake. */ - void AddKnownOffsets(const id_list& ids); + void AddKnownOffsets(const IDPList& ids); /** * Captures *c* as this frame's closure and Refs all of the values @@ -226,7 +226,7 @@ public: * the frame will unref it upon deconstruction. When calling this, * the frame's closure must not have been set yet. */ - void CaptureClosure(Frame* c, id_list outer_ids); + void CaptureClosure(Frame* c, IDPList outer_ids); // If the frame is run in the context of a trigger condition evaluation, // the trigger needs to be registered. @@ -293,16 +293,16 @@ private: static broker::expected SerializeOffsetMap(const OffsetMap& in); - /** Serializes an id_list */ + /** Serializes an IDPList */ static broker::expected - SerializeIDList(const id_list& in); + SerializeIDList(const IDPList& in); /** Unserializes an offset map. */ static std::pair> UnserializeOffsetMap(const broker::vector& data); - /** Unserializes an id_list. */ - static std::pair + /** Unserializes an IDPList. */ + static std::pair UnserializeIDList(const broker::vector& data); /** The number of vals that can be stored in this frame. */ @@ -320,7 +320,7 @@ private: Frame* closure; /** ID's used in this frame from the enclosing frame. */ - id_list outer_ids; + IDPList outer_ids; /** * Maps ID names to offsets. Used if this frame is serialized diff --git a/src/Func.cc b/src/Func.cc index 076fdb1564..79735c6506 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -39,7 +39,7 @@ #include "Expr.h" #include "Stmt.h" #include "Scope.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "File.h" #include "Frame.h" @@ -108,12 +108,12 @@ std::string render_call_stack() arg_desc += d.Description(); } - rval += fmt("#%d %s(%s)", lvl, name, arg_desc.data()); + rval += zeek::util::fmt("#%d %s(%s)", lvl, name, arg_desc.data()); if ( ci.call ) { auto loc = ci.call->GetLocationInfo(); - rval += fmt(" at %s:%d", loc->filename, loc->first_line); + rval += zeek::util::fmt(" at %s:%d", loc->filename, loc->first_line); } ++lvl; @@ -286,7 +286,7 @@ void Func::CheckPluginResult(bool handled, const zeek::ValPtr& hook_result, } } -zeek::Val* Func::Call(val_list* args, zeek::detail::Frame* parent) const +zeek::Val* Func::Call(ValPList* args, zeek::detail::Frame* parent) const { auto zargs = zeek::val_list_to_args(*args); return Invoke(&zargs, parent).release(); @@ -375,7 +375,7 @@ zeek::ValPtr ScriptFunc::Invoke(zeek::Args* args, zeek::detail::Frame* parent) c GetType()->FlavorString().c_str(), d.Description()); } - stmt_flow_type flow = FLOW_NEXT; + StmtFlowType flow = FLOW_NEXT; zeek::ValPtr result; for ( const auto& body : bodies ) @@ -498,7 +498,7 @@ void ScriptFunc::AddBody(zeek::detail::StmtPtr new_body, sort(bodies.begin(), bodies.end()); } -void ScriptFunc::AddClosure(id_list ids, zeek::detail::Frame* f) +void ScriptFunc::AddClosure(IDPList ids, zeek::detail::Frame* f) { if ( ! f ) return; @@ -689,7 +689,7 @@ bool check_built_in_call(BuiltinFunc* f, zeek::detail::CallExpr* call) if ( f->TheFunc() != zeek::BifFunc::fmt_bif) return true; - const expr_list& args = call->Args()->Exprs(); + const ExprPList& args = call->Args()->Exprs(); if ( args.length() == 0 ) { // Empty calls are allowed, since you can't just @@ -700,7 +700,7 @@ bool check_built_in_call(BuiltinFunc* f, zeek::detail::CallExpr* call) const zeek::detail::Expr* fmt_str_arg = args[0]; if ( fmt_str_arg->GetType()->Tag() != zeek::TYPE_STRING ) { - call->Error("first argument to fmt() needs to be a format string"); + call->Error("first argument to zeek::util::fmt() needs to be a format string"); return false; } @@ -729,7 +729,7 @@ bool check_built_in_call(BuiltinFunc* f, zeek::detail::CallExpr* call) if ( args.length() != num_fmt + 1 ) { - call->Error("mismatch between format string to fmt() and number of arguments passed"); + call->Error("mismatch between format string to zeek::util::fmt() and number of arguments passed"); return false; } } diff --git a/src/Func.h b/src/Func.h index 8c5d37c3f6..217b835776 100644 --- a/src/Func.h +++ b/src/Func.h @@ -9,7 +9,7 @@ #include #include -#include "BroList.h" +#include "ZeekList.h" #include "Obj.h" #include "IntrusivePtr.h" #include "Type.h" /* for function_flavor */ @@ -72,7 +72,7 @@ public: bool HasBodies() const { return bodies.size(); } [[deprecated("Remove in v4.1. Use Invoke() instead.")]] - zeek::Val* Call(val_list* args, zeek::detail::Frame* parent = nullptr) const; + zeek::Val* Call(ValPList* args, zeek::detail::Frame* parent = nullptr) const; /** * Calls a Zeek function. @@ -165,7 +165,7 @@ public: * @param ids IDs that are captured by the closure. * @param f the closure to be captured. */ - void AddClosure(id_list ids, zeek::detail::Frame* f); + void AddClosure(IDPList ids, zeek::detail::Frame* f); /** * Replaces the current closure with one built from *data* @@ -192,7 +192,7 @@ public: size_t new_frame_size, int priority) override; /** Sets this function's outer_id list. */ - void SetOuterIDs(id_list ids) + void SetOuterIDs(IDPList ids) { outer_ids = std::move(ids); } void Describe(ODesc* d) const override; @@ -220,7 +220,7 @@ private: size_t frame_size; // List of the outer IDs used in the function. - id_list outer_ids; + IDPList outer_ids; // The frame the ScriptFunc was initialized in. zeek::detail::Frame* closure = nullptr; bool weak_closure_ref = false; diff --git a/src/Hash.h b/src/Hash.h index efec2d5a96..b2b237a420 100644 --- a/src/Hash.h +++ b/src/Hash.h @@ -199,7 +199,7 @@ private: inline static uint8_t shared_hmac_md5_key[16]; inline static bool seeds_initialized = false; - friend void ::hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]); + friend void zeek::util::detail::hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]); friend BifReturnVal zeek::BifFunc::md5_hmac_bif(zeek::detail::Frame* frame, const zeek::Args*); }; @@ -258,7 +258,7 @@ public: int Size() const { return size; } hash_t Hash() const { return hash; } - unsigned int MemoryAllocation() const { return padded_sizeof(*this) + pad_size(size); } + unsigned int MemoryAllocation() const { return padded_sizeof(*this) + zeek::util::pad_size(size); } static hash_t HashBytes(const void* bytes, int size); protected: diff --git a/src/ID.cc b/src/ID.cc index f607ab23c2..46dcd50efd 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -107,7 +107,7 @@ namespace zeek::detail { ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export) { - name = copy_string(arg_name); + name = zeek::util::copy_string(arg_name); scope = arg_scope; is_export = arg_is_export; is_option = false; @@ -222,8 +222,8 @@ void ID::SetVal(ExprPtr ev, InitClass c) if ( ! val ) { - Error(fmt("%s initializer applied to ID without value", - c == INIT_EXTRA ? "+=" : "-="), this); + Error(zeek::util::fmt("%s initializer applied to ID without value", + c == INIT_EXTRA ? "+=" : "-="), this); return; } @@ -309,9 +309,9 @@ std::string ID::GetDeprecationWarning() const result = depr_attr->DeprecationMessage(); if ( result.empty() ) - return fmt("deprecated (%s)", Name()); + return zeek::util::fmt("deprecated (%s)", Name()); else - return fmt("deprecated (%s): %s", Name(), result.c_str()); + return zeek::util::fmt("deprecated (%s): %s", Name(), result.c_str()); } void ID::AddAttrs(AttributesPtr a) @@ -614,10 +614,10 @@ void ID::DescribeReST(ODesc* d, bool roles_only) const ODesc expr_desc; ir->init_expr->Describe(&expr_desc); redef_str = expr_desc.Description(); - redef_str = strreplace(redef_str, "\n", " "); + redef_str = zeek::util::strreplace(redef_str, "\n", " "); d->Add(":Redefinition: "); - d->Add(fmt("from :doc:`/scripts/%s`", ir->from_script.data())); + d->Add(zeek::util::fmt("from :doc:`/scripts/%s`", ir->from_script.data())); d->NL(); d->PushIndent(); diff --git a/src/ID.h b/src/ID.h index 0de062718f..2ea5a41134 100644 --- a/src/ID.h +++ b/src/ID.h @@ -45,7 +45,7 @@ enum IDScope { SCOPE_FUNCTION, SCOPE_MODULE, SCOPE_GLOBAL }; class ID; using IDPtr = zeek::IntrusivePtr; -class ID final : public Obj, public notifier::Modifiable { +class ID final : public Obj, public zeek::notifier::detail::Modifiable { public: static inline const IDPtr nil; diff --git a/src/IP.cc b/src/IP.cc index 277ec67b3d..8cab761c21 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -284,7 +284,7 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const } default: - zeek::reporter->Weird("unknown_mobility_type", fmt("%d", mob->ip6mob_type)); + zeek::reporter->Weird("unknown_mobility_type", zeek::util::fmt("%d", mob->ip6mob_type)); break; } @@ -632,7 +632,7 @@ void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t le default: zeek::reporter->Weird(SrcAddr(), DstAddr(), "unknown_routing_type", - fmt("%d", r->ip6r_type)); + zeek::util::fmt("%d", r->ip6r_type)); break; } } diff --git a/src/IntrusivePtr.h b/src/IntrusivePtr.h index b98761a326..d49aebfb59 100644 --- a/src/IntrusivePtr.h +++ b/src/IntrusivePtr.h @@ -198,7 +198,7 @@ IntrusivePtr cast_intrusive(IntrusivePtr p) noexcept return {zeek::AdoptRef{}, static_cast(p.release())}; } -} +} // namespace zeek // -- comparison to nullptr ---------------------------------------------------- diff --git a/src/List.h b/src/List.h index 95733f01b4..2e09b7e34e 100644 --- a/src/List.h +++ b/src/List.h @@ -51,7 +51,7 @@ public: max_entries = size; - entries = (T*) safe_malloc(max_entries * sizeof(T)); + entries = (T*) zeek::util::safe_malloc(max_entries * sizeof(T)); } List(const List& b) @@ -60,7 +60,7 @@ public: num_entries = b.num_entries; if ( max_entries ) - entries = (T*) safe_malloc(max_entries * sizeof(T)); + entries = (T*) zeek::util::safe_malloc(max_entries * sizeof(T)); else entries = nullptr; @@ -81,7 +81,7 @@ public: List(const T* arr, int n) { num_entries = max_entries = n; - entries = (T*) safe_malloc(max_entries * sizeof(T)); + entries = (T*) zeek::util::safe_malloc(max_entries * sizeof(T)); memcpy(entries, arr, n * sizeof(T)); } @@ -98,7 +98,7 @@ public: num_entries = b.num_entries; if ( max_entries ) - entries = (T *) safe_malloc(max_entries * sizeof(T)); + entries = (T *) zeek::util::safe_malloc(max_entries * sizeof(T)); else entries = nullptr; @@ -148,7 +148,7 @@ public: if ( new_size != max_entries ) { - entries = (T*) safe_realloc((void*) entries, sizeof(T) * new_size); + entries = (T*) zeek::util::safe_realloc((void*) entries, sizeof(T) * new_size); if ( entries ) max_entries = new_size; else @@ -159,7 +159,7 @@ public: } int MemoryAllocation() const - { return padded_sizeof(*this) + pad_size(max_entries * sizeof(T)); } + { return padded_sizeof(*this) + zeek::util::pad_size(max_entries * sizeof(T)); } void push_front(const T& a) { diff --git a/src/Net.h b/src/Net.h index 6f7df6121b..864ff3d757 100644 --- a/src/Net.h +++ b/src/Net.h @@ -1,111 +1,4 @@ -// See the file "COPYING" in the main distribution directory for copyright. +#warning "Net.h is deprecated and will be removed in v4.1. Use RunState.h and/or ScannedFile.h instead." -#pragma once - -#include "zeek-config.h" - -#include // for ino_t - -#include -#include -#include -#include - -namespace iosource { - class IOSource; - class PktSrc; - class PktDumper; - } - -ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek); - -extern void net_init(const std::optional& interfaces, - const std::optional& pcap_input_file, - const std::optional& pcap_output_file, - bool do_watchdog); -extern void net_run(); -extern void net_get_final_stats(); -extern void net_finish(int drain_events); -extern void net_delete(); // Reclaim all memory, etc. -extern void net_update_time(double new_network_time); -extern void net_packet_dispatch(double t, const zeek::Packet* pkt, - iosource::PktSrc* src_ps); -extern void expire_timers(iosource::PktSrc* src_ps = nullptr); -extern void zeek_terminate_loop(const char* reason); - -// Functions to temporarily suspend processing of live input (network packets -// and remote events/state). Turning this is on is sure to lead to data loss! -extern void net_suspend_processing(); -extern void net_continue_processing(); - -extern int _processing_suspended; // don't access directly. -inline bool net_is_processing_suspended() - { return _processing_suspended > 0; } - -// Whether we're reading live traffic. -extern bool reading_live; - -// Same but for reading from traces instead. We have two separate -// variables because it's possible that neither is true, and we're -// instead just running timers (per the variable after this one). -extern bool reading_traces; - -// True if we have timers scheduled for the future on which we need -// to wait. "Need to wait" here means that we're running live (though -// perhaps not reading_live, but just running in real-time) as opposed -// to reading a trace (in which case we don't want to wait in real-time -// on future timers). -extern bool have_pending_timers; - -// If > 0, we are reading from traces but trying to mimic real-time behavior. -// (In this case, both reading_traces and reading_live are true.) The value -// is the speedup (1 = real-time, 0.5 = half real-time, etc.). -extern double pseudo_realtime; - -// When we started processing the current packet and corresponding event -// queue. -extern double processing_start_time; - -// When the Bro process was started. -extern double bro_start_time; - -// Time at which the Bro process was started with respect to network time, -// i.e. the timestamp of the first packet. -extern double bro_start_network_time; - -// True if we're a in the process of cleaning-up just before termination. -extern bool terminating; - -// True if Bro is currently parsing scripts. -extern bool is_parsing; - -extern const zeek::Packet* current_pkt; -extern int current_dispatched; -extern double current_timestamp; -extern iosource::PktSrc* current_pktsrc; -extern iosource::IOSource* current_iosrc; - -extern iosource::PktDumper* pkt_dumper; // where to save packets - -// Script file we have already scanned (or are in the process of scanning). -// They are identified by normalized realpath. -struct ScannedFile { - int include_level; - bool skipped; // This ScannedFile was @unload'd. - bool prefixes_checked; // If loading prefixes for this file has been tried. - std::string name; - std::string canonical_path; // normalized, absolute path via realpath() - - ScannedFile(int arg_include_level, - std::string arg_name, bool arg_skipped = false, - bool arg_prefixes_checked = false); - - /** - * Compares the canonical path of this file against every canonical path - * in files_scanned and returns whether there's any match. - */ - bool AlreadyScanned() const; -}; - -extern std::list files_scanned; -extern std::vector sig_files; +#include "RunState.h" +#include "ScannedFile.h" diff --git a/src/NetVar.cc b/src/NetVar.cc index 7628f1d9eb..62b265b5bd 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -30,6 +30,84 @@ zeek::VectorType* index_vec; zeek::VectorType* mime_matches; zeek::RecordType* mime_match; +zeek::RecordType* socks_address; + +zeek::TableVal* tcp_reassembler_ports_orig; +zeek::TableVal* tcp_reassembler_ports_resp; + +zeek::TableVal* tcp_content_delivery_ports_orig; +zeek::TableVal* tcp_content_delivery_ports_resp; + +zeek::TableVal* udp_content_delivery_ports_orig; +zeek::TableVal* udp_content_delivery_ports_resp; +zeek::TableVal* udp_content_ports; + +zeek::RecordType* mime_header_rec; +zeek::TableType* mime_header_list; + +zeek::RecordType* http_stats_rec; +zeek::RecordType* http_message_stat; + +zeek::RecordType* pm_mapping; +zeek::TableType* pm_mappings; +zeek::RecordType* pm_port_request; +zeek::RecordType* pm_callit_request; + +zeek::RecordType* geo_location; + +zeek::RecordType* entropy_test_result; + +zeek::RecordType* dns_msg; +zeek::RecordType* dns_answer; +zeek::RecordType* dns_soa; +zeek::RecordType* dns_edns_additional; +zeek::RecordType* dns_edns_ecs; +zeek::RecordType* dns_tsig_additional; +zeek::RecordType* dns_rrsig_rr; +zeek::RecordType* dns_dnskey_rr; +zeek::RecordType* dns_nsec3_rr; +zeek::RecordType* dns_ds_rr; +zeek::TableVal* dns_skip_auth; +zeek::TableVal* dns_skip_addl; + +zeek::TableVal* stp_skip_src; + +zeek::TableVal* preserve_orig_addr; +zeek::TableVal* preserve_resp_addr; +zeek::TableVal* preserve_other_addr; + +zeek::RecordType* rotate_info; +zeek::StringVal* log_rotate_base_time; + +zeek::StringVal* peer_description; + +zeek::Val* profiling_file; +zeek::Val* pkt_profile_file; + +zeek::TableType* irc_join_list; +zeek::RecordType* irc_join_info; + +zeek::TableVal* likely_server_ports; + +zeek::StringVal* trace_output_file; + +zeek::RecordType* script_id; +zeek::TableType* id_table; +zeek::RecordType* record_field; +zeek::TableType* record_field_table; +zeek::RecordType* call_argument; +zeek::VectorType* call_argument_vector; + +zeek::StringVal* cmd_line_bpf_filter; + +zeek::StringVal* global_hash_seed; + +// Because of how the BIF include files are built with namespaces already in them, +// these files need to be included separately before the namespace is opened below. + + +namespace zeek::detail { + int watchdog_interval; int max_timer_expires; @@ -56,8 +134,6 @@ int tcp_max_above_hole_without_any_acks; int tcp_excessive_data_without_further_acks; int tcp_max_old_segments; -zeek::RecordType* socks_address; - double non_analyzed_lifetime; double tcp_inactivity_timeout; double udp_inactivity_timeout; @@ -66,17 +142,8 @@ double icmp_inactivity_timeout; int tcp_storm_thresh; double tcp_storm_interarrival_thresh; -zeek::TableVal* tcp_reassembler_ports_orig; -zeek::TableVal* tcp_reassembler_ports_resp; - -zeek::TableVal* tcp_content_delivery_ports_orig; -zeek::TableVal* tcp_content_delivery_ports_resp; bool tcp_content_deliver_all_orig; bool tcp_content_deliver_all_resp; - -zeek::TableVal* udp_content_delivery_ports_orig; -zeek::TableVal* udp_content_delivery_ports_resp; -zeek::TableVal* udp_content_ports; bool udp_content_deliver_all_orig; bool udp_content_deliver_all_resp; bool udp_content_delivery_ports_use_resp; @@ -86,42 +153,15 @@ double rpc_timeout; int mime_segment_length; int mime_segment_overlap_length; -zeek::RecordType* mime_header_rec; -zeek::TableType* mime_header_list; - int http_entity_data_delivery_size; -zeek::RecordType* http_stats_rec; -zeek::RecordType* http_message_stat; int truncate_http_URI; -zeek::RecordType* pm_mapping; -zeek::TableType* pm_mappings; -zeek::RecordType* pm_port_request; -zeek::RecordType* pm_callit_request; - -zeek::RecordType* geo_location; - -zeek::RecordType* entropy_test_result; - -zeek::RecordType* dns_msg; -zeek::RecordType* dns_answer; -zeek::RecordType* dns_soa; -zeek::RecordType* dns_edns_additional; -zeek::RecordType* dns_edns_ecs; -zeek::RecordType* dns_tsig_additional; -zeek::RecordType* dns_rrsig_rr; -zeek::RecordType* dns_dnskey_rr; -zeek::RecordType* dns_nsec3_rr; -zeek::RecordType* dns_ds_rr; -zeek::TableVal* dns_skip_auth; -zeek::TableVal* dns_skip_addl; int dns_skip_all_auth; int dns_skip_all_addl; int dns_max_queries; double stp_delta; double stp_idle_min; -zeek::TableVal* stp_skip_src; double table_expire_interval; double table_expire_delay; @@ -131,22 +171,12 @@ double connection_status_update_interval; int orig_addr_anonymization, resp_addr_anonymization; int other_addr_anonymization; -zeek::TableVal* preserve_orig_addr; -zeek::TableVal* preserve_resp_addr; -zeek::TableVal* preserve_other_addr; -zeek::RecordType* rotate_info; -zeek::StringVal* log_rotate_base_time; - -zeek::StringVal* peer_description; - -zeek::Val* profiling_file; double profiling_interval; int expensive_profiling_multiple; int segment_profiling; int pkt_profile_mode; double pkt_profile_freq; -zeek::Val* pkt_profile_file; int load_sample_freq; @@ -154,47 +184,47 @@ int packet_filter_default; int sig_max_group_size; -zeek::TableType* irc_join_list; -zeek::RecordType* irc_join_info; - int dpd_reassemble_first_packets; int dpd_buffer_size; int dpd_match_only_beginning; int dpd_late_match_stop; int dpd_ignore_ports; -zeek::TableVal* likely_server_ports; - int check_for_unused_event_handlers; double timer_mgr_inactivity_timeout; -zeek::StringVal* trace_output_file; - int record_all_packets; -zeek::RecordType* script_id; -zeek::TableType* id_table; -zeek::RecordType* record_field; -zeek::TableType* record_field_table; -zeek::RecordType* call_argument; -zeek::VectorType* call_argument_vector; - -zeek::StringVal* cmd_line_bpf_filter; - -zeek::StringVal* global_hash_seed; - bro_uint_t bits_per_uid; +} // namespace zeek::detail. The namespace has be closed here before we include the netvar_def files. + +static void bif_init_event_handlers() + { +#include "event.bif.netvar_init" + } + +static void bif_init_net_var() + { +#include "const.bif.netvar_init" +#include "types.bif.netvar_init" +#include "reporter.bif.netvar_init" +#include "supervisor.bif.netvar_init" + } + #include "const.bif.netvar_def" #include "types.bif.netvar_def" #include "event.bif.netvar_def" #include "reporter.bif.netvar_def" #include "supervisor.bif.netvar_def" +// Re-open the namespace now that the bif headers are all included. +namespace zeek::detail { + void init_event_handlers() { -#include "event.bif.netvar_init" + bif_init_event_handlers(); } void init_general_global_var() @@ -213,10 +243,7 @@ extern void zeek_legacy_netvar_init(); void init_net_var() { -#include "const.bif.netvar_init" -#include "types.bif.netvar_init" -#include "reporter.bif.netvar_init" -#include "supervisor.bif.netvar_init" + bif_init_net_var(); zeek::id::detail::init(); zeek_legacy_netvar_init(); @@ -320,3 +347,72 @@ void init_net_var() timer_mgr_inactivity_timeout = zeek::id::find_val("timer_mgr_inactivity_timeout")->AsInterval(); } + +} // namespace zeek::detail + +// Remove in v4.1. +int& watchdog_interval = zeek::detail::watchdog_interval; +int& max_timer_expires = zeek::detail::max_timer_expires; +int& ignore_checksums = zeek::detail::ignore_checksums; +int& partial_connection_ok = zeek::detail::partial_connection_ok; +int& tcp_SYN_ack_ok = zeek::detail::tcp_SYN_ack_ok; +int& tcp_match_undelivered = zeek::detail::tcp_match_undelivered; +int& encap_hdr_size = zeek::detail::encap_hdr_size; +double& frag_timeout = zeek::detail::frag_timeout; +double& tcp_SYN_timeout = zeek::detail::tcp_SYN_timeout; +double& tcp_session_timer = zeek::detail::tcp_session_timer; +double& tcp_connection_linger = zeek::detail::tcp_connection_linger; +double& tcp_attempt_delay = zeek::detail::tcp_attempt_delay; +double& tcp_close_delay = zeek::detail::tcp_close_delay; +double& tcp_partial_close_delay = zeek::detail::tcp_partial_close_delay; +double& tcp_reset_delay = zeek::detail::tcp_reset_delay; +int& tcp_max_initial_window = zeek::detail::tcp_max_initial_window; +int& tcp_max_above_hole_without_any_acks = zeek::detail::tcp_max_above_hole_without_any_acks; +int& tcp_excessive_data_without_further_acks = zeek::detail::tcp_excessive_data_without_further_acks; +int& tcp_max_old_segments = zeek::detail::tcp_max_old_segments; +double& non_analyzed_lifetime = zeek::detail::non_analyzed_lifetime; +double& tcp_inactivity_timeout = zeek::detail::tcp_inactivity_timeout; +double& udp_inactivity_timeout = zeek::detail::udp_inactivity_timeout; +double& icmp_inactivity_timeout = zeek::detail::icmp_inactivity_timeout; +int& tcp_storm_thresh = zeek::detail::tcp_storm_thresh; +double& tcp_storm_interarrival_thresh = zeek::detail::tcp_storm_interarrival_thresh; +bool& tcp_content_deliver_all_orig = zeek::detail::tcp_content_deliver_all_orig; +bool& tcp_content_deliver_all_resp = zeek::detail::tcp_content_deliver_all_resp; +bool& udp_content_deliver_all_orig = zeek::detail::udp_content_deliver_all_orig; +bool& udp_content_deliver_all_resp = zeek::detail::udp_content_deliver_all_resp; +bool& udp_content_delivery_ports_use_resp = zeek::detail::udp_content_delivery_ports_use_resp; +double& dns_session_timeout = zeek::detail::dns_session_timeout; +double& rpc_timeout = zeek::detail::rpc_timeout; +int& mime_segment_length = zeek::detail::mime_segment_length; +int& mime_segment_overlap_length = zeek::detail::mime_segment_overlap_length; +int& http_entity_data_delivery_size = zeek::detail::http_entity_data_delivery_size; +int& truncate_http_URI = zeek::detail::truncate_http_URI; +int& dns_skip_all_auth = zeek::detail::dns_skip_all_auth; +int& dns_skip_all_addl = zeek::detail::dns_skip_all_addl; +int& dns_max_queries = zeek::detail::dns_max_queries; +double& stp_delta = zeek::detail::stp_delta; +double& stp_idle_min = zeek::detail::stp_idle_min; +double& table_expire_interval = zeek::detail::table_expire_interval; +double& table_expire_delay = zeek::detail::table_expire_delay; +int& table_incremental_step = zeek::detail::table_incremental_step; +int& orig_addr_anonymization = zeek::detail::orig_addr_anonymization; +int& resp_addr_anonymization = zeek::detail::resp_addr_anonymization; +int& other_addr_anonymization = zeek::detail::other_addr_anonymization; +double& connection_status_update_interval = zeek::detail::connection_status_update_interval; +double& profiling_interval = zeek::detail::profiling_interval; +int& expensive_profiling_multiple = zeek::detail::expensive_profiling_multiple; +int& segment_profiling = zeek::detail::segment_profiling; +int& pkt_profile_mode = zeek::detail::pkt_profile_mode; +double& pkt_profile_freq = zeek::detail::pkt_profile_freq; +int& load_sample_freq = zeek::detail::load_sample_freq; +int& packet_filter_default = zeek::detail::packet_filter_default; +int& sig_max_group_size = zeek::detail::sig_max_group_size; +int& dpd_reassemble_first_packets = zeek::detail::dpd_reassemble_first_packets; +int& dpd_buffer_size = zeek::detail::dpd_buffer_size; +int& dpd_match_only_beginning = zeek::detail::dpd_match_only_beginning; +int& dpd_late_match_stop = zeek::detail::dpd_late_match_stop; +int& dpd_ignore_ports = zeek::detail::dpd_ignore_ports; +int& check_for_unused_event_handlers = zeek::detail::check_for_unused_event_handlers; +double& timer_mgr_inactivity_timeout = zeek::detail::timer_mgr_inactivity_timeout; +int& record_all_packets = zeek::detail::record_all_packets; +bro_uint_t& bits_per_uid = zeek::detail::bits_per_uid; diff --git a/src/NetVar.h b/src/NetVar.h index 9c1017d96e..fba7d5494b 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -6,6 +6,176 @@ #include "EventRegistry.h" #include "Stats.h" +namespace zeek::detail { + +extern int watchdog_interval; + +extern int max_timer_expires; + +extern int ignore_checksums; +extern int partial_connection_ok; +extern int tcp_SYN_ack_ok; +extern int tcp_match_undelivered; + +extern int encap_hdr_size; + +extern double frag_timeout; + +extern double tcp_SYN_timeout; +extern double tcp_session_timer; +extern double tcp_connection_linger; +extern double tcp_attempt_delay; +extern double tcp_close_delay; +extern double tcp_partial_close_delay; +extern double tcp_reset_delay; + +extern int tcp_max_initial_window; +extern int tcp_max_above_hole_without_any_acks; +extern int tcp_excessive_data_without_further_acks; +extern int tcp_max_old_segments; + +extern double non_analyzed_lifetime; +extern double tcp_inactivity_timeout; +extern double udp_inactivity_timeout; +extern double icmp_inactivity_timeout; + +extern int tcp_storm_thresh; +extern double tcp_storm_interarrival_thresh; +extern bool tcp_content_deliver_all_orig; +extern bool tcp_content_deliver_all_resp; + +extern bool udp_content_deliver_all_orig; +extern bool udp_content_deliver_all_resp; +extern bool udp_content_delivery_ports_use_resp; + +extern double dns_session_timeout; +extern double rpc_timeout; + +extern int mime_segment_length; +extern int mime_segment_overlap_length; + +extern int http_entity_data_delivery_size; +extern int truncate_http_URI; + +extern int dns_skip_all_auth; +extern int dns_skip_all_addl; +extern int dns_max_queries; + +extern double stp_delta; +extern double stp_idle_min; +extern double table_expire_interval; +extern double table_expire_delay; +extern int table_incremental_step; + +extern int orig_addr_anonymization, resp_addr_anonymization; +extern int other_addr_anonymization; + +extern double connection_status_update_interval; + +extern double profiling_interval; +extern int expensive_profiling_multiple; + +extern int segment_profiling; +extern int pkt_profile_mode; +extern double pkt_profile_freq; +extern int load_sample_freq; + +extern int packet_filter_default; + +extern int sig_max_group_size; + +extern int dpd_reassemble_first_packets; +extern int dpd_buffer_size; +extern int dpd_match_only_beginning; +extern int dpd_late_match_stop; +extern int dpd_ignore_ports; + +extern int check_for_unused_event_handlers; + +extern double timer_mgr_inactivity_timeout; + +extern int record_all_packets; + +extern bro_uint_t bits_per_uid; + +// Initializes globals that don't pertain to network/event analysis. +extern void init_general_global_var(); + +extern void init_event_handlers(); +extern void init_net_var(); + +} // namespace zeek::detail + +constexpr auto init_general_global_var [[deprecated("Remove in v4.1. Use zeek::detail::init_general_global_var.")]] = zeek::detail::init_general_global_var; +constexpr auto init_event_handlers [[deprecated("Remove in v4.1. Use zeek::detail::init_event_handlers.")]] = zeek::detail::init_event_handlers; +constexpr auto init_net_var [[deprecated("Remove in v4.1. Use zeek::detail::init_net_var.")]] = zeek::detail::init_net_var; + +extern int& watchdog_interval [[deprecated("Remove in v4.1. Use zeek::detail::watchdog_interval.")]]; +extern int& max_timer_expires [[deprecated("Remove in v4.1. Use zeek::detail::max_timer_expires.")]]; +extern int& ignore_checksums [[deprecated("Remove in v4.1. Use zeek::detail::ignore_checksums.")]]; +extern int& partial_connection_ok [[deprecated("Remove in v4.1. Use zeek::detail::partial_connection_ok.")]]; +extern int& tcp_SYN_ack_ok [[deprecated("Remove in v4.1. Use zeek::detail::tcp_SYN_ack_ok.")]]; +extern int& tcp_match_undelivered [[deprecated("Remove in v4.1. Use zeek::detail::tcp_match_undelivered.")]]; +extern int& encap_hdr_size [[deprecated("Remove in v4.1. Use zeek::detail::encap_hdr_size.")]]; +extern double& frag_timeout [[deprecated("Remove in v4.1. Use zeek::detail::frag_timeout.")]]; +extern double& tcp_SYN_timeout [[deprecated("Remove in v4.1. Use zeek::detail::tcp_SYN_timeout.")]]; +extern double& tcp_session_timer [[deprecated("Remove in v4.1. Use zeek::detail::tcp_session_timer.")]]; +extern double& tcp_connection_linger [[deprecated("Remove in v4.1. Use zeek::detail::tcp_connection_linger.")]]; +extern double& tcp_attempt_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_attempt_delay.")]]; +extern double& tcp_close_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_close_delay.")]]; +extern double& tcp_partial_close_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_partial_close_delay.")]]; +extern double& tcp_reset_delay [[deprecated("Remove in v4.1. Use zeek::detail::tcp_reset_delay.")]]; +extern int& tcp_max_initial_window [[deprecated("Remove in v4.1. Use zeek::detail::tcp_max_initial_window.")]]; +extern int& tcp_max_above_hole_without_any_acks [[deprecated("Remove in v4.1. Use zeek::detail::tcp_max_above_hole_without_any_acks.")]]; +extern int& tcp_excessive_data_without_further_acks [[deprecated("Remove in v4.1. Use zeek::detail::tcp_excessive_data_without_further_acks.")]]; +extern int& tcp_max_old_segments [[deprecated("Remove in v4.1. Use zeek::detail::tcp_max_old_segments.")]]; +extern double& non_analyzed_lifetime [[deprecated("Remove in v4.1. Use zeek::detail::non_analyzed_lifetime.")]]; +extern double& tcp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::tcp_inactivity_timeout.")]]; +extern double& udp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::udp_inactivity_timeout.")]]; +extern double& icmp_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::icmp_inactivity_timeout.")]]; +extern int& tcp_storm_thresh [[deprecated("Remove in v4.1. Use zeek::detail::tcp_storm_thresh.")]]; +extern double& tcp_storm_interarrival_thresh [[deprecated("Remove in v4.1. Use zeek::detail::tcp_storm_interarrival_thresh.")]]; +extern bool& tcp_content_deliver_all_orig [[deprecated("Remove in v4.1. Use zeek::detail::tcp_content_deliver_all_orig.")]]; +extern bool& tcp_content_deliver_all_resp [[deprecated("Remove in v4.1. Use zeek::detail::tcp_content_deliver_all_resp.")]]; +extern bool& udp_content_deliver_all_orig [[deprecated("Remove in v4.1. Use zeek::detail::udp_content_deliver_all_orig.")]]; +extern bool& udp_content_deliver_all_resp [[deprecated("Remove in v4.1. Use zeek::detail::udp_content_deliver_all_resp.")]]; +extern bool& udp_content_delivery_ports_use_resp [[deprecated("Remove in v4.1. Use zeek::detail::udp_content_delivery_ports_use_resp.")]]; +extern double& dns_session_timeout [[deprecated("Remove in v4.1. Use zeek::detail::dns_session_timeout.")]]; +extern double& rpc_timeout [[deprecated("Remove in v4.1. Use zeek::detail::rpc_timeout.")]]; +extern int& mime_segment_length [[deprecated("Remove in v4.1. Use zeek::detail::mime_segment_length.")]]; +extern int& mime_segment_overlap_length [[deprecated("Remove in v4.1. Use zeek::detail::mime_segment_overlap_length.")]]; +extern int& http_entity_data_delivery_size [[deprecated("Remove in v4.1. Use zeek::detail::http_entity_data_delivery_size.")]]; +extern int& truncate_http_URI [[deprecated("Remove in v4.1. Use zeek::detail::truncate_http_URI.")]]; +extern int& dns_skip_all_auth [[deprecated("Remove in v4.1. Use zeek::detail::dns_skip_all_auth.")]]; +extern int& dns_skip_all_addl [[deprecated("Remove in v4.1. Use zeek::detail::dns_skip_all_addl.")]]; +extern int& dns_max_queries [[deprecated("Remove in v4.1. Use zeek::detail::dns_max_queries.")]]; +extern double& stp_delta [[deprecated("Remove in v4.1. Use zeek::detail::stp_delta.")]]; +extern double& stp_idle_min [[deprecated("Remove in v4.1. Use zeek::detail::stp_idle_min.")]]; +extern double& table_expire_interval [[deprecated("Remove in v4.1. Use zeek::detail::table_expire_interval.")]]; +extern double& table_expire_delay [[deprecated("Remove in v4.1. Use zeek::detail::table_expire_delay.")]]; +extern int& table_incremental_step [[deprecated("Remove in v4.1. Use zeek::detail::table_incremental_step.")]]; +extern int& orig_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::detail::orig_addr_anonymization.")]]; +extern int& resp_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::detail::resp_addr_anonymization.")]]; +extern int& other_addr_anonymization [[deprecated("Remove in v4.1. Use zeek::detail::other_addr_anonymization.")]]; +extern double& connection_status_update_interval [[deprecated("Remove in v4.1. Use zeek::detail::connection_status_update_interval.")]]; +extern double& profiling_interval [[deprecated("Remove in v4.1. Use zeek::detail::profiling_interval.")]]; +extern int& expensive_profiling_multiple [[deprecated("Remove in v4.1. Use zeek::detail::expensive_profiling_multiple.")]]; +extern int& segment_profiling [[deprecated("Remove in v4.1. Use zeek::detail::segment_profiling.")]]; +extern int& pkt_profile_mode [[deprecated("Remove in v4.1. Use zeek::detail::pkt_profile_mode.")]]; +extern double& pkt_profile_freq [[deprecated("Remove in v4.1. Use zeek::detail::pkt_profile_freq.")]]; +extern int& load_sample_freq [[deprecated("Remove in v4.1. Use zeek::detail::load_sample_freq.")]]; +extern int& packet_filter_default [[deprecated("Remove in v4.1. Use zeek::detail::packet_filter_default.")]]; +extern int& sig_max_group_size [[deprecated("Remove in v4.1. Use zeek::detail::sig_max_group_size.")]]; +extern int& dpd_reassemble_first_packets [[deprecated("Remove in v4.1. Use zeek::detail::dpd_reassemble_first_packets.")]]; +extern int& dpd_buffer_size [[deprecated("Remove in v4.1. Use zeek::detail::dpd_buffer_size.")]]; +extern int& dpd_match_only_beginning [[deprecated("Remove in v4.1. Use zeek::detail::dpd_match_only_beginning.")]]; +extern int& dpd_late_match_stop [[deprecated("Remove in v4.1. Use zeek::detail::dpd_late_match_stop.")]]; +extern int& dpd_ignore_ports [[deprecated("Remove in v4.1. Use zeek::detail::dpd_ignore_ports.")]]; +extern int& check_for_unused_event_handlers [[deprecated("Remove in v4.1. Use zeek::detail::check_for_unused_event_handlers.")]]; +extern double& timer_mgr_inactivity_timeout [[deprecated("Remove in v4.1. Use zeek::detail::timer_mgr_inactivity_timeout.")]]; +extern int& record_all_packets [[deprecated("Remove in v4.1. Use zeek::detail::record_all_packets.")]]; +extern bro_uint_t& bits_per_uid [[deprecated("Remove in v4.1. Use zeek::detail::bits_per_uid.")]]; + [[deprecated("Remove in v4.1. Use zeek::id::conn_id.")]] extern zeek::RecordType* conn_id; [[deprecated("Remove in v4.1. Use zeek::id::endpoint.")]] @@ -49,43 +219,9 @@ extern zeek::VectorType* mime_matches; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* mime_match; -extern int watchdog_interval; - -extern int max_timer_expires; - -extern int ignore_checksums; -extern int partial_connection_ok; -extern int tcp_SYN_ack_ok; -extern int tcp_match_undelivered; - -extern int encap_hdr_size; - -extern double frag_timeout; - -extern double tcp_SYN_timeout; -extern double tcp_session_timer; -extern double tcp_connection_linger; -extern double tcp_attempt_delay; -extern double tcp_close_delay; -extern double tcp_partial_close_delay; -extern double tcp_reset_delay; - -extern int tcp_max_initial_window; -extern int tcp_max_above_hole_without_any_acks; -extern int tcp_excessive_data_without_further_acks; -extern int tcp_max_old_segments; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* socks_address; -extern double non_analyzed_lifetime; -extern double tcp_inactivity_timeout; -extern double udp_inactivity_timeout; -extern double icmp_inactivity_timeout; - -extern int tcp_storm_thresh; -extern double tcp_storm_interarrival_thresh; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* tcp_reassembler_ports_orig; [[deprecated("Remove in v4.1. Perform your own lookup.")]] @@ -95,8 +231,6 @@ extern zeek::TableVal* tcp_reassembler_ports_resp; extern zeek::TableVal* tcp_content_delivery_ports_orig; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* tcp_content_delivery_ports_resp; -extern bool tcp_content_deliver_all_orig; -extern bool tcp_content_deliver_all_resp; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* udp_content_delivery_ports_orig; @@ -104,26 +238,15 @@ extern zeek::TableVal* udp_content_delivery_ports_orig; extern zeek::TableVal* udp_content_delivery_ports_resp; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* udp_content_ports; -extern bool udp_content_deliver_all_orig; -extern bool udp_content_deliver_all_resp; -extern bool udp_content_delivery_ports_use_resp; - -extern double dns_session_timeout; -extern double rpc_timeout; - -extern int mime_segment_length; -extern int mime_segment_overlap_length; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* mime_header_rec; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableType* mime_header_list; -extern int http_entity_data_delivery_size; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* http_stats_rec; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* http_message_stat; -extern int truncate_http_URI; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* pm_mapping; @@ -164,21 +287,10 @@ extern zeek::RecordType* dns_ds_rr; extern zeek::TableVal* dns_skip_auth; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* dns_skip_addl; -extern int dns_skip_all_auth; -extern int dns_skip_all_addl; -extern int dns_max_queries; -extern double stp_delta; -extern double stp_idle_min; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* stp_skip_src; -extern double table_expire_interval; -extern double table_expire_delay; -extern int table_incremental_step; - -extern int orig_addr_anonymization, resp_addr_anonymization; -extern int other_addr_anonymization; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* preserve_orig_addr; [[deprecated("Remove in v4.1. Perform your own lookup.")]] @@ -186,8 +298,6 @@ extern zeek::TableVal* preserve_resp_addr; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* preserve_other_addr; -extern double connection_status_update_interval; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* rotate_info; [[deprecated("Remove in v4.1. Perform your own lookup.")]] @@ -198,44 +308,21 @@ extern zeek::StringVal* peer_description; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::Val* profiling_file; -extern double profiling_interval; -extern int expensive_profiling_multiple; -extern int segment_profiling; -extern int pkt_profile_mode; -extern double pkt_profile_freq; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::Val* pkt_profile_file; -extern int load_sample_freq; - -extern int packet_filter_default; - -extern int sig_max_group_size; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableType* irc_join_list; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* irc_join_info; -extern int dpd_reassemble_first_packets; -extern int dpd_buffer_size; -extern int dpd_match_only_beginning; -extern int dpd_late_match_stop; -extern int dpd_ignore_ports; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::TableVal* likely_server_ports; -extern int check_for_unused_event_handlers; - -extern double timer_mgr_inactivity_timeout; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::StringVal* trace_output_file; -extern int record_all_packets; - [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::RecordType* script_id; [[deprecated("Remove in v4.1. Perform your own lookup.")]] @@ -255,14 +342,6 @@ extern zeek::StringVal* cmd_line_bpf_filter; [[deprecated("Remove in v4.1. Perform your own lookup.")]] extern zeek::StringVal* global_hash_seed; -extern bro_uint_t bits_per_uid; - -// Initializes globals that don't pertain to network/event analysis. -extern void init_general_global_var(); - -extern void init_event_handlers(); -extern void init_net_var(); - #include "const.bif.netvar_h" #include "types.bif.netvar_h" #include "event.bif.netvar_h" diff --git a/src/Notifier.cc b/src/Notifier.cc index 5200de282b..18dc1b890c 100644 --- a/src/Notifier.cc +++ b/src/Notifier.cc @@ -5,25 +5,28 @@ #include -notifier::Registry notifier::registry; +zeek::notifier::detail::Registry zeek::notifier::detail::registry; +zeek::notifier::detail::Registry& notifier::registry = zeek::notifier::detail::registry; -notifier::Receiver::Receiver() +namespace zeek::notifier::detail { + +Receiver::Receiver() { DBG_LOG(zeek::DBG_NOTIFIERS, "creating receiver %p", this); } -notifier::Receiver::~Receiver() +Receiver::~Receiver() { DBG_LOG(zeek::DBG_NOTIFIERS, "deleting receiver %p", this); } -notifier::Registry::~Registry() +Registry::~Registry() { while ( registrations.begin() != registrations.end() ) Unregister(registrations.begin()->first); } -void notifier::Registry::Register(Modifiable* m, notifier::Receiver* r) +void Registry::Register(Modifiable* m, Receiver* r) { DBG_LOG(zeek::DBG_NOTIFIERS, "registering object %p for receiver %p", m, r); @@ -31,7 +34,7 @@ void notifier::Registry::Register(Modifiable* m, notifier::Receiver* r) ++m->num_receivers; } -void notifier::Registry::Unregister(Modifiable* m, notifier::Receiver* r) +void Registry::Unregister(Modifiable* m, Receiver* r) { DBG_LOG(zeek::DBG_NOTIFIERS, "unregistering object %p from receiver %p", m, r); @@ -47,7 +50,7 @@ void notifier::Registry::Unregister(Modifiable* m, notifier::Receiver* r) } } -void notifier::Registry::Unregister(Modifiable* m) +void Registry::Unregister(Modifiable* m) { DBG_LOG(zeek::DBG_NOTIFIERS, "unregistering object %p from all notifiers", m); @@ -58,7 +61,7 @@ void notifier::Registry::Unregister(Modifiable* m) registrations.erase(x.first, x.second); } -void notifier::Registry::Modified(Modifiable* m) +void Registry::Modified(Modifiable* m) { DBG_LOG(zeek::DBG_NOTIFIERS, "object %p has been modified", m); @@ -67,7 +70,7 @@ void notifier::Registry::Modified(Modifiable* m) i->second->Modified(m); } -void notifier::Registry::Terminate() +void Registry::Terminate() { std::set receivers; @@ -78,8 +81,10 @@ void notifier::Registry::Terminate() r->Terminate(); } -notifier::Modifiable::~Modifiable() +Modifiable::~Modifiable() { if ( num_receivers ) registry.Unregister(this); } + +} // namespace zeek::notifier::detail diff --git a/src/Notifier.h b/src/Notifier.h index d6618a5e5f..65748105ca 100644 --- a/src/Notifier.h +++ b/src/Notifier.h @@ -10,7 +10,7 @@ #include #include -namespace notifier { +namespace zeek::notifier::detail { class Modifiable; @@ -118,4 +118,14 @@ protected: uint64_t num_receivers = 0; }; -} +} // namespace zeek::notifier::detail + +namespace notifier { + +using Receiver [[deprecated("Remove in v4.1. Use zeek::notifier::detail::Receiver.")]] = zeek::notifier::detail::Receiver; +using Registry [[deprecated("Remove in v4.1. Use zeek::notifier::detail::Registry.")]] = zeek::notifier::detail::Registry; +using Modifiable [[deprecated("Remove in v4.1. Use zeek::notifier::detail::Modifiable.")]] = zeek::notifier::detail::Modifiable; + +extern zeek::notifier::detail::Registry& registry [[deprecated("Remove from v4.1. Use zeek::notifier::detail::registry.")]]; + +} // namespace notifier diff --git a/src/Obj.cc b/src/Obj.cc index 4c7f367992..0060774490 100644 --- a/src/Obj.cc +++ b/src/Obj.cc @@ -45,7 +45,7 @@ void Location::Describe(zeek::ODesc* d) const bool Location::operator==(const Location& l) const { if ( filename == l.filename || - (filename && l.filename && streq(filename, l.filename)) ) + (filename && l.filename && zeek::util::streq(filename, l.filename)) ) return first_line == l.first_line && last_line == l.last_line; else return false; @@ -137,7 +137,7 @@ bool Obj::SetLocationInfo(const detail::Location* start, const detail::Location* if ( ! start || ! end ) return false; - if ( end->filename && ! streq(start->filename, end->filename) ) + if ( end->filename && ! zeek::util::streq(start->filename, end->filename) ) return false; if ( location && (start == &zeek::detail::no_location || end == &zeek::detail::no_location) ) diff --git a/src/OpaqueVal.cc b/src/OpaqueVal.cc index 5f141fe92a..459d2deb4e 100644 --- a/src/OpaqueVal.cc +++ b/src/OpaqueVal.cc @@ -706,7 +706,7 @@ BloomFilterVal::BloomFilterVal() bloom_filter = nullptr; } -BloomFilterVal::BloomFilterVal(probabilistic::BloomFilter* bf) +BloomFilterVal::BloomFilterVal(zeek::probabilistic::BloomFilter* bf) : OpaqueVal(bloomfilter_type) { hash = nullptr; @@ -784,7 +784,7 @@ BloomFilterValPtr BloomFilterVal::Merge(const BloomFilterVal* x, return nullptr; } - probabilistic::BloomFilter* copy = x->bloom_filter->Clone(); + zeek::probabilistic::BloomFilter* copy = x->bloom_filter->Clone(); if ( ! copy->Merge(y->bloom_filter) ) { @@ -851,7 +851,7 @@ bool BloomFilterVal::DoUnserialize(const broker::data& data) return false; } - auto bf = probabilistic::BloomFilter::Unserialize((*v)[1]); + auto bf = zeek::probabilistic::BloomFilter::Unserialize((*v)[1]); if ( ! bf ) return false; @@ -865,7 +865,7 @@ CardinalityVal::CardinalityVal() : OpaqueVal(cardinality_type) hash = nullptr; } -CardinalityVal::CardinalityVal(probabilistic::CardinalityCounter* arg_c) +CardinalityVal::CardinalityVal(zeek::probabilistic::detail::CardinalityCounter* arg_c) : OpaqueVal(cardinality_type) { c = arg_c; @@ -881,7 +881,7 @@ CardinalityVal::~CardinalityVal() ValPtr CardinalityVal::DoClone(CloneState* state) { return state->NewClone(this, - zeek::make_intrusive(new probabilistic::CardinalityCounter(*c))); + zeek::make_intrusive(new zeek::probabilistic::detail::CardinalityCounter(*c))); } bool CardinalityVal::Typify(zeek::TypePtr arg_type) @@ -945,7 +945,7 @@ bool CardinalityVal::DoUnserialize(const broker::data& data) return false; } - auto cu = probabilistic::CardinalityCounter::Unserialize((*v)[1]); + auto cu = zeek::probabilistic::detail::CardinalityCounter::Unserialize((*v)[1]); if ( ! cu ) return false; diff --git a/src/OpaqueVal.h b/src/OpaqueVal.h index ce223b277e..399c9fa4a4 100644 --- a/src/OpaqueVal.h +++ b/src/OpaqueVal.h @@ -14,10 +14,8 @@ namespace broker { class data; } -namespace probabilistic { - class BloomFilter; - class CardinalityCounter; -} +ZEEK_FORWARD_DECLARE_NAMESPACED(BloomFilter, zeek, probabilistic); +ZEEK_FORWARD_DECLARE_NAMESPACED(CardinalityCounter, zeek, probabilistic, detail); namespace zeek { @@ -306,7 +304,7 @@ private: class BloomFilterVal : public OpaqueVal { public: - explicit BloomFilterVal(probabilistic::BloomFilter* bf); + explicit BloomFilterVal(zeek::probabilistic::BloomFilter* bf); ~BloomFilterVal() override; ValPtr DoClone(CloneState* state) override; @@ -337,13 +335,13 @@ private: zeek::TypePtr type; zeek::detail::CompositeHash* hash; - probabilistic::BloomFilter* bloom_filter; + zeek::probabilistic::BloomFilter* bloom_filter; }; class CardinalityVal : public OpaqueVal { public: - explicit CardinalityVal(probabilistic::CardinalityCounter*); + explicit CardinalityVal(zeek::probabilistic::detail::CardinalityCounter*); ~CardinalityVal() override; ValPtr DoClone(CloneState* state) override; @@ -355,7 +353,7 @@ public: bool Typify(zeek::TypePtr type); - probabilistic::CardinalityCounter* Get() { return c; }; + zeek::probabilistic::detail::CardinalityCounter* Get() { return c; }; protected: CardinalityVal(); @@ -364,7 +362,7 @@ protected: private: zeek::TypePtr type; zeek::detail::CompositeHash* hash; - probabilistic::CardinalityCounter* c; + zeek::probabilistic::detail::CardinalityCounter* c; }; class ParaglobVal : public OpaqueVal { @@ -383,7 +381,7 @@ private: std::unique_ptr internal_paraglob; }; -} +} // namespace zeek using OpaqueMgr [[deprecated("Remove in v4.1. Use zeek::OpaqueMgr instead.")]] = zeek::OpaqueMgr; using OpaqueVal [[deprecated("Remove in v4.1. Use zeek::OpaqueVal instead.")]] = zeek::OpaqueVal; diff --git a/src/Options.cc b/src/Options.cc index 1bac746291..fe88abcb50 100644 --- a/src/Options.cc +++ b/src/Options.cc @@ -15,14 +15,16 @@ #include "bsd-getopt-long.h" #include "logging/writers/ascii/Ascii.h" -void zeek::Options::filter_supervisor_options() +namespace zeek { + +void Options::filter_supervisor_options() { pcap_filter = {}; signature_files = {}; pcap_output_file = {}; } -void zeek::Options::filter_supervised_node_options() +void Options::filter_supervised_node_options() { auto og = *this; *this = {}; @@ -64,14 +66,14 @@ void zeek::Options::filter_supervised_node_options() script_options_to_set = og.script_options_to_set; } -bool zeek::fake_dns() +bool fake_dns() { - return zeekenv("ZEEK_DNS_FAKE"); + return zeek::util::zeekenv("ZEEK_DNS_FAKE"); } extern const char* zeek_version(); -void zeek::usage(const char* prog, int code) +void usage(const char* prog, int code) { fprintf(stderr, "zeek version %s\n", zeek_version()); @@ -121,16 +123,16 @@ void zeek::usage(const char* prog, int code) #endif fprintf(stderr, " --test | run unit tests ('--test -h' for help, only when compiling with ENABLE_ZEEK_UNIT_TESTS)\n"); - fprintf(stderr, " $ZEEKPATH | file search path (%s)\n", bro_path().c_str()); - fprintf(stderr, " $ZEEK_PLUGIN_PATH | plugin search path (%s)\n", bro_plugin_path()); - fprintf(stderr, " $ZEEK_PLUGIN_ACTIVATE | plugins to always activate (%s)\n", bro_plugin_activate()); - fprintf(stderr, " $ZEEK_PREFIXES | prefix list (%s)\n", bro_prefixes().c_str()); + fprintf(stderr, " $ZEEKPATH | file search path (%s)\n", zeek::util::zeek_path().c_str()); + fprintf(stderr, " $ZEEK_PLUGIN_PATH | plugin search path (%s)\n", zeek::util::zeek_plugin_path()); + fprintf(stderr, " $ZEEK_PLUGIN_ACTIVATE | plugins to always activate (%s)\n", zeek::util::zeek_plugin_activate()); + fprintf(stderr, " $ZEEK_PREFIXES | prefix list (%s)\n", zeek::util::zeek_prefixes().c_str()); fprintf(stderr, " $ZEEK_DNS_FAKE | disable DNS lookups (%s)\n", zeek::fake_dns() ? "on" : "off"); fprintf(stderr, " $ZEEK_SEED_FILE | file to load seeds from (not set)\n"); - fprintf(stderr, " $ZEEK_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); + fprintf(stderr, " $ZEEK_LOG_SUFFIX | ASCII log file extension (.%s)\n", zeek::logging::writer::detail::Ascii::LogExt().c_str()); fprintf(stderr, " $ZEEK_PROFILER_FILE | Output file for script execution statistics (not set)\n"); - fprintf(stderr, " $ZEEK_DISABLE_ZEEKYGEN | Disable Zeekygen documentation support (%s)\n", zeekenv("ZEEK_DISABLE_ZEEKYGEN") ? "set" : "not set"); - fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", zeekenv("ZEEK_DNS_RESOLVER") ? zeekenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); + fprintf(stderr, " $ZEEK_DISABLE_ZEEKYGEN | Disable Zeekygen documentation support (%s)\n", zeek::util::zeekenv("ZEEK_DISABLE_ZEEKYGEN") ? "set" : "not set"); + fprintf(stderr, " $ZEEK_DNS_RESOLVER | IPv4/IPv6 address of DNS resolver to use (%s)\n", zeek::util::zeekenv("ZEEK_DNS_RESOLVER") ? zeek::util::zeekenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf"); fprintf(stderr, " $ZEEK_DEBUG_LOG_STDERR | Use stderr for debug logs generated via the -B flag"); fprintf(stderr, "\n"); @@ -138,9 +140,9 @@ void zeek::usage(const char* prog, int code) exit(code); } -zeek::Options zeek::parse_cmdline(int argc, char** argv) +Options parse_cmdline(int argc, char** argv) { - zeek::Options rval; + Options rval; // When running unit tests, the first argument on the command line must be // --test, followed by doctest options. Optionally, users can use "--" as @@ -236,8 +238,8 @@ zeek::Options zeek::parse_cmdline(int argc, char** argv) }; char opts[256]; - safe_strncpy(opts, "B:e:f:G:H:I:i:j::n:p:r:s:T:t:U:w:X:CDFNPQSWabdhv", - sizeof(opts)); + zeek::util::safe_strncpy(opts, "B:e:f:G:H:I:i:j::n:p:r:s:T:t:U:w:X:CDFNPQSWabdhv", + sizeof(opts)); #ifdef USE_PERFTOOLS_DEBUG strncat(opts, "mM", 2); @@ -431,7 +433,7 @@ zeek::Options zeek::parse_cmdline(int argc, char** argv) if ( path->empty() ) return; - *path = normalize_path(*path); + *path = zeek::util::detail::normalize_path(*path); if ( (*path)[0] == '/' || (*path)[0] == '~' ) // Absolute path @@ -440,7 +442,7 @@ zeek::Options zeek::parse_cmdline(int argc, char** argv) if ( (*path)[0] != '.' ) { // Look up file in ZEEKPATH - auto res = find_script_file(*path, bro_path()); + auto res = zeek::util::find_script_file(*path, zeek::util::zeek_path()); if ( res.empty() ) { @@ -479,3 +481,5 @@ zeek::Options zeek::parse_cmdline(int argc, char** argv) return rval; } + +} // namespace zeek diff --git a/src/PacketDumper.cc b/src/PacketDumper.cc index 141d041b8f..97a477b21a 100644 --- a/src/PacketDumper.cc +++ b/src/PacketDumper.cc @@ -33,7 +33,7 @@ void PacketDumper::DumpPacket(const struct pcap_pkthdr* hdr, void PacketDumper::SortTimeStamp(struct timeval* timestamp) { - if ( time_compare(&last_timestamp, timestamp) > 0 ) + if ( zeek::util::time_compare(&last_timestamp, timestamp) > 0 ) *timestamp = last_timestamp; else last_timestamp = *timestamp; diff --git a/src/PacketFilter.cc b/src/PacketFilter.cc index d7cdcbedfa..3e00f43d02 100644 --- a/src/PacketFilter.cc +++ b/src/PacketFilter.cc @@ -20,7 +20,7 @@ void PacketFilter::AddSrc(const zeek::IPAddr& src, uint32_t tcp_flags, double pr { Filter* f = new Filter; f->tcp_flags = tcp_flags; - f->probability = probability * static_cast(zeek::max_random()); + f->probability = probability * static_cast(zeek::util::detail::max_random()); auto prev = static_cast(src_filter.Insert(src, 128, f)); delete prev; } @@ -29,7 +29,7 @@ void PacketFilter::AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability { Filter* f = new Filter; f->tcp_flags = tcp_flags; - f->probability = probability * static_cast(zeek::max_random()); + f->probability = probability * static_cast(zeek::util::detail::max_random()); auto prev = static_cast(src_filter.Insert(src, f)); delete prev; } @@ -38,7 +38,7 @@ void PacketFilter::AddDst(const zeek::IPAddr& dst, uint32_t tcp_flags, double pr { Filter* f = new Filter; f->tcp_flags = tcp_flags; - f->probability = probability * static_cast(zeek::max_random()); + f->probability = probability * static_cast(zeek::util::detail::max_random()); auto prev = static_cast(dst_filter.Insert(dst, 128, f)); delete prev; } @@ -47,7 +47,7 @@ void PacketFilter::AddDst(zeek::Val* dst, uint32_t tcp_flags, double probability { Filter* f = new Filter; f->tcp_flags = tcp_flags; - f->probability = probability * static_cast(zeek::max_random()); + f->probability = probability * static_cast(zeek::util::detail::max_random()); auto prev = static_cast(dst_filter.Insert(dst, f)); delete prev; } @@ -115,7 +115,7 @@ bool PacketFilter::MatchFilter(const Filter& f, const zeek::IP_Hdr& ip, return false; } - return zeek::random_number() < f.probability; + return zeek::util::detail::random_number() < f.probability; } } // namespace zeek::detail diff --git a/src/Pipe.cc b/src/Pipe.cc index ae5c2a155e..d21d89967d 100644 --- a/src/Pipe.cc +++ b/src/Pipe.cc @@ -12,7 +12,7 @@ using namespace zeek::detail; static void pipe_fail(int eno) { char tmp[256]; - bro_strerror_r(eno, tmp, sizeof(tmp)); + zeek::util::zeek_strerror_r(eno, tmp, sizeof(tmp)); if ( zeek::reporter ) zeek::reporter->FatalError("Pipe failure: %s", tmp); diff --git a/src/PolicyFile.cc b/src/PolicyFile.cc index 0bc4e4e9bc..d833ec0211 100644 --- a/src/PolicyFile.cc +++ b/src/PolicyFile.cc @@ -10,13 +10,13 @@ #include #include -using namespace std; - #include "Debug.h" #include "util.h" #include "PolicyFile.h" #include "Reporter.h" +using namespace std; + struct PolicyFile { PolicyFile () { filedata = nullptr; lmtime = 0; } ~PolicyFile () { delete [] filedata; filedata = nullptr; } @@ -29,6 +29,8 @@ struct PolicyFile { typedef map PolicyFileMap; static PolicyFileMap policy_files; +namespace zeek::detail { + int how_many_lines_in(const char* policy_filename) { if ( ! policy_filename ) @@ -84,7 +86,7 @@ bool LoadPolicyFileText(const char* policy_filename) if ( fstat(fileno(f), &st) != 0 ) { char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); zeek::reporter->Error("fstat failed on %s: %s", policy_filename, buf); fclose(f); return false; @@ -174,3 +176,5 @@ bool PrintLines(const char* policy_filename, unsigned int start_line, return true; } + +} // namespace zeek::detail diff --git a/src/PolicyFile.h b/src/PolicyFile.h index 6049254a8d..8593f38cbd 100644 --- a/src/PolicyFile.h +++ b/src/PolicyFile.h @@ -14,10 +14,14 @@ // policy_filename arguments should be absolute or relative paths; // no expansion is done. +namespace zeek::detail { + int how_many_lines_in(const char* policy_filename); bool LoadPolicyFileText(const char* policy_filename); // start_line is 1-based (the intuitive way) bool PrintLines(const char* policy_filename, unsigned int start_line, - unsigned int how_many_lines, bool show_numbers); + unsigned int how_many_lines, bool show_numbers); + +} // namespace zeek::detail diff --git a/src/PrefixTable.cc b/src/PrefixTable.cc index 03fe19d56c..052baa3da4 100644 --- a/src/PrefixTable.cc +++ b/src/PrefixTable.cc @@ -6,7 +6,7 @@ namespace zeek::detail { prefix_t* PrefixTable::MakePrefix(const zeek::IPAddr& addr, int width) { - prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t)); + prefix_t* prefix = (prefix_t*) zeek::util::safe_malloc(sizeof(prefix_t)); addr.CopyIPv6(&prefix->add.sin6); prefix->family = AF_INET6; diff --git a/src/RE.cc b/src/RE.cc index e98d707c4e..1e1bcadc2b 100644 --- a/src/RE.cc +++ b/src/RE.cc @@ -423,21 +423,21 @@ unsigned int Specific_RE_Matcher::MemoryAllocation() const for ( int i = 0; i < ccl_list.length(); ++i ) size += ccl_list[i]->MemoryAllocation(); - size += pad_size(sizeof(CCL*) * ccl_dict.size()); + size += zeek::util::pad_size(sizeof(CCL*) * ccl_dict.size()); for ( const auto& entry : ccl_dict ) { - size += padded_sizeof(std::string) + pad_size(sizeof(std::string::value_type) * entry.first.size()); + size += padded_sizeof(std::string) + zeek::util::pad_size(sizeof(std::string::value_type) * entry.first.size()); size += entry.second->MemoryAllocation(); } for ( const auto& entry : defs ) { - size += padded_sizeof(std::string) + pad_size(sizeof(std::string::value_type) * entry.first.size()); - size += padded_sizeof(std::string) + pad_size(sizeof(std::string::value_type) * entry.second.size()); + size += padded_sizeof(std::string) + zeek::util::pad_size(sizeof(std::string::value_type) * entry.first.size()); + size += padded_sizeof(std::string) + zeek::util::pad_size(sizeof(std::string::value_type) * entry.second.size()); } return size + padded_sizeof(*this) - + (pattern_text ? pad_size(strlen(pattern_text) + 1) : 0) + + (pattern_text ? zeek::util::pad_size(strlen(pattern_text) + 1) : 0) + ccl_list.MemoryAllocation() - padded_sizeof(ccl_list) + equiv_class.Size() - padded_sizeof(EquivClass) + (dfa ? dfa->MemoryAllocation() : 0) // this is ref counted; consider the bytes here? diff --git a/src/RE.h b/src/RE.h index 9cb55bab6f..6f9d4d7dd0 100644 --- a/src/RE.h +++ b/src/RE.h @@ -59,7 +59,7 @@ public: void MakeCaseInsensitive(); - void SetPat(const char* pat) { pattern_text = copy_string(pat); } + void SetPat(const char* pat) { pattern_text = zeek::util::copy_string(pat); } bool Compile(bool lazy = false); diff --git a/src/Reassem.h b/src/Reassem.h index c2b9dcc203..4cbe6dce66 100644 --- a/src/Reassem.h +++ b/src/Reassem.h @@ -27,7 +27,6 @@ enum ReassemblerType { class Reassembler; - /** * A block/segment of data for use in the reassembly process. */ diff --git a/src/Reporter.cc b/src/Reporter.cc index 7e2ce20c2b..f7aca794fe 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -12,7 +12,7 @@ #include "Event.h" #include "Expr.h" #include "NetVar.h" -#include "Net.h" +#include "RunState.h" #include "Conn.h" #include "Timer.h" #include "ID.h" @@ -126,7 +126,7 @@ void Reporter::FatalError(const char* fmt, ...) va_end(ap); - set_processing_status("TERMINATED", "fatal_error"); + zeek::util::detail::set_processing_status("TERMINATED", "fatal_error"); fflush(stderr); fflush(stdout); _exit(1); @@ -142,7 +142,7 @@ void Reporter::FatalErrorWithCore(const char* fmt, ...) va_end(ap); - set_processing_status("TERMINATED", "fatal_error"); + zeek::util::detail::set_processing_status("TERMINATED", "fatal_error"); abort(); } @@ -195,7 +195,7 @@ void Reporter::InternalError(const char* fmt, ...) va_end(ap); - set_processing_status("TERMINATED", "internal_error"); + zeek::util::detail::set_processing_status("TERMINATED", "internal_error"); abort(); } @@ -226,7 +226,7 @@ void Reporter::InternalWarning(const char* fmt, ...) void Reporter::Syslog(const char* fmt, ...) { - if ( reading_traces ) + if ( zeek::run_state::reading_traces ) return; va_list ap; @@ -235,7 +235,7 @@ void Reporter::Syslog(const char* fmt, ...) va_end(ap); } -void Reporter::WeirdHelper(EventHandlerPtr event, val_list vl, const char* fmt_name, ...) +void Reporter::WeirdHelper(EventHandlerPtr event, ValPList vl, const char* fmt_name, ...) { va_list ap; va_start(ap, fmt_name); @@ -313,7 +313,7 @@ bool Reporter::PermitNetWeird(const char* name) ++count; if ( count == 1 ) - zeek::detail::timer_mgr->Add(new NetWeirdTimer(network_time, name, + zeek::detail::timer_mgr->Add(new NetWeirdTimer(zeek::run_state::network_time, name, weird_sampling_duration)); if ( count <= weird_sampling_threshold ) @@ -333,7 +333,7 @@ bool Reporter::PermitFlowWeird(const char* name, auto& map = flow_weird_state[endpoints]; if ( map.empty() ) - zeek::detail::timer_mgr->Add(new FlowWeirdTimer(network_time, endpoints, + zeek::detail::timer_mgr->Add(new FlowWeirdTimer(zeek::run_state::network_time, endpoints, weird_sampling_duration)); auto& count = map[name]; @@ -360,7 +360,7 @@ bool Reporter::PermitExpiredConnWeird(const char* name, const zeek::RecordVal& c auto& map = expired_conn_weird_state[conn_tuple]; if ( map.empty() ) - zeek::detail::timer_mgr->Add(new ConnTupleWeirdTimer(network_time, + zeek::detail::timer_mgr->Add(new ConnTupleWeirdTimer(zeek::run_state::network_time, std::move(conn_tuple), weird_sampling_duration)); @@ -453,7 +453,7 @@ void Reporter::Weird(const zeek::IPAddr& orig, const zeek::IPAddr& resp, const c } void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, - Connection* conn, val_list* addl, bool location, bool time, + Connection* conn, ValPList* addl, bool location, bool time, const char* postfix, const char* fmt, va_list ap) { static char tmp[512]; @@ -562,7 +562,8 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, vl.reserve(vl_size); if ( time ) - vl.emplace_back(zeek::make_intrusive(network_time ? network_time : current_time())); + vl.emplace_back(zeek::make_intrusive( + zeek::run_state::network_time ? zeek::run_state::network_time : zeek::util::current_time())); vl.emplace_back(zeek::make_intrusive(buffer)); @@ -594,10 +595,10 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, { std::string s = ""; - if ( bro_start_network_time != 0.0 ) + if ( zeek::run_state::zeek_start_network_time != 0.0 ) { char tmp[32]; - snprintf(tmp, 32, "%.6f", network_time); + snprintf(tmp, 32, "%.6f", zeek::run_state::network_time); s += std::string(tmp) + " "; } diff --git a/src/Reporter.h b/src/Reporter.h index 264761aa7a..863ea2f9d1 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -12,11 +12,11 @@ #include #include -#include "BroList.h" +#include "ZeekList.h" #include "net_util.h" ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); -namespace file_analysis { class File; } +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); @@ -260,12 +260,12 @@ public: private: void DoLog(const char* prefix, zeek::EventHandlerPtr event, FILE* out, - Connection* conn, val_list* addl, bool location, bool time, + Connection* conn, ValPList* addl, bool location, bool time, const char* postfix, const char* fmt, va_list ap) __attribute__((format(printf, 10, 0))); // WeirdHelper doesn't really have to be variadic, but it calls DoLog // and that takes va_list anyway. - void WeirdHelper(zeek::EventHandlerPtr event, val_list vl, const char* fmt_name, ...) __attribute__((format(printf, 4, 5)));; + void WeirdHelper(zeek::EventHandlerPtr event, ValPList vl, const char* fmt_name, ...) __attribute__((format(printf, 4, 5)));; void UpdateWeirdStats(const char* name); inline bool WeirdOnSamplingWhiteList(const char* name) { return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end(); } diff --git a/src/Rule.cc b/src/Rule.cc index c32fcdb29b..b08849314f 100644 --- a/src/Rule.cc +++ b/src/Rule.cc @@ -75,7 +75,7 @@ void Rule::AddPattern(const char* str, Rule::PatternType type, uint32_t offset, uint32_t depth) { Pattern* p = new Pattern; - p->pattern = copy_string(str); + p->pattern = zeek::util::copy_string(str); p->type = type; p->id = ++pattern_counter; p->offset = offset; @@ -88,7 +88,7 @@ void Rule::AddPattern(const char* str, Rule::PatternType type, void Rule::AddRequires(const char* id, bool opposite_direction, bool negate) { Precond* p = new Precond; - p->id = copy_string(id); + p->id = zeek::util::copy_string(id); p->rule = nullptr; p->opposite_dir = opposite_direction; p->negate = negate; diff --git a/src/Rule.h b/src/Rule.h index 837e8ac399..3a48f2c288 100644 --- a/src/Rule.h +++ b/src/Rule.h @@ -24,7 +24,7 @@ class Rule { public: Rule(const char* arg_id, const zeek::detail::Location& arg_location) { - id = copy_string(arg_id); + id = zeek::util::copy_string(arg_id); idx = rule_counter++; location = arg_location; active = true; diff --git a/src/RuleAction.cc b/src/RuleAction.cc index 5d8e13e32e..b99a2697bd 100644 --- a/src/RuleAction.cc +++ b/src/RuleAction.cc @@ -16,7 +16,7 @@ namespace zeek::detail { RuleActionEvent::RuleActionEvent(const char* arg_msg) { - msg = copy_string(arg_msg); + msg = zeek::util::copy_string(arg_msg); } void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, @@ -38,7 +38,7 @@ void RuleActionEvent::PrintDebug() RuleActionMIME::RuleActionMIME(const char* arg_mime, int arg_strength) { - mime = copy_string(arg_mime); + mime = zeek::util::copy_string(arg_mime); strength = arg_strength; } diff --git a/src/RuleCondition.cc b/src/RuleCondition.cc index a9847e4503..09ce04cc79 100644 --- a/src/RuleCondition.cc +++ b/src/RuleCondition.cc @@ -9,15 +9,15 @@ #include "ID.h" #include "Val.h" -static inline bool is_established(const analyzer::tcp::TCP_Endpoint* e) +static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e) { // We more or less follow Snort here: an established session // is one for which the initial handshake has succeded (but we // add partial connections). The connection tear-down is part // of the connection. - return e->state != analyzer::tcp::TCP_ENDPOINT_INACTIVE && - e->state != analyzer::tcp::TCP_ENDPOINT_SYN_SENT && - e->state != analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT; + return e->state != zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE && + e->state != zeek::analyzer::tcp::TCP_ENDPOINT_SYN_SENT && + e->state != zeek::analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT; } namespace zeek::detail { @@ -30,7 +30,7 @@ bool RuleConditionTCPState::DoMatch(Rule* rule, RuleEndpointState* state, if ( ! root || ! root->IsAnalyzer("TCP") ) return false; - ::analyzer::tcp::TCP_Analyzer* ta = static_cast<::analyzer::tcp::TCP_Analyzer*>(root); + auto* ta = static_cast(root); if ( tcpstates & STATE_STATELESS ) return true; diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 8b726c5b6a..5e1a6aeda2 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -22,6 +22,7 @@ #include "module_util.h" #include "Var.h" #include "IPAddr.h" +#include "RunState.h" using namespace std; @@ -113,7 +114,7 @@ RuleHdrTest::RuleHdrTest(RuleHdrTest& h) copied_set->re = nullptr; copied_set->ids = orig_set->ids; for ( const auto& pattern : orig_set->patterns ) - copied_set->patterns.push_back(copy_string(pattern)); + copied_set->patterns.push_back(zeek::util::copy_string(pattern)); delete copied_set; // TODO: Why do we create copied_set only to then // never use it? @@ -184,8 +185,8 @@ void RuleHdrTest::PrintDebug() } RuleEndpointState::RuleEndpointState(zeek::analyzer::Analyzer* arg_analyzer, bool arg_is_orig, - RuleEndpointState* arg_opposite, - ::analyzer::pia::PIA* arg_PIA) + RuleEndpointState* arg_opposite, + zeek::analyzer::pia::PIA* arg_PIA) { payload_size = -1; analyzer = arg_analyzer; @@ -261,7 +262,7 @@ bool RuleMatcher::ReadFiles(const std::vector& files) for ( const auto& f : files ) { - rules_in = open_file(find_file(f, bro_path(), ".sig")); + rules_in = zeek::util::open_file(zeek::util::find_file(f, zeek::util::zeek_path(), ".sig")); if ( ! rules_in ) { @@ -673,8 +674,8 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, #ifdef DEBUG if ( debug_logger.IsEnabled(zeek::DBG_RULES) ) { - const char* s = fmt_bytes(reinterpret_cast(data), - min(40, static_cast(len))); + const char* s = zeek::util::fmt_bytes(reinterpret_cast(data), + min(40, static_cast(len))); DBG_LOG(zeek::DBG_RULES, "Matching %s rules on |%s%s|", Rule::TypeToString(Rule::FILE_MAGIC), s, len > 40 ? "..." : ""); @@ -741,7 +742,7 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, RuleEndpointState* RuleMatcher::InitEndpoint(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, int caplen, RuleEndpointState* opposite, - bool from_orig, ::analyzer::pia::PIA* pia) + bool from_orig, zeek::analyzer::pia::PIA* pia) { RuleEndpointState* state = new RuleEndpointState(analyzer, from_orig, opposite, pia); @@ -871,7 +872,7 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type, if ( debug_logger.IsEnabled(zeek::DBG_RULES) ) { const char* s = - fmt_bytes((const char *) data, min(40, data_len)); + zeek::util::fmt_bytes((const char *) data, min(40, data_len)); DBG_LOG(zeek::DBG_RULES, "Matching %s rules [%d,%d] on |%s%s|", Rule::TypeToString(type), bol, eol, s, @@ -1234,12 +1235,12 @@ void RuleMatcher::DumpStats(zeek::File* f) Stats stats; GetStats(&stats); - f->Write(fmt("%.6f computed dfa states = %d; classes = ??; " - "computed trans. = %d; matchers = %d; mem = %d\n", - network_time, stats.dfa_states, stats.computed, - stats.matchers, stats.mem)); - f->Write(fmt("%.6f DFA cache hits = %d; misses = %d\n", network_time, - stats.hits, stats.misses)); + f->Write(zeek::util::fmt("%.6f computed dfa states = %d; classes = ??; " + "computed trans. = %d; matchers = %d; mem = %d\n", + zeek::run_state::network_time, stats.dfa_states, stats.computed, + stats.matchers, stats.mem)); + f->Write(zeek::util::fmt("%.6f DFA cache hits = %d; misses = %d\n", zeek::run_state::network_time, + stats.hits, stats.misses)); DumpStateStats(f, root); } @@ -1256,14 +1257,15 @@ void RuleMatcher::DumpStateStats(zeek::File* f, RuleHdrTest* hdr_test) RuleHdrTest::PatternSet* set = hdr_test->psets[i][j]; assert(set->re); - f->Write(fmt("%.6f %d DFA states in %s group %d from sigs ", network_time, - set->re->DFA()->NumStates(), - Rule::TypeToString((Rule::PatternType)i), j)); + f->Write(zeek::util::fmt("%.6f %d DFA states in %s group %d from sigs ", + zeek::run_state::network_time, + set->re->DFA()->NumStates(), + Rule::TypeToString((Rule::PatternType)i), j)); for ( const auto& id : set->ids ) { Rule* r = Rule::rule_table[id - 1]; - f->Write(fmt("%s ", r->ID())); + f->Write(zeek::util::fmt("%s ", r->ID())); } f->Write("\n"); @@ -1399,7 +1401,7 @@ char* id_to_str(const char* id) return dst; error: - char* dummy = copy_string(""); + char* dummy = zeek::util::copy_string(""); return dummy; } @@ -1420,7 +1422,7 @@ uint32_t id_to_uint(const char* id) } void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, - int caplen, bool from_orig, ::analyzer::pia::PIA* pia) + int caplen, bool from_orig, zeek::analyzer::pia::PIA* pia) { if ( ! rule_matcher ) return; diff --git a/src/RuleMatcher.h b/src/RuleMatcher.h index 2ad94f490a..9413e7d57c 100644 --- a/src/RuleMatcher.h +++ b/src/RuleMatcher.h @@ -37,10 +37,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); ZEEK_FORWARD_DECLARE_NAMESPACED(IntSet, zeek::detail); - -namespace analyzer { - namespace pia { class PIA; } -} +ZEEK_FORWARD_DECLARE_NAMESPACED(PIA, zeek, analyzer::pia); namespace zeek::detail { @@ -154,7 +151,7 @@ public: // Returns -1 if no chunk has been fed yet at all. int PayloadSize() { return payload_size; } - ::analyzer::pia::PIA* PIA() const { return pia; } + zeek::analyzer::pia::PIA* PIA() const { return pia; } private: friend class RuleMatcher; @@ -162,7 +159,7 @@ private: // Constructor is private; use RuleMatcher::InitEndpoint() // for creating an instance. RuleEndpointState(zeek::analyzer::Analyzer* arg_analyzer, bool arg_is_orig, - RuleEndpointState* arg_opposite, ::analyzer::pia::PIA* arg_PIA); + RuleEndpointState* arg_opposite, zeek::analyzer::pia::PIA* arg_PIA); struct Matcher { RE_Match_State* state; @@ -173,7 +170,7 @@ private: zeek::analyzer::Analyzer* analyzer; RuleEndpointState* opposite; - ::analyzer::pia::PIA* pia; + zeek::analyzer::pia::PIA* pia; matcher_list matchers; rule_hdr_test_list hdr_tests; @@ -267,7 +264,7 @@ public: // it needs to be given. RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, int caplen, RuleEndpointState* opposite, bool is_orig, - ::analyzer::pia::PIA* pia); + zeek::analyzer::pia::PIA* pia); // Finish matching for this stream. void FinishEndpoint(RuleEndpointState* state); @@ -376,7 +373,7 @@ public: // ip may be nil. void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, - int caplen, bool from_orig, ::analyzer::pia::PIA* pia = nullptr); + int caplen, bool from_orig, zeek::analyzer::pia::PIA* pia = nullptr); // bol/eol should be set to false for type Rule::PAYLOAD; they're // deduced automatically. diff --git a/src/Net.cc b/src/RunState.cc similarity index 71% rename from src/Net.cc rename to src/RunState.cc index a9049088d4..92f01c80ef 100644 --- a/src/Net.cc +++ b/src/RunState.cc @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include "zeek-config.h" -#include "Net.h" +#include "RunState.h" #include #ifdef TIME_WITH_SYS_TIME @@ -15,7 +15,6 @@ # endif #endif -#include #include #include #include @@ -42,29 +41,16 @@ extern "C" { extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); } -iosource::PktDumper* pkt_dumper = nullptr; +static double last_watchdog_proc_time = 0.0; // value of above during last watchdog +extern int signal_val; -bool reading_live = false; -bool reading_traces = false; +namespace zeek::run_state { +namespace detail { + +zeek::iosource::PktDumper* pkt_dumper = nullptr; +zeek::iosource::PktSrc* current_pktsrc = nullptr; +zeek::iosource::IOSource* current_iosrc = nullptr; bool have_pending_timers = false; -double pseudo_realtime = 0.0; -double network_time = 0.0; // time according to last packet timestamp - // (or current time) -double processing_start_time = 0.0; // time started working on current pkt -double bro_start_time = 0.0; // time Bro started. -double bro_start_network_time; // timestamp of first packet -double last_watchdog_proc_time = 0.0; // value of above during last watchdog -bool terminating = false; // whether we're done reading and finishing up -bool is_parsing = false; - -const zeek::Packet *current_pkt = nullptr; -int current_dispatched = 0; -double current_timestamp = 0.0; -iosource::PktSrc* current_pktsrc = nullptr; -iosource::IOSource* current_iosrc = nullptr; - -std::list files_scanned; -std::vector sig_files; RETSIGTYPE watchdog(int /* signo */) { @@ -93,7 +79,7 @@ RETSIGTYPE watchdog(int /* signo */) // handler and the allocation routines are not // reentrant. - double ct = current_time(); + double ct = zeek::util::current_time(); int int_ct = int(ct); int frac_ct = int((ct - int_ct) * 1e6); @@ -110,7 +96,7 @@ RETSIGTYPE watchdog(int /* signo */) // saving the packet which caused the // watchdog to trigger may be helpful, // so we'll save that one nevertheless. - pkt_dumper = iosource_mgr->OpenPktDumper("watchdog-pkt.pcap", false); + pkt_dumper = zeek::iosource_mgr->OpenPktDumper("watchdog-pkt.pcap", false); if ( ! pkt_dumper || pkt_dumper->IsError() ) { zeek::reporter->Error("watchdog: can't open watchdog-pkt.pcap for writing"); @@ -123,8 +109,8 @@ RETSIGTYPE watchdog(int /* signo */) } - net_get_final_stats(); - net_finish(0); + get_final_stats(); + finish_run(0); zeek::reporter->FatalErrorWithCore( "**watchdog timer expired, t = %d.%06d, start = %d.%06d, dispatched = %d", @@ -135,17 +121,17 @@ RETSIGTYPE watchdog(int /* signo */) last_watchdog_proc_time = processing_start_time; - (void) alarm(watchdog_interval); + (void) alarm(zeek::detail::watchdog_interval); return RETSIGVAL; } -void net_update_time(double new_network_time) +void update_network_time(double new_network_time) { network_time = new_network_time; PLUGIN_HOOK_VOID(HOOK_UPDATE_NETWORK_TIME, HookUpdateNetworkTime(new_network_time)); } -void net_init(const std::optional& interface, +void init_run(const std::optional& interface, const std::optional& pcap_input_file, const std::optional& pcap_output_file, bool do_watchdog) @@ -155,7 +141,7 @@ void net_init(const std::optional& interface, reading_live = pseudo_realtime > 0.0; reading_traces = true; - iosource::PktSrc* ps = iosource_mgr->OpenPktSrc(*pcap_input_file, false); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->OpenPktSrc(*pcap_input_file, false); assert(ps); if ( ! ps->IsOpen() ) @@ -167,7 +153,7 @@ void net_init(const std::optional& interface, reading_live = true; reading_traces = false; - iosource::PktSrc* ps = iosource_mgr->OpenPktSrc(*interface, true); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->OpenPktSrc(*interface, true); assert(ps); if ( ! ps->IsOpen() ) @@ -185,7 +171,7 @@ void net_init(const std::optional& interface, if ( pcap_output_file ) { const char* writefile = pcap_output_file->data(); - pkt_dumper = iosource_mgr->OpenPktDumper(writefile, false); + pkt_dumper = zeek::iosource_mgr->OpenPktDumper(writefile, false); assert(pkt_dumper); if ( ! pkt_dumper->IsOpen() ) @@ -206,31 +192,31 @@ void net_init(const std::optional& interface, { // Set up the watchdog to make sure we don't wedge. (void) setsignal(SIGALRM, watchdog); - (void) alarm(watchdog_interval); + (void) alarm(zeek::detail::watchdog_interval); } } -void expire_timers(iosource::PktSrc* src_ps) +void expire_timers(zeek::iosource::PktSrc* src_ps) { zeek::detail::SegmentProfiler prof(zeek::detail::segment_logger, "expiring-timers"); current_dispatched += zeek::detail::timer_mgr->Advance(network_time, - max_timer_expires - current_dispatched); + zeek::detail::max_timer_expires - current_dispatched); } -void net_packet_dispatch(double t, const zeek::Packet* pkt, iosource::PktSrc* src_ps) +void dispatch_packet(double t, const zeek::Packet* pkt, zeek::iosource::PktSrc* src_ps) { - if ( ! bro_start_network_time ) + if ( ! zeek_start_network_time ) { - bro_start_network_time = t; + zeek_start_network_time = t; if ( network_time_init ) zeek::event_mgr.Enqueue(network_time_init, zeek::Args{}); } // network_time never goes back. - net_update_time(zeek::detail::timer_mgr->Time() < t ? t : zeek::detail::timer_mgr->Time()); + update_network_time(zeek::detail::timer_mgr->Time() < t ? t : zeek::detail::timer_mgr->Time()); current_pktsrc = src_ps; current_iosrc = src_ps; @@ -245,9 +231,9 @@ void net_packet_dispatch(double t, const zeek::Packet* pkt, iosource::PktSrc* sr static uint32_t load_freq = 0; if ( load_freq == 0 ) - load_freq = uint32_t(0xffffffff) / uint32_t(load_sample_freq); + load_freq = uint32_t(0xffffffff) / uint32_t(zeek::detail::load_sample_freq); - if ( uint32_t(zeek::random_number() & 0xffffffff) < load_freq ) + if ( uint32_t(zeek::util::detail::random_number() & 0xffffffff) < load_freq ) { // Drain the queued timer events so they're not // charged against this sample. @@ -274,17 +260,17 @@ void net_packet_dispatch(double t, const zeek::Packet* pkt, iosource::PktSrc* sr current_pktsrc = nullptr; } -void net_run() +void run_loop() { - set_processing_status("RUNNING", "net_run"); + zeek::util::detail::set_processing_status("RUNNING", "run_loop"); - std::vector ready; - ready.reserve(iosource_mgr->TotalSize()); + std::vector ready; + ready.reserve(zeek::iosource_mgr->TotalSize()); - while ( iosource_mgr->Size() || + while ( zeek::iosource_mgr->Size() || (zeek::BifConst::exit_only_after_terminate && ! terminating) ) { - iosource_mgr->FindReadySources(&ready); + zeek::iosource_mgr->FindReadySources(&ready); #ifdef DEBUG static int loop_counter = 0; @@ -294,14 +280,14 @@ void net_run() if ( ! ready.empty() || loop_counter++ % 100 == 0 ) { DBG_LOG(zeek::DBG_MAINLOOP, "realtime=%.6f ready_count=%zu", - current_time(), ready.size()); + zeek::util::current_time(), ready.size()); if ( ! ready.empty() ) loop_counter = 0; } #endif current_iosrc = nullptr; - auto communication_enabled = broker_mgr->Active(); + auto communication_enabled = zeek::broker_mgr->Active(); if ( ! ready.empty() ) { @@ -320,7 +306,7 @@ void net_run() // date on timers and events. Because we only // have timers as sources, going to sleep here // doesn't risk blocking on other inputs. - net_update_time(current_time()); + update_network_time(zeek::util::current_time()); expire_timers(); } @@ -330,9 +316,7 @@ void net_run() current_dispatched = 0; current_iosrc = nullptr; - extern int signal_val; - - if ( signal_val == SIGTERM || signal_val == SIGINT ) + if ( ::signal_val == SIGTERM || ::signal_val == SIGINT ) // We received a signal while processing the // current packet and its related events. // Should we put the signal handling into an IOSource? @@ -347,7 +331,7 @@ void net_run() { auto have_active_packet_source = false; - iosource::PktSrc* ps = iosource_mgr->GetPktSrc(); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); if ( ps && ps->IsOpen() ) have_active_packet_source = true; @@ -357,19 +341,19 @@ void net_run() } } - // Get the final statistics now, and not when net_finish() is + // Get the final statistics now, and not when finish_run() is // called, since that might happen quite a bit in the future // due to expiring pending timers, and we don't want to ding // for any packets dropped beyond this point. - net_get_final_stats(); + get_final_stats(); } -void net_get_final_stats() +void get_final_stats() { - iosource::PktSrc* ps = iosource_mgr->GetPktSrc(); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); if ( ps && ps->IsLive() ) { - iosource::PktSrc::Stats s; + zeek::iosource::PktSrc::Stats s; ps->Statistics(&s); double dropped_pct = s.dropped > 0.0 ? ((double)s.dropped / ((double)s.received + (double)s.dropped)) * 100.0 : 0.0; zeek::reporter->Info("%" PRIu64 " packets received on interface %s, %" PRIu64 " (%.2f%%) dropped", @@ -377,9 +361,9 @@ void net_get_final_stats() } } -void net_finish(int drain_events) +void finish_run(int drain_events) { - set_processing_status("TERMINATING", "net_finish"); + zeek::util::detail::set_processing_status("TERMINATING", "finish_run"); if ( drain_events ) { @@ -402,9 +386,9 @@ void net_finish(int drain_events) #endif } -void net_delete() +void delete_run() { - set_processing_status("TERMINATING", "net_delete"); + zeek::util::detail::set_processing_status("TERMINATING", "delete_run"); delete zeek::sessions; @@ -412,9 +396,26 @@ void net_delete() delete zeek::detail::ip_anonymizer[i]; } -int _processing_suspended = 0; +} // namespace detail -void net_suspend_processing() +bool reading_live = false; +bool reading_traces = false; +double pseudo_realtime = 0.0; +double network_time = 0.0; // time according to last packet timestamp + // (or current time) +double processing_start_time = 0.0; // time started working on current pkt +double zeek_start_time = 0.0; // time Bro started. +double zeek_start_network_time; // timestamp of first packet +bool terminating = false; // whether we're done reading and finishing up +bool is_parsing = false; + +const zeek::Packet *current_pkt = nullptr; +int current_dispatched = 0; +double current_timestamp = 0.0; + +static int _processing_suspended = 0; + +void suspend_processing() { if ( _processing_suspended == 0 ) zeek::reporter->Info("processing suspended"); @@ -422,14 +423,37 @@ void net_suspend_processing() ++_processing_suspended; } -void net_continue_processing() +void continue_processing() { if ( _processing_suspended == 1 ) { zeek::reporter->Info("processing continued"); - if ( iosource::PktSrc* ps = iosource_mgr->GetPktSrc() ) + if ( zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc() ) ps->ContinueAfterSuspend(); } --_processing_suspended; } + +bool is_processing_suspended() { return _processing_suspended; } + +} // namespace zeek::run_state + +// Remove all of these in v4.1. +zeek::iosource::PktSrc*& current_pktsrc = zeek::run_state::detail::current_pktsrc; +zeek::iosource::IOSource*& current_iosrc = zeek::run_state::detail::current_iosrc; +zeek::iosource::PktDumper*& pkt_dumper = zeek::run_state::detail::pkt_dumper; +bool& have_pending_timers = zeek::run_state::detail::have_pending_timers; + +bool& reading_live = zeek::run_state::reading_live; +bool& reading_traces = zeek::run_state::reading_traces; +double& pseudo_realtime = zeek::run_state::pseudo_realtime; +double& processing_start_time = zeek::run_state::processing_start_time; +double& bro_start_time = zeek::run_state::zeek_start_time; +double& bro_start_network_time = zeek::run_state::zeek_start_network_time; +bool& terminating = zeek::run_state::terminating; +bool& is_parsing = zeek::run_state::is_parsing; + +const zeek::Packet*& current_pkt = zeek::run_state::current_pkt; +int& current_dispatched = zeek::run_state::current_dispatched; +double& current_timestamp = zeek::run_state::current_timestamp; diff --git a/src/RunState.h b/src/RunState.h new file mode 100644 index 0000000000..0f12b423b5 --- /dev/null +++ b/src/RunState.h @@ -0,0 +1,118 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#pragma once + +#include "zeek-config.h" + +#include +#include + +ZEEK_FORWARD_DECLARE_NAMESPACED(IOSource, zeek, iosource); +ZEEK_FORWARD_DECLARE_NAMESPACED(PktSrc, zeek, iosource); +ZEEK_FORWARD_DECLARE_NAMESPACED(PktDumper, zeek, iosource); +ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek); + +namespace zeek::run_state { +namespace detail { + +extern void init_run(const std::optional& interfaces, + const std::optional& pcap_input_file, + const std::optional& pcap_output_file, + bool do_watchdog); +extern void run_loop(); +extern void get_final_stats(); +extern void finish_run(int drain_events); +extern void delete_run(); // Reclaim all memory, etc. +extern void update_network_time(double new_network_time); +extern void dispatch_packet(double t, const zeek::Packet* pkt, + zeek::iosource::PktSrc* src_ps); +extern void expire_timers(zeek::iosource::PktSrc* src_ps = nullptr); +extern void zeek_terminate_loop(const char* reason); + +extern zeek::iosource::PktSrc* current_pktsrc; +extern zeek::iosource::IOSource* current_iosrc; +extern zeek::iosource::PktDumper* pkt_dumper; // where to save packets + +// True if we have timers scheduled for the future on which we need +// to wait. "Need to wait" here means that we're running live (though +// perhaps not reading_live, but just running in real-time) as opposed +// to reading a trace (in which case we don't want to wait in real-time +// on future timers). +extern bool have_pending_timers; + +} // namespace detail + +// Functions to temporarily suspend processing of live input (network packets +// and remote events/state). Turning this is on is sure to lead to data loss! +extern void suspend_processing(); +extern void continue_processing(); +bool is_processing_suspended(); + +// Whether we're reading live traffic. +extern bool reading_live; + +// Same but for reading from traces instead. We have two separate +// variables because it's possible that neither is true, and we're +// instead just running timers (per the variable after this one). +extern bool reading_traces; + +// If > 0, we are reading from traces but trying to mimic real-time behavior. +// (In this case, both reading_traces and reading_live are true.) The value +// is the speedup (1 = real-time, 0.5 = half real-time, etc.). +extern double pseudo_realtime; + +// When we started processing the current packet and corresponding event +// queue. +extern double processing_start_time; + +// When the Bro process was started. +extern double zeek_start_time; + +// Time at which the Bro process was started with respect to network time, +// i.e. the timestamp of the first packet. +extern double zeek_start_network_time; + +// Time according to last packet timestamp (or current time) +extern double network_time; + +// True if we're a in the process of cleaning-up just before termination. +extern bool terminating; + +// True if Bro is currently parsing scripts. +extern bool is_parsing; + +extern const zeek::Packet* current_pkt; +extern int current_dispatched; +extern double current_timestamp; + +} // namespace zeek::run_state + +constexpr auto net_init [[deprecated("Remove in v4.1. Use zeek::run_state::detail::init_run.")]] = zeek::run_state::detail::init_run; +constexpr auto net_run [[deprecated("Remove in v4.1. Use zeek::run_state::detail::run_run.")]] = zeek::run_state::detail::run_loop; +constexpr auto net_get_final_stats [[deprecated("Remove in v4.1. Use zeek::run_state::detail::get_final_stats.")]] = zeek::run_state::detail::get_final_stats; +constexpr auto net_finish [[deprecated("Remove in v4.1. Use zeek::run_state::detail::finish_run.")]] = zeek::run_state::detail::finish_run; +constexpr auto net_delete [[deprecated("Remove in v4.1. Use zeek::run_state::detail::delete_run.")]] = zeek::run_state::detail::delete_run; +constexpr auto net_update_time [[deprecated("Remove in v4.1. Use zeek::run_state::detail::update_network_time.")]] = zeek::run_state::detail::update_network_time; +constexpr auto net_packet_dispatch [[deprecated("Remove in v4.1. Use zeek::run_state::detail::dispatch_packet.")]] = zeek::run_state::detail::dispatch_packet; +constexpr auto expire_timers [[deprecated("Remove in v4.1. Use zeek::run_state::detail::expire_timers.")]] = zeek::run_state::detail::expire_timers; +constexpr auto zeek_terminate_loop [[deprecated("Remove in v4.1. Use zeek::run_state::detail::zeek_terminate_loop.")]] = zeek::run_state::detail::zeek_terminate_loop; +extern zeek::iosource::PktSrc*& current_pktsrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::current_pktsrc.")]]; +extern zeek::iosource::IOSource*& current_iosrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::current_iosrc.")]]; +extern zeek::iosource::PktDumper*& pkt_dumper [[deprecated("Remove in v4.1. Use zeek::run_state::detail::pkt_dumper.")]]; +extern bool& have_pending_timers [[deprecated("Remove in v4.1. Use zeek::run_state::detail::have_pending_timers.")]]; + +constexpr auto net_suspend_processing [[deprecated("Remove in v4.1. Use zeek::run_state::suspend_processing.")]] = zeek::run_state::suspend_processing; +constexpr auto net_continue_processing [[deprecated("Remove in v4.1. Use zeek::run_state::continue_processing.")]] = zeek::run_state::continue_processing; +constexpr auto net_is_processing_suspended [[deprecated("Remove in v4.1. Use zeek::run_state::is_processing_suspended.")]] = zeek::run_state::is_processing_suspended; + +extern bool& reading_live [[deprecated("Remove in v4.1. Use zeek::run_state::reading_live.")]]; +extern bool& reading_traces [[deprecated("Remove in v4.1. Use zeek::run_state::reading_traces.")]]; +extern double& pseudo_realtime [[deprecated("Remove in v4.1. Use zeek::run_state::pseudo_realtime.")]]; +extern double& processing_start_time [[deprecated("Remove in v4.1. Use zeek::run_state::processing_start_time.")]]; +extern double& bro_start_time [[deprecated("Remove in v4.1. Use zeek::run_state::zeek_start_time.")]]; +extern double& bro_start_network_time [[deprecated("Remove in v4.1. Use zeek::run_state::zeek_start_network_time.")]]; +extern bool& terminating [[deprecated("Remove in v4.1. Use zeek::run_state::terminating.")]]; +extern bool& is_parsing [[deprecated("Remove in v4.1. Use zeek::run_state::is_parsing.")]]; +extern const zeek::Packet*& current_pkt [[deprecated("Remove in v4.1. Use zeek::run_state::current_pkt.")]]; +extern int& current_dispatched [[deprecated("Remove in v4.1. Use zeek::run_state::current_dispatched.")]]; +extern double& current_timestamp [[deprecated("Remove in v4.1. Use zeek::run_state::current_timestamp.")]]; diff --git a/src/ScannedFile.cc b/src/ScannedFile.cc new file mode 100644 index 0000000000..8d69666814 --- /dev/null +++ b/src/ScannedFile.cc @@ -0,0 +1,56 @@ +#include "ScannedFile.h" + +#include +#include // for PATH_MAX + +#include "DebugLogger.h" +#include "Reporter.h" + +namespace zeek::detail { + +std::list files_scanned; +std::vector sig_files; + +ScannedFile::ScannedFile(int arg_include_level, + std::string arg_name, + bool arg_skipped, + bool arg_prefixes_checked) + : include_level(arg_include_level), + skipped(arg_skipped), + prefixes_checked(arg_prefixes_checked), + name(std::move(arg_name)) + { + if ( name == canonical_stdin_path ) + canonical_path = canonical_stdin_path; + else + { + char buf[PATH_MAX]; + auto res = realpath(name.data(), buf); + + if ( ! res ) + zeek::reporter->FatalError("failed to get realpath() of %s: %s", + name.data(), strerror(errno)); + + canonical_path = res; + } + } + +bool ScannedFile::AlreadyScanned() const + { + auto rval = false; + + for ( const auto& it : files_scanned ) + if ( it.canonical_path == canonical_path ) + { + rval = true; + break; + } + + DBG_LOG(zeek::DBG_SCRIPTS, "AlreadyScanned result (%d) %s", rval, canonical_path.data()); + return rval; + } + +} // namespace zeek::detail + +std::list& files_scanned = zeek::detail::files_scanned; +std::vector& sig_files = zeek::detail::sig_files; diff --git a/src/ScannedFile.h b/src/ScannedFile.h new file mode 100644 index 0000000000..2f641e9384 --- /dev/null +++ b/src/ScannedFile.h @@ -0,0 +1,43 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#pragma once + +#include +#include +#include + +namespace zeek::detail { + +// Script file we have already scanned (or are in the process of scanning). +// They are identified by normalized realpath. +class ScannedFile { + +public: + + ScannedFile(int arg_include_level, + std::string arg_name, bool arg_skipped = false, + bool arg_prefixes_checked = false); + + /** + * Compares the canonical path of this file against every canonical path + * in files_scanned and returns whether there's any match. + */ + bool AlreadyScanned() const; + + int include_level; + bool skipped; // This ScannedFile was @unload'd. + bool prefixes_checked; // If loading prefixes for this file has been tried. + std::string name; + std::string canonical_path; // normalized, absolute path via realpath() + + static auto constexpr canonical_stdin_path = ""; +}; + +extern std::list files_scanned; +extern std::vector sig_files; + +} // namespace zeek::detail + +using ScannedFile [[deprecated("Remove in v4.1. Use zeek::detail::ScannedFile.")]] = zeek::detail::ScannedFile; +extern std::list& files_scanned [[deprecated("Remove in v4.1. Use zeek::detail::files_scanned.")]]; +extern std::vector& sig_files [[deprecated("Remove in v4.1. Use zeek::detail::sig_files.")]]; diff --git a/src/Scope.h b/src/Scope.h index fd6a4d030d..445d3ddc1a 100644 --- a/src/Scope.h +++ b/src/Scope.h @@ -8,7 +8,7 @@ #include #include "Obj.h" -#include "BroList.h" +#include "ZeekList.h" #include "IntrusivePtr.h" #include "TraverseTypes.h" diff --git a/src/ScriptCoverageManager.cc b/src/ScriptCoverageManager.cc index 2a30743a78..c153ac546f 100644 --- a/src/ScriptCoverageManager.cc +++ b/src/ScriptCoverageManager.cc @@ -39,7 +39,7 @@ void ScriptCoverageManager::AddStmt(zeek::detail::Stmt* s) bool ScriptCoverageManager::ReadStats() { - char* bf = zeekenv("ZEEK_PROFILER_FILE"); + char* bf = zeek::util::zeekenv("ZEEK_PROFILER_FILE"); if ( ! bf ) return false; @@ -56,7 +56,7 @@ bool ScriptCoverageManager::ReadStats() ss.clear(); std::vector lines; - tokenize_string(file_contents, "\n", &lines); + zeek::util::tokenize_string(file_contents, "\n", &lines); string delimiter; delimiter = delim; @@ -66,7 +66,7 @@ bool ScriptCoverageManager::ReadStats() continue; std::vector line_components; - tokenize_string(line, delimiter, &line_components); + zeek::util::tokenize_string(line, delimiter, &line_components); if ( line_components.size() != 3 ) { @@ -80,7 +80,7 @@ bool ScriptCoverageManager::ReadStats() pair location_desc(std::move(location), std::move(desc)); uint64_t count; - atoi_n(cnt.size(), cnt.c_str(), nullptr, 10, count); + zeek::util::atoi_n(cnt.size(), cnt.c_str(), nullptr, 10, count); usage_map.emplace(std::move(location_desc), count); } @@ -89,14 +89,14 @@ bool ScriptCoverageManager::ReadStats() bool ScriptCoverageManager::WriteStats() { - char* bf = zeekenv("ZEEK_PROFILER_FILE"); + char* bf = zeek::util::zeekenv("ZEEK_PROFILER_FILE"); if ( ! bf ) return false; - SafeDirname dirname{bf}; + zeek::util::SafeDirname dirname{bf}; - if ( ! ensure_intermediate_dirs(dirname.result.data()) ) + if ( ! zeek::util::detail::ensure_intermediate_dirs(dirname.result.data()) ) { zeek::reporter->Error("Failed to open ZEEK_PROFILER_FILE destination '%s' for writing", bf); return false; diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index 9f538fd8ed..e41aaaf778 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -45,7 +45,7 @@ void SerializationFormat::StartWrite() if ( ! output ) { - output = (char*)safe_malloc(INITIAL_SIZE); + output = (char*)zeek::util::safe_malloc(INITIAL_SIZE); output_size = INITIAL_SIZE; } @@ -85,7 +85,7 @@ bool SerializationFormat::WriteData(const void* b, size_t count) while ( output_pos + count > output_size ) output_size *= GROWTH_FACTOR; - output = (char*)safe_realloc(output, output_size); + output = (char*)zeek::util::safe_realloc(output, output_size); memcpy(output + output_pos, b, count); output_pos += count; @@ -180,7 +180,7 @@ bool BinarySerializationFormat::Read(double* d, const char* tag) bool BinarySerializationFormat::Read(char* v, const char* tag) { bool ret = ReadData(v, 1); - DBG_LOG(zeek::DBG_SERIAL, "Read char %s [%s]", fmt_bytes(v, 1), tag); + DBG_LOG(zeek::DBG_SERIAL, "Read char %s [%s]", zeek::util::fmt_bytes(v, 1), tag); return ret; } @@ -218,7 +218,7 @@ bool BinarySerializationFormat::Read(char** str, int* len, const char* tag) *str = s; - DBG_LOG(zeek::DBG_SERIAL, "Read %d bytes |%s| [%s]", l, fmt_bytes(*str, l), tag); + DBG_LOG(zeek::DBG_SERIAL, "Read %d bytes |%s| [%s]", l, zeek::util::fmt_bytes(*str, l), tag); return true; } @@ -303,7 +303,7 @@ bool BinarySerializationFormat::Read(struct in6_addr* addr, const char* tag) bool BinarySerializationFormat::Write(char v, const char* tag) { - DBG_LOG(zeek::DBG_SERIAL, "Write char %s [%s]", fmt_bytes(&v, 1), tag); + DBG_LOG(zeek::DBG_SERIAL, "Write char %s [%s]", zeek::util::fmt_bytes(&v, 1), tag); return WriteData(&v, 1); } @@ -434,7 +434,7 @@ bool BinarySerializationFormat::WriteSeparator() bool BinarySerializationFormat::Write(const char* buf, int len, const char* tag) { - DBG_LOG(zeek::DBG_SERIAL, "Write bytes |%s| [%s]", fmt_bytes(buf, len), tag); + DBG_LOG(zeek::DBG_SERIAL, "Write bytes |%s| [%s]", zeek::util::fmt_bytes(buf, len), tag); uint32_t l = htonl(len); return WriteData(&l, sizeof(l)) && WriteData(buf, len); } diff --git a/src/Sessions.cc b/src/Sessions.cc index 46690b080a..ebf478a16d 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -11,7 +11,7 @@ #include #include "Desc.h" -#include "Net.h" +#include "RunState.h" #include "Event.h" #include "Timer.h" #include "NetVar.h" @@ -72,7 +72,7 @@ void IPTunnelTimer::Dispatch(double t, bool is_expire) NetSessions::NetSessions() { if ( stp_correlate_pair ) - stp_manager = new ::analyzer::stepping_stone::SteppingStoneManager(); + stp_manager = new zeek::analyzer::stepping_stone::SteppingStoneManager(); else stp_manager = nullptr; @@ -89,14 +89,15 @@ NetSessions::NetSessions() num_packets_processed = 0; static auto pkt_profile_file = zeek::id::find_val("pkt_profile_file"); - if ( pkt_profile_mode && pkt_profile_freq > 0 && pkt_profile_file ) - pkt_profiler = new zeek::detail::PacketProfiler(pkt_profile_mode, - pkt_profile_freq, pkt_profile_file->AsFile()); + if ( zeek::detail::pkt_profile_mode && zeek::detail::pkt_profile_freq > 0 && pkt_profile_file ) + pkt_profiler = new zeek::detail::PacketProfiler(zeek::detail::pkt_profile_mode, + zeek::detail::pkt_profile_freq, + pkt_profile_file->AsFile()); else pkt_profiler = nullptr; if ( arp_request || arp_reply || bad_arp ) - arp_analyzer = new ::analyzer::arp::ARP_Analyzer(); + arp_analyzer = new zeek::analyzer::arp::ARP_Analyzer(); else arp_analyzer = nullptr; @@ -139,7 +140,7 @@ void NetSessions::NextPacket(double t, const zeek::Packet* pkt) dump_this_packet = false; - if ( record_all_packets ) + if ( zeek::detail::record_all_packets ) DumpPacket(pkt); if ( pkt->hdr_size > pkt->cap_len ) @@ -188,7 +189,7 @@ void NetSessions::NextPacket(double t, const zeek::Packet* pkt) } - if ( dump_this_packet && ! record_all_packets ) + if ( dump_this_packet && ! zeek::detail::record_all_packets ) DumpPacket(pkt); } @@ -275,7 +276,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP if ( packet_filter && packet_filter->Match(ip_hdr, len, caplen) ) return; - if ( ! pkt->l2_checksummed && ! ignore_checksums && ip4 && + if ( ! pkt->l2_checksummed && ! zeek::detail::ignore_checksums && ip4 && ones_complement_checksum((void*) ip4, ip_hdr_len, 0) != 0xffff ) { Weird("bad_IP_checksum", pkt, encapsulation); @@ -403,9 +404,9 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP const struct icmp* icmpp = (const struct icmp *) data; id.src_port = icmpp->icmp_type; - id.dst_port = ::analyzer::icmp::ICMP4_counterpart(icmpp->icmp_type, - icmpp->icmp_code, - id.is_one_way); + id.dst_port = zeek::analyzer::icmp::ICMP4_counterpart(icmpp->icmp_type, + icmpp->icmp_code, + id.is_one_way); id.src_port = htons(id.src_port); id.dst_port = htons(id.dst_port); @@ -419,9 +420,9 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP const struct icmp* icmpp = (const struct icmp *) data; id.src_port = icmpp->icmp_type; - id.dst_port = ::analyzer::icmp::ICMP6_counterpart(icmpp->icmp_type, - icmpp->icmp_code, - id.is_one_way); + id.dst_port = zeek::analyzer::icmp::ICMP6_counterpart(icmpp->icmp_type, + icmpp->icmp_code, + id.is_one_way); id.src_port = htons(id.src_port); id.dst_port = htons(id.dst_port); @@ -450,7 +451,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP if ( gre_version != 0 && gre_version != 1 ) { Weird("unknown_gre_version", ip_hdr, encapsulation, - fmt("%d", gre_version)); + zeek::util::fmt("%d", gre_version)); return; } @@ -528,7 +529,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP { // Enhanced GRE payload must be PPP. Weird("egre_protocol_type", ip_hdr, encapsulation, - fmt("%d", proto_typ)); + zeek::util::fmt("%d", proto_typ)); return; } } @@ -632,11 +633,11 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP { EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(), tunnel_type); - ip_tunnels[tunnel_idx] = TunnelActivity(ec, network_time); - zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(network_time, tunnel_idx)); + ip_tunnels[tunnel_idx] = TunnelActivity(ec, zeek::run_state::network_time); + zeek::detail::timer_mgr->Add(new detail::IPTunnelTimer(zeek::run_state::network_time, tunnel_idx)); } else - it->second.second = network_time; + it->second.second = zeek::run_state::network_time; if ( gre_version == 0 ) DoNextInnerPacket(t, pkt, caplen, len, data, gre_link_type, @@ -661,7 +662,7 @@ void NetSessions::DoNextPacket(double t, const zeek::Packet* pkt, const zeek::IP } default: - Weird("unknown_protocol", pkt, encapsulation, fmt("%d", proto)); + Weird("unknown_protocol", pkt, encapsulation, zeek::util::fmt("%d", proto)); return; } @@ -758,9 +759,9 @@ void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt, ts = pkt->ts; else { - ts.tv_sec = (time_t) network_time; + ts.tv_sec = (time_t) zeek::run_state::network_time; ts.tv_usec = (suseconds_t) - ((network_time - (double)ts.tv_sec) * 1000000); + ((zeek::run_state::network_time - (double)ts.tv_sec) * 1000000); } const u_char* data = nullptr; @@ -796,9 +797,9 @@ void NetSessions::DoNextInnerPacket(double t, const zeek::Packet* pkt, ts = pkt->ts; else { - ts.tv_sec = (time_t) network_time; + ts.tv_sec = (time_t) zeek::run_state::network_time; ts.tv_usec = (suseconds_t) - ((network_time - (double)ts.tv_sec) * 1000000); + ((zeek::run_state::network_time - (double)ts.tv_sec) * 1000000); } EncapsulationStack* outer = prev ? @@ -1011,10 +1012,10 @@ void NetSessions::Remove(Connection* c) if ( c->ConnTransport() == TRANSPORT_TCP ) { - auto ta = static_cast<::analyzer::tcp::TCP_Analyzer*>(c->GetRootAnalyzer()); + auto ta = static_cast(c->GetRootAnalyzer()); assert(ta->IsAnalyzer("TCP")); - ::analyzer::tcp::TCP_Endpoint* to = ta->Orig(); - ::analyzer::tcp::TCP_Endpoint* tr = ta->Resp(); + zeek::analyzer::tcp::TCP_Endpoint* to = ta->Orig(); + zeek::analyzer::tcp::TCP_Endpoint* tr = ta->Resp(); tcp_stats.StateLeft(to->state, tr->state); } @@ -1273,10 +1274,10 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port, { // The new connection is starting either without a SYN, // or with a SYN ack. This means it's a partial connection. - if ( ! partial_connection_ok ) + if ( ! zeek::detail::partial_connection_ok ) return false; - if ( tcp_flags & TH_SYN && ! tcp_SYN_ack_ok ) + if ( tcp_flags & TH_SYN && ! zeek::detail::tcp_SYN_ack_ok ) return false; // Try to guess true responder by the port numbers. @@ -1310,7 +1311,7 @@ bool NetSessions::WantConnection(uint16_t src_port, uint16_t dst_port, void NetSessions::DumpPacket(const zeek::Packet *pkt, int len) { - if ( ! pkt_dumper ) + if ( ! zeek::run_state::detail::pkt_dumper ) return; if ( len != 0 ) @@ -1321,7 +1322,7 @@ void NetSessions::DumpPacket(const zeek::Packet *pkt, int len) const_cast(pkt)->cap_len = len; } - pkt_dumper->Dump(pkt); + zeek::run_state::detail::pkt_dumper->Dump(pkt); } void NetSessions::Weird(const char* name, const zeek::Packet* pkt, @@ -1331,7 +1332,7 @@ void NetSessions::Weird(const char* name, const zeek::Packet* pkt, dump_this_packet = true; if ( encap && encap->LastType() != BifEnum::Tunnel::NONE ) - zeek::reporter->Weird(fmt("%s_in_tunnel", name), addl); + zeek::reporter->Weird(zeek::util::fmt("%s_in_tunnel", name), addl); else zeek::reporter->Weird(name, addl); } @@ -1341,7 +1342,7 @@ void NetSessions::Weird(const char* name, const zeek::IP_Hdr* ip, { if ( encap && encap->LastType() != BifEnum::Tunnel::NONE ) zeek::reporter->Weird(ip->SrcAddr(), ip->DstAddr(), - fmt("%s_in_tunnel", name), addl); + zeek::util::fmt("%s_in_tunnel", name), addl); else zeek::reporter->Weird(ip->SrcAddr(), ip->DstAddr(), name, addl); } @@ -1350,7 +1351,7 @@ unsigned int NetSessions::ConnectionMemoryUsage() { unsigned int mem = 0; - if ( terminating ) + if ( zeek::run_state::terminating ) // Connections have been flushed already. return 0; @@ -1370,7 +1371,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals() { unsigned int mem = 0; - if ( terminating ) + if ( zeek::run_state::terminating ) // Connections have been flushed already. return 0; @@ -1388,7 +1389,7 @@ unsigned int NetSessions::ConnectionMemoryUsageConnVals() unsigned int NetSessions::MemoryAllocation() { - if ( terminating ) + if ( zeek::run_state::terminating ) // Connections have been flushed already. return 0; diff --git a/src/Sessions.h b/src/Sessions.h index 26e6d0bde7..a8b0c2132e 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -23,9 +23,8 @@ namespace zeek { struct ConnID; } using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID; ZEEK_FORWARD_DECLARE_NAMESPACED(Discarder, zeek::detail); - -namespace analyzer { namespace stepping_stone { class SteppingStoneManager; } } -namespace analyzer { namespace arp { class ARP_Analyzer; } } +ZEEK_FORWARD_DECLARE_NAMESPACED(SteppingStoneManager, zeek, analyzer::stepping_stone); +ZEEK_FORWARD_DECLARE_NAMESPACED(ARP_Analyzer, zeek, analyzer::arp); namespace zeek { @@ -91,11 +90,11 @@ public: zeek::detail::PacketFilter* GetPacketFilter() { if ( ! packet_filter ) - packet_filter = new zeek::detail::PacketFilter(packet_filter_default); + packet_filter = new zeek::detail::PacketFilter(detail::packet_filter_default); return packet_filter; } - ::analyzer::stepping_stone::SteppingStoneManager* GetSTPManager() { return stp_manager; } + zeek::analyzer::stepping_stone::SteppingStoneManager* GetSTPManager() { return stp_manager; } unsigned int CurrentConnections() { @@ -172,7 +171,7 @@ public: unsigned int ConnectionMemoryUsage(); unsigned int ConnectionMemoryUsageConnVals(); unsigned int MemoryAllocation(); - ::analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states + zeek::analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states protected: friend class ConnCompressor; @@ -235,9 +234,9 @@ protected: using IPTunnelMap = std::map; IPTunnelMap ip_tunnels; - ::analyzer::arp::ARP_Analyzer* arp_analyzer; + zeek::analyzer::arp::ARP_Analyzer* arp_analyzer; - ::analyzer::stepping_stone::SteppingStoneManager* stp_manager; + zeek::analyzer::stepping_stone::SteppingStoneManager* stp_manager; zeek::detail::Discarder* discarder; zeek::detail::PacketFilter* packet_filter; uint64_t num_packets_processed; diff --git a/src/SmithWaterman.cc b/src/SmithWaterman.cc index 86e17fc8d6..b773283608 100644 --- a/src/SmithWaterman.cc +++ b/src/SmithWaterman.cc @@ -359,7 +359,7 @@ static void sw_collect_multiple(Substring::Vec* result, { if ( (*it2)->DoesCover(*it3) ) { - delete_each(new_al); + zeek::util::delete_each(new_al); delete new_al; new_al = nullptr; goto end_loop; @@ -367,7 +367,7 @@ static void sw_collect_multiple(Substring::Vec* result, if ( (*it3)->DoesCover(*it2) ) { - delete_each(old_al); + zeek::util::delete_each(old_al); delete old_al; *it = 0; goto end_loop; diff --git a/src/Stats.cc b/src/Stats.cc index 26cd4af2fa..142c903926 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -3,7 +3,7 @@ #include "Conn.h" #include "File.h" #include "Event.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "ID.h" #include "Sessions.h" @@ -51,7 +51,7 @@ void ProfileTimer::Dispatch(double t, bool is_expire) // Reinstall timer. if ( ! is_expire ) - zeek::detail::timer_mgr->Add(new ProfileTimer(network_time + interval, + zeek::detail::timer_mgr->Add(new ProfileTimer(zeek::run_state::network_time + interval, logger, interval)); } @@ -71,11 +71,11 @@ ProfileLogger::~ProfileLogger() void ProfileLogger::Log() { - if ( terminating ) + if ( zeek::run_state::terminating ) // Connections have been flushed already. return; - file->Write(fmt("%.06f ------------------------\n", network_time)); + file->Write(zeek::util::fmt("%.06f ------------------------\n", zeek::run_state::network_time)); // Do expensive profiling only occasionally. bool expensive = false; @@ -90,14 +90,14 @@ void ProfileLogger::Log() struct timeval tv_stime = r.ru_stime; uint64_t total, malloced; - get_memory_usage(&total, &malloced); + zeek::util::get_memory_usage(&total, &malloced); static unsigned int first_total = 0; static double first_rtime = 0; static double first_utime = 0; static double first_stime = 0; - double rtime = current_time(); + double rtime = zeek::util::current_time(); double utime = double(tv_utime.tv_sec) + double(tv_utime.tv_usec) / 1e6; double stime = double(tv_stime.tv_sec) + double(tv_stime.tv_usec) / 1e6; @@ -108,27 +108,27 @@ void ProfileLogger::Log() first_utime = utime; first_stime = stime; - file->Write(fmt("%.06f Command line: ", network_time )); - for ( int i = 0; i < bro_argc; i++ ) + file->Write(zeek::util::fmt("%.06f Command line: ", zeek::run_state::network_time )); + for ( int i = 0; i < zeek_argc; i++ ) { - file->Write(bro_argv[i]); + file->Write(zeek_argv[i]); file->Write(" "); } - file->Write(fmt("\n%.06f ------------------------\n", network_time)); + file->Write(zeek::util::fmt("\n%.06f ------------------------\n", zeek::run_state::network_time)); } - file->Write(fmt("%.06f Memory: total=%" PRId64 "K total_adj=%" PRId64 "K malloced: %" PRId64 "K\n", - network_time, total / 1024, (total - first_total) / 1024, + file->Write(zeek::util::fmt("%.06f Memory: total=%" PRId64 "K total_adj=%" PRId64 "K malloced: %" PRId64 "K\n", + zeek::run_state::network_time, total / 1024, (total - first_total) / 1024, malloced / 1024)); - file->Write(fmt("%.06f Run-time: user+sys=%.1f user=%.1f sys=%.1f real=%.1f\n", - network_time, (utime + stime) - (first_utime + first_stime), + file->Write(zeek::util::fmt("%.06f Run-time: user+sys=%.1f user=%.1f sys=%.1f real=%.1f\n", + zeek::run_state::network_time, (utime + stime) - (first_utime + first_stime), utime - first_utime, stime - first_stime, rtime - first_rtime)); int conn_mem_use = expensive ? sessions->ConnectionMemoryUsage() : 0; - file->Write(fmt("%.06f Conns: total=%" PRIu64 " current=%" PRIu64 "/%" PRIi32 " mem=%" PRIi32 "K avg=%.1f table=%" PRIu32 "K connvals=%" PRIu32 "K\n", - network_time, + file->Write(zeek::util::fmt("%.06f Conns: total=%" PRIu64 " current=%" PRIu64 "/%" PRIi32 " mem=%" PRIi32 "K avg=%.1f table=%" PRIu32 "K connvals=%" PRIu32 "K\n", + zeek::run_state::network_time, Connection::TotalConnections(), Connection::CurrentConnections(), sessions->CurrentConnections(), @@ -141,20 +141,20 @@ void ProfileLogger::Log() SessionStats s; sessions->GetStats(s); - file->Write(fmt("%.06f Conns: tcp=%zu/%zu udp=%zu/%zu icmp=%zu/%zu\n", - network_time, + file->Write(zeek::util::fmt("%.06f Conns: tcp=%zu/%zu udp=%zu/%zu icmp=%zu/%zu\n", + zeek::run_state::network_time, s.num_TCP_conns, s.max_TCP_conns, s.num_UDP_conns, s.max_UDP_conns, s.num_ICMP_conns, s.max_ICMP_conns )); sessions->tcp_stats.PrintStats(file, - fmt("%.06f TCP-States:", network_time)); + zeek::util::fmt("%.06f TCP-States:", zeek::run_state::network_time)); // Alternatively, if you prefer more compact output... /* - file->Write(fmt("%.8f TCP-States: I=%d S=%d SA=%d SR=%d E=%d EF=%d ER=%d F=%d P=%d\n", - network_time, + file->Write(zeek::util::fmt("%.8f TCP-States: I=%d S=%d SA=%d SR=%d E=%d EF=%d ER=%d F=%d P=%d\n", + zeek::run_state::network_time, sessions->tcp_stats.StateInactive(), sessions->tcp_stats.StateRequest(), sessions->tcp_stats.StateSuccRequest(), @@ -167,10 +167,10 @@ void ProfileLogger::Log() )); */ - file->Write(fmt("%.06f Connections expired due to inactivity: %" PRIu64 "\n", - network_time, killed_by_inactivity)); + file->Write(zeek::util::fmt("%.06f Connections expired due to inactivity: %" PRIu64 "\n", + zeek::run_state::network_time, killed_by_inactivity)); - file->Write(fmt("%.06f Total reassembler data: %" PRIu64 "K\n", network_time, + file->Write(zeek::util::fmt("%.06f Total reassembler data: %" PRIu64 "K\n", zeek::run_state::network_time, Reassembler::TotalMemoryAllocation() / 1024)); // Signature engine. @@ -179,49 +179,49 @@ void ProfileLogger::Log() zeek::detail::RuleMatcher::Stats stats; zeek::detail::rule_matcher->GetStats(&stats); - file->Write(fmt("%06f RuleMatcher: matchers=%d nfa_states=%d dfa_states=%d " - "ncomputed=%d mem=%dK\n", network_time, stats.matchers, + file->Write(zeek::util::fmt("%06f RuleMatcher: matchers=%d nfa_states=%d dfa_states=%d " + "ncomputed=%d mem=%dK\n", zeek::run_state::network_time, stats.matchers, stats.nfa_states, stats.dfa_states, stats.computed, stats.mem / 1024)); } - file->Write(fmt("%.06f Timers: current=%d max=%d lag=%.2fs\n", - network_time, + file->Write(zeek::util::fmt("%.06f Timers: current=%d max=%d lag=%.2fs\n", + zeek::run_state::network_time, zeek::detail::timer_mgr->Size(), zeek::detail::timer_mgr->PeakSize(), - network_time - zeek::detail::timer_mgr->LastTimestamp())); + zeek::run_state::network_time - zeek::detail::timer_mgr->LastTimestamp())); zeek::detail::DNS_Mgr::Stats dstats; zeek::detail::dns_mgr->GetStats(&dstats); - file->Write(fmt("%.06f DNS_Mgr: requests=%lu succesful=%lu failed=%lu pending=%lu cached_hosts=%lu cached_addrs=%lu\n", - network_time, + file->Write(zeek::util::fmt("%.06f DNS_Mgr: requests=%lu succesful=%lu failed=%lu pending=%lu cached_hosts=%lu cached_addrs=%lu\n", + zeek::run_state::network_time, dstats.requests, dstats.successful, dstats.failed, dstats.pending, dstats.cached_hosts, dstats.cached_addresses)); zeek::detail::trigger::Manager::Stats tstats; - trigger_mgr->GetStats(&tstats); + zeek::detail::trigger_mgr->GetStats(&tstats); - file->Write(fmt("%.06f Triggers: total=%lu pending=%lu\n", network_time, tstats.total, tstats.pending)); + file->Write(zeek::util::fmt("%.06f Triggers: total=%lu pending=%lu\n", zeek::run_state::network_time, tstats.total, tstats.pending)); unsigned int* current_timers = zeek::detail::TimerMgr::CurrentTimers(); for ( int i = 0; i < zeek::detail::NUM_TIMER_TYPES; ++i ) { if ( current_timers[i] ) - file->Write(fmt("%.06f %s = %d\n", network_time, + file->Write(zeek::util::fmt("%.06f %s = %d\n", zeek::run_state::network_time, zeek::detail::timer_type_to_string(static_cast(i)), current_timers[i])); } - file->Write(fmt("%0.6f Threads: current=%d\n", network_time, thread_mgr->NumThreads())); + file->Write(zeek::util::fmt("%0.6f Threads: current=%d\n", zeek::run_state::network_time, zeek::thread_mgr->NumThreads())); - const threading::Manager::msg_stats_list& thread_stats = thread_mgr->GetMsgThreadStats(); + const threading::Manager::msg_stats_list& thread_stats = zeek::thread_mgr->GetMsgThreadStats(); for ( threading::Manager::msg_stats_list::const_iterator i = thread_stats.begin(); i != thread_stats.end(); ++i ) { threading::MsgThread::Stats s = i->second; - file->Write(fmt("%0.6f %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64 + file->Write(zeek::util::fmt("%0.6f %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64 " (#queue r/w: in=%" PRIu64 "/%" PRIu64 " out=%" PRIu64 "/%" PRIu64 ")" "\n", - network_time, + zeek::run_state::network_time, i->first.c_str(), s.sent_in, s.sent_out, s.pending_in, s.pending_out, @@ -232,12 +232,12 @@ void ProfileLogger::Log() auto cs = broker_mgr->GetStatistics(); - file->Write(fmt("%0.6f Comm: peers=%zu stores=%zu " + file->Write(zeek::util::fmt("%0.6f Comm: peers=%zu stores=%zu " "pending_queries=%zu " "events_in=%zu events_out=%zu " "logs_in=%zu logs_out=%zu " "ids_in=%zu ids_out=%zu ", - network_time, cs.num_peers, cs.num_stores, + zeek::run_state::network_time, cs.num_peers, cs.num_stores, cs.num_pending_queries, cs.num_events_incoming, cs.num_events_outgoing, cs.num_logs_incoming, cs.num_logs_outgoing, @@ -253,8 +253,8 @@ void ProfileLogger::Log() int total_table_entries = 0; int total_table_rentries = 0; - file->Write(fmt("%.06f Global_sizes > 100k: %dK\n", - network_time, mem / 1024)); + file->Write(zeek::util::fmt("%.06f Global_sizes > 100k: %dK\n", + zeek::run_state::network_time, mem / 1024)); for ( const auto& global : globals ) { @@ -294,12 +294,12 @@ void ProfileLogger::Log() if ( print ) { - file->Write(fmt("%.06f %s = %dK", - network_time, id->Name(), + file->Write(zeek::util::fmt("%.06f %s = %dK", + zeek::run_state::network_time, id->Name(), size / 1024)); if ( entries >= 0 ) - file->Write(fmt(" (%d/%d entries)\n", + file->Write(zeek::util::fmt(" (%d/%d entries)\n", entries, rentries)); else file->Write("\n"); @@ -307,10 +307,10 @@ void ProfileLogger::Log() } } - file->Write(fmt("%.06f Global_sizes total: %dK\n", - network_time, mem / 1024)); - file->Write(fmt("%.06f Total number of table entries: %d/%d\n", - network_time, + file->Write(zeek::util::fmt("%.06f Global_sizes total: %dK\n", + zeek::run_state::network_time, mem / 1024)); + file->Write(zeek::util::fmt("%.06f Total number of table entries: %d/%d\n", + zeek::run_state::network_time, total_table_entries, total_table_rentries)); } @@ -329,17 +329,17 @@ void ProfileLogger::SegmentProfile(const char* name, const zeek::detail::Locatio double dtime, int dmem) { if ( name ) - file->Write(fmt("%.06f segment-%s dt=%.06f dmem=%d\n", - network_time, name, dtime, dmem)); + file->Write(zeek::util::fmt("%.06f segment-%s dt=%.06f dmem=%d\n", + zeek::run_state::network_time, name, dtime, dmem)); else if ( loc ) - file->Write(fmt("%.06f segment-%s:%d dt=%.06f dmem=%d\n", - network_time, + file->Write(zeek::util::fmt("%.06f segment-%s:%d dt=%.06f dmem=%d\n", + zeek::run_state::network_time, loc->filename ? loc->filename : "nofile", loc->first_line, dtime, dmem)); else - file->Write(fmt("%.06f segment-XXX dt=%.06f dmem=%d\n", - network_time, dtime, dmem)); + file->Write(zeek::util::fmt("%.06f segment-XXX dt=%.06f dmem=%d\n", + zeek::run_state::network_time, dtime, dmem)); } @@ -442,7 +442,7 @@ void PacketProfiler::ProfilePkt(double t, unsigned int bytes) getrusage(RUSAGE_SELF, &res); gettimeofday(&ptimestamp, 0); - get_memory_usage(&last_mem, nullptr); + zeek::util::get_memory_usage(&last_mem, nullptr); last_Utime = res.ru_utime.tv_sec + res.ru_utime.tv_usec / 1e6; last_Stime = res.ru_stime.tv_sec + res.ru_stime.tv_usec / 1e6; last_Rtime = ptimestamp.tv_sec + ptimestamp.tv_usec / 1e6; @@ -466,14 +466,14 @@ void PacketProfiler::ProfilePkt(double t, unsigned int bytes) ptimestamp.tv_sec + ptimestamp.tv_usec / 1e6; uint64_t curr_mem; - get_memory_usage(&curr_mem, nullptr); + zeek::util::get_memory_usage(&curr_mem, nullptr); - file->Write(fmt("%.06f %.03f %" PRIu64 " %" PRIu64 " %.03f %.03f %.03f %" PRIu64 "\n", - t, time-last_timestamp, pkt_cnt, byte_cnt, - curr_Rtime - last_Rtime, - curr_Utime - last_Utime, - curr_Stime - last_Stime, - curr_mem - last_mem)); + file->Write(zeek::util::fmt("%.06f %.03f %" PRIu64 " %" PRIu64 " %.03f %.03f %.03f %" PRIu64 "\n", + t, time-last_timestamp, pkt_cnt, byte_cnt, + curr_Rtime - last_Rtime, + curr_Utime - last_Utime, + curr_Stime - last_Stime, + curr_mem - last_mem)); last_Utime = curr_Utime; last_Stime = curr_Stime; diff --git a/src/Stmt.cc b/src/Stmt.cc index 95105e8066..37d162b3c6 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -21,7 +21,9 @@ #include "logging/Manager.h" #include "logging/logging.bif.h" -const char* stmt_name(BroStmtTag t) +namespace zeek::detail { + +const char* stmt_name(StmtTag t) { static const char* stmt_names[int(NUM_STMTS)] = { "alarm", // Does no longer exist, but kept for keeping enums consistent. @@ -35,9 +37,7 @@ const char* stmt_name(BroStmtTag t) return stmt_names[int(t)]; } -namespace zeek::detail { - -Stmt::Stmt(BroStmtTag arg_tag) +Stmt::Stmt(StmtTag arg_tag) { tag = arg_tag; breakpoint_count = 0; @@ -143,7 +143,7 @@ void Stmt::AccessStats(ODesc* d) const if ( d->IncludeStats() ) { d->Add("(@"); - d->Add(last_access ? fmt_access_time(last_access) : ""); + d->Add(last_access ? zeek::util::detail::fmt_access_time(last_access) : ""); d->Add(" #"); d->Add(access_count); d->Add(")"); @@ -151,10 +151,10 @@ void Stmt::AccessStats(ODesc* d) const } } -ExprListStmt::ExprListStmt(BroStmtTag t, ListExprPtr arg_l) +ExprListStmt::ExprListStmt(StmtTag t, ListExprPtr arg_l) : Stmt(t), l(std::move(arg_l)) { - const expr_list& e = l->Exprs(); + const ExprPList& e = l->Exprs(); for ( const auto& expr : e ) { const auto& t = expr->GetType(); @@ -167,9 +167,9 @@ ExprListStmt::ExprListStmt(BroStmtTag t, ListExprPtr arg_l) ExprListStmt::~ExprListStmt() = default; -ValPtr ExprListStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr ExprListStmt::Exec(Frame* f, StmtFlowType& flow) const { - last_access = network_time; + last_access = zeek::run_state::network_time; flow = FLOW_NEXT; auto vals = eval_list(f, l.get()); @@ -192,7 +192,7 @@ TraversalCode ExprListStmt::Traverse(TraversalCallback* cb) const TraversalCode tc = cb->PreStmt(this); HANDLE_TC_STMT_PRE(tc); - const expr_list& e = l->Exprs(); + const ExprPList& e = l->Exprs(); for ( const auto& expr : e ) { tc = expr->Traverse(cb); @@ -233,13 +233,13 @@ static void print_log(const std::vector& vals) vec->Assign(vec->Size(), zeek::make_intrusive(d.Description())); } - record->Assign(0, zeek::make_intrusive(network_time)); + record->Assign(0, zeek::make_intrusive(zeek::run_state::network_time)); record->Assign(1, std::move(vec)); - log_mgr->Write(plval.get(), record.get()); + zeek::log_mgr->Write(plval.get(), record.get()); } ValPtr PrintStmt::DoExec(std::vector vals, - stmt_flow_type& /* flow */) const + StmtFlowType& /* flow */) const { RegisterAccess(); @@ -316,7 +316,7 @@ ExprStmt::ExprStmt(ExprPtr arg_e) : Stmt(STMT_EXPR), e(std::move(arg_e)) SetLocationInfo(e->GetLocationInfo()); } -ExprStmt::ExprStmt(BroStmtTag t, ExprPtr arg_e) : Stmt(t), e(std::move(arg_e)) +ExprStmt::ExprStmt(StmtTag t, ExprPtr arg_e) : Stmt(t), e(std::move(arg_e)) { if ( e ) SetLocationInfo(e->GetLocationInfo()); @@ -324,7 +324,7 @@ ExprStmt::ExprStmt(BroStmtTag t, ExprPtr arg_e) : Stmt(t), e(std::move(arg_e)) ExprStmt::~ExprStmt() = default; -ValPtr ExprStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr ExprStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -337,7 +337,7 @@ ValPtr ExprStmt::Exec(Frame* f, stmt_flow_type& flow) const return nullptr; } -ValPtr ExprStmt::DoExec(Frame* /* f */, Val* /* v */, stmt_flow_type& /* flow */) const +ValPtr ExprStmt::DoExec(Frame* /* f */, Val* /* v */, StmtFlowType& /* flow */) const { return nullptr; } @@ -399,7 +399,7 @@ IfStmt::IfStmt(ExprPtr test, IfStmt::~IfStmt() = default; -ValPtr IfStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const +ValPtr IfStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow) const { // Treat 0 as false, but don't require 1 for true. Stmt* do_stmt = v->IsZero() ? s2.get() : s1.get(); @@ -467,7 +467,7 @@ TraversalCode IfStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -static BroStmtTag get_last_stmt_tag(const Stmt* stmt) +static StmtTag get_last_stmt_tag(const Stmt* stmt) { if ( ! stmt ) return STMT_NULL; @@ -484,12 +484,12 @@ static BroStmtTag get_last_stmt_tag(const Stmt* stmt) return get_last_stmt_tag(stmts->Stmts()[len - 1]); } -Case::Case(ListExprPtr arg_expr_cases, id_list* arg_type_cases, +Case::Case(ListExprPtr arg_expr_cases, IDPList* arg_type_cases, StmtPtr arg_s) : expr_cases(std::move(arg_expr_cases)), type_cases(arg_type_cases), s(std::move(arg_s)) { - BroStmtTag t = get_last_stmt_tag(Body()); + StmtTag t = get_last_stmt_tag(Body()); if ( t != STMT_BREAK && t != STMT_FALLTHROUGH && t != STMT_RETURN ) Error("case block must end in break/fallthrough/return statement"); @@ -525,7 +525,7 @@ void Case::Describe(ODesc* d) const if ( expr_cases ) { - const expr_list& e = expr_cases->Exprs(); + const ExprPList& e = expr_cases->Exprs(); d->AddCount(e.length()); @@ -541,7 +541,7 @@ void Case::Describe(ODesc* d) const if ( type_cases ) { - const id_list& t = *type_cases; + const IDPList& t = *type_cases; d->AddCount(t.length()); @@ -622,7 +622,7 @@ SwitchStmt::SwitchStmt(ExprPtr index, case_list* arg_cases) { Case* c = (*cases)[i]; ListExpr* le = c->ExprCases(); - id_list* tl = c->TypeCases(); + IDPList* tl = c->TypeCases(); if ( le ) { @@ -637,7 +637,7 @@ SwitchStmt::SwitchStmt(ExprPtr index, case_list* arg_cases) continue; } - expr_list& exprs = le->Exprs(); + ExprPList& exprs = le->Exprs(); loop_over_list(exprs, j) { @@ -817,7 +817,7 @@ std::pair SwitchStmt::FindCaseLabelMatch(const Val* v) const return std::make_pair(label_idx, label_id); } -ValPtr SwitchStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const +ValPtr SwitchStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow) const { ValPtr rval; @@ -913,7 +913,7 @@ bool AddStmt::IsPure() const return false; } -ValPtr AddStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr AddStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -949,7 +949,7 @@ bool DelStmt::IsPure() const return false; } -ValPtr DelStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr DelStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -975,7 +975,7 @@ EventStmt::EventStmt(EventExprPtr arg_e) { } -ValPtr EventStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr EventStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); auto args = eval_list(f, event_expr->Args()); @@ -1052,7 +1052,7 @@ TraversalCode WhileStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -ValPtr WhileStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr WhileStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -1081,7 +1081,7 @@ ValPtr WhileStmt::Exec(Frame* f, stmt_flow_type& flow) const return rval; } -ForStmt::ForStmt(id_list* arg_loop_vars, ExprPtr loop_expr) +ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr) : ExprStmt(STMT_FOR, std::move(loop_expr)) { loop_vars = arg_loop_vars; @@ -1163,7 +1163,7 @@ ForStmt::ForStmt(id_list* arg_loop_vars, ExprPtr loop_expr) e->Error("target to iterate over must be a table, set, vector, or string"); } -ForStmt::ForStmt(id_list* arg_loop_vars, +ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr, IDPtr val_var) : ForStmt(arg_loop_vars, std::move(loop_expr)) { @@ -1195,7 +1195,7 @@ ForStmt::~ForStmt() delete loop_vars; } -ValPtr ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const +ValPtr ForStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow) const { ValPtr ret; @@ -1353,7 +1353,7 @@ TraversalCode ForStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -ValPtr NextStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const +ValPtr NextStmt::Exec(Frame* /* f */, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_LOOP; @@ -1380,7 +1380,7 @@ TraversalCode NextStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -ValPtr BreakStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const +ValPtr BreakStmt::Exec(Frame* /* f */, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_BREAK; @@ -1407,7 +1407,7 @@ TraversalCode BreakStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -ValPtr FallthroughStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const +ValPtr FallthroughStmt::Exec(Frame* /* f */, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_FALLTHROUGH; @@ -1478,7 +1478,7 @@ ReturnStmt::ReturnStmt(ExprPtr arg_e) } } -ValPtr ReturnStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr ReturnStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_RETURN; @@ -1517,7 +1517,7 @@ StmtList::~StmtList() Unref(stmt); } -ValPtr StmtList::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr StmtList::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -1596,7 +1596,7 @@ TraversalCode StmtList::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -ValPtr EventBodyList::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr EventBodyList::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -1621,7 +1621,7 @@ ValPtr EventBodyList::Exec(Frame* f, stmt_flow_type& flow) const } // Simulate a return so the hooks operate properly. - stmt_flow_type ft = FLOW_RETURN; + StmtFlowType ft = FLOW_RETURN; (void) post_execute_stmt(f->GetNextStmt(), f, nullptr, &ft); return nullptr; @@ -1662,7 +1662,7 @@ InitStmt::InitStmt(std::vector arg_inits) : Stmt(STMT_INIT) SetLocationInfo(inits[0]->GetLocationInfo()); } -ValPtr InitStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr InitStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -1727,7 +1727,7 @@ TraversalCode InitStmt::Traverse(TraversalCallback* cb) const HANDLE_TC_STMT_POST(tc); } -ValPtr NullStmt::Exec(Frame* /* f */, stmt_flow_type& flow) const +ValPtr NullStmt::Exec(Frame* /* f */, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; @@ -1782,7 +1782,7 @@ WhenStmt::WhenStmt(ExprPtr arg_cond, WhenStmt::~WhenStmt() = default; -ValPtr WhenStmt::Exec(Frame* f, stmt_flow_type& flow) const +ValPtr WhenStmt::Exec(Frame* f, StmtFlowType& flow) const { RegisterAccess(); flow = FLOW_NEXT; diff --git a/src/Stmt.h b/src/Stmt.h index b784b995e4..10cfa22856 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -4,7 +4,7 @@ // BRO statements. -#include "BroList.h" +#include "ZeekList.h" #include "Dict.h" #include "ID.h" #include "Obj.h" @@ -16,6 +16,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail); +namespace zeek::run_state { extern double network_time; } + namespace zeek::detail { class StmtList; @@ -31,11 +33,11 @@ using StmtPtr = zeek::IntrusivePtr; class Stmt : public Obj { public: - BroStmtTag Tag() const { return tag; } + StmtTag Tag() const { return tag; } ~Stmt() override; - virtual ValPtr Exec(Frame* f, stmt_flow_type& flow) const = 0; + virtual ValPtr Exec(Frame* f, StmtFlowType& flow) const = 0; Stmt* Ref() { zeek::Ref(this); return this; } @@ -51,7 +53,7 @@ public: ForStmt* AsForStmt(); - void RegisterAccess() const { last_access = network_time; access_count++; } + void RegisterAccess() const { last_access = zeek::run_state::network_time; access_count++; } void AccessStats(ODesc* d) const; uint32_t GetAccessCount() const { return access_count; } @@ -65,12 +67,12 @@ public: virtual TraversalCode Traverse(TraversalCallback* cb) const = 0; protected: - explicit Stmt(BroStmtTag arg_tag); + explicit Stmt(StmtTag arg_tag); void AddTag(ODesc* d) const; void DescribeDone(ODesc* d) const; - BroStmtTag tag; + StmtTag tag; int breakpoint_count; // how many breakpoints on this statement // FIXME: Learn the exact semantics of mutable. @@ -85,13 +87,13 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - ExprListStmt(BroStmtTag t, ListExprPtr arg_l); + ExprListStmt(StmtTag t, ListExprPtr arg_l); ~ExprListStmt() override; - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; virtual ValPtr DoExec(std::vector vals, - stmt_flow_type& flow) const = 0; + StmtFlowType& flow) const = 0; void Describe(ODesc* d) const override; @@ -105,7 +107,7 @@ public: protected: ValPtr DoExec(std::vector vals, - stmt_flow_type& flow) const override; + StmtFlowType& flow) const override; }; class ExprStmt : public Stmt { @@ -113,7 +115,7 @@ public: explicit ExprStmt(ExprPtr e); ~ExprStmt() override; - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; const Expr* StmtExpr() const { return e.get(); } @@ -122,9 +124,9 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - ExprStmt(BroStmtTag t, ExprPtr e); + ExprStmt(StmtTag t, ExprPtr e); - virtual ValPtr DoExec(Frame* f, Val* v, stmt_flow_type& flow) const; + virtual ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const; bool IsPure() const override; @@ -144,7 +146,7 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - ValPtr DoExec(Frame* f, Val* v, stmt_flow_type& flow) const override; + ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const override; bool IsPure() const override; StmtPtr s1; @@ -153,14 +155,14 @@ protected: class Case final : public Obj { public: - Case(ListExprPtr c, id_list* types, StmtPtr arg_s); + Case(ListExprPtr c, IDPList* types, StmtPtr arg_s); ~Case() override; const ListExpr* ExprCases() const { return expr_cases.get(); } ListExpr* ExprCases() { return expr_cases.get(); } - const id_list* TypeCases() const { return type_cases; } - id_list* TypeCases() { return type_cases; } + const IDPList* TypeCases() const { return type_cases; } + IDPList* TypeCases() { return type_cases; } const Stmt* Body() const { return s.get(); } Stmt* Body() { return s.get(); } @@ -171,7 +173,7 @@ public: protected: ListExprPtr expr_cases; - id_list* type_cases; + IDPList* type_cases; StmtPtr s; }; @@ -189,7 +191,7 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - ValPtr DoExec(Frame* f, Val* v, stmt_flow_type& flow) const override; + ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const override; bool IsPure() const override; // Initialize composite hash and case label map. @@ -223,7 +225,7 @@ public: explicit AddStmt(ExprPtr e); bool IsPure() const override; - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; TraversalCode Traverse(TraversalCallback* cb) const override; }; @@ -233,7 +235,7 @@ public: explicit DelStmt(ExprPtr e); bool IsPure() const override; - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; TraversalCode Traverse(TraversalCallback* cb) const override; }; @@ -242,7 +244,7 @@ class EventStmt final : public ExprStmt { public: explicit EventStmt(EventExprPtr e); - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; TraversalCode Traverse(TraversalCallback* cb) const override; @@ -263,7 +265,7 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; ExprPtr loop_condition; StmtPtr body; @@ -271,14 +273,14 @@ protected: class ForStmt final : public ExprStmt { public: - ForStmt(id_list* loop_vars, ExprPtr loop_expr); + ForStmt(IDPList* loop_vars, ExprPtr loop_expr); // Special constructor for key value for loop. - ForStmt(id_list* loop_vars, ExprPtr loop_expr, IDPtr val_var); + ForStmt(IDPList* loop_vars, ExprPtr loop_expr, IDPtr val_var); ~ForStmt() override; void AddBody(StmtPtr arg_body) { body = std::move(arg_body); } - const id_list* LoopVar() const { return loop_vars; } + const IDPList* LoopVar() const { return loop_vars; } const Expr* LoopExpr() const { return e.get(); } const Stmt* LoopBody() const { return body.get(); } @@ -289,9 +291,9 @@ public: TraversalCode Traverse(TraversalCallback* cb) const override; protected: - ValPtr DoExec(Frame* f, Val* v, stmt_flow_type& flow) const override; + ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const override; - id_list* loop_vars; + IDPList* loop_vars; StmtPtr body; // Stores the value variable being used for a key value for loop. // Always set to nullptr unless special constructor is called. @@ -302,7 +304,7 @@ class NextStmt final : public Stmt { public: NextStmt() : Stmt(STMT_NEXT) { } - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; bool IsPure() const override; void Describe(ODesc* d) const override; @@ -316,7 +318,7 @@ class BreakStmt final : public Stmt { public: BreakStmt() : Stmt(STMT_BREAK) { } - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; bool IsPure() const override; void Describe(ODesc* d) const override; @@ -330,7 +332,7 @@ class FallthroughStmt final : public Stmt { public: FallthroughStmt() : Stmt(STMT_FALLTHROUGH) { } - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; bool IsPure() const override; void Describe(ODesc* d) const override; @@ -344,7 +346,7 @@ class ReturnStmt final : public ExprStmt { public: explicit ReturnStmt(ExprPtr e); - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; void Describe(ODesc* d) const override; }; @@ -354,10 +356,10 @@ public: StmtList(); ~StmtList() override; - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; - const stmt_list& Stmts() const { return stmts; } - stmt_list& Stmts() { return stmts; } + const StmtPList& Stmts() const { return stmts; } + StmtPList& Stmts() { return stmts; } void Describe(ODesc* d) const override; @@ -366,7 +368,7 @@ public: protected: bool IsPure() const override; - stmt_list stmts; + StmtPList stmts; }; class EventBodyList final : public StmtList { @@ -374,7 +376,7 @@ public: EventBodyList() : StmtList() { topmost = false; tag = STMT_EVENT_BODY_LIST; } - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; void Describe(ODesc* d) const override; @@ -390,7 +392,7 @@ class InitStmt final : public Stmt { public: explicit InitStmt(std::vector arg_inits); - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; const std::vector& Inits() const { return inits; } @@ -407,7 +409,7 @@ class NullStmt final : public Stmt { public: NullStmt() : Stmt(STMT_NULL) { } - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; bool IsPure() const override; void Describe(ODesc* d) const override; @@ -423,7 +425,7 @@ public: ExprPtr timeout, bool is_return); ~WhenStmt() override; - ValPtr Exec(Frame* f, stmt_flow_type& flow) const override; + ValPtr Exec(Frame* f, StmtFlowType& flow) const override; bool IsPure() const override; const Expr* Cond() const { return cond.get(); } @@ -443,7 +445,7 @@ protected: bool is_return; }; -} +} // namespace zeek::detail using Stmt [[deprecated("Remove in v4.1. Use zeek::detail::Stmt instead.")]] = zeek::detail::Stmt; using ExprListStmt [[deprecated("Remove in v4.1. Use zeek::detail::ExprListStmt instead.")]] = zeek::detail::ExprListStmt; diff --git a/src/StmtEnums.h b/src/StmtEnums.h index d2c2eb9e62..7847206a76 100644 --- a/src/StmtEnums.h +++ b/src/StmtEnums.h @@ -1,10 +1,11 @@ // See the file "COPYING" in the main distribution directory for copyright. - #pragma once -// These are in a separate file to break circular dependences -typedef enum { +namespace zeek::detail { + +// These are in a separate file to break circular dependences +enum StmtTag { STMT_ANY = -1, STMT_ALARM, // Does no longer exist but kept to create enums consistent. STMT_PRINT, STMT_EVENT, @@ -19,14 +20,47 @@ typedef enum { STMT_WHILE, STMT_NULL #define NUM_STMTS (int(STMT_NULL) + 1) -} BroStmtTag; +}; -typedef enum { +enum StmtFlowType { FLOW_NEXT, // continue on to next statement FLOW_LOOP, // go to top of loop FLOW_BREAK, // break out of loop FLOW_RETURN, // return from function FLOW_FALLTHROUGH // fall through to next switch case -} stmt_flow_type; +}; -extern const char* stmt_name(BroStmtTag t); +extern const char* stmt_name(StmtTag t); + +} // namespace zeek::detail + +using BroStmtTag [[deprecated("Remove in v4.1. Use zeek::detail::StmtTag.")]] = zeek::detail::StmtTag; +constexpr auto STMT_ANY [[deprecated("Remove in v4.1. Use zeek::detail::STMT_ANY.")]] = zeek::detail::STMT_ANY; +constexpr auto STMT_ALARM [[deprecated("Remove in v4.1. Use zeek::detail::STMT_ALARM.")]] = zeek::detail::STMT_ALARM; +constexpr auto STMT_PRINT [[deprecated("Remove in v4.1. Use zeek::detail::STMT_PRINT.")]] = zeek::detail::STMT_PRINT; +constexpr auto STMT_EVENT [[deprecated("Remove in v4.1. Use zeek::detail::STMT_EVENT.")]] = zeek::detail::STMT_EVENT; +constexpr auto STMT_EXPR [[deprecated("Remove in v4.1. Use zeek::detail::STMT_EXPR.")]] = zeek::detail::STMT_EXPR; +constexpr auto STMT_IF [[deprecated("Remove in v4.1. Use zeek::detail::STMT_IF.")]] = zeek::detail::STMT_IF; +constexpr auto STMT_WHEN [[deprecated("Remove in v4.1. Use zeek::detail::STMT_WHEN.")]] = zeek::detail::STMT_WHEN; +constexpr auto STMT_SWITCH [[deprecated("Remove in v4.1. Use zeek::detail::STMT_SWITCH.")]] = zeek::detail::STMT_SWITCH; +constexpr auto STMT_FOR [[deprecated("Remove in v4.1. Use zeek::detail::STMT_FOR.")]] = zeek::detail::STMT_FOR; +constexpr auto STMT_NEXT [[deprecated("Remove in v4.1. Use zeek::detail::STMT_NEXT.")]] = zeek::detail::STMT_NEXT; +constexpr auto STMT_BREAK [[deprecated("Remove in v4.1. Use zeek::detail::STMT_BREAK.")]] = zeek::detail::STMT_BREAK; +constexpr auto STMT_RETURN [[deprecated("Remove in v4.1. Use zeek::detail::STMT_RETURN.")]] = zeek::detail::STMT_RETURN; +constexpr auto STMT_ADD [[deprecated("Remove in v4.1. Use zeek::detail::STMT_ADD.")]] = zeek::detail::STMT_ADD; +constexpr auto STMT_DELETE [[deprecated("Remove in v4.1. Use zeek::detail::STMT_DELETE.")]] = zeek::detail::STMT_DELETE; +constexpr auto STMT_LIST [[deprecated("Remove in v4.1. Use zeek::detail::STMT_LIST.")]] = zeek::detail::STMT_LIST; +constexpr auto STMT_EVENT_BODY_LIST [[deprecated("Remove in v4.1. Use zeek::detail::STMT_EVENT_BODY_LIST.")]] = zeek::detail::STMT_EVENT_BODY_LIST; +constexpr auto STMT_INIT [[deprecated("Remove in v4.1. Use zeek::detail::STMT_INIT.")]] = zeek::detail::STMT_INIT; +constexpr auto STMT_FALLTHROUGH [[deprecated("Remove in v4.1. Use zeek::detail::STMT_FALLTHROUGH.")]] = zeek::detail::STMT_FALLTHROUGH; +constexpr auto STMT_WHILE [[deprecated("Remove in v4.1. Use zeek::detail::STMT_WHILE.")]] = zeek::detail::STMT_WHILE; +constexpr auto STMT_NULL [[deprecated("Remove in v4.1. Use zeek::detail::STMT_NULL.")]] = zeek::detail::STMT_NULL; + +using stmt_flow_type [[deprecated("Remove in v4.1. Use zeek::detail::StmtFlowType.")]] = zeek::detail::StmtFlowType; +constexpr auto FLOW_NEXT [[deprecated("Remove in v4.1. Use zeek::detail::FLOW_NEXT.")]] = zeek::detail::FLOW_NEXT; +constexpr auto FLOW_LOOP [[deprecated("Remove in v4.1. Use zeek::detail::FLOW_LOOP.")]] = zeek::detail::FLOW_LOOP; +constexpr auto FLOW_BREAK [[deprecated("Remove in v4.1. Use zeek::detail::FLOW_BREAK.")]] = zeek::detail::FLOW_BREAK; +constexpr auto FLOW_RETURN [[deprecated("Remove in v4.1. Use zeek::detail::FLOW_RETURN.")]] = zeek::detail::FLOW_RETURN; +constexpr auto FLOW_FALLTHROUGH [[deprecated("Remove in v4.1. Use zeek::detail::FLOW_FALLTHROUGH.")]] = zeek::detail::FLOW_FALLTHROUGH; + +constexpr auto stmt_name [[deprecated("Remove in v4.1. Use zeek::detail::stmt_name.")]] = zeek::detail::stmt_name; diff --git a/src/Tag.cc b/src/Tag.cc index fc9036150f..a3741eac84 100644 --- a/src/Tag.cc +++ b/src/Tag.cc @@ -92,7 +92,7 @@ zeek::EnumVal* Tag::AsEnumVal(zeek::EnumType* etype) const std::string Tag::AsString() const { - return fmt("%" PRIu32 "/%" PRIu32, type, subtype); + return zeek::util::fmt("%" PRIu32 "/%" PRIu32, type, subtype); } } // namespace zeek diff --git a/src/Timer.cc b/src/Timer.cc index 0bca3ff670..48722c0f54 100644 --- a/src/Timer.cc +++ b/src/Timer.cc @@ -5,7 +5,7 @@ #include "util.h" #include "Timer.h" #include "Desc.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "broker/Manager.h" #include "iosource/Manager.h" @@ -69,8 +69,8 @@ TimerMgr::TimerMgr() num_expired = 0; last_advance = last_timestamp = 0; - if ( iosource_mgr ) - iosource_mgr->Register(this, true); + if ( zeek::iosource_mgr ) + zeek::iosource_mgr->Register(this, true); } TimerMgr::~TimerMgr() @@ -95,19 +95,20 @@ void TimerMgr::Process() // If we don't have a source, or the source is closed, or we're reading live (which includes // pseudo-realtime), advance the timer here to the current time since otherwise it won't // move forward and the timers won't fire correctly. - iosource::PktSrc* pkt_src = iosource_mgr->GetPktSrc(); - if ( ! pkt_src || ! pkt_src->IsOpen() || reading_live || net_is_processing_suspended() ) - net_update_time(current_time()); + iosource::PktSrc* pkt_src = zeek::iosource_mgr->GetPktSrc(); + if ( ! pkt_src || ! pkt_src->IsOpen() || zeek::run_state::reading_live || zeek::run_state::is_processing_suspended() ) + zeek::run_state::detail::update_network_time(zeek::util::current_time()); // Just advance the timer manager based on the current network time. This won't actually // change the time, but will dispatch any timers that need dispatching. - current_dispatched += Advance(network_time, max_timer_expires - current_dispatched); + zeek::run_state::current_dispatched += Advance( + zeek::run_state::network_time, max_timer_expires - zeek::run_state::current_dispatched); } void TimerMgr::InitPostScript() { - if ( iosource_mgr ) - iosource_mgr->Register(this, true); + if ( zeek::iosource_mgr ) + zeek::iosource_mgr->Register(this, true); } PQ_TimerMgr::PQ_TimerMgr() : TimerMgr() @@ -185,7 +186,7 @@ double PQ_TimerMgr::GetNextTimeout() { Timer* top = Top(); if ( top ) - return std::max(0.0, top->Time() - ::network_time); + return std::max(0.0, top->Time() - zeek::run_state::network_time); return -1; } diff --git a/src/Trigger.cc b/src/Trigger.cc index 8998239c0b..3e03810a01 100644 --- a/src/Trigger.cc +++ b/src/Trigger.cc @@ -85,12 +85,12 @@ TraversalCode zeek::detail::trigger::TriggerTraversalCallback::PreExpr(const zee class TriggerTimer final : public Timer { public: TriggerTimer(double arg_timeout, Trigger* arg_trigger) - : Timer(network_time + arg_timeout, TIMER_TRIGGER) + : Timer(zeek::run_state::network_time + arg_timeout, TIMER_TRIGGER) { Ref(arg_trigger); trigger = arg_trigger; timeout = arg_timeout; - time = network_time; + time = zeek::run_state::network_time; } ~TriggerTimer() @@ -296,7 +296,7 @@ bool Trigger::Eval() Name()); v = nullptr; - stmt_flow_type flow; + StmtFlowType flow; try { @@ -313,7 +313,7 @@ bool Trigger::Eval() assert(trigger->attached == this); #ifdef DEBUG - const char* pname = copy_string(trigger->Name()); + const char* pname = zeek::util::copy_string(trigger->Name()); DBG_LOG(zeek::DBG_NOTIFIERS, "%s: trigger has parent %s, caching result", Name(), pname); delete [] pname; #endif @@ -347,7 +347,7 @@ void Trigger::Timeout() DBG_LOG(zeek::DBG_NOTIFIERS, "%s: timeout", Name()); if ( timeout_stmts ) { - stmt_flow_type flow; + StmtFlowType flow; FramePtr f{zeek::AdoptRef{}, frame->Clone()}; ValPtr v; @@ -366,7 +366,7 @@ void Trigger::Timeout() assert(trigger->attached == this); #ifdef DEBUG - const char* pname = copy_string(trigger->Name()); + const char* pname = zeek::util::copy_string(trigger->Name()); DBG_LOG(zeek::DBG_NOTIFIERS, "%s: trigger has parent %s, caching timeout result", Name(), pname); delete [] pname; #endif @@ -388,7 +388,7 @@ void Trigger::Timeout() void Trigger::Register(zeek::detail::ID* id) { assert(! disabled); - notifier::registry.Register(id, this); + zeek::notifier::detail::registry.Register(id, this); Ref(id); objs.push_back({id, id}); @@ -400,7 +400,7 @@ void Trigger::Register(Val* val) return; assert(! disabled); - notifier::registry.Register(val->Modifiable(), this); + zeek::notifier::detail::registry.Register(val->Modifiable(), this); Ref(val); objs.emplace_back(val, val->Modifiable()); @@ -412,7 +412,7 @@ void Trigger::UnregisterAll() for ( const auto& o : objs ) { - notifier::registry.Unregister(o.second, this); + zeek::notifier::detail::registry.Unregister(o.second, this); Unref(o.first); } @@ -426,7 +426,7 @@ void Trigger::Attach(Trigger *trigger) assert(! trigger->delayed); #ifdef DEBUG - const char* pname = copy_string(trigger->Name()); + const char* pname = zeek::util::copy_string(trigger->Name()); DBG_LOG(zeek::DBG_NOTIFIERS, "%s: attaching to %s", Name(), pname); delete [] pname; #endif @@ -454,7 +454,7 @@ bool Trigger::Cache(const zeek::detail::CallExpr* expr, Val* v) Ref(v); - trigger_mgr->Queue(this); + zeek::detail::trigger_mgr->Queue(this); return true; } @@ -478,24 +478,24 @@ void Trigger::Describe(ODesc* d) const d->Add(""); } -void Trigger::Modified(notifier::Modifiable* m) +void Trigger::Modified(zeek::notifier::detail::Modifiable* m) { - trigger_mgr->Queue(this); + zeek::detail::trigger_mgr->Queue(this); } const char* Trigger::Name() const { assert(location); - return fmt("%s:%d-%d", location->filename, - location->first_line, location->last_line); + return zeek::util::fmt("%s:%d-%d", location->filename, + location->first_line, location->last_line); } -Manager::Manager() : IOSource() +Manager::Manager() : zeek::iosource::IOSource() { pending = new TriggerList(); - iosource_mgr->Register(this, true); + zeek::iosource_mgr->Register(this, true); } Manager::~Manager() @@ -505,7 +505,7 @@ Manager::~Manager() double Manager::GetNextTimeout() { - return pending->empty() ? -1 : network_time + 0.100; + return pending->empty() ? -1 : zeek::run_state::network_time + 0.100; } void Manager::Process() @@ -540,7 +540,7 @@ void Manager::Queue(Trigger* trigger) Ref(trigger); pending->push_back(trigger); total_triggers++; - iosource_mgr->Wakeup(Tag()); + zeek::iosource_mgr->Wakeup(Tag()); } } diff --git a/src/Trigger.h b/src/Trigger.h index 19ead2909e..d12c3c4ccd 100644 --- a/src/Trigger.h +++ b/src/Trigger.h @@ -18,7 +18,9 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail); -namespace zeek::detail::trigger { +namespace zeek::detail { +namespace trigger { + // Triggers are the heart of "when" statements: expressions that when // they become true execute a body of statements. @@ -26,7 +28,7 @@ namespace zeek::detail::trigger { class TriggerTimer; class TriggerTraversalCallback; -class Trigger final : public Obj, public notifier::Receiver { +class Trigger final : public Obj, public zeek::notifier::detail::Receiver { public: // Don't access Trigger objects; they take care of themselves after // instantiation. Note that if the condition is already true, the @@ -76,7 +78,7 @@ public: // Overidden from Notifier. We queue the trigger and evaluate it // later to avoid race conditions. - void Modified(notifier::Modifiable* m) override; + void Modified(zeek::notifier::detail::Modifiable* m) override; // Overridden from notifer::Receiver. If we're still waiting // on an ID/Val to be modified at termination time, we can't hope @@ -109,7 +111,7 @@ private: bool delayed; // true if a function call is currently being delayed bool disabled; - std::vector> objs; + std::vector> objs; using ValCache = std::map; ValCache cache; @@ -117,7 +119,7 @@ private: using TriggerPtr = zeek::IntrusivePtr; -class Manager final : public iosource::IOSource { +class Manager final : public zeek::iosource::IOSource { public: Manager(); @@ -143,11 +145,17 @@ private: unsigned long total_triggers = 0; }; -} +} // namespace trigger + +extern trigger::Manager* trigger_mgr; + +} // namespace zeek::detail namespace trigger { - using Trigger [[deprecated("Remove in v4.1. Use zeek::detail::trigger::Trigger instead")]] = zeek::detail::trigger::Trigger; - using Manager [[deprecated("Remove in v4.1. Use zeek::detail::trigger::Manager instead")]] = zeek::detail::trigger::Manager; -} -extern zeek::detail::trigger::Manager* trigger_mgr; +using Trigger [[deprecated("Remove in v4.1. Use zeek::detail::trigger::Trigger.")]] = zeek::detail::trigger::Trigger; +using Manager [[deprecated("Remove in v4.1. Use zeek::detail::trigger::Manager.")]] = zeek::detail::trigger::Manager; + +} // namespace trigger + +extern zeek::detail::trigger::Manager*& trigger_mgr [[deprecated("Remove in v4.1. Use zeek::detail::trigger_mgr.")]]; diff --git a/src/TunnelEncapsulation.cc b/src/TunnelEncapsulation.cc index 72fa04a53f..43e532c7bd 100644 --- a/src/TunnelEncapsulation.cc +++ b/src/TunnelEncapsulation.cc @@ -13,7 +13,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t) { if ( ! uid ) { - uid.Set(bits_per_uid); + uid.Set(zeek::detail::bits_per_uid); c->SetUID(uid); } } diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index e0698a4ce6..89003017b9 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -46,7 +46,7 @@ public: BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP) : src_addr(s), dst_addr(d), src_port(0), dst_port(0), proto(TRANSPORT_UNKNOWN), type(t), - uid(zeek::UID(bits_per_uid)) + uid(zeek::UID(detail::bits_per_uid)) { } diff --git a/src/Type.cc b/src/Type.cc index 5fc412a0fa..4dc15f9114 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -266,7 +266,7 @@ void Type::Describe(ODesc* d) const void Type::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":zeek:type:`%s`", type_name(Tag()))); + d->Add(zeek::util::fmt(":zeek:type:`%s`", type_name(Tag()))); } void Type::SetError() @@ -339,7 +339,7 @@ unsigned int TypeList::MemoryAllocation() const for ( const auto& t : types ) size += t->MemoryAllocation(); - size += pad_size(types.capacity() * sizeof(decltype(types)::value_type)); + size += zeek::util::pad_size(types.capacity() * sizeof(decltype(types)::value_type)); return Type::MemoryAllocation() + padded_sizeof(*this) - padded_sizeof(Type) @@ -350,7 +350,7 @@ int IndexType::MatchesIndex(zeek::detail::ListExpr* const index) const { // If we have a type indexed by subnets, addresses are ok. const auto& types = indices->GetTypes(); - const expr_list& exprs = index->Exprs(); + const ExprPList& exprs = index->Exprs(); if ( types.size() == 1 && types[0]->Tag() == TYPE_SUBNET && exprs.length() == 1 && exprs[0]->GetType()->Tag() == TYPE_ADDR ) @@ -553,8 +553,8 @@ FuncType::FuncType(RecordTypePtr arg_args, else if ( has_default_arg ) { - const char* err_str = fmt("required parameter '%s' must precede " - "default parameters", td->id); + const char* err_str = zeek::util::fmt("required parameter '%s' must precede " + "default parameters", td->id); args->Error(err_str); } @@ -603,7 +603,7 @@ int FuncType::MatchesIndex(zeek::detail::ListExpr* const index) const MATCHES_INDEX_SCALAR : DOES_NOT_MATCH_INDEX; } -bool FuncType::CheckArgs(const type_list* args, bool is_init) const +bool FuncType::CheckArgs(const TypePList* args, bool is_init) const { std::vector as; as.reserve(args->length()); @@ -621,8 +621,8 @@ bool FuncType::CheckArgs(const std::vector& args, if ( my_args.size() != args.size() ) { - Warn(fmt("Wrong number of arguments for function. Expected %zu, got %zu.", - args.size(), my_args.size())); + Warn(zeek::util::fmt("Wrong number of arguments for function. Expected %zu, got %zu.", + args.size(), my_args.size())); return false; } @@ -631,8 +631,8 @@ bool FuncType::CheckArgs(const std::vector& args, for ( size_t i = 0; i < my_args.size(); ++i ) if ( ! same_type(args[i], my_args[i], is_init) ) { - Warn(fmt("Type mismatch in function argument #%zu. Expected %s, got %s.", - i, type_name(args[i]->Tag()), type_name(my_args[i]->Tag()))); + Warn(zeek::util::fmt("Type mismatch in function argument #%zu. Expected %s, got %s.", + i, type_name(args[i]->Tag()), type_name(my_args[i]->Tag()))); success = false; } @@ -719,7 +719,7 @@ std::optional FuncType::FindPrototype(const RecordType& arg const auto& desired_type = args.GetFieldType(i); if ( ! same_type(ptype, desired_type) || - ! streq(args.FieldName(i), p.args->FieldName(i)) ) + ! zeek::util::streq(args.FieldName(i), p.args->FieldName(i)) ) { matched = false; break; @@ -744,7 +744,7 @@ TypeDecl::TypeDecl(const TypeDecl& other) type = other.type; attrs = other.attrs; - id = copy_string(other.id); + id = zeek::util::copy_string(other.id); } TypeDecl::~TypeDecl() @@ -821,7 +821,7 @@ int RecordType::FieldOffset(const char* field) const loop_over_list(*types, i) { TypeDecl* td = (*types)[i]; - if ( streq(td->id, field) ) + if ( zeek::util::streq(td->id, field) ) return i; } @@ -1045,7 +1045,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const d->Add(""); else { - if ( num_fields == 1 && streq(td->id, "va_args") && + if ( num_fields == 1 && zeek::util::streq(td->id, "va_args") && td->type->Tag() == TYPE_ANY ) // This was a BIF using variable argument list d->Add("..."); @@ -1056,8 +1056,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const if ( func_args ) continue; - using zeekygen::IdentifierInfo; - IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(GetName()); + zeek::zeekygen::detail::IdentifierInfo* doc = zeek::detail::zeekygen_mgr->GetIdentifierInfo(GetName()); if ( ! doc ) { @@ -1076,7 +1075,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const field_from_script != type_from_script ) { d->PushIndent(); - d->Add(zeekygen::redef_indication(field_from_script).c_str()); + d->Add(zeek::zeekygen::detail::redef_indication(field_from_script).c_str()); d->PopIndent(); } @@ -1096,7 +1095,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const { string s = cmnts[i]; - if ( zeekygen::prettify_params(s) ) + if ( zeek::zeekygen::detail::prettify_params(s) ) d->NL(); d->Add(s.c_str()); @@ -1122,11 +1121,11 @@ string RecordType::GetFieldDeprecationWarning(int field, bool has_check) const result = deprecation->DeprecationMessage(); if ( result.empty() ) - return fmt("deprecated (%s%s$%s)", GetName().c_str(), has_check ? "?" : "", - FieldName(field)); + return zeek::util::fmt("deprecated (%s%s$%s)", GetName().c_str(), has_check ? "?" : "", + FieldName(field)); else - return fmt("deprecated (%s%s$%s): %s", GetName().c_str(), has_check ? "?" : "", - FieldName(field), result.c_str()); + return zeek::util::fmt("deprecated (%s%s$%s): %s", GetName().c_str(), has_check ? "?" : "", + FieldName(field), result.c_str()); } return ""; @@ -1182,7 +1181,7 @@ void OpaqueType::Describe(ODesc* d) const void OpaqueType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":zeek:type:`%s` of %s", type_name(Tag()), name.c_str())); + d->Add(zeek::util::fmt(":zeek:type:`%s` of %s", type_name(Tag()), name.c_str())); } EnumType::EnumType(const string& name) @@ -1248,7 +1247,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, return; } - auto fullname = make_full_var_name(module_name.c_str(), name); + auto fullname = zeek::detail::make_full_var_name(module_name.c_str(), name); auto id = zeek::id::find(fullname); if ( ! id ) @@ -1260,7 +1259,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, if ( deprecation ) id->MakeDeprecated({zeek::NewRef{}, deprecation}); - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } else { @@ -1299,14 +1298,14 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, void EnumType::AddNameInternal(const string& module_name, const char* name, bro_int_t val, bool is_export) { - string fullname = make_full_var_name(module_name.c_str(), name); + string fullname = zeek::detail::make_full_var_name(module_name.c_str(), name); names[fullname] = val; } bro_int_t EnumType::Lookup(const string& module_name, const char* name) const { NameMap::const_iterator pos = - names.find(make_full_var_name(module_name.c_str(), name).c_str()); + names.find(zeek::detail::make_full_var_name(module_name.c_str(), name).c_str()); if ( pos == names.end() ) return -1; @@ -1373,12 +1372,11 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const d->PushIndent(); if ( roles_only ) - d->Add(fmt(":zeek:enum:`%s`", it->second.c_str())); + d->Add(zeek::util::fmt(":zeek:enum:`%s`", it->second.c_str())); else - d->Add(fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); + d->Add(zeek::util::fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); - using zeekygen::IdentifierInfo; - IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(it->second); + zeek::zeekygen::detail::IdentifierInfo* doc = zeek::detail::zeekygen_mgr->GetIdentifierInfo(it->second); if ( ! doc ) { @@ -1393,7 +1391,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const if ( doc->GetDeclaringScript() ) enum_from_script = doc->GetDeclaringScript()->Name(); - IdentifierInfo* type_doc = zeekygen_mgr->GetIdentifierInfo(GetName()); + zeek::zeekygen::detail::IdentifierInfo* type_doc = zeek::detail::zeekygen_mgr->GetIdentifierInfo(GetName()); if ( type_doc && type_doc->GetDeclaringScript() ) type_from_script = type_doc->GetDeclaringScript()->Name(); @@ -1403,7 +1401,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->NL(); d->PushIndent(); - d->Add(zeekygen::redef_indication(enum_from_script).c_str()); + d->Add(zeek::zeekygen::detail::redef_indication(enum_from_script).c_str()); d->PopIndent(); } @@ -1457,7 +1455,7 @@ const TypePtr& VectorType::Yield() const int VectorType::MatchesIndex(zeek::detail::ListExpr* const index) const { - expr_list& el = index->Exprs(); + ExprPList& el = index->Exprs(); if ( el.length() != 1 && el.length() != 2) return DOES_NOT_MATCH_INDEX; @@ -1491,12 +1489,12 @@ void VectorType::Describe(ODesc* d) const void VectorType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":zeek:type:`%s` of ", type_name(Tag()))); + d->Add(zeek::util::fmt(":zeek:type:`%s` of ", type_name(Tag()))); if ( yield_type->GetName().empty() ) yield_type->DescribeReST(d, roles_only); else - d->Add(fmt(":zeek:type:`%s`", yield_type->GetName().c_str())); + d->Add(zeek::util::fmt(":zeek:type:`%s`", yield_type->GetName().c_str())); } // Returns true if t1 is initialization-compatible with t2 (i.e., if an @@ -1628,7 +1626,7 @@ bool same_type(const Type& arg_t1, const Type& arg_t2, const TypeDecl* td1 = rt1->FieldDecl(i); const TypeDecl* td2 = rt2->FieldDecl(i); - if ( (match_record_field_names && ! streq(td1->id, td2->id)) || + if ( (match_record_field_names && ! zeek::util::streq(td1->id, td2->id)) || ! same_type(td1->type, td2->type, is_init, match_record_field_names) ) return false; } @@ -1856,8 +1854,8 @@ TypePtr merge_types(const TypePtr& arg_t1, // there creating clones of the type, so safer to compare name. if ( t1->GetName() != t2->GetName() ) { - std::string msg = fmt("incompatible enum types: '%s' and '%s'", - t1->GetName().data(), t2->GetName().data()); + std::string msg = zeek::util::fmt("incompatible enum types: '%s' and '%s'", + t1->GetName().data(), t2->GetName().data()); t1->Error(msg.data(), t2); return nullptr; @@ -1875,10 +1873,10 @@ TypePtr merge_types(const TypePtr& arg_t1, // actually see those changes from the redef. return id->GetType(); - std::string msg = fmt("incompatible enum types: '%s' and '%s'" - " ('%s' enum type ID is invalid)", - t1->GetName().data(), t2->GetName().data(), - t1->GetName().data()); + std::string msg = zeek::util::fmt("incompatible enum types: '%s' and '%s'" + " ('%s' enum type ID is invalid)", + t1->GetName().data(), t2->GetName().data(), + t1->GetName().data()); t1->Error(msg.data(), t2); return nullptr; } @@ -1967,14 +1965,14 @@ TypePtr merge_types(const TypePtr& arg_t1, const TypeDecl* td2 = rt2->FieldDecl(i); auto tdl3_i = merge_types(td1->type, td2->type); - if ( ! streq(td1->id, td2->id) || ! tdl3_i ) + if ( ! zeek::util::streq(td1->id, td2->id) || ! tdl3_i ) { t1->Error("incompatible record fields", t2); delete tdl3; return nullptr; } - tdl3->push_back(new TypeDecl(copy_string(td1->id), std::move(tdl3_i))); + tdl3->push_back(new TypeDecl(zeek::util::copy_string(td1->id), std::move(tdl3_i))); } return zeek::make_intrusive(tdl3); @@ -2121,7 +2119,7 @@ TypePtr init_type(zeek::detail::Expr* init) } zeek::detail::ListExpr* init_list = init->AsListExpr(); - const expr_list& el = init_list->Exprs(); + const ExprPList& el = init_list->Exprs(); if ( el.length() == 0 ) { diff --git a/src/Type.h b/src/Type.h index 8f94e19d4c..0d4f40c0f5 100644 --- a/src/Type.h +++ b/src/Type.h @@ -4,7 +4,7 @@ #include "Obj.h" #include "Attr.h" -#include "BroList.h" +#include "ZeekList.h" #include "IntrusivePtr.h" #include @@ -305,7 +305,7 @@ public: ~TypeList() override = default; [[deprecated("Remove in v4.1. Use GetTypes() instead.")]] - const type_list* Types() const + const TypePList* Types() const { return &types_list; } const std::vector& GetTypes() const @@ -342,7 +342,7 @@ protected: std::vector types; // Remove in v4.1. This is used by Types(), which is deprecated. - type_list types_list; + TypePList types_list; }; class IndexType : public Type { @@ -357,7 +357,7 @@ public: TypeList* Indices() const { return indices.get(); } [[deprecated("Remove in v4.1. Use GetIndexTypes().")]] - const type_list* IndexTypes() const + const TypePList* IndexTypes() const { #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdeprecated-declarations" @@ -462,7 +462,7 @@ public: { yield = nullptr; flavor = arg_flav; } int MatchesIndex(zeek::detail::ListExpr* index) const override; - bool CheckArgs(const type_list* args, bool is_init = false) const; + bool CheckArgs(const TypePList* args, bool is_init = false) const; bool CheckArgs(const std::vector& args, bool is_init = false) const; diff --git a/src/UID.cc b/src/UID.cc index 96add1c377..fe2de22de9 100644 --- a/src/UID.cc +++ b/src/UID.cc @@ -24,7 +24,7 @@ void UID::Set(bro_uint_t bits, const uint64_t* v, size_t n) size_t size = res.rem ? res.quot + 1 : res.quot; for ( size_t i = 0; i < size; ++i ) - uid[i] = v && i < n ? v[i] : calculate_unique_id(); + uid[i] = v && i < n ? v[i] : zeek::util::calculate_unique_id(); if ( res.rem ) uid[0] >>= 64 - res.rem; @@ -37,7 +37,7 @@ std::string UID::Base62(std::string prefix) const char tmp[sizeof(uid) * 8 + 1]; // enough for even binary representation for ( size_t i = 0; i < BRO_UID_LEN; ++i ) - prefix.append(uitoa_n(uid[i], tmp, sizeof(tmp), 62)); + prefix.append(zeek::util::uitoa_n(uid[i], tmp, sizeof(tmp), 62)); return prefix; } diff --git a/src/Val.cc b/src/Val.cc index fde6db8ad0..7f7849bcb5 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -20,7 +20,7 @@ #include "ZeekString.h" #include "CompHash.h" #include "Dict.h" -#include "Net.h" +#include "RunState.h" #include "File.h" #include "Func.h" #include "Desc.h" @@ -421,7 +421,7 @@ detail::ID* Val::GetID() const void Val::SetID(detail::ID* id) { delete [] bound_id; - bound_id = id ? copy_string(id->Name()) : nullptr; + bound_id = id ? zeek::util::copy_string(id->Name()) : nullptr; } #endif @@ -489,7 +489,8 @@ TableValPtr Val::GetRecordFields() } // This is a static method in this file to avoid including rapidjson's headers in Val.h because they're huge. -static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val* val, bool only_loggable=false, RE_Matcher* re=nullptr, const string& key="") +static void BuildJSON(zeek::threading::formatter::JSON::NullDoubleWriter& writer, Val* val, + bool only_loggable=false, RE_Matcher* re=nullptr, const string& key="") { if ( !key.empty() ) writer.Key(key); @@ -557,7 +558,7 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val* ODesc d; d.SetStyle(RAW_STYLE); val->Describe(&d); - writer.String(json_escape_utf8(string(reinterpret_cast(d.Bytes()), d.Len()))); + writer.String(zeek::util::json_escape_utf8(std::string(reinterpret_cast(d.Bytes()), d.Len()))); break; } @@ -585,7 +586,7 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val* else { rapidjson::StringBuffer buffer; - threading::formatter::JSON::NullDoubleWriter key_writer(buffer); + zeek::threading::formatter::JSON::NullDoubleWriter key_writer(buffer); BuildJSON(key_writer, entry_key, only_loggable, re); string key_str = buffer.GetString(); @@ -689,7 +690,7 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val* StringValPtr Val::ToJSON(bool only_loggable, RE_Matcher* re) { rapidjson::StringBuffer buffer; - threading::formatter::JSON::NullDoubleWriter writer(buffer); + zeek::threading::formatter::JSON::NullDoubleWriter writer(buffer); BuildJSON(writer, this, only_loggable, re, ""); @@ -1330,7 +1331,7 @@ unsigned int ListVal::MemoryAllocation() const for ( const auto& val : vals ) size += val->MemoryAllocation(); - size += pad_size(vals.capacity() * sizeof(decltype(vals)::value_type)); + size += zeek::util::pad_size(vals.capacity() * sizeof(decltype(vals)::value_type)); return size + padded_sizeof(*this) + type->MemoryAllocation(); } @@ -1411,7 +1412,7 @@ TableVal::TableVal(TableTypePtr t, detail::AttributesPtr a) : Val(t) Init(std::move(t)); SetAttrs(std::move(a)); - if ( ! is_parsing ) + if ( ! zeek::run_state::is_parsing ) return; for ( const auto& t : table_type->GetIndexTypes() ) @@ -1945,7 +1946,7 @@ const ValPtr& TableVal::Find(const ValPtr& index) if ( v ) { if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) ) - v->SetExpireAccess(network_time); + v->SetExpireAccess(run_state::network_time); if ( v->GetVal() ) return v->GetVal(); @@ -1969,7 +1970,7 @@ const ValPtr& TableVal::Find(const ValPtr& index) if ( v ) { if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) ) - v->SetExpireAccess(network_time); + v->SetExpireAccess(run_state::network_time); if ( v->GetVal() ) return v->GetVal(); @@ -2041,7 +2042,7 @@ TableValPtr TableVal::LookupSubnetValues(const SubNetVal* search) if ( entry ) { if ( attrs && attrs->Find(detail::ATTR_EXPIRE_READ) ) - entry->SetExpireAccess(network_time); + entry->SetExpireAccess(run_state::network_time); } } @@ -2067,7 +2068,7 @@ bool TableVal::UpdateTimestamp(Val* index) if ( ! v ) return false; - v->SetExpireAccess(network_time); + v->SetExpireAccess(run_state::network_time); return true; } @@ -2178,7 +2179,7 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val, index_val = index; } - auto broker_index = bro_broker::val_to_data(index_val); + auto broker_index = zeek::Broker::detail::val_to_data(index_val); if ( ! broker_index ) { @@ -2203,15 +2204,15 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val, if ( attrs->Find(zeek::detail::ATTR_EXPIRE_CREATE) ) { // for create expiry, we have to substract the already elapsed time from the expiry. - auto e = expire_time - (network_time - new_entry_val->ExpireAccessTime()); + auto e = expire_time - (run_state::network_time - new_entry_val->ExpireAccessTime()); if ( e <= 0 ) // element already expired? Let's not insert it. break; - expiry = bro_broker::convert_expiry(e); + expiry = zeek::Broker::detail::convert_expiry(e); } else - expiry = bro_broker::convert_expiry(expire_time); + expiry = zeek::Broker::detail::convert_expiry(expire_time); } if ( table_type->IsSet() ) @@ -2225,7 +2226,7 @@ void TableVal::SendToStore(const Val* index, const TableEntryVal* new_entry_val, } auto new_value = new_entry_val->GetVal().get(); - auto broker_val = bro_broker::val_to_data(new_value); + auto broker_val = zeek::Broker::detail::val_to_data(new_value); if ( ! broker_val ) { zeek::emit_builtin_error("invalid Broker data conversation for table value"); @@ -2444,7 +2445,7 @@ void TableVal::Describe(ODesc* d) const if ( d->IsReadable() && ! d->IsShort() && d->IncludeStats() ) { d->Add(" @"); - d->Add(fmt_access_time(v->ExpireAccessTime())); + d->Add(zeek::util::detail::fmt_access_time(v->ExpireAccessTime())); } } @@ -2527,7 +2528,7 @@ void TableVal::InitDefaultFunc(zeek::detail::Frame* f) void TableVal::InitTimer(double delay) { - timer = new TableValTimer(this, network_time + delay); + timer = new TableValTimer(this, run_state::network_time + delay); zeek::detail::timer_mgr->Add(timer); } @@ -2556,8 +2557,8 @@ void TableVal::DoExpire(double t) TableEntryVal* v_saved = nullptr; bool modified = false; - for ( int i = 0; i < table_incremental_step && - (v = tbl->NextEntry(k, expire_cookie)); ++i ) + for ( int i = 0; i < zeek::detail::table_incremental_step && + (v = tbl->NextEntry(k, expire_cookie)); ++i ) { if ( v->ExpireAccessTime() == 0 ) { @@ -2594,7 +2595,7 @@ void TableVal::DoExpire(double t) { // User doesn't want us to expire // this now. - v->SetExpireAccess(network_time - timeout + secs); + v->SetExpireAccess(run_state::network_time - timeout + secs); delete k; continue; } @@ -2631,10 +2632,10 @@ void TableVal::DoExpire(double t) if ( ! v ) { expire_cookie = nullptr; - InitTimer(table_expire_interval); + InitTimer(zeek::detail::table_expire_interval); } else - InitTimer(table_expire_delay); + InitTimer(zeek::detail::table_expire_delay); } double TableVal::GetExpireTime() @@ -2873,7 +2874,7 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t)) auto vl = val.record_val = new std::vector; vl->reserve(n); - if ( is_parsing ) + if ( zeek::run_state::is_parsing ) parse_time_records[rt].emplace_back(NewRef{}, this); if ( ! init_fields ) @@ -3173,7 +3174,7 @@ unsigned int RecordVal::MemoryAllocation() const size += v->MemoryAllocation(); } - size += pad_size(vl.capacity() * sizeof(ValPtr)); + size += zeek::util::pad_size(vl.capacity() * sizeof(ValPtr)); size += padded_sizeof(vl); return size + padded_sizeof(*this); } @@ -3520,7 +3521,7 @@ bool same_atomic_val(const Val* v1, const Val* v2) return false; } -void describe_vals(const val_list* vals, ODesc* d, int offset) +void describe_vals(const ValPList* vals, ODesc* d, int offset) { if ( ! d->IsReadable() ) { @@ -3555,7 +3556,7 @@ void describe_vals(const std::vector& vals, } } -void delete_vals(val_list* vals) +void delete_vals(ValPList* vals) { if ( vals ) { @@ -3578,14 +3579,14 @@ ValPtr cast_value_to_type(Val* v, Type* t) if ( same_type(v->GetType(), t) ) return {NewRef{}, v}; - if ( same_type(v->GetType(), bro_broker::DataVal::ScriptDataType()) ) + if ( same_type(v->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) ) { const auto& dv = v->AsRecordVal()->GetField(0); if ( ! dv ) return nullptr; - return static_cast(dv.get())->castTo(t); + return static_cast(dv.get())->castTo(t); } return nullptr; @@ -3604,14 +3605,14 @@ bool can_cast_value_to_type(const Val* v, Type* t) if ( same_type(v->GetType(), t) ) return true; - if ( same_type(v->GetType(), bro_broker::DataVal::ScriptDataType()) ) + if ( same_type(v->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) ) { const auto& dv = v->AsRecordVal()->GetField(0); if ( ! dv ) return false; - return static_cast(dv.get())->canCastTo(t); + return static_cast(dv.get())->canCastTo(t); } return false; @@ -3627,7 +3628,7 @@ bool can_cast_value_to_type(const Type* s, Type* t) if ( same_type(s, t) ) return true; - if ( same_type(s, bro_broker::DataVal::ScriptDataType()) ) + if ( same_type(s, zeek::Broker::detail::DataVal::ScriptDataType()) ) // As Broker is dynamically typed, we don't know if we will be able // to convert the type as intended. We optimistically assume that we // will. diff --git a/src/Val.h b/src/Val.h index b39c0b9dc6..3f453690cf 100644 --- a/src/Val.h +++ b/src/Val.h @@ -48,15 +48,18 @@ namespace zeek::detail { class ScriptFunc; } using BroFunc [[deprecated("Remove in v4.1. Use zeek::detail::ScriptFunc instead.")]] = zeek::detail::ScriptFunc; ZEEK_FORWARD_DECLARE_NAMESPACED(PrefixTable, zeek::detail); -class StateAccess; ZEEK_FORWARD_DECLARE_NAMESPACED(RE_Matcher, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(HashKey, zeek::detail); -extern double bro_start_network_time; - namespace zeek { +namespace run_state { + +extern double network_time; +extern double zeek_start_network_time; + +} using FuncPtr = zeek::IntrusivePtr; using FilePtr = zeek::IntrusivePtr; @@ -341,7 +344,7 @@ public: // To be overridden by mutable derived class to enable change // notification. - virtual notifier::Modifiable* Modifiable() { return nullptr; } + virtual zeek::notifier::detail::Modifiable* Modifiable() { return nullptr; } #ifdef DEBUG // For debugging, we keep a reference to the global ID to which a @@ -730,7 +733,7 @@ public: : val(std::move(v)) { expire_access_time = - int(network_time - bro_start_network_time); + int(run_state::network_time - run_state::zeek_start_network_time); } TableEntryVal* Clone(Val::CloneState* state); @@ -743,9 +746,9 @@ public: // Returns/sets time of last expiration relevant access to this value. double ExpireAccessTime() const - { return bro_start_network_time + expire_access_time; } + { return run_state::zeek_start_network_time + expire_access_time; } void SetExpireAccess(double time) - { expire_access_time = int(time - bro_start_network_time); } + { expire_access_time = int(time - run_state::zeek_start_network_time); } protected: friend class TableVal; @@ -771,7 +774,7 @@ protected: TableVal* table; }; -class TableVal final : public Val, public notifier::Modifiable { +class TableVal final : public Val, public zeek::notifier::detail::Modifiable { public: explicit TableVal(zeek::TableTypePtr t, zeek::detail::AttributesPtr attrs = nullptr); @@ -1012,7 +1015,7 @@ public: [[deprecated("Remove in v4.1. Use MakeHashKey().")]] zeek::detail::HashKey* ComputeHash(const Val* index) const; - notifier::Modifiable* Modifiable() override { return this; } + zeek::notifier::detail::Modifiable* Modifiable() override { return this; } // Retrieves and saves all table state (key-value pairs) for // tables whose index type depends on the given zeek::RecordType. @@ -1102,7 +1105,7 @@ protected: static ParseTimeTableStates parse_time_table_states; }; -class RecordVal final : public Val, public notifier::Modifiable { +class RecordVal final : public Val, public zeek::notifier::detail::Modifiable { public: [[deprecated("Remove in v4.1. Construct from IntrusivePtr instead.")]] explicit RecordVal(zeek::RecordType* t, bool init_fields = true); @@ -1255,7 +1258,7 @@ public: unsigned int MemoryAllocation() const override; void DescribeReST(ODesc* d) const override; - notifier::Modifiable* Modifiable() override { return this; } + zeek::notifier::detail::Modifiable* Modifiable() override { return this; } // Extend the underlying arrays of record instances created during // parsing to match the number of fields in the record type (they may @@ -1292,7 +1295,7 @@ protected: }; -class VectorVal final : public Val, public notifier::Modifiable { +class VectorVal final : public Val, public zeek::notifier::detail::Modifiable { public: [[deprecated("Remove in v4.1. Construct from IntrusivePtr instead.")]] explicit VectorVal(zeek::VectorType* t); @@ -1372,7 +1375,7 @@ public: // Won't shrink size. unsigned int ResizeAtLeast(unsigned int new_num_elements); - notifier::Modifiable* Modifiable() override { return this; } + zeek::notifier::detail::Modifiable* Modifiable() override { return this; } /** * Inserts an element at the given position in the vector. All elements @@ -1407,10 +1410,10 @@ extern ValPtr check_and_promote( extern bool same_val(const Val* v1, const Val* v2); extern bool same_atomic_val(const Val* v1, const Val* v2); extern bool is_atomic_val(const Val* v); -extern void describe_vals(const val_list* vals, ODesc* d, int offset=0); +extern void describe_vals(const ValPList* vals, ODesc* d, int offset=0); extern void describe_vals(const std::vector& vals, ODesc* d, size_t offset = 0); -extern void delete_vals(val_list* vals); +extern void delete_vals(ValPList* vals); // True if the given Val* has a vector type. inline bool is_vector(Val* v) { return v->GetType()->Tag() == zeek::TYPE_VECTOR; } @@ -1433,7 +1436,7 @@ extern bool can_cast_value_to_type(const Val* v, zeek::Type* t); // specific instance later. extern bool can_cast_value_to_type(const zeek::Type* s, zeek::Type* t); -} +} // namespace zeek using Val [[deprecated("Remove in v4.1. Use zeek::Val instead.")]] = zeek::Val; using PortVal [[deprecated("Remove in v4.1. Use zeek::PortVal instead.")]] = zeek::PortVal; diff --git a/src/Var.cc b/src/Var.cc index fdecd52fd3..174704e069 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -17,7 +17,7 @@ #include "module_util.h" #include "ID.h" -using namespace zeek::detail; +namespace zeek::detail { static zeek::ValPtr init_val(zeek::detail::Expr* init, const zeek::Type* t, @@ -84,7 +84,7 @@ static bool add_prototype(const zeek::detail::IDPtr& id, zeek::Type* t, if ( alt_args->FieldDecl(i)->attrs ) { - alt_ft->Error(fmt("alternate function prototype arguments may not have attributes: arg '%s'", field), canon_ft); + alt_ft->Error(zeek::util::fmt("alternate function prototype arguments may not have attributes: arg '%s'", field), canon_ft); return false; } @@ -92,7 +92,7 @@ static bool add_prototype(const zeek::detail::IDPtr& id, zeek::Type* t, if ( o < 0 ) { - alt_ft->Error(fmt("alternate function prototype arg '%s' not found in canonical prototype", field), canon_ft); + alt_ft->Error(zeek::util::fmt("alternate function prototype arg '%s' not found in canonical prototype", field), canon_ft); return false; } @@ -125,7 +125,7 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t, zeek::detail::InitClass c, zeek::detail::ExprPtr init, std::unique_ptr> attr, - decl_type dt, + DeclType dt, bool do_init) { if ( id->GetType() ) @@ -327,7 +327,7 @@ void add_global( zeek::TypePtr t, zeek::detail::InitClass c, zeek::detail::ExprPtr init, std::unique_ptr> attr, - decl_type dt) + DeclType dt) { make_var(id, std::move(t), c, std::move(init), std::move(attr), dt, true); } @@ -336,7 +336,7 @@ zeek::detail::StmtPtr add_local( zeek::detail::IDPtr id, zeek::TypePtr t, zeek::detail::InitClass c, zeek::detail::ExprPtr init, std::unique_ptr> attr, - decl_type dt) + DeclType dt) { make_var(id, std::move(t), c, init, std::move(attr), dt, false); @@ -469,12 +469,12 @@ static std::optional func_type_check(const zeek::Func auto msg = ad->DeprecationMessage(); if ( msg.empty() ) - impl->Warn(fmt("use of deprecated parameter '%s'", - rval->args->FieldName(i)), - decl, true); + impl->Warn(zeek::util::fmt("use of deprecated parameter '%s'", + rval->args->FieldName(i)), + decl, true); else - impl->Warn(fmt("use of deprecated parameter '%s': %s", - rval->args->FieldName(i), msg.data()), + impl->Warn(zeek::util::fmt("use of deprecated parameter '%s': %s", + rval->args->FieldName(i), msg.data()), decl, true); } @@ -553,11 +553,11 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, if ( prototype->deprecated ) { if ( prototype->deprecation_msg.empty() ) - t->Warn(fmt("use of deprecated '%s' prototype", id->Name()), + t->Warn(zeek::util::fmt("use of deprecated '%s' prototype", id->Name()), prototype->args.get(), true); else - t->Warn(fmt("use of deprecated '%s' prototype: %s", - id->Name(), prototype->deprecation_msg.data()), + t->Warn(zeek::util::fmt("use of deprecated '%s' prototype: %s", + id->Name(), prototype->deprecation_msg.data()), prototype->args.get(), true); } } @@ -648,7 +648,7 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, if ( hide ) // Note the illegal '-' in hidden name implies we haven't // clobbered any local variable names. - local_name = fmt("%s-hidden", local_name); + local_name = zeek::util::fmt("%s-hidden", local_name); arg_id = zeek::detail::install_ID(local_name, module_name, false, false); arg_id->SetType(arg_i->type); @@ -744,12 +744,12 @@ zeek::Val* internal_val(const char* name) return zeek::id::find_val(name).get(); } -id_list gather_outer_ids(zeek::detail::Scope* scope, zeek::detail::Stmt* body) +IDPList gather_outer_ids(zeek::detail::Scope* scope, zeek::detail::Stmt* body) { OuterIDBindingFinder cb(scope); body->Traverse(&cb); - id_list idl ( cb.outer_id_references.size() ); + IDPList idl ( cb.outer_id_references.size() ); for ( size_t i = 0; i < cb.outer_id_references.size(); ++i ) { @@ -861,3 +861,5 @@ zeek::EventHandlerPtr internal_handler(const char* name) { return zeek::event_registry->Register(name); } + +} // namespace zeek::detail diff --git a/src/Var.h b/src/Var.h index a33c4270be..22e539fa25 100644 --- a/src/Var.h +++ b/src/Var.h @@ -16,17 +16,17 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Scope, zeek::detail); namespace zeek::detail { -using StmtPtr = zeek::IntrusivePtr; -} -typedef enum { VAR_REGULAR, VAR_CONST, VAR_REDEF, VAR_OPTION, } decl_type; +using StmtPtr = zeek::IntrusivePtr; + +enum DeclType { VAR_REGULAR, VAR_CONST, VAR_REDEF, VAR_OPTION, }; extern void add_global(const zeek::detail::IDPtr& id, zeek::TypePtr t, zeek::detail::InitClass c, zeek::detail::ExprPtr init, std::unique_ptr> attr, - decl_type dt); + DeclType dt); extern zeek::detail::StmtPtr add_local( zeek::detail::IDPtr id, @@ -34,7 +34,7 @@ extern zeek::detail::StmtPtr add_local( zeek::detail::InitClass c, zeek::detail::ExprPtr init, std::unique_ptr> attr, - decl_type dt); + DeclType dt); extern zeek::detail::ExprPtr add_and_assign_local( zeek::detail::IDPtr id, @@ -52,7 +52,23 @@ extern void begin_func(zeek::detail::IDPtr id, const char* module_name, extern void end_func(zeek::detail::StmtPtr body); // Gather all IDs referenced inside a body that aren't part of a given scope. -extern id_list gather_outer_ids(zeek::detail::Scope* scope, zeek::detail::Stmt* body); +extern IDPList gather_outer_ids(zeek::detail::Scope* scope, zeek::detail::Stmt* body); + +} // namespace zeek::detail + +using decl_type [[deprecated("Remove in v4.1. Use zeek::detail::DeclType.")]] = zeek::detail::DeclType; +constexpr auto VAR_REGULAR [[deprecated("Remove in v4.1. Use zeek::detail::VAR_REGULAR.")]] = zeek::detail::VAR_REGULAR; +constexpr auto VAR_CONST [[deprecated("Remove in v4.1. Use zeek::detail::VAR_CONST.")]] = zeek::detail::VAR_CONST; +constexpr auto VAR_REDEF [[deprecated("Remove in v4.1. Use zeek::detail::VAR_REDEF.")]] = zeek::detail::VAR_REDEF; +constexpr auto VAR_OPTION [[deprecated("Remove in v4.1. Use zeek::detail::VAR_OPTION.")]] = zeek::detail::VAR_OPTION; + +constexpr auto add_global [[deprecated("Remove in v4.1. Use zeek::detail::add_global.")]] = zeek::detail::add_global; +constexpr auto add_local [[deprecated("Remove in v4.1. Use zeek::detail::add_local.")]] = zeek::detail::add_local; +constexpr auto add_and_assign_local [[deprecated("Remove in v4.1. Use zeek::detail::add_and_assign_local.")]] = zeek::detail::add_and_assign_local; +constexpr auto add_type [[deprecated("Remove in v4.1. Use zeek::detail::add_type.")]] = zeek::detail::add_type; +constexpr auto begin_func [[deprecated("Remove in v4.1. Use zeek::detail::begin_func.")]] = zeek::detail::begin_func; +constexpr auto end_func [[deprecated("Remove in v4.1. Use zeek::detail::end_func.")]] = zeek::detail::end_func; +constexpr auto gather_outer_ids [[deprecated("Remove in v4.1. Use zeek::detail::gather_outer_ids.")]] = zeek::detail::gather_outer_ids; [[deprecated("Remove in v4.1. Use zeek::id::find_val().")]] extern zeek::Val* internal_val(const char* name); diff --git a/src/WeirdState.cc b/src/WeirdState.cc index 8b2dc6c6e9..83f9bf6719 100644 --- a/src/WeirdState.cc +++ b/src/WeirdState.cc @@ -1,5 +1,5 @@ #include "WeirdState.h" -#include "Net.h" +#include "RunState.h" #include "util.h" namespace zeek::detail { @@ -14,10 +14,10 @@ bool PermitWeird(WeirdStateMap& wsm, const char* name, uint64_t threshold, return true; if ( state.count == threshold + 1) - state.sampling_start_time = network_time; + state.sampling_start_time = zeek::run_state::network_time; else { - if ( network_time > state.sampling_start_time + duration ) + if ( zeek::run_state::network_time > state.sampling_start_time + duration ) { state.sampling_start_time = 0; state.count = 1; diff --git a/src/ZeekArgs.cc b/src/ZeekArgs.cc index 397a707c29..0a80508de6 100644 --- a/src/ZeekArgs.cc +++ b/src/ZeekArgs.cc @@ -4,7 +4,7 @@ #include "ID.h" #include "Desc.h" -zeek::Args zeek::val_list_to_args(const val_list& vl) +zeek::Args zeek::val_list_to_args(const ValPList& vl) { zeek::Args rval; rval.reserve(vl.length()); diff --git a/src/ZeekArgs.h b/src/ZeekArgs.h index d44406fd57..56f1371715 100644 --- a/src/ZeekArgs.h +++ b/src/ZeekArgs.h @@ -3,7 +3,7 @@ #pragma once #include -#include "BroList.h" +#include "ZeekList.h" namespace zeek { @@ -25,7 +25,7 @@ using Args = std::vector; * @return the converted argument list * */ -Args val_list_to_args(const val_list& vl); +Args val_list_to_args(const ValPList& vl); /** * Creates a vector of "call_argument" meta data describing the arguments to diff --git a/src/ZeekList.h b/src/ZeekList.h new file mode 100644 index 0000000000..ef85f0ca5c --- /dev/null +++ b/src/ZeekList.h @@ -0,0 +1,34 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#pragma once + +#include "List.h" + +ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); +namespace zeek { class Type; } +using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type; +ZEEK_FORWARD_DECLARE_NAMESPACED(Attr, zeek::detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(Timer, zeek::detail); + +namespace zeek { + +using ValPList = PList; +using ExprPList = PList; +using IDPList = PList; +using StmtPList = PList; +using TypePList = PList; +using AttrPList = PList; +using TimerPList = PList; + +} // namespace zeek + +using val_list [[deprecated("Remove in v4.1. Use zeek::ValPList.")]] = zeek::ValPList; +using expr_list [[deprecated("Remove in v4.1. Use zeek::ExprPList.")]] = zeek::ExprPList; +using id_list [[deprecated("Remove in v4.1. Use zeek::IDPList.")]] = zeek::IDPList; +using stmt_list [[deprecated("Remove in v4.1. Use zeek::StmtPList.")]] = zeek::StmtPList; +using type_list [[deprecated("Remove in v4.1. Use zeek::TypePList.")]] = zeek::TypePList; +using attr_list [[deprecated("Remove in v4.1. Use zeek::AttrPList.")]] = zeek::AttrPList; +using timer_list [[deprecated("Remove in v4.1. Use zeek::TimerPList.")]] = zeek::TimerPList; diff --git a/src/ZeekString.cc b/src/ZeekString.cc index b261b4d626..27d03090f2 100644 --- a/src/ZeekString.cc +++ b/src/ZeekString.cc @@ -279,7 +279,7 @@ void String::ToUpper() unsigned int String::MemoryAllocation() const { - return padded_sizeof(*this) + pad_size(n + final_NUL); + return padded_sizeof(*this) + zeek::util::pad_size(n + final_NUL); } String* String::GetSubstring(int start, int len) const @@ -296,7 +296,7 @@ String* String::GetSubstring(int start, int len) const int String::FindSubstring(const String* s) const { - return strstr_n(n, b, s->Len(), s->Bytes()); + return zeek::util::strstr_n(n, b, s->Len(), s->Bytes()); } String::Vec* String::Split(const String::IdxVec& indices) const diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index 8b1ce385c5..fd114978e0 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -231,7 +231,7 @@ void Analyzer::NextPacket(int len, const u_char* data, bool is_orig, uint64_t se } catch ( binpac::Exception const &e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } } @@ -254,7 +254,7 @@ void Analyzer::NextStream(int len, const u_char* data, bool is_orig) } catch ( binpac::Exception const &e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } } @@ -277,7 +277,7 @@ void Analyzer::NextUndelivered(uint64_t seq, int len, bool is_orig) } catch ( binpac::Exception const &e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } } @@ -647,14 +647,14 @@ void Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { DBG_LOG(zeek::DBG_ANALYZER, "%s DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]", fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", seq, ip, caplen, - fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : ""); + zeek::util::fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : ""); } void Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) { DBG_LOG(zeek::DBG_ANALYZER, "%s DeliverStream(%d, %s) [%s%s]", fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", - fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : ""); + zeek::util::fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : ""); } void Analyzer::Undelivered(uint64_t seq, int len, bool is_orig) @@ -713,10 +713,10 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) if ( data && len ) { - const char *tmp = copy_string(reason); - r = zeek::make_intrusive(fmt("%s [%s%s]", tmp, - fmt_bytes(data, min(40, len)), - len > 40 ? "..." : "")); + const char *tmp = zeek::util::copy_string(reason); + r = zeek::make_intrusive(zeek::util::fmt("%s [%s%s]", tmp, + zeek::util::fmt_bytes(data, min(40, len)), + len > 40 ? "..." : "")); delete [] tmp; } else @@ -747,7 +747,7 @@ void Analyzer::CancelTimers() // call RemoveTimer(), which would then modify the list we're just // traversing. Thus, we first make a copy of the list which we then // iterate through. - timer_list tmp(timers.length()); + TimerPList tmp(timers.length()); std::copy(timers.begin(), timers.end(), back_inserter(tmp)); // TODO: could be a for_each @@ -812,7 +812,7 @@ void Analyzer::Event(EventHandlerPtr f, zeek::Val* v1, zeek::Val* v2) conn->EnqueueEvent(f, this, conn->ConnVal(), std::move(val1), std::move(val2)); } -void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list* vl) +void Analyzer::ConnectionEvent(EventHandlerPtr f, ValPList* vl) { auto args = zeek::val_list_to_args(*vl); @@ -820,7 +820,7 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list* vl) conn->EnqueueEvent(f, this, std::move(args)); } -void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) +void Analyzer::ConnectionEvent(EventHandlerPtr f, ValPList vl) { auto args = zeek::val_list_to_args(vl); @@ -828,7 +828,7 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl) conn->EnqueueEvent(f, this, std::move(args)); } -void Analyzer::ConnectionEventFast(EventHandlerPtr f, val_list vl) +void Analyzer::ConnectionEventFast(EventHandlerPtr f, ValPList vl) { auto args = zeek::val_list_to_args(vl); conn->EnqueueEvent(f, this, std::move(args)); diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 57f176ed64..2cd150a418 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -19,6 +19,8 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Rule, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_ApplicationAnalyzer, zeek, analyzer::tcp); +ZEEK_FORWARD_DECLARE_NAMESPACED(PIA, zeek, analyzer::pia); namespace zeek { using RecordValPtr = zeek::IntrusivePtr; @@ -29,11 +31,6 @@ using FilePtr = zeek::IntrusivePtr; using BroFile [[deprecated("Remove in v4.1. Use zeek::File.")]] = zeek::File; using BroFilePtr [[deprecated("Remove in v4.1. Use zeek::FilePtr.")]] = zeek::FilePtr; -namespace analyzer { -namespace tcp { class TCP_ApplicationAnalyzer; } -namespace pia { class PIA; } -} - namespace zeek::analyzer { class Analyzer; @@ -586,21 +583,21 @@ public: * Connection::ConnectionEvent(). */ [[deprecated("Remove in v4.1. Use EnqueueConnEvent() instead.")]] - void ConnectionEvent(EventHandlerPtr f, val_list* vl); + void ConnectionEvent(EventHandlerPtr f, ValPList* vl); /** * Convenience function that forwards directly to * Connection::ConnectionEvent(). */ [[deprecated("Remove in v4.1. Use EnqueueConnEvent() instead.")]] - void ConnectionEvent(EventHandlerPtr f, val_list vl); + void ConnectionEvent(EventHandlerPtr f, ValPList vl); /** * Convenience function that forwards directly to * Connection::ConnectionEventFast(). */ [[deprecated("Remove in v4.1. Use EnqueueConnEvent() instead.")]] - void ConnectionEventFast(EventHandlerPtr f, val_list vl); + void ConnectionEventFast(EventHandlerPtr f, ValPList vl); /** * Convenience function that forwards directly to @@ -633,14 +630,14 @@ protected: friend class AnalyzerTimer; friend class Manager; friend class zeek::Connection; - friend class ::analyzer::tcp::TCP_ApplicationAnalyzer; + friend class zeek::analyzer::tcp::TCP_ApplicationAnalyzer; /** * Return a string represantation of an analyzer, containing its name * and ID. */ static std::string fmt_analyzer(const Analyzer* a) - { return std::string(a->GetAnalyzerName()) + fmt("[%d]", a->GetID()); } + { return std::string(a->GetAnalyzerName()) + zeek::util::fmt("[%d]", a->GetID()); } /** * Associates a connection with this analyzer. Must be called if @@ -746,7 +743,7 @@ private: bool protocol_confirmed; - timer_list timers; + TimerPList timers; bool timers_canceled; bool skip; bool finished; @@ -938,13 +935,13 @@ public: * transport-layer input and determine which protocol analyzer(s) to * use for parsing it. */ - void SetPIA(::analyzer::pia::PIA* arg_PIA) { pia = arg_PIA; } + void SetPIA(zeek::analyzer::pia::PIA* arg_PIA) { pia = arg_PIA; } /** * Returns the associated PIA, or null of none. Does not take * ownership. */ - ::analyzer::pia::PIA* GetPIA() const { return pia; } + zeek::analyzer::pia::PIA* GetPIA() const { return pia; } /** * Helper to raise a \c packet_contents event. @@ -956,18 +953,20 @@ public: void PacketContents(const u_char* data, int len); private: - ::analyzer::pia::PIA* pia; + zeek::analyzer::pia::PIA* pia; }; } // namespace zeek::analyzer namespace analyzer { - using Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::Analyzer instead.")]] = zeek::analyzer::Analyzer; - using AnalyzerTimer [[deprecated("Remove in v4.1. Use zeek::analyzer::AnalyzerTimer instead.")]] = zeek::analyzer::AnalyzerTimer; - using SupportAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::SupportAnalyzer instead.")]] = zeek::analyzer::SupportAnalyzer; - using OutputHandler [[deprecated("Remove in v4.1. Use zeek::analyzer::OutputHandler instead.")]] = zeek::analyzer::OutputHandler; - using TransportLayerAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::TransportLayerAnalyzer instead.")]] = zeek::analyzer::TransportLayerAnalyzer; - using analyzer_list [[deprecated("Remove in v4.1. Use zeek::analyzer::analyzer_list instead.")]] = zeek::analyzer::analyzer_list; - using ID [[deprecated("Remove in v4.1. Use zeek::analyzer::ID instead.")]] = zeek::analyzer::ID; -} +using Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::Analyzer instead.")]] = zeek::analyzer::Analyzer; +using AnalyzerTimer [[deprecated("Remove in v4.1. Use zeek::analyzer::AnalyzerTimer instead.")]] = zeek::analyzer::AnalyzerTimer; +using SupportAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::SupportAnalyzer instead.")]] = zeek::analyzer::SupportAnalyzer; +using OutputHandler [[deprecated("Remove in v4.1. Use zeek::analyzer::OutputHandler instead.")]] = zeek::analyzer::OutputHandler; +using TransportLayerAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::TransportLayerAnalyzer instead.")]] = zeek::analyzer::TransportLayerAnalyzer; + +using analyzer_list [[deprecated("Remove in v4.1. Use zeek::analyzer::analyzer_list instead.")]] = zeek::analyzer::analyzer_list; +using ID [[deprecated("Remove in v4.1. Use zeek::analyzer::ID instead.")]] = zeek::analyzer::ID; + +} // namespace analyzer diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 75bb28d1db..16c9a96bad 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -5,6 +5,7 @@ #include "Hash.h" #include "Val.h" #include "IntrusivePtr.h" +#include "RunState.h" #include "protocol/conn-size/ConnSize.h" #include "protocol/icmp/ICMP.h" @@ -20,7 +21,7 @@ using namespace zeek::analyzer; Manager::ConnIndex::ConnIndex(const IPAddr& _orig, const IPAddr& _resp, - uint16_t _resp_p, uint16_t _proto) + uint16_t _resp_p, uint16_t _proto) { if ( _orig == IPAddr::v4_unspecified ) // don't use the IPv4 mapping, use the literal unspecified address @@ -360,31 +361,29 @@ Manager::tag_set* Manager::LookupPort(zeek::PortVal* val, bool add_if_not_found) bool Manager::BuildInitialAnalyzerTree(Connection* conn) { - ::analyzer::tcp::TCP_Analyzer* tcp = nullptr; - ::analyzer::udp::UDP_Analyzer* udp = nullptr; - ::analyzer::icmp::ICMP_Analyzer* icmp = nullptr; + zeek::analyzer::tcp::TCP_Analyzer* tcp = nullptr; TransportLayerAnalyzer* root = nullptr; - ::analyzer::pia::PIA* pia = nullptr; + zeek::analyzer::pia::PIA* pia = nullptr; bool check_port = false; switch ( conn->ConnTransport() ) { case TRANSPORT_TCP: - root = tcp = new ::analyzer::tcp::TCP_Analyzer(conn); - pia = new ::analyzer::pia::PIA_TCP(conn); + root = tcp = new zeek::analyzer::tcp::TCP_Analyzer(conn); + pia = new zeek::analyzer::pia::PIA_TCP(conn); check_port = true; DBG_ANALYZER(conn, "activated TCP analyzer"); break; case TRANSPORT_UDP: - root = udp = new ::analyzer::udp::UDP_Analyzer(conn); - pia = new ::analyzer::pia::PIA_UDP(conn); + root = new zeek::analyzer::udp::UDP_Analyzer(conn); + pia = new zeek::analyzer::pia::PIA_UDP(conn); check_port = true; DBG_ANALYZER(conn, "activated UDP analyzer"); break; case TRANSPORT_ICMP: { - root = icmp = new ::analyzer::icmp::ICMP_Analyzer(conn); + root = new zeek::analyzer::icmp::ICMP_Analyzer(conn); DBG_ANALYZER(conn, "activated ICMP analyzer"); break; } @@ -401,7 +400,7 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) // the scheduled ones. if ( ! scheduled ) { // Let's see if it's a port we know. - if ( check_port && ! dpd_ignore_ports ) + if ( check_port && ! zeek::detail::dpd_ignore_ports ) { int resp_port = ntohs(conn->RespPort()); tag_set* ports = LookupPort(conn->ConnTransport(), resp_port, false); @@ -432,9 +431,9 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) // be turned on later by the TCP PIA. bool reass = root->GetChildren().size() || - dpd_reassemble_first_packets || - tcp_content_deliver_all_orig || - tcp_content_deliver_all_resp; + zeek::detail::dpd_reassemble_first_packets || + zeek::detail::tcp_content_deliver_all_orig || + zeek::detail::tcp_content_deliver_all_resp; if ( tcp_contents && ! reass ) { @@ -466,25 +465,25 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) auto src = zeek::make_intrusive(conn->OrigAddr()); if ( ! stp_skip_src->FindOrDefault(src) ) - tcp->AddChildAnalyzer(new ::analyzer::stepping_stone::SteppingStone_Analyzer(conn), false); + tcp->AddChildAnalyzer(new zeek::analyzer::stepping_stone::SteppingStone_Analyzer(conn), false); } } if ( IsEnabled(analyzer_tcpstats) ) // Add TCPStats analyzer. This needs to see packets so // we cannot add it as a normal child. - tcp->AddChildPacketAnalyzer(new ::analyzer::tcp::TCPStats_Analyzer(conn)); + tcp->AddChildPacketAnalyzer(new zeek::analyzer::tcp::TCPStats_Analyzer(conn)); if ( IsEnabled(analyzer_connsize) ) // Add ConnSize analyzer. Needs to see packets, not stream. - tcp->AddChildPacketAnalyzer(new ::analyzer::conn_size::ConnSize_Analyzer(conn)); + tcp->AddChildPacketAnalyzer(new zeek::analyzer::conn_size::ConnSize_Analyzer(conn)); } else { if ( IsEnabled(analyzer_connsize) ) // Add ConnSize analyzer. Needs to see packets, not stream. - root->AddChildAnalyzer(new ::analyzer::conn_size::ConnSize_Analyzer(conn)); + root->AddChildAnalyzer(new zeek::analyzer::conn_size::ConnSize_Analyzer(conn)); } if ( pia ) @@ -501,14 +500,14 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn) void Manager::ExpireScheduledAnalyzers() { - if ( ! network_time ) + if ( ! zeek::run_state::network_time ) return; while ( conns_by_timeout.size() ) { ScheduledAnalyzer* a = conns_by_timeout.top(); - if ( a->timeout > network_time ) + if ( a->timeout > zeek::run_state::network_time ) return; conns_by_timeout.pop(); @@ -542,7 +541,7 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, TransportProto proto, const Tag& analyzer, double timeout) { - if ( ! network_time ) + if ( ! zeek::run_state::network_time ) { reporter->Warning("cannot schedule analyzers before processing begins; ignored"); return; @@ -556,7 +555,7 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, ScheduledAnalyzer* a = new ScheduledAnalyzer; a->conn = ConnIndex(orig, resp, resp_p, proto); a->analyzer = analyzer; - a->timeout = network_time + timeout; + a->timeout = zeek::run_state::network_time + timeout; conns.insert(std::make_pair(a->conn, a)); conns_by_timeout.push(a); @@ -599,7 +598,7 @@ Manager::tag_set Manager::GetScheduled(const Connection* conn) for ( conns_map::iterator i = all.first; i != all.second; i++ ) { - if ( i->second->timeout > network_time ) + if ( i->second->timeout > zeek::run_state::network_time ) result.insert(i->second->analyzer); } diff --git a/src/analyzer/protocol/arp/ARP.cc b/src/analyzer/protocol/arp/ARP.cc index 9f0c9be579..8896d911ba 100644 --- a/src/analyzer/protocol/arp/ARP.cc +++ b/src/analyzer/protocol/arp/ARP.cc @@ -7,7 +7,7 @@ #include "events.bif.h" -using namespace analyzer::arp; +namespace zeek::analyzer::arp { ARP_Analyzer::ARP_Analyzer() { @@ -240,3 +240,5 @@ zeek::StringValPtr ARP_Analyzer::ToEthAddrStr(const u_char* addr) addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]); return zeek::make_intrusive(buf); } + +} // namespace zeek::analyzer::arp diff --git a/src/analyzer/protocol/arp/ARP.h b/src/analyzer/protocol/arp/ARP.h index 3f85f69d30..21e8b75aa9 100644 --- a/src/analyzer/protocol/arp/ARP.h +++ b/src/analyzer/protocol/arp/ARP.h @@ -30,7 +30,7 @@ extern "C" { #include } -namespace analyzer::arp { +namespace zeek::analyzer::arp { class ARP_Analyzer : public zeek::Obj { public: @@ -57,4 +57,10 @@ protected: void Corrupted(const char* string); }; +} // namespace zeek::analyzer::arp + +namespace analyzer::arp { + +using ARP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::arp::ARP_Analyzer.")]] = zeek::analyzer::arp::ARP_Analyzer; + } // namespace analyzer::arp diff --git a/src/analyzer/protocol/arp/Plugin.cc b/src/analyzer/protocol/arp/Plugin.cc index 18bba8067c..1ff5f08c63 100644 --- a/src/analyzer/protocol/arp/Plugin.cc +++ b/src/analyzer/protocol/arp/Plugin.cc @@ -1,10 +1,8 @@ // See the file in the main distribution directory for copyright. - #include "plugin/Plugin.h" -namespace plugin { -namespace Zeek_ARP { +namespace zeek::plugin::detail::Zeek_ARP { class Plugin : public zeek::plugin::Plugin { public: @@ -17,5 +15,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_ARP diff --git a/src/analyzer/protocol/ayiya/AYIYA.cc b/src/analyzer/protocol/ayiya/AYIYA.cc index 2a3dba5da0..901b8392a6 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.cc +++ b/src/analyzer/protocol/ayiya/AYIYA.cc @@ -2,7 +2,7 @@ #include "AYIYA.h" #include "Func.h" -using namespace analyzer::ayiya; +namespace zeek::analyzer::ayiya { AYIYA_Analyzer::AYIYA_Analyzer(zeek::Connection* conn) : Analyzer("AYIYA", conn) @@ -31,6 +31,8 @@ void AYIYA_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint6 } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::ayiya diff --git a/src/analyzer/protocol/ayiya/AYIYA.h b/src/analyzer/protocol/ayiya/AYIYA.h index b42c21526a..3d61d7ce8f 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.h +++ b/src/analyzer/protocol/ayiya/AYIYA.h @@ -2,7 +2,7 @@ #include "ayiya_pac.h" -namespace analyzer { namespace ayiya { +namespace zeek::analyzer::ayiya { class AYIYA_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -20,4 +20,10 @@ protected: binpac::AYIYA::AYIYA_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ayiya + +namespace analyzer::ayiya { + +using AYIYA_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ayiya::AYIYA_Analyzer.")]] = zeek::analyzer::ayiya::AYIYA_Analyzer; + +} // namespace analyzer::ayiya diff --git a/src/analyzer/protocol/ayiya/Plugin.cc b/src/analyzer/protocol/ayiya/Plugin.cc index a89aea577f..6e52239191 100644 --- a/src/analyzer/protocol/ayiya/Plugin.cc +++ b/src/analyzer/protocol/ayiya/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_AYIYA { +namespace zeek::plugin::detail::Zeek_AYIYA { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("AYIYA", ::analyzer::ayiya::AYIYA_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("AYIYA", zeek::analyzer::ayiya::AYIYA_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::AYIYA"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_AYIYA diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index c9eabac6ff..789ef6913a 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -5,10 +5,10 @@ #include "events.bif.h" -using namespace analyzer::bittorrent; +namespace zeek::analyzer::bittorrent { BitTorrent_Analyzer::BitTorrent_Analyzer(zeek::Connection* c) -: tcp::TCP_ApplicationAnalyzer("BITTORRENT", c) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("BITTORRENT", c) { interp = new binpac::BitTorrent::BitTorrent_Conn(this); stop_orig = stop_resp = false; @@ -22,7 +22,7 @@ BitTorrent_Analyzer::~BitTorrent_Analyzer() void BitTorrent_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -33,7 +33,7 @@ void BitTorrent_Analyzer::DeliverStream(int len, const u_char* data, bool orig) uint64_t& this_stream_len = orig ? stream_len_orig : stream_len_resp; bool& this_stop = orig ? stop_orig : stop_resp; - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); @@ -59,8 +59,8 @@ void BitTorrent_Analyzer::DeliverStream(int len, const u_char* data, bool orig) Parent()->RemoveChildAnalyzer(this); else { - DeliverWeird(fmt("Stopping BitTorrent analysis: protocol violation (%s)", - e.c_msg()), orig); + DeliverWeird(zeek::util::fmt("Stopping BitTorrent analysis: protocol violation (%s)", + e.c_msg()), orig); this_stop = true; if ( stop_orig && stop_resp ) ProtocolViolation("BitTorrent: content gap and/or protocol violation"); @@ -70,7 +70,7 @@ void BitTorrent_Analyzer::DeliverStream(int len, const u_char* data, bool orig) void BitTorrent_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); // TODO: Code commented out for now. I think that shoving data that // is definitely wrong into the parser seems like a really bad idea. @@ -112,7 +112,7 @@ void BitTorrent_Analyzer::Undelivered(uint64_t seq, int len, bool orig) void BitTorrent_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } @@ -124,3 +124,5 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) zeek::val_mgr->Bool(orig), zeek::make_intrusive(msg)); } + +} // namespace zeek::analyzer::bittorrent diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.h b/src/analyzer/protocol/bittorrent/BitTorrent.h index 17c42336ed..1e3ef3610d 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.h +++ b/src/analyzer/protocol/bittorrent/BitTorrent.h @@ -6,9 +6,9 @@ #include "bittorrent_pac.h" -namespace analyzer { namespace bittorrent { +namespace zeek::analyzer::bittorrent { -class BitTorrent_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class BitTorrent_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit BitTorrent_Analyzer(zeek::Connection* conn); ~BitTorrent_Analyzer() override; @@ -29,4 +29,10 @@ protected: uint64_t stream_len_orig, stream_len_resp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::bittorrent + +namespace analyzer::bittorrent { + +using BitTorrent_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::BitTorrent_Analyzer.")]] = zeek::analyzer::bittorrent::BitTorrent_Analyzer; + +} // namespace analyzer::bittorrent diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 2b72028148..34297178d7 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -13,7 +13,7 @@ # define FMT_INT "%" PRId64 # define FMT_UINT "%" PRIu64 -using namespace analyzer::bittorrent; +namespace zeek::analyzer::bittorrent { static zeek::TableTypePtr bt_tracker_headers; static zeek::RecordTypePtr bittorrent_peer; @@ -22,7 +22,7 @@ static zeek::RecordTypePtr bittorrent_benc_value; static zeek::TableTypePtr bittorrent_benc_dir; BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(zeek::Connection* c) -: tcp::TCP_ApplicationAnalyzer("BITTORRENTTRACKER", c) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("BITTORRENTTRACKER", c) { if ( ! bt_tracker_headers ) { @@ -40,14 +40,14 @@ BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(zeek::Connection* c) keep_alive = false; - req_state = BTT_REQ_GET; + req_state = detail::BTT_REQ_GET; req_buf[sizeof(req_buf) - 1] = 0; req_buf_pos = req_buf; req_buf_len = 0; req_val_uri = nullptr; req_val_headers = new zeek::TableVal(bt_tracker_headers); - res_state = BTT_RES_STATUS; + res_state = detail::BTT_RES_STATUS; res_allow_blank_line = false; res_buf[sizeof(res_buf) - 1] = 0; res_buf_pos = res_buf; @@ -78,13 +78,13 @@ BitTorrentTracker_Analyzer::~BitTorrentTracker_Analyzer() void BitTorrentTracker_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); } void BitTorrentTracker_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); @@ -130,9 +130,9 @@ void BitTorrentTracker_Analyzer::ClientRequest(int len, const u_char* data) req_buf_pos = lf + 1; - if ( req_state == BTT_REQ_DONE && keep_alive ) + if ( req_state == detail::BTT_REQ_DONE && keep_alive ) { - req_state = BTT_REQ_GET; + req_state = detail::BTT_REQ_GET; req_buf_len -= (req_buf_pos - req_buf); memmove(req_buf, req_buf_pos, req_buf_len); req_buf_pos = req_buf; @@ -146,7 +146,7 @@ void BitTorrentTracker_Analyzer::ServerReply(int len, const u_char* data) if ( stop_resp ) return; - if ( res_state == BTT_RES_DONE ) + if ( res_state == detail::BTT_RES_DONE ) // We are done already, i.e. state != 200. return; @@ -163,7 +163,7 @@ void BitTorrentTracker_Analyzer::ServerReply(int len, const u_char* data) while ( true ) { - while ( res_state != BTT_RES_BODY && + while ( res_state != detail::BTT_RES_BODY && res_buf_pos < res_buf + res_buf_len ) { char* lf = strchr(res_buf_pos, '\n'); @@ -181,17 +181,17 @@ void BitTorrentTracker_Analyzer::ServerReply(int len, const u_char* data) res_buf_pos = lf + 1; } - if ( res_state != BTT_RES_BODY || + if ( res_state != detail::BTT_RES_BODY || res_buf_pos >= res_buf + res_buf_len ) break; ResponseBody(); - if ( res_state != BTT_RES_DONE || + if ( res_state != detail::BTT_RES_DONE || res_status != 200 || ! keep_alive ) break; - res_state = BTT_RES_STATUS; + res_state = detail::BTT_RES_STATUS; res_allow_blank_line = true; res_buf_len -= res_buf_pos - res_buf; memmove(res_buf, res_buf_pos, res_buf_len); @@ -208,7 +208,7 @@ void BitTorrentTracker_Analyzer::ServerReply(int len, const u_char* data) void BitTorrentTracker_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); ProtocolViolation("BitTorrentTracker: cannot recover from content gap"); @@ -220,7 +220,7 @@ void BitTorrentTracker_Analyzer::Undelivered(uint64_t seq, int len, bool orig) void BitTorrentTracker_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); } void BitTorrentTracker_Analyzer::InitBencParser(void) @@ -228,9 +228,9 @@ void BitTorrentTracker_Analyzer::InitBencParser(void) benc_stack.clear(); benc_count.clear(); - benc_state = BENC_STATE_EMPTY; + benc_state = detail::BENC_STATE_EMPTY; benc_raw = nullptr; - benc_raw_type = BENC_TYPE_NONE; + benc_raw_type = detail::BENC_TYPE_NONE; benc_raw_len = 0; benc_key = nullptr; benc_key_len = 0; @@ -267,7 +267,7 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line) } switch ( req_state ) { - case BTT_REQ_GET: + case detail::BTT_REQ_GET: { regmatch_t match[1]; if ( regexec(&r_get, line, 1, match, 0) ) @@ -293,16 +293,16 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line) RequestGet(&line[match[0].rm_eo]); - req_state = BTT_REQ_HEADER; + req_state = detail::BTT_REQ_HEADER; } break; - case BTT_REQ_HEADER: + case detail::BTT_REQ_HEADER: { if ( ! *line ) { EmitRequest(); - req_state = BTT_REQ_DONE; + req_state = detail::BTT_REQ_DONE; break; } @@ -319,10 +319,10 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line) } break; - case BTT_REQ_DONE: + case detail::BTT_REQ_DONE: if ( *line ) { - auto msg = fmt("Got post request data: %s\n", line); + auto msg = zeek::util::fmt("Got post request data: %s\n", line); Weird("bittorrent_tracker_data_post_request", msg); DeliverWeird(msg, true); } @@ -370,7 +370,7 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) } switch ( res_state ) { - case BTT_RES_STATUS: + case detail::BTT_RES_STATUS: { if ( res_allow_blank_line && ! *line ) { @@ -390,11 +390,11 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) } ResponseStatus(&line[match[0].rm_eo]); - res_state = BTT_RES_HEADER; + res_state = detail::BTT_RES_HEADER; } break; - case BTT_RES_HEADER: + case detail::BTT_RES_HEADER: if ( ! *line ) { if ( res_status != 200 ) @@ -408,10 +408,10 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) ); res_val_headers = nullptr; res_buf_pos = res_buf + res_buf_len; - res_state = BTT_RES_DONE; + res_state = detail::BTT_RES_DONE; } else - res_state = BTT_RES_BODY; + res_state = detail::BTT_RES_BODY; break; } @@ -465,7 +465,8 @@ void BitTorrentTracker_Analyzer::ParseHeader(char* name, char* value, } void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, - enum btt_benc_types type, int value_len, char* value) + detail::BTT_BencTypes type, + int value_len, char* value) { if ( name_len == 5 && ! strncmp(name, "peers", 5) ) { @@ -494,7 +495,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, } void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, - enum btt_benc_types type, bro_int_t value) + detail::BTT_BencTypes type, bro_int_t value) { auto benc_value = zeek::make_intrusive(bittorrent_benc_value); auto name_ = zeek::make_intrusive(name_len, name); @@ -508,7 +509,7 @@ void BitTorrentTracker_Analyzer::ResponseBody(void) switch ( ResponseParseBenc() ) { case 0: EmitResponse(); - res_state = BTT_RES_DONE; + res_state = detail::BTT_RES_DONE; break; case -1: // parsing failed @@ -540,7 +541,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) --len, ++res_buf_pos ) { switch ( benc_state ) { - case BENC_STATE_EMPTY: + case detail::BENC_STATE_EMPTY: { switch ( res_buf_pos[0] ) { case 'd': @@ -548,7 +549,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) case 0: break; case 1: benc_raw = res_buf_pos; - benc_raw_type = BENC_TYPE_DIR; + benc_raw_type = detail::BENC_TYPE_DIR; /* fall through */ default: VIOLATION_IF(benc_stack.back() == 'd' && @@ -569,7 +570,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) case 1: benc_raw = res_buf_pos; - benc_raw_type = BENC_TYPE_LIST; + benc_raw_type = detail::BENC_TYPE_LIST; /* fall through */ default: @@ -590,10 +591,10 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) ! (benc_count.back() % 2), "BitTorrentTracker: directory key is not a string but an int") - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; - benc_state = BENC_STATE_INT1; + benc_state = detail::BENC_STATE_INT1; break; case 'e': @@ -603,7 +604,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) benc_count.back() % 2, "BitTorrentTracker: directory has an odd count of members") - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; if ( benc_stack.size() == 2 ) @@ -615,7 +616,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) benc_key_len = 0; benc_raw = nullptr; benc_raw_len = 0; - benc_raw_type = BENC_TYPE_NONE; + benc_raw_type = detail::BENC_TYPE_NONE; } benc_stack.pop_back(); @@ -635,11 +636,11 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) VIOLATION_IF(! benc_stack.size(), "BitTorrentTracker: not a bencoded directory (first char: [0-9])") - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; benc_strlen = res_buf_pos; - benc_state = BENC_STATE_STR1; + benc_state = detail::BENC_STATE_STR1; break; default: @@ -648,28 +649,28 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) } break; - case BENC_STATE_INT1: + case detail::BENC_STATE_INT1: benc_int = res_buf_pos; if ( res_buf_pos[0] == '-' ) { - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; - benc_state = BENC_STATE_INT2; + benc_state = detail::BENC_STATE_INT2; break; } - case BENC_STATE_INT2: + case detail::BENC_STATE_INT2: VIOLATION_IF(res_buf_pos[0] < '0' || res_buf_pos[0] > '9', "BitTorrentTracker: no valid bencoding") - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; - benc_state = BENC_STATE_INT3; + benc_state = detail::BENC_STATE_INT3; break; - case BENC_STATE_INT3: + case detail::BENC_STATE_INT3: if ( res_buf_pos[0] == 'e' ) { if ( sscanf(benc_int, FMT_INT, @@ -678,7 +679,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) if ( benc_stack.size() == 1 ) { ResponseBenc(benc_key_len, - benc_key, BENC_TYPE_INT, + benc_key, detail::BENC_TYPE_INT, benc_int_val); benc_key = nullptr; benc_key_len = 0; @@ -688,7 +689,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) VIOLATION_IF(1, "BitTorrentTracker: no valid bencoding") INC_COUNT - benc_state = BENC_STATE_EMPTY; + benc_state = detail::BENC_STATE_EMPTY; } else @@ -696,16 +697,16 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) res_buf_pos[0] > '9', "BitTorrentTracker: no valid bencoding"); - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; break; - case BENC_STATE_STR1: + case detail::BENC_STATE_STR1: switch ( res_buf_pos[0] ) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; break; @@ -724,10 +725,10 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) benc_key_len = benc_str_len; } - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) ++benc_raw_len; - benc_state = BENC_STATE_STR2; + benc_state = detail::BENC_STATE_STR2; break; default: @@ -735,14 +736,14 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) } break; - case BENC_STATE_STR2: + case detail::BENC_STATE_STR2: if ( benc_str_have < benc_str_len ) { unsigned int seek = std::min(len, benc_str_len - benc_str_have); benc_str_have += seek; - if ( benc_raw_type != BENC_TYPE_NONE ) + if ( benc_raw_type != detail::BENC_TYPE_NONE ) benc_raw_len += seek; res_buf_pos += seek - 1; @@ -755,7 +756,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) benc_key != benc_str ) { ResponseBenc(benc_key_len, benc_key, - BENC_TYPE_STR, + detail::BENC_TYPE_STR, benc_str_len, benc_str); benc_key_len = 0; benc_key = nullptr; @@ -768,7 +769,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) } INC_COUNT - benc_state = BENC_STATE_EMPTY; + benc_state = detail::BENC_STATE_EMPTY; } break; } @@ -794,3 +795,5 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) res_val_peers = nullptr; res_val_benc = nullptr; } + +} // namespace zeek::analyzer::bittorrent diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h index 23186110ca..bc36b88237 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h @@ -8,13 +8,15 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek); -namespace analyzer { namespace bittorrent { +namespace zeek::analyzer::bittorrent { // If the following is defined, then the analyzer will store all of // the headers seen in tracker messages. //#define BTTRACKER_STORE_HEADERS 1 -enum btt_states { +namespace detail { + +enum BTT_States { BTT_REQ_GET, BTT_REQ_HEADER, BTT_REQ_DONE, @@ -22,19 +24,19 @@ enum btt_states { BTT_RES_STATUS, BTT_RES_HEADER, BTT_RES_BODY, - BTT_RES_DONE, + BTT_RES_DONE }; // "benc" = Bencode ("Bee-Encode"), per http://en.wikipedia.org/wiki/Bencode -enum btt_benc_types { +enum BTT_BencTypes { BENC_TYPE_INT = 0, BENC_TYPE_STR = 1, BENC_TYPE_DIR = 2, BENC_TYPE_LIST = 3, - BENC_TYPE_NONE = 10, + BENC_TYPE_NONE = 10 }; -enum btt_benc_states { +enum BTT_BencStates { BENC_STATE_EMPTY, BENC_STATE_INT1, BENC_STATE_INT2, @@ -43,7 +45,9 @@ enum btt_benc_states { BENC_STATE_STR2, }; -class BitTorrentTracker_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +} // namespace detail + +class BitTorrentTracker_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit BitTorrentTracker_Analyzer(zeek::Connection* conn); ~BitTorrentTracker_Analyzer() override; @@ -75,10 +79,10 @@ protected: void ResponseHeader(char* name, char* value) { ParseHeader(name, value, false); } void ResponseBody(); - void ResponseBenc(int name_len, char* name, enum btt_benc_types type, - int value_len, char* value); - void ResponseBenc(int name_len, char* name, enum btt_benc_types type, - bro_int_t value); + void ResponseBenc(int name_len, char* name, detail::BTT_BencTypes type, + int value_len, char* value); + void ResponseBenc(int name_len, char* name, detail::BTT_BencTypes type, + bro_int_t value); int ResponseParseBenc(); void EmitResponse(); @@ -88,7 +92,7 @@ protected: bool keep_alive; // Request. - enum btt_states req_state; + detail::BTT_States req_state; char req_buf[BTTRACKER_BUF]; char* req_buf_pos; unsigned int req_buf_len; @@ -96,7 +100,7 @@ protected: zeek::TableVal* req_val_headers; // Response. - enum btt_states res_state; + detail::BTT_States res_state; bool res_allow_blank_line; char res_buf[BTTRACKER_BUF]; char* res_buf_pos; @@ -108,10 +112,10 @@ protected: std::vector benc_stack; std::vector benc_count; - enum btt_benc_states benc_state; + detail::BTT_BencStates benc_state; char* benc_raw; - enum btt_benc_types benc_raw_type; + detail::BTT_BencTypes benc_raw_type; unsigned int benc_raw_len; char* benc_key; @@ -129,4 +133,34 @@ protected: bool stop_orig, stop_resp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::bittorrent + +namespace analyzer::bittorrent { + +using btt_states [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_States.")]] = zeek::analyzer::bittorrent::detail::BTT_States; +constexpr auto BTT_REQ_GET [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_REQ_GET.")]] = zeek::analyzer::bittorrent::detail::BTT_REQ_GET; +constexpr auto BTT_REQ_HEADER [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_REQ_HEADER.")]] = zeek::analyzer::bittorrent::detail::BTT_REQ_HEADER; +constexpr auto BTT_REQ_DONE [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_REQ_DONE.")]] = zeek::analyzer::bittorrent::detail::BTT_REQ_DONE; +constexpr auto BTT_RES_STATUS [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_RES_STATUS.")]] = zeek::analyzer::bittorrent::detail::BTT_RES_STATUS; +constexpr auto BTT_RES_HEADER [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_RES_HEADER.")]] = zeek::analyzer::bittorrent::detail::BTT_RES_HEADER; +constexpr auto BTT_RES_BODY [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_RES_BODY.")]] = zeek::analyzer::bittorrent::detail::BTT_RES_BODY; +constexpr auto BTT_RES_DONE [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_RES_DONE.")]] = zeek::analyzer::bittorrent::detail::BTT_RES_DONE; + +using btt_benc_types [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_BencTypes.")]] = zeek::analyzer::bittorrent::detail::BTT_BencTypes; +constexpr auto BENC_TYPE_INT [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_TYPE_INT.")]] = zeek::analyzer::bittorrent::detail::BENC_TYPE_INT; +constexpr auto BENC_TYPE_STR [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_TYPE_STR.")]] = zeek::analyzer::bittorrent::detail::BENC_TYPE_STR; +constexpr auto BENC_TYPE_DIR [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_TYPE_DIR.")]] = zeek::analyzer::bittorrent::detail::BENC_TYPE_DIR; +constexpr auto BENC_TYPE_LIST [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_TYPE_LIST.")]] = zeek::analyzer::bittorrent::detail::BENC_TYPE_LIST; +constexpr auto BENC_TYPE_NONE [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_TYPE_NONE.")]] = zeek::analyzer::bittorrent::detail::BENC_TYPE_NONE; + +using btt_benc_states [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BTT_BencStates.")]] = zeek::analyzer::bittorrent::detail::BTT_BencStates; +constexpr auto BENC_STATE_EMPTY [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_STATE_EMPTY.")]] = zeek::analyzer::bittorrent::detail::BENC_STATE_EMPTY; +constexpr auto BENC_STATE_INT1 [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_STATE_INT1.")]] = zeek::analyzer::bittorrent::detail::BENC_STATE_INT1; +constexpr auto BENC_STATE_INT2 [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_STATE_INT2.")]] = zeek::analyzer::bittorrent::detail::BENC_STATE_INT2; +constexpr auto BENC_STATE_INT3 [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_STATE_INT3.")]] = zeek::analyzer::bittorrent::detail::BENC_STATE_INT3; +constexpr auto BENC_STATE_STR1 [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_STATE_STR1.")]] = zeek::analyzer::bittorrent::detail::BENC_STATE_STR1; +constexpr auto BENC_STATE_STR2 [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::detail::BENC_STATE_STR2.")]] = zeek::analyzer::bittorrent::detail::BENC_STATE_STR2; + +using BitTorrentTracker_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::bittorrent::BitTorrentTracker_Analyzer.")]] = zeek::analyzer::bittorrent::BitTorrentTracker_Analyzer; + +} // namespace analyzer::bittorrent diff --git a/src/analyzer/protocol/bittorrent/Plugin.cc b/src/analyzer/protocol/bittorrent/Plugin.cc index c651ba6061..6dba2f78cf 100644 --- a/src/analyzer/protocol/bittorrent/Plugin.cc +++ b/src/analyzer/protocol/bittorrent/Plugin.cc @@ -5,15 +5,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_BitTorrent { +namespace zeek::plugin::plugin::Zeek_BitTorrent { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("BitTorrent", ::analyzer::bittorrent::BitTorrent_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("BitTorrentTracker", ::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("BitTorrent", zeek::analyzer::bittorrent::BitTorrent_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("BitTorrentTracker", zeek::analyzer::bittorrent::BitTorrentTracker_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::BitTorrent"; @@ -22,5 +21,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::plugin::Zeek_BitTorrent diff --git a/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac b/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac index 456fbeaaa5..8a30c93e4a 100644 --- a/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac +++ b/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac @@ -49,7 +49,7 @@ flow BitTorrent_Flow(is_orig: bool) { function validate_message_length(len: uint32): bool %{ if ( len > MSGLEN_LIMIT ) - throw Exception(fmt("message length prefix exceeds limit: %u > %u", + throw Exception(zeek::util::fmt("message length prefix exceeds limit: %u > %u", len, MSGLEN_LIMIT)); return true; %} diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 30b25bdd13..849b9a7feb 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -7,10 +7,11 @@ #include "analyzer/protocol/tcp/TCP.h" #include "IP.h" #include "Reporter.h" +#include "RunState.h" #include "events.bif.h" -using namespace analyzer::conn_size; +namespace zeek::analyzer::conn_size { ConnSize_Analyzer::ConnSize_Analyzer(zeek::Connection* c) : Analyzer("CONNSIZE", c), @@ -90,7 +91,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig) if ( duration_thresh != 0 ) { - if ( ( network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed ) + if ( ( zeek::run_state::network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed ) { EnqueueConnEvent(conn_duration_threshold_crossed, ConnVal(), @@ -205,3 +206,5 @@ void ConnSize_Analyzer::FlipRoles() orig_pkts = resp_pkts; resp_pkts = tmp; } + +} // namespace zeek::analyzer::conn_size diff --git a/src/analyzer/protocol/conn-size/ConnSize.h b/src/analyzer/protocol/conn-size/ConnSize.h index 222bece169..d195ac0582 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.h +++ b/src/analyzer/protocol/conn-size/ConnSize.h @@ -6,7 +6,7 @@ #include "analyzer/Analyzer.h" #include "NetVar.h" -namespace analyzer { namespace conn_size { +namespace zeek::analyzer::conn_size { class ConnSize_Analyzer : public zeek::analyzer::Analyzer { public: @@ -50,4 +50,10 @@ protected: double duration_thresh; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::conn_size + +namespace analyzer::conn_size { + +using ConnSize_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::conn_size::ConnSize_Analyzer.")]] = zeek::analyzer::conn_size::ConnSize_Analyzer; + +} // namespace analyzer::conn_size diff --git a/src/analyzer/protocol/conn-size/Plugin.cc b/src/analyzer/protocol/conn-size/Plugin.cc index c8c1fd8d2e..5470abbd1d 100644 --- a/src/analyzer/protocol/conn-size/Plugin.cc +++ b/src/analyzer/protocol/conn-size/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_ConnSize { +namespace zeek::plugin::detail::Zeek_ConnSize { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("ConnSize", ::analyzer::conn_size::ConnSize_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("ConnSize", zeek::analyzer::conn_size::ConnSize_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::ConnSize"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_ConnSize diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index 582819f5a3..fa9d2d2c9d 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -37,7 +37,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or if ( ! a ) return zeek::val_mgr->False(); - static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig); + static_cast(a)->SetByteAndPacketThreshold(threshold, true, is_orig); return zeek::val_mgr->True(); %} @@ -61,7 +61,7 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_ if ( ! a ) return zeek::val_mgr->False(); - static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig); + static_cast(a)->SetByteAndPacketThreshold(threshold, false, is_orig); return zeek::val_mgr->True(); %} @@ -83,7 +83,7 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval% if ( ! a ) return zeek::val_mgr->False(); - static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold); + static_cast(a)->SetDurationThreshold(threshold); return zeek::val_mgr->True(); %} @@ -105,7 +105,7 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count if ( ! a ) return zeek::val_mgr->Count(0); - return zeek::val_mgr->Count(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig)); + return zeek::val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(true, is_orig)); %} ## Gets the current packet threshold size for a connection. @@ -124,7 +124,7 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun if ( ! a ) return zeek::val_mgr->Count(0); - return zeek::val_mgr->Count(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig)); + return zeek::val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(false, is_orig)); %} ## Gets the current duration threshold size for a connection. @@ -141,5 +141,5 @@ function get_current_conn_duration_threshold%(cid: conn_id%): interval if ( ! a ) return zeek::make_intrusive(0.0); - return zeek::make_intrusive(static_cast<::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold()); + return zeek::make_intrusive(static_cast(a)->GetDurationThreshold()); %} diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc index 8f2610e24f..f01983880b 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc @@ -1,6 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. #include "zeek-config.h" +#include "DCE_RPC.h" #include #include @@ -8,12 +9,10 @@ using namespace std; -#include "DCE_RPC.h" - -using namespace analyzer::dce_rpc; +namespace zeek::analyzer::dce_rpc { DCE_RPC_Analyzer::DCE_RPC_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("DCE_RPC", conn) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("DCE_RPC", conn) { had_gap = false; interp = new binpac::DCE_RPC::DCE_RPC_Conn(this); @@ -62,6 +61,8 @@ void DCE_RPC_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::dce_rpc diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.h b/src/analyzer/protocol/dce-rpc/DCE_RPC.h index 6954dc290a..e4addaf20c 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h @@ -9,9 +9,9 @@ #include "dce_rpc_pac.h" -namespace analyzer { namespace dce_rpc { +namespace zeek::analyzer::dce_rpc { -class DCE_RPC_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class DCE_RPC_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit DCE_RPC_Analyzer(zeek::Connection* conn); ~DCE_RPC_Analyzer() override; @@ -32,4 +32,10 @@ protected: binpac::DCE_RPC::DCE_RPC_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::dce_rpc + +namespace analyzer::dce_rpc { + +using DCE_RPC_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::dce_rpc::DCE_RPC_Analyzer.")]] = zeek::analyzer::dce_rpc::DCE_RPC_Analyzer; + +} // namespace analyzer::dce_rpc diff --git a/src/analyzer/protocol/dce-rpc/Plugin.cc b/src/analyzer/protocol/dce-rpc/Plugin.cc index 3a81e88de6..6afa802c3b 100644 --- a/src/analyzer/protocol/dce-rpc/Plugin.cc +++ b/src/analyzer/protocol/dce-rpc/Plugin.cc @@ -5,14 +5,13 @@ #include "DCE_RPC.h" -namespace plugin { -namespace Zeek_DCE_RPC { +namespace zeek::plugin::detail::Zeek_DCE_RPC { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("DCE_RPC", ::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DCE_RPC", zeek::analyzer::dce_rpc::DCE_RPC_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::DCE_RPC"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_DCE_RPC diff --git a/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac b/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac index 7175304349..1aa845156e 100644 --- a/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac +++ b/src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac @@ -43,7 +43,7 @@ refine connection DCE_RPC_Conn += { ntlm->DeliverStream(${auth.blob}.length(), ${auth.blob}.begin(), is_orig); break; default: - bro_analyzer()->Weird("unknown_dce_rpc_auth_type", fmt("%d", ${auth.type})); + bro_analyzer()->Weird("unknown_dce_rpc_auth_type", zeek::util::fmt("%d", ${auth.type})); break; } diff --git a/src/analyzer/protocol/dhcp/DHCP.cc b/src/analyzer/protocol/dhcp/DHCP.cc index b4ecdca90e..0371a0e4dc 100644 --- a/src/analyzer/protocol/dhcp/DHCP.cc +++ b/src/analyzer/protocol/dhcp/DHCP.cc @@ -3,7 +3,7 @@ #include "events.bif.h" #include "types.bif.h" -using namespace analyzer::dhcp; +namespace zeek::analyzer::dhcp { DHCP_Analyzer::DHCP_Analyzer(zeek::Connection* conn) : Analyzer("DHCP", conn) @@ -32,7 +32,9 @@ void DHCP_Analyzer::DeliverPacket(int len, const u_char* data, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::dhcp diff --git a/src/analyzer/protocol/dhcp/DHCP.h b/src/analyzer/protocol/dhcp/DHCP.h index b8592c15f0..32326633d3 100644 --- a/src/analyzer/protocol/dhcp/DHCP.h +++ b/src/analyzer/protocol/dhcp/DHCP.h @@ -4,7 +4,7 @@ #include "dhcp_pac.h" -namespace analyzer { namespace dhcp { +namespace zeek::analyzer::dhcp { class DHCP_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -22,4 +22,10 @@ protected: binpac::DHCP::DHCP_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::dhcp + +namespace analyzer::dhcp { + +using DHCP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::dhcp::DHCP_Analyzer.")]] = zeek::analyzer::dhcp::DHCP_Analyzer; + +} // namespace analyzer::dhcp diff --git a/src/analyzer/protocol/dhcp/Plugin.cc b/src/analyzer/protocol/dhcp/Plugin.cc index b916f4b922..6ff2db8d8f 100644 --- a/src/analyzer/protocol/dhcp/Plugin.cc +++ b/src/analyzer/protocol/dhcp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_DHCP { +namespace zeek::plugin::detail::Zeek_DHCP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("DHCP", ::analyzer::dhcp::DHCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DHCP", zeek::analyzer::dhcp::DHCP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::DHCP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_DHCP diff --git a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac index fe6c893971..b8f02139e3 100644 --- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac +++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac @@ -44,13 +44,13 @@ refine flow DHCP_Flow += { // the message options. if ( ${msg.cookie} != 0x63825363 ) { - connection()->bro_analyzer()->ProtocolViolation(fmt("bad cookie (%d)", ${msg.cookie})); + connection()->bro_analyzer()->ProtocolViolation(zeek::util::fmt("bad cookie (%d)", ${msg.cookie})); return false; } if ( dhcp_message ) { - std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length()); + std::string mac_str = zeek::fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length()); double secs = static_cast(${msg.secs}); auto dhcp_msg_val = zeek::make_intrusive(zeek::BifType::Record::DHCP::Msg); diff --git a/src/analyzer/protocol/dhcp/dhcp-options.pac b/src/analyzer/protocol/dhcp/dhcp-options.pac index 34351c3700..bd658a802f 100644 --- a/src/analyzer/protocol/dhcp/dhcp-options.pac +++ b/src/analyzer/protocol/dhcp/dhcp-options.pac @@ -633,7 +633,7 @@ refine flow DHCP_Flow += { sv = zeek::make_intrusive(${v.client_id.hwaddr}.length(), (const char*)${v.client_id.hwaddr}.begin()); else - sv = zeek::make_intrusive(fmt_mac(${v.client_id.hwaddr}.begin(), + sv = zeek::make_intrusive(zeek::fmt_mac(${v.client_id.hwaddr}.begin(), ${v.client_id.hwaddr}.length())); client_id->Assign(1, std::move(sv)); diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc index 71ca3cf45e..1f11cb6406 100644 --- a/src/analyzer/protocol/dnp3/DNP3.cc +++ b/src/analyzer/protocol/dnp3/DNP3.cc @@ -100,19 +100,19 @@ #include "Reporter.h" #include "events.bif.h" -using namespace analyzer::dnp3; +constexpr unsigned int PSEUDO_LENGTH_INDEX = 2; // index of len field of DNP3 Pseudo Link Layer +constexpr unsigned int PSEUDO_CONTROL_FIELD_INDEX = 3; // index of ctrl field of DNP3 Pseudo Link Layer +constexpr unsigned int PSEUDO_TRANSPORT_INDEX = 10; // index of DNP3 Pseudo Transport Layer +constexpr unsigned int PSEUDO_APP_LAYER_INDEX = 11; // index of first DNP3 app-layer byte. +constexpr unsigned int PSEUDO_TRANSPORT_LEN = 1; // length of DNP3 Transport Layer +constexpr unsigned int PSEUDO_LINK_LAYER_LEN = 8; // length of DNP3 Pseudo Link Layer -const unsigned int PSEUDO_LENGTH_INDEX = 2; // index of len field of DNP3 Pseudo Link Layer -const unsigned int PSEUDO_CONTROL_FIELD_INDEX = 3; // index of ctrl field of DNP3 Pseudo Link Layer -const unsigned int PSEUDO_TRANSPORT_INDEX = 10; // index of DNP3 Pseudo Transport Layer -const unsigned int PSEUDO_APP_LAYER_INDEX = 11; // index of first DNP3 app-layer byte. -const unsigned int PSEUDO_TRANSPORT_LEN = 1; // length of DNP3 Transport Layer -const unsigned int PSEUDO_LINK_LAYER_LEN = 8; // length of DNP3 Pseudo Link Layer +namespace zeek::analyzer::dnp3 { +namespace detail { bool DNP3_Base::crc_table_initialized = false; unsigned int DNP3_Base::crc_table[256]; - DNP3_Base::DNP3_Base(zeek::analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; @@ -350,7 +350,7 @@ bool DNP3_Base::CheckCRC(int len, const u_char* data, const u_char* crc16, const if ( crc16[0] == (crc & 0xff) && crc16[1] == (crc & 0xff00) >> 8 ) return true; - analyzer->Weird(fmt("dnp3_corrupt_%s_checksum", where)); + analyzer->Weird(zeek::util::fmt("dnp3_corrupt_%s_checksum", where)); return false; } @@ -385,6 +385,7 @@ unsigned int DNP3_Base::CalcCRC(int len, const u_char* data) return ~crc & 0xFFFF; } +} // namespace detail DNP3_TCP_Analyzer::DNP3_TCP_Analyzer(zeek::Connection* c) : DNP3_Base(this), TCP_ApplicationAnalyzer("DNP3_TCP", c) { @@ -456,3 +457,5 @@ void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, ui throw; } } + +} // namespace zeek::analyzer::dnp3 diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h index ee690b9220..9c0f061ead 100644 --- a/src/analyzer/protocol/dnp3/DNP3.h +++ b/src/analyzer/protocol/dnp3/DNP3.h @@ -6,7 +6,9 @@ #include "dnp3_pac.h" -namespace analyzer { namespace dnp3 { +namespace zeek::analyzer::dnp3 { + +namespace detail { class DNP3_Base { public: @@ -61,7 +63,9 @@ protected: Endpoint resp_state; }; -class DNP3_TCP_Analyzer : public DNP3_Base, public tcp::TCP_ApplicationAnalyzer { +} // namespace detail + +class DNP3_TCP_Analyzer : public detail::DNP3_Base, public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit DNP3_TCP_Analyzer(zeek::Connection* conn); ~DNP3_TCP_Analyzer() override; @@ -75,7 +79,7 @@ public: { return new DNP3_TCP_Analyzer(conn); } }; -class DNP3_UDP_Analyzer : public DNP3_Base, public zeek::analyzer::Analyzer { +class DNP3_UDP_Analyzer : public detail::DNP3_Base, public zeek::analyzer::Analyzer { public: explicit DNP3_UDP_Analyzer(zeek::Connection* conn); ~DNP3_UDP_Analyzer() override; @@ -88,4 +92,12 @@ public: }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::dnp3 + +namespace analyzer::dnp3 { + +using DNP3_Base [[deprecated("Remove in v4.1. Use zeek::analyzer::dnp3::detail::DNP3_Base.")]] = zeek::analyzer::dnp3::detail::DNP3_Base; +using DNP3_TCP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::dnp3::DNP3_TCP_Analyzer.")]] = zeek::analyzer::dnp3::DNP3_TCP_Analyzer; +using DNP3_UDP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::dnp3::DNP3_UDP_Analyzer.")]] = zeek::analyzer::dnp3::DNP3_UDP_Analyzer; + +} // namespace analyzer::dnp3 diff --git a/src/analyzer/protocol/dnp3/Plugin.cc b/src/analyzer/protocol/dnp3/Plugin.cc index 58fdc5d6a8..3061fb2ce9 100644 --- a/src/analyzer/protocol/dnp3/Plugin.cc +++ b/src/analyzer/protocol/dnp3/Plugin.cc @@ -4,15 +4,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_DNP3 { +namespace zeek::plugin::detail::Zeek_DNP3 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("DNP3_TCP", ::analyzer::dnp3::DNP3_TCP_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("DNP3_UDP", ::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DNP3_TCP", zeek::analyzer::dnp3::DNP3_TCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DNP3_UDP", zeek::analyzer::dnp3::DNP3_UDP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::DNP3"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_DNP3 diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 3d8d8cc0ab..bdc40499f5 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -13,11 +13,13 @@ #include "NetVar.h" #include "Sessions.h" #include "Event.h" -#include "Net.h" +#include "RunState.h" #include "events.bif.h" -using namespace analyzer::dns; +namespace zeek::analyzer::dns { + +namespace detail { DNS_Interpreter::DNS_Interpreter(zeek::analyzer::Analyzer* arg_analyzer) { @@ -27,7 +29,7 @@ DNS_Interpreter::DNS_Interpreter(zeek::analyzer::Analyzer* arg_analyzer) void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) { - int hdr_len = sizeof(DNS_RawMsgHdr); + int hdr_len = sizeof(detail::DNS_RawMsgHdr); if ( len < hdr_len ) { @@ -35,7 +37,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) return; } - DNS_MsgInfo msg((DNS_RawMsgHdr*) data, is_query); + detail::DNS_MsgInfo msg((detail::DNS_RawMsgHdr*) data, is_query); if ( first_message && msg.QR && is_query == 1 ) { @@ -57,7 +59,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) // There is a great deal of non-DNS traffic that runs on port 53. // This should weed out most of it. - if ( dns_max_queries > 0 && msg.qdcount > dns_max_queries ) + if ( zeek::detail::dns_max_queries > 0 && msg.qdcount > zeek::detail::dns_max_queries ) { analyzer->ProtocolViolation("DNS_Conn_count_too_large"); analyzer->Weird("DNS_Conn_count_too_large"); @@ -76,8 +78,8 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) return; } - if ( ! ParseAnswers(&msg, msg.ancount, DNS_ANSWER, - data, len, msg_start) ) + if ( ! ParseAnswers(&msg, msg.ancount, detail::DNS_ANSWER, + data, len, msg_start) ) { EndMessage(&msg); return; @@ -85,8 +87,8 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) analyzer->ProtocolConfirmation(); - int skip_auth = dns_skip_all_auth; - int skip_addl = dns_skip_all_addl; + int skip_auth = zeek::detail::dns_skip_all_auth; + int skip_addl = zeek::detail::dns_skip_all_addl; if ( msg.ancount > 0 ) { // We did an answer, so can potentially skip auth/addl. static auto dns_skip_auth = zeek::id::find_val("dns_skip_auth"); @@ -107,8 +109,8 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) } msg.skip_event = skip_auth; - if ( ! ParseAnswers(&msg, msg.nscount, DNS_AUTHORITY, - data, len, msg_start) ) + if ( ! ParseAnswers(&msg, msg.nscount, detail::DNS_AUTHORITY, + data, len, msg_start) ) { EndMessage(&msg); return; @@ -122,8 +124,8 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) } msg.skip_event = skip_addl; - if ( ! ParseAnswers(&msg, msg.arcount, DNS_ADDITIONAL, - data, len, msg_start) ) + if ( ! ParseAnswers(&msg, msg.arcount, detail::DNS_ADDITIONAL, + data, len, msg_start) ) { EndMessage(&msg); return; @@ -132,7 +134,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) EndMessage(&msg); } -void DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) +void DNS_Interpreter::EndMessage(detail::DNS_MsgInfo* msg) { if ( dns_end ) analyzer->EnqueueConnEvent(dns_end, @@ -141,9 +143,9 @@ void DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) ); } -bool DNS_Interpreter::ParseQuestions(DNS_MsgInfo* msg, - const u_char*& data, int& len, - const u_char* msg_start) +bool DNS_Interpreter::ParseQuestions(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, + const u_char* msg_start) { int n = msg->qdcount; @@ -152,9 +154,9 @@ bool DNS_Interpreter::ParseQuestions(DNS_MsgInfo* msg, return n == 0; } -bool DNS_Interpreter::ParseAnswers(DNS_MsgInfo* msg, int n, DNS_AnswerType atype, - const u_char*& data, int& len, - const u_char* msg_start) +bool DNS_Interpreter::ParseAnswers(detail::DNS_MsgInfo* msg, int n, detail::DNS_AnswerType atype, + const u_char*& data, int& len, + const u_char* msg_start) { msg->answer_type = atype; @@ -164,9 +166,9 @@ bool DNS_Interpreter::ParseAnswers(DNS_MsgInfo* msg, int n, DNS_AnswerType atype return n == 0; } -bool DNS_Interpreter::ParseQuestion(DNS_MsgInfo* msg, - const u_char*& data, int& len, - const u_char* msg_start) +bool DNS_Interpreter::ParseQuestion(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, + const u_char* msg_start) { u_char name[513]; int name_len = sizeof(name) - 1; @@ -217,9 +219,9 @@ bool DNS_Interpreter::ParseQuestion(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, - const u_char*& data, int& len, - const u_char* msg_start) +bool DNS_Interpreter::ParseAnswer(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, + const u_char* msg_start) { u_char name[513]; int name_len = sizeof(name) - 1; @@ -239,7 +241,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, // re-interpreted by other, more adventurous RR types. msg->query_name = zeek::make_intrusive(new zeek::String(name, name_end - name, true)); - msg->atype = RR_Type(ExtractShort(data, len)); + msg->atype = detail::RR_Type(ExtractShort(data, len)); msg->aclass = ExtractShort(data, len); msg->ttl = ExtractLong(data, len); @@ -252,54 +254,54 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, bool status; switch ( msg->atype ) { - case TYPE_A: + case detail::TYPE_A: status = ParseRR_A(msg, data, len, rdlength); break; - case TYPE_A6: - case TYPE_AAAA: + case detail::TYPE_A6: + case detail::TYPE_AAAA: status = ParseRR_AAAA(msg, data, len, rdlength); break; - case TYPE_NS: - case TYPE_CNAME: - case TYPE_PTR: + case detail::TYPE_NS: + case detail::TYPE_CNAME: + case detail::TYPE_PTR: status = ParseRR_Name(msg, data, len, rdlength, msg_start); break; - case TYPE_SOA: + case detail::TYPE_SOA: status = ParseRR_SOA(msg, data, len, rdlength, msg_start); break; - case TYPE_WKS: + case detail::TYPE_WKS: status = ParseRR_WKS(msg, data, len, rdlength); break; - case TYPE_HINFO: + case detail::TYPE_HINFO: status = ParseRR_HINFO(msg, data, len, rdlength); break; - case TYPE_MX: + case detail::TYPE_MX: status = ParseRR_MX(msg, data, len, rdlength, msg_start); break; - case TYPE_TXT: + case detail::TYPE_TXT: status = ParseRR_TXT(msg, data, len, rdlength, msg_start); break; - case TYPE_SPF: + case detail::TYPE_SPF: status = ParseRR_SPF(msg, data, len, rdlength, msg_start); break; - case TYPE_CAA: + case detail::TYPE_CAA: status = ParseRR_CAA(msg, data, len, rdlength, msg_start); break; - case TYPE_NBS: + case detail::TYPE_NBS: status = ParseRR_NBS(msg, data, len, rdlength, msg_start); break; - case TYPE_SRV: + case detail::TYPE_SRV: if ( ntohs(analyzer->Conn()->RespPort()) == 137 ) { // This is an NBSTAT (NetBIOS NODE STATUS) record. @@ -313,31 +315,31 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, break; - case TYPE_EDNS: + case detail::TYPE_EDNS: status = ParseRR_EDNS(msg, data, len, rdlength, msg_start); break; - case TYPE_TSIG: + case detail::TYPE_TSIG: status = ParseRR_TSIG(msg, data, len, rdlength, msg_start); break; - case TYPE_RRSIG: + case detail::TYPE_RRSIG: status = ParseRR_RRSIG(msg, data, len, rdlength, msg_start); break; - case TYPE_DNSKEY: + case detail::TYPE_DNSKEY: status = ParseRR_DNSKEY(msg, data, len, rdlength, msg_start); break; - case TYPE_NSEC: + case detail::TYPE_NSEC: status = ParseRR_NSEC(msg, data, len, rdlength, msg_start); break; - case TYPE_NSEC3: + case detail::TYPE_NSEC3: status = ParseRR_NSEC3(msg, data, len, rdlength, msg_start); break; - case TYPE_DS: + case detail::TYPE_DS: status = ParseRR_DS(msg, data, len, rdlength, msg_start); break; @@ -350,7 +352,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, msg->BuildAnswerVal() ); - analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype)); + analyzer->Weird("DNS_RR_unknown_type", zeek::util::fmt("%d", msg->atype)); data += rdlength; len -= rdlength; status = true; @@ -361,8 +363,8 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, } u_char* DNS_Interpreter::ExtractName(const u_char*& data, int& len, - u_char* name, int name_len, - const u_char* msg_start, bool downcase) + u_char* name, int name_len, + const u_char* msg_start, bool downcase) { u_char* name_start = name; @@ -391,8 +393,8 @@ u_char* DNS_Interpreter::ExtractName(const u_char*& data, int& len, } bool DNS_Interpreter::ExtractLabel(const u_char*& data, int& len, - u_char*& name, int& name_len, - const u_char* msg_start) + u_char*& name, int& name_len, + const u_char* msg_start) { if ( len <= 0 ) return false; @@ -518,9 +520,9 @@ uint32_t DNS_Interpreter::ExtractLong(const u_char*& data, int& len) return val; } -bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_Name(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { const u_char* data_start = data; @@ -538,17 +540,17 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, zeek::EventHandlerPtr reply_event; switch ( msg->atype ) { - case TYPE_NS: + case detail::TYPE_NS: reply_event = dns_NS_reply; break; - case TYPE_CNAME: - case TYPE_AAAA: - case TYPE_A6: + case detail::TYPE_CNAME: + case detail::TYPE_AAAA: + case detail::TYPE_A6: reply_event = dns_CNAME_reply; break; - case TYPE_PTR: + case detail::TYPE_PTR: reply_event = dns_PTR_reply; break; @@ -568,9 +570,9 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_SOA(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { const u_char* data_start = data; @@ -623,9 +625,9 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_MX(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { const u_char* data_start = data; @@ -653,18 +655,18 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_NBS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_NBS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { data += rdlength; len -= rdlength; return true; } -bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_SRV(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { const u_char* data_start = data; @@ -696,9 +698,9 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( dns_EDNS_addl && ! msg->skip_event ) analyzer->EnqueueConnEvent(dns_EDNS_addl, @@ -721,14 +723,14 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, // TODO: Implement additional option codes switch ( option_code ) { - case TYPE_ECS: + case detail::TYPE_ECS: { // must be 4 bytes + variable number of octets for address if ( option_len <= 4 ) { break; } - EDNS_ECS opt{}; + detail::EDNS_ECS opt{}; uint16_t ecs_family = ExtractShort(data, option_len); uint16_t source_scope = ExtractShort(data, option_len); opt.ecs_src_pfx_len = (source_scope >> 8) & 0xff; @@ -893,9 +895,9 @@ zeek::String* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int return rval; } -bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_TSIG(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { const u_char* data_start = data; u_char alg_name[1024]; @@ -918,7 +920,7 @@ bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, if ( dns_TSIG_addl ) { - TSIG_DATA tsig; + detail::TSIG_DATA tsig; tsig.alg_name = new zeek::String(alg_name, alg_name_end - alg_name, true); tsig.sig = request_MAC; @@ -938,9 +940,9 @@ bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_RRSIG(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_RRSIG || msg->skip_event ) { @@ -973,52 +975,52 @@ bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, return false; int sig_len = rdlength - ((data - data_start) + 18); - DNSSEC_Algo dsa = DNSSEC_Algo(algo); + detail::DNSSEC_Algo dsa = detail::DNSSEC_Algo(algo); zeek::String* sign = ExtractStream(data, len, sig_len); switch ( dsa ) { - case RSA_MD5: - analyzer->Weird("DNSSEC_RRSIG_NotRecommended_ZoneSignAlgo", fmt("%d", algo)); + case detail::RSA_MD5: + analyzer->Weird("DNSSEC_RRSIG_NotRecommended_ZoneSignAlgo", zeek::util::fmt("%d", algo)); break; - case Diffie_Hellman: + case detail::Diffie_Hellman: break; - case DSA_SHA1: + case detail::DSA_SHA1: break; - case Elliptic_Curve: + case detail::Elliptic_Curve: break; - case RSA_SHA1: + case detail::RSA_SHA1: break; - case DSA_NSEC3_SHA1: + case detail::DSA_NSEC3_SHA1: break; - case RSA_SHA1_NSEC3_SHA1: + case detail::RSA_SHA1_NSEC3_SHA1: break; - case RSA_SHA256: + case detail::RSA_SHA256: break; - case RSA_SHA512: + case detail::RSA_SHA512: break; - case GOST_R_34_10_2001: + case detail::GOST_R_34_10_2001: break; - case ECDSA_curveP256withSHA256: + case detail::ECDSA_curveP256withSHA256: break; - case ECDSA_curveP384withSHA384: + case detail::ECDSA_curveP384withSHA384: break; - case Indirect: - analyzer->Weird("DNSSEC_RRSIG_Indirect_ZoneSignAlgo", fmt("%d", algo)); + case detail::Indirect: + analyzer->Weird("DNSSEC_RRSIG_Indirect_ZoneSignAlgo", zeek::util::fmt("%d", algo)); break; - case PrivateDNS: - analyzer->Weird("DNSSEC_RRSIG_PrivateDNS_ZoneSignAlgo", fmt("%d", algo)); + case detail::PrivateDNS: + analyzer->Weird("DNSSEC_RRSIG_PrivateDNS_ZoneSignAlgo", zeek::util::fmt("%d", algo)); break; - case PrivateOID: - analyzer->Weird("DNSSEC_RRSIG_PrivateOID_ZoneSignAlgo", fmt("%d", algo)); + case detail::PrivateOID: + analyzer->Weird("DNSSEC_RRSIG_PrivateOID_ZoneSignAlgo", zeek::util::fmt("%d", algo)); break; default: - analyzer->Weird("DNSSEC_RRSIG_unknown_ZoneSignAlgo", fmt("%d", algo)); + analyzer->Weird("DNSSEC_RRSIG_unknown_ZoneSignAlgo", zeek::util::fmt("%d", algo)); break; } if ( dns_RRSIG ) { - RRSIG_DATA rrsig; + detail::RRSIG_DATA rrsig; rrsig.type_covered = type_covered; rrsig.algorithm = algo; rrsig.labels = lab; @@ -1040,9 +1042,9 @@ bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_DNSKEY(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_DNSKEY || msg->skip_event ) { @@ -1059,7 +1061,7 @@ bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, auto proto_algo = ExtractShort(data, len); unsigned int dprotocol = (proto_algo >> 8) & 0xff; unsigned int dalgorithm = proto_algo & 0xff; - DNSSEC_Algo dsa = DNSSEC_Algo(dalgorithm); + detail::DNSSEC_Algo dsa = detail::DNSSEC_Algo(dalgorithm); //Evaluating the size of remaining bytes for Public Key zeek::String* key = ExtractStream(data, len, rdlength - 4); @@ -1067,58 +1069,58 @@ bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, // flags bit 8: revoked // flags bit 15: Secure Entry Point, key signing key if ( (dflags & 0xfe7e) != 0 ) - analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags)); + analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", zeek::util::fmt("%d", dflags)); // flags bit 7, 8, and 15 all set if ( (dflags & 0x0181) == 0x0181 ) - analyzer->Weird("DNSSEC_DNSKEY_Revoked_KSK", fmt("%d", dflags)); + analyzer->Weird("DNSSEC_DNSKEY_Revoked_KSK", zeek::util::fmt("%d", dflags)); if ( dprotocol != 3 ) - analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol)); + analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", zeek::util::fmt("%d", dprotocol)); switch ( dsa ) { - case RSA_MD5: - analyzer->Weird("DNSSEC_DNSKEY_NotRecommended_ZoneSignAlgo", fmt("%d", dalgorithm)); + case detail::RSA_MD5: + analyzer->Weird("DNSSEC_DNSKEY_NotRecommended_ZoneSignAlgo", zeek::util::fmt("%d", dalgorithm)); break; - case Diffie_Hellman: + case detail::Diffie_Hellman: break; - case DSA_SHA1: + case detail::DSA_SHA1: break; - case Elliptic_Curve: + case detail::Elliptic_Curve: break; - case RSA_SHA1: + case detail::RSA_SHA1: break; - case DSA_NSEC3_SHA1: + case detail::DSA_NSEC3_SHA1: break; - case RSA_SHA1_NSEC3_SHA1: + case detail::RSA_SHA1_NSEC3_SHA1: break; - case RSA_SHA256: + case detail::RSA_SHA256: break; - case RSA_SHA512: + case detail::RSA_SHA512: break; - case GOST_R_34_10_2001: + case detail::GOST_R_34_10_2001: break; - case ECDSA_curveP256withSHA256: + case detail::ECDSA_curveP256withSHA256: break; - case ECDSA_curveP384withSHA384: + case detail::ECDSA_curveP384withSHA384: break; - case Indirect: - analyzer->Weird("DNSSEC_DNSKEY_Indirect_ZoneSignAlgo", fmt("%d", dalgorithm)); + case detail::Indirect: + analyzer->Weird("DNSSEC_DNSKEY_Indirect_ZoneSignAlgo", zeek::util::fmt("%d", dalgorithm)); break; - case PrivateDNS: - analyzer->Weird("DNSSEC_DNSKEY_PrivateDNS_ZoneSignAlgo", fmt("%d", dalgorithm)); + case detail::PrivateDNS: + analyzer->Weird("DNSSEC_DNSKEY_PrivateDNS_ZoneSignAlgo", zeek::util::fmt("%d", dalgorithm)); break; - case PrivateOID: - analyzer->Weird("DNSSEC_DNSKEY_PrivateOID_ZoneSignAlgo", fmt("%d", dalgorithm)); + case detail::PrivateOID: + analyzer->Weird("DNSSEC_DNSKEY_PrivateOID_ZoneSignAlgo", zeek::util::fmt("%d", dalgorithm)); break; default: - analyzer->Weird("DNSSEC_DNSKEY_unknown_ZoneSignAlgo", fmt("%d", dalgorithm)); + analyzer->Weird("DNSSEC_DNSKEY_unknown_ZoneSignAlgo", zeek::util::fmt("%d", dalgorithm)); break; } if ( dns_DNSKEY ) { - DNSKEY_DATA dnskey; + detail::DNSKEY_DATA dnskey; dnskey.dflags = dflags; dnskey.dalgorithm = dalgorithm; dnskey.dprotocol = dprotocol; @@ -1135,9 +1137,9 @@ bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_NSEC(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_NSEC || msg->skip_event ) { @@ -1166,7 +1168,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, if ( bmlen == 0 ) { - analyzer->Weird("DNSSEC_NSEC_bitmapLen0", fmt("%d", win_blck)); + analyzer->Weird("DNSSEC_NSEC_bitmapLen0", zeek::util::fmt("%d", win_blck)); break; } @@ -1187,9 +1189,9 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_NSEC3(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_NSEC3 || msg->skip_event ) { @@ -1241,7 +1243,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, if ( bmlen == 0 ) { - analyzer->Weird("DNSSEC_NSEC3_bitmapLen0", fmt("%d", win_blck)); + analyzer->Weird("DNSSEC_NSEC3_bitmapLen0", zeek::util::fmt("%d", win_blck)); break; } @@ -1252,7 +1254,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, if ( dns_NSEC3 ) { - NSEC3_DATA nsec3; + detail::NSEC3_DATA nsec3; nsec3.nsec_flags = nsec_flags; nsec3.nsec_hash_algo = hash_algo; nsec3.nsec_iter = iter; @@ -1273,9 +1275,9 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_DS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_DS || msg->skip_event ) { @@ -1292,29 +1294,29 @@ bool DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, uint32_t ds_algo_dtype = ExtractShort(data, len); unsigned int ds_algo = (ds_algo_dtype >> 8) & 0xff; unsigned int ds_dtype = ds_algo_dtype & 0xff; - DNSSEC_Digest ds_digest_type = DNSSEC_Digest(ds_dtype); + detail::DNSSEC_Digest ds_digest_type = detail::DNSSEC_Digest(ds_dtype); zeek::String* ds_digest = ExtractStream(data, len, rdlength - 4); switch ( ds_digest_type ) { - case SHA1: + case detail::SHA1: break; - case SHA256: + case detail::SHA256: break; - case GOST_R_34_11_94: + case detail::GOST_R_34_11_94: break; - case SHA384: + case detail::SHA384: break; - case analyzer::dns::reserved: - analyzer->Weird("DNSSEC_DS_ResrevedDigestType", fmt("%d", ds_dtype)); + case detail::reserved: + analyzer->Weird("DNSSEC_DS_ResrevedDigestType", zeek::util::fmt("%d", ds_dtype)); break; default: - analyzer->Weird("DNSSEC_DS_unknown_DigestType", fmt("%d", ds_dtype)); + analyzer->Weird("DNSSEC_DS_unknown_DigestType", zeek::util::fmt("%d", ds_dtype)); break; } if ( dns_DS ) { - DS_DATA ds; + detail::DS_DATA ds; ds.key_tag = ds_key_tag; ds.algorithm = ds_algo; ds.digest_type = ds_dtype; @@ -1331,8 +1333,8 @@ bool DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength) +bool DNS_Interpreter::ParseRR_A(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength) { if ( rdlength != 4 ) { @@ -1353,8 +1355,8 @@ bool DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength) +bool DNS_Interpreter::ParseRR_AAAA(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength) { uint32_t addr[4]; @@ -1364,7 +1366,7 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, if ( len < 0 ) { - if ( msg->atype == TYPE_AAAA ) + if ( msg->atype == detail::TYPE_AAAA ) analyzer->Weird("DNS_AAAA_neg_length"); else analyzer->Weird("DNS_A6_neg_length"); @@ -1373,7 +1375,7 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, } zeek::EventHandlerPtr event; - if ( msg->atype == TYPE_AAAA ) + if ( msg->atype == detail::TYPE_AAAA ) event = dns_AAAA_reply; else event = dns_A6_reply; @@ -1389,8 +1391,8 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_WKS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength) +bool DNS_Interpreter::ParseRR_WKS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength) { data += rdlength; len -= rdlength; @@ -1398,8 +1400,8 @@ bool DNS_Interpreter::ParseRR_WKS(DNS_MsgInfo* msg, return true; } -bool DNS_Interpreter::ParseRR_HINFO(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength) +bool DNS_Interpreter::ParseRR_HINFO(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength) { data += rdlength; len -= rdlength; @@ -1435,9 +1437,9 @@ extract_char_string(zeek::analyzer::Analyzer* analyzer, return rval; } -bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_TXT(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_TXT_reply || msg->skip_event ) { @@ -1463,9 +1465,9 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, return rdlength == 0; } -bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_SPF(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_SPF_reply || msg->skip_event ) { @@ -1491,9 +1493,9 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg, return rdlength == 0; } -bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start) +bool DNS_Interpreter::ParseRR_CAA(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start) { if ( ! dns_CAA_reply || msg->skip_event ) { @@ -1540,13 +1542,13 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, } -void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, +void DNS_Interpreter::SendReplyOrRejectEvent(detail::DNS_MsgInfo* msg, zeek::EventHandlerPtr event, const u_char*& data, int& len, zeek::String* question_name, zeek::String* original_name) { - RR_Type qtype = RR_Type(ExtractShort(data, len)); + detail::RR_Type qtype = detail::RR_Type(ExtractShort(data, len)); int qclass = ExtractShort(data, len); assert(event); @@ -1561,7 +1563,6 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, ); } - DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query) { //### Need to fix alignment if hdr is misaligned (not on a short @@ -1585,7 +1586,7 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query) id = ntohs(hdr->id); is_query = arg_is_query; - atype = TYPE_ALL; + atype = detail::TYPE_ALL; aclass = 0; ttl = 0; @@ -1795,15 +1796,17 @@ zeek::RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds) return r; } +} // namespace detail + Contents_DNS::Contents_DNS(zeek::Connection* conn, bool orig, - DNS_Interpreter* arg_interp) -: tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig) + detail::DNS_Interpreter* arg_interp) +: zeek::analyzer::tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig) { interp = arg_interp; msg_buf = nullptr; buf_n = buf_len = msg_size = 0; - state = DNS_LEN_HI; + state = detail::DNS_LEN_HI; } Contents_DNS::~Contents_DNS() @@ -1829,10 +1832,10 @@ void Contents_DNS::DeliverStream(int len, const u_char* data, bool orig) void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig) { - if ( state == DNS_LEN_HI ) + if ( state == detail::DNS_LEN_HI ) { msg_size = (*data) << 8; - state = DNS_LEN_LO; + state = detail::DNS_LEN_LO; ++data; --len; @@ -1841,10 +1844,10 @@ void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig) return; } - if ( state == DNS_LEN_LO ) + if ( state == detail::DNS_LEN_LO ) { msg_size += *data; - state = DNS_MESSAGE_BUFFER; + state = detail::DNS_MESSAGE_BUFFER; buf_n = 0; @@ -1853,13 +1856,13 @@ void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig) if ( buf_len < msg_size ) { buf_len = msg_size; - msg_buf = (u_char*) safe_realloc((void*) msg_buf, buf_len); + msg_buf = (u_char*) zeek::util::safe_realloc((void*) msg_buf, buf_len); } } else { buf_len = msg_size; - msg_buf = (u_char*) safe_malloc(buf_len); + msg_buf = (u_char*) zeek::util::safe_malloc(buf_len); } ++data; @@ -1869,7 +1872,7 @@ void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig) return; } - if ( state != DNS_MESSAGE_BUFFER ) + if ( state != detail::DNS_MESSAGE_BUFFER ) Conn()->Internal("state inconsistency in Contents_DNS::DeliverStream"); int n; @@ -1886,13 +1889,13 @@ void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig) ForwardPacket(msg_size, msg_buf, orig, -1, nullptr, 0); buf_n = 0; - state = DNS_LEN_HI; + state = detail::DNS_LEN_HI; } DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("DNS", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("DNS", conn) { - interp = new DNS_Interpreter(this); + interp = new detail::DNS_Interpreter(this); contents_dns_orig = contents_dns_resp = nullptr; if ( Conn()->ConnTransport() == TRANSPORT_TCP ) @@ -1905,7 +1908,7 @@ DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn) else { ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer, - network_time + dns_session_timeout, true, + zeek::run_state::network_time + zeek::detail::dns_session_timeout, true, zeek::detail::TIMER_DNS_EXPIRE); } } @@ -1921,7 +1924,7 @@ void DNS_Analyzer::Init() void DNS_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( Conn()->ConnTransport() == TRANSPORT_UDP ) Event(udp_session_done); @@ -1932,15 +1935,16 @@ void DNS_Analyzer::Done() void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { - tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); interp->ParseMessage(data, len, orig ? 1 : 0); } -void DNS_Analyzer::ConnectionClosed(tcp::TCP_Endpoint* endpoint, tcp::TCP_Endpoint* peer, - bool gen_event) +void DNS_Analyzer::ConnectionClosed(zeek::analyzer::tcp::TCP_Endpoint* endpoint, + zeek::analyzer::tcp::TCP_Endpoint* peer, + bool gen_event) { - tcp::TCP_ApplicationAnalyzer::ConnectionClosed(endpoint, peer, gen_event); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionClosed(endpoint, peer, gen_event); assert(contents_dns_orig && contents_dns_resp); contents_dns_orig->Flush(); @@ -1952,13 +1956,15 @@ void DNS_Analyzer::ExpireTimer(double t) // The - 1.0 in the following is to allow 1 second for the // common case of a single request followed by a single reply, // so we don't needlessly set the timer twice in that case. - if ( t - Conn()->LastTime() >= dns_session_timeout - 1.0 || terminating ) + if ( t - Conn()->LastTime() >= zeek::detail::dns_session_timeout - 1.0 || zeek::run_state::terminating ) { Event(connection_timeout); zeek::sessions->Remove(Conn()); } else ADD_ANALYZER_TIMER(&DNS_Analyzer::ExpireTimer, - t + dns_session_timeout, true, + t + zeek::detail::dns_session_timeout, true, zeek::detail::TIMER_DNS_EXPIRE); } + +} // namespace zeek::analyzer::dns diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index 57b14e1e48..ec33e72d04 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -5,9 +5,10 @@ #include "analyzer/protocol/tcp/TCP.h" #include "binpac_bro.h" -namespace analyzer { namespace dns { +namespace zeek::analyzer::dns { +namespace detail { -typedef enum { +enum DNS_Opcode { DNS_OP_QUERY = 0, ///< standard query DNS_OP_IQUERY = 1, ///< reverse query @@ -20,18 +21,18 @@ typedef enum { NETBIOS_RELEASE = 6, NETBIOS_WACK = 7, // wait for ACK NETBIOS_REFRESH = 8, -} DNS_Opcode; +}; -typedef enum { +enum DNS_Code { DNS_CODE_OK = 0, ///< no error DNS_CODE_FORMAT_ERR = 1, ///< format error DNS_CODE_SERVER_FAIL = 2, ///< server failure DNS_CODE_NAME_ERR = 3, ///< no such domain DNS_CODE_NOT_IMPL = 4, ///< not implemented DNS_CODE_REFUSED = 5, ///< refused -} DNS_Code; +}; -typedef enum { +enum RR_Type { TYPE_A = 1, ///< host address TYPE_NS = 2, ///< authoritative name server TYPE_CNAME = 5, ///< canonical name @@ -69,21 +70,21 @@ typedef enum { TYPE_ALL = 255, TYPE_WINS = 65281, ///< Microsoft's WINS RR TYPE_WINSR = 65282, ///< Microsoft's WINS-R RR -} RR_Type; +}; #define DNS_CLASS_IN 1 #define DNS_CLASS_ANY 255 -typedef enum { +enum DNS_AnswerType { DNS_QUESTION, DNS_ANSWER, DNS_AUTHORITY, DNS_ADDITIONAL, -} DNS_AnswerType; +}; // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml // DNS EDNS0 Option Codes (OPT) -typedef enum { +enum EDNS_OPT_Type { TYPE_LLQ = 1, ///< https://www.iana.org/go/draft-sekar-dns-llq-06 TYPE_UL = 2, ///< http://files.dns-sd.org/draft-sekar-dns-ul.txt TYPE_NSID = 3, ///< RFC5001 @@ -101,9 +102,9 @@ typedef enum { TYPE_CLIENT_TAG = 16, ///< https://www.iana.org/go/draft-bellis-dnsop-edns-tags TYPE_SERVER_TAG = 17, ///< https://www.iana.org/go/draft-bellis-dnsop-edns-tags TYPE_DEVICE_ID = 26946 ///< https://docs.umbrella.com/developer/networkdevices-api/identifying-dns-traffic2 -} EDNS_OPT_Type; +}; -typedef enum { +enum DNSSEC_Algo { reserved0 = 0, RSA_MD5 = 1, ///< [RFC2537] NOT RECOMMENDED Diffie_Hellman = 2, ///< [RFC2539] @@ -121,15 +122,15 @@ typedef enum { PrivateDNS = 253, ///< OPTIONAL PrivateOID = 254, ///< OPTIONAL reserved255 = 255, -} DNSSEC_Algo; +}; -typedef enum { +enum DNSSEC_Digest { reserved = 0, SHA1 = 1, ///< [RFC3110] MANDATORY SHA256 = 2, GOST_R_34_11_94 = 3, SHA384 = 4, -} DNSSEC_Digest; +}; struct DNS_RawMsgHdr { unsigned short id; @@ -258,7 +259,6 @@ public: ///< for forward lookups }; - class DNS_Interpreter { public: explicit DNS_Interpreter(zeek::analyzer::Analyzer* analyzer); @@ -268,26 +268,27 @@ public: void Timeout() { } protected: - void EndMessage(DNS_MsgInfo* msg); + void EndMessage(detail::DNS_MsgInfo* msg); - bool ParseQuestions(DNS_MsgInfo* msg, - const u_char*& data, int& len, - const u_char* start); - bool ParseAnswers(DNS_MsgInfo* msg, int n, DNS_AnswerType answer_type, - const u_char*& data, int& len, - const u_char* start); + bool ParseQuestions(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, + const u_char* start); + bool ParseAnswers(detail::DNS_MsgInfo* msg, int n, + detail::DNS_AnswerType answer_type, + const u_char*& data, int& len, + const u_char* start); - bool ParseQuestion(DNS_MsgInfo* msg, - const u_char*& data, int& len, const u_char* start); - bool ParseAnswer(DNS_MsgInfo* msg, - const u_char*& data, int& len, const u_char* start); + bool ParseQuestion(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, const u_char* start); + bool ParseAnswer(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, const u_char* start); u_char* ExtractName(const u_char*& data, int& len, - u_char* label, int label_len, - const u_char* msg_start, bool downcase = true); + u_char* label, int label_len, + const u_char* msg_start, bool downcase = true); bool ExtractLabel(const u_char*& data, int& len, - u_char*& label, int& label_len, - const u_char* msg_start); + u_char*& label, int& label_len, + const u_char* msg_start); uint16_t ExtractShort(const u_char*& data, int& len); uint32_t ExtractLong(const u_char*& data, int& len); @@ -295,63 +296,63 @@ protected: zeek::String* ExtractStream(const u_char*& data, int& len, int sig_len); - bool ParseRR_Name(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_SOA(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_MX(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_NBS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_SRV(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_EDNS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_EDNS_ECS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_A(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength); - bool ParseRR_AAAA(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength); - bool ParseRR_WKS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength); - bool ParseRR_HINFO(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength); - bool ParseRR_TXT(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_SPF(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_CAA(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_TSIG(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_RRSIG(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_DNSKEY(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_NSEC(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_NSEC3(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - bool ParseRR_DS(DNS_MsgInfo* msg, - const u_char*& data, int& len, int rdlength, - const u_char* msg_start); - void SendReplyOrRejectEvent(DNS_MsgInfo* msg, zeek::EventHandlerPtr event, + bool ParseRR_Name(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_SOA(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_MX(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_NBS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_SRV(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_EDNS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_EDNS_ECS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_A(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength); + bool ParseRR_AAAA(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength); + bool ParseRR_WKS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength); + bool ParseRR_HINFO(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength); + bool ParseRR_TXT(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_SPF(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_CAA(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_TSIG(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_RRSIG(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_DNSKEY(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_NSEC(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_NSEC3(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + bool ParseRR_DS(detail::DNS_MsgInfo* msg, + const u_char*& data, int& len, int rdlength, + const u_char* msg_start); + void SendReplyOrRejectEvent(detail::DNS_MsgInfo* msg, zeek::EventHandlerPtr event, const u_char*& data, int& len, zeek::String* question_name, zeek::String* original_name); @@ -360,39 +361,40 @@ protected: bool first_message; }; - -typedef enum { +enum TCP_DNS_state { DNS_LEN_HI, ///< looking for the high-order byte of the length DNS_LEN_LO, ///< looking for the low-order byte of the length DNS_MESSAGE_BUFFER, ///< building up the message in the buffer -} TCP_DNS_state; +}; + +} // namespace detail // Support analyzer which chunks the TCP stream into "packets". // ### This should be merged with TCP_Contents_RPC. -class Contents_DNS final : public tcp::TCP_SupportAnalyzer { +class Contents_DNS final : public zeek::analyzer::tcp::TCP_SupportAnalyzer { public: - Contents_DNS(zeek::Connection* c, bool orig, DNS_Interpreter* interp); + Contents_DNS(zeek::Connection* c, bool orig, detail::DNS_Interpreter* interp); ~Contents_DNS() override; void Flush(); ///< process any partially-received data - TCP_DNS_state State() const { return state; } + detail::TCP_DNS_state State() const { return state; } protected: void DeliverStream(int len, const u_char* data, bool orig) override; void ProcessChunk(int& len, const u_char*& data, bool orig); - DNS_Interpreter* interp; + detail::DNS_Interpreter* interp; u_char* msg_buf; int buf_n; ///< number of bytes in msg_buf int buf_len; ///< size of msg_buf int msg_size; ///< expected size of message - TCP_DNS_state state; + detail::TCP_DNS_state state; }; // Works for both TCP and UDP. -class DNS_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class DNS_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit DNS_Analyzer(zeek::Connection* conn); ~DNS_Analyzer() override; @@ -402,17 +404,143 @@ public: void Init() override; void Done() override; - void ConnectionClosed(tcp::TCP_Endpoint* endpoint, - tcp::TCP_Endpoint* peer, bool gen_event) override; + void ConnectionClosed(zeek::analyzer::tcp::TCP_Endpoint* endpoint, + zeek::analyzer::tcp::TCP_Endpoint* peer, bool gen_event) override; void ExpireTimer(double t); static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new DNS_Analyzer(conn); } protected: - DNS_Interpreter* interp; + detail::DNS_Interpreter* interp; Contents_DNS* contents_dns_orig; Contents_DNS* contents_dns_resp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::dns + +namespace analyzer::dns { + +using DNS_Opcode [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_Opcode.")]] = zeek::analyzer::dns::detail::DNS_Opcode; +constexpr auto DNS_OP_QUERY [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_OP_QUERY.")]] = zeek::analyzer::dns::detail::DNS_OP_QUERY; +constexpr auto DNS_OP_IQUERY [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_OP_IQUERY.")]] = zeek::analyzer::dns::detail::DNS_OP_IQUERY; +constexpr auto DNS_OP_SERVER_STATUS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_OP_SERVER_STATUS.")]] = zeek::analyzer::dns::detail::DNS_OP_SERVER_STATUS; +constexpr auto NETBIOS_REGISTRATION [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::NETBIOS_REGISTRATION.")]] = zeek::analyzer::dns::detail::NETBIOS_REGISTRATION; +constexpr auto NETBIOS_RELEASE [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::NETBIOS_RELEASE.")]] = zeek::analyzer::dns::detail::NETBIOS_RELEASE; +constexpr auto NETBIOS_WACK [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::NETBIOS_WACK.")]] = zeek::analyzer::dns::detail::NETBIOS_WACK; +constexpr auto NETBIOS_REFRESH [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::NETBIOS_REFRESH.")]] = zeek::analyzer::dns::detail::NETBIOS_REFRESH; + +using DNS_Code [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_Code.")]] = zeek::analyzer::dns::detail::DNS_Code; +constexpr auto DNS_CODE_OK [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_CODE_OK.")]] = zeek::analyzer::dns::detail::DNS_CODE_OK; +constexpr auto DNS_CODE_FORMAT_ERR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_CODE_FORMAT_ERR.")]] = zeek::analyzer::dns::detail::DNS_CODE_FORMAT_ERR; +constexpr auto DNS_CODE_SERVER_FAIL [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_CODE_SERVER_FAIL.")]] = zeek::analyzer::dns::detail::DNS_CODE_SERVER_FAIL; +constexpr auto DNS_CODE_NAME_ERR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_CODE_NAME_ERR.")]] = zeek::analyzer::dns::detail::DNS_CODE_NAME_ERR; +constexpr auto DNS_CODE_NOT_IMPL [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_CODE_NOT_IMPL.")]] = zeek::analyzer::dns::detail::DNS_CODE_NOT_IMPL; +constexpr auto DNS_CODE_REFUSED [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_CODE_REFUSED.")]] = zeek::analyzer::dns::detail::DNS_CODE_REFUSED; + +using RR_Type [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RR_Type.")]] = zeek::analyzer::dns::detail::RR_Type; +constexpr auto TYPE_A [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_A.")]] = zeek::analyzer::dns::detail::TYPE_A; +constexpr auto TYPE_NS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_NS.")]] = zeek::analyzer::dns::detail::TYPE_NS; +constexpr auto TYPE_CNAME [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_CNAME.")]] = zeek::analyzer::dns::detail::TYPE_CNAME; +constexpr auto TYPE_SOA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_SOA.")]] = zeek::analyzer::dns::detail::TYPE_SOA; +constexpr auto TYPE_WKS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_WKS.")]] = zeek::analyzer::dns::detail::TYPE_WKS; +constexpr auto TYPE_PTR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_PTR.")]] = zeek::analyzer::dns::detail::TYPE_PTR; +constexpr auto TYPE_HINFO [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_HINFO.")]] = zeek::analyzer::dns::detail::TYPE_HINFO; +constexpr auto TYPE_MX [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_MX.")]] = zeek::analyzer::dns::detail::TYPE_MX; +constexpr auto TYPE_TXT [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_TXT.")]] = zeek::analyzer::dns::detail::TYPE_TXT; +constexpr auto TYPE_SIG [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_SIG.")]] = zeek::analyzer::dns::detail::TYPE_SIG; +constexpr auto TYPE_KEY [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_KEY.")]] = zeek::analyzer::dns::detail::TYPE_KEY; +constexpr auto TYPE_PX [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_PX.")]] = zeek::analyzer::dns::detail::TYPE_PX; +constexpr auto TYPE_AAAA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_AAAA.")]] = zeek::analyzer::dns::detail::TYPE_AAAA; +constexpr auto TYPE_NBS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_NBS.")]] = zeek::analyzer::dns::detail::TYPE_NBS; +constexpr auto TYPE_SRV [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_SRV.")]] = zeek::analyzer::dns::detail::TYPE_SRV; +constexpr auto TYPE_NAPTR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_NAPTR.")]] = zeek::analyzer::dns::detail::TYPE_NAPTR; +constexpr auto TYPE_KX [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_KX.")]] = zeek::analyzer::dns::detail::TYPE_KX; +constexpr auto TYPE_CERT [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_CERT.")]] = zeek::analyzer::dns::detail::TYPE_CERT; +constexpr auto TYPE_A6 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_A6.")]] = zeek::analyzer::dns::detail::TYPE_A6; +constexpr auto TYPE_DNAME [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_DNAME.")]] = zeek::analyzer::dns::detail::TYPE_DNAME; +constexpr auto TYPE_EDNS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_EDNS.")]] = zeek::analyzer::dns::detail::TYPE_EDNS; +constexpr auto TYPE_TKEY [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_TKEY.")]] = zeek::analyzer::dns::detail::TYPE_TKEY; +constexpr auto TYPE_TSIG [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_TSIG.")]] = zeek::analyzer::dns::detail::TYPE_TSIG; +constexpr auto TYPE_CAA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_CAA.")]] = zeek::analyzer::dns::detail::TYPE_CAA; +constexpr auto TYPE_RRSIG [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_RRSIG.")]] = zeek::analyzer::dns::detail::TYPE_RRSIG; +constexpr auto TYPE_NSEC [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_NSEC.")]] = zeek::analyzer::dns::detail::TYPE_NSEC; +constexpr auto TYPE_DNSKEY [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_DNSKEY.")]] = zeek::analyzer::dns::detail::TYPE_DNSKEY; +constexpr auto TYPE_DS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_DS.")]] = zeek::analyzer::dns::detail::TYPE_DS; +constexpr auto TYPE_NSEC3 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_NSEC3.")]] = zeek::analyzer::dns::detail::TYPE_NSEC3; +constexpr auto TYPE_SPF [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_SPF.")]] = zeek::analyzer::dns::detail::TYPE_SPF; +constexpr auto TYPE_AXFR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_AXFR.")]] = zeek::analyzer::dns::detail::TYPE_AXFR; +constexpr auto TYPE_ALL [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_ALL.")]] = zeek::analyzer::dns::detail::TYPE_ALL; +constexpr auto TYPE_WINS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_WINS.")]] = zeek::analyzer::dns::detail::TYPE_WINS; +constexpr auto TYPE_WINSR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_WINSR.")]] = zeek::analyzer::dns::detail::TYPE_WINSR; + +using DNS_AnswerType [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_AnswerType.")]] = zeek::analyzer::dns::detail::DNS_AnswerType; +constexpr auto DNS_QUESTION [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_QUESTION.")]] = zeek::analyzer::dns::detail::DNS_QUESTION; +constexpr auto DNS_ANSWER [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_ANSWER.")]] = zeek::analyzer::dns::detail::DNS_ANSWER; +constexpr auto DNS_AUTHORITY [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_AUTHORITY.")]] = zeek::analyzer::dns::detail::DNS_AUTHORITY; +constexpr auto DNS_ADDITIONAL [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_ADDITIONAL.")]] = zeek::analyzer::dns::detail::DNS_ADDITIONAL; + +using EDNS_OPT_Type [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::EDNS_OPT_Type.")]] = zeek::analyzer::dns::detail::EDNS_OPT_Type; +constexpr auto TYPE_LLQ [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_LLQ.")]] = zeek::analyzer::dns::detail::TYPE_LLQ; +constexpr auto TYPE_UL [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_UL.")]] = zeek::analyzer::dns::detail::TYPE_UL; +constexpr auto TYPE_NSID [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_NSID.")]] = zeek::analyzer::dns::detail::TYPE_NSID; +constexpr auto TYPE_DAU [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_DAU.")]] = zeek::analyzer::dns::detail::TYPE_DAU; +constexpr auto TYPE_DHU [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_DHU.")]] = zeek::analyzer::dns::detail::TYPE_DHU; +constexpr auto TYPE_N3U [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_N3U.")]] = zeek::analyzer::dns::detail::TYPE_N3U; +constexpr auto TYPE_ECS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_ECS.")]] = zeek::analyzer::dns::detail::TYPE_ECS; +constexpr auto TYPE_EXPIRE [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_EXPIRE.")]] = zeek::analyzer::dns::detail::TYPE_EXPIRE; +constexpr auto TYPE_TCP_KA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_TCP_KA.")]] = zeek::analyzer::dns::detail::TYPE_TCP_KA; +constexpr auto TYPE_PAD [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_PAD.")]] = zeek::analyzer::dns::detail::TYPE_PAD; +constexpr auto TYPE_CHAIN [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_CHAIN.")]] = zeek::analyzer::dns::detail::TYPE_CHAIN; +constexpr auto TYPE_KEY_TAG [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_KEY_TAG.")]] = zeek::analyzer::dns::detail::TYPE_KEY_TAG; +constexpr auto TYPE_ERROR [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_ERROR.")]] = zeek::analyzer::dns::detail::TYPE_ERROR; +constexpr auto TYPE_CLIENT_TAG [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_CLIENT_TAG.")]] = zeek::analyzer::dns::detail::TYPE_CLIENT_TAG; +constexpr auto TYPE_SERVER_TAG [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_SERVER_TAG.")]] = zeek::analyzer::dns::detail::TYPE_SERVER_TAG; +constexpr auto TYPE_DEVICE_ID [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TYPE_DEVICE_ID.")]] = zeek::analyzer::dns::detail::TYPE_DEVICE_ID; + +using DNSSEC_Algo [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNSSEC_Algo.")]] = zeek::analyzer::dns::detail::DNSSEC_Algo; +constexpr auto reserved0 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::reserved0.")]] = zeek::analyzer::dns::detail::reserved0; +constexpr auto RSA_MD5 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RSA_MD5.")]] = zeek::analyzer::dns::detail::RSA_MD5; +constexpr auto Diffie_Hellman [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::Diffie_Hellman.")]] = zeek::analyzer::dns::detail::Diffie_Hellman; +constexpr auto DSA_SHA1 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DSA_SHA1.")]] = zeek::analyzer::dns::detail::DSA_SHA1; +constexpr auto Elliptic_Curve [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::Elliptic_Curve.")]] = zeek::analyzer::dns::detail::Elliptic_Curve; +constexpr auto RSA_SHA1 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RSA_SHA1.")]] = zeek::analyzer::dns::detail::RSA_SHA1; +constexpr auto DSA_NSEC3_SHA1 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DSA_NSEC3_SHA1.")]] = zeek::analyzer::dns::detail::DSA_NSEC3_SHA1; +constexpr auto RSA_SHA1_NSEC3_SHA1 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RSA_SHA1_NSEC3_SHA1.")]] = zeek::analyzer::dns::detail::RSA_SHA1_NSEC3_SHA1; +constexpr auto RSA_SHA256 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RSA_SHA256.")]] = zeek::analyzer::dns::detail::RSA_SHA256; +constexpr auto RSA_SHA512 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RSA_SHA512.")]] = zeek::analyzer::dns::detail::RSA_SHA512; +constexpr auto GOST_R_34_10_2001 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::GOST_R_34_10_2001.")]] = zeek::analyzer::dns::detail::GOST_R_34_10_2001; +constexpr auto ECDSA_curveP256withSHA256 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::ECDSA_curveP256withSHA256.")]] = zeek::analyzer::dns::detail::ECDSA_curveP256withSHA256; +constexpr auto ECDSA_curveP384withSHA384 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::ECDSA_curveP384withSHA384.")]] = zeek::analyzer::dns::detail::ECDSA_curveP384withSHA384; +constexpr auto Indirect [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::Indirect.")]] = zeek::analyzer::dns::detail::Indirect; +constexpr auto PrivateDNS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::PrivateDNS.")]] = zeek::analyzer::dns::detail::PrivateDNS; +constexpr auto PrivateOID [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::PrivateOID.")]] = zeek::analyzer::dns::detail::PrivateOID; +constexpr auto reserved255 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::reserved255.")]] = zeek::analyzer::dns::detail::reserved255; + +using DNSSEC_Digest [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNSSEC_Digest.")]] = zeek::analyzer::dns::detail::DNSSEC_Digest; +constexpr auto reserved [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::reserved.")]] = zeek::analyzer::dns::detail::reserved; +constexpr auto SHA1 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::SHA1.")]] = zeek::analyzer::dns::detail::SHA1; +constexpr auto SHA256 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::SHA256.")]] = zeek::analyzer::dns::detail::SHA256; +constexpr auto GOST_R_34_11_94 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::GOST_R_34_11_94.")]] = zeek::analyzer::dns::detail::GOST_R_34_11_94; +constexpr auto SHA384 [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::SHA384.")]] = zeek::analyzer::dns::detail::SHA384; + +using DNS_RawMsgHdr [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_RawMsgHdr.")]] = zeek::analyzer::dns::detail::DNS_RawMsgHdr; +using EDNS_ADDITIONAL [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::EDNS_ADDITIONAL.")]] = zeek::analyzer::dns::detail::EDNS_ADDITIONAL; +using EDNS_ECS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::EDNS_ECS.")]] = zeek::analyzer::dns::detail::EDNS_ECS; +using TSIG_DATA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TSIG_DATA.")]] = zeek::analyzer::dns::detail::TSIG_DATA; +using RRSIG_DATA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::RRSIG_DATA.")]] = zeek::analyzer::dns::detail::RRSIG_DATA; +using DNSKEY_DATA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNSKEY_DATA.")]] = zeek::analyzer::dns::detail::DNSKEY_DATA; +using NSEC3_DATA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::NSEC3_DATA.")]] = zeek::analyzer::dns::detail::NSEC3_DATA; +using DS_DATA [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DS_DATA.")]] = zeek::analyzer::dns::detail::DS_DATA; +using DNS_MsgInfo [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_MsgInfo.")]] = zeek::analyzer::dns::detail::DNS_MsgInfo; + +using TCP_DNS_state [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::TCP_DNS_state.")]] = zeek::analyzer::dns::detail::TCP_DNS_state; +constexpr auto DNS_LEN_HI [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_LEN_HI.")]] = zeek::analyzer::dns::detail::DNS_LEN_HI; +constexpr auto DNS_LEN_LO [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_LEN_LO.")]] = zeek::analyzer::dns::detail::DNS_LEN_LO; +constexpr auto DNS_MESSAGE_BUFFER [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_MESSAGE_BUFFER.")]] = zeek::analyzer::dns::detail::DNS_MESSAGE_BUFFER; + +using DNS_Interpreter [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::detail::DNS_Interpreter.")]] = zeek::analyzer::dns::detail::DNS_Interpreter; +using Contents_DNS [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::Contents_DNS.")]] = zeek::analyzer::dns::Contents_DNS; +using DNS_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::dns::DNS_Analyzer.")]] = zeek::analyzer::dns::DNS_Analyzer; + +} // namespace analyzer::dns diff --git a/src/analyzer/protocol/dns/Plugin.cc b/src/analyzer/protocol/dns/Plugin.cc index 0b6316db0c..1a31bbd56a 100644 --- a/src/analyzer/protocol/dns/Plugin.cc +++ b/src/analyzer/protocol/dns/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_DNS { +namespace zeek::plugin::detail::Zeek_DNS { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("DNS", ::analyzer::dns::DNS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DNS", zeek::analyzer::dns::DNS_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("Contents_DNS", nullptr)); zeek::plugin::Configuration config; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_DNS diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index f0a9a3f7ca..ed23402667 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -9,7 +9,7 @@ #include "events.bif.h" -using namespace analyzer::file; +namespace zeek::analyzer::file { File_Analyzer::File_Analyzer(const char* name, zeek::Connection* conn) : TCP_ApplicationAnalyzer(name, conn) @@ -19,7 +19,7 @@ File_Analyzer::File_Analyzer(const char* name, zeek::Connection* conn) void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); int n = std::min(len, BUFFER_SIZE - buffer_len); @@ -33,11 +33,11 @@ void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } if ( orig ) - file_id_orig = file_mgr->DataIn(data, len, GetAnalyzerTag(), Conn(), - orig, file_id_orig); + file_id_orig = zeek::file_mgr->DataIn(data, len, GetAnalyzerTag(), Conn(), + orig, file_id_orig); else - file_id_resp = file_mgr->DataIn(data, len, GetAnalyzerTag(), Conn(), - orig, file_id_resp); + file_id_resp = zeek::file_mgr->DataIn(data, len, GetAnalyzerTag(), Conn(), + orig, file_id_resp); } void File_Analyzer::Undelivered(uint64_t seq, int len, bool orig) @@ -45,38 +45,38 @@ void File_Analyzer::Undelivered(uint64_t seq, int len, bool orig) TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); if ( orig ) - file_id_orig = file_mgr->Gap(seq, len, GetAnalyzerTag(), Conn(), orig, - file_id_orig); + file_id_orig = zeek::file_mgr->Gap(seq, len, GetAnalyzerTag(), Conn(), orig, + file_id_orig); else - file_id_resp = file_mgr->Gap(seq, len, GetAnalyzerTag(), Conn(), orig, - file_id_resp); + file_id_resp = zeek::file_mgr->Gap(seq, len, GetAnalyzerTag(), Conn(), orig, + file_id_resp); } void File_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( buffer_len && buffer_len != BUFFER_SIZE ) Identify(); if ( ! file_id_orig.empty() ) - file_mgr->EndOfFile(file_id_orig); + zeek::file_mgr->EndOfFile(file_id_orig); else - file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), true); + zeek::file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), true); if ( ! file_id_resp.empty() ) - file_mgr->EndOfFile(file_id_resp); + zeek::file_mgr->EndOfFile(file_id_resp); else - file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), false); + zeek::file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), false); } void File_Analyzer::Identify() { zeek::detail::RuleMatcher::MIME_Matches matches; - file_mgr->DetectMIME(reinterpret_cast(buffer), buffer_len, - &matches); + zeek::file_mgr->DetectMIME(reinterpret_cast(buffer), buffer_len, + &matches); std::string match = matches.empty() ? "" - : *(matches.begin()->second.begin()); + : *(matches.begin()->second.begin()); if ( file_transferred ) EnqueueConnEvent( @@ -87,3 +87,5 @@ void File_Analyzer::Identify() zeek::make_intrusive(match) ); } + +} // namespace zeek::analyzer::file diff --git a/src/analyzer/protocol/file/File.h b/src/analyzer/protocol/file/File.h index bbc6a47272..bacdc6819c 100644 --- a/src/analyzer/protocol/file/File.h +++ b/src/analyzer/protocol/file/File.h @@ -6,9 +6,9 @@ #include -namespace analyzer { namespace file { +namespace zeek::analyzer::file { -class File_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class File_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: File_Analyzer(const char* name, zeek::Connection* conn); @@ -51,4 +51,12 @@ public: { return new FTP_Data(conn); } }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::file + +namespace analyzer::file { + +using File_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::file::File_Analyzer.")]] = zeek::analyzer::file::File_Analyzer; +using IRC_Data [[deprecated("Remove in v4.1. Use zeek::analyzer::file::IRC_Data.")]] = zeek::analyzer::file::IRC_Data; +using FTP_Data [[deprecated("Remove in v4.1. Use zeek::analyzer::file::FTP_Data.")]] = zeek::analyzer::file::FTP_Data; + +} // namespace analyzer::file diff --git a/src/analyzer/protocol/file/Plugin.cc b/src/analyzer/protocol/file/Plugin.cc index 87b0e05341..e700d1644e 100644 --- a/src/analyzer/protocol/file/Plugin.cc +++ b/src/analyzer/protocol/file/Plugin.cc @@ -4,15 +4,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_File { +namespace zeek::plugin::detail::Zeek_File { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("FTP_Data", ::analyzer::file::FTP_Data::Instantiate)); - AddComponent(new zeek::analyzer::Component("IRC_Data", ::analyzer::file::IRC_Data::Instantiate)); + AddComponent(new zeek::analyzer::Component("FTP_Data", zeek::analyzer::file::FTP_Data::Instantiate)); + AddComponent(new zeek::analyzer::Component("IRC_Data", zeek::analyzer::file::IRC_Data::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::File"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_File diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index b6c1042a3d..86ff1e4060 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -11,27 +11,27 @@ #include "events.bif.h" -using namespace analyzer::finger; +namespace zeek::analyzer::finger { Finger_Analyzer::Finger_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("FINGER", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("FINGER", conn) { did_deliver = 0; - content_line_orig = new tcp::ContentLine_Analyzer(conn, true, 1000); + content_line_orig = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, true, 1000); content_line_orig->SetIsNULSensitive(true); - content_line_resp = new tcp::ContentLine_Analyzer(conn, false, 1000); + content_line_resp = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, false, 1000); AddSupportAnalyzer(content_line_orig); AddSupportAnalyzer(content_line_resp); } void Finger_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( TCP() ) if ( (! did_deliver || content_line_orig->HasPartialLine()) && - (TCP()->OrigState() == tcp::TCP_ENDPOINT_CLOSED || - TCP()->OrigPrevState() == tcp::TCP_ENDPOINT_CLOSED) ) + (TCP()->OrigState() == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED || + TCP()->OrigPrevState() == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED) ) // ### should include the partial text Weird("partial_finger_request"); } @@ -50,12 +50,12 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( ! finger_request ) return; - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); // Check for /W. int long_cnt = (line + 2 <= end_of_line && line[0] == '/' && toupper(line[1]) == 'W'); if ( long_cnt ) - line = skip_whitespace(line+2, end_of_line); + line = zeek::util::skip_whitespace(line+2, end_of_line); assert(line <= end_of_line); size_t n = end_of_line >= line ? end_of_line - line : 0; // just to be sure if assertions aren't on. @@ -91,3 +91,5 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig ); } } + +} // namespace zeek::analyzer::finger diff --git a/src/analyzer/protocol/finger/Finger.h b/src/analyzer/protocol/finger/Finger.h index 20c21def80..b6a3b072ef 100644 --- a/src/analyzer/protocol/finger/Finger.h +++ b/src/analyzer/protocol/finger/Finger.h @@ -5,9 +5,9 @@ #include "analyzer/protocol/tcp/TCP.h" #include "analyzer/protocol/tcp/ContentLine.h" -namespace analyzer { namespace finger { +namespace zeek::analyzer::finger { -class Finger_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class Finger_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit Finger_Analyzer(zeek::Connection* conn); ~Finger_Analyzer() override {} @@ -20,9 +20,15 @@ public: { return new Finger_Analyzer(conn); } protected: - tcp::ContentLine_Analyzer* content_line_orig; - tcp::ContentLine_Analyzer* content_line_resp; + zeek::analyzer::tcp::ContentLine_Analyzer* content_line_orig; + zeek::analyzer::tcp::ContentLine_Analyzer* content_line_resp; int did_deliver; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::finger + +namespace analyzer::finger { + +using Finger_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::finger::Finger_Analyzer.")]] = zeek::analyzer::finger::Finger_Analyzer; + +} // namespace analyzer::finger diff --git a/src/analyzer/protocol/finger/Plugin.cc b/src/analyzer/protocol/finger/Plugin.cc index 5bc3201137..7bc3322e29 100644 --- a/src/analyzer/protocol/finger/Plugin.cc +++ b/src/analyzer/protocol/finger/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Finger { +namespace zeek::plugin::detail::Zeek_Finger { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("Finger", ::analyzer::finger::Finger_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Finger", zeek::analyzer::finger::Finger_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Finger"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Finger diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index 3fa86830ff..d64108bd93 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -15,20 +15,20 @@ #include "events.bif.h" -using namespace analyzer::ftp; +namespace zeek::analyzer::ftp { FTP_Analyzer::FTP_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("FTP", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("FTP", conn) { pending_reply = 0; - nvt_orig = new login::NVT_Analyzer(conn, true); + nvt_orig = new zeek::analyzer::login::NVT_Analyzer(conn, true); nvt_orig->SetIsNULSensitive(true); nvt_orig->SetIsNULSensitive(true); nvt_orig->SetCRLFAsEOL(LF_as_EOL); nvt_orig->SetIsNULSensitive(LF_as_EOL); - nvt_resp = new login::NVT_Analyzer(conn, false); + nvt_resp = new zeek::analyzer::login::NVT_Analyzer(conn, false); nvt_resp->SetIsNULSensitive(true); nvt_resp->SetIsNULSensitive(true); nvt_resp->SetCRLFAsEOL(LF_as_EOL); @@ -43,11 +43,11 @@ FTP_Analyzer::FTP_Analyzer(zeek::Connection* conn) void FTP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( nvt_orig->HasPartialLine() && - (TCP()->OrigState() == tcp::TCP_ENDPOINT_CLOSED || - TCP()->OrigPrevState() == tcp::TCP_ENDPOINT_CLOSED) ) + (TCP()->OrigState() == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED || + TCP()->OrigPrevState() == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED) ) // ### should include the partial text Weird("partial_ftp_request"); } @@ -62,7 +62,7 @@ static uint32_t get_reply_code(int len, const char* line) void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, orig); if ( (orig && ! ftp_request) || (! orig && ! ftp_reply) ) return; @@ -84,9 +84,9 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) const char* cmd; zeek::StringVal* cmd_str; - line = skip_whitespace(line, end_of_line); - get_word(end_of_line - line, line, cmd_len, cmd); - line = skip_whitespace(line + cmd_len, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); + zeek::util::get_word(end_of_line - line, line, cmd_len, cmd); + line = zeek::util::skip_whitespace(line + cmd_len, end_of_line); if ( cmd_len == 0 ) { @@ -125,7 +125,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) length > 3 && line[3] == ' ' ) { // This is the end of the reply. - line = skip_whitespace(line + 3, end_of_line); + line = zeek::util::skip_whitespace(line + 3, end_of_line); pending_reply = 0; cont_resp = 0; } @@ -140,7 +140,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) if ( reply_code > 0 && length > 3 && line[3] == '-' ) { // a continued reply pending_reply = reply_code; - line = skip_whitespace(line + 4, end_of_line); + line = zeek::util::skip_whitespace(line + 4, end_of_line); cont_resp = 1; } else @@ -152,7 +152,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) (const char*) data, length); if ( line < end_of_line ) - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); else line = end_of_line; @@ -210,12 +210,12 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { int cmd_len; const char* cmd; - line = skip_whitespace(line, end_of_line); - get_word(len, line, cmd_len, cmd); + line = zeek::util::skip_whitespace(line, end_of_line); + zeek::util::get_word(len, line, cmd_len, cmd); if ( strncmp(cmd, "ADAT", cmd_len) == 0 ) { - line = skip_whitespace(line + cmd_len, end_of_line); + line = zeek::util::skip_whitespace(line + cmd_len, end_of_line); zeek::StringVal encoded(end_of_line - line, line); decoded_adat = zeek::detail::decode_base64(encoded.AsString(), nullptr, Conn()); @@ -286,7 +286,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig) if ( len > 3 && line[0] == '-' ) line++; - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); if ( end_of_line - line >= 5 && strncmp(line, "ADAT=", 5) == 0 ) { @@ -331,3 +331,5 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig) if ( done ) Parent()->Remove(); } + +} // namespace zeek::analyzer::ftp diff --git a/src/analyzer/protocol/ftp/FTP.h b/src/analyzer/protocol/ftp/FTP.h index aab729ea3d..d0eed1fe83 100644 --- a/src/analyzer/protocol/ftp/FTP.h +++ b/src/analyzer/protocol/ftp/FTP.h @@ -4,11 +4,11 @@ #include "analyzer/protocol/tcp/TCP.h" -namespace analyzer { namespace login { class NVT_Analyzer; }} +ZEEK_FORWARD_DECLARE_NAMESPACED(NVT_Analyzer, zeek, analyzer::login); -namespace analyzer { namespace ftp { +namespace zeek::analyzer::ftp { -class FTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class FTP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit FTP_Analyzer(zeek::Connection* conn); @@ -21,8 +21,8 @@ public: } protected: - login::NVT_Analyzer* nvt_orig; - login::NVT_Analyzer* nvt_resp; + zeek::analyzer::login::NVT_Analyzer* nvt_orig; + zeek::analyzer::login::NVT_Analyzer* nvt_resp; uint32_t pending_reply; // code associated with multi-line reply, or 0 std::string auth_requested; // AUTH method requested }; @@ -49,4 +49,11 @@ protected: bool first_token; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ftp + +namespace analyzer::ftp { + +using FTP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ftp::FTP_Analyzer.")]] = zeek::analyzer::ftp::FTP_Analyzer; +using FTP_ADAT_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ftp::FTP_ADAT_Analyzer.")]] = zeek::analyzer::ftp::FTP_ADAT_Analyzer; + +} // namespace analyzer::ftp diff --git a/src/analyzer/protocol/ftp/Plugin.cc b/src/analyzer/protocol/ftp/Plugin.cc index b62ca8ea7c..5429f61152 100644 --- a/src/analyzer/protocol/ftp/Plugin.cc +++ b/src/analyzer/protocol/ftp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_FTP { +namespace zeek::plugin::detail::Zeek_FTP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("FTP", ::analyzer::ftp::FTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("FTP", zeek::analyzer::ftp::FTP_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("FTP_ADAT", nullptr)); zeek::plugin::Configuration config; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_FTP diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 42f830723b..c4223334d7 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -206,7 +206,7 @@ function fmt_ftp_port%(a: addr, p: port%): string { uint32_t a = ntohl(addr[0]); uint32_t pn = p->Port(); - return zeek::make_intrusive(fmt("%d,%d,%d,%d,%d,%d", + return zeek::make_intrusive(zeek::util::fmt("%d,%d,%d,%d,%d,%d", a >> 24, (a >> 16) & 0xff, (a >> 8) & 0xff, a & 0xff, pn >> 8, pn & 0xff)); diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index d5dc545dff..26c8ec67c6 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -14,7 +14,9 @@ #include "events.bif.h" -using namespace analyzer::gnutella; +namespace zeek::analyzer::gnutella { + +namespace detail { GnutellaMsgState::GnutellaMsgState() { @@ -32,9 +34,10 @@ GnutellaMsgState::GnutellaMsgState() payload_len = 0; } +} // namespace detail Gnutella_Analyzer::Gnutella_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("GNUTELLA", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("GNUTELLA", conn) { state = 0; new_state = 0; @@ -42,8 +45,8 @@ Gnutella_Analyzer::Gnutella_Analyzer(zeek::Connection* conn) ms = nullptr; - orig_msg_state = new GnutellaMsgState(); - resp_msg_state = new GnutellaMsgState(); + orig_msg_state = new detail::GnutellaMsgState(); + resp_msg_state = new detail::GnutellaMsgState(); } Gnutella_Analyzer::~Gnutella_Analyzer() @@ -54,7 +57,7 @@ Gnutella_Analyzer::~Gnutella_Analyzer() void Gnutella_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { @@ -66,7 +69,7 @@ void Gnutella_Analyzer::Done() if ( gnutella_partial_binary_msg ) { - GnutellaMsgState* p = orig_msg_state; + detail::GnutellaMsgState* p = orig_msg_state; for ( int i = 0; i < 2; ++i, p = resp_msg_state ) { @@ -126,9 +129,9 @@ bool Gnutella_Analyzer::IsHTTP(std::string header) if ( Parent()->IsAnalyzer("TCP") ) { // Replay buffered data. - pia::PIA* pia = static_cast(Parent())->GetPIA(); + zeek::analyzer::pia::PIA* pia = static_cast(Parent())->GetPIA(); if ( pia ) - static_cast(pia)->ReplayStreamBuffer(a); + static_cast(pia)->ReplayStreamBuffer(a); } Parent()->RemoveChildAnalyzer(this); @@ -206,7 +209,7 @@ void Gnutella_Analyzer::DissectMessage(char* msg) } -void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) +void Gnutella_Analyzer::SendEvents(detail::GnutellaMsgState* p, bool is_orig) { if ( p->msg_sent ) return; @@ -301,7 +304,7 @@ void Gnutella_Analyzer::DeliverMessages(int len, const u_char* data, bool orig) void Gnutella_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); ms = orig ? orig_msg_state : resp_msg_state; ms->current_offset = 0; @@ -317,3 +320,5 @@ void Gnutella_Analyzer::DeliverStream(int len, const u_char* data, bool orig) else if ( gnutella_binary_msg ) DeliverMessages(len, data, orig); } + +} // namespace zeek::analyzer::gnutella diff --git a/src/analyzer/protocol/gnutella/Gnutella.h b/src/analyzer/protocol/gnutella/Gnutella.h index da3633e085..c33a3b5a99 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.h +++ b/src/analyzer/protocol/gnutella/Gnutella.h @@ -4,13 +4,15 @@ #include "analyzer/protocol/tcp/TCP.h" -#define ORIG_OK 0x1 -#define RESP_OK 0x2 +namespace zeek::analyzer::gnutella { -#define GNUTELLA_MSG_SIZE 23 -#define GNUTELLA_MAX_PAYLOAD 1024 +constexpr int ORIG_OK = 0x1; +constexpr int RESP_OK = 0x2; -namespace analyzer { namespace gnutella { +constexpr int GNUTELLA_MSG_SIZE = 23; +constexpr int GNUTELLA_MAX_PAYLOAD = 1024; + +namespace detail { class GnutellaMsgState { public: @@ -32,8 +34,9 @@ public: unsigned int payload_left; }; +} // namespace detail -class Gnutella_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class Gnutella_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit Gnutella_Analyzer(zeek::Connection* conn); ~Gnutella_Analyzer() override; @@ -54,7 +57,7 @@ private: void DeliverLines(int len, const u_char* data, bool orig); - void SendEvents(GnutellaMsgState* p, bool is_orig); + void SendEvents(detail::GnutellaMsgState* p, bool is_orig); void DissectMessage(char* msg); void DeliverMessages(int len, const u_char* data, bool orig); @@ -63,9 +66,16 @@ private: int new_state; int sent_establish; - GnutellaMsgState* orig_msg_state; - GnutellaMsgState* resp_msg_state; - GnutellaMsgState* ms; + detail::GnutellaMsgState* orig_msg_state; + detail::GnutellaMsgState* resp_msg_state; + detail::GnutellaMsgState* ms; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::gnutella + +namespace analyzer::gnutella { + +using GnutellaMsgState [[deprecated("Remove in v4.1. Use zeek::analyzer::gnutella::detail::GnutellaMsgState.")]] = zeek::analyzer::gnutella::detail::GnutellaMsgState; +using Gnutella_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::gnutella::Gnutella_Analyzer.")]] = zeek::analyzer::gnutella::Gnutella_Analyzer; + +} // namespace analyzer::gnutella diff --git a/src/analyzer/protocol/gnutella/Plugin.cc b/src/analyzer/protocol/gnutella/Plugin.cc index 476a8579ab..d3e5d2e6e5 100644 --- a/src/analyzer/protocol/gnutella/Plugin.cc +++ b/src/analyzer/protocol/gnutella/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Gnutella { +namespace zeek::plugin::detail::Zeek_Gnutella { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("Gnutella", ::analyzer::gnutella::Gnutella_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Gnutella", zeek::analyzer::gnutella::Gnutella_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Gnutella"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Gnutella diff --git a/src/analyzer/protocol/gssapi/GSSAPI.cc b/src/analyzer/protocol/gssapi/GSSAPI.cc index 6f52240f4c..e9dc7a7b0a 100644 --- a/src/analyzer/protocol/gssapi/GSSAPI.cc +++ b/src/analyzer/protocol/gssapi/GSSAPI.cc @@ -5,10 +5,10 @@ #include "Reporter.h" #include "events.bif.h" -using namespace analyzer::gssapi; +namespace zeek::analyzer::gssapi { GSSAPI_Analyzer::GSSAPI_Analyzer(zeek::Connection* c) - : tcp::TCP_ApplicationAnalyzer("GSSAPI", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("GSSAPI", c) { interp = new binpac::GSSAPI::GSSAPI_Conn(this); } @@ -20,7 +20,7 @@ GSSAPI_Analyzer::~GSSAPI_Analyzer() void GSSAPI_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -28,13 +28,13 @@ void GSSAPI_Analyzer::Done() void GSSAPI_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void GSSAPI_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); @@ -45,12 +45,14 @@ void GSSAPI_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void GSSAPI_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::gssapi diff --git a/src/analyzer/protocol/gssapi/GSSAPI.h b/src/analyzer/protocol/gssapi/GSSAPI.h index dec78a324b..e7a1909489 100644 --- a/src/analyzer/protocol/gssapi/GSSAPI.h +++ b/src/analyzer/protocol/gssapi/GSSAPI.h @@ -7,9 +7,9 @@ #include "gssapi_pac.h" -namespace analyzer { namespace gssapi { +namespace zeek::analyzer::gssapi { -class GSSAPI_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class GSSAPI_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit GSSAPI_Analyzer(zeek::Connection* conn); @@ -21,7 +21,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) @@ -31,4 +31,10 @@ protected: binpac::GSSAPI::GSSAPI_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::gssapi + +namespace analyzer::gssapi { + +using GSSAPI_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::gssapi::GSSAPI_Analyzer.")]] = zeek::analyzer::gssapi::GSSAPI_Analyzer; + +} // namespace analyzer::gssapi diff --git a/src/analyzer/protocol/gssapi/Plugin.cc b/src/analyzer/protocol/gssapi/Plugin.cc index 8124f966e3..6d4704e60e 100644 --- a/src/analyzer/protocol/gssapi/Plugin.cc +++ b/src/analyzer/protocol/gssapi/Plugin.cc @@ -4,14 +4,13 @@ #include "GSSAPI.h" -namespace plugin { -namespace Zeek_GSSAPI { +namespace zeek::plugin::detail::Zeek_GSSAPI { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("GSSAPI", ::analyzer::gssapi::GSSAPI_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("GSSAPI", zeek::analyzer::gssapi::GSSAPI_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::GSSAPI"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_GSSAPI diff --git a/src/analyzer/protocol/gtpv1/GTPv1.cc b/src/analyzer/protocol/gtpv1/GTPv1.cc index af24edb4b5..c5aa6e89bc 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.cc +++ b/src/analyzer/protocol/gtpv1/GTPv1.cc @@ -4,7 +4,7 @@ #include "events.bif.h" -using namespace analyzer::gtpv1; +namespace zeek::analyzer::gtpv1 { GTPv1_Analyzer::GTPv1_Analyzer(zeek::Connection* conn) : Analyzer("GTPV1", conn) @@ -32,6 +32,8 @@ void GTPv1_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint6 } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::gtpv1 diff --git a/src/analyzer/protocol/gtpv1/GTPv1.h b/src/analyzer/protocol/gtpv1/GTPv1.h index ce5f46e444..f80798aded 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.h +++ b/src/analyzer/protocol/gtpv1/GTPv1.h @@ -2,7 +2,7 @@ #include "gtpv1_pac.h" -namespace analyzer { namespace gtpv1 { +namespace zeek::analyzer::gtpv1 { class GTPv1_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -20,4 +20,10 @@ protected: binpac::GTPv1::GTPv1_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::gtpv1 + +namespace analyzer::gtpv1 { + +using GTPv1_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::gtpv1::GTPv1_Analyzer.")]] = zeek::analyzer::gtpv1::GTPv1_Analyzer; + +} // namespace analyzer::gtpv1 diff --git a/src/analyzer/protocol/gtpv1/Plugin.cc b/src/analyzer/protocol/gtpv1/Plugin.cc index 34fb899d40..ec0b011bf7 100644 --- a/src/analyzer/protocol/gtpv1/Plugin.cc +++ b/src/analyzer/protocol/gtpv1/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_GTPv1 { +namespace zeek::plugin::detail::Zeek_GTPv1 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("GTPv1", ::analyzer::gtpv1::GTPv1_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("GTPv1", zeek::analyzer::gtpv1::GTPv1_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::GTPv1"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_GTPv1 diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index 3ccab06b25..dd33d639f3 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -323,7 +323,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) rv->Assign(21, BuildPrivateExt(ie)); break; default: - a->Weird("gtp_invalid_info_element", fmt("%d", (*v)[i]->type())); + a->Weird("gtp_invalid_info_element", zeek::util::fmt("%d", (*v)[i]->type())); break; } } @@ -392,7 +392,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu) rv->Assign(12, BuildPrivateExt(ie)); break; default: - a->Weird("gtp_invalid_info_element", fmt("%d", (*v)[i]->type())); + a->Weird("gtp_invalid_info_element", zeek::util::fmt("%d", (*v)[i]->type())); break; } } @@ -470,7 +470,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) rv->Assign(15, BuildEndUserAddr(ie)); break; default: - a->Weird("gtp_invalid_info_element", fmt("%d", (*v)[i]->type())); + a->Weird("gtp_invalid_info_element", zeek::util::fmt("%d", (*v)[i]->type())); break; } } @@ -530,7 +530,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu) rv->Assign(9, BuildPrivateExt(ie)); break; default: - a->Weird("gtp_invalid_info_element", fmt("%d", (*v)[i]->type())); + a->Weird("gtp_invalid_info_element", zeek::util::fmt("%d", (*v)[i]->type())); break; } } @@ -564,7 +564,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu) rv->Assign(2, BuildPrivateExt(ie)); break; default: - a->Weird("gtp_invalid_info_element", fmt("%d", (*v)[i]->type())); + a->Weird("gtp_invalid_info_element", zeek::util::fmt("%d", (*v)[i]->type())); break; } } @@ -595,7 +595,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu) rv->Assign(1, BuildPrivateExt(ie)); break; default: - a->Weird("gtp_invalid_info_element", fmt("%d", (*v)[i]->type())); + a->Weird("gtp_invalid_info_element", zeek::util::fmt("%d", (*v)[i]->type())); break; } } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 8c0c0556b3..d5066ae9c8 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -16,28 +16,29 @@ #include "events.bif.h" -using namespace analyzer::http; +namespace zeek::analyzer::http { const bool DEBUG_http = false; // The EXPECT_*_NOTHING states are used to prevent further parsing. Used if a // message was interrupted. -enum { +enum HTTP_ExpectRequest { EXPECT_REQUEST_LINE, EXPECT_REQUEST_MESSAGE, EXPECT_REQUEST_TRAILER, EXPECT_REQUEST_NOTHING, }; -enum { +enum HTTP_ExpectReply { EXPECT_REPLY_LINE, EXPECT_REPLY_MESSAGE, EXPECT_REPLY_TRAILER, EXPECT_REPLY_NOTHING, }; -HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, int arg_expect_body) -:MIME_Entity(arg_message, parent_entity) +HTTP_Entity::HTTP_Entity(HTTP_Message* arg_message, zeek::analyzer::mime::MIME_Entity* parent_entity, + int arg_expect_body) + : zeek::analyzer::mime::MIME_Entity(arg_message, parent_entity) { http_message = arg_message; expect_body = arg_expect_body; @@ -61,7 +62,7 @@ HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, void HTTP_Entity::EndOfData() { if ( DEBUG_http ) - DEBUG_MSG("%.6f: end of data\n", network_time); + DEBUG_MSG("%.6f: end of data\n", zeek::run_state::network_time); if ( zip ) { @@ -75,7 +76,7 @@ void HTTP_Entity::EndOfData() http_message->MyHTTP_Analyzer()-> ForwardEndOfData(http_message->IsOrig()); - MIME_Entity::EndOfData(); + zeek::analyzer::mime::MIME_Entity::EndOfData(); } void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF) @@ -83,13 +84,13 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF) if ( DEBUG_http ) { DEBUG_MSG("%.6f HTTP_Entity::Deliver len=%d, in_header=%d\n", - network_time, len, in_header); + zeek::run_state::network_time, len, in_header); } if ( end_of_data ) { // Multipart entities may have trailers - if ( content_type != mime::CONTENT_TYPE_MULTIPART ) + if ( content_type != zeek::analyzer::mime::CONTENT_TYPE_MULTIPART ) IllegalFormat("data trailing the end of entity"); return; } @@ -100,13 +101,13 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF) http_message->MyHTTP_Analyzer()->Weird("http_no_crlf_in_header_list"); header_length += len; - MIME_Entity::Deliver(len, data, trailing_CRLF); + zeek::analyzer::mime::MIME_Entity::Deliver(len, data, trailing_CRLF); return; } // Entity body. - if ( content_type == mime::CONTENT_TYPE_MULTIPART || - content_type == mime::CONTENT_TYPE_MESSAGE ) + if ( content_type == zeek::analyzer::mime::CONTENT_TYPE_MULTIPART || + content_type == zeek::analyzer::mime::CONTENT_TYPE_MESSAGE ) DeliverBody(len, data, trailing_CRLF); else if ( chunked_transfer_state != NON_CHUNKED_TRANSFER ) @@ -114,7 +115,7 @@ void HTTP_Entity::Deliver(int len, const char* data, bool trailing_CRLF) switch ( chunked_transfer_state ) { case EXPECT_CHUNK_SIZE: ASSERT(trailing_CRLF); - if ( ! atoi_n(len, data, nullptr, 16, expect_data_length) ) + if ( ! zeek::util::atoi_n(len, data, nullptr, 16, expect_data_length) ) { http_message->Weird("HTTP_bad_chunk_size"); expect_data_length = 0; @@ -188,14 +189,14 @@ void HTTP_Entity::DeliverBody(int len, const char* data, bool trailing_CRLF) { if ( encoding == GZIP || encoding == DEFLATE ) { - zip::ZIP_Analyzer::Method method = + zeek::analyzer::zip::ZIP_Analyzer::Method method = encoding == GZIP ? - zip::ZIP_Analyzer::GZIP : zip::ZIP_Analyzer::DEFLATE; + zeek::analyzer::zip::ZIP_Analyzer::GZIP : zeek::analyzer::zip::ZIP_Analyzer::DEFLATE; if ( ! zip ) { // We don't care about the direction here. - zip = new zip::ZIP_Analyzer( + zip = new zeek::analyzer::zip::ZIP_Analyzer( http_message->MyHTTP_Analyzer()->Conn(), false, method); zip->SetOutputHandler(new UncompressedOutput(this)); @@ -216,7 +217,7 @@ void HTTP_Entity::DeliverBodyClear(int len, const char* data, bool trailing_CRLF body_length += 2; if ( deliver_body ) - MIME_Entity::Deliver(len, data, trailing_CRLF); + zeek::analyzer::mime::MIME_Entity::Deliver(len, data, trailing_CRLF); zeek::detail::Rule::PatternType rule = http_message->IsOrig() ? @@ -248,18 +249,21 @@ bool HTTP_Entity::Undelivered(int64_t len) if ( is_partial_content ) { - precomputed_file_id = file_mgr->Gap(body_length, len, - http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig(), precomputed_file_id); + precomputed_file_id = zeek::file_mgr->Gap( + body_length, len, + http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig(), precomputed_file_id); + offset += len; } else - precomputed_file_id = file_mgr->Gap(body_length, len, - http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig(), - precomputed_file_id); + precomputed_file_id = zeek::file_mgr->Gap( + body_length, len, + http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig(), + precomputed_file_id); if ( chunked_transfer_state != NON_CHUNKED_TRANSFER ) { @@ -304,7 +308,7 @@ bool HTTP_Entity::Undelivered(int64_t len) void HTTP_Entity::SubmitData(int len, const char* buf) { if ( deliver_body ) - MIME_Entity::SubmitData(len, buf); + zeek::analyzer::mime::MIME_Entity::SubmitData(len, buf); if ( send_size && ( encoding == GZIP || encoding == DEFLATE ) ) // Auto-decompress in DeliverBody invalidates sizes derived from headers @@ -313,33 +317,37 @@ void HTTP_Entity::SubmitData(int len, const char* buf) if ( is_partial_content ) { if ( send_size && instance_length > 0 ) - precomputed_file_id = file_mgr->SetSize(instance_length, - http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig(), precomputed_file_id); + precomputed_file_id = zeek::file_mgr->SetSize( + instance_length, + http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig(), precomputed_file_id); - precomputed_file_id = file_mgr->DataIn(reinterpret_cast(buf), len, offset, - http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig(), precomputed_file_id); + precomputed_file_id = zeek::file_mgr->DataIn( + reinterpret_cast(buf), len, offset, + http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig(), precomputed_file_id); offset += len; } else { if ( send_size && content_length > 0 ) - precomputed_file_id = file_mgr->SetSize(content_length, - http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig(), - precomputed_file_id); + precomputed_file_id = zeek::file_mgr->SetSize( + content_length, + http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig(), + precomputed_file_id); - precomputed_file_id = file_mgr->DataIn(reinterpret_cast(buf), - len, - http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig(), - precomputed_file_id); + precomputed_file_id = zeek::file_mgr->DataIn( + reinterpret_cast(buf), + len, + http_message->MyHTTP_Analyzer()->GetAnalyzerTag(), + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig(), + precomputed_file_id); } send_size = false; @@ -357,15 +365,15 @@ void HTTP_Entity::SetPlainDelivery(int64_t length) // expect_data_length. } -void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) +void HTTP_Entity::SubmitHeader(zeek::analyzer::mime::MIME_Header* h) { - if ( mime::istrequal(h->get_name(), "content-length") ) + if ( zeek::analyzer::mime::istrequal(h->get_name(), "content-length") ) { zeek::data_chunk_t vt = h->get_value_token(); - if ( ! mime::is_null_data_chunk(vt) ) + if ( ! zeek::analyzer::mime::is_null_data_chunk(vt) ) { int64_t n; - if ( atoi_n(vt.length, vt.data, nullptr, 10, n) ) + if ( zeek::util::atoi_n(vt.length, vt.data, nullptr, 10, n) ) { content_length = n; @@ -385,7 +393,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) } // Figure out content-length for HTTP 206 Partial Content response - else if ( mime::istrequal(h->get_name(), "content-range") && + else if ( zeek::analyzer::mime::istrequal(h->get_name(), "content-range") && http_message->MyHTTP_Analyzer()->HTTP_ReplyCode() == 206 ) { zeek::data_chunk_t vt = h->get_value_token(); @@ -427,8 +435,8 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) instance_length_str.c_str()); int64_t f, l; - atoi_n(first_byte_pos.size(), first_byte_pos.c_str(), nullptr, 10, f); - atoi_n(last_byte_pos.size(), last_byte_pos.c_str(), nullptr, 10, l); + zeek::util::atoi_n(first_byte_pos.size(), first_byte_pos.c_str(), nullptr, 10, f); + zeek::util::atoi_n(last_byte_pos.size(), last_byte_pos.c_str(), nullptr, 10, l); int64_t len = l - f + 1; if ( DEBUG_http ) @@ -438,9 +446,9 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) { if ( instance_length_str != "*" ) { - if ( ! atoi_n(instance_length_str.size(), - instance_length_str.c_str(), nullptr, 10, - instance_length) ) + if ( ! zeek::util::atoi_n(instance_length_str.size(), + instance_length_str.c_str(), nullptr, 10, + instance_length) ) instance_length = 0; } @@ -470,7 +478,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) } } - else if ( mime::istrequal(h->get_name(), "transfer-encoding") ) + else if ( zeek::analyzer::mime::istrequal(h->get_name(), "transfer-encoding") ) { HTTP_Analyzer::HTTP_VersionNumber http_version; @@ -480,21 +488,21 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) http_version = http_message->analyzer->GetReplyVersionNumber(); zeek::data_chunk_t vt = h->get_value_token(); - if ( mime::istrequal(vt, "chunked") && + if ( zeek::analyzer::mime::istrequal(vt, "chunked") && http_version == HTTP_Analyzer::HTTP_VersionNumber{1, 1} ) chunked_transfer_state = BEFORE_CHUNK; } - else if ( mime::istrequal(h->get_name(), "content-encoding") ) + else if ( zeek::analyzer::mime::istrequal(h->get_name(), "content-encoding") ) { zeek::data_chunk_t vt = h->get_value_token(); - if ( mime::istrequal(vt, "gzip") || mime::istrequal(vt, "x-gzip") ) + if ( zeek::analyzer::mime::istrequal(vt, "gzip") || zeek::analyzer::mime::istrequal(vt, "x-gzip") ) encoding = GZIP; - if ( mime::istrequal(vt, "deflate") ) + if ( zeek::analyzer::mime::istrequal(vt, "deflate") ) encoding = DEFLATE; } - MIME_Entity::SubmitHeader(h); + zeek::analyzer::mime::MIME_Entity::SubmitHeader(h); } void HTTP_Entity::SubmitAllHeaders() @@ -503,10 +511,10 @@ void HTTP_Entity::SubmitAllHeaders() ASSERT(! in_header); if ( DEBUG_http ) - DEBUG_MSG("%.6f end of headers\n", network_time); + DEBUG_MSG("%.6f end of headers\n", zeek::run_state::network_time); if ( Parent() && - Parent()->MIMEContentType() == mime::CONTENT_TYPE_MULTIPART ) + Parent()->MIMEContentType() == zeek::analyzer::mime::CONTENT_TYPE_MULTIPART ) { // Don't treat single \r or \n characters in the multipart body content // as lines because the MIME_Entity code will implicitly add back a @@ -530,7 +538,7 @@ void HTTP_Entity::SubmitAllHeaders() return; } - MIME_Entity::SubmitAllHeaders(); + zeek::analyzer::mime::MIME_Entity::SubmitAllHeaders(); if ( expect_body == HTTP_BODY_NOT_EXPECTED ) { @@ -538,8 +546,8 @@ void HTTP_Entity::SubmitAllHeaders() return; } - if ( content_type == mime::CONTENT_TYPE_MULTIPART || - content_type == mime::CONTENT_TYPE_MESSAGE ) + if ( content_type == zeek::analyzer::mime::CONTENT_TYPE_MULTIPART || + content_type == zeek::analyzer::mime::CONTENT_TYPE_MESSAGE ) { // Do nothing. // Make sure that we check for multiple/message contents first, @@ -588,9 +596,9 @@ void HTTP_Entity::SubmitAllHeaders() } HTTP_Message::HTTP_Message(HTTP_Analyzer* arg_analyzer, - tcp::ContentLine_Analyzer* arg_cl, bool arg_is_orig, - int expect_body, int64_t init_header_length) -: MIME_Message (arg_analyzer) + zeek::analyzer::tcp::ContentLine_Analyzer* arg_cl, bool arg_is_orig, + int expect_body, int64_t init_header_length) +: zeek::analyzer::mime::MIME_Message (arg_analyzer) { analyzer = arg_analyzer; content_line = arg_cl; @@ -601,7 +609,7 @@ HTTP_Message::HTTP_Message(HTTP_Analyzer* arg_analyzer, entity_data_buffer = nullptr; BeginEntity(top_level); - start_time = network_time; + start_time = zeek::run_state::network_time; body_length = 0; content_gap_length = 0; header_length = init_header_length; @@ -632,9 +640,9 @@ void HTTP_Message::Done(bool interrupted, const char* detail) if ( finished ) return; - MIME_Message::Done(); + zeek::analyzer::mime::MIME_Message::Done(); - // DEBUG_MSG("%.6f HTTP message done.\n", network_time); + // DEBUG_MSG("%.6f HTTP message done.\n", zeek::run_state::network_time); top_level->EndOfData(); if ( is_orig || MyHTTP_Analyzer()->HTTP_ReplyCode() != 206 ) @@ -643,10 +651,10 @@ void HTTP_Message::Done(bool interrupted, const char* detail) HTTP_Entity* he = dynamic_cast(top_level); if ( he && ! he->FileID().empty() ) - file_mgr->EndOfFile(he->FileID()); + zeek::file_mgr->EndOfFile(he->FileID()); else - file_mgr->EndOfFile(MyHTTP_Analyzer()->GetAnalyzerTag(), - MyHTTP_Analyzer()->Conn(), is_orig); + zeek::file_mgr->EndOfFile(MyHTTP_Analyzer()->GetAnalyzerTag(), + MyHTTP_Analyzer()->Conn(), is_orig); } if ( http_message_done ) @@ -673,10 +681,10 @@ bool HTTP_Message::Undelivered(int64_t len) return false; } -void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) +void HTTP_Message::BeginEntity(zeek::analyzer::mime::MIME_Entity* entity) { if ( DEBUG_http ) - DEBUG_MSG("%.6f: begin entity (%d)\n", network_time, is_orig); + DEBUG_MSG("%.6f: begin entity (%d)\n", zeek::run_state::network_time, is_orig); current_entity = (HTTP_Entity*) entity; @@ -687,10 +695,10 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) ); } -void HTTP_Message::EndEntity(mime::MIME_Entity* entity) +void HTTP_Message::EndEntity(zeek::analyzer::mime::MIME_Entity* entity) { if ( DEBUG_http ) - DEBUG_MSG("%.6f: end entity (%d)\n", network_time, is_orig); + DEBUG_MSG("%.6f: end entity (%d)\n", zeek::run_state::network_time, is_orig); if ( entity == top_level ) { @@ -707,7 +715,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) current_entity = (HTTP_Entity*) entity->Parent(); if ( entity->Parent() && - entity->Parent()->MIMEContentType() == mime::CONTENT_TYPE_MULTIPART ) + entity->Parent()->MIMEContentType() == zeek::analyzer::mime::CONTENT_TYPE_MULTIPART ) { content_line->SupressWeirds(false); content_line->SetCRLFAsEOL(); @@ -723,19 +731,19 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) HTTP_Entity* he = dynamic_cast(entity); if ( he && ! he->FileID().empty() ) - file_mgr->EndOfFile(he->FileID()); + zeek::file_mgr->EndOfFile(he->FileID()); else - file_mgr->EndOfFile(MyHTTP_Analyzer()->GetAnalyzerTag(), - MyHTTP_Analyzer()->Conn(), is_orig); + zeek::file_mgr->EndOfFile(MyHTTP_Analyzer()->GetAnalyzerTag(), + MyHTTP_Analyzer()->Conn(), is_orig); } } -void HTTP_Message::SubmitHeader(mime::MIME_Header* h) +void HTTP_Message::SubmitHeader(zeek::analyzer::mime::MIME_Header* h) { MyHTTP_Analyzer()->HTTP_Header(is_orig, h); } -void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) +void HTTP_Message::SubmitAllHeaders(zeek::analyzer::mime::MIME_HeaderList& hlist) { if ( http_all_headers ) analyzer->EnqueueConnEvent(http_all_headers, @@ -753,7 +761,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) ); } -void HTTP_Message::SubmitTrailingHeaders(mime::MIME_HeaderList& /* hlist */) +void HTTP_Message::SubmitTrailingHeaders(zeek::analyzer::mime::MIME_HeaderList& /* hlist */) { // Do nothing for now. Note that if this ever changes do something // which relies on the header list argument, that's currently not @@ -771,9 +779,9 @@ void HTTP_Message::SubmitData(int len, const char* buf) bool HTTP_Message::RequestBuffer(int* plen, char** pbuf) { if ( ! entity_data_buffer ) - entity_data_buffer = new char[http_entity_data_delivery_size]; + entity_data_buffer = new char[zeek::detail::http_entity_data_delivery_size]; - *plen = http_entity_data_delivery_size; + *plen = zeek::detail::http_entity_data_delivery_size; *pbuf = entity_data_buffer; return true; } @@ -788,15 +796,15 @@ void HTTP_Message::SubmitEvent(int event_type, const char* detail) const char* category = ""; switch ( event_type ) { - case mime::MIME_EVENT_ILLEGAL_FORMAT: + case zeek::analyzer::mime::MIME_EVENT_ILLEGAL_FORMAT: category = "illegal format"; break; - case mime::MIME_EVENT_ILLEGAL_ENCODING: + case zeek::analyzer::mime::MIME_EVENT_ILLEGAL_ENCODING: category = "illegal encoding"; break; - case mime::MIME_EVENT_CONTENT_GAP: + case zeek::analyzer::mime::MIME_EVENT_CONTENT_GAP: category = "content gap"; break; @@ -829,7 +837,7 @@ void HTTP_Message::Weird(const char* msg) } HTTP_Analyzer::HTTP_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("HTTP", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("HTTP", conn) { num_requests = num_replies = 0; num_request_lines = num_reply_lines = 0; @@ -851,10 +859,10 @@ HTTP_Analyzer::HTTP_Analyzer(zeek::Connection* conn) upgrade_connection = false; upgrade_protocol.clear(); - content_line_orig = new tcp::ContentLine_Analyzer(conn, true); + content_line_orig = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, true); AddSupportAnalyzer(content_line_orig); - content_line_resp = new tcp::ContentLine_Analyzer(conn, false); + content_line_resp = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, false); content_line_resp->SetSkipPartial(true); AddSupportAnalyzer(content_line_resp); } @@ -864,7 +872,7 @@ void HTTP_Analyzer::Done() if ( IsFinished() ) return; - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); RequestMade(true, "message interrupted when connection done"); ReplyMade(true, "message interrupted when connection done"); @@ -879,18 +887,18 @@ void HTTP_Analyzer::Done() unanswered_requests = {}; - file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), true); + zeek::file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), true); /* TODO: this might be nice to have, but reply code is cleared by now. if ( HTTP_ReplyCode() != 206 ) // multipart/byteranges may span multiple connections - file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), false); + zeek::file_mgr->EndOfFile(GetAnalyzerTag(), Conn(), false); */ } void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); if ( TCP() && TCP()->IsPartial() ) return; @@ -909,7 +917,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) const char* line = reinterpret_cast(data); const char* end_of_line = line + len; - tcp::ContentLine_Analyzer* content_line = + zeek::analyzer::tcp::ContentLine_Analyzer* content_line = is_orig ? content_line_orig : content_line_resp; if ( content_line->IsPlainDelivery() ) @@ -964,7 +972,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) { if ( ! RequestExpected() ) HTTP_Event("crud_trailing_HTTP_request", - mime::to_string_val(line, end_of_line)); + zeek::analyzer::mime::to_string_val(line, end_of_line)); else { // We do see HTTP requests with a @@ -1041,7 +1049,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) { // End of message header reached, set up // tunnel decapsulation. - pia = new pia::PIA_TCP(Conn()); + pia = new zeek::analyzer::pia::PIA_TCP(Conn()); if ( AddChildAnalyzer(pia) ) { @@ -1073,21 +1081,21 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) void HTTP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, is_orig); // DEBUG_MSG("Undelivered from %"PRIu64": %d bytes\n", seq, length); HTTP_Message* msg = is_orig ? request_message : reply_message; - tcp::ContentLine_Analyzer* content_line = + zeek::analyzer::tcp::ContentLine_Analyzer* content_line = is_orig ? content_line_orig : content_line_resp; if ( ! content_line->IsSkippedContents(seq, len) ) { if ( msg ) - msg->SubmitEvent(mime::MIME_EVENT_CONTENT_GAP, - fmt("seq=%" PRIu64", len=%d", seq, len)); + msg->SubmitEvent(zeek::analyzer::mime::MIME_EVENT_CONTENT_GAP, + zeek::util::fmt("seq=%" PRIu64", len=%d", seq, len)); } // Check if the content gap falls completely within a message body @@ -1116,9 +1124,9 @@ void HTTP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig) void HTTP_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); - // DEBUG_MSG("%.6f eof\n", network_time); + // DEBUG_MSG("%.6f eof\n", zeek::run_state::network_time); if ( is_orig ) RequestMade(false, "message ends as connection contents are completely delivered"); @@ -1128,16 +1136,16 @@ void HTTP_Analyzer::EndpointEOF(bool is_orig) void HTTP_Analyzer::ConnectionFinished(bool half_finished) { - tcp::TCP_ApplicationAnalyzer::ConnectionFinished(half_finished); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionFinished(half_finished); - // DEBUG_MSG("%.6f connection finished\n", network_time); + // DEBUG_MSG("%.6f connection finished\n", zeek::run_state::network_time); RequestMade(true, "message ends as connection is finished"); ReplyMade(true, "message ends as connection is finished"); } void HTTP_Analyzer::ConnectionReset() { - tcp::TCP_ApplicationAnalyzer::ConnectionReset(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionReset(); RequestMade(true, "message interrupted by RST"); ReplyMade(true, "message interrupted by RST"); @@ -1145,7 +1153,7 @@ void HTTP_Analyzer::ConnectionReset() void HTTP_Analyzer::PacketWithRST() { - tcp::TCP_ApplicationAnalyzer::PacketWithRST(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::PacketWithRST(); RequestMade(true, "message interrupted by RST"); ReplyMade(true, "message interrupted by RST"); @@ -1162,7 +1170,7 @@ void HTTP_Analyzer::GenStats() r->Assign(2, zeek::make_intrusive(request_version.ToDouble())); r->Assign(3, zeek::make_intrusive(reply_version.ToDouble())); - // DEBUG_MSG("%.6f http_stats\n", network_time); + // DEBUG_MSG("%.6f http_stats\n", zeek::run_state::network_time); EnqueueConnEvent(http_stats, ConnVal(), std::move(r)); } } @@ -1190,7 +1198,7 @@ const char* HTTP_Analyzer::PrefixWordMatch(const char* line, return nullptr; const char* orig_line = line; - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); if ( line == orig_line ) // Word didn't end at prefix. @@ -1234,7 +1242,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) goto error; } - rest = skip_whitespace(end_of_method, end_of_line); + rest = zeek::util::skip_whitespace(end_of_method, end_of_line); if ( rest == end_of_method ) goto error; @@ -1285,7 +1293,7 @@ bool HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line) for ( version_start = end_of_uri; version_start < end_of_line; ++version_start ) { end_of_uri = version_start; - version_start = skip_whitespace(version_start, end_of_line); + version_start = zeek::util::skip_whitespace(version_start, end_of_line); if ( PrefixMatch(version_start, end_of_line, "HTTP/") ) break; } @@ -1305,12 +1313,12 @@ bool HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line) version_start)); version_end = version_start + 3; - if ( skip_whitespace(version_end, end_of_line) != end_of_line ) + if ( zeek::util::skip_whitespace(version_end, end_of_line) != end_of_line ) HTTP_Event("crud after HTTP version is ignored", - mime::to_string_val(line, end_of_line)); + zeek::analyzer::mime::to_string_val(line, end_of_line)); } else - HTTP_Event("bad_HTTP_version", mime::to_string_val(line, end_of_line)); + HTTP_Event("bad_HTTP_version", zeek::analyzer::mime::to_string_val(line, end_of_line)); } // NormalizeURI(line, end_of_uri); @@ -1336,7 +1344,7 @@ HTTP_Analyzer::HTTP_VersionNumber HTTP_Analyzer::HTTP_Version(int len, const cha } else { - HTTP_Event("bad_HTTP_version", mime::to_string_val(len, data)); + HTTP_Event("bad_HTTP_version", zeek::analyzer::mime::to_string_val(len, data)); return {}; } } @@ -1361,7 +1369,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, const char* detail) void HTTP_Analyzer::HTTP_Event(const char* category, zeek::StringValPtr detail) { if ( http_event ) - // DEBUG_MSG("%.6f http_event\n", network_time); + // DEBUG_MSG("%.6f http_event\n", zeek::run_state::network_time); EnqueueConnEvent(http_event, ConnVal(), zeek::make_intrusive(category), @@ -1373,12 +1381,12 @@ HTTP_Analyzer::TruncateURI(const zeek::StringValPtr& uri) { const zeek::String* str = uri->AsString(); - if ( truncate_http_URI >= 0 && str->Len() > truncate_http_URI ) + if ( zeek::detail::truncate_http_URI >= 0 && str->Len() > zeek::detail::truncate_http_URI ) { - u_char* s = new u_char[truncate_http_URI + 4]; - memcpy(s, str->Bytes(), truncate_http_URI); - memcpy(s + truncate_http_URI, "...", 4); - return zeek::make_intrusive(new zeek::String(true, s, truncate_http_URI+3)); + u_char* s = new u_char[zeek::detail::truncate_http_URI + 4]; + memcpy(s, str->Bytes(), zeek::detail::truncate_http_URI); + memcpy(s + zeek::detail::truncate_http_URI, "...", 4); + return zeek::make_intrusive(new zeek::String(true, s, zeek::detail::truncate_http_URI+3)); } else return uri; @@ -1395,13 +1403,13 @@ void HTTP_Analyzer::HTTP_Request() connect_request = true; if ( http_request ) - // DEBUG_MSG("%.6f http_request\n", network_time); + // DEBUG_MSG("%.6f http_request\n", zeek::run_state::network_time); EnqueueConnEvent(http_request, ConnVal(), request_method, TruncateURI(request_URI), TruncateURI(unescaped_URI), - zeek::make_intrusive(fmt("%.1f", request_version.ToDouble())) + zeek::make_intrusive(zeek::util::fmt("%.1f", request_version.ToDouble())) ); } @@ -1410,7 +1418,7 @@ void HTTP_Analyzer::HTTP_Reply() if ( http_reply ) EnqueueConnEvent(http_reply, ConnVal(), - zeek::make_intrusive(fmt("%.1f", reply_version.ToDouble())), + zeek::make_intrusive(zeek::util::fmt("%.1f", reply_version.ToDouble())), zeek::val_mgr->Count(reply_code), reply_reason_phrase ? reply_reason_phrase : @@ -1430,7 +1438,7 @@ void HTTP_Analyzer::RequestMade(bool interrupted, const char* msg) if ( request_message ) request_message->Done(interrupted, msg); - // DEBUG_MSG("%.6f request made\n", network_time); + // DEBUG_MSG("%.6f request made\n", zeek::run_state::network_time); request_method = nullptr; unescaped_URI = nullptr; @@ -1451,7 +1459,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg) reply_ongoing = 0; - // DEBUG_MSG("%.6f reply made\n", network_time); + // DEBUG_MSG("%.6f reply made\n", zeek::run_state::network_time); if ( reply_message ) reply_message->Done(interrupted, msg); @@ -1512,47 +1520,47 @@ int HTTP_Analyzer::HTTP_ReplyLine(const char* line, const char* end_of_line) // ##TODO: some server replies with an HTML document // without a status line and a MIME header, when the // request is malformed. - HTTP_Event("bad_HTTP_reply", mime::to_string_val(line, end_of_line)); + HTTP_Event("bad_HTTP_reply", zeek::analyzer::mime::to_string_val(line, end_of_line)); return 0; } SetVersion(&reply_version, HTTP_Version(end_of_line - rest, rest)); for ( ; rest < end_of_line; ++rest ) - if ( mime::is_lws(*rest) ) + if ( zeek::analyzer::mime::is_lws(*rest) ) break; if ( rest >= end_of_line ) { HTTP_Event("HTTP_reply_code_missing", - mime::to_string_val(line, end_of_line)); + zeek::analyzer::mime::to_string_val(line, end_of_line)); return 0; } - rest = skip_whitespace(rest, end_of_line); + rest = zeek::util::skip_whitespace(rest, end_of_line); if ( rest + 3 > end_of_line ) { HTTP_Event("HTTP_reply_code_missing", - mime::to_string_val(line, end_of_line)); + zeek::analyzer::mime::to_string_val(line, end_of_line)); return 0; } reply_code = HTTP_ReplyCode(rest); for ( rest += 3; rest < end_of_line; ++rest ) - if ( mime::is_lws(*rest) ) + if ( zeek::analyzer::mime::is_lws(*rest) ) break; if ( rest >= end_of_line ) { HTTP_Event("HTTP_reply_reason_phrase_missing", - mime::to_string_val(line, end_of_line)); + zeek::analyzer::mime::to_string_val(line, end_of_line)); // Tolerate missing reason phrase? return 1; } - rest = skip_whitespace(rest, end_of_line); + rest = zeek::util::skip_whitespace(rest, end_of_line); reply_reason_phrase = zeek::make_intrusive(end_of_line - rest, (const char *) rest); @@ -1594,29 +1602,29 @@ int HTTP_Analyzer::ExpectReplyMessageBody() return HTTP_BODY_EXPECTED; } -void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h) +void HTTP_Analyzer::HTTP_Header(bool is_orig, zeek::analyzer::mime::MIME_Header* h) { // To be "liberal", we only look at "keep-alive" on the client // side, and if seen assume the connection to be persistent. // This seems fairly safe - at worst, the client does indeed // send additional requests, and the server ignores them. - if ( is_orig && mime::istrequal(h->get_name(), "connection") ) + if ( is_orig && zeek::analyzer::mime::istrequal(h->get_name(), "connection") ) { - if ( mime::istrequal(h->get_value_token(), "keep-alive") ) + if ( zeek::analyzer::mime::istrequal(h->get_value_token(), "keep-alive") ) keep_alive = 1; } if ( ! is_orig && - mime::istrequal(h->get_name(), "connection") ) + zeek::analyzer::mime::istrequal(h->get_name(), "connection") ) { - if ( mime::istrequal(h->get_value_token(), "close") ) + if ( zeek::analyzer::mime::istrequal(h->get_value_token(), "close") ) connection_close = 1; - else if ( mime::istrequal(h->get_value_token(), "upgrade") ) + else if ( zeek::analyzer::mime::istrequal(h->get_value_token(), "upgrade") ) upgrade_connection = true; } if ( ! is_orig && - mime::istrequal(h->get_name(), "upgrade") ) + zeek::analyzer::mime::istrequal(h->get_name(), "upgrade") ) upgrade_protocol.assign(h->get_value_token().data, h->get_value_token().length); if ( http_header ) @@ -1636,17 +1644,17 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h) is_orig, false, true, false); if ( DEBUG_http ) - DEBUG_MSG("%.6f http_header\n", network_time); + DEBUG_MSG("%.6f http_header\n", zeek::run_state::network_time); - auto upper_hn = mime::to_string_val(h->get_name()); + auto upper_hn = zeek::analyzer::mime::to_string_val(h->get_name()); upper_hn->ToUpper(); EnqueueConnEvent(http_header, ConnVal(), zeek::val_mgr->Bool(is_orig), - mime::to_string_val(h->get_name()), + zeek::analyzer::mime::to_string_val(h->get_name()), std::move(upper_hn), - mime::to_string_val(h->get_value()) + zeek::analyzer::mime::to_string_val(h->get_value()) ); } } @@ -1673,8 +1681,8 @@ void HTTP_Analyzer::HTTP_MessageDone(bool is_orig, HTTP_Message* /* message */) ReplyMade(false, "message ends normally"); } -void HTTP_Analyzer::InitHTTPMessage(tcp::ContentLine_Analyzer* cl, HTTP_Message*& message, - bool is_orig, int expect_body, int64_t init_header_length) +void HTTP_Analyzer::InitHTTPMessage(zeek::analyzer::tcp::ContentLine_Analyzer* cl, HTTP_Message*& message, + bool is_orig, int expect_body, int64_t init_header_length) { if ( message ) { @@ -1684,7 +1692,7 @@ void HTTP_Analyzer::InitHTTPMessage(tcp::ContentLine_Analyzer* cl, HTTP_Message* delete message; } - // DEBUG_MSG("%.6f init http message\n", network_time); + // DEBUG_MSG("%.6f init http message\n", zeek::run_state::network_time); message = new HTTP_Message(this, cl, is_orig, expect_body, init_header_length); } @@ -1697,25 +1705,25 @@ void HTTP_Analyzer::SkipEntityData(bool is_orig) msg->SkipEntityData(); } -bool analyzer::http::is_reserved_URI_char(unsigned char ch) +bool is_reserved_URI_char(unsigned char ch) { // see RFC 3986 (definition of URI) return strchr(":/?#[]@!$&'()*+,;=", ch) != 0; } -bool analyzer::http::is_unreserved_URI_char(unsigned char ch) +bool is_unreserved_URI_char(unsigned char ch) { // see RFC 3986 (definition of URI) return isalnum(ch) != 0 || strchr("-_.!~*\'()", ch) != 0; } -void analyzer::http::escape_URI_char(unsigned char ch, unsigned char*& p) +void escape_URI_char(unsigned char ch, unsigned char*& p) { *p++ = '%'; - *p++ = encode_hex((ch >> 4) & 0xf); - *p++ = encode_hex(ch & 0xf); + *p++ = zeek::util::encode_hex((ch >> 4) & 0xf); + *p++ = zeek::util::encode_hex(ch & 0xf); } -zeek::String* analyzer::http::unescape_URI(const u_char* line, const u_char* line_end, - zeek::analyzer::Analyzer* analyzer) +zeek::String* unescape_URI(const u_char* line, const u_char* line_end, + zeek::analyzer::Analyzer* analyzer) { zeek::byte_vec decoded_URI = new u_char[line_end - line + 1]; zeek::byte_vec URI_p = decoded_URI; @@ -1758,8 +1766,8 @@ zeek::String* analyzer::http::unescape_URI(const u_char* line, const u_char* lin else if ( isxdigit(line[0]) && isxdigit(line[1]) ) { - *URI_p++ = (decode_hex(line[0]) << 4) + - decode_hex(line[1]); + *URI_p++ = (zeek::util::decode_hex(line[0]) << 4) + + zeek::util::decode_hex(line[1]); ++line; // place line at the last hex digit } @@ -1784,11 +1792,11 @@ zeek::String* analyzer::http::unescape_URI(const u_char* line, const u_char* lin // It could just be ASCII encoded into this // unicode escaping structure. if ( ! (line[1] == '0' && line[2] == '0' ) ) - *URI_p++ = (decode_hex(line[1]) << 4) + - decode_hex(line[2]); + *URI_p++ = (zeek::util::decode_hex(line[1]) << 4) + + zeek::util::decode_hex(line[2]); - *URI_p++ = (decode_hex(line[3]) << 4) + - decode_hex(line[4]); + *URI_p++ = (zeek::util::decode_hex(line[3]) << 4) + + zeek::util::decode_hex(line[4]); line += 4; } @@ -1812,3 +1820,5 @@ zeek::String* analyzer::http::unescape_URI(const u_char* line, const u_char* lin return new zeek::String(true, decoded_URI, URI_p - decoded_URI); } + +} // namespace zeek::analyzer::http diff --git a/src/analyzer/protocol/http/HTTP.h b/src/analyzer/protocol/http/HTTP.h index 64fb9aa8f8..70af9187fd 100644 --- a/src/analyzer/protocol/http/HTTP.h +++ b/src/analyzer/protocol/http/HTTP.h @@ -11,7 +11,7 @@ #include "IPAddr.h" #include "analyzer/protocol/http/events.bif.h" -namespace analyzer { namespace http { +namespace zeek::analyzer::http { enum CHUNKED_TRANSFER_STATE { NON_CHUNKED_TRANSFER, @@ -27,10 +27,10 @@ class HTTP_Entity; class HTTP_Message; class HTTP_Analyzer; -class HTTP_Entity final : public mime::MIME_Entity { +class HTTP_Entity final : public zeek::analyzer::mime::MIME_Entity { public: - HTTP_Entity(HTTP_Message* msg, MIME_Entity* parent_entity, - int expect_body); + HTTP_Entity(HTTP_Message* msg, zeek::analyzer::mime::MIME_Entity* parent_entity, + int expect_body); ~HTTP_Entity() override { if ( zip ) @@ -58,7 +58,7 @@ protected: int64_t body_length; int64_t header_length; enum { IDENTITY, GZIP, COMPRESS, DEFLATE } encoding; - zip::ZIP_Analyzer* zip; + zeek::analyzer::zip::ZIP_Analyzer* zip; bool deliver_body; bool is_partial_content; uint64_t offset; @@ -66,7 +66,7 @@ protected: bool send_size; // whether to send size indication to FAF std::string precomputed_file_id; - MIME_Entity* NewChildEntity() override { return new HTTP_Entity(http_message, this, 1); } + zeek::analyzer::mime::MIME_Entity* NewChildEntity() override { return new HTTP_Entity(http_message, this, 1); } void DeliverBody(int len, const char* data, bool trailing_CRLF); void DeliverBodyClear(int len, const char* data, bool trailing_CRLF); @@ -75,7 +75,7 @@ protected: void SetPlainDelivery(int64_t length); - void SubmitHeader(mime::MIME_Header* h) override; + void SubmitHeader(zeek::analyzer::mime::MIME_Header* h) override; void SubmitAllHeaders() override; }; @@ -96,28 +96,28 @@ enum { // HTTP_Message::EndEntity -> Message::Done // HTTP_MessageDone -> {Request,Reply}Made -class HTTP_Message final : public mime::MIME_Message { +class HTTP_Message final : public zeek::analyzer::mime::MIME_Message { friend class HTTP_Entity; public: - HTTP_Message(HTTP_Analyzer* analyzer, tcp::ContentLine_Analyzer* cl, - bool is_orig, int expect_body, int64_t init_header_length); + HTTP_Message(HTTP_Analyzer* analyzer, zeek::analyzer::tcp::ContentLine_Analyzer* cl, + bool is_orig, int expect_body, int64_t init_header_length); ~HTTP_Message() override; void Done(bool interrupted, const char* msg); void Done() override { Done(false, "message ends normally"); } bool Undelivered(int64_t len); - void BeginEntity(mime::MIME_Entity* /* entity */) override; - void EndEntity(mime::MIME_Entity* entity) override; - void SubmitHeader(mime::MIME_Header* h) override; - void SubmitAllHeaders(mime::MIME_HeaderList& /* hlist */) override; + void BeginEntity(zeek::analyzer::mime::MIME_Entity* /* entity */) override; + void EndEntity(zeek::analyzer::mime::MIME_Entity* entity) override; + void SubmitHeader(zeek::analyzer::mime::MIME_Header* h) override; + void SubmitAllHeaders(zeek::analyzer::mime::MIME_HeaderList& /* hlist */) override; void SubmitData(int len, const char* buf) override; bool RequestBuffer(int* plen, char** pbuf) override; void SubmitAllData(); void SubmitEvent(int event_type, const char* detail) override; - void SubmitTrailingHeaders(mime::MIME_HeaderList& /* hlist */); + void SubmitTrailingHeaders(zeek::analyzer::mime::MIME_HeaderList& /* hlist */); void SetPlainDelivery(int64_t length); void SkipEntityData(); @@ -129,7 +129,7 @@ public: protected: HTTP_Analyzer* analyzer; - tcp::ContentLine_Analyzer* content_line; + zeek::analyzer::tcp::ContentLine_Analyzer* content_line; bool is_orig; char* entity_data_buffer; @@ -148,11 +148,11 @@ protected: zeek::RecordValPtr BuildMessageStat(bool interrupted, const char* msg); }; -class HTTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class HTTP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: HTTP_Analyzer(zeek::Connection* conn); - void HTTP_Header(bool is_orig, mime::MIME_Header* h); + void HTTP_Header(bool is_orig, zeek::analyzer::mime::MIME_Header* h); void HTTP_EntityData(bool is_orig, zeek::String* entity_data); void HTTP_MessageDone(bool is_orig, HTTP_Message* message); void HTTP_Event(const char* category, const char* detail); @@ -168,7 +168,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer void EndpointEOF(bool is_orig) override; void ConnectionFinished(bool half_finished) override; void ConnectionReset() override; @@ -210,8 +210,8 @@ protected: int HTTP_RequestLine(const char* line, const char* end_of_line); int HTTP_ReplyLine(const char* line, const char* end_of_line); - void InitHTTPMessage(tcp::ContentLine_Analyzer* cl, HTTP_Message*& message, bool is_orig, - int expect_body, int64_t init_header_length); + void InitHTTPMessage(zeek::analyzer::tcp::ContentLine_Analyzer* cl, HTTP_Message*& message, bool is_orig, + int expect_body, int64_t init_header_length); const char* PrefixMatch(const char* line, const char* end_of_line, const char* prefix); @@ -248,7 +248,7 @@ protected: int request_ongoing, reply_ongoing; bool connect_request; - pia::PIA_TCP *pia; + zeek::analyzer::pia::PIA_TCP *pia; // set to true after a connection was upgraded bool upgraded; // set to true when encountering an "connection" header in a reply. @@ -271,8 +271,8 @@ protected: int reply_code; zeek::StringValPtr reply_reason_phrase; - tcp::ContentLine_Analyzer* content_line_orig; - tcp::ContentLine_Analyzer* content_line_resp; + zeek::analyzer::tcp::ContentLine_Analyzer* content_line_orig; + zeek::analyzer::tcp::ContentLine_Analyzer* content_line_resp; HTTP_Message* request_message; HTTP_Message* reply_message; @@ -284,4 +284,26 @@ extern void escape_URI_char(unsigned char ch, unsigned char*& p); extern zeek::String* unescape_URI(const u_char* line, const u_char* line_end, zeek::analyzer::Analyzer* analyzer); -} } // namespace analyzer::* +} // namespace zeek::analyzer::http + +namespace analyzer::http { + +using CHUNKED_TRANSFER_STATE [[deprecated("Remove in v4.1. Use zeek::analyzer::http::CHUNKED_TRANSFER_STATE.")]] = zeek::analyzer::http::CHUNKED_TRANSFER_STATE; +constexpr auto NON_CHUNKED_TRANSFER [[deprecated("Remove in v4.1. Use zeek::analyzer::http::NON_CHUNKED_TRANSFER.")]] = zeek::analyzer::http::NON_CHUNKED_TRANSFER; +constexpr auto BEFORE_CHUNK [[deprecated("Remove in v4.1. Use zeek::analyzer::http::BEFORE_CHUNK.")]] = zeek::analyzer::http::BEFORE_CHUNK; +constexpr auto EXPECT_CHUNK_SIZE [[deprecated("Remove in v4.1. Use zeek::analyzer::http::EXPECT_CHUNK_SIZE.")]] = zeek::analyzer::http::EXPECT_CHUNK_SIZE; +constexpr auto EXPECT_CHUNK_DATA [[deprecated("Remove in v4.1. Use zeek::analyzer::http::EXPECT_CHUNK_DATA.")]] = zeek::analyzer::http::EXPECT_CHUNK_DATA; +constexpr auto EXPECT_CHUNK_DATA_CRLF [[deprecated("Remove in v4.1. Use zeek::analyzer::http::EXPECT_CHUNK_DATA_CRLF.")]] = zeek::analyzer::http::EXPECT_CHUNK_DATA_CRLF; +constexpr auto EXPECT_CHUNK_TRAILER [[deprecated("Remove in v4.1. Use zeek::analyzer::http::EXPECT_CHUNK_TRAILER.")]] = zeek::analyzer::http::EXPECT_CHUNK_TRAILER; +constexpr auto EXPECT_NOTHING [[deprecated("Remove in v4.1. Use zeek::analyzer::http::EXPECT_NOTHING.")]] = zeek::analyzer::http::EXPECT_NOTHING; + +using HTTP_Entity [[deprecated("Remove in v4.1. Use zeek::analyzer::http::HTTP_Entity.")]] = zeek::analyzer::http::HTTP_Entity; +using HTTP_Message [[deprecated("Remove in v4.1. Use zeek::analyzer::http::HTTP_Message.")]] = zeek::analyzer::http::HTTP_Message; +using HTTP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::http::HTTP_Analyzer.")]] = zeek::analyzer::http::HTTP_Analyzer; + +constexpr auto is_reserved_URI_char [[deprecated("Remove in v4.1. Use zeek::analyzer::http::is_reserved_URI_char.")]] = zeek::analyzer::http::is_reserved_URI_char; +constexpr auto is_unreserved_URI_char [[deprecated("Remove in v4.1. Use zeek::analyzer::http::is_unreserved_URI_char.")]] = zeek::analyzer::http::is_unreserved_URI_char; +constexpr auto escape_URI_char [[deprecated("Remove in v4.1. Use zeek::analyzer::http::escape_URI_char.")]] = zeek::analyzer::http::escape_URI_char; +constexpr auto unescape_URI [[deprecated("Remove in v4.1. Use zeek::analyzer::http::unescape_URI.")]] = zeek::analyzer::http::unescape_URI; + +} // namespace analyzer::http diff --git a/src/analyzer/protocol/http/Plugin.cc b/src/analyzer/protocol/http/Plugin.cc index 1bf435ad8b..cb2c7a4351 100644 --- a/src/analyzer/protocol/http/Plugin.cc +++ b/src/analyzer/protocol/http/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_HTTP { +namespace zeek::plugin::detail::Zeek_HTTP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("HTTP", ::analyzer::http::HTTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("HTTP", zeek::analyzer::http::HTTP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::HTTP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_HTTP diff --git a/src/analyzer/protocol/http/functions.bif b/src/analyzer/protocol/http/functions.bif index 293bd34b73..e620412a83 100644 --- a/src/analyzer/protocol/http/functions.bif +++ b/src/analyzer/protocol/http/functions.bif @@ -20,7 +20,7 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any if ( ha ) { if ( ha->IsAnalyzer("HTTP") ) - static_cast<::analyzer::http::HTTP_Analyzer*>(ha)->SkipEntityData(is_orig); + static_cast(ha)->SkipEntityData(is_orig); else reporter->Error("non-HTTP analyzer associated with connection record"); } @@ -52,5 +52,5 @@ function unescape_URI%(URI: string%): string const u_char* line = URI->Bytes(); const u_char* const line_end = line + URI->Len(); - return zeek::make_intrusive(::analyzer::http::unescape_URI(line, line_end, 0)); + return zeek::make_intrusive(zeek::analyzer::http::unescape_URI(line, line_end, 0)); %} diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 4fe0347b16..3684e57741 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -7,7 +7,7 @@ #include "zeek-config.h" #include "IP.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "Event.h" #include "Conn.h" @@ -18,13 +18,13 @@ #include -using namespace analyzer::icmp; +namespace zeek::analyzer::icmp { ICMP_Analyzer::ICMP_Analyzer(zeek::Connection* c) : TransportLayerAnalyzer("ICMP", c), icmp_conn_val(), type(), code(), request_len(-1), reply_len(-1) { - c->SetInactivityTimeout(icmp_inactivity_timeout); + c->SetInactivityTimeout(zeek::detail::icmp_inactivity_timeout); } void ICMP_Analyzer::Done() @@ -49,7 +49,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, const struct icmp* icmpp = (const struct icmp*) data; - if ( ! ignore_checksums && caplen >= len ) + if ( ! zeek::detail::ignore_checksums && caplen >= len ) { int chksum = 0; @@ -76,7 +76,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, } } - Conn()->SetLastTime(current_timestamp); + Conn()->SetLastTime(zeek::run_state::current_timestamp); if ( zeek::detail::rule_matcher ) { @@ -99,9 +99,9 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, len_stat += len; if ( ip->NextProto() == IPPROTO_ICMP ) - NextICMP4(current_timestamp, icmpp, len, caplen, data, ip); + NextICMP4(zeek::run_state::current_timestamp, icmpp, len, caplen, data, ip); else if ( ip->NextProto() == IPPROTO_ICMPV6 ) - NextICMP6(current_timestamp, icmpp, len, caplen, data, ip); + NextICMP6(zeek::run_state::current_timestamp, icmpp, len, caplen, data, ip); else { zeek::reporter->AnalyzerError( @@ -345,7 +345,8 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& da { bad_hdr_len = 0; ip_len = ip_hdr->TotalLen(); - bad_checksum = ! current_pkt->l3_checksummed && (ones_complement_checksum((void*) ip_hdr->IP4_Hdr(), ip_hdr_len, 0) != 0xffff); + bad_checksum = ! zeek::run_state::current_pkt->l3_checksummed && + (ones_complement_checksum((void*) ip_hdr->IP4_Hdr(), ip_hdr_len, 0) != 0xffff); src_addr = ip_hdr->SrcAddr(); dst_addr = ip_hdr->DstAddr(); @@ -873,7 +874,7 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da return vv; } -int analyzer::icmp::ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one_way) +int ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one_way) { is_one_way = false; @@ -901,7 +902,7 @@ int analyzer::icmp::ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one } } -int analyzer::icmp::ICMP6_counterpart(int icmp_type, int icmp_code, bool& is_one_way) +int ICMP6_counterpart(int icmp_type, int icmp_code, bool& is_one_way) { is_one_way = false; @@ -932,3 +933,5 @@ int analyzer::icmp::ICMP6_counterpart(int icmp_type, int icmp_code, bool& is_one default: is_one_way = true; return icmp_code; } } + +} // namespace zeek::analyzer::icmp diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index db12ca6a3d..8cf6c8572a 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -11,12 +11,12 @@ namespace zeek { using VectorValPtr = zeek::IntrusivePtr; } -namespace analyzer { namespace icmp { +namespace zeek::analyzer::icmp { -typedef enum { +enum ICMP_EndpointState { ICMP_INACTIVE, // no packet seen ICMP_ACTIVE, // packets seen -} ICMP_EndpointState; +}; // We do not have an PIA for ICMP (yet) and therefore derive from // RuleMatcherState to perform our own matching. @@ -98,4 +98,17 @@ private: extern int ICMP4_counterpart(int icmp_type, int icmp_code, bool& is_one_way); extern int ICMP6_counterpart(int icmp_type, int icmp_code, bool& is_one_way); -} } // namespace analyzer::* +} // namespace zeek::analyzer::icmp + +namespace analyzer::icmp { + +using ICMP_EndpointState [[deprecated("Remove in v4.1. Use zeek::analyzer::icmp::ICMP_EndpointState.")]] = zeek::analyzer::icmp::ICMP_EndpointState; +constexpr auto ICMP_INACTIVE [[deprecated("Remove in v4.1. Use zeek::analyzer::icmp::ICMP_INACTIVE.")]] = zeek::analyzer::icmp::ICMP_INACTIVE; +constexpr auto ICMP_ACTIVE [[deprecated("Remove in v4.1. Use zeek::analyzer::icmp::ICMP_ACTIVE.")]] = zeek::analyzer::icmp::ICMP_ACTIVE; + +using ICMP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::icmp::ICMP_Analyzer.")]] = zeek::analyzer::icmp::ICMP_Analyzer; + +constexpr auto ICMP4_counterpart [[deprecated("Remove in v4.1. Use zeek::analyzer::icmp::ICMP4_counterpart.")]] = zeek::analyzer::icmp::ICMP4_counterpart; +constexpr auto ICMP6_counterpart [[deprecated("Remove in v6.1. Use zeek::analyzer::icmp::ICMP6_counterpart.")]] = zeek::analyzer::icmp::ICMP6_counterpart; + +} // namespace analyzer::icmp diff --git a/src/analyzer/protocol/icmp/Plugin.cc b/src/analyzer/protocol/icmp/Plugin.cc index 8690cf92e8..2a808603e4 100644 --- a/src/analyzer/protocol/icmp/Plugin.cc +++ b/src/analyzer/protocol/icmp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_ICMP { +namespace zeek::plugin::detail::Zeek_ICMP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("ICMP", ::analyzer::icmp::ICMP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("ICMP", zeek::analyzer::icmp::ICMP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::ICMP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_ICMP diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index b76833cca3..9207ea8517 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -11,15 +11,15 @@ #include "events.bif.h" -using namespace analyzer::ident; +namespace zeek::analyzer::ident { Ident_Analyzer::Ident_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("IDENT", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("IDENT", conn) { did_bad_reply = did_deliver = false; - orig_ident = new tcp::ContentLine_Analyzer(conn, true, 1000); - resp_ident = new tcp::ContentLine_Analyzer(conn, false, 1000); + orig_ident = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, true, 1000); + resp_ident = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, false, 1000); orig_ident->SetIsNULSensitive(true); resp_ident->SetIsNULSensitive(true); @@ -30,29 +30,29 @@ Ident_Analyzer::Ident_Analyzer(zeek::Connection* conn) void Ident_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( TCP() ) if ( (! did_deliver || orig_ident->HasPartialLine()) && - (TCP()->OrigState() == tcp::TCP_ENDPOINT_CLOSED || - TCP()->OrigPrevState() == tcp::TCP_ENDPOINT_CLOSED) && - TCP()->OrigPrevState() != tcp::TCP_ENDPOINT_PARTIAL && - TCP()->RespPrevState() != tcp::TCP_ENDPOINT_PARTIAL && - TCP()->OrigPrevState() != tcp::TCP_ENDPOINT_INACTIVE && - TCP()->RespPrevState() != tcp::TCP_ENDPOINT_INACTIVE ) + (TCP()->OrigState() == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED || + TCP()->OrigPrevState() == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED) && + TCP()->OrigPrevState() != zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL && + TCP()->RespPrevState() != zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL && + TCP()->OrigPrevState() != zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE && + TCP()->RespPrevState() != zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE ) Weird("partial_ident_request"); } void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, is_orig); int remote_port, local_port; const char* line = (const char*) data; const char* orig_line = line; const char* end_of_line = line + length; - tcp::TCP_Endpoint* s = nullptr; + zeek::analyzer::tcp::TCP_Endpoint* s = nullptr; if ( TCP() ) s = is_orig ? TCP()->Orig() : TCP()->Resp(); @@ -68,9 +68,9 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = ParsePair(line, end_of_line, remote_port, local_port); if ( ! line ) { - if ( s && s->state == tcp::TCP_ENDPOINT_CLOSED && - (s->prev_state == tcp::TCP_ENDPOINT_INACTIVE || - s->prev_state == tcp::TCP_ENDPOINT_PARTIAL) ) + if ( s && s->state == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED && + (s->prev_state == zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE || + s->prev_state == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL) ) // not surprising the request is mangled. return; @@ -102,9 +102,9 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) if ( ! line || line == end_of_line || line[0] != ':' ) { - if ( s && s->state == tcp::TCP_ENDPOINT_CLOSED && - (s->prev_state == tcp::TCP_ENDPOINT_INACTIVE || - s->prev_state == tcp::TCP_ENDPOINT_PARTIAL) ) + if ( s && s->state == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED && + (s->prev_state == zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE || + s->prev_state == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL) ) // not surprising the request is mangled. return; @@ -112,7 +112,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) return; } - line = skip_whitespace(line + 1, end_of_line); + line = zeek::util::skip_whitespace(line + 1, end_of_line); int restlen = end_of_line - line; int is_error; @@ -132,7 +132,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) return; } - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); if ( line >= end_of_line || line[0] != ':' ) { @@ -140,7 +140,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) return; } - line = skip_whitespace(line + 1, end_of_line); + line = zeek::util::skip_whitespace(line + 1, end_of_line); if ( is_error ) { @@ -176,7 +176,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) new zeek::String((const u_char*) sys_type, sys_end - sys_type + 1, true); - line = skip_whitespace(colon + 1, end_of_line); + line = zeek::util::skip_whitespace(colon + 1, end_of_line); EnqueueConnEvent(ident_reply, ConnVal(), @@ -214,7 +214,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line, { int n = 0; - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); if ( line >= end_of_line || ! isdigit(*line) ) return nullptr; @@ -227,7 +227,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line, } while ( line < end_of_line && isdigit(*line) ); - line = skip_whitespace(line, end_of_line); + line = zeek::util::skip_whitespace(line, end_of_line); if ( n < 0 || n > 65535 ) { @@ -255,3 +255,5 @@ void Ident_Analyzer::BadReply(int length, const char* line) did_bad_reply = true; } } + +} // namespace zeek::analyzer::ident diff --git a/src/analyzer/protocol/ident/Ident.h b/src/analyzer/protocol/ident/Ident.h index 7ff44d3474..c5ffb00494 100644 --- a/src/analyzer/protocol/ident/Ident.h +++ b/src/analyzer/protocol/ident/Ident.h @@ -5,9 +5,9 @@ #include "analyzer/protocol/tcp/TCP.h" #include "analyzer/protocol/tcp/ContentLine.h" -namespace analyzer { namespace ident { +namespace zeek::analyzer::ident { -class Ident_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class Ident_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit Ident_Analyzer(zeek::Connection* conn); void Done() override; @@ -26,11 +26,17 @@ protected: void BadRequest(int length, const char* line); void BadReply(int length, const char* line); - tcp::ContentLine_Analyzer* orig_ident; - tcp::ContentLine_Analyzer* resp_ident; + zeek::analyzer::tcp::ContentLine_Analyzer* orig_ident; + zeek::analyzer::tcp::ContentLine_Analyzer* resp_ident; bool did_deliver; bool did_bad_reply; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ident + +namespace analyzer::ident { + +using Ident_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ident::Ident_Analyzer.")]] = zeek::analyzer::ident::Ident_Analyzer; + +} // namespace analyzer::ident diff --git a/src/analyzer/protocol/ident/Plugin.cc b/src/analyzer/protocol/ident/Plugin.cc index e53e8942f0..87c8010619 100644 --- a/src/analyzer/protocol/ident/Plugin.cc +++ b/src/analyzer/protocol/ident/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Ident { +namespace zeek::plugin::detail::Zeek_Ident { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("Ident", ::analyzer::ident::Ident_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Ident", zeek::analyzer::ident::Ident_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Ident"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Ident diff --git a/src/analyzer/protocol/imap/IMAP.cc b/src/analyzer/protocol/imap/IMAP.cc index 54965c429c..3ed2fb4712 100644 --- a/src/analyzer/protocol/imap/IMAP.cc +++ b/src/analyzer/protocol/imap/IMAP.cc @@ -4,10 +4,10 @@ #include "analyzer/protocol/tcp/TCP_Reassembler.h" #include "analyzer/Manager.h" -using namespace analyzer::imap; +namespace zeek::analyzer::imap { IMAP_Analyzer::IMAP_Analyzer(zeek::Connection* conn) - : tcp::TCP_ApplicationAnalyzer("IMAP", conn) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("IMAP", conn) { interp = new binpac::IMAP::IMAP_Conn(this); had_gap = false; @@ -21,7 +21,7 @@ IMAP_Analyzer::~IMAP_Analyzer() void IMAP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -29,13 +29,13 @@ void IMAP_Analyzer::Done() void IMAP_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void IMAP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); if ( tls_active ) { @@ -61,13 +61,13 @@ void IMAP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void IMAP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } @@ -83,3 +83,5 @@ void IMAP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); } + +} // namespace zeek::analyzer::imap diff --git a/src/analyzer/protocol/imap/IMAP.h b/src/analyzer/protocol/imap/IMAP.h index e37a0df5d9..e39560ac9f 100644 --- a/src/analyzer/protocol/imap/IMAP.h +++ b/src/analyzer/protocol/imap/IMAP.h @@ -8,9 +8,9 @@ #include "imap_pac.h" -namespace analyzer { namespace imap { +namespace zeek::analyzer::imap { -class IMAP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class IMAP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit IMAP_Analyzer(zeek::Connection* conn); ~IMAP_Analyzer() override; @@ -19,7 +19,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; void StartTLS(); @@ -34,4 +34,10 @@ protected: bool tls_active; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::imap + +namespace analyzer::imap { + +using IMAP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::imap::IMAP_Analyzer.")]] = zeek::analyzer::imap::IMAP_Analyzer; + +} // namespace analyzer::imap diff --git a/src/analyzer/protocol/imap/Plugin.cc b/src/analyzer/protocol/imap/Plugin.cc index 900145a18f..46dc032e7e 100644 --- a/src/analyzer/protocol/imap/Plugin.cc +++ b/src/analyzer/protocol/imap/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_IMAP { +namespace zeek::plugin::detail::Zeek_IMAP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("IMAP", ::analyzer::imap::IMAP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("IMAP", zeek::analyzer::imap::IMAP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::IMAP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_IMAP diff --git a/src/analyzer/protocol/imap/imap.pac b/src/analyzer/protocol/imap/imap.pac index 4f16af8523..0c2256d732 100644 --- a/src/analyzer/protocol/imap/imap.pac +++ b/src/analyzer/protocol/imap/imap.pac @@ -7,12 +7,13 @@ %include bro.pac %extern{ +#include "zeek-config.h" #include "Reporter.h" #include "events.bif.h" -namespace analyzer { namespace imap { class IMAP_Analyzer; } } +namespace zeek::analyzer::imap { class IMAP_Analyzer; } namespace binpac { namespace IMAP { class IMAP_Conn; } } -typedef analyzer::imap::IMAP_Analyzer* IMAPAnalyzer; +using IMAPAnalyzer = zeek::analyzer::imap::IMAP_Analyzer*; #include "IMAP.h" %} diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index 5e4bc35703..162959f016 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -9,11 +9,12 @@ #include "events.bif.h" -using namespace analyzer::irc; using namespace std; +namespace zeek::analyzer::irc { + IRC_Analyzer::IRC_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("IRC", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("IRC", conn) { invalid_msg_count = 0; invalid_msg_max_count = 20; @@ -22,15 +23,15 @@ IRC_Analyzer::IRC_Analyzer(zeek::Connection* conn) orig_zip_status = NO_ZIP; resp_zip_status = NO_ZIP; starttls = false; - cl_orig = new tcp::ContentLine_Analyzer(conn, true, 1000); + cl_orig = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, true, 1000); AddSupportAnalyzer(cl_orig); - cl_resp = new tcp::ContentLine_Analyzer(conn, false, 1000); + cl_resp = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, false, 1000); AddSupportAnalyzer(cl_resp); } void IRC_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); } inline void IRC_Analyzer::SkipLeadingWhitespace(string& str) @@ -46,7 +47,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { static auto irc_join_list = zeek::id::find_type("irc_join_list"); static auto irc_join_info = zeek::id::find_type("irc_join_info"); - tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); if ( starttls ) { @@ -1162,8 +1163,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { orig_zip_status = ZIP_LOADED; resp_zip_status = ZIP_LOADED; - AddSupportAnalyzer(new zip::ZIP_Analyzer(Conn(), true)); - AddSupportAnalyzer(new zip::ZIP_Analyzer(Conn(), false)); + AddSupportAnalyzer(new zeek::analyzer::zip::ZIP_Analyzer(Conn(), true)); + AddSupportAnalyzer(new zeek::analyzer::zip::ZIP_Analyzer(Conn(), false)); } return; @@ -1222,3 +1223,5 @@ vector IRC_Analyzer::SplitWords(const string& input, char split) return words; } + +} // namespace zeek::analyzer::irc diff --git a/src/analyzer/protocol/irc/IRC.h b/src/analyzer/protocol/irc/IRC.h index 1af05b64fd..5f7b6bdfc0 100644 --- a/src/analyzer/protocol/irc/IRC.h +++ b/src/analyzer/protocol/irc/IRC.h @@ -4,12 +4,12 @@ #include "analyzer/protocol/tcp/TCP.h" #include "analyzer/protocol/tcp/ContentLine.h" -namespace analyzer { namespace irc { +namespace zeek::analyzer::irc { /** * \brief Main class for analyzing IRC traffic. */ -class IRC_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class IRC_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { enum { WAIT_FOR_REGISTRATION, REGISTERED, }; enum { NO_ZIP, ACCEPT_ZIP, ZIP_LOADED, }; public: @@ -64,9 +64,15 @@ private: */ std::vector SplitWords(const std::string& input, char split); - tcp::ContentLine_Analyzer* cl_orig; - tcp::ContentLine_Analyzer* cl_resp; + zeek::analyzer::tcp::ContentLine_Analyzer* cl_orig; + zeek::analyzer::tcp::ContentLine_Analyzer* cl_resp; bool starttls; // if true, connection has been upgraded to tls }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::irc + +namespace analyzer::irc { + +using IRC_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::irc::IRC_Analyzer.")]] = zeek::analyzer::irc::IRC_Analyzer; + +} // namespace analyzer::irc diff --git a/src/analyzer/protocol/irc/Plugin.cc b/src/analyzer/protocol/irc/Plugin.cc index abe10f2c37..92120e6ed0 100644 --- a/src/analyzer/protocol/irc/Plugin.cc +++ b/src/analyzer/protocol/irc/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_IRC { +namespace zeek::plugin::detail::Zeek_IRC { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("IRC", ::analyzer::irc::IRC_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("IRC", zeek::analyzer::irc::IRC_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::IRC"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_IRC diff --git a/src/analyzer/protocol/krb/KRB.cc b/src/analyzer/protocol/krb/KRB.cc index bcedc63771..95251efb39 100644 --- a/src/analyzer/protocol/krb/KRB.cc +++ b/src/analyzer/protocol/krb/KRB.cc @@ -7,7 +7,7 @@ #include "types.bif.h" #include "events.bif.h" -using namespace analyzer::krb; +namespace zeek::analyzer::krb { bool KRB_Analyzer::krb_available = false; #ifdef USE_KRB5 @@ -83,7 +83,7 @@ void KRB_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } @@ -117,13 +117,13 @@ zeek::StringValPtr KRB_Analyzer::GetAuthenticationInfo(const zeek::String* princ return nullptr; } - auto tkt = static_cast(safe_malloc(sizeof(krb5_ticket))); + auto tkt = static_cast(zeek::util::safe_malloc(sizeof(krb5_ticket))); memset(tkt, 0, sizeof(krb5_ticket)); tkt->server = sprinc; tkt->enc_part.enctype = enctype; - auto ctd = static_cast(safe_malloc(ciphertext->Len())); + auto ctd = static_cast(zeek::util::safe_malloc(ciphertext->Len())); memcpy(ctd, ciphertext->Bytes(), ciphertext->Len()); tkt->enc_part.ciphertext.data = ctd; tkt->enc_part.ciphertext.length = ciphertext->Len(); @@ -157,3 +157,5 @@ zeek::StringValPtr KRB_Analyzer::GetAuthenticationInfo(const zeek::String* princ return nullptr; #endif } + +} // namespace zeek::analyzer::krb diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index 56bc8dc208..7e72946de1 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -10,7 +10,7 @@ #include -namespace analyzer { namespace krb { +namespace zeek::analyzer::krb { class KRB_Analyzer final : public zeek::analyzer::Analyzer { @@ -43,4 +43,10 @@ private: #endif }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::krb + +namespace analyzer::krb { + +using KRB_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::krb::KRB_Analyzer.")]] = zeek::analyzer::krb::KRB_Analyzer; + +} // namespace analyzer::krb diff --git a/src/analyzer/protocol/krb/KRB_TCP.cc b/src/analyzer/protocol/krb/KRB_TCP.cc index 270993c807..eafe39f342 100644 --- a/src/analyzer/protocol/krb/KRB_TCP.cc +++ b/src/analyzer/protocol/krb/KRB_TCP.cc @@ -5,10 +5,10 @@ #include "types.bif.h" #include "events.bif.h" -using namespace analyzer::krb_tcp; +namespace zeek::analyzer::krb_tcp { KRB_Analyzer::KRB_Analyzer(zeek::Connection* conn) - : tcp::TCP_ApplicationAnalyzer("KRB_TCP", conn) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("KRB_TCP", conn) { interp = new binpac::KRB_TCP::KRB_Conn(this); had_gap = false; @@ -21,7 +21,7 @@ KRB_Analyzer::~KRB_Analyzer() void KRB_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -29,13 +29,13 @@ void KRB_Analyzer::Done() void KRB_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void KRB_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) @@ -53,13 +53,15 @@ void KRB_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void KRB_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::krb_tcp diff --git a/src/analyzer/protocol/krb/KRB_TCP.h b/src/analyzer/protocol/krb/KRB_TCP.h index 6b55eec0ca..d8e85a6d77 100644 --- a/src/analyzer/protocol/krb/KRB_TCP.h +++ b/src/analyzer/protocol/krb/KRB_TCP.h @@ -6,9 +6,9 @@ #include "krb_TCP_pac.h" -namespace analyzer { namespace krb_tcp { +namespace zeek::analyzer::krb_tcp { -class KRB_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class KRB_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit KRB_Analyzer(zeek::Connection* conn); @@ -18,7 +18,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; zeek::StringValPtr GetAuthenticationInfo(const zeek::String* principal, @@ -34,4 +34,10 @@ protected: bool had_gap; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::krb_tcp + +namespace analyzer::krb_tcp { + +using KRB_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::krb_tcp::KRB_Analyzer.")]] = zeek::analyzer::krb_tcp::KRB_Analyzer; + +} // namespace analyzer::krb_tcp diff --git a/src/analyzer/protocol/krb/Plugin.cc b/src/analyzer/protocol/krb/Plugin.cc index 86aaeffa5f..8d4bfe2011 100644 --- a/src/analyzer/protocol/krb/Plugin.cc +++ b/src/analyzer/protocol/krb/Plugin.cc @@ -5,15 +5,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_KRB { +namespace zeek::plugin::detail::Zeek_KRB { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("KRB", ::analyzer::krb::KRB_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("KRB_TCP", ::analyzer::krb_tcp::KRB_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("KRB", zeek::analyzer::krb::KRB_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("KRB_TCP", zeek::analyzer::krb_tcp::KRB_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::KRB"; config.description = "Kerberos analyzer"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_KRB diff --git a/src/analyzer/protocol/krb/krb-padata.pac b/src/analyzer/protocol/krb/krb-padata.pac index 15f1c185a1..1e54f37cde 100644 --- a/src/analyzer/protocol/krb/krb-padata.pac +++ b/src/analyzer/protocol/krb/krb-padata.pac @@ -73,12 +73,13 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyz file_handle.Add(common.Description()); file_handle.Add(0); - string file_id = file_mgr->HashHandle(file_handle.Description()); + string file_id = zeek::file_mgr->HashHandle(file_handle.Description()); - file_mgr->DataIn(reinterpret_cast(cert.data()), - cert.length(), bro_analyzer->GetAnalyzerTag(), - bro_analyzer->Conn(), true, file_id, "application/x-x509-user-cert"); - file_mgr->EndOfFile(file_id); + zeek::file_mgr->DataIn(reinterpret_cast(cert.data()), + cert.length(), bro_analyzer->GetAnalyzerTag(), + bro_analyzer->Conn(), true, file_id, + "application/x-x509-user-cert"); + zeek::file_mgr->EndOfFile(file_id); break; } @@ -97,12 +98,13 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyz file_handle.Add(common.Description()); file_handle.Add(1); - string file_id = file_mgr->HashHandle(file_handle.Description()); + string file_id = zeek::file_mgr->HashHandle(file_handle.Description()); - file_mgr->DataIn(reinterpret_cast(cert.data()), - cert.length(), bro_analyzer->GetAnalyzerTag(), - bro_analyzer->Conn(), false, file_id, "application/x-x509-user-cert"); - file_mgr->EndOfFile(file_id); + zeek::file_mgr->DataIn(reinterpret_cast(cert.data()), + cert.length(), bro_analyzer->GetAnalyzerTag(), + bro_analyzer->Conn(), false, file_id, + "application/x-x509-user-cert"); + zeek::file_mgr->EndOfFile(file_id); break; } diff --git a/src/analyzer/protocol/krb/krb-types.pac b/src/analyzer/protocol/krb/krb-types.pac index 2246f7a90c..071a336200 100644 --- a/src/analyzer/protocol/krb/krb-types.pac +++ b/src/analyzer/protocol/krb/krb-types.pac @@ -18,9 +18,9 @@ zeek::ValPtr GetStringFromPrincipalName(const KRB_Principal_Name* pname) if ( pname->data()->size() == 1 ) return to_stringval(pname->data()[0][0]->encoding()->content()); if ( pname->data()->size() == 2 ) - return zeek::make_intrusive(fmt("%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin())); + return zeek::make_intrusive(zeek::util::fmt("%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin())); if ( pname->data()->size() == 3 ) // if the name-string has a third value, this will just append it, else this will return unknown as the principal name - return zeek::make_intrusive(fmt("%s/%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin(), (char *)pname->data()[0][2]->encoding()->content().begin())); + return zeek::make_intrusive(zeek::util::fmt("%s/%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin(), (char *)pname->data()[0][2]->encoding()->content().begin())); return zeek::make_intrusive("unknown"); } diff --git a/src/analyzer/protocol/krb/krb.pac b/src/analyzer/protocol/krb/krb.pac index 9a3b290ad1..745caceff0 100644 --- a/src/analyzer/protocol/krb/krb.pac +++ b/src/analyzer/protocol/krb/krb.pac @@ -2,12 +2,13 @@ %include bro.pac %extern{ +#include "zeek-config.h" #include "types.bif.h" #include "events.bif.h" -namespace analyzer { namespace krb { class KRB_Analyzer; } } +namespace zeek::analyzer::krb { class KRB_Analyzer; } namespace binpac { namespace KRB { class KRB_Conn; } } -typedef analyzer::krb::KRB_Analyzer* KRBAnalyzer; +using KRBAnalyzer = zeek::analyzer::krb::KRB_Analyzer*; #include "KRB.h" %} diff --git a/src/analyzer/protocol/krb/krb_TCP.pac b/src/analyzer/protocol/krb/krb_TCP.pac index 6611a549e4..f52c07f2a0 100644 --- a/src/analyzer/protocol/krb/krb_TCP.pac +++ b/src/analyzer/protocol/krb/krb_TCP.pac @@ -2,12 +2,13 @@ %include bro.pac %extern{ +#include "zeek-config.h" #include "types.bif.h" #include "events.bif.h" -namespace analyzer { namespace krb_tcp { class KRB_Analyzer; } } +namespace zeek::analyzer::krb_tcp { class KRB_Analyzer; } namespace binpac { namespace KRB_TCP { class KRB_Conn; } } -typedef analyzer::krb_tcp::KRB_Analyzer* KRBTCPAnalyzer; +using KRBTCPAnalyzer = zeek::analyzer::krb_tcp::KRB_Analyzer*; #include "KRB_TCP.h" %} diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 5e6a9b2077..0f734eb897 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -15,7 +15,7 @@ #include "events.bif.h" -using namespace analyzer::login; +namespace zeek::analyzer::login { static zeek::RE_Matcher* re_skip_authentication = nullptr; static zeek::RE_Matcher* re_direct_login_prompts; @@ -28,7 +28,7 @@ static zeek::RE_Matcher* re_login_timeouts; static zeek::RE_Matcher* init_RE(zeek::ListVal* l); Login_Analyzer::Login_Analyzer(const char* name, zeek::Connection* conn) - : tcp::TCP_ApplicationAnalyzer(name, conn), user_text() + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer(name, conn), user_text() { state = LOGIN_STATE_AUTHENTICATE; num_user_lines_seen = lines_scanned = 0; @@ -80,7 +80,7 @@ Login_Analyzer::~Login_Analyzer() void Login_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); char* str = new char[length+1]; @@ -117,8 +117,8 @@ void Login_Analyzer::NewLine(bool orig, char* line) if ( state == LOGIN_STATE_AUTHENTICATE ) { - if ( TCP()->OrigState() == tcp::TCP_ENDPOINT_PARTIAL || - TCP()->RespState() == tcp::TCP_ENDPOINT_PARTIAL ) + if ( TCP()->OrigState() == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL || + TCP()->RespState() == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL ) state = LOGIN_STATE_CONFUSED; // unknown login state else { @@ -323,14 +323,14 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else { - if ( streq(name, "USER") ) + if ( zeek::util::streq(name, "USER") ) { if ( username ) { const zeek::String* u = username->AsString(); const zeek::byte_vec ub = u->Bytes(); const char* us = (const char*) ub; - if ( ! streq(val, us) ) + if ( ! zeek::util::streq(val, us) ) Confused("multiple_USERs", val); Unref(username); } @@ -339,19 +339,19 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) username = new zeek::StringVal(val); } - else if ( login_terminal && streq(name, "TERM") ) + else if ( login_terminal && zeek::util::streq(name, "TERM") ) EnqueueConnEvent(login_terminal, ConnVal(), zeek::make_intrusive(val) ); - else if ( login_display && streq(name, "DISPLAY") ) + else if ( login_display && zeek::util::streq(name, "DISPLAY") ) EnqueueConnEvent(login_display, ConnVal(), zeek::make_intrusive(val) ); - else if ( login_prompt && streq(name, "TTYPROMPT") ) + else if ( login_prompt && zeek::util::streq(name, "TTYPROMPT") ) EnqueueConnEvent(login_prompt, ConnVal(), zeek::make_intrusive(val) @@ -364,7 +364,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) void Login_Analyzer::EndpointEOF(bool orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(orig); if ( state == LOGIN_STATE_AUTHENTICATE && HaveTypeahead() ) { @@ -562,7 +562,7 @@ void Login_Analyzer::AddUserText(const char* line) if ( ++user_text_last == MAX_USER_TEXT ) user_text_last = 0; - user_text[user_text_last] = copy_string(line); + user_text[user_text_last] = zeek::util::copy_string(line); ++num_user_text; } @@ -612,7 +612,7 @@ bool Login_Analyzer::MatchesTypeahead(const char* line) const if ( i == MAX_USER_TEXT ) i = 0; - if ( streq(user_text[i], line) ) + if ( zeek::util::streq(user_text[i], line) ) return true; } @@ -633,3 +633,5 @@ zeek::RE_Matcher* init_RE(zeek::ListVal* l) return re; } + +} // namespace zeek::analyzer::login diff --git a/src/analyzer/protocol/login/Login.h b/src/analyzer/protocol/login/Login.h index 169df850e6..26cc414e77 100644 --- a/src/analyzer/protocol/login/Login.h +++ b/src/analyzer/protocol/login/Login.h @@ -4,15 +4,14 @@ #include "analyzer/protocol/tcp/TCP.h" -namespace analyzer { namespace login { +namespace zeek::analyzer::login { -typedef enum { +enum login_state { LOGIN_STATE_AUTHENTICATE, // trying to authenticate - LOGIN_STATE_LOGGED_IN, // successful authentication LOGIN_STATE_SKIP, // skip any further processing LOGIN_STATE_CONFUSED, // we're confused -} login_state; +}; // If no action by this many lines, we're definitely confused. #define MAX_AUTHENTICATE_LINES 50 @@ -20,7 +19,7 @@ typedef enum { // Maximum # lines look after login for failure. #define MAX_LOGIN_LOOKAHEAD 10 -class Login_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class Login_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: Login_Analyzer(const char* name, zeek::Connection* conn); ~Login_Analyzer() override; @@ -83,4 +82,16 @@ protected: bool saw_ploy; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::login + +namespace analyzer::login { + +using login_state [[deprecated("Remove in v4.1. Use zeek::analyzer::login::login_state.")]] = zeek::analyzer::login::login_state; +constexpr auto LOGIN_STATE_AUTHENTICATE [[deprecated("Remove in v4.1. Use zeek::analyzer::login::LOGIN_STATE_AUTHENTICATE.")]] = zeek::analyzer::login::LOGIN_STATE_AUTHENTICATE; +constexpr auto LOGIN_STATE_LOGGED_IN [[deprecated("Remove in v4.1. Use zeek::analyzer::login::LOGIN_STATE_LOGGED_IN.")]] = zeek::analyzer::login::LOGIN_STATE_LOGGED_IN; +constexpr auto LOGIN_STATE_SKIP [[deprecated("Remove in v4.1. Use zeek::analyzer::login::LOGIN_STATE_SKIP.")]] = zeek::analyzer::login::LOGIN_STATE_SKIP; +constexpr auto LOGIN_STATE_CONFUSED [[deprecated("Remove in v4.1. Use zeek::analyzer::login::LOGIN_STATE_CONFUSED.")]] = zeek::analyzer::login::LOGIN_STATE_CONFUSED; + +using Login_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::Login_Analyzer.")]] = zeek::analyzer::login::Login_Analyzer; + +} // namespace analyzer::login diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index d515239d82..22f8d3e957 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -28,7 +28,7 @@ #define TELNET_IAC 255 -using namespace analyzer::login; +namespace zeek::analyzer::login { TelnetOption::TelnetOption(NVT_Analyzer* arg_endp, unsigned int arg_code) { @@ -117,6 +117,7 @@ void TelnetOption::BadOption() endp->Event(bad_option); } +namespace detail { void TelnetTerminalOption::RecvSubOption(u_char* data, int len) { @@ -250,7 +251,7 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len) case AUTHENTICATION_NAME: { char* auth_name = new char[len]; - safe_strncpy(auth_name, (char*) data + 1, len); + zeek::util::safe_strncpy(auth_name, (char*) data + 1, len); endp->SetAuthName(auth_name); } break; @@ -308,7 +309,7 @@ void TelnetEnvironmentOption::RecvSubOption(u_char* data, int len) break; } - static_cast + static_cast (endp->Parent())->SetEnv(endp->IsOrig(), var_name, var_val); } @@ -379,9 +380,10 @@ void TelnetBinaryOption::InconsistentOption(unsigned int /* type */) // in ex/redund-binary-opt.trace. } +} // namespace detail NVT_Analyzer::NVT_Analyzer(zeek::Connection* conn, bool orig) - : tcp::ContentLine_Analyzer("NVT", conn, orig), options() + : zeek::analyzer::tcp::ContentLine_Analyzer("NVT", conn, orig), options() { } @@ -405,23 +407,23 @@ TelnetOption* NVT_Analyzer::FindOption(unsigned int code) { // Maybe we haven't created this option yet. switch ( code ) { case TELNET_OPTION_BINARY: - opt = new TelnetBinaryOption(this); + opt = new detail::TelnetBinaryOption(this); break; case TELNET_OPTION_TERMINAL: - opt = new TelnetTerminalOption(this); + opt = new detail::TelnetTerminalOption(this); break; case TELNET_OPTION_ENCRYPT: - opt = new TelnetEncryptOption(this); + opt = new detail::TelnetEncryptOption(this); break; case TELNET_OPTION_AUTHENTICATE: - opt = new TelnetAuthenticateOption(this); + opt = new detail::TelnetAuthenticateOption(this); break; case TELNET_OPTION_ENVIRON: - opt = new TelnetEnvironmentOption(this); + opt = new detail::TelnetEnvironmentOption(this); break; } } @@ -734,3 +736,5 @@ void NVT_Analyzer::BadOptionTermination(unsigned int /* code */) { Event(bad_option_termination); } + +} // namespace zeek::analyzer::login diff --git a/src/analyzer/protocol/login/NVT.h b/src/analyzer/protocol/login/NVT.h index b0bfb5aa6f..f8349d3bbf 100644 --- a/src/analyzer/protocol/login/NVT.h +++ b/src/analyzer/protocol/login/NVT.h @@ -11,9 +11,9 @@ #define TELNET_OPTION_ENVIRON 39 #define NUM_TELNET_OPTIONS 5 -namespace analyzer { namespace login { +ZEEK_FORWARD_DECLARE_NAMESPACED(NVT_Analyzer, zeek, analyzer::login); -class NVT_Analyzer; +namespace zeek::analyzer::login { class TelnetOption { public: @@ -58,6 +58,8 @@ protected: int active; }; +namespace detail { + class TelnetTerminalOption final : public TelnetOption { public: explicit TelnetTerminalOption(NVT_Analyzer* arg_endp) @@ -122,7 +124,9 @@ protected: void InconsistentOption(unsigned int type) override; }; -class NVT_Analyzer final : public tcp::ContentLine_Analyzer { +} // namespace detail + +class NVT_Analyzer final : public zeek::analyzer::tcp::ContentLine_Analyzer { public: NVT_Analyzer(zeek::Connection* conn, bool orig); ~NVT_Analyzer() override; @@ -171,4 +175,16 @@ protected: int num_options = 0; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::login + +namespace analyzer::login { + +using TelnetOption [[deprecated("Remove in v4.1. Use zeek::analyzer::login::TelnetOption.")]] = zeek::analyzer::login::TelnetOption; +using TelnetTerminalOption [[deprecated("Remove in v4.1. Use zeek::analyzer::login::detail::TelnetTerminalOption.")]] = zeek::analyzer::login::detail::TelnetTerminalOption; +using TelnetEncryptOption [[deprecated("Remove in v4.1. Use zeek::analyzer::login::detail::TelnetEncryptOption.")]] = zeek::analyzer::login::detail::TelnetEncryptOption; +using TelnetAuthenticateOption [[deprecated("Remove in v4.1. Use zeek::analyzer::login::detail::TelnetAuthenticateOption.")]] = zeek::analyzer::login::detail::TelnetAuthenticateOption; +using TelnetEnvironmentOption [[deprecated("Remove in v4.1. Use zeek::analyzer::login::detail::TelnetEnvironmentOption.")]] = zeek::analyzer::login::detail::TelnetEnvironmentOption; +using TelnetBinaryOption [[deprecated("Remove in v4.1. Use zeek::analyzer::login::detail::TelnetBinaryOption.")]] = zeek::analyzer::login::detail::TelnetBinaryOption; +using NVT_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::NVT_Analyzer.")]] = zeek::analyzer::login::NVT_Analyzer; + +} // namespace analyzer::login diff --git a/src/analyzer/protocol/login/Plugin.cc b/src/analyzer/protocol/login/Plugin.cc index 553320c1f9..60aa82760c 100644 --- a/src/analyzer/protocol/login/Plugin.cc +++ b/src/analyzer/protocol/login/Plugin.cc @@ -7,16 +7,15 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Login { +namespace zeek::plugin::detail::Zeek_Login { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("Telnet", ::analyzer::login::Telnet_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("Rsh", ::analyzer::login::Rsh_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("Rlogin", ::analyzer::login::Rlogin_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Telnet", zeek::analyzer::login::Telnet_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Rsh", zeek::analyzer::login::Rsh_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Rlogin", zeek::analyzer::login::Rlogin_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("NVT", nullptr)); AddComponent(new zeek::analyzer::Component("Login", nullptr)); AddComponent(new zeek::analyzer::Component("Contents_Rsh", nullptr)); @@ -29,5 +28,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Login diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 031db4cec3..6a852fc4ff 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -9,13 +9,13 @@ #include "events.bif.h" -using namespace analyzer::login; +namespace zeek::analyzer::login { // FIXME: this code should probably be merged with Rlogin.cc. Contents_Rsh_Analyzer::Contents_Rsh_Analyzer(zeek::Connection* conn, bool orig, Rsh_Analyzer* arg_analyzer) -: tcp::ContentLine_Analyzer("CONTENTS_RSH", conn, orig) + : zeek::analyzer::tcp::ContentLine_Analyzer("CONTENTS_RSH", conn, orig) { num_bytes_to_scan = 0; analyzer = arg_analyzer; @@ -35,7 +35,7 @@ Contents_Rsh_Analyzer::~Contents_Rsh_Analyzer() void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data) { - tcp::TCP_Analyzer* tcp = static_cast(Parent())->TCP(); + zeek::analyzer::tcp::TCP_Analyzer* tcp = static_cast(Parent())->TCP(); assert(tcp); int endp_state = IsOrig() ? tcp->OrigState() : tcp->RespState(); @@ -49,10 +49,10 @@ void Contents_Rsh_Analyzer::DoDeliver(int len, const u_char* data) switch ( state ) { case RSH_FIRST_NULL: - if ( endp_state == tcp::TCP_ENDPOINT_PARTIAL || + if ( endp_state == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL || // We can be in closed if the data's due to // a dataful FIN being the first thing we see. - endp_state == tcp::TCP_ENDPOINT_CLOSED ) + endp_state == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED ) { state = RSH_UNKNOWN; ++len, --data; // put back c and reprocess @@ -171,7 +171,7 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) zeek::Args vl; vl.reserve(4 + orig); const char* line = (const char*) data; - line = skip_whitespace(line); + line = zeek::util::skip_whitespace(line); vl.emplace_back(ConnVal()); if ( client_name ) @@ -223,3 +223,5 @@ void Rsh_Analyzer::ServerUserName(const char* s) username = new zeek::StringVal(s); } + +} // namespace zeek::analyzer::login diff --git a/src/analyzer/protocol/login/RSH.h b/src/analyzer/protocol/login/RSH.h index 1b71b5d17f..6792c72510 100644 --- a/src/analyzer/protocol/login/RSH.h +++ b/src/analyzer/protocol/login/RSH.h @@ -5,9 +5,11 @@ #include "Login.h" #include "analyzer/protocol/tcp/ContentLine.h" -namespace analyzer { namespace login { +ZEEK_FORWARD_DECLARE_NAMESPACED(Rsh_Analyzer, zeek, analyzer::login); -typedef enum { +namespace zeek::analyzer::login { + +enum rsh_state { RSH_FIRST_NULL, // waiting to see first NUL RSH_CLIENT_USER_NAME, // scanning client user name up to NUL RSH_SERVER_USER_NAME, // scanning server user name up to NUL @@ -18,11 +20,9 @@ typedef enum { RSH_PRESUMED_REJECTED, // apparently server said No Way RSH_UNKNOWN, // we don't know what state we're in -} rsh_state; +}; -class Rsh_Analyzer; - -class Contents_Rsh_Analyzer final : public tcp::ContentLine_Analyzer { +class Contents_Rsh_Analyzer final : public zeek::analyzer::tcp::ContentLine_Analyzer { public: Contents_Rsh_Analyzer(zeek::Connection* conn, bool orig, Rsh_Analyzer* analyzer); ~Contents_Rsh_Analyzer() override; @@ -55,4 +55,20 @@ public: Contents_Rsh_Analyzer* contents_resp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::login + +namespace analyzer::login { + +using rsh_state [[deprecated("Remove in v4.1. Use zeek::analyzer::login::rsh_state.")]] = zeek::analyzer::login::rsh_state; +constexpr auto RSH_FIRST_NULL [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_FIRST_NULL.")]] = zeek::analyzer::login::RSH_FIRST_NULL; +constexpr auto RSH_CLIENT_USER_NAME [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_CLIENT_USER_NAME.")]] = zeek::analyzer::login::RSH_CLIENT_USER_NAME; +constexpr auto RSH_SERVER_USER_NAME [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_SERVER_USER_NAME.")]] = zeek::analyzer::login::RSH_SERVER_USER_NAME; +constexpr auto RSH_INITIAL_CMD [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_INITIAL_CMD.")]] = zeek::analyzer::login::RSH_INITIAL_CMD; +constexpr auto RSH_LINE_MODE [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_LINE_MODE.")]] = zeek::analyzer::login::RSH_LINE_MODE; +constexpr auto RSH_PRESUMED_REJECTED [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_PRESUMED_REJECTED.")]] = zeek::analyzer::login::RSH_PRESUMED_REJECTED; +constexpr auto RSH_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RSH_UNKNOWN.")]] = zeek::analyzer::login::RSH_UNKNOWN; + +using Contents_Rsh_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::Contents_Rsh_Analyzer.")]] = zeek::analyzer::login::Contents_Rsh_Analyzer; +using Rsh_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::Rsh_Analyzer.")]] = zeek::analyzer::login::Rsh_Analyzer; + +} // namespace analyzer::login diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 68b4bdad3d..d91d685a94 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -9,10 +9,10 @@ #include "events.bif.h" -using namespace analyzer::login; +namespace zeek::analyzer::login { Contents_Rlogin_Analyzer::Contents_Rlogin_Analyzer(zeek::Connection* conn, bool orig, Rlogin_Analyzer* arg_analyzer) -: tcp::ContentLine_Analyzer("CONTENTLINE", conn, orig) + : zeek::analyzer::tcp::ContentLine_Analyzer("CONTENTLINE", conn, orig) { num_bytes_to_scan = 0; analyzer = arg_analyzer; @@ -30,7 +30,7 @@ Contents_Rlogin_Analyzer::~Contents_Rlogin_Analyzer() void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data) { - tcp::TCP_Analyzer* tcp = static_cast(Parent())->TCP(); + auto* tcp = static_cast(Parent())->TCP(); assert(tcp); int endp_state = IsOrig() ? tcp->OrigState() : tcp->RespState(); @@ -44,10 +44,10 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data) switch ( state ) { case RLOGIN_FIRST_NULL: - if ( endp_state == tcp::TCP_ENDPOINT_PARTIAL || + if ( endp_state == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL || // We can be in closed if the data's due to // a dataful FIN being the first thing we see. - endp_state == tcp::TCP_ENDPOINT_CLOSED ) + endp_state == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED ) { state = RLOGIN_UNKNOWN; ++len, --data; // put back c and reprocess @@ -89,10 +89,10 @@ void Contents_Rlogin_Analyzer::DoDeliver(int len, const u_char* data) break; case RLOGIN_SERVER_ACK: - if ( endp_state == tcp::TCP_ENDPOINT_PARTIAL || + if ( endp_state == zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL || // We can be in closed if the data's due to // a dataful FIN being the first thing we see. - endp_state == tcp::TCP_ENDPOINT_CLOSED ) + endp_state == zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED ) { state = RLOGIN_UNKNOWN; ++len, --data; // put back c and reprocess @@ -249,3 +249,5 @@ void Rlogin_Analyzer::TerminalType(const char* s) zeek::make_intrusive(s) ); } + +} // namespace zeek::analyzer::login diff --git a/src/analyzer/protocol/login/Rlogin.h b/src/analyzer/protocol/login/Rlogin.h index c7ba428cf7..d10739c75e 100644 --- a/src/analyzer/protocol/login/Rlogin.h +++ b/src/analyzer/protocol/login/Rlogin.h @@ -5,9 +5,11 @@ #include "Login.h" #include "analyzer/protocol/tcp/ContentLine.h" -namespace analyzer { namespace login { +ZEEK_FORWARD_DECLARE_NAMESPACED(Rlogin_Analyzer, zeek, analyzer::login); -typedef enum { +namespace zeek::analyzer::login { + +enum rlogin_state { RLOGIN_FIRST_NULL, // waiting to see first NUL RLOGIN_CLIENT_USER_NAME, // scanning client user name up to NUL RLOGIN_SERVER_USER_NAME, // scanning server user name up to NUL @@ -26,11 +28,9 @@ typedef enum { RLOGIN_PRESUMED_REJECTED, // apparently server said No Way RLOGIN_UNKNOWN, // we don't know what state we're in -} rlogin_state; +}; -class Rlogin_Analyzer; - -class Contents_Rlogin_Analyzer final : public tcp::ContentLine_Analyzer { +class Contents_Rlogin_Analyzer final : public zeek::analyzer::tcp::ContentLine_Analyzer { public: Contents_Rlogin_Analyzer(zeek::Connection* conn, bool orig, Rlogin_Analyzer* analyzer); @@ -65,4 +65,25 @@ public: { return new Rlogin_Analyzer(conn); } }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::login + +namespace analyzer::login { + +using rlogin_state [[deprecated("Remove in v4.1. Use zeek::analyzer::login::rlogin_state.")]] = zeek::analyzer::login::rlogin_state; +constexpr auto RLOGIN_FIRST_NULL [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_FIRST_NULL.")]] = zeek::analyzer::login::RLOGIN_FIRST_NULL; +constexpr auto RLOGIN_CLIENT_USER_NAME [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_CLIENT_USER_NAME.")]] = zeek::analyzer::login::RLOGIN_CLIENT_USER_NAME; +constexpr auto RLOGIN_SERVER_USER_NAME [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_SERVER_USER_NAME.")]] = zeek::analyzer::login::RLOGIN_SERVER_USER_NAME; +constexpr auto RLOGIN_TERMINAL_TYPE [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_TERMINAL_TYPE.")]] = zeek::analyzer::login::RLOGIN_TERMINAL_TYPE; +constexpr auto RLOGIN_SERVER_ACK [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_SERVER_ACK.")]] = zeek::analyzer::login::RLOGIN_SERVER_ACK; +constexpr auto RLOGIN_IN_BAND_CONTROL_FF2 [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_IN_BAND_CONTROL_FF2.")]] = zeek::analyzer::login::RLOGIN_IN_BAND_CONTROL_FF2; +constexpr auto RLOGIN_WINDOW_CHANGE_S1 [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_WINDOW_CHANGE_S1.")]] = zeek::analyzer::login::RLOGIN_WINDOW_CHANGE_S1; +constexpr auto RLOGIN_WINDOW_CHANGE_S2 [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_WINDOW_CHANGE_S2.")]] = zeek::analyzer::login::RLOGIN_WINDOW_CHANGE_S2; +constexpr auto RLOGIN_WINDOW_CHANGE_REMAINDER [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_WINDOW_CHANGE_REMAINDER.")]] = zeek::analyzer::login::RLOGIN_WINDOW_CHANGE_REMAINDER; +constexpr auto RLOGIN_LINE_MODE [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_LINE_MODE.")]] = zeek::analyzer::login::RLOGIN_LINE_MODE; +constexpr auto RLOGIN_PRESUMED_REJECTED [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_PRESUMED_REJECTED.")]] = zeek::analyzer::login::RLOGIN_PRESUMED_REJECTED; +constexpr auto RLOGIN_UNKNOWN [[deprecated("Remove in v4.1. Use zeek::analyzer::login::RLOGIN_UNKNOWN.")]] = zeek::analyzer::login::RLOGIN_UNKNOWN; + +using Contents_Rlogin_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::Contents_Rlogin_Analyzer.")]] = zeek::analyzer::login::Contents_Rlogin_Analyzer; +using Rlogin_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::Rlogin_Analyzer.")]] = zeek::analyzer::login::Rlogin_Analyzer; + +} // namespace analyzer::login diff --git a/src/analyzer/protocol/login/Telnet.cc b/src/analyzer/protocol/login/Telnet.cc index 798c6f3e7d..6ca61a0766 100644 --- a/src/analyzer/protocol/login/Telnet.cc +++ b/src/analyzer/protocol/login/Telnet.cc @@ -7,7 +7,7 @@ #include "events.bif.h" -using namespace analyzer::login; +namespace zeek::analyzer::login { Telnet_Analyzer::Telnet_Analyzer(zeek::Connection* conn) : Login_Analyzer("TELNET", conn) @@ -21,3 +21,5 @@ Telnet_Analyzer::Telnet_Analyzer(zeek::Connection* conn) AddSupportAnalyzer(nvt_orig); AddSupportAnalyzer(nvt_resp); } + +} // namespace zeek::analyzer::login diff --git a/src/analyzer/protocol/login/Telnet.h b/src/analyzer/protocol/login/Telnet.h index af28665fd7..1c992c009a 100644 --- a/src/analyzer/protocol/login/Telnet.h +++ b/src/analyzer/protocol/login/Telnet.h @@ -4,7 +4,7 @@ #include "Login.h" -namespace analyzer { namespace login { +namespace zeek::analyzer::login { class Telnet_Analyzer : public Login_Analyzer { public: @@ -15,4 +15,10 @@ public: { return new Telnet_Analyzer(conn); } }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::login + +namespace analyzer::login { + +using Telnet_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::login::Telnet_Analyzer.")]] = zeek::analyzer::login::Telnet_Analyzer; + +} // namespace analyzer::login diff --git a/src/analyzer/protocol/login/functions.bif b/src/analyzer/protocol/login/functions.bif index 6b0e195529..3b2b0e610c 100644 --- a/src/analyzer/protocol/login/functions.bif +++ b/src/analyzer/protocol/login/functions.bif @@ -34,7 +34,7 @@ function get_login_state%(cid: conn_id%): count if ( ! la ) return zeek::val_mgr->False(); - return zeek::val_mgr->Count(int(static_cast<::analyzer::login::Login_Analyzer*>(la)->LoginState())); + return zeek::val_mgr->Count(int(static_cast(la)->LoginState())); %} ## Sets the login state of a connection with a login analyzer. @@ -58,6 +58,7 @@ function set_login_state%(cid: conn_id, new_state: count%): bool if ( ! la ) return zeek::val_mgr->False(); - static_cast<::analyzer::login::Login_Analyzer*>(la)->SetLoginState(::analyzer::login::login_state(new_state)); + static_cast(la)->SetLoginState( + zeek::analyzer::login::login_state(new_state)); return zeek::val_mgr->True(); %} diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index baf98e57be..e415b061b9 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -19,7 +19,7 @@ // headers of form: =; =; // =; ... (so that -namespace analyzer { namespace mime { +namespace zeek::analyzer::mime { static const zeek::data_chunk_t null_data_chunk = { 0, nullptr }; @@ -150,9 +150,9 @@ int fputs(zeek::data_chunk_t b, FILE* fp) void MIME_Mail::Undelivered(int len) { - cur_entity_id = file_mgr->Gap(cur_entity_len, len, - analyzer->GetAnalyzerTag(), analyzer->Conn(), - is_orig, cur_entity_id); + cur_entity_id = zeek::file_mgr->Gap(cur_entity_len, len, + analyzer->GetAnalyzerTag(), analyzer->Conn(), + is_orig, cur_entity_id); } bool istrequal(zeek::data_chunk_t s, const char* t) @@ -439,11 +439,6 @@ zeek::String* MIME_decode_quoted_pairs(zeek::data_chunk_t buf) return new zeek::String(true, (zeek::byte_vec) dest, j); } - -} } // namespace analyzer::* - -using namespace analyzer::mime; - MIME_Multiline::MIME_Multiline() { line = nullptr; @@ -1088,8 +1083,8 @@ void MIME_Entity::DecodeQuotedPrintable(int len, const char* data) if ( i + 2 < len ) { int a, b; - a = decode_hex(data[i+1]); - b = decode_hex(data[i+2]); + a = zeek::util::decode_hex(data[i+1]); + b = zeek::util::decode_hex(data[i+2]); if ( a >= 0 && b >= 0 ) { @@ -1119,7 +1114,7 @@ void MIME_Entity::DecodeQuotedPrintable(int len, const char* data) else { - IllegalEncoding(fmt("control characters in quoted-printable encoding: %d", (int) (data[i]))); + IllegalEncoding(zeek::util::fmt("control characters in quoted-printable encoding: %d", (int) (data[i]))); DataOctet(data[i]); } } @@ -1334,8 +1329,8 @@ MIME_Mail::MIME_Mail(zeek::analyzer::Analyzer* mail_analyzer, bool orig, int buf { analyzer = mail_analyzer; - min_overlap_length = mime_segment_overlap_length; - max_chunk_length = mime_segment_length; + min_overlap_length = zeek::detail::mime_segment_overlap_length; + max_chunk_length = zeek::detail::mime_segment_length; is_orig = orig; int length = buf_size; @@ -1387,7 +1382,7 @@ void MIME_Mail::Done() MIME_Message::Done(); - file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); + zeek::file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); } MIME_Mail::~MIME_Mail() @@ -1433,7 +1428,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) if ( mime_end_entity ) analyzer->EnqueueConnEvent(mime_end_entity, analyzer->ConnVal()); - file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); + zeek::file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); } @@ -1492,9 +1487,10 @@ void MIME_Mail::SubmitData(int len, const char* buf) ); } - cur_entity_id = file_mgr->DataIn(reinterpret_cast(buf), len, - analyzer->GetAnalyzerTag(), analyzer->Conn(), is_orig, - cur_entity_id); + cur_entity_id = zeek::file_mgr->DataIn( + reinterpret_cast(buf), len, + analyzer->GetAnalyzerTag(), analyzer->Conn(), is_orig, + cur_entity_id); cur_entity_len += len; buffer_start = (buf + len) - (char*)data_buffer->Bytes(); @@ -1566,3 +1562,24 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) zeek::make_intrusive(detail) ); } + +} // namespace zeek::analyzer::mime + + +namespace analyzer::mime { + +zeek::StringVal* new_string_val(int length, const char* data) + { return zeek::analyzer::mime::to_string_val(length, data).release(); } +zeek::StringVal* new_string_val(const char* data, const char* end_of_data) + { return zeek::analyzer::mime::to_string_val(data, end_of_data).release(); } +zeek::StringVal* new_string_val(const zeek::data_chunk_t buf) + { return zeek::analyzer::mime::to_string_val(buf).release(); } + +zeek::StringValPtr to_string_val(int length, const char* data) + { return zeek::analyzer::mime::to_string_val(length, data); } +zeek::StringValPtr to_string_val(const char* data, const char* end_of_data) + { return zeek::analyzer::mime::to_string_val(data, end_of_data); } +zeek::StringValPtr to_string_val(const zeek::data_chunk_t buf) + { return zeek::analyzer::mime::to_string_val(buf); } + +} // namespace analyzer::mime diff --git a/src/analyzer/protocol/mime/MIME.h b/src/analyzer/protocol/mime/MIME.h index 3a9ac3edf9..7498ada5ea 100644 --- a/src/analyzer/protocol/mime/MIME.h +++ b/src/analyzer/protocol/mime/MIME.h @@ -19,7 +19,7 @@ using TableValPtr = zeek::IntrusivePtr; using StringValPtr = zeek::IntrusivePtr; } -namespace analyzer { namespace mime { +namespace zeek::analyzer::mime { // MIME: Multipurpose Internet Mail Extensions // Follows RFC 822 & 2822 (Internet Mail), 2045-2049 (MIME) @@ -46,8 +46,6 @@ enum MIME_EVENT_TYPE { MIME_EVENT_OTHER, }; - - // MIME data structures. class MIME_Multiline; @@ -279,11 +277,11 @@ protected: }; extern bool is_null_data_chunk(zeek::data_chunk_t b); -[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]] +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] extern zeek::StringVal* new_string_val(int length, const char* data); -[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]] +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] extern zeek::StringVal* new_string_val(const char* data, const char* end_of_data); -[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]] +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] extern zeek::StringVal* new_string_val(const zeek::data_chunk_t buf); extern zeek::StringValPtr to_string_val(int length, const char* data); extern zeek::StringValPtr to_string_val(const char* data, const char* end_of_data); @@ -304,4 +302,54 @@ extern int MIME_get_value(int len, const char* data, zeek::String*& buf, extern int MIME_get_field_name(int len, const char* data, zeek::data_chunk_t* name); extern zeek::String* MIME_decode_quoted_pairs(zeek::data_chunk_t buf); -} } // namespace analyzer::* +} // namespace zeek::analyzer::mime + +namespace analyzer::mime { + +using MIME_CONTENT_TYPE [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_CONTENT_TYPE.")]] = zeek::analyzer::mime::MIME_CONTENT_TYPE; +constexpr auto CONTENT_TYPE_MULTIPART [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::CONTENT_TYPE_MULTIPART.")]] = zeek::analyzer::mime::CONTENT_TYPE_MULTIPART; +constexpr auto CONTENT_TYPE_MESSAGE [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::CONTENT_TYPE_MESSAGE.")]] = zeek::analyzer::mime::CONTENT_TYPE_MESSAGE; +constexpr auto CONTENT_TYPE_TEXT [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::CONTENT_TYPE_TEXT.")]] = zeek::analyzer::mime::CONTENT_TYPE_TEXT; +constexpr auto CONTENT_TYPE_OTHER [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::CONTENT_TYPE_OTHER.")]] = zeek::analyzer::mime::CONTENT_TYPE_OTHER; + +using MIME_EVENT_TYPE [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_EVENT_TYPE.")]] = zeek::analyzer::mime::MIME_EVENT_TYPE; +constexpr auto MIME_EVENT_ILLEGAL_FORMAT [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::MIME_EVENT_ILLEGAL_FORMAT.")]] = zeek::analyzer::mime::MIME_EVENT_ILLEGAL_FORMAT; +constexpr auto MIME_EVENT_ILLEGAL_ENCODING [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::MIME_EVENT_ILLEGAL_ENCODING.")]] = zeek::analyzer::mime::MIME_EVENT_ILLEGAL_ENCODING; +constexpr auto MIME_EVENT_CONTENT_GAP [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::MIME_EVENT_CONTENT_GAP.")]] = zeek::analyzer::mime::MIME_EVENT_CONTENT_GAP; +constexpr auto MIME_EVENT_OTHER [[deprecated("Remove in v4.1. Uze zeek::analyzer::mime::MIME_EVENT_OTHER.")]] = zeek::analyzer::mime::MIME_EVENT_OTHER; + +using MIME_Multiline [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_Multiline.")]] = zeek::analyzer::mime::MIME_Multiline; +using MIME_Header [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_Header.")]] = zeek::analyzer::mime::MIME_Header; +using MIME_HeaderList [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_HeaderList.")]] = zeek::analyzer::mime::MIME_HeaderList; +using MIME_Entity [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_Entity.")]] = zeek::analyzer::mime::MIME_Entity; +using MIME_Message [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_Message.")]] = zeek::analyzer::mime::MIME_Message; +using MIME_Mail [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_Mail.")]] = zeek::analyzer::mime::MIME_Mail; + +constexpr auto is_null_data_chunk [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::is_null_data_chunk.")]] = zeek::analyzer::mime::is_null_data_chunk; +constexpr auto is_lws [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::is_lws.")]] = zeek::analyzer::mime::is_lws; +constexpr auto MIME_is_field_name_char [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_is_field_name_char.")]] = zeek::analyzer::mime::MIME_is_field_name_char; +constexpr auto MIME_count_leading_lws [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_count_leading_lws.")]] = zeek::analyzer::mime::MIME_count_leading_lws; +constexpr auto MIME_count_trailing_lws [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_count_trailing_lws.")]] = zeek::analyzer::mime::MIME_count_trailing_lws; +constexpr auto MIME_skip_comments [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_skip_comments.")]] = zeek::analyzer::mime::MIME_skip_comments; +constexpr auto MIME_skip_lws_comments [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_skip_lws_comments.")]] = zeek::analyzer::mime::MIME_skip_lws_comments; +constexpr auto MIME_get_token [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_get_token.")]] = zeek::analyzer::mime::MIME_get_token; +constexpr auto MIME_get_slash_token_pair [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_get_slash_token_pair.")]] = zeek::analyzer::mime::MIME_get_slash_token_pair; +constexpr auto MIME_get_value [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_get_value.")]] = zeek::analyzer::mime::MIME_get_value; +constexpr auto MIME_get_field_name [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_get_field_name.")]] = zeek::analyzer::mime::MIME_get_field_name; +constexpr auto MIME_decode_quoted_pairs [[deprecated("Remove in v4.1. Use zeek::analyzer::mime::MIME_decode_quoted_pairs.")]] = zeek::analyzer::mime::MIME_decode_quoted_pairs; + +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] +extern zeek::StringVal* new_string_val(int length, const char* data); +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] +extern zeek::StringVal* new_string_val(const char* data, const char* end_of_data); +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] +extern zeek::StringVal* new_string_val(const zeek::data_chunk_t buf); + +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] +extern zeek::StringValPtr to_string_val(int length, const char* data); +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] +extern zeek::StringValPtr to_string_val(const char* data, const char* end_of_data); +[[deprecated("Remove in v4.1. Use zeek::analyzer::mime::to_string_val().")]] +extern zeek::StringValPtr to_string_val(const zeek::data_chunk_t buf); + +} // namespace analyzer::mime diff --git a/src/analyzer/protocol/mime/Plugin.cc b/src/analyzer/protocol/mime/Plugin.cc index fefe969098..0e06a20431 100644 --- a/src/analyzer/protocol/mime/Plugin.cc +++ b/src/analyzer/protocol/mime/Plugin.cc @@ -3,8 +3,7 @@ #include "plugin/Plugin.h" -namespace plugin { -namespace Zeek_MIME { +namespace zeek::plugin::detail::Zeek_MIME { class Plugin : public zeek::plugin::Plugin { public: @@ -17,5 +16,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_MIME diff --git a/src/analyzer/protocol/modbus/Modbus.cc b/src/analyzer/protocol/modbus/Modbus.cc index 9becb31359..37b6fa74f3 100644 --- a/src/analyzer/protocol/modbus/Modbus.cc +++ b/src/analyzer/protocol/modbus/Modbus.cc @@ -4,7 +4,7 @@ #include "events.bif.h" -using namespace analyzer::modbus; +namespace zeek::analyzer::modbus { ModbusTCP_Analyzer::ModbusTCP_Analyzer(zeek::Connection* c) : TCP_ApplicationAnalyzer("MODBUS", c) @@ -42,3 +42,5 @@ void ModbusTCP_Analyzer::EndpointEOF(bool is_orig) TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } + +} // namespace zeek::analyzer::modbus diff --git a/src/analyzer/protocol/modbus/Modbus.h b/src/analyzer/protocol/modbus/Modbus.h index c94bfc5d16..ae1a466c61 100644 --- a/src/analyzer/protocol/modbus/Modbus.h +++ b/src/analyzer/protocol/modbus/Modbus.h @@ -3,9 +3,9 @@ #include "analyzer/protocol/tcp/TCP.h" #include "modbus_pac.h" -namespace analyzer { namespace modbus { +namespace zeek::analyzer::modbus { -class ModbusTCP_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class ModbusTCP_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit ModbusTCP_Analyzer(zeek::Connection* conn); ~ModbusTCP_Analyzer() override; @@ -23,4 +23,10 @@ protected: binpac::ModbusTCP::ModbusTCP_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::modbus + +namespace analyzer::modbus { + +using ModbusTCP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::modbus::ModbusTCP_Analyzer.")]] = zeek::analyzer::modbus::ModbusTCP_Analyzer; + +} // namespace analyzer::modbus diff --git a/src/analyzer/protocol/modbus/Plugin.cc b/src/analyzer/protocol/modbus/Plugin.cc index 012603f80d..ddfee8bebe 100644 --- a/src/analyzer/protocol/modbus/Plugin.cc +++ b/src/analyzer/protocol/modbus/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Modbus { +namespace zeek::plugin::detail::Zeek_Modbus { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("MODBUS", ::analyzer::modbus::ModbusTCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("MODBUS", zeek::analyzer::modbus::ModbusTCP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Modbus"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Modbus diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac index 13117ffbb6..4f34184a05 100644 --- a/src/analyzer/protocol/modbus/modbus-analyzer.pac +++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac @@ -203,7 +203,7 @@ refine flow ModbusTCP_Flow += { if ( ${message.byte_count} % 2 != 0 ) { connection()->bro_analyzer()->ProtocolViolation( - fmt("invalid value for modbus read holding register response byte count %d", ${message.byte_count})); + zeek::util::fmt("invalid value for modbus read holding register response byte count %d", ${message.byte_count})); return false; } @@ -247,7 +247,7 @@ refine flow ModbusTCP_Flow += { if ( ${message.byte_count} % 2 != 0 ) { connection()->bro_analyzer()->ProtocolViolation( - fmt("invalid value for modbus read input register response byte count %d", ${message.byte_count})); + zeek::util::fmt("invalid value for modbus read input register response byte count %d", ${message.byte_count})); return false; } @@ -283,7 +283,7 @@ refine flow ModbusTCP_Flow += { val = 1; else { - connection()->bro_analyzer()->ProtocolViolation(fmt("invalid value for modbus write single coil request %d", + connection()->bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid value for modbus write single coil request %d", ${message.value})); return false; } @@ -310,7 +310,7 @@ refine flow ModbusTCP_Flow += { val = 1; else { - connection()->bro_analyzer()->ProtocolViolation(fmt("invalid value for modbus write single coil response %d", + connection()->bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid value for modbus write single coil response %d", ${message.value})); return false; } @@ -391,7 +391,7 @@ refine flow ModbusTCP_Flow += { if ( ${message.byte_count} % 2 != 0 ) { connection()->bro_analyzer()->ProtocolViolation( - fmt("invalid value for modbus write multiple registers request byte count %d", ${message.byte_count})); + zeek::util::fmt("invalid value for modbus write multiple registers request byte count %d", ${message.byte_count})); return false; } @@ -576,7 +576,7 @@ refine flow ModbusTCP_Flow += { if ( ${message.write_byte_count} % 2 != 0 ) { connection()->bro_analyzer()->ProtocolViolation( - fmt("invalid value for modbus read write multiple registers request write byte count %d", ${message.write_byte_count})); + zeek::util::fmt("invalid value for modbus read write multiple registers request write byte count %d", ${message.write_byte_count})); return false; } @@ -608,7 +608,7 @@ refine flow ModbusTCP_Flow += { if ( ${message.byte_count} % 2 != 0 ) { connection()->bro_analyzer()->ProtocolViolation( - fmt("invalid value for modbus read write multiple registers response byte count %d", ${message.byte_count})); + zeek::util::fmt("invalid value for modbus read write multiple registers response byte count %d", ${message.byte_count})); return false; } @@ -652,7 +652,7 @@ refine flow ModbusTCP_Flow += { if ( ${message.byte_count} % 2 != 0 ) { connection()->bro_analyzer()->ProtocolViolation( - fmt("invalid value for modbus read FIFO queue response byte count %d", ${message.byte_count})); + zeek::util::fmt("invalid value for modbus read FIFO queue response byte count %d", ${message.byte_count})); return false; } diff --git a/src/analyzer/protocol/mqtt/MQTT.cc b/src/analyzer/protocol/mqtt/MQTT.cc index b5f94d3660..82524ac112 100644 --- a/src/analyzer/protocol/mqtt/MQTT.cc +++ b/src/analyzer/protocol/mqtt/MQTT.cc @@ -7,10 +7,10 @@ #include "Scope.h" #include "mqtt_pac.h" -using namespace analyzer::MQTT; +namespace zeek::analyzer::mqtt { MQTT_Analyzer::MQTT_Analyzer(zeek::Connection* c) - : tcp::TCP_ApplicationAnalyzer("MQTT", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("MQTT", c) { interp = new binpac::MQTT::MQTT_Conn(this); } @@ -22,7 +22,7 @@ MQTT_Analyzer::~MQTT_Analyzer() void MQTT_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -30,13 +30,13 @@ void MQTT_Analyzer::Done() void MQTT_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void MQTT_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); @@ -46,12 +46,14 @@ void MQTT_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void MQTT_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::mqtt diff --git a/src/analyzer/protocol/mqtt/MQTT.h b/src/analyzer/protocol/mqtt/MQTT.h index d84885406f..a150fc2c05 100644 --- a/src/analyzer/protocol/mqtt/MQTT.h +++ b/src/analyzer/protocol/mqtt/MQTT.h @@ -7,9 +7,9 @@ namespace binpac { namespace MQTT { class MQTT_Conn; } } -namespace analyzer { namespace MQTT { +namespace zeek::analyzer::mqtt { -class MQTT_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class MQTT_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: MQTT_Analyzer(zeek::Connection* conn); @@ -28,4 +28,10 @@ protected: }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::mqtt + +namespace analyzer::MQTT { + +using MQTT_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::mqtt::MQTT_Analyzer.")]] = zeek::analyzer::mqtt::MQTT_Analyzer; + +} // namespace analyzer::mqtt diff --git a/src/analyzer/protocol/mqtt/Plugin.cc b/src/analyzer/protocol/mqtt/Plugin.cc index 26ae30ed5c..cac61029fc 100644 --- a/src/analyzer/protocol/mqtt/Plugin.cc +++ b/src/analyzer/protocol/mqtt/Plugin.cc @@ -4,15 +4,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_MQTT { +namespace zeek::plugin::detail::Zeek_MQTT { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { AddComponent(new zeek::analyzer::Component("MQTT", - ::analyzer::MQTT::MQTT_Analyzer::InstantiateAnalyzer)); + zeek::analyzer::mqtt::MQTT_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; config.name = "Zeek::MQTT"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_MQTT diff --git a/src/analyzer/protocol/mysql/MySQL.cc b/src/analyzer/protocol/mysql/MySQL.cc index 7714906b02..789e71bce3 100644 --- a/src/analyzer/protocol/mysql/MySQL.cc +++ b/src/analyzer/protocol/mysql/MySQL.cc @@ -5,10 +5,10 @@ #include "Reporter.h" #include "events.bif.h" -using namespace analyzer::MySQL; +namespace zeek::analyzer::mysql { MySQL_Analyzer::MySQL_Analyzer(zeek::Connection* c) - : tcp::TCP_ApplicationAnalyzer("MySQL", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("MySQL", c) { interp = new binpac::MySQL::MySQL_Conn(this); had_gap = false; @@ -21,7 +21,7 @@ MySQL_Analyzer::~MySQL_Analyzer() void MySQL_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -29,13 +29,13 @@ void MySQL_Analyzer::Done() void MySQL_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void MySQL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) @@ -53,13 +53,15 @@ void MySQL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void MySQL_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::mysql diff --git a/src/analyzer/protocol/mysql/MySQL.h b/src/analyzer/protocol/mysql/MySQL.h index af4ad2ef52..3bb75da40c 100644 --- a/src/analyzer/protocol/mysql/MySQL.h +++ b/src/analyzer/protocol/mysql/MySQL.h @@ -7,9 +7,9 @@ #include "mysql_pac.h" -namespace analyzer { namespace MySQL { +namespace zeek::analyzer::mysql { -class MySQL_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class MySQL_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit MySQL_Analyzer(zeek::Connection* conn); @@ -21,7 +21,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) @@ -32,4 +32,10 @@ protected: bool had_gap; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::mysql + +namespace analyzer::MySQL { + +using MySQL_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::mysql::MySQL_Analyzer.")]] = zeek::analyzer::mysql::MySQL_Analyzer; + +} // namespace analyzer::MySQL diff --git a/src/analyzer/protocol/mysql/Plugin.cc b/src/analyzer/protocol/mysql/Plugin.cc index 93a99b4d54..98c8c9cdda 100644 --- a/src/analyzer/protocol/mysql/Plugin.cc +++ b/src/analyzer/protocol/mysql/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_MySQL { +namespace zeek::plugin::detail::Zeek_MySQL { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("MySQL", ::analyzer::MySQL::MySQL_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("MySQL", zeek::analyzer::mysql::MySQL_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::MySQL"; config.description = "MySQL analyzer"; @@ -19,5 +18,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_MySQL diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index 604dc246d0..a566e27827 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -12,7 +12,6 @@ #include "consts.bif.h" using namespace std; -using namespace analyzer::ncp; #include "NCP.h" #include "Sessions.h" @@ -23,6 +22,9 @@ using namespace analyzer::ncp; uint16(xbyte(bytes, 0)) | ((uint16(xbyte(bytes, 1))) << 8) : \ uint16(xbyte(bytes, 1)) | ((uint16(xbyte(bytes, 0))) << 8)) +namespace zeek::analyzer::ncp { +namespace detail { + NCP_Session::NCP_Session(zeek::analyzer::Analyzer* a) : analyzer(a) { @@ -41,7 +43,7 @@ void NCP_Session::Deliver(bool is_orig, int len, const u_char* data) } catch ( const binpac::Exception& e ) { - analyzer->ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + analyzer->ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } @@ -163,8 +165,10 @@ void NCP_FrameBuffer::compute_msg_length() msg_len = (msg_len << 8) | data[4+i]; } -Contents_NCP_Analyzer::Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, NCP_Session* arg_session) -: tcp::TCP_SupportAnalyzer("CONTENTS_NCP", conn, orig) +} // namespace detail + +Contents_NCP_Analyzer::Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, detail::NCP_Session* arg_session) +: zeek::analyzer::tcp::TCP_SupportAnalyzer("CONTENTS_NCP", conn, orig) { session = arg_session; resync = true; @@ -177,7 +181,7 @@ Contents_NCP_Analyzer::~Contents_NCP_Analyzer() void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); auto tcp = static_cast(Parent())->TCP(); @@ -185,7 +189,7 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig { resync_set = true; resync = (IsOrig() ? tcp->OrigState() : tcp->RespState()) != - tcp::TCP_ENDPOINT_ESTABLISHED; + zeek::analyzer::tcp::TCP_ENDPOINT_ESTABLISHED; } if ( tcp && tcp->HadGap(orig) ) @@ -238,16 +242,16 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig void Contents_NCP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_SupportAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_SupportAnalyzer::Undelivered(seq, len, orig); buffer.Reset(); resync = true; } NCP_Analyzer::NCP_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("NCP", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("NCP", conn) { - session = new NCP_Session(this); + session = new detail::NCP_Session(this); o_ncp = new Contents_NCP_Analyzer(conn, true, session); AddSupportAnalyzer(o_ncp); r_ncp = new Contents_NCP_Analyzer(conn, false, session); @@ -258,3 +262,5 @@ NCP_Analyzer::~NCP_Analyzer() { delete session; } + +} // namespace zeek::analyzer::ncp diff --git a/src/analyzer/protocol/ncp/NCP.h b/src/analyzer/protocol/ncp/NCP.h index 287de6d606..1e2e90ee88 100644 --- a/src/analyzer/protocol/ncp/NCP.h +++ b/src/analyzer/protocol/ncp/NCP.h @@ -22,7 +22,8 @@ #include "ncp_pac.h" -namespace analyzer { namespace ncp { +namespace zeek::analyzer::ncp { +namespace detail { // Create a general NCP_Session class so that it can be used in // case the RPC conversation is tunneled through other connections, @@ -82,24 +83,26 @@ protected: void compute_msg_length() override; }; -class Contents_NCP_Analyzer : public tcp::TCP_SupportAnalyzer { +} // namespace detail + +class Contents_NCP_Analyzer : public zeek::analyzer::tcp::TCP_SupportAnalyzer { public: - Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, NCP_Session* session); + Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, detail::NCP_Session* session); ~Contents_NCP_Analyzer() override; protected: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - NCP_FrameBuffer buffer; - NCP_Session* session; + detail::NCP_FrameBuffer buffer; + detail::NCP_Session* session; // Re-sync for partial connections (or after a content gap). bool resync; bool resync_set; }; -class NCP_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class NCP_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit NCP_Analyzer(zeek::Connection* conn); ~NCP_Analyzer() override; @@ -109,9 +112,19 @@ public: protected: - NCP_Session* session; + detail::NCP_Session* session; Contents_NCP_Analyzer * o_ncp; Contents_NCP_Analyzer * r_ncp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ncp + +namespace analyzer::ncp { + +using NCP_Session [[deprecated("Remove in v4.1. Use zeek::analyzer::ncp::detail::NCP_Session.")]] = zeek::analyzer::ncp::detail::NCP_Session; +using FrameBuffer [[deprecated("Remove in v4.1. Use zeek::analyzer::ncp::detail::FrameBuffer.")]] = zeek::analyzer::ncp::detail::FrameBuffer; +using NCP_FrameBuffer [[deprecated("Remove in v4.1. Use zeek::analyzer::ncp::detail::NCP_FrameBuffer.")]] = zeek::analyzer::ncp::detail::NCP_FrameBuffer; +using Contents_NCP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ncp::Contents_NCP_Analyzer.")]] = zeek::analyzer::ncp::Contents_NCP_Analyzer; +using NCP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ncp::NCP_Analyzer.")]] = zeek::analyzer::ncp::NCP_Analyzer; + +} // namespace analyzer::ncp diff --git a/src/analyzer/protocol/ncp/Plugin.cc b/src/analyzer/protocol/ncp/Plugin.cc index 91ee989458..8fad308bf1 100644 --- a/src/analyzer/protocol/ncp/Plugin.cc +++ b/src/analyzer/protocol/ncp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_NCP { +namespace zeek::plugin::detail::Zeek_NCP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("NCP", ::analyzer::ncp::NCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NCP", zeek::analyzer::ncp::NCP_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("Contents_NCP", nullptr)); zeek::plugin::Configuration config; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_NCP diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 669d6993ec..df422d76fe 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -9,16 +9,17 @@ #include "NetVar.h" #include "Sessions.h" #include "Event.h" -#include "Net.h" +#include "RunState.h" #include "events.bif.h" -using namespace analyzer::netbios_ssn; - -double netbios_ssn_session_timeout = 15.0; +constexpr double netbios_ssn_session_timeout = 15.0; #define MAKE_INT16(dest, src) dest = *src; dest <<=8; src++; dest |= *src; src++; +namespace zeek::analyzer::netbios_ssn { +namespace detail { + NetbiosSSN_RawMsgHdr::NetbiosSSN_RawMsgHdr(const u_char*& data, int& len) { type = *data; ++data, --len; @@ -48,7 +49,6 @@ NetbiosDGM_RawMsgHdr::NetbiosDGM_RawMsgHdr(const u_char*& data, int& len) MAKE_INT16(offset, data);; len -= 2; } - NetbiosSSN_Interpreter::NetbiosSSN_Interpreter(zeek::analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; @@ -105,7 +105,7 @@ void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, break; default: - analyzer->Weird("unknown_netbios_type", fmt("0x%x", type)); + analyzer->Weird("unknown_netbios_type", zeek::util::fmt("0x%x", type)); break; } } @@ -146,7 +146,7 @@ void NetbiosSSN_Interpreter::ParseMessageTCP(const u_char* data, int len, NetbiosSSN_RawMsgHdr hdr(data, len); if ( hdr.length > unsigned(len) ) - analyzer->Weird("excess_netbios_hdr_len", fmt("(%d > %d)", + analyzer->Weird("excess_netbios_hdr_len", zeek::util::fmt("(%d > %d)", hdr.length, len)); else if ( hdr.length < unsigned(len) ) @@ -161,16 +161,15 @@ void NetbiosSSN_Interpreter::ParseMessageTCP(const u_char* data, int len, void NetbiosSSN_Interpreter::ParseMessageUDP(const u_char* data, int len, bool is_query) { - NetbiosDGM_RawMsgHdr hdr(data, len); if ( unsigned(hdr.length-14) > unsigned(len) ) - analyzer->Weird("excess_netbios_hdr_len", fmt("(%d > %d)", + analyzer->Weird("excess_netbios_hdr_len", zeek::util::fmt("(%d > %d)", hdr.length, len)); else if ( hdr.length < unsigned(len) ) { - analyzer->Weird("deficit_netbios_hdr_len", fmt("(%d < %d)", + analyzer->Weird("deficit_netbios_hdr_len", zeek::util::fmt("(%d < %d)", hdr.length, len)); len = hdr.length; } @@ -331,16 +330,17 @@ void NetbiosSSN_Interpreter::Event(zeek::EventHandlerPtr event, const u_char* da zeek::make_intrusive(new zeek::String(data, len, false))); } +} // namespace detail Contents_NetbiosSSN::Contents_NetbiosSSN(zeek::Connection* conn, bool orig, - NetbiosSSN_Interpreter* arg_interp) -: tcp::TCP_SupportAnalyzer("CONTENTS_NETBIOSSSN", conn, orig) + detail::NetbiosSSN_Interpreter* arg_interp) +: zeek::analyzer::tcp::TCP_SupportAnalyzer("CONTENTS_NETBIOSSSN", conn, orig) { interp = arg_interp; type = flags = msg_size = 0; msg_buf = nullptr; buf_n = buf_len = msg_size = 0; - state = NETBIOS_SSN_TYPE; + state = detail::NETBIOS_SSN_TYPE; } Contents_NetbiosSSN::~Contents_NetbiosSSN() @@ -365,12 +365,12 @@ void Contents_NetbiosSSN::DeliverStream(int len, const u_char* data, bool orig) void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) { - tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); - if ( state == NETBIOS_SSN_TYPE ) + if ( state == detail::NETBIOS_SSN_TYPE ) { type = *data; - state = NETBIOS_SSN_FLAGS; + state = detail::NETBIOS_SSN_FLAGS; ++data; --len; @@ -379,10 +379,10 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) return; } - if ( state == NETBIOS_SSN_FLAGS ) + if ( state == detail::NETBIOS_SSN_FLAGS ) { flags = *data; - state = NETBIOS_SSN_LEN_HI; + state = detail::NETBIOS_SSN_LEN_HI; ++data; --len; @@ -391,10 +391,10 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) return; } - if ( state == NETBIOS_SSN_LEN_HI ) + if ( state == detail::NETBIOS_SSN_LEN_HI ) { msg_size = (*data) << 8; - state = NETBIOS_SSN_LEN_LO; + state = detail::NETBIOS_SSN_LEN_LO; ++data; --len; @@ -403,10 +403,10 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) return; } - if ( state == NETBIOS_SSN_LEN_LO ) + if ( state == detail::NETBIOS_SSN_LEN_LO ) { msg_size += *data; - state = NETBIOS_SSN_BUF; + state = detail::NETBIOS_SSN_BUF; buf_n = 0; @@ -433,7 +433,7 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) return; } - if ( state != NETBIOS_SSN_BUF ) + if ( state != detail::NETBIOS_SSN_BUF ) Conn()->Internal("state inconsistency in Contents_NetbiosSSN::Deliver"); int n; @@ -450,14 +450,14 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) interp->ParseMessage(type, flags, msg_buf, msg_size, IsOrig()); buf_n = 0; - state = NETBIOS_SSN_TYPE; + state = detail::NETBIOS_SSN_TYPE; } NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("NETBIOSSSN", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("NETBIOSSSN", conn) { //smb_session = new SMB_Session(this); - interp = new NetbiosSSN_Interpreter(this); + interp = new detail::NetbiosSSN_Interpreter(this); orig_netbios = resp_netbios = nullptr; did_session_done = 0; @@ -471,7 +471,7 @@ NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(zeek::Connection* conn) else { ADD_ANALYZER_TIMER(&NetbiosSSN_Analyzer::ExpireTimer, - network_time + netbios_ssn_session_timeout, true, + zeek::run_state::network_time + netbios_ssn_session_timeout, true, zeek::detail::TIMER_NB_EXPIRE); } } @@ -484,7 +484,7 @@ NetbiosSSN_Analyzer::~NetbiosSSN_Analyzer() void NetbiosSSN_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->Timeout(); if ( Conn()->ConnTransport() == TRANSPORT_UDP && ! did_session_done ) @@ -495,15 +495,15 @@ void NetbiosSSN_Analyzer::Done() void NetbiosSSN_Analyzer::EndpointEOF(bool orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(orig); (orig ? orig_netbios : resp_netbios)->Flush(); } -void NetbiosSSN_Analyzer::ConnectionClosed(tcp::TCP_Endpoint* endpoint, - tcp::TCP_Endpoint* peer, bool gen_event) +void NetbiosSSN_Analyzer::ConnectionClosed(zeek::analyzer::tcp::TCP_Endpoint* endpoint, + zeek::analyzer::tcp::TCP_Endpoint* peer, bool gen_event) { - tcp::TCP_ApplicationAnalyzer::ConnectionClosed(endpoint, peer, gen_event); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionClosed(endpoint, peer, gen_event); // Question: Why do we flush *both* endpoints upon connection close? // orig_netbios->Flush(); @@ -513,7 +513,7 @@ void NetbiosSSN_Analyzer::ConnectionClosed(tcp::TCP_Endpoint* endpoint, void NetbiosSSN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { - tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); if ( orig ) interp->ParseMessageUDP(data, len, true); @@ -526,8 +526,8 @@ void NetbiosSSN_Analyzer::ExpireTimer(double t) // The - 1.0 in the following is to allow 1 second for the // common case of a single request followed by a single reply, // so we don't needlessly set the timer twice in that case. - if ( terminating || - network_time - Conn()->LastTime() >= + if ( zeek::run_state::terminating || + zeek::run_state::network_time - Conn()->LastTime() >= netbios_ssn_session_timeout - 1.0 ) { Event(connection_timeout); @@ -538,3 +538,5 @@ void NetbiosSSN_Analyzer::ExpireTimer(double t) t + netbios_ssn_session_timeout, true, zeek::detail::TIMER_NB_EXPIRE); } + +} // namespace zeek::analyzer::netbios_ssn diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.h b/src/analyzer/protocol/netbios/NetbiosSSN.h index 1cac17cd73..6668093b1a 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.h +++ b/src/analyzer/protocol/netbios/NetbiosSSN.h @@ -4,11 +4,11 @@ #include "analyzer/protocol/udp/UDP.h" #include "analyzer/protocol/tcp/TCP.h" -//#include "analyzer/protocol/smb/SMB.h" -namespace analyzer { namespace netbios_ssn { +namespace zeek::analyzer::netbios_ssn { +namespace detail { -typedef enum { +enum NetbiosSSN_Opcode { NETBIOS_SSN_MSG = 0x0, NETBIOS_DGM_DIRECT_UNIQUE = 0x10, NETBIOS_DGM_DIRECT_GROUP = 0x11, @@ -22,7 +22,7 @@ typedef enum { NETBIOS_SSN_NEG_RESP = 0x83, NETBIOS_SSN_RETARG_RESP = 0x84, NETBIOS_SSN_KEEP_ALIVE = 0x85, -} NetbiosSSN_Opcode; +}; // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -60,6 +60,13 @@ struct NetbiosDGM_RawMsgHdr { uint16_t offset; }; +enum NetbiosSSN_State { + NETBIOS_SSN_TYPE, // looking for type field + NETBIOS_SSN_FLAGS, // looking for flag field + NETBIOS_SSN_LEN_HI, // looking for high-order byte of length + NETBIOS_SSN_LEN_LO, // looking for low-order byte of length + NETBIOS_SSN_BUF, // building up the message in the buffer +}; class NetbiosSSN_Interpreter { public: @@ -102,31 +109,24 @@ protected: //SMB_Session* smb_session; }; - -typedef enum { - NETBIOS_SSN_TYPE, // looking for type field - NETBIOS_SSN_FLAGS, // looking for flag field - NETBIOS_SSN_LEN_HI, // looking for high-order byte of length - NETBIOS_SSN_LEN_LO, // looking for low-order byte of length - NETBIOS_SSN_BUF, // building up the message in the buffer -} NetbiosSSN_State; +} // namespace detail // ### This should be merged with TCP_Contents_RPC, TCP_Contents_DNS. -class Contents_NetbiosSSN final : public tcp::TCP_SupportAnalyzer { +class Contents_NetbiosSSN final : public zeek::analyzer::tcp::TCP_SupportAnalyzer { public: Contents_NetbiosSSN(zeek::Connection* conn, bool orig, - NetbiosSSN_Interpreter* interp); + detail::NetbiosSSN_Interpreter* interp); ~Contents_NetbiosSSN() override; void Flush(); // process any partially-received data - NetbiosSSN_State State() const { return state; } + detail::NetbiosSSN_State State() const { return state; } protected: void DeliverStream(int len, const u_char* data, bool orig) override; void ProcessChunk(int& len, const u_char*& data, bool orig); - NetbiosSSN_Interpreter* interp; + detail::NetbiosSSN_Interpreter* interp; unsigned int type; unsigned int flags; @@ -136,29 +136,29 @@ protected: int buf_len; // size of msg_buf int msg_size; // expected size of message - NetbiosSSN_State state; + detail::NetbiosSSN_State state; }; -class NetbiosSSN_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class NetbiosSSN_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit NetbiosSSN_Analyzer(zeek::Connection* conn); ~NetbiosSSN_Analyzer() override; void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new NetbiosSSN_Analyzer(conn); } protected: - void ConnectionClosed(tcp::TCP_Endpoint* endpoint, - tcp::TCP_Endpoint* peer, bool gen_event) override; + void ConnectionClosed(zeek::analyzer::tcp::TCP_Endpoint* endpoint, + zeek::analyzer::tcp::TCP_Endpoint* peer, bool gen_event) override; void EndpointEOF(bool is_orig) override; void ExpireTimer(double t); - NetbiosSSN_Interpreter* interp; + detail::NetbiosSSN_Interpreter* interp; //SMB_Session* smb_session; Contents_NetbiosSSN* orig_netbios; Contents_NetbiosSSN* resp_netbios; @@ -168,4 +168,37 @@ protected: // FIXME: Doesn't really fit into new analyzer structure. What to do? int IsReuse(double t, const u_char* pkt); -} } // namespace analyzer::* +} // namespace zeek::analyzer::netbios_ssn + +namespace analyzer::netbios_ssn { + +using NetbiosSSN_Opcode [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::detail::NetbiosSSN_Opcode.")]] = zeek::analyzer::netbios_ssn::detail::NetbiosSSN_Opcode; +constexpr auto NETBIOS_SSN_MSG [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_MSG.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_MSG; +constexpr auto NETBIOS_DGM_DIRECT_UNIQUE [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_DIRECT_UNIQUE.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_DIRECT_UNIQUE; +constexpr auto NETBIOS_DGM_DIRECT_GROUP [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_DIRECT_GROUP.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_DIRECT_GROUP; +constexpr auto NETBIOS_DGM_BROADCAST [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_BROADCAST.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_BROADCAST; +constexpr auto NETBIOS_DGM_ERROR [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_ERROR.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_ERROR; +constexpr auto NETBIOS_DGG_QUERY_REQ [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGG_QUERY_REQ.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGG_QUERY_REQ; +constexpr auto NETBIOS_DGM_POS_RESP [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_POS_RESP.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_POS_RESP; +constexpr auto NETBIOS_DGM_NEG_RESP [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_NEG_RESP.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_DGM_NEG_RESP; +constexpr auto NETBIOS_SSN_REQ [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_REQ.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_REQ; +constexpr auto NETBIOS_SSN_POS_RESP [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_POS_RESP.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_POS_RESP; +constexpr auto NETBIOS_SSN_NEG_RESP [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_NEG_RESP.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_NEG_RESP; +constexpr auto NETBIOS_SSN_RETARG_RESP [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_RETARG_RESP.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_RETARG_RESP; +constexpr auto NETBIOS_SSN_KEEP_ALIVE [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_KEEP_ALIVE.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_KEEP_ALIVE; + +using NetbiosSSN_RawMsgHdr [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::detail::NetbiosSSN_RawMsgHdr.")]] = zeek::analyzer::netbios_ssn::detail::NetbiosSSN_RawMsgHdr; +using NetbiosDGM_RawMsgHdr [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::detail::NetbiosDGM_RawMsgHdr.")]] = zeek::analyzer::netbios_ssn::detail::NetbiosDGM_RawMsgHdr; + +using NetbiosSSN_State [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::detail::NetbiosSSN_State.")]] = zeek::analyzer::netbios_ssn::detail::NetbiosSSN_State; +constexpr auto NETBIOS_SSN_TYPE [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_TYPE.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_TYPE; +constexpr auto NETBIOS_SSN_FLAGS [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_FLAGS.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_FLAGS; +constexpr auto NETBIOS_SSN_LEN_HI [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_LEN_HI.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_LEN_HI; +constexpr auto NETBIOS_SSN_LEN_LO [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_LEN_LO.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_LEN_LO; +constexpr auto NETBIOS_SSN_BUF [[deprecated("Remove in v4.1. Uze zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_BUF.")]] = zeek::analyzer::netbios_ssn::detail::NETBIOS_SSN_BUF; + +using NetbiosSSN_Interpreter [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::detail::NetbiosSSN_Interpreter.")]] = zeek::analyzer::netbios_ssn::detail::NetbiosSSN_Interpreter; +using Contents_NetbiosSSN [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::Contents_NetbiosSSN.")]] = zeek::analyzer::netbios_ssn::Contents_NetbiosSSN; +using NetbiosSSN_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::netbios_ssn::NetbiosSSN_Analyzer.")]] = zeek::analyzer::netbios_ssn::NetbiosSSN_Analyzer; + +} // namespace analyzer::netbios_ssn diff --git a/src/analyzer/protocol/netbios/Plugin.cc b/src/analyzer/protocol/netbios/Plugin.cc index cc68192fcc..519430bb65 100644 --- a/src/analyzer/protocol/netbios/Plugin.cc +++ b/src/analyzer/protocol/netbios/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_NetBIOS { +namespace zeek::plugin::detail::Zeek_NetBIOS { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("NetbiosSSN", ::analyzer::netbios_ssn::NetbiosSSN_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NetbiosSSN", zeek::analyzer::netbios_ssn::NetbiosSSN_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("Contents_NetbiosSSN", nullptr)); zeek::plugin::Configuration config; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_NetBIOS diff --git a/src/analyzer/protocol/ntlm/NTLM.cc b/src/analyzer/protocol/ntlm/NTLM.cc index b76de6a59f..1bc4e69ea7 100644 --- a/src/analyzer/protocol/ntlm/NTLM.cc +++ b/src/analyzer/protocol/ntlm/NTLM.cc @@ -5,10 +5,10 @@ #include "Reporter.h" #include "events.bif.h" -using namespace analyzer::ntlm; +namespace zeek::analyzer::ntlm { NTLM_Analyzer::NTLM_Analyzer(zeek::Connection* c) - : tcp::TCP_ApplicationAnalyzer("NTLM", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("NTLM", c) { interp = new binpac::NTLM::NTLM_Conn(this); } @@ -20,7 +20,7 @@ NTLM_Analyzer::~NTLM_Analyzer() void NTLM_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -28,13 +28,13 @@ void NTLM_Analyzer::Done() void NTLM_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void NTLM_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); @@ -45,12 +45,14 @@ void NTLM_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void NTLM_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::ntlm diff --git a/src/analyzer/protocol/ntlm/NTLM.h b/src/analyzer/protocol/ntlm/NTLM.h index 60f0067af6..c4de65a93a 100644 --- a/src/analyzer/protocol/ntlm/NTLM.h +++ b/src/analyzer/protocol/ntlm/NTLM.h @@ -7,9 +7,9 @@ #include "ntlm_pac.h" -namespace analyzer { namespace ntlm { +namespace zeek::analyzer::ntlm { -class NTLM_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class NTLM_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit NTLM_Analyzer(zeek::Connection* conn); @@ -21,7 +21,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) @@ -31,4 +31,10 @@ protected: binpac::NTLM::NTLM_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ntlm + +namespace analyzer::ntlm { + +using NTLM_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ntlm::NTLM_Analyzer.")]] = zeek::analyzer::ntlm::NTLM_Analyzer; + +} // namespace analyzer::ntlm diff --git a/src/analyzer/protocol/ntlm/Plugin.cc b/src/analyzer/protocol/ntlm/Plugin.cc index 402665db59..bf40e72a89 100644 --- a/src/analyzer/protocol/ntlm/Plugin.cc +++ b/src/analyzer/protocol/ntlm/Plugin.cc @@ -4,14 +4,13 @@ #include "NTLM.h" -namespace plugin { -namespace Zeek_NTLM { +namespace zeek::plugin::detail::Zeek_NTLM { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("NTLM", ::analyzer::ntlm::NTLM_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NTLM", zeek::analyzer::ntlm::NTLM_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::NTLM"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_NTLM diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index a38fd8531a..805c70c90a 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -4,7 +4,7 @@ #include "events.bif.h" -using namespace analyzer::NTP; +namespace zeek::analyzer::ntp { NTP_Analyzer::NTP_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("NTP", c) @@ -34,6 +34,8 @@ void NTP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::ntp diff --git a/src/analyzer/protocol/ntp/NTP.h b/src/analyzer/protocol/ntp/NTP.h index 1f38953b07..fb158a2637 100644 --- a/src/analyzer/protocol/ntp/NTP.h +++ b/src/analyzer/protocol/ntp/NTP.h @@ -7,7 +7,7 @@ #include "ntp_pac.h" -namespace analyzer { namespace NTP { +namespace zeek::analyzer::ntp { class NTP_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -26,4 +26,10 @@ protected: binpac::NTP::NTP_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ntp + +namespace analyzer::NTP { + +using NTP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ntp::NTP_Analyzer.")]] = zeek::analyzer::ntp::NTP_Analyzer; + +} // namespace analyzer::NTP diff --git a/src/analyzer/protocol/ntp/Plugin.cc b/src/analyzer/protocol/ntp/Plugin.cc index 4979d27eb1..d6587fe688 100644 --- a/src/analyzer/protocol/ntp/Plugin.cc +++ b/src/analyzer/protocol/ntp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_NTP { +namespace zeek::plugin::detail::Zeek_NTP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("NTP", ::analyzer::NTP::NTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NTP", zeek::analyzer::ntp::NTP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::NTP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_NTP diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 6af523f416..2475dd2d05 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -5,10 +5,11 @@ #include "IP.h" #include "DebugLogger.h" #include "Reporter.h" +#include "RunState.h" #include "analyzer/protocol/tcp/TCP_Flags.h" #include "analyzer/protocol/tcp/TCP_Reassembler.h" -using namespace analyzer::pia; +namespace zeek::analyzer::pia { PIA::PIA(zeek::analyzer::Analyzer* arg_as_analyzer) : state(INIT), as_analyzer(arg_as_analyzer), conn(), current_packet() @@ -104,8 +105,8 @@ void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t len > 0 ) { AddToBuffer(&pkt_buffer, seq, len, data, is_orig, ip); - if ( pkt_buffer.size > dpd_buffer_size ) - new_state = dpd_match_only_beginning ? + if ( pkt_buffer.size > zeek::detail::dpd_buffer_size ) + new_state = zeek::detail::dpd_match_only_beginning ? SKIPPING : MATCHING_ONLY; } @@ -163,7 +164,7 @@ void PIA_UDP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule zeek::event_mgr.Enqueue(protocol_late_match, ConnVal(), tval); } - pkt_buffer.state = dpd_late_match_stop ? SKIPPING : MATCHING_ONLY; + pkt_buffer.state = zeek::detail::dpd_late_match_stop ? SKIPPING : MATCHING_ONLY; return; } @@ -193,7 +194,7 @@ PIA_TCP::~PIA_TCP() void PIA_TCP::Init() { - tcp::TCP_ApplicationAnalyzer::Init(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Init(); if ( Parent()->IsAnalyzer("TCP") ) { @@ -253,7 +254,7 @@ void PIA_TCP::FirstPacket(bool is_orig, const zeek::IP_Hdr* ip) void PIA_TCP::DeliverStream(int len, const u_char* data, bool is_orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); if ( stream_buffer.state == SKIPPING ) return; @@ -271,8 +272,8 @@ void PIA_TCP::DeliverStream(int len, const u_char* data, bool is_orig) if ( stream_buffer.state == BUFFERING || new_state == BUFFERING ) { AddToBuffer(&stream_buffer, len, data, is_orig); - if ( stream_buffer.size > dpd_buffer_size ) - new_state = dpd_match_only_beginning ? + if ( stream_buffer.size > zeek::detail::dpd_buffer_size ) + new_state = zeek::detail::dpd_match_only_beginning ? SKIPPING : MATCHING_ONLY; } @@ -283,7 +284,7 @@ void PIA_TCP::DeliverStream(int len, const u_char* data, bool is_orig) void PIA_TCP::Undelivered(uint64_t seq, int len, bool is_orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, is_orig); if ( stream_buffer.state == BUFFERING ) // We use data=nil to mark an undelivered. @@ -310,7 +311,7 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule zeek::event_mgr.Enqueue(protocol_late_match, ConnVal(), tval); } - stream_buffer.state = dpd_late_match_stop ? SKIPPING : MATCHING_ONLY; + stream_buffer.state = zeek::detail::dpd_late_match_stop ? SKIPPING : MATCHING_ONLY; return; } @@ -385,11 +386,11 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule // worth the effort. if ( b->is_orig ) - reass_orig->DataSent(network_time, orig_seq = b->seq, - b->len, b->data, tcp::TCP_Flags(), true); + reass_orig->DataSent(zeek::run_state::network_time, orig_seq = b->seq, + b->len, b->data, tcp::TCP_Flags(), true); else - reass_resp->DataSent(network_time, resp_seq = b->seq, - b->len, b->data, tcp::TCP_Flags(), true); + reass_resp->DataSent(zeek::run_state::network_time, resp_seq = b->seq, + b->len, b->data, tcp::TCP_Flags(), true); } // We also need to pass the current packet on. @@ -397,11 +398,11 @@ void PIA_TCP::ActivateAnalyzer(zeek::analyzer::Tag tag, const zeek::detail::Rule if ( current->data ) { if ( current->is_orig ) - reass_orig->DataSent(network_time, + reass_orig->DataSent(zeek::run_state::network_time, orig_seq = current->seq, current->len, current->data, analyzer::tcp::TCP_Flags(), true); else - reass_resp->DataSent(network_time, + reass_resp->DataSent(zeek::run_state::network_time, resp_seq = current->seq, current->len, current->data, analyzer::tcp::TCP_Flags(), true); } @@ -435,3 +436,5 @@ void PIA_TCP::ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer) analyzer->NextUndelivered(b->seq, b->len, b->is_orig); } } + +} // namespace zeek::analyzer::pia diff --git a/src/analyzer/protocol/pia/PIA.h b/src/analyzer/protocol/pia/PIA.h index 97865144e1..dc0a594ece 100644 --- a/src/analyzer/protocol/pia/PIA.h +++ b/src/analyzer/protocol/pia/PIA.h @@ -8,7 +8,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(RuleEndpointState, zeek::detail); -namespace analyzer { namespace pia { +namespace zeek::analyzer::pia { // Abstract PIA class providing common functionality for both TCP and UDP. // Accepts only packet input. @@ -118,10 +118,10 @@ protected: // PIA for TCP. Accepts both packet and stream input (and reassembles // packets before passing payload on to children). -class PIA_TCP : public PIA, public tcp::TCP_ApplicationAnalyzer { +class PIA_TCP : public PIA, public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit PIA_TCP(zeek::Connection* conn) - : PIA(this), tcp::TCP_ApplicationAnalyzer("PIA_TCP", conn) + : PIA(this), zeek::analyzer::tcp::TCP_ApplicationAnalyzer("PIA_TCP", conn) { stream_mode = false; SetConn(conn); } ~PIA_TCP() override; @@ -172,4 +172,12 @@ private: bool stream_mode; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::pia + +namespace analzyer::pia { + +using PIA [[deprecated("Remove in v4.1. Use zeek::analyzer::pia::PIA.")]] = zeek::analyzer::pia::PIA; +using PIA_TCP [[deprecated("Remove in v4.1. Use zeek::analyzer::pia::PIA_TCP.")]] = zeek::analyzer::pia::PIA_TCP; +using PIA_UDP [[deprecated("Remove in v4.1. Use zeek::analyzer::pia::PIA_UDP.")]] = zeek::analyzer::pia::PIA_UDP; + +} // namespace analyzer::pia diff --git a/src/analyzer/protocol/pia/Plugin.cc b/src/analyzer/protocol/pia/Plugin.cc index 90d444bd96..6f42a90c62 100644 --- a/src/analyzer/protocol/pia/Plugin.cc +++ b/src/analyzer/protocol/pia/Plugin.cc @@ -4,15 +4,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_PIA { +namespace zeek::plugin::detail::Zeek_PIA { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("PIA_TCP", ::analyzer::pia::PIA_TCP::Instantiate)); - AddComponent(new zeek::analyzer::Component("PIA_UDP", ::analyzer::pia::PIA_UDP::Instantiate)); + AddComponent(new zeek::analyzer::Component("PIA_TCP", zeek::analyzer::pia::PIA_TCP::Instantiate)); + AddComponent(new zeek::analyzer::Component("PIA_UDP", zeek::analyzer::pia::PIA_UDP::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::PIA"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_PIA diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 52ae99b5c2..316ab8b355 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -14,7 +14,7 @@ #include "events.bif.h" -using namespace analyzer::pop3; +namespace zeek::analyzer::pop3 { #undef POP3_CMD_DEF #define POP3_CMD_DEF(cmd) #cmd, @@ -25,14 +25,13 @@ static const char* pop3_cmd_word[] = { #define POP3_CMD_WORD(code) ((code >= 0) ? pop3_cmd_word[code] : "(UNKNOWN)") - POP3_Analyzer::POP3_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("POP3", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("POP3", conn) { - masterState = POP3_START; - subState = POP3_WOK; - state = START; - lastState = START; + masterState = detail::POP3_START; + subState = detail::POP3_WOK; + state = detail::START; + lastState = detail::START; guessing = false; waitingForAuthentication = false; @@ -45,10 +44,10 @@ POP3_Analyzer::POP3_Analyzer(zeek::Connection* conn) mail = nullptr; - cl_orig = new tcp::ContentLine_Analyzer(conn, true); + cl_orig = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, true); AddSupportAnalyzer(cl_orig); - cl_resp = new tcp::ContentLine_Analyzer(conn, false); + cl_resp = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, false); AddSupportAnalyzer(cl_resp); } @@ -58,7 +57,7 @@ POP3_Analyzer::~POP3_Analyzer() void POP3_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( mail ) EndData(); @@ -67,7 +66,7 @@ void POP3_Analyzer::Done() void POP3_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); if ( tls ) { @@ -92,7 +91,7 @@ static std::string trim_whitespace(const char* in) char* out = new char[n + 1]; char* out_p = out; - in = skip_whitespace(in); + in = zeek::util::skip_whitespace(in); while ( *in ) { @@ -145,7 +144,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line) } switch ( state ) { - case AUTH_LOGIN: + case detail::AUTH_LOGIN: // Format: Line 1 - User // Line 2 - Password if ( authLines == 1 ) @@ -156,7 +155,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line) break; - case AUTH_PLAIN: + case detail::AUTH_PLAIN: { // Format: "authorization identityauthentication // identitypassword" @@ -195,7 +194,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line) break; } - case AUTH_CRAM_MD5: + case detail::AUTH_CRAM_MD5: { // Format: "userpassword-hash" const char* s; const char* str = (char*) decoded->CheckString(); @@ -209,7 +208,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line) break; } - case AUTH: + case detail::AUTH: break; default: @@ -246,7 +245,7 @@ static std::string commands[] = { void POP3_Analyzer::NotAllowed(const char* cmd, const char* state) { POP3Event(pop3_unexpected, true, cmd, - fmt("not allowed in other state than '%s'", state)); + zeek::util::fmt("not allowed in other state than '%s'", state)); } void POP3_Analyzer::ProcessClientCmd() @@ -268,8 +267,8 @@ void POP3_Analyzer::ProcessClientCmd() if ( ! waitingForAuthentication ) { Weird("pop3_client_command_unknown"); - if ( subState == POP3_WOK ) - subState = POP3_OK; + if ( subState == detail::POP3_WOK ) + subState = detail::POP3_OK; } return; } @@ -279,31 +278,31 @@ void POP3_Analyzer::ProcessClientCmd() const char* message = tokens.size() > 1 ? tokens[1].c_str() : ""; switch ( cmd_code ) { - case POP3_CMD_ERR: - case POP3_CMD_OK: + case detail::POP3_CMD_ERR: + case detail::POP3_CMD_OK: Weird("pop3_client_sending_server_commands"); break; - case POP3_CMD_USER: - if ( masterState == POP3_AUTHORIZATION ) + case detail::POP3_CMD_USER: + if ( masterState == detail::POP3_AUTHORIZATION ) { POP3Event(pop3_request, true, cmd, message); - state = USER; - subState = POP3_WOK; + state = detail::USER; + subState = detail::POP3_WOK; user = message; } else NotAllowed(cmd, "authorization"); break; - case POP3_CMD_PASS: - if ( masterState == POP3_AUTHORIZATION ) + case detail::POP3_CMD_PASS: + if ( masterState == detail::POP3_AUTHORIZATION ) { - if ( state == USER ) + if ( state == detail::USER ) { POP3Event(pop3_request, true, cmd, message); - state = PASS; - subState = POP3_WOK; + state = detail::PASS; + subState = detail::POP3_WOK; password = message; } else @@ -314,14 +313,14 @@ void POP3_Analyzer::ProcessClientCmd() NotAllowed(cmd, "authorization"); break; - case POP3_CMD_APOP: - if ( masterState == POP3_AUTHORIZATION ) + case detail::POP3_CMD_APOP: + if ( masterState == detail::POP3_AUTHORIZATION ) { POP3Event(pop3_request, true, cmd, message); - state = APOP; - subState = POP3_WOK; + state = detail::APOP; + subState = detail::POP3_WOK; - char* arg1 = copy_string(message); + char* arg1 = zeek::util::copy_string(message); char* e; for ( e = arg1; *e && *e != ' ' && *e != '\t'; ++e ) ; @@ -333,32 +332,32 @@ void POP3_Analyzer::ProcessClientCmd() NotAllowed(cmd, "authorization"); break; - case POP3_CMD_AUTH: - if ( masterState == POP3_AUTHORIZATION ) + case detail::POP3_CMD_AUTH: + if ( masterState == detail::POP3_AUTHORIZATION ) { POP3Event(pop3_request, true, cmd, message); if ( ! *message ) { requestForMultiLine = true; - state = AUTH; - subState = POP3_WOK; + state = detail::AUTH; + subState = detail::POP3_WOK; } else { if ( strstr(message, "LOGIN") ) - state = AUTH_LOGIN; + state = detail::AUTH_LOGIN; else if ( strstr(message, "PLAIN") ) - state = AUTH_PLAIN; + state = detail::AUTH_PLAIN; else if ( strstr(message, "CRAM-MD5") ) - state = AUTH_CRAM_MD5; + state = detail::AUTH_CRAM_MD5; else { - state = AUTH; + state = detail::AUTH; POP3Event(pop3_unexpected, true, cmd, - fmt("unknown AUTH method %s", message)); + zeek::util::fmt("unknown AUTH method %s", message)); } - subState = POP3_WOK; + subState = detail::POP3_WOK; waitingForAuthentication = true; authLines = 0; } @@ -368,31 +367,31 @@ void POP3_Analyzer::ProcessClientCmd() "pass must follow the command 'USER'"); break; - case POP3_CMD_STAT: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_STAT: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = STAT; + subState = detail::POP3_WOK; + state = detail::STAT; } else NotAllowed(cmd, "transaction"); break; - case POP3_CMD_LIST: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_LIST: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); if ( ! *message ) { requestForMultiLine = true; - state = LIST; - subState = POP3_WOK; + state = detail::LIST; + subState = detail::POP3_WOK; } else { - state = LIST; - subState = POP3_WOK; + state = detail::LIST; + subState = detail::POP3_WOK; } } else @@ -401,148 +400,148 @@ void POP3_Analyzer::ProcessClientCmd() requestForMultiLine = true; guessing = true; - lastState = LIST; + lastState = detail::LIST; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_RETR: + case detail::POP3_CMD_RETR: requestForMultiLine = true; - if ( masterState == POP3_TRANSACTION ) + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = RETR; + subState = detail::POP3_WOK; + state = detail::RETR; } else { guessing = true; - lastState = RETR; + lastState = detail::RETR; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_DELE: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_DELE: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = DELE; + subState = detail::POP3_WOK; + state = detail::DELE; } else { guessing = true; - lastState = DELE; + lastState = detail::DELE; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_RSET: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_RSET: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = RSET; + subState = detail::POP3_WOK; + state = detail::RSET; } else { guessing = true; - lastState = RSET; + lastState = detail::RSET; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_NOOP: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_NOOP: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = NOOP; + subState = detail::POP3_WOK; + state = detail::NOOP; } else { guessing = true; - lastState = NOOP; + lastState = detail::NOOP; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_LAST: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_LAST: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = LAST; + subState = detail::POP3_WOK; + state = detail::LAST; } else { guessing = true; - lastState = LAST; + lastState = detail::LAST; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_QUIT: - if ( masterState == POP3_AUTHORIZATION || - masterState == POP3_TRANSACTION || - masterState == POP3_START ) + case detail::POP3_CMD_QUIT: + if ( masterState == detail::POP3_AUTHORIZATION || + masterState == detail::POP3_TRANSACTION || + masterState == detail::POP3_START ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = QUIT; + subState = detail::POP3_WOK; + state = detail::QUIT; } else { guessing = true; - lastState = LAST; + lastState = detail::LAST; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_TOP: + case detail::POP3_CMD_TOP: requestForMultiLine = true; - if ( masterState == POP3_TRANSACTION ) + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = TOP; + subState = detail::POP3_WOK; + state = detail::TOP; } else { guessing = true; - lastState = TOP; + lastState = detail::TOP; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_CAPA: + case detail::POP3_CMD_CAPA: POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = CAPA; + subState = detail::POP3_WOK; + state = detail::CAPA; requestForMultiLine = true; break; - case POP3_CMD_STLS: + case detail::POP3_CMD_STLS: POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = STLS; + subState = detail::POP3_WOK; + state = detail::STLS; break; - case POP3_CMD_UIDL: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_UIDL: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); if ( ! *message ) { requestForMultiLine = true; - state = UIDL; - subState = POP3_WOK; + state = detail::UIDL; + subState = detail::POP3_WOK; } else { - state = UIDL; - subState = POP3_WOK; + state = detail::UIDL; + subState = detail::POP3_WOK; } } else @@ -551,22 +550,22 @@ void POP3_Analyzer::ProcessClientCmd() requestForMultiLine = true; guessing = true; - lastState = UIDL; + lastState = detail::UIDL; NotAllowed(cmd, "transaction"); } break; - case POP3_CMD_XSENDER: - if ( masterState == POP3_TRANSACTION ) + case detail::POP3_CMD_XSENDER: + if ( masterState == detail::POP3_TRANSACTION ) { POP3Event(pop3_request, true, cmd, message); - subState = POP3_WOK; - state = LAST; + subState = detail::POP3_WOK; + state = detail::LAST; } else { guessing = true; - lastState = XSENDER; + lastState = detail::XSENDER; NotAllowed(cmd, "transaction"); } break; @@ -610,7 +609,7 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) } else { - if ( state == RETR || state == TOP ) + if ( state == detail::RETR || state == detail::TOP ) { int data_len = end_of_line - line; ProcessData(data_len, line); @@ -635,15 +634,15 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) { if ( ! waitingForAuthentication ) { - ProtocolViolation(fmt("unknown server command (%s)", - (tokens.size() > 0 ? - tokens[0].c_str() : - "???")), - line, length); + ProtocolViolation(zeek::util::fmt("unknown server command (%s)", + (tokens.size() > 0 ? + tokens[0].c_str() : + "???")), + line, length); Weird("pop3_server_command_unknown"); - if ( subState == POP3_WOK ) - subState = POP3_OK; + if ( subState == detail::POP3_WOK ) + subState = detail::POP3_OK; } return; } @@ -653,13 +652,13 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) const char* message = tokens.size() > 1 ? tokens[1].c_str() : ""; switch ( cmd_code ) { - case POP3_CMD_OK: - if ( subState == POP3_WOK ) - subState = POP3_OK; + case detail::POP3_CMD_OK: + if ( subState == detail::POP3_WOK ) + subState = detail::POP3_OK; if ( guessing ) { - masterState = POP3_TRANSACTION; + masterState = detail::POP3_TRANSACTION; guessing = false; state = lastState; POP3Event(pop3_unexpected, false, cmd, @@ -667,43 +666,43 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) } switch ( state ) { - case START: - masterState = POP3_AUTHORIZATION; + case detail::START: + masterState = detail::POP3_AUTHORIZATION; break; - case USER: - state = USER; - masterState = POP3_AUTHORIZATION; + case detail::USER: + state = detail::USER; + masterState = detail::POP3_AUTHORIZATION; ProtocolConfirmation(); break; - case PASS: - case APOP: - case NOOP: - case LAST: - case STAT: - case RSET: - case DELE: - case XSENDER: - if ( masterState == POP3_AUTHORIZATION ) + case detail::PASS: + case detail::APOP: + case detail::NOOP: + case detail::LAST: + case detail::STAT: + case detail::RSET: + case detail::DELE: + case detail::XSENDER: + if ( masterState == detail::POP3_AUTHORIZATION ) AuthSuccessfull(); - masterState = POP3_TRANSACTION; + masterState = detail::POP3_TRANSACTION; break; - case AUTH: - case AUTH_PLAIN: - case AUTH_CRAM_MD5: - case AUTH_LOGIN: + case detail::AUTH: + case detail::AUTH_PLAIN: + case detail::AUTH_CRAM_MD5: + case detail::AUTH_LOGIN: if ( requestForMultiLine == true ) multiLine = true; if ( waitingForAuthentication ) - masterState = POP3_TRANSACTION; + masterState = detail::POP3_TRANSACTION; waitingForAuthentication = false; AuthSuccessfull(); break; - case TOP: - case RETR: + case detail::TOP: + case detail::RETR: { int data_len = end_of_line - line; if ( ! mail ) @@ -715,29 +714,29 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) break; } - case CAPA: + case detail::CAPA: ProtocolConfirmation(); // Fall-through. - case UIDL: - case LIST: + case detail::UIDL: + case detail::LIST: if (requestForMultiLine == true) multiLine = true; break; - case STLS: + case detail::STLS: ProtocolConfirmation(); tls = true; StartTLS(); return; - case QUIT: - if ( masterState == POP3_AUTHORIZATION || - masterState == POP3_START ) - masterState = POP3_FINISHED; + case detail::QUIT: + if ( masterState == detail::POP3_AUTHORIZATION || + masterState == detail::POP3_START ) + masterState = detail::POP3_FINISHED; - else if ( masterState == POP3_TRANSACTION ) - masterState = POP3_UPDATE; + else if ( masterState == detail::POP3_TRANSACTION ) + masterState = detail::POP3_UPDATE; break; } @@ -749,9 +748,9 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) FinishClientCmd(); break; - case POP3_CMD_ERR: - if ( subState == POP3_WOK ) - subState = POP3_OK; + case detail::POP3_CMD_ERR: + if ( subState == detail::POP3_WOK ) + subState = detail::POP3_OK; multiLine = false; requestForMultiLine = false; @@ -759,18 +758,18 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) waitingForAuthentication = false; switch ( state ) { - case START: + case detail::START: break; - case USER: - case PASS: - case APOP: - case AUTH: - case AUTH_LOGIN: - case AUTH_PLAIN: - case AUTH_CRAM_MD5: - masterState = POP3_AUTHORIZATION; - state = START; + case detail::USER: + case detail::PASS: + case detail::APOP: + case detail::AUTH: + case detail::AUTH_LOGIN: + case detail::AUTH_PLAIN: + case detail::AUTH_CRAM_MD5: + masterState = detail::POP3_AUTHORIZATION; + state = detail::START; waitingForAuthentication = false; if ( user.size() ) @@ -778,27 +777,27 @@ void POP3_Analyzer::ProcessReply(int length, const char* line) user.c_str(), password.c_str()); break; - case NOOP: - case LAST: - case STAT: - case RSET: - case DELE: - case LIST: - case RETR: - case UIDL: - case TOP: - case XSENDER: - masterState = POP3_TRANSACTION; + case detail::NOOP: + case detail::LAST: + case detail::STAT: + case detail::RSET: + case detail::DELE: + case detail::LIST: + case detail::RETR: + case detail::UIDL: + case detail::TOP: + case detail::XSENDER: + masterState = detail::POP3_TRANSACTION; break; - case CAPA: + case detail::CAPA: break; - case QUIT: - if ( masterState == POP3_AUTHORIZATION || - masterState == POP3_TRANSACTION || - masterState == POP3_START ) - masterState = POP3_FINISHED; + case detail::QUIT: + if ( masterState == detail::POP3_AUTHORIZATION || + masterState == detail::POP3_TRANSACTION || + masterState == detail::POP3_START ) + masterState = detail::POP3_FINISHED; break; } @@ -839,7 +838,7 @@ void POP3_Analyzer::AuthSuccessfull() void POP3_Analyzer::BeginData(bool orig) { delete mail; - mail = new mime::MIME_Mail(this, orig); + mail = new zeek::analyzer::mime::MIME_Mail(this, orig); } void POP3_Analyzer::EndData() @@ -864,7 +863,7 @@ int POP3_Analyzer::ParseCmd(std::string cmd) if ( cmd.size() == 0 ) return -1; - for ( int code = POP3_CMD_OK; code < POP3_CMD_END; ++code ) + for ( int code = detail::POP3_CMD_OK; code < detail::POP3_CMD_END; ++code ) { char c = cmd.c_str()[0]; if ( c == '+' || c == '-' ) @@ -929,3 +928,5 @@ void POP3_Analyzer::POP3Event(zeek::EventHandlerPtr event, bool is_orig, EnqueueConnEvent(event, std::move(vl)); } + +} // namespace zeek::analyzer::pop3 diff --git a/src/analyzer/protocol/pop3/POP3.h b/src/analyzer/protocol/pop3/POP3.h index f59a35d111..9d5fbd4f70 100644 --- a/src/analyzer/protocol/pop3/POP3.h +++ b/src/analyzer/protocol/pop3/POP3.h @@ -16,21 +16,22 @@ #undef POP3_CMD_DEF #define POP3_CMD_DEF(cmd) POP3_CMD_##cmd, -namespace analyzer { namespace pop3 { +namespace zeek::analyzer::pop3 { +namespace detail { -typedef enum { +enum POP3_Cmd { #include "POP3_cmd.def" -} POP3_Cmd; +}; -typedef enum { +enum POP3_MasterState { POP3_START, POP3_AUTHORIZATION, POP3_TRANSACTION, POP3_UPDATE, POP3_FINISHED, -} POP3_MasterState; +}; -typedef enum { +enum POP3_State { START, USER, PASS, @@ -54,14 +55,16 @@ typedef enum { XSENDER, MISC, END, -} POP3_State; +}; -typedef enum { +enum POP3_SubState { POP3_OK, POP3_WOK, -} POP3_SubState; +}; -class POP3_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +} // namespace detail + +class POP3_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit POP3_Analyzer(zeek::Connection* conn); ~POP3_Analyzer() override; @@ -105,13 +108,54 @@ protected: void POP3Event(zeek::EventHandlerPtr event, bool is_orig, const char* arg1 = nullptr, const char* arg2 = nullptr); - mime::MIME_Mail* mail; + zeek::analyzer::mime::MIME_Mail* mail; std::list cmds; private: bool tls; - tcp::ContentLine_Analyzer* cl_orig; - tcp::ContentLine_Analyzer* cl_resp; + zeek::analyzer::tcp::ContentLine_Analyzer* cl_orig; + zeek::analyzer::tcp::ContentLine_Analyzer* cl_resp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::pop3 + +namespace analyzer::pop3 { + +using POP3_Cmd [[deprecated("Remove in v4.1. Use zeek::analyzer::pop3::detail::POP3_Cmd.")]] = zeek::analyzer::pop3::detail::POP3_Cmd; +// These values are from a #include above + +using POP3_MasterState [[deprecated("Remove in v4.1. Use zeek::analyzer::pop3::detail::POP3_MasterState.")]] = zeek::analyzer::pop3::detail::POP3_MasterState; +constexpr auto POP3_START [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::POP3_START.")]] = zeek::analyzer::pop3::detail::POP3_START; +constexpr auto POP3_AUTHORIZATION [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::POP3_AUTHORIZATION.")]] = zeek::analyzer::pop3::detail::POP3_AUTHORIZATION; +constexpr auto POP3_TRANSACTION [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::POP3_TRANSACTION.")]] = zeek::analyzer::pop3::detail::POP3_TRANSACTION; +constexpr auto POP3_UPDATE [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::POP3_UPDATE.")]] = zeek::analyzer::pop3::detail::POP3_UPDATE; +constexpr auto POP3_FINISHED [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::POP3_FINISHED.")]] = zeek::analyzer::pop3::detail::POP3_FINISHED; + +using POP3_State [[deprecated("Remove in v4.1. Use zeek::analyzer::pop3::detail::POP3_State.")]] = zeek::analyzer::pop3::detail::POP3_State; +constexpr auto START [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::START.")]] = zeek::analyzer::pop3::detail::START; +constexpr auto USER [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::USER.")]] = zeek::analyzer::pop3::detail::USER; +constexpr auto PASS [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::PASS.")]] = zeek::analyzer::pop3::detail::PASS; +constexpr auto APOP [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::APOP.")]] = zeek::analyzer::pop3::detail::APOP; +constexpr auto AUTH [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::AUTH.")]] = zeek::analyzer::pop3::detail::AUTH; +constexpr auto AUTH_PLAIN [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::AUTH_PLAIN.")]] = zeek::analyzer::pop3::detail::AUTH_PLAIN; +constexpr auto AUTH_LOGIN [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::AUTH_LOGIN.")]] = zeek::analyzer::pop3::detail::AUTH_LOGIN; +constexpr auto AUTH_CRAM_MD5 [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::AUTH_CRAM_MD5.")]] = zeek::analyzer::pop3::detail::AUTH_CRAM_MD5; +constexpr auto NOOP [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::NOOP.")]] = zeek::analyzer::pop3::detail::NOOP; +constexpr auto LAST [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::LAST.")]] = zeek::analyzer::pop3::detail::LAST; +constexpr auto STAT [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::STAT.")]] = zeek::analyzer::pop3::detail::STAT; +constexpr auto LIST [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::LIST.")]] = zeek::analyzer::pop3::detail::LIST; +constexpr auto RETR [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::RETR.")]] = zeek::analyzer::pop3::detail::RETR; +constexpr auto DELE [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::DELE.")]] = zeek::analyzer::pop3::detail::DELE; +constexpr auto UIDL [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::UIDL.")]] = zeek::analyzer::pop3::detail::UIDL; +constexpr auto TOP [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::TOP.")]] = zeek::analyzer::pop3::detail::TOP; +constexpr auto QUIT [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::QUIT.")]] = zeek::analyzer::pop3::detail::QUIT; +constexpr auto RSET [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::RSET.")]] = zeek::analyzer::pop3::detail::RSET; +constexpr auto CAPA [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::CAPA.")]] = zeek::analyzer::pop3::detail::CAPA; +constexpr auto STLS [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::STLS.")]] = zeek::analyzer::pop3::detail::STLS; +constexpr auto XSENDER [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::XSENDER.")]] = zeek::analyzer::pop3::detail::XSENDER; +constexpr auto MISC [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::MISC.")]] = zeek::analyzer::pop3::detail::MISC; +constexpr auto END [[deprecated("Remove in v4.1. Uze zeek::analyzer::pop3::detail::END.")]] = zeek::analyzer::pop3::detail::END; + +using POP3_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::pop3::POP3_Analyzer.")]] = zeek::analyzer::pop3::POP3_Analyzer; + +} // namespace analyzer::pop3 diff --git a/src/analyzer/protocol/pop3/Plugin.cc b/src/analyzer/protocol/pop3/Plugin.cc index 96a202c28d..3b46a02471 100644 --- a/src/analyzer/protocol/pop3/Plugin.cc +++ b/src/analyzer/protocol/pop3/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_POP3 { +namespace zeek::plugin::detail::Zeek_POP3 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("POP3", ::analyzer::pop3::POP3_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("POP3", zeek::analyzer::pop3::POP3_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::POP3"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_POP3 diff --git a/src/analyzer/protocol/radius/Plugin.cc b/src/analyzer/protocol/radius/Plugin.cc index fb561d8002..4b2a4df5cf 100644 --- a/src/analyzer/protocol/radius/Plugin.cc +++ b/src/analyzer/protocol/radius/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_RADIUS { +namespace zeek::plugin::detail::Zeek_RADIUS { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("RADIUS", ::analyzer::RADIUS::RADIUS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("RADIUS", zeek::analyzer::radius::RADIUS_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::RADIUS"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_RADIUS diff --git a/src/analyzer/protocol/radius/RADIUS.cc b/src/analyzer/protocol/radius/RADIUS.cc index 2a3de1d6b8..7dd3c3c0cd 100644 --- a/src/analyzer/protocol/radius/RADIUS.cc +++ b/src/analyzer/protocol/radius/RADIUS.cc @@ -6,7 +6,7 @@ #include "events.bif.h" -using namespace analyzer::RADIUS; +namespace zeek::analyzer::radius { RADIUS_Analyzer::RADIUS_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("RADIUS", c) @@ -35,6 +35,8 @@ void RADIUS_Analyzer::DeliverPacket(int len, const u_char* data, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::radius diff --git a/src/analyzer/protocol/radius/RADIUS.h b/src/analyzer/protocol/radius/RADIUS.h index b76ebd7630..bb2ae72f49 100644 --- a/src/analyzer/protocol/radius/RADIUS.h +++ b/src/analyzer/protocol/radius/RADIUS.h @@ -4,12 +4,11 @@ #include "events.bif.h" - #include "analyzer/protocol/udp/UDP.h" #include "radius_pac.h" -namespace analyzer { namespace RADIUS { +namespace zeek::analyzer::radius { class RADIUS_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -28,4 +27,10 @@ protected: binpac::RADIUS::RADIUS_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::radius + +namespace analyzer::RADIUS { + +using RADIUS_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::radius::RADIUS_Analyzer.")]] = zeek::analyzer::radius::RADIUS_Analyzer; + +} // namespace analyzer::RADIUS diff --git a/src/analyzer/protocol/rdp/Plugin.cc b/src/analyzer/protocol/rdp/Plugin.cc index 61f2a02832..042315cd8a 100644 --- a/src/analyzer/protocol/rdp/Plugin.cc +++ b/src/analyzer/protocol/rdp/Plugin.cc @@ -3,15 +3,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_RDP { +namespace zeek::plugin::detail::Zeek_RDP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("RDP", ::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer)); - AddComponent(new zeek::analyzer::Component("RDPEUDP", ::analyzer::rdpeudp::RDP_Analyzer::InstantiateAnalyzer)); + AddComponent(new zeek::analyzer::Component("RDP", zeek::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer)); + AddComponent(new zeek::analyzer::Component("RDPEUDP", zeek::analyzer::rdpeudp::RDP_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; config.name = "Zeek::RDP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_RDP diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index 5691eaf439..4656b43ca6 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -4,10 +4,10 @@ #include "events.bif.h" #include "types.bif.h" -using namespace analyzer::rdp; +namespace zeek::analyzer::rdp { RDP_Analyzer::RDP_Analyzer(zeek::Connection* c) - : tcp::TCP_ApplicationAnalyzer("RDP", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("RDP", c) { interp = new binpac::RDP::RDP_Conn(this); @@ -22,7 +22,7 @@ RDP_Analyzer::~RDP_Analyzer() void RDP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -30,13 +30,13 @@ void RDP_Analyzer::Done() void RDP_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) @@ -56,7 +56,7 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { if ( ! pia ) { - pia = new pia::PIA_TCP(Conn()); + pia = new zeek::analyzer::pia::PIA_TCP(Conn()); if ( ! AddChildAnalyzer(pia) ) { @@ -88,14 +88,16 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } } void RDP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::rdp diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h index 6b6d90cee9..a6f3a0ba3c 100644 --- a/src/analyzer/protocol/rdp/RDP.h +++ b/src/analyzer/protocol/rdp/RDP.h @@ -5,9 +5,9 @@ #include "analyzer/protocol/pia/PIA.h" #include "rdp_pac.h" -namespace analyzer { namespace rdp { +namespace zeek::analyzer::rdp { -class RDP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class RDP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit RDP_Analyzer(zeek::Connection* conn); @@ -26,7 +26,13 @@ protected: binpac::RDP::RDP_Conn* interp; bool had_gap; - pia::PIA_TCP *pia; + zeek::analyzer::pia::PIA_TCP *pia; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::rdp + +namespace analyzer::rdp { + +using RDP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rdp::RDP_Analyzer.")]] = zeek::analyzer::rdp::RDP_Analyzer; + +} // namespace analyzer::rdp diff --git a/src/analyzer/protocol/rdp/RDPEUDP.cc b/src/analyzer/protocol/rdp/RDPEUDP.cc index e1238161a6..9224aef78e 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.cc +++ b/src/analyzer/protocol/rdp/RDPEUDP.cc @@ -3,7 +3,7 @@ #include "events.bif.h" #include "rdpeudp_pac.h" -using namespace analyzer::rdpeudp; +namespace zeek::analyzer::rdpeudp { RDP_Analyzer::RDP_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("RDPEUDP", c) @@ -32,6 +32,8 @@ void RDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::rdpeudp diff --git a/src/analyzer/protocol/rdp/RDPEUDP.h b/src/analyzer/protocol/rdp/RDPEUDP.h index e692c32acc..39ba432ac4 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.h +++ b/src/analyzer/protocol/rdp/RDPEUDP.h @@ -4,7 +4,8 @@ #include "analyzer/protocol/udp/UDP.h" #include "rdpeudp_pac.h" -namespace analyzer { namespace rdpeudp { +namespace zeek::analyzer::rdpeudp { + class RDP_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -21,4 +22,10 @@ protected: binpac::RDPEUDP::RDPEUDP_Conn* interp; }; -} } +} // namespace zeek::analyzer::rdpeudp + +namespace analyzer::rdpeudp { + +using RDP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rdpeudp::RDP_Analyzer.")]] = zeek::analyzer::rdpeudp::RDP_Analyzer; + +} // namespace analyzer::rdpeudp diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 039196a7c4..a1f11e7cdb 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -212,15 +212,15 @@ refine flow RDP_Flow += { file_handle.AddRaw("Analyzer::ANALYZER_RDP"); file_handle.Add(connection()->bro_analyzer()->Conn()->StartTime()); connection()->bro_analyzer()->Conn()->IDString(&file_handle); - string file_id = file_mgr->HashHandle(file_handle.Description()); + string file_id = zeek::file_mgr->HashHandle(file_handle.Description()); - file_mgr->DataIn(reinterpret_cast(cert.data()), - cert.length(), - connection()->bro_analyzer()->GetAnalyzerTag(), - connection()->bro_analyzer()->Conn(), - false, // It seems there are only server certs? - file_id, "application/x-x509-user-cert"); - file_mgr->EndOfFile(file_id); + zeek::file_mgr->DataIn(reinterpret_cast(cert.data()), + cert.length(), + connection()->bro_analyzer()->GetAnalyzerTag(), + connection()->bro_analyzer()->Conn(), + false, // It seems there are only server certs? + file_id, "application/x-x509-user-cert"); + zeek::file_mgr->EndOfFile(file_id); return true; %} diff --git a/src/analyzer/protocol/rfb/Plugin.cc b/src/analyzer/protocol/rfb/Plugin.cc index 917135552b..3a77cdab50 100644 --- a/src/analyzer/protocol/rfb/Plugin.cc +++ b/src/analyzer/protocol/rfb/Plugin.cc @@ -2,15 +2,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_RFB { +namespace zeek::plugin::detail::Zeek_RFB { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { AddComponent(new zeek::analyzer::Component("RFB", - ::analyzer::rfb::RFB_Analyzer::InstantiateAnalyzer)); + zeek::analyzer::rfb::RFB_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; config.name = "Zeek::RFB"; @@ -19,5 +18,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_RFB diff --git a/src/analyzer/protocol/rfb/RFB.cc b/src/analyzer/protocol/rfb/RFB.cc index 52d8699fa7..8ffd6abf6f 100644 --- a/src/analyzer/protocol/rfb/RFB.cc +++ b/src/analyzer/protocol/rfb/RFB.cc @@ -6,12 +6,10 @@ #include "events.bif.h" -using namespace analyzer::rfb; +namespace zeek::analyzer::rfb { RFB_Analyzer::RFB_Analyzer(zeek::Connection* c) - -: tcp::TCP_ApplicationAnalyzer("RFB", c) - + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("RFB", c) { interp = new binpac::RFB::RFB_Conn(this); had_gap = false; @@ -25,7 +23,7 @@ RFB_Analyzer::~RFB_Analyzer() void RFB_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -34,13 +32,13 @@ void RFB_Analyzer::Done() void RFB_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void RFB_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) return; @@ -65,14 +63,16 @@ void RFB_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); invalid = true; } } void RFB_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::rfb diff --git a/src/analyzer/protocol/rfb/RFB.h b/src/analyzer/protocol/rfb/RFB.h index 148c1ee35e..12585943cc 100644 --- a/src/analyzer/protocol/rfb/RFB.h +++ b/src/analyzer/protocol/rfb/RFB.h @@ -2,14 +2,13 @@ #include "events.bif.h" - #include "analyzer/protocol/tcp/TCP.h" #include "rfb_pac.h" -namespace analyzer { namespace rfb { +namespace zeek::analyzer::rfb { -class RFB_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class RFB_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit RFB_Analyzer(zeek::Connection* conn); @@ -21,7 +20,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) @@ -35,4 +34,10 @@ protected: }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::rfb + +namespace analyzer::rfb { + +using RFB_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rfb::RFB_Analyzer.")]] = zeek::analyzer::rfb::RFB_Analyzer; + +} // namespace analyzer::rfb diff --git a/src/analyzer/protocol/rfb/rfb-analyzer.pac b/src/analyzer/protocol/rfb/rfb-analyzer.pac index 36bf163ce4..ed149ab693 100644 --- a/src/analyzer/protocol/rfb/rfb-analyzer.pac +++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac @@ -181,7 +181,7 @@ refine connection RFB_Conn += { else { // Shouldn't be a possible. - bro_analyzer()->ProtocolViolation(fmt("invalid RFB security type %u", msg->sectype())); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid RFB security type %u", msg->sectype())); } return true; @@ -235,7 +235,7 @@ refine connection RFB_Conn += { } else { - bro_analyzer()->ProtocolViolation(fmt("unknown RFB auth selection: %u", ${msg.type})); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("unknown RFB auth selection: %u", ${msg.type})); } return true; @@ -277,7 +277,7 @@ refine connection RFB_Conn += { // Failed server_state = SERVER_AUTH_FAILURE; else - bro_analyzer()->ProtocolViolation(fmt("invalid RFB auth result: %u", ${msg.result})); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid RFB auth result: %u", ${msg.result})); return true; %} @@ -309,7 +309,7 @@ refine connection RFB_Conn += { function handle_invalid_data(client: bool) : bool %{ - throw binpac::Exception(fmt("invalid data from RFB %s", client ? "client" : "server")); + throw binpac::Exception(zeek::util::fmt("invalid data from RFB %s", client ? "client" : "server")); return true; %} diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index af30ee359a..a6e71b86e6 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -13,12 +13,13 @@ #include "events.bif.h" -using namespace analyzer::rpc; +namespace zeek::analyzer::rpc { +namespace detail { bool MOUNT_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) { if ( c->Program() != 100005 ) - Weird("bad_RPC_program", fmt("%d", c->Program())); + Weird("bad_RPC_program", zeek::util::fmt("%d", c->Program())); uint32_t proc = c->Proc(); // The call arguments, depends on the call type obviously ... @@ -49,7 +50,7 @@ bool MOUNT_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) n = 0; } else - Weird("unknown_MOUNT_request", fmt("%u", proc)); + Weird("unknown_MOUNT_request", zeek::util::fmt("%u", proc)); // Return 1 so that replies to unprocessed calls will still // be processed, and the return status extracted. @@ -280,8 +281,10 @@ zeek::RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n, return rep; } +} // namespace detail + MOUNT_Analyzer::MOUNT_Analyzer(zeek::Connection* conn) - : RPC_Analyzer("MOUNT", conn, new MOUNT_Interp(this)) + : RPC_Analyzer("MOUNT", conn, new detail::MOUNT_Interp(this)) { orig_rpc = resp_rpc = nullptr; } @@ -298,3 +301,5 @@ void MOUNT_Analyzer::Init() AddSupportAnalyzer(resp_rpc); } } + +} // namespace zeek::analyzer::rpc diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 0019354987..ad6a62e74e 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -4,7 +4,8 @@ #include "RPC.h" -namespace analyzer { namespace rpc { +namespace zeek::analyzer::rpc { +namespace detail { class MOUNT_Interp : public RPC_Interpreter { public: @@ -37,6 +38,8 @@ protected: zeek::RecordValPtr mount3_mnt_reply(const u_char*& buf, int& n, BifEnum::MOUNT3::status_t status); }; +} // namespace detail + class MOUNT_Analyzer : public RPC_Analyzer { public: explicit MOUNT_Analyzer(zeek::Connection* conn); @@ -46,5 +49,11 @@ public: { return new MOUNT_Analyzer(conn); } }; +} // namespace zeek::analyzer::rpc -} } // namespace analyzer::* +namespace analyzer::rpc { + +using MOUNT_Interp [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::detail::MOUNT_Interp.")]] = zeek::analyzer::rpc::detail::MOUNT_Interp; +using MOUNT_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::MOUNT_Analyzer.")]] = zeek::analyzer::rpc::MOUNT_Analyzer; + +} // namespace analyzer::rpc diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 84ed067d49..366d778839 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -13,12 +13,13 @@ #include "events.bif.h" -using namespace analyzer::rpc; +namespace zeek::analyzer::rpc { +namespace detail { bool NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) { if ( c->Program() != 100003 ) - Weird("bad_RPC_program", fmt("%d", c->Program())); + Weird("bad_RPC_program", zeek::util::fmt("%d", c->Program())); uint32_t proc = c->Proc(); // The call arguments, depends on the call type obviously ... @@ -103,7 +104,7 @@ bool NFS_Interp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) n = 0; } else - Weird("unknown_NFS_request", fmt("%u", proc)); + Weird("unknown_NFS_request", zeek::util::fmt("%u", proc)); // Return 1 so that replies to unprocessed calls will still // be processed, and the return status extracted. @@ -816,9 +817,10 @@ zeek::ValPtr NFS_Interp::ExtractBool(const u_char*& buf, int& n) return zeek::val_mgr->Bool(extract_XDR_uint32(buf, n)); } +} // namespace detail NFS_Analyzer::NFS_Analyzer(zeek::Connection* conn) - : RPC_Analyzer("NFS", conn, new NFS_Interp(this)) + : RPC_Analyzer("NFS", conn, new detail::NFS_Interp(this)) { orig_rpc = resp_rpc = nullptr; } @@ -835,3 +837,5 @@ void NFS_Analyzer::Init() AddSupportAnalyzer(resp_rpc); } } + +} // namespace zeek::analyzer::rpc diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index 2f0bac4ae6..92b6e9962d 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -5,7 +5,8 @@ #include "RPC.h" #include "NetVar.h" -namespace analyzer { namespace rpc { +namespace zeek::analyzer::rpc { +namespace detail { class NFS_Interp : public RPC_Interpreter { public: @@ -79,6 +80,8 @@ protected: zeek::ValPtr ExtractBool(const u_char*& buf, int& n); }; +} // namespace detail + class NFS_Analyzer : public RPC_Analyzer { public: explicit NFS_Analyzer(zeek::Connection* conn); @@ -88,5 +91,11 @@ public: { return new NFS_Analyzer(conn); } }; +} // namespace zeek::analyzer::rpc -} } // namespace analyzer::* +namespace analyzer::rpc { + +using NFS_Interp [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::detail::NFS_Interp.")]] = zeek::analyzer::rpc::detail::NFS_Interp; +using NFS_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::NFS_Analyzer.")]] = zeek::analyzer::rpc::NFS_Analyzer; + +} // namespace analyzer::rpc diff --git a/src/analyzer/protocol/rpc/Plugin.cc b/src/analyzer/protocol/rpc/Plugin.cc index 39ee57d14d..3d740a9ed0 100644 --- a/src/analyzer/protocol/rpc/Plugin.cc +++ b/src/analyzer/protocol/rpc/Plugin.cc @@ -7,16 +7,15 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_RPC { +namespace zeek::plugin::detail::Zeek_RPC { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("NFS", ::analyzer::rpc::NFS_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("MOUNT", ::analyzer::rpc::MOUNT_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("Portmapper", ::analyzer::rpc::Portmapper_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("NFS", zeek::analyzer::rpc::NFS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("MOUNT", zeek::analyzer::rpc::MOUNT_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Portmapper", zeek::analyzer::rpc::Portmapper_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("Contents_RPC", nullptr)); AddComponent(new zeek::analyzer::Component("Contents_NFS", nullptr)); @@ -27,5 +26,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_RPC diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index bbbc8b151f..8f23aab824 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -9,8 +9,6 @@ #include "zeek-config.h" -using namespace analyzer::rpc; - #define PMAPPROC_NULL 0 #define PMAPPROC_SET 1 #define PMAPPROC_UNSET 2 @@ -18,6 +16,9 @@ using namespace analyzer::rpc; #define PMAPPROC_DUMP 4 #define PMAPPROC_CALLIT 5 +namespace zeek::analyzer::rpc { +namespace detail { + bool PortmapperInterp::RPC_BuildCall(RPC_CallInfo* c, const u_char*& buf, int& n) { if ( c->Program() != 100000 ) @@ -289,8 +290,10 @@ void PortmapperInterp::Event(zeek::EventHandlerPtr f, zeek::ValPtr request, BifE analyzer->EnqueueConnEvent(f, std::move(vl)); } +} // namespace detail + Portmapper_Analyzer::Portmapper_Analyzer(zeek::Connection* conn) -: RPC_Analyzer("PORTMAPPER", conn, new PortmapperInterp(this)) +: RPC_Analyzer("PORTMAPPER", conn, new detail::PortmapperInterp(this)) { orig_rpc = resp_rpc = nullptr; } @@ -311,3 +314,5 @@ void Portmapper_Analyzer::Init() AddSupportAnalyzer(resp_rpc); } } + +} // namespace zeek::analyzer::rpc diff --git a/src/analyzer/protocol/rpc/Portmap.h b/src/analyzer/protocol/rpc/Portmap.h index 5a8be03d6b..6fae3b8e40 100644 --- a/src/analyzer/protocol/rpc/Portmap.h +++ b/src/analyzer/protocol/rpc/Portmap.h @@ -4,7 +4,8 @@ #include "RPC.h" -namespace analyzer { namespace rpc { +namespace zeek::analyzer::rpc { +namespace detail { class PortmapperInterp : public RPC_Interpreter { public: @@ -24,6 +25,8 @@ protected: zeek::ValPtr ExtractCallItRequest(const u_char*& buf, int& len); }; +} // namespace detail + class Portmapper_Analyzer : public RPC_Analyzer { public: explicit Portmapper_Analyzer(zeek::Connection* conn); @@ -34,4 +37,11 @@ public: { return new Portmapper_Analyzer(conn); } }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::detail + +namespace analyzer::rpc { + +using PortmapperInterp [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::detail::PortmapperInterp.")]] = zeek::analyzer::rpc::detail::PortmapperInterp; +using Portmapper_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::Portmapper_Analyzer.")]] = zeek::analyzer::rpc::Portmapper_Analyzer; + +} // namespace analyzer::rpc diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index acdd7811b3..cbed5b3cb0 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -3,19 +3,17 @@ #include "zeek-config.h" #include "RPC.h" +#include #include #include "NetVar.h" #include "XDR.h" #include "Reporter.h" #include "Sessions.h" +#include "RunState.h" #include "events.bif.h" -#include - -using namespace analyzer::rpc; - namespace { // local namespace const bool DEBUG_rpc_resync = false; } @@ -25,6 +23,8 @@ namespace { // local namespace // TODO: make this configurable #define MAX_RPC_LEN 65536 +namespace zeek::analyzer::rpc { +namespace detail { RPC_CallInfo::RPC_CallInfo(uint32_t arg_xid, const u_char*& buf, int& n, double arg_start_time, double arg_last_time, int arg_rpc_len) { @@ -327,7 +327,7 @@ void RPC_Interpreter::Timeout() const u_char* buf = nullptr; int n = 0; - if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, network_time, network_time, 0) ) + if ( ! RPC_BuildReply(c, BifEnum::RPC_TIMEOUT, buf, n, zeek::run_state::network_time, zeek::run_state::network_time, 0) ) Weird("bad_RPC"); } } @@ -412,9 +412,11 @@ bool RPC_Reasm_Buffer::ConsumeChunk(const u_char*& data, int& len) return (expected == processed); } +} // namespace detail + Contents_RPC::Contents_RPC(zeek::Connection* conn, bool orig, - RPC_Interpreter* arg_interp) - : tcp::TCP_SupportAnalyzer("CONTENTS_RPC", conn, orig) + detail::RPC_Interpreter* arg_interp) + : zeek::analyzer::tcp::TCP_SupportAnalyzer("CONTENTS_RPC", conn, orig) { interp = arg_interp; state = WAIT_FOR_MESSAGE; @@ -426,7 +428,7 @@ Contents_RPC::Contents_RPC(zeek::Connection* conn, bool orig, void Contents_RPC::Init() { - tcp::TCP_SupportAnalyzer::Init(); + zeek::analyzer::tcp::TCP_SupportAnalyzer::Init(); } Contents_RPC::~Contents_RPC() @@ -435,7 +437,7 @@ Contents_RPC::~Contents_RPC() void Contents_RPC::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_SupportAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_SupportAnalyzer::Undelivered(seq, len, orig); NeedResync(); } @@ -454,12 +456,12 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) // is fully established we are in sync (since it's the first chunk // of data after the SYN if its not established we need to // resync. - tcp::TCP_Analyzer* tcp = - static_cast(Parent())->TCP(); + zeek::analyzer::tcp::TCP_Analyzer* tcp = + static_cast(Parent())->TCP(); assert(tcp); if ( (IsOrig() ? tcp->OrigState() : tcp->RespState()) != - tcp::TCP_ENDPOINT_ESTABLISHED ) + zeek::analyzer::tcp::TCP_ENDPOINT_ESTABLISHED ) { NeedResync(); } @@ -532,8 +534,8 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) // TCP keep-alive retransmissions. DEBUG_MSG("%.6f RPC resync: " "discard small pieces: %d\n", - network_time, len); - Conn()->Weird("RPC_resync", fmt("discard %d bytes\n", len)); + zeek::run_state::network_time, len); + Conn()->Weird("RPC_resync", zeek::util::fmt("discard %d bytes\n", len)); } NeedResync(); @@ -621,7 +623,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig) void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); uint32_t marker; bool last_frag; @@ -632,7 +634,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) while (len > 0) { - last_time = network_time; + last_time = zeek::run_state::network_time; switch (state) { case WAIT_FOR_MESSAGE: @@ -647,7 +649,7 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) msg_buf.Init(MAX_RPC_LEN, 0); last_frag = false; state = WAIT_FOR_MARKER; - start_time = network_time; + start_time = zeek::run_state::network_time; // no break. fall through case WAIT_FOR_MARKER: @@ -673,10 +675,10 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) last_frag = (marker & 0x80000000) != 0; marker &= 0x7fffffff; //printf("%.6f %d marker= %u <> last_frag= %d <> expected=%llu <> processed= %llu <> len = %d\n", - // network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len); + // zeek::run_state::network_time, IsOrig(), marker, last_frag, msg_buf.GetExpected(), msg_buf.GetProcessed(), len); if ( ! msg_buf.AddToExpected(marker) ) - Conn()->Weird("RPC_message_too_long", fmt("%" PRId64, msg_buf.GetExpected())); + Conn()->Weird("RPC_message_too_long", zeek::util::fmt("%" PRId64, msg_buf.GetExpected())); if ( last_frag ) state = WAIT_FOR_LAST_DATA; @@ -721,13 +723,13 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) } RPC_Analyzer::RPC_Analyzer(const char* name, zeek::Connection* conn, - RPC_Interpreter* arg_interp) - : tcp::TCP_ApplicationAnalyzer(name, conn), + detail::RPC_Interpreter* arg_interp) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer(name, conn), interp(arg_interp), orig_rpc(), resp_rpc() { if ( Conn()->ConnTransport() == TRANSPORT_UDP ) ADD_ANALYZER_TIMER(&RPC_Analyzer::ExpireTimer, - network_time + rpc_timeout, true, + zeek::run_state::network_time + zeek::detail::rpc_timeout, true, zeek::detail::TIMER_RPC_EXPIRE); } @@ -737,26 +739,26 @@ RPC_Analyzer::~RPC_Analyzer() } void RPC_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const zeek::IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { - tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); len = std::min(len, caplen); if ( orig ) { - if ( ! interp->DeliverRPC(data, len, len, true, network_time, network_time) ) + if ( ! interp->DeliverRPC(data, len, len, true, zeek::run_state::network_time, zeek::run_state::network_time) ) Weird("bad_RPC"); } else { - if ( ! interp->DeliverRPC(data, len, len, false, network_time, network_time) ) + if ( ! interp->DeliverRPC(data, len, len, false, zeek::run_state::network_time, zeek::run_state::network_time) ) Weird("bad_RPC"); } } void RPC_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->Timeout(); } @@ -766,3 +768,5 @@ void RPC_Analyzer::ExpireTimer(double /* t */) Event(connection_timeout); zeek::sessions->Remove(Conn()); } + +} // namespace zeek::analyzer::rpc diff --git a/src/analyzer/protocol/rpc/RPC.h b/src/analyzer/protocol/rpc/RPC.h index cb5eb1d272..590be7a236 100644 --- a/src/analyzer/protocol/rpc/RPC.h +++ b/src/analyzer/protocol/rpc/RPC.h @@ -5,7 +5,8 @@ #include "analyzer/protocol/tcp/TCP.h" #include "NetVar.h" -namespace analyzer { namespace rpc { +namespace zeek::analyzer::rpc { +namespace detail { enum { RPC_CALL = 0, @@ -183,10 +184,12 @@ protected: }; +} // namespace detail + /* Support Analyzer for reassembling RPC-over-TCP messages */ -class Contents_RPC final : public tcp::TCP_SupportAnalyzer { +class Contents_RPC final : public zeek::analyzer::tcp::TCP_SupportAnalyzer { public: - Contents_RPC(zeek::Connection* conn, bool orig, RPC_Interpreter* interp); + Contents_RPC(zeek::Connection* conn, bool orig, detail::RPC_Interpreter* interp); ~Contents_RPC() override; protected: @@ -217,10 +220,10 @@ protected: state = WAIT_FOR_MESSAGE; } - RPC_Interpreter* interp; + detail::RPC_Interpreter* interp; - RPC_Reasm_Buffer marker_buf; // reassembles the 32bit RPC-over-TCP marker - RPC_Reasm_Buffer msg_buf; // reassembles RPC messages + detail::RPC_Reasm_Buffer marker_buf; // reassembles the 32bit RPC-over-TCP marker + detail::RPC_Reasm_Buffer msg_buf; // reassembles RPC messages state_t state; double start_time; @@ -230,10 +233,10 @@ protected: int resync_toskip; }; -class RPC_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class RPC_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: RPC_Analyzer(const char* name, zeek::Connection* conn, - RPC_Interpreter* arg_interp); + detail::RPC_Interpreter* arg_interp); ~RPC_Analyzer() override; void Done() override; @@ -244,10 +247,42 @@ protected: void ExpireTimer(double t); - RPC_Interpreter* interp; + detail::RPC_Interpreter* interp; Contents_RPC* orig_rpc; Contents_RPC* resp_rpc; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::rpc + +namespace analyzer::rpc { + +constexpr auto RPC_CALL [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_CALL.")]] = zeek::analyzer::rpc::detail::RPC_CALL; +constexpr auto RPC_REPLY [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_REPLY.")]] = zeek::analyzer::rpc::detail::RPC_REPLY; +constexpr auto RPC_MSG_ACCEPTED [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_MSG_ACCEPTED.")]] = zeek::analyzer::rpc::detail::RPC_MSG_ACCEPTED; +constexpr auto RPC_MSG_DENIED [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_MSG_DENIED.")]] = zeek::analyzer::rpc::detail::RPC_MSG_DENIED; +constexpr auto RPC_SUCCESS [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_SUCCESS.")]] = zeek::analyzer::rpc::detail::RPC_SUCCESS; +constexpr auto RPC_PROG_UNAVAIL [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_PROG_UNAVAIL.")]] = zeek::analyzer::rpc::detail::RPC_PROG_UNAVAIL; +constexpr auto RPC_PROG_MISMATCH [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_PROG_MISMATCH.")]] = zeek::analyzer::rpc::detail::RPC_PROG_MISMATCH; +constexpr auto RPC_PROC_UNAVAIL [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_PROC_UNAVAIL.")]] = zeek::analyzer::rpc::detail::RPC_PROC_UNAVAIL; +constexpr auto RPC_GARBAGE_ARGS [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_GARBAGE_ARGS.")]] = zeek::analyzer::rpc::detail::RPC_GARBAGE_ARGS; +constexpr auto RPC_SYSTEM_ERR [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_SYSTEM_ERR.")]] = zeek::analyzer::rpc::detail::RPC_SYSTEM_ERR; +constexpr auto RPC_MISMATCH [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_MISMATCH.")]] = zeek::analyzer::rpc::detail::RPC_MISMATCH; +constexpr auto RPC_AUTH_ERROR [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_ERROR.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_ERROR; +constexpr auto RPC_AUTH_BADCRED [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_BADCRED.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_BADCRED; +constexpr auto RPC_AUTH_REJECTEDCRED [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_REJECTEDCRED.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_REJECTEDCRED; +constexpr auto RPC_AUTH_BADVERF [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_BADVERF.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_BADVERF; +constexpr auto RPC_AUTH_REJECTEDVERF [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_REJECTEDVERF.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_REJECTEDVERF; +constexpr auto RPC_AUTH_TOOWEAK [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_TOOWEAK.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_TOOWEAK; +constexpr auto RPC_AUTH_NULL [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_NULL.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_NULL; +constexpr auto RPC_AUTH_UNIX [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_UNIX.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_UNIX; +constexpr auto RPC_AUTH_SHORT [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_SHORT.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_SHORT; +constexpr auto RPC_AUTH_DES [[deprecated("Remove in v4.1. Uze zeek::analyzer::rpc::detail::RPC_AUTH_DES.")]] = zeek::analyzer::rpc::detail::RPC_AUTH_DES; + +using RPC_CallInfo [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::detail::RPC_CallInfo.")]] = zeek::analyzer::rpc::detail::RPC_CallInfo; +using RPC_Interpreter [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::detail::RPC_Interpreter.")]] = zeek::analyzer::rpc::detail::RPC_Interpreter; +using RPC_Reasm_Buffer [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::detail::RPC_Reasm_Buffer.")]] = zeek::analyzer::rpc::detail::RPC_Reasm_Buffer; +using Contents_RPC [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::Contents_RPC.")]] = zeek::analyzer::rpc::Contents_RPC; +using RPC_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::RPC_Analyzer.")]] = zeek::analyzer::rpc::RPC_Analyzer; + +} // namespace analyzer::rpc diff --git a/src/analyzer/protocol/rpc/XDR.cc b/src/analyzer/protocol/rpc/XDR.cc index 1eddf96a04..8d4e4eb7f0 100644 --- a/src/analyzer/protocol/rpc/XDR.cc +++ b/src/analyzer/protocol/rpc/XDR.cc @@ -8,9 +8,7 @@ #include "events.bif.h" -using namespace analyzer::rpc; - -uint32_t analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len) +uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len) { if ( ! buf ) return 0; @@ -32,7 +30,7 @@ uint32_t analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len) return bits32; } -uint64_t analyzer::rpc::extract_XDR_uint64(const u_char*& buf, int& len) +uint64_t zeek::analyzer::rpc::extract_XDR_uint64(const u_char*& buf, int& len) { if ( ! buf || len < 8 ) { @@ -46,7 +44,7 @@ uint64_t analyzer::rpc::extract_XDR_uint64(const u_char*& buf, int& len) return (uhi << 32) + ulo; } -double analyzer::rpc::extract_XDR_time(const u_char*& buf, int& len) +double zeek::analyzer::rpc::extract_XDR_time(const u_char*& buf, int& len) { if ( ! buf || len < 8 ) { @@ -60,7 +58,7 @@ double analyzer::rpc::extract_XDR_time(const u_char*& buf, int& len) return double(uhi) + double(ulo) / 1e9; } -const u_char* analyzer::rpc::extract_XDR_opaque(const u_char*& buf, int& len, int& n, int max_len, bool short_buf_ok) +const u_char* zeek::analyzer::rpc::extract_XDR_opaque(const u_char*& buf, int& len, int& n, int max_len, bool short_buf_ok) { n = int(extract_XDR_uint32(buf, len)); if ( ! buf ) @@ -84,7 +82,7 @@ const u_char* analyzer::rpc::extract_XDR_opaque(const u_char*& buf, int& len, in return opaque; } -const u_char* analyzer::rpc::extract_XDR_opaque_fixed(const u_char*& buf, int& len, int n) +const u_char* zeek::analyzer::rpc::extract_XDR_opaque_fixed(const u_char*& buf, int& len, int n) { if ( ! buf ) return nullptr; @@ -103,7 +101,7 @@ const u_char* analyzer::rpc::extract_XDR_opaque_fixed(const u_char*& buf, int& l } -uint32_t analyzer::rpc::skip_XDR_opaque_auth(const u_char*& buf, int& len) +uint32_t zeek::analyzer::rpc::skip_XDR_opaque_auth(const u_char*& buf, int& len) { uint32_t auth_flavor = extract_XDR_uint32(buf, len); if ( ! buf ) diff --git a/src/analyzer/protocol/rpc/XDR.h b/src/analyzer/protocol/rpc/XDR.h index 9fa7f80faf..b39558ef92 100644 --- a/src/analyzer/protocol/rpc/XDR.h +++ b/src/analyzer/protocol/rpc/XDR.h @@ -7,7 +7,7 @@ #include "util.h" -namespace analyzer { namespace rpc { +namespace zeek::analyzer::rpc { extern uint32_t extract_XDR_uint32(const u_char*& buf, int& len); extern uint64_t extract_XDR_uint64(const u_char*& buf, int& len); @@ -17,4 +17,15 @@ extern const u_char* extract_XDR_opaque(const u_char*& buf, int& len, extern const u_char* extract_XDR_opaque_fixed(const u_char*& buf, int& len, int n); extern uint32_t skip_XDR_opaque_auth(const u_char*& buf, int& len); -} } // namespace analyzer::* +} // namespace zeek::analyzer::rpc + +namespace analyzer::rpc { + +constexpr auto extract_XDR_uint32 [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::extract_XDR_uint32.")]] = zeek::analyzer::rpc::extract_XDR_uint32; +constexpr auto extract_XDR_uint64 [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::extract_XDR_uint64.")]] = zeek::analyzer::rpc::extract_XDR_uint64; +constexpr auto extract_XDR_time [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::extract_XDR_time.")]] = zeek::analyzer::rpc::extract_XDR_time; +constexpr auto extract_XDR_opaque [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::extract_XDR_opaque.")]] = zeek::analyzer::rpc::extract_XDR_opaque; +constexpr auto extract_XDR_opaque_fixed [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::extract_XDR_opaque_fixed.")]] = zeek::analyzer::rpc::extract_XDR_opaque_fixed; +constexpr auto skip_XDR_opaque_auth [[deprecated("Remove in v4.1. Use zeek::analyzer::rpc::skip_XDR_opaque_auth.")]] = zeek::analyzer::rpc::skip_XDR_opaque_auth; + +} // namespace analyzer::rpc diff --git a/src/analyzer/protocol/sip/Plugin.cc b/src/analyzer/protocol/sip/Plugin.cc index 5332357877..a85e8d9a13 100644 --- a/src/analyzer/protocol/sip/Plugin.cc +++ b/src/analyzer/protocol/sip/Plugin.cc @@ -5,14 +5,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SIP { +namespace zeek::plugin::detail::Zeek_SIP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SIP", ::analyzer::SIP::SIP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SIP", zeek::analyzer::sip::SIP_Analyzer::Instantiate)); // We don't fully support SIP-over-TCP yet, so we don't activate this component. // AddComponent(new zeek::analyzer::Component("SIP_TCP", ::analyzer::sip_tcp::SIP_Analyzer::Instantiate)); @@ -24,5 +23,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SIP diff --git a/src/analyzer/protocol/sip/SIP.cc b/src/analyzer/protocol/sip/SIP.cc index 7c7ff312f3..e3b4f37352 100644 --- a/src/analyzer/protocol/sip/SIP.cc +++ b/src/analyzer/protocol/sip/SIP.cc @@ -2,7 +2,7 @@ #include "events.bif.h" -using namespace analyzer::SIP; +namespace zeek::analyzer::sip { SIP_Analyzer::SIP_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("SIP", c) @@ -39,6 +39,8 @@ void SIP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::sip diff --git a/src/analyzer/protocol/sip/SIP.h b/src/analyzer/protocol/sip/SIP.h index 2f1149346a..8c83b246bd 100644 --- a/src/analyzer/protocol/sip/SIP.h +++ b/src/analyzer/protocol/sip/SIP.h @@ -5,7 +5,7 @@ #include "analyzer/protocol/udp/UDP.h" #include "sip_pac.h" -namespace analyzer { namespace SIP { +namespace zeek::analyzer::sip{ class SIP_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -25,4 +25,10 @@ protected: binpac::SIP::SIP_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::sip + +namespace analyzer::SIP { + +using SIP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::sip::SIP_Analyzer.")]] = zeek::analyzer::sip::SIP_Analyzer; + +} // namespace analyzer::SIP diff --git a/src/analyzer/protocol/sip/SIP_TCP.cc b/src/analyzer/protocol/sip/SIP_TCP.cc index a7ab9a5ffc..af564d112b 100644 --- a/src/analyzer/protocol/sip/SIP_TCP.cc +++ b/src/analyzer/protocol/sip/SIP_TCP.cc @@ -7,10 +7,10 @@ #include "analyzer/protocol/tcp/TCP_Reassembler.h" #include "events.bif.h" -using namespace analyzer::sip_tcp; +namespace zeek::analyzer::sip_tcp { SIP_Analyzer::SIP_Analyzer(zeek::Connection* conn) - : tcp::TCP_ApplicationAnalyzer("SIP_TCP", conn) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("SIP_TCP", conn) { interp = new binpac::SIP_TCP::SIP_Conn(this); had_gap = false; @@ -23,7 +23,7 @@ SIP_Analyzer::~SIP_Analyzer() void SIP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -31,13 +31,13 @@ void SIP_Analyzer::Done() void SIP_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void SIP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) @@ -55,13 +55,15 @@ void SIP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void SIP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::sip_tcp diff --git a/src/analyzer/protocol/sip/SIP_TCP.h b/src/analyzer/protocol/sip/SIP_TCP.h index 84d6d22166..f04afb93bf 100644 --- a/src/analyzer/protocol/sip/SIP_TCP.h +++ b/src/analyzer/protocol/sip/SIP_TCP.h @@ -9,9 +9,9 @@ #include "sip_TCP_pac.h" -namespace analyzer { namespace sip_tcp { +namespace zeek::analyzer::sip_tcp { -class SIP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class SIP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit SIP_Analyzer(zeek::Connection* conn); ~SIP_Analyzer() override; @@ -20,7 +20,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) @@ -31,4 +31,10 @@ protected: bool had_gap; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::sip_tcp + +namespace analyzer::sip_tcp { + +using SIP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::sip_tcp::SIP_Analyzer.")]] = zeek::analyzer::sip_tcp::SIP_Analyzer; + +} // namespace analyzer::sip_tcp diff --git a/src/analyzer/protocol/smb/Plugin.cc b/src/analyzer/protocol/smb/Plugin.cc index ece3394433..e67f2ff091 100644 --- a/src/analyzer/protocol/smb/Plugin.cc +++ b/src/analyzer/protocol/smb/Plugin.cc @@ -4,14 +4,13 @@ #include "SMB.h" -namespace plugin { -namespace Zeek_SMB { +namespace zeek::plugin::detail::Zeek_SMB { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SMB", ::analyzer::smb::SMB_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SMB", zeek::analyzer::smb::SMB_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("Contents_SMB", nullptr)); zeek::plugin::Configuration config; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SMB diff --git a/src/analyzer/protocol/smb/SMB.cc b/src/analyzer/protocol/smb/SMB.cc index eff26b9b9a..92ef6ab4af 100644 --- a/src/analyzer/protocol/smb/SMB.cc +++ b/src/analyzer/protocol/smb/SMB.cc @@ -1,13 +1,13 @@ #include "SMB.h" -using namespace analyzer::smb; +namespace zeek::analyzer::smb { // This was 1<<17 originally but was changed due to larger messages // being seen. #define SMB_MAX_LEN (1<<18) SMB_Analyzer::SMB_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("SMB", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("SMB", conn) { chunks=0; interp = new binpac::SMB::SMB_Conn(this); @@ -81,7 +81,9 @@ void SMB_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); NeedResync(); } } + +} // namespace zeek::analyzer::smb diff --git a/src/analyzer/protocol/smb/SMB.h b/src/analyzer/protocol/smb/SMB.h index a8c406ba9d..7b041de2f6 100644 --- a/src/analyzer/protocol/smb/SMB.h +++ b/src/analyzer/protocol/smb/SMB.h @@ -3,9 +3,9 @@ #include "analyzer/protocol/tcp/TCP.h" #include "smb_pac.h" -namespace analyzer { namespace smb { +namespace zeek::analyzer::smb { -class SMB_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class SMB_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit SMB_Analyzer(zeek::Connection* conn); ~SMB_Analyzer() override; @@ -31,4 +31,10 @@ protected: bool need_sync; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::smb + +namespace analyzer::smb { + +using SMB_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::smb::SMB_Analyzer.")]] = zeek::analyzer::smb::SMB_Analyzer; + +} // namespace analyzer::smb diff --git a/src/analyzer/protocol/smb/smb-pipe.pac b/src/analyzer/protocol/smb/smb-pipe.pac index fe8bb9c9da..7326210ae4 100644 --- a/src/analyzer/protocol/smb/smb-pipe.pac +++ b/src/analyzer/protocol/smb/smb-pipe.pac @@ -5,7 +5,7 @@ refine connection SMB_Conn += { %member{ map tree_is_pipe_map; - map fid_to_analyzer_map; + map fid_to_analyzer_map; %} %cleanup{ @@ -44,13 +44,13 @@ refine connection SMB_Conn += { function forward_dce_rpc(pipe_data: bytestring, fid: uint64, is_orig: bool): bool %{ - analyzer::dce_rpc::DCE_RPC_Analyzer *pipe_dcerpc = nullptr; + zeek::analyzer::dce_rpc::DCE_RPC_Analyzer *pipe_dcerpc = nullptr; auto it = fid_to_analyzer_map.find(fid); if ( it == fid_to_analyzer_map.end() ) { auto tmp_analyzer = zeek::analyzer_mgr->InstantiateAnalyzer("DCE_RPC", bro_analyzer()->Conn()); - pipe_dcerpc = static_cast(tmp_analyzer); + pipe_dcerpc = static_cast(tmp_analyzer); if ( pipe_dcerpc ) { diff --git a/src/analyzer/protocol/smb/smb1-com-close.pac b/src/analyzer/protocol/smb/smb1-com-close.pac index 8e85de4685..abd42c828b 100644 --- a/src/analyzer/protocol/smb/smb1-com-close.pac +++ b/src/analyzer/protocol/smb/smb1-com-close.pac @@ -8,8 +8,8 @@ refine connection SMB_Conn += { SMBHeaderVal(h), ${val.file_id}); - file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), h->is_orig()); + zeek::file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), h->is_orig()); return true; %} diff --git a/src/analyzer/protocol/smb/smb1-com-read-andx.pac b/src/analyzer/protocol/smb/smb1-com-read-andx.pac index 79317a3450..a785875e82 100644 --- a/src/analyzer/protocol/smb/smb1-com-read-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-read-andx.pac @@ -33,9 +33,9 @@ refine connection SMB_Conn += { uint64 offset = read_offsets[${h.mid}]; read_offsets.erase(${h.mid}); - file_mgr->DataIn(${val.data}.begin(), ${val.data_len}, offset, - bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), h->is_orig()); + zeek::file_mgr->DataIn(${val.data}.begin(), ${val.data_len}, offset, + bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), h->is_orig()); } return true; diff --git a/src/analyzer/protocol/smb/smb1-com-write-andx.pac b/src/analyzer/protocol/smb/smb1-com-write-andx.pac index 8831d730df..7bb7bcb12f 100644 --- a/src/analyzer/protocol/smb/smb1-com-write-andx.pac +++ b/src/analyzer/protocol/smb/smb1-com-write-andx.pac @@ -12,10 +12,10 @@ refine connection SMB_Conn += { if ( ! ${h.is_pipe} && ${val.data}.length() > 0 ) { - file_mgr->DataIn(${val.data}.begin(), ${val.data}.length(), - ${val.write_offset}, - bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), h->is_orig()); + zeek::file_mgr->DataIn(${val.data}.begin(), ${val.data}.length(), + ${val.write_offset}, + bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), h->is_orig()); } return true; diff --git a/src/analyzer/protocol/smb/smb2-com-close.pac b/src/analyzer/protocol/smb/smb2-com-close.pac index 103572544d..c843bbb4e5 100644 --- a/src/analyzer/protocol/smb/smb2-com-close.pac +++ b/src/analyzer/protocol/smb/smb2-com-close.pac @@ -10,8 +10,8 @@ refine connection SMB_Conn += { BuildSMB2GUID(${val.file_id})); } - file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), h->is_orig()); + zeek::file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), h->is_orig()); return true; %} diff --git a/src/analyzer/protocol/smb/smb2-com-read.pac b/src/analyzer/protocol/smb/smb2-com-read.pac index 07eafcbabc..03a384cd8e 100644 --- a/src/analyzer/protocol/smb/smb2-com-read.pac +++ b/src/analyzer/protocol/smb/smb2-com-read.pac @@ -50,9 +50,9 @@ refine connection SMB_Conn += { if ( ! ${h.is_pipe} && ${val.data_len} > 0 ) { - file_mgr->DataIn(${val.data}.begin(), ${val.data_len}, offset, - bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), h->is_orig()); + zeek::file_mgr->DataIn(${val.data}.begin(), ${val.data_len}, offset, + bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), h->is_orig()); } return true; diff --git a/src/analyzer/protocol/smb/smb2-com-write.pac b/src/analyzer/protocol/smb/smb2-com-write.pac index 91cbd1988d..34904478fe 100644 --- a/src/analyzer/protocol/smb/smb2-com-write.pac +++ b/src/analyzer/protocol/smb/smb2-com-write.pac @@ -14,9 +14,9 @@ refine connection SMB_Conn += { if ( ! ${h.is_pipe} && ${val.data}.length() > 0 ) { - file_mgr->DataIn(${val.data}.begin(), ${val.data_len}, ${val.offset}, - bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), h->is_orig()); + zeek::file_mgr->DataIn(${val.data}.begin(), ${val.data_len}, ${val.offset}, + bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), h->is_orig()); } return true; diff --git a/src/analyzer/protocol/smtp/Plugin.cc b/src/analyzer/protocol/smtp/Plugin.cc index 1d472a6300..5f5ea626d8 100644 --- a/src/analyzer/protocol/smtp/Plugin.cc +++ b/src/analyzer/protocol/smtp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SMTP { +namespace zeek::plugin::detail::Zeek_SMTP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SMTP", ::analyzer::smtp::SMTP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SMTP", zeek::analyzer::smtp::SMTP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SMTP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SMTP diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 91c0ff996b..f288230368 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -12,8 +12,6 @@ #include "events.bif.h" -using namespace analyzer::smtp; - #undef SMTP_CMD_DEF #define SMTP_CMD_DEF(cmd) #cmd, @@ -26,14 +24,16 @@ static const char* unknown_cmd = "(UNKNOWN)"; #define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : unknown_cmd) +namespace zeek::analyzer::smtp { + SMTP_Analyzer::SMTP_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("SMTP", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("SMTP", conn) { expect_sender = false; expect_recver = true; - state = SMTP_CONNECTED; + state = detail::SMTP_CONNECTED; last_replied_cmd = -1; - first_cmd = SMTP_CMD_CONN_ESTABLISHMENT; + first_cmd = detail::SMTP_CMD_CONN_ESTABLISHMENT; pending_reply = 0; // Some clients appear to assume pipelining is always enabled @@ -46,12 +46,12 @@ SMTP_Analyzer::SMTP_Analyzer(zeek::Connection* conn) line_after_gap = nullptr; mail = nullptr; UpdateState(first_cmd, 0, true); - cl_orig = new tcp::ContentLine_Analyzer(conn, true); + cl_orig = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, true); cl_orig->SetIsNULSensitive(true); cl_orig->SetSkipPartial(true); AddSupportAnalyzer(cl_orig); - cl_resp = new tcp::ContentLine_Analyzer(conn, false); + cl_resp = new zeek::analyzer::tcp::ContentLine_Analyzer(conn, false); cl_resp->SetIsNULSensitive(true); cl_resp->SetSkipPartial(true); AddSupportAnalyzer(cl_resp); @@ -59,7 +59,7 @@ SMTP_Analyzer::SMTP_Analyzer(zeek::Connection* conn) void SMTP_Analyzer::ConnectionFinished(bool half_finished) { - tcp::TCP_ApplicationAnalyzer::ConnectionFinished(half_finished); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::ConnectionFinished(half_finished); if ( ! half_finished && mail ) EndData(); @@ -72,7 +72,7 @@ SMTP_Analyzer::~SMTP_Analyzer() void SMTP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); if ( mail ) EndData(); @@ -80,17 +80,17 @@ void SMTP_Analyzer::Done() void SMTP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, is_orig); if ( len <= 0 ) return; - const char* buf = fmt("seq = %" PRIu64", len = %d", seq, len); + const char* buf = zeek::util::fmt("seq = %" PRIu64", len = %d", seq, len); int buf_len = strlen(buf); Unexpected(is_orig, "content gap", buf_len, buf); - if ( state == SMTP_IN_DATA ) + if ( state == detail::SMTP_IN_DATA ) { // Record the SMTP data gap and terminate the // ongoing mail transaction. @@ -113,15 +113,15 @@ void SMTP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig) // Missing either the sender's packets or their replies // (e.g. code 354) is critical, so we set state to SMTP_AFTER_GAP // in both cases - state = SMTP_AFTER_GAP; + state = detail::SMTP_AFTER_GAP; } void SMTP_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); // If an TLS transaction has been initiated, forward to child and abort. - if ( state == SMTP_IN_TLS ) + if ( state == detail::SMTP_IN_TLS ) { ForwardStream(length, line, orig); return; @@ -176,7 +176,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) { int cmd_code = -1; - if ( state == SMTP_AFTER_GAP ) + if ( state == detail::SMTP_AFTER_GAP ) { // Don't know whether it is a command line or // a data line. @@ -186,18 +186,18 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) new zeek::String((const u_char *) line, length, true); } - else if ( state == SMTP_IN_DATA && line[0] == '.' && length == 1 ) + else if ( state == detail::SMTP_IN_DATA && line[0] == '.' && length == 1 ) { cmd = "."; cmd_len = 1; - cmd_code = SMTP_CMD_END_OF_DATA; + cmd_code = detail::SMTP_CMD_END_OF_DATA; NewCmd(cmd_code); expect_sender = false; expect_recver = true; } - else if ( state == SMTP_IN_DATA ) + else if ( state == detail::SMTP_IN_DATA ) { // Check "." for end of data. expect_recver = false; // ?? MAY server respond to mail data? @@ -227,11 +227,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) } } - else if ( state == SMTP_IN_AUTH ) + else if ( state == detail::SMTP_IN_AUTH ) { cmd = "***"; cmd_len = 2; - cmd_code = SMTP_CMD_AUTH_ANSWER; + cmd_code = detail::SMTP_CMD_AUTH_ANSWER; NewCmd(cmd_code); } @@ -240,8 +240,8 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) expect_sender = false; expect_recver = true; - get_word(length, line, cmd_len, cmd); - line = skip_whitespace(line + cmd_len, end_of_line); + zeek::util::get_word(length, line, cmd_len, cmd); + line = zeek::util::skip_whitespace(line + cmd_len, end_of_line); cmd_code = ParseCmd(cmd_len, cmd); if ( cmd_code == -1 ) @@ -262,7 +262,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) // turn calls BeginData() and EndData(), and // RequestEvent() in different orders for the // two commands. - if ( cmd_code == SMTP_CMD_END_OF_DATA ) + if ( cmd_code == detail::SMTP_CMD_END_OF_DATA ) UpdateState(cmd_code, 0, orig); if ( smtp_request ) @@ -273,7 +273,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) RequestEvent(cmd_len, cmd, data_len, line); } - if ( cmd_code != SMTP_CMD_END_OF_DATA ) + if ( cmd_code != detail::SMTP_CMD_END_OF_DATA ) UpdateState(cmd_code, 0, orig); } } @@ -299,8 +299,8 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) { reply_code = -1; Unexpected(is_sender, "reply code out of range", length, line); - ProtocolViolation(fmt("reply code %d out of range", - reply_code), line, length); + ProtocolViolation(zeek::util::fmt("reply code %d out of range", + reply_code), line, length); } else @@ -319,12 +319,12 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( reply_code >= 0 && length > 3 && line[3] == '-' ) { // A continued reply. pending_reply = reply_code; - line = skip_whitespace(line+4, end_of_line); + line = zeek::util::skip_whitespace(line+4, end_of_line); } else { // This is the end of the reply. - line = skip_whitespace(line+3, end_of_line); + line = zeek::util::skip_whitespace(line+3, end_of_line); pending_reply = 0; expect_sender = true; @@ -336,11 +336,11 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) { int cmd_code = last_replied_cmd; switch ( cmd_code ) { - case SMTP_CMD_CONN_ESTABLISHMENT: + case detail::SMTP_CMD_CONN_ESTABLISHMENT: cmd = ">"; break; - case SMTP_CMD_END_OF_DATA: + case detail::SMTP_CMD_END_OF_DATA: cmd = "."; break; @@ -361,12 +361,12 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) } // Process SMTP extensions, e.g. PIPELINING. - if ( last_replied_cmd == SMTP_CMD_EHLO && reply_code == 250 ) + if ( last_replied_cmd == detail::SMTP_CMD_EHLO && reply_code == 250 ) { const char* ext; int ext_len; - get_word(end_of_line - line, line, ext_len, ext); + zeek::util::get_word(end_of_line - line, line, ext_len, ext); ProcessExtension(ext_len, ext); } } @@ -399,7 +399,7 @@ void SMTP_Analyzer::StartTLS() { // STARTTLS was succesful. Remove SMTP support analyzers, add SSL // analyzer, and throw event signifying the change. - state = SMTP_IN_TLS; + state = detail::SMTP_IN_TLS; expect_sender = expect_recver = true; RemoveSupportAnalyzer(cl_orig); @@ -429,9 +429,9 @@ void SMTP_Analyzer::StartTLS() void SMTP_Analyzer::NewReply(int reply_code, bool orig) { - if ( state == SMTP_AFTER_GAP && reply_code > 0 ) + if ( state == detail::SMTP_AFTER_GAP && reply_code > 0 ) { - state = SMTP_GAP_RECOVERY; + state = detail::SMTP_GAP_RECOVERY; RequestEvent(strlen(unknown_cmd), unknown_cmd, 0, ""); /* if ( line_after_gap ) @@ -469,21 +469,21 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) { int st = state; - if ( st == SMTP_QUIT && reply_code == 0 ) + if ( st == detail::SMTP_QUIT && reply_code == 0 ) UnexpectedCommand(cmd_code, reply_code); switch ( cmd_code ) { - case SMTP_CMD_CONN_ESTABLISHMENT: + case detail::SMTP_CMD_CONN_ESTABLISHMENT: switch ( reply_code ) { case 0: - if ( st != SMTP_CONNECTED ) + if ( st != detail::SMTP_CONNECTED ) { // Impossible state, because the command // CONN_ESTABLISHMENT should only appear // in the very beginning. UnexpectedCommand(cmd_code, reply_code); } - state = SMTP_INITIATED; + state = detail::SMTP_INITIATED; break; case 220: @@ -491,7 +491,7 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) case 421: case 554: - state = SMTP_NOT_AVAILABLE; + state = detail::SMTP_NOT_AVAILABLE; break; default: @@ -500,13 +500,13 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } break; - case SMTP_CMD_EHLO: - case SMTP_CMD_HELO: + case detail::SMTP_CMD_EHLO: + case detail::SMTP_CMD_HELO: switch ( reply_code ) { case 0: - if ( st != SMTP_INITIATED ) + if ( st != detail::SMTP_INITIATED ) UnexpectedCommand(cmd_code, reply_code); - state = SMTP_READY; + state = detail::SMTP_READY; break; case 250: @@ -517,7 +517,7 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) case 501: case 504: case 550: - state = SMTP_INITIATED; + state = detail::SMTP_INITIATED; break; default: @@ -526,15 +526,15 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } break; - case SMTP_CMD_MAIL: - case SMTP_CMD_SEND: - case SMTP_CMD_SOML: - case SMTP_CMD_SAML: + case detail::SMTP_CMD_MAIL: + case detail::SMTP_CMD_SEND: + case detail::SMTP_CMD_SOML: + case detail::SMTP_CMD_SAML: switch ( reply_code ) { case 0: - if ( st != SMTP_READY ) + if ( st != detail::SMTP_READY ) UnexpectedCommand(cmd_code, reply_code); - state = SMTP_MAIL_OK; + state = detail::SMTP_MAIL_OK; break; case 250: @@ -549,8 +549,8 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) case 550: case 552: case 553: - if ( state != SMTP_IN_DATA ) - state = SMTP_READY; + if ( state != detail::SMTP_IN_DATA ) + state = detail::SMTP_READY; break; default: @@ -559,12 +559,12 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } break; - case SMTP_CMD_RCPT: + case detail::SMTP_CMD_RCPT: switch ( reply_code ) { case 0: - if ( st != SMTP_MAIL_OK && st != SMTP_RCPT_OK ) + if ( st != detail::SMTP_MAIL_OK && st != detail::SMTP_RCPT_OK ) UnexpectedCommand(cmd_code, reply_code); - state = SMTP_RCPT_OK; + state = detail::SMTP_RCPT_OK; break; case 250: @@ -591,10 +591,10 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } break; - case SMTP_CMD_DATA: + case detail::SMTP_CMD_DATA: switch ( reply_code ) { case 0: - if ( state != SMTP_RCPT_OK ) + if ( state != detail::SMTP_RCPT_OK ) UnexpectedCommand(cmd_code, reply_code); BeginData(orig); break; @@ -603,9 +603,9 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) break; case 421: - if ( state == SMTP_IN_DATA ) + if ( state == detail::SMTP_IN_DATA ) EndData(); - state = SMTP_QUIT; + state = detail::SMTP_QUIT; break; case 500: @@ -613,27 +613,27 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) case 503: case 451: case 554: - if ( state == SMTP_IN_DATA ) + if ( state == detail::SMTP_IN_DATA ) EndData(); - state = SMTP_READY; + state = detail::SMTP_READY; break; default: UnexpectedReply(cmd_code, reply_code); - if ( state == SMTP_IN_DATA ) + if ( state == detail::SMTP_IN_DATA ) EndData(); - state = SMTP_READY; + state = detail::SMTP_READY; break; } break; - case SMTP_CMD_END_OF_DATA: + case detail::SMTP_CMD_END_OF_DATA: switch ( reply_code ) { case 0: - if ( st != SMTP_IN_DATA ) + if ( st != detail::SMTP_IN_DATA ) UnexpectedCommand(cmd_code, reply_code); EndData(); - state = SMTP_AFTER_DATA; + state = detail::SMTP_AFTER_DATA; break; case 250: @@ -652,13 +652,13 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } if ( reply_code > 0 ) - state = SMTP_READY; + state = detail::SMTP_READY; break; - case SMTP_CMD_RSET: + case detail::SMTP_CMD_RSET: switch ( reply_code ) { case 0: - state = SMTP_READY; + state = detail::SMTP_READY; break; case 250: @@ -671,10 +671,10 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) break; - case SMTP_CMD_QUIT: + case detail::SMTP_CMD_QUIT: switch ( reply_code ) { case 0: - state = SMTP_QUIT; + state = detail::SMTP_QUIT; break; case 221: @@ -687,8 +687,8 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) break; - case SMTP_CMD_AUTH: - if ( st != SMTP_READY ) + case detail::SMTP_CMD_AUTH: + if ( st != detail::SMTP_READY ) UnexpectedCommand(cmd_code, reply_code); switch ( reply_code ) { @@ -697,11 +697,11 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) break; case 334: - state = SMTP_IN_AUTH; + state = detail::SMTP_IN_AUTH; break; case 235: - state = SMTP_INITIATED; + state = detail::SMTP_INITIATED; break; case 432: @@ -713,13 +713,13 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) case 535: case 538: default: - state = SMTP_INITIATED; + state = detail::SMTP_INITIATED; break; } break; - case SMTP_CMD_AUTH_ANSWER: - if ( st != SMTP_IN_AUTH ) + case detail::SMTP_CMD_AUTH_ANSWER: + if ( st != detail::SMTP_IN_AUTH ) UnexpectedCommand(cmd_code, reply_code); switch ( reply_code ) { @@ -728,19 +728,19 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) break; case 334: - state = SMTP_IN_AUTH; + state = detail::SMTP_IN_AUTH; break; case 235: case 535: default: - state = SMTP_INITIATED; + state = detail::SMTP_INITIATED; break; } break; - case SMTP_CMD_TURN: - if ( st != SMTP_READY ) + case detail::SMTP_CMD_TURN: + if ( st != detail::SMTP_READY ) UnexpectedCommand(cmd_code, reply_code); switch ( reply_code ) { @@ -752,7 +752,7 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) // flip-side orig_is_sender = ! orig_is_sender; - state = SMTP_CONNECTED; + state = detail::SMTP_CONNECTED; expect_sender = false; expect_recver = true; break; @@ -763,9 +763,9 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } break; - case SMTP_CMD_STARTTLS: - case SMTP_CMD_X_ANONYMOUSTLS: - if ( st != SMTP_READY ) + case detail::SMTP_CMD_STARTTLS: + case detail::SMTP_CMD_X_ANONYMOUSTLS: + if ( st != detail::SMTP_READY ) UnexpectedCommand(cmd_code, reply_code); switch ( reply_code ) { @@ -784,16 +784,16 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) } break; - case SMTP_CMD_VRFY: - case SMTP_CMD_EXPN: - case SMTP_CMD_HELP: - case SMTP_CMD_NOOP: + case detail::SMTP_CMD_VRFY: + case detail::SMTP_CMD_EXPN: + case detail::SMTP_CMD_HELP: + case detail::SMTP_CMD_NOOP: // These commands do not affect state. // ?? However, later we may want to add reply // and state check code. default: - if ( st == SMTP_GAP_RECOVERY && reply_code == 354 ) + if ( st == detail::SMTP_GAP_RECOVERY && reply_code == 354 ) { BeginData(orig); } @@ -805,10 +805,10 @@ void SMTP_Analyzer::UpdateState(int cmd_code, int reply_code, bool orig) // of data line might have been lost due to gaps in trace). Note, // BeginData() won't be called till the next DATA command. #if 0 - if ( state == SMTP_IN_DATA && reply_code >= 400 ) + if ( state == detail::SMTP_IN_DATA && reply_code >= 400 ) { EndData(); - state = SMTP_READY; + state = detail::SMTP_READY; } #endif } @@ -839,10 +839,10 @@ int SMTP_Analyzer::ParseCmd(int cmd_len, const char* cmd) // special case because we cannot define our usual macros with "-" if ( istrequal(cmd, "X-ANONYMOUSTLS", cmd_len) ) - return SMTP_CMD_X_ANONYMOUSTLS; + return detail::SMTP_CMD_X_ANONYMOUSTLS; - for ( int code = SMTP_CMD_EHLO; code < SMTP_CMD_LAST; ++code ) - if ( istrequal(cmd, smtp_cmd_word[code - SMTP_CMD_EHLO], cmd_len) ) + for ( int code = detail::SMTP_CMD_EHLO; code < detail::SMTP_CMD_LAST; ++code ) + if ( istrequal(cmd, smtp_cmd_word[code - detail::SMTP_CMD_EHLO], cmd_len) ) return code; return -1; @@ -919,7 +919,7 @@ void SMTP_Analyzer::ProcessData(int length, const char* line) void SMTP_Analyzer::BeginData(bool orig) { - state = SMTP_IN_DATA; + state = detail::SMTP_IN_DATA; skip_data = false; // reset the flag at the beginning of the mail if ( mail != nullptr ) { @@ -928,7 +928,7 @@ void SMTP_Analyzer::BeginData(bool orig) delete mail; } - mail = new mime::MIME_Mail(this, orig); + mail = new zeek::analyzer::mime::MIME_Mail(this, orig); } void SMTP_Analyzer::EndData() @@ -942,3 +942,5 @@ void SMTP_Analyzer::EndData() mail = nullptr; } } + +} // namespace zeek::analyzer::smtp diff --git a/src/analyzer/protocol/smtp/SMTP.h b/src/analyzer/protocol/smtp/SMTP.h index 9d67b16588..7dcb22a979 100644 --- a/src/analyzer/protocol/smtp/SMTP.h +++ b/src/analyzer/protocol/smtp/SMTP.h @@ -11,14 +11,15 @@ #undef SMTP_CMD_DEF #define SMTP_CMD_DEF(cmd) SMTP_CMD_##cmd, -namespace analyzer { namespace smtp { +namespace zeek::analyzer::smtp { +namespace detail { -typedef enum { +enum SMTP_Cmd { #include "SMTP_cmd.def" -} SMTP_Cmd; +}; // State is updated on every SMTP reply. -typedef enum { +enum SMTP_State { SMTP_CONNECTED, // 0: before the opening message SMTP_INITIATED, // 1: after opening message 220, EHLO/HELO expected SMTP_NOT_AVAILABLE, // 2: after opening message 554, etc. @@ -32,10 +33,11 @@ typedef enum { SMTP_QUIT, // 10: after QUIT SMTP_AFTER_GAP, // 11: after a gap is detected SMTP_GAP_RECOVERY, // 12: after the first reply after a gap -} SMTP_State; +}; +} // namespace detail -class SMTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class SMTP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit SMTP_Analyzer(zeek::Connection* conn); ~SMTP_Analyzer() override; @@ -87,11 +89,34 @@ protected: zeek::String* line_after_gap; // last line before the first reply // after a gap - mime::MIME_Mail* mail; + zeek::analyzer::mime::MIME_Mail* mail; private: - tcp::ContentLine_Analyzer* cl_orig; - tcp::ContentLine_Analyzer* cl_resp; + zeek::analyzer::tcp::ContentLine_Analyzer* cl_orig; + zeek::analyzer::tcp::ContentLine_Analyzer* cl_resp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::smtp + +namespace analyzer::smtp { + +using SMTP_Cmd [[deprecated("Remove in v4.1. Use zeek::analyzer::smtp::detail::SMTP_Cmd.")]] = zeek::analyzer::smtp::detail::SMTP_Cmd; +// The values from SMTP_Cmd come from a #include +using SMTP_State [[deprecated("Remove in v4.1. Use zeek::analyzer::smtp::detail::SMTP_State.")]] = zeek::analyzer::smtp::detail::SMTP_State; +constexpr auto SMTP_CONNECTED [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_CONNECTED.")]] = zeek::analyzer::smtp::detail::SMTP_CONNECTED; +constexpr auto SMTP_INITIATED [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_INITIATED.")]] = zeek::analyzer::smtp::detail::SMTP_INITIATED; +constexpr auto SMTP_NOT_AVAILABLE [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_NOT_AVAILABLE.")]] = zeek::analyzer::smtp::detail::SMTP_NOT_AVAILABLE; +constexpr auto SMTP_READY [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_READY.")]] = zeek::analyzer::smtp::detail::SMTP_READY; +constexpr auto SMTP_MAIL_OK [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_MAIL_OK.")]] = zeek::analyzer::smtp::detail::SMTP_MAIL_OK; +constexpr auto SMTP_RCPT_OK [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_RCPT_OK.")]] = zeek::analyzer::smtp::detail::SMTP_RCPT_OK; +constexpr auto SMTP_IN_DATA [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_IN_DATA.")]] = zeek::analyzer::smtp::detail::SMTP_IN_DATA; +constexpr auto SMTP_AFTER_DATA [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_AFTER_DATA.")]] = zeek::analyzer::smtp::detail::SMTP_AFTER_DATA; +constexpr auto SMTP_IN_AUTH [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_IN_AUTH.")]] = zeek::analyzer::smtp::detail::SMTP_IN_AUTH; +constexpr auto SMTP_IN_TLS [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_IN_TLS.")]] = zeek::analyzer::smtp::detail::SMTP_IN_TLS; +constexpr auto SMTP_QUIT [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_QUIT.")]] = zeek::analyzer::smtp::detail::SMTP_QUIT; +constexpr auto SMTP_AFTER_GAP [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_AFTER_GAP.")]] = zeek::analyzer::smtp::detail::SMTP_AFTER_GAP; +constexpr auto SMTP_GAP_RECOVERY [[deprecated("Remove in v4.1. Uze zeek::analyzer::smtp::detail::SMTP_GAP_RECOVERY.")]] = zeek::analyzer::smtp::detail::SMTP_GAP_RECOVERY; + +using SMTP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::smtp::SMTP_Analyzer.")]] = zeek::analyzer::smtp::SMTP_Analyzer; + +} // namespace analyzer::smtp diff --git a/src/analyzer/protocol/smtp/functions.bif b/src/analyzer/protocol/smtp/functions.bif index efc577f2f6..f25738f863 100644 --- a/src/analyzer/protocol/smtp/functions.bif +++ b/src/analyzer/protocol/smtp/functions.bif @@ -12,6 +12,6 @@ function skip_smtp_data%(c: connection%): any %{ zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SMTP"); if ( sa ) - static_cast<::analyzer::smtp::SMTP_Analyzer*>(sa)->SkipData(); + static_cast(sa)->SkipData(); return nullptr; %} diff --git a/src/analyzer/protocol/snmp/Plugin.cc b/src/analyzer/protocol/snmp/Plugin.cc index 4100dc679c..b42dc4de3f 100644 --- a/src/analyzer/protocol/snmp/Plugin.cc +++ b/src/analyzer/protocol/snmp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SNMP { +namespace zeek::plugin::detail::Zeek_SNMP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SNMP", ::analyzer::snmp::SNMP_Analyzer::InstantiateAnalyzer)); + AddComponent(new zeek::analyzer::Component("SNMP", zeek::analyzer::snmp::SNMP_Analyzer::InstantiateAnalyzer)); zeek::plugin::Configuration config; config.name = "Zeek::SNMP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SNMP diff --git a/src/analyzer/protocol/snmp/SNMP.cc b/src/analyzer/protocol/snmp/SNMP.cc index 2687823ac0..53d859f71c 100644 --- a/src/analyzer/protocol/snmp/SNMP.cc +++ b/src/analyzer/protocol/snmp/SNMP.cc @@ -6,7 +6,7 @@ #include "types.bif.h" #include "events.bif.h" -using namespace analyzer::snmp; +namespace zeek::analyzer::snmp { SNMP_Analyzer::SNMP_Analyzer(zeek::Connection* conn) : Analyzer("SNMP", conn) @@ -36,6 +36,8 @@ void SNMP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::snmp diff --git a/src/analyzer/protocol/snmp/SNMP.h b/src/analyzer/protocol/snmp/SNMP.h index 5521a81964..3a609db8ae 100644 --- a/src/analyzer/protocol/snmp/SNMP.h +++ b/src/analyzer/protocol/snmp/SNMP.h @@ -4,7 +4,7 @@ #include "snmp_pac.h" -namespace analyzer { namespace snmp { +namespace zeek::analyzer::snmp { class SNMP_Analyzer final : public zeek::analyzer::Analyzer { @@ -25,4 +25,10 @@ protected: binpac::SNMP::SNMP_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::snmp + +namespace analyzer::snmp { + +using SNMP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::snmp::SNMP_Analyzer.")]] = zeek::analyzer::snmp::SNMP_Analyzer; + +} // namespace analyzer::snmp diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 738ca3f912..a0e4894711 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -38,7 +38,7 @@ zeek::AddrValPtr network_address_to_val(const ASN1Encoding* na) return zeek::make_intrusive(zeek::IPAddr()); const u_char* data = reinterpret_cast(bs.data()); - uint32 network_order = extract_uint32(data); + uint32 network_order = zeek::extract_uint32(data); return zeek::make_intrusive(ntohl(network_order)); } @@ -397,7 +397,7 @@ refine connection SNMP_Conn += { // Unwind now to stop parsing because it's definitely the // wrong protocol and parsing further could be expensive. // Upper layer of analyzer will catch and call ProtocolViolation(). - throw binpac::Exception(fmt("Got ASN.1 tag %d, expect %d", + throw binpac::Exception(zeek::util::fmt("Got ASN.1 tag %d, expect %d", rec->tag(), expect)); return false; %} @@ -412,7 +412,7 @@ refine connection SNMP_Conn += { // order bit is set. return true; - throw binpac::Exception(fmt("ASN.1 integer width overflow: %d", len)); + throw binpac::Exception(zeek::util::fmt("ASN.1 integer width overflow: %d", len)); return false; %} diff --git a/src/analyzer/protocol/socks/Plugin.cc b/src/analyzer/protocol/socks/Plugin.cc index 7d4290a844..3c694c4ed6 100644 --- a/src/analyzer/protocol/socks/Plugin.cc +++ b/src/analyzer/protocol/socks/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SOCKS { +namespace zeek::plugin::detail::Zeek_SOCKS { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SOCKS", ::analyzer::socks::SOCKS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SOCKS", zeek::analyzer::socks::SOCKS_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SOCKS"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SOCKS diff --git a/src/analyzer/protocol/socks/SOCKS.cc b/src/analyzer/protocol/socks/SOCKS.cc index b203495335..328463912b 100644 --- a/src/analyzer/protocol/socks/SOCKS.cc +++ b/src/analyzer/protocol/socks/SOCKS.cc @@ -4,10 +4,10 @@ #include "events.bif.h" -using namespace analyzer::socks; +namespace zeek::analyzer::socks { SOCKS_Analyzer::SOCKS_Analyzer(zeek::Connection* conn) -: tcp::TCP_ApplicationAnalyzer("SOCKS", conn) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("SOCKS", conn) { interp = new binpac::SOCKS::SOCKS_Conn(this); orig_done = resp_done = false; @@ -29,7 +29,7 @@ void SOCKS_Analyzer::EndpointDone(bool orig) void SOCKS_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -37,13 +37,13 @@ void SOCKS_Analyzer::Done() void SOCKS_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); @@ -60,7 +60,7 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig) // are done with their part of the SOCKS protocol. if ( ! pia ) { - pia = new pia::PIA_TCP(Conn()); + pia = new zeek::analyzer::pia::PIA_TCP(Conn()); if ( AddChildAnalyzer(pia) ) { pia->FirstPacket(true, nullptr); @@ -80,13 +80,15 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } } void SOCKS_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::socks diff --git a/src/analyzer/protocol/socks/SOCKS.h b/src/analyzer/protocol/socks/SOCKS.h index 7dcddcc82c..9e5346ff4c 100644 --- a/src/analyzer/protocol/socks/SOCKS.h +++ b/src/analyzer/protocol/socks/SOCKS.h @@ -11,9 +11,9 @@ namespace binpac { } } -namespace analyzer { namespace socks { +namespace zeek::analyzer::socks { -class SOCKS_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class SOCKS_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit SOCKS_Analyzer(zeek::Connection* conn); ~SOCKS_Analyzer() override; @@ -33,8 +33,14 @@ protected: bool orig_done; bool resp_done; - pia::PIA_TCP *pia; + zeek::analyzer::pia::PIA_TCP *pia; binpac::SOCKS::SOCKS_Conn* interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::socks + +namespace analyzer::socks { + +using SOCKS_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::socks::SOCKS_Analyzer.")]] = zeek::analyzer::socks::SOCKS_Analyzer; + +} // namespace analyzer::socks diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac index 01b801eec3..a0b16e30d3 100644 --- a/src/analyzer/protocol/socks/socks-analyzer.pac +++ b/src/analyzer/protocol/socks/socks-analyzer.pac @@ -40,7 +40,7 @@ refine connection SOCKS_Conn += { array_to_string(${request.user})); } - static_cast(bro_analyzer())->EndpointDone(true); + static_cast(bro_analyzer())->EndpointDone(true); return true; %} @@ -62,7 +62,7 @@ refine connection SOCKS_Conn += { } bro_analyzer()->ProtocolConfirmation(); - static_cast(bro_analyzer())->EndpointDone(false); + static_cast(bro_analyzer())->EndpointDone(false); return true; %} @@ -70,14 +70,14 @@ refine connection SOCKS_Conn += { %{ if ( ${request.reserved} != 0 ) { - bro_analyzer()->ProtocolViolation(fmt("invalid value in reserved field: %d", ${request.reserved})); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid value in reserved field: %d", ${request.reserved})); bro_analyzer()->SetSkip(true); return false; } if ( (${request.command} == 0) || (${request.command} > 3) ) { - bro_analyzer()->ProtocolViolation(fmt("undefined value in command field: %d", ${request.command})); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("undefined value in command field: %d", ${request.command})); bro_analyzer()->SetSkip(true); return false; } @@ -102,7 +102,7 @@ refine connection SOCKS_Conn += { break; default: - bro_analyzer()->ProtocolViolation(fmt("invalid SOCKSv5 addr type: %d", ${request.remote_name.addr_type})); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid SOCKSv5 addr type: %d", ${request.remote_name.addr_type})); return false; } @@ -115,7 +115,7 @@ refine connection SOCKS_Conn += { zeek::val_mgr->Port(${request.port}, TRANSPORT_TCP), zeek::val_mgr->EmptyString()); - static_cast(bro_analyzer())->EndpointDone(true); + static_cast(bro_analyzer())->EndpointDone(true); return true; %} @@ -142,7 +142,7 @@ refine connection SOCKS_Conn += { break; default: - bro_analyzer()->ProtocolViolation(fmt("invalid SOCKSv5 addr type: %d", ${reply.bound.addr_type})); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("invalid SOCKSv5 addr type: %d", ${reply.bound.addr_type})); return false; } @@ -155,7 +155,7 @@ refine connection SOCKS_Conn += { zeek::val_mgr->Port(${reply.port}, TRANSPORT_TCP)); bro_analyzer()->ProtocolConfirmation(); - static_cast(bro_analyzer())->EndpointDone(false); + static_cast(bro_analyzer())->EndpointDone(false); return true; %} @@ -175,13 +175,13 @@ refine connection SOCKS_Conn += { function socks5_unsupported_authentication_method(auth_method: uint8): bool %{ - zeek::reporter->Weird(bro_analyzer()->Conn(), "socks5_unsupported_authentication_method", fmt("%d", auth_method)); + zeek::reporter->Weird(bro_analyzer()->Conn(), "socks5_unsupported_authentication_method", zeek::util::fmt("%d", auth_method)); return true; %} function socks5_unsupported_authentication_version(auth_method: uint8, version: uint8): bool %{ - zeek::reporter->Weird(bro_analyzer()->Conn(), "socks5_unsupported_authentication", fmt("method %d, version %d", auth_method, version)); + zeek::reporter->Weird(bro_analyzer()->Conn(), "socks5_unsupported_authentication", zeek::util::fmt("method %d, version %d", auth_method, version)); return true; %} @@ -196,7 +196,7 @@ refine connection SOCKS_Conn += { function version_error(version: uint8): bool %{ - bro_analyzer()->ProtocolViolation(fmt("unsupported/unknown SOCKS version %d", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("unsupported/unknown SOCKS version %d", version)); return true; %} diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc index 6040fcc213..37344cabec 100644 --- a/src/analyzer/protocol/ssh/Plugin.cc +++ b/src/analyzer/protocol/ssh/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SSH { +namespace zeek::plugin::detail::Zeek_SSH { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SSH", zeek::analyzer::ssh::SSH_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SSH"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SSH diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index c301e4eb2a..518f175cbb 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -9,10 +9,10 @@ #include "types.bif.h" #include "events.bif.h" -using namespace analyzer::SSH; +namespace zeek::analyzer::ssh { SSH_Analyzer::SSH_Analyzer(zeek::Connection* c) - : tcp::TCP_ApplicationAnalyzer("SSH", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("SSH", c) { interp = new binpac::SSH::SSH_Conn(this); had_gap = false; @@ -30,7 +30,7 @@ SSH_Analyzer::~SSH_Analyzer() void SSH_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -38,13 +38,13 @@ void SSH_Analyzer::Done() void SSH_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) @@ -69,7 +69,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } auto encrypted_len = interp->get_encrypted_bytes_in_current_segment(); @@ -83,7 +83,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) void SSH_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } @@ -175,3 +175,5 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) } } } + +} // namespace zeek::analyzer::ssh diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 78788df91b..42647d2b06 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -7,41 +7,47 @@ #include "analyzer/protocol/tcp/TCP.h" #include "ssh_pac.h" -namespace analyzer { - namespace SSH { - class SSH_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +namespace zeek::analyzer::ssh { - public: - explicit SSH_Analyzer(zeek::Connection* conn); - ~SSH_Analyzer() override; +class SSH_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { - // Overriden from Analyzer. - void Done() override; - void DeliverStream(int len, const u_char* data, bool orig) override; - void Undelivered(uint64_t seq, int len, bool orig) override; +public: + explicit SSH_Analyzer(zeek::Connection* conn); + ~SSH_Analyzer() override; - // Overriden from tcp::TCP_ApplicationAnalyzer. - void EndpointEOF(bool is_orig) override; + // Overriden from Analyzer. + void Done() override; + void DeliverStream(int len, const u_char* data, bool orig) override; + void Undelivered(uint64_t seq, int len, bool orig) override; - static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) - { return new SSH_Analyzer(conn); } + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. + void EndpointEOF(bool is_orig) override; - protected: - binpac::SSH::SSH_Conn* interp; + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) + { return new SSH_Analyzer(conn); } - void ProcessEncrypted(int len, bool orig); - void ProcessEncryptedSegment(int len, bool orig); +protected: + binpac::SSH::SSH_Conn* interp; - bool had_gap; + void ProcessEncrypted(int len, bool orig); + void ProcessEncryptedSegment(int len, bool orig); - // Packet analysis stuff - bool auth_decision_made; - bool skipped_banner; - bool saw_encrypted_client_data; + bool had_gap; - int service_accept_size; - int userauth_failure_size; + // Packet analysis stuff + bool auth_decision_made; + bool skipped_banner; + bool saw_encrypted_client_data; - }; - } -} + int service_accept_size; + int userauth_failure_size; + +}; + +} // namespace zeek::analyzer::ssh + +namespace analyzer::SSH { + +using SSH_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ssh::SSH_Analyzer.")]] = zeek::analyzer::ssh::SSH_Analyzer; + +} // namespace analyzer::SSH diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc index fca05e0c54..787c5c46b8 100644 --- a/src/analyzer/protocol/ssl/DTLS.cc +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -8,7 +8,7 @@ #include "dtls_pac.h" #include "tls-handshake_pac.h" -using namespace analyzer::dtls; +namespace zeek::analyzer::dtls { DTLS_Analyzer::DTLS_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("DTLS", c) @@ -66,6 +66,8 @@ void DTLS_Analyzer::SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, ui } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } + +} // namespace zeek::analyzer::dtls diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h index 20d38ae62c..84e3402b5a 100644 --- a/src/analyzer/protocol/ssl/DTLS.h +++ b/src/analyzer/protocol/ssl/DTLS.h @@ -5,10 +5,9 @@ #include "analyzer/protocol/udp/UDP.h" namespace binpac { namespace DTLS { class SSL_Conn; } } - namespace binpac { namespace TLSHandshake { class Handshake_Conn; } } -namespace analyzer { namespace dtls { +namespace zeek::analyzer::dtls { class DTLS_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -32,4 +31,10 @@ protected: binpac::TLSHandshake::Handshake_Conn* handshake_interp; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::dtls + +namespace analyzer::dtls { + +using DTLS_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::dtls::DTLS_Analyzer.")]] = zeek::analyzer::dtls::DTLS_Analyzer; + +} // namespace analyzer::dtls diff --git a/src/analyzer/protocol/ssl/Plugin.cc b/src/analyzer/protocol/ssl/Plugin.cc index 61adb16442..394b675701 100644 --- a/src/analyzer/protocol/ssl/Plugin.cc +++ b/src/analyzer/protocol/ssl/Plugin.cc @@ -5,15 +5,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SSL { +namespace zeek::plugin::detail::Zeek_SSL { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SSL", ::analyzer::ssl::SSL_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SSL", zeek::analyzer::ssl::SSL_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("DTLS", zeek::analyzer::dtls::DTLS_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SSL"; @@ -22,5 +21,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SSL diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index 8c78062d56..2330fa4000 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -8,10 +8,10 @@ #include "ssl_pac.h" #include "tls-handshake_pac.h" -using namespace analyzer::ssl; +namespace zeek::analyzer::ssl { SSL_Analyzer::SSL_Analyzer(zeek::Connection* c) -: tcp::TCP_ApplicationAnalyzer("SSL", c) +: zeek::analyzer::tcp::TCP_ApplicationAnalyzer("SSL", c) { interp = new binpac::SSL::SSL_Conn(this); handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this); @@ -26,7 +26,7 @@ SSL_Analyzer::~SSL_Analyzer() void SSL_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -36,7 +36,7 @@ void SSL_Analyzer::Done() void SSL_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); handshake_interp->FlowEOF(is_orig); } @@ -50,7 +50,7 @@ void SSL_Analyzer::StartEncryption() void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); if ( TCP()->IsPartial() ) @@ -67,7 +67,7 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } @@ -80,13 +80,15 @@ void SSL_Analyzer::SendHandshake(uint16_t raw_tls_version, const u_char* begin, } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void SSL_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } + +} // namespace zeek::analyzer::ssl diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h index 51a5f6d53b..820b741a21 100644 --- a/src/analyzer/protocol/ssl/SSL.h +++ b/src/analyzer/protocol/ssl/SSL.h @@ -8,9 +8,9 @@ namespace binpac { namespace SSL { class SSL_Conn; } } namespace binpac { namespace TLSHandshake { class Handshake_Conn; } } -namespace analyzer { namespace ssl { +namespace zeek::analyzer::ssl { -class SSL_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class SSL_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit SSL_Analyzer(zeek::Connection* conn); ~SSL_Analyzer() override; @@ -25,7 +25,7 @@ public: // Tell the analyzer that encryption has started. void StartEncryption(); - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) @@ -38,4 +38,10 @@ protected: }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::ssl + +namespace analyzer::ssl { + +using SSL_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::ssl::SSL_Analyzer.")]] = zeek::analyzer::ssl::SSL_Analyzer; + +} // namespace analyzer::ssl diff --git a/src/analyzer/protocol/ssl/dtls-analyzer.pac b/src/analyzer/protocol/ssl/dtls-analyzer.pac index 990f1841b1..c650483332 100644 --- a/src/analyzer/protocol/ssl/dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/dtls-analyzer.pac @@ -55,7 +55,7 @@ refine connection SSL_Conn += { if ( length > MAX_DTLS_HANDSHAKE_RECORD ) { - bro_analyzer()->ProtocolViolation(fmt("DTLS record length %" PRId64 " larger than allowed maximum.", length)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("DTLS record length %" PRId64 " larger than allowed maximum.", length)); return true; } @@ -97,13 +97,13 @@ refine connection SSL_Conn += { // copy data from fragment to buffer if ( ${rec.data}.length() != flength ) { - bro_analyzer()->ProtocolViolation(fmt("DTLS handshake record length does not match packet length")); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("DTLS handshake record length does not match packet length")); return true; } if ( foffset + flength > length ) { - bro_analyzer()->ProtocolViolation(fmt("DTLS handshake fragment trying to write past end of buffer")); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("DTLS handshake fragment trying to write past end of buffer")); return true; } @@ -124,7 +124,7 @@ refine connection SSL_Conn += { uint64 total_length = i->message_last_sequence - i->message_first_sequence; if ( total_length > 30 ) { - bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 30 pieces. Cannot reassemble.")); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("DTLS Message fragmented over more than 30 pieces. Cannot reassemble.")); return true; } @@ -147,4 +147,3 @@ refine typeattr SSLRecord += &let { refine typeattr Handshake += &let { proc: bool = $context.connection.proc_handshake(rec, this); }; - diff --git a/src/analyzer/protocol/ssl/dtls-protocol.pac b/src/analyzer/protocol/ssl/dtls-protocol.pac index c54a62f251..ded8549388 100644 --- a/src/analyzer/protocol/ssl/dtls-protocol.pac +++ b/src/analyzer/protocol/ssl/dtls-protocol.pac @@ -74,7 +74,7 @@ refine connection SSL_Conn += { { reported_errors_++; if ( reported_errors_ <= zeek::BifConst::SSL::dtls_max_reported_version_errors ) - bro_analyzer()->ProtocolViolation(fmt("Invalid version in DTLS connection. Packet reported version: %d", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid version in DTLS connection. Packet reported version: %d", version)); } if ( invalid_version_count_ > zeek::BifConst::SSL::dtls_max_version_errors ) diff --git a/src/analyzer/protocol/ssl/dtls.pac b/src/analyzer/protocol/ssl/dtls.pac index b2aa34d5c5..05dd3b7d06 100644 --- a/src/analyzer/protocol/ssl/dtls.pac +++ b/src/analyzer/protocol/ssl/dtls.pac @@ -6,8 +6,8 @@ %extern{ #include "events.bif.h" -namespace analyzer { namespace dtls { class DTLS_Analyzer; } } -typedef analyzer::dtls::DTLS_Analyzer* DTLSAnalyzer; +namespace zeek::analyzer::dtls { class DTLS_Analyzer; } +using DTLSAnalyzer = zeek::analyzer::dtls::DTLS_Analyzer*; #include "DTLS.h" #include "consts.bif.h" diff --git a/src/analyzer/protocol/ssl/functions.bif b/src/analyzer/protocol/ssl/functions.bif index 99112e3c19..a7f01a9c4c 100644 --- a/src/analyzer/protocol/ssl/functions.bif +++ b/src/analyzer/protocol/ssl/functions.bif @@ -13,6 +13,6 @@ function set_ssl_established%(c: connection%): any %{ zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SSL"); if ( sa ) - static_cast<::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption(); + static_cast(sa)->StartEncryption(); return nullptr; %} diff --git a/src/analyzer/protocol/ssl/proc-certificate.pac b/src/analyzer/protocol/ssl/proc-certificate.pac index fd725ee4dc..167476999c 100644 --- a/src/analyzer/protocol/ssl/proc-certificate.pac +++ b/src/analyzer/protocol/ssl/proc-certificate.pac @@ -26,12 +26,13 @@ file_handle.Add(common.Description()); file_handle.Add(i); - string file_id = file_mgr->HashHandle(file_handle.Description()); + string file_id = zeek::file_mgr->HashHandle(file_handle.Description()); - file_mgr->DataIn(reinterpret_cast(cert.data()), - cert.length(), bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), is_orig, file_id, i == 0 ? user_mime : ca_mime); - file_mgr->EndOfFile(file_id); + zeek::file_mgr->DataIn(reinterpret_cast(cert.data()), + cert.length(), bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), is_orig, + file_id, i == 0 ? user_mime : ca_mime); + zeek::file_mgr->EndOfFile(file_id); } return true; %} diff --git a/src/analyzer/protocol/ssl/proc-client-hello.pac b/src/analyzer/protocol/ssl/proc-client-hello.pac index c879b6e29a..af98a08c71 100644 --- a/src/analyzer/protocol/ssl/proc-client-hello.pac +++ b/src/analyzer/protocol/ssl/proc-client-hello.pac @@ -8,7 +8,7 @@ %{ if ( ! version_ok(version) ) { - bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("unsupported client SSL version 0x%04x", version)); bro_analyzer()->SetSkip(true); } else diff --git a/src/analyzer/protocol/ssl/proc-server-hello.pac b/src/analyzer/protocol/ssl/proc-server-hello.pac index f49eacbc68..092090c2f8 100644 --- a/src/analyzer/protocol/ssl/proc-server-hello.pac +++ b/src/analyzer/protocol/ssl/proc-server-hello.pac @@ -8,7 +8,7 @@ %{ if ( ! version_ok(version) ) { - bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("unsupported server SSL version 0x%04x", version)); bro_analyzer()->SetSkip(true); } diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac index ae4a86b460..126f4ce58b 100644 --- a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac @@ -38,7 +38,7 @@ refine connection SSL_Conn += { %} function proc_unknown_record(rec: SSLRecord) : bool %{ - bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s", + bro_analyzer()->ProtocolViolation(zeek::util::fmt("unknown SSL record type (%d) from %s", ${rec.content_type}, orig_label(${rec.is_orig}).c_str())); return true; @@ -84,7 +84,7 @@ refine connection SSL_Conn += { %{ if ( version != SSLv20 ) { - bro_analyzer()->ProtocolViolation(fmt("Invalid version in SSL server hello. Version: %d", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid version in SSL server hello. Version: %d", version)); bro_analyzer()->SetSkip(true); return false; } diff --git a/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac b/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac index a72e1d5938..d75e6a97b9 100644 --- a/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac @@ -32,7 +32,7 @@ enum AnalyzerState { return string("ENCRYPTED"); default: - return string(fmt("UNKNOWN (%d)", state_nr)); + return string(zeek::util::fmt("UNKNOWN (%d)", state_nr)); } } %} diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index 5f86f997ab..0235611aa6 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -154,7 +154,7 @@ refine connection SSL_Conn += { if ( version != SSLv30 && version != TLSv10 && version != TLSv11 && version != TLSv12 ) { - bro_analyzer()->ProtocolViolation(fmt("Invalid version late in TLS connection. Packet reported version: %d", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid version late in TLS connection. Packet reported version: %d", version)); bro_analyzer()->SetSkip(true); return UNKNOWN_VERSION; } @@ -171,7 +171,7 @@ refine connection SSL_Conn += { if ( version != SSLv20 && version != SSLv30 && version != TLSv10 && version != TLSv11 && version != TLSv12 ) { - bro_analyzer()->ProtocolViolation(fmt("Invalid version in SSL client hello. Version: %d", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid version in SSL client hello. Version: %d", version)); bro_analyzer()->SetSkip(true); return UNKNOWN_VERSION; } @@ -188,7 +188,7 @@ refine connection SSL_Conn += { else // this is not SSL or TLS. { - bro_analyzer()->ProtocolViolation(fmt("Invalid headers in SSL connection. Head1: %d, head2: %d, head3: %d", head1, head2, head3)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid headers in SSL connection. Head1: %d, head2: %d, head3: %d", head1, head2, head3)); bro_analyzer()->SetSkip(true); return UNKNOWN_VERSION; } @@ -198,7 +198,7 @@ refine connection SSL_Conn += { if ( version != SSLv30 && version != TLSv10 && version != TLSv11 && version != TLSv12 ) { - bro_analyzer()->ProtocolViolation(fmt("Invalid version in TLS connection. Version: %d", version)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid version in TLS connection. Version: %d", version)); bro_analyzer()->SetSkip(true); return UNKNOWN_VERSION; } @@ -209,7 +209,7 @@ refine connection SSL_Conn += { return version; } - bro_analyzer()->ProtocolViolation(fmt("Invalid type in TLS connection. Version: %d, Type: %d", version, head0)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Invalid type in TLS connection. Version: %d, Type: %d", version, head0)); bro_analyzer()->SetSkip(true); return UNKNOWN_VERSION; %} diff --git a/src/analyzer/protocol/ssl/ssl.pac b/src/analyzer/protocol/ssl/ssl.pac index e7bf1bf23e..7269d2514f 100644 --- a/src/analyzer/protocol/ssl/ssl.pac +++ b/src/analyzer/protocol/ssl/ssl.pac @@ -12,8 +12,8 @@ #include "Desc.h" #include "events.bif.h" -namespace analyzer { namespace ssl { class SSL_Analyzer; } } -typedef analyzer::ssl::SSL_Analyzer* SSLAnalyzer; +namespace zeek::analyzer::ssl { class SSL_Analyzer; } +using SSLAnalyzer = zeek::analyzer::ssl::SSL_Analyzer*; #include "SSL.h" %} diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index 9194994709..41972c9614 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -55,7 +55,7 @@ refine connection Handshake_Conn += { { // This should be impossible due to the binpac parser // and protocol description - bro_analyzer()->ProtocolViolation(fmt("Impossible extension length: %zu", length)); + bro_analyzer()->ProtocolViolation(zeek::util::fmt("Impossible extension length: %zu", length)); bro_analyzer()->SetSkip(true); return true; } @@ -203,7 +203,7 @@ refine connection Handshake_Conn += { ServerName* servername = (*list)[i]; if ( servername->name_type() != 0 ) { - bro_analyzer()->Weird("ssl_ext_unknown_server_name_type", fmt("%d", servername->name_type())); + bro_analyzer()->Weird("ssl_ext_unknown_server_name_type", zeek::util::fmt("%d", servername->name_type())); continue; } @@ -288,7 +288,7 @@ refine connection Handshake_Conn += { function proc_unknown_handshake(hs: HandshakeRecord, is_orig: bool) : bool %{ - bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s", + bro_analyzer()->ProtocolViolation(zeek::util::fmt("unknown handshake message (%d) from %s", ${hs.msg_type}, orig_label(is_orig).c_str())); return true; %} @@ -307,11 +307,11 @@ refine connection Handshake_Conn += { file_handle.Add(common.Description()); file_handle.Add("ocsp"); - string file_id = file_mgr->HashHandle(file_handle.Description()); + string file_id = zeek::file_mgr->HashHandle(file_handle.Description()); - file_mgr->DataIn(reinterpret_cast(response.data()), - response.length(), bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), false, file_id, "application/ocsp-response"); + zeek::file_mgr->DataIn(reinterpret_cast(response.data()), + response.length(), bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), false, file_id, "application/ocsp-response"); if ( ssl_stapled_ocsp ) zeek::BifEvent::enqueue_ssl_stapled_ocsp(bro_analyzer(), @@ -319,7 +319,7 @@ refine connection Handshake_Conn += { ${rec.is_orig}, zeek::make_intrusive(response.length(), (const char*) response.data())); - file_mgr->EndOfFile(file_id); + zeek::file_mgr->EndOfFile(file_id); } else if ( response.length() == 0 ) { diff --git a/src/analyzer/protocol/stepping-stone/Plugin.cc b/src/analyzer/protocol/stepping-stone/Plugin.cc index 2cd972932a..d43318525a 100644 --- a/src/analyzer/protocol/stepping-stone/Plugin.cc +++ b/src/analyzer/protocol/stepping-stone/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_SteppingStone { +namespace zeek::plugin::detail::Zeek_SteppingStone { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("SteppingStone", ::analyzer::stepping_stone::SteppingStone_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("SteppingStone", zeek::analyzer::stepping_stone::SteppingStone_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SteppingStone"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SteppingStone diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index a367ee25c4..208a99dd6b 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -6,16 +6,16 @@ #include #include "Event.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "analyzer/protocol/tcp/TCP.h" #include "Sessions.h" #include "util.h" #include "events.bif.h" -using namespace analyzer::stepping_stone; +namespace zeek::analyzer::stepping_stone { -SteppingStoneEndpoint::SteppingStoneEndpoint(tcp::TCP_Endpoint* e, SteppingStoneManager* m) +SteppingStoneEndpoint::SteppingStoneEndpoint(zeek::analyzer::tcp::TCP_Endpoint* e, SteppingStoneManager* m) { endp = e; stp_max_top_seq = 0; @@ -61,8 +61,8 @@ void SteppingStoneEndpoint::Done() } bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen, - const u_char* data, const zeek::IP_Hdr* /* ip */, - const struct tcphdr* tp) + const u_char* data, const zeek::IP_Hdr* /* ip */, + const struct tcphdr* tp) { if ( caplen < len ) len = caplen; @@ -70,7 +70,7 @@ bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen if ( len <= 0 ) return false; - double tmin = t - stp_delta; + double tmin = t - zeek::detail::stp_delta; while ( stp_manager->OrderedEndpoints().length() > 0 ) { @@ -95,7 +95,7 @@ bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen stp_max_top_seq = top_seq; - if ( stp_last_time && t <= stp_last_time + stp_idle_min ) + if ( stp_last_time && t <= stp_last_time + zeek::detail::stp_idle_min ) { stp_last_time = t; return true; @@ -153,7 +153,7 @@ void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig) } SteppingStone_Analyzer::SteppingStone_Analyzer(zeek::Connection* c) -: tcp::TCP_ApplicationAnalyzer("STEPPINGSTONE", c) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("STEPPINGSTONE", c) { stp_manager = zeek::sessions->GetSTPManager(); @@ -163,7 +163,7 @@ SteppingStone_Analyzer::SteppingStone_Analyzer(zeek::Connection* c) void SteppingStone_Analyzer::Init() { - tcp::TCP_ApplicationAnalyzer::Init(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Init(); assert(TCP()); orig_endp = new SteppingStoneEndpoint(TCP()->Orig(), stp_manager); @@ -171,41 +171,41 @@ void SteppingStone_Analyzer::Init() } void SteppingStone_Analyzer::DeliverPacket(int len, const u_char* data, - bool is_orig, uint64_t seq, - const zeek::IP_Hdr* ip, int caplen) + bool is_orig, uint64_t seq, + const zeek::IP_Hdr* ip, int caplen) { - tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, - ip, caplen); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, + ip, caplen); if ( is_orig ) - orig_endp->DataSent(network_time, seq, len, caplen, data, nullptr, nullptr); + orig_endp->DataSent(zeek::run_state::network_time, seq, len, caplen, data, nullptr, nullptr); else - resp_endp->DataSent(network_time, seq, len, caplen, data, nullptr, nullptr); + resp_endp->DataSent(zeek::run_state::network_time, seq, len, caplen, data, nullptr, nullptr); } void SteppingStone_Analyzer::DeliverStream(int len, const u_char* data, - bool is_orig) + bool is_orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); if ( is_orig ) { - orig_endp->DataSent(network_time, orig_stream_pos, len, len, - data, nullptr, nullptr); + orig_endp->DataSent(zeek::run_state::network_time, orig_stream_pos, len, len, + data, nullptr, nullptr); orig_stream_pos += len; } else { - resp_endp->DataSent(network_time, resp_stream_pos, len, len, - data, nullptr, nullptr); + resp_endp->DataSent(zeek::run_state::network_time, resp_stream_pos, len, len, + data, nullptr, nullptr); resp_stream_pos += len; } } void SteppingStone_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); orig_endp->Done(); resp_endp->Done(); @@ -213,3 +213,5 @@ void SteppingStone_Analyzer::Done() Unref(orig_endp); Unref(resp_endp); } + +} // namespace zeek::analyzer::stepping_stone diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.h b/src/analyzer/protocol/stepping-stone/SteppingStone.h index 3824dc77e9..cff86cda31 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.h +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.h @@ -7,25 +7,25 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek); -namespace analyzer::stepping_stone { +namespace zeek::analyzer::stepping_stone { class SteppingStoneEndpoint; class SteppingStoneManager; class SteppingStoneEndpoint : public zeek::Obj { public: - SteppingStoneEndpoint(tcp::TCP_Endpoint* e, SteppingStoneManager* m); + SteppingStoneEndpoint(zeek::analyzer::tcp::TCP_Endpoint* e, SteppingStoneManager* m); ~SteppingStoneEndpoint() override; void Done(); bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data, - const zeek::IP_Hdr* ip, const struct tcphdr* tp); + const zeek::IP_Hdr* ip, const struct tcphdr* tp); protected: void Event(zeek::EventHandlerPtr f, int id1, int id2 = -1); void CreateEndpEvent(bool is_orig); - tcp::TCP_Endpoint* endp; + zeek::analyzer::tcp::TCP_Endpoint* endp; uint64_t stp_max_top_seq; double stp_last_time; double stp_resume_time; @@ -40,7 +40,7 @@ protected: std::map stp_outbound_endps; }; -class SteppingStone_Analyzer : public tcp::TCP_ApplicationAnalyzer { +class SteppingStone_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit SteppingStone_Analyzer(zeek::Connection* c); ~SteppingStone_Analyzer() override {}; @@ -55,7 +55,7 @@ protected: // We support both packet and stream input and can be put in place even // if the TCP analyzer is not yet reassebmling. void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void DeliverStream(int len, const u_char* data, bool is_orig) override; int orig_stream_pos; @@ -81,4 +81,12 @@ protected: int endp_cnt = 0; }; +} // namespace zeek::analyzer::stepping_stone + +namespace analyzer::stepping_stone { + +using SteppingStoneEndpoint [[deprecated("Remove in v4.1. Use zeek::analyzer::stepping_stone::SteppingStoneEndpoint.")]] = zeek::analyzer::stepping_stone::SteppingStoneEndpoint; +using SteppingStone_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::stepping_stone::SteppingStone_Analyzer.")]] = zeek::analyzer::stepping_stone::SteppingStone_Analyzer; +using SteppingStoneManager [[deprecated("Remove in v4.1. Use zeek::analyzer::stepping_stone::SteppingStoneManager.")]] = zeek::analyzer::stepping_stone::SteppingStoneManager; + } // namespace analyzer::stepping_stone diff --git a/src/analyzer/protocol/syslog/Plugin.cc b/src/analyzer/protocol/syslog/Plugin.cc index 4ae18015aa..c38a291cb1 100644 --- a/src/analyzer/protocol/syslog/Plugin.cc +++ b/src/analyzer/protocol/syslog/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Syslog { +namespace zeek::plugin::detail::Zeek_Syslog { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("Syslog", ::analyzer::syslog::Syslog_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Syslog", zeek::analyzer::syslog::Syslog_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Syslog"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Syslog diff --git a/src/analyzer/protocol/syslog/Syslog.cc b/src/analyzer/protocol/syslog/Syslog.cc index 01541c5087..91edc9a77a 100644 --- a/src/analyzer/protocol/syslog/Syslog.cc +++ b/src/analyzer/protocol/syslog/Syslog.cc @@ -4,7 +4,7 @@ #include "events.bif.h" -using namespace analyzer::syslog; +namespace zeek::analyzer::syslog { Syslog_Analyzer::Syslog_Analyzer(zeek::Connection* conn) : Analyzer("SYSLOG", conn) @@ -50,7 +50,7 @@ void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint // } //Syslog_tcp::TCP_Analyzer::Syslog_tcp::TCP_Analyzer(zeek::Connection* conn) -//: tcp::TCP_ApplicationAnalyzer(conn) +//: zeek::analyzer::tcp::TCP_ApplicationAnalyzer(conn) // { // interp = new binpac::Syslog_on_TCP::Syslog_TCP_Conn(this); // } @@ -62,7 +62,7 @@ void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint //void Syslog_tcp::TCP_Analyzer::Done() // { -// tcp::TCP_ApplicationAnalyzer::Done(); +// zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); // // interp->FlowEOF(true); // interp->FlowEOF(false); @@ -70,14 +70,14 @@ void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint //void Syslog_tcp::TCP_Analyzer::EndpointEOF(tcp::TCP_Reassembler* endp) // { -// tcp::TCP_ApplicationAnalyzer::EndpointEOF(endp); +// zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(endp); // interp->FlowEOF(endp->IsOrig()); // } //void Syslog_tcp::TCP_Analyzer::DeliverStream(int len, const u_char* data, // bool orig) // { -// tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); +// zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); // // assert(TCP()); // @@ -90,6 +90,8 @@ void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint //void Syslog_tcp::TCP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) // { -// tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); +// zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); // interp->NewGap(orig, len); // } + +} // namespace zeek::analyzer::syslog diff --git a/src/analyzer/protocol/syslog/Syslog.h b/src/analyzer/protocol/syslog/Syslog.h index 6e36f90f4c..ec9ac6485d 100644 --- a/src/analyzer/protocol/syslog/Syslog.h +++ b/src/analyzer/protocol/syslog/Syslog.h @@ -6,7 +6,7 @@ #include "syslog_pac.h" -namespace analyzer { namespace syslog { +namespace zeek::analyzer::syslog { class Syslog_Analyzer : public zeek::analyzer::Analyzer { public: @@ -28,7 +28,7 @@ protected: // #include "Syslog_tcp_pac.h" // -//class Syslog_tcp::TCP_Analyzer : public tcp::TCP_ApplicationAnalyzer { +//class Syslog_tcp::TCP_Analyzer : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { //public: // Syslog_tcp::TCP_Analyzer(zeek::Connection* conn); // virtual ~Syslog_tcp::TCP_Analyzer(); @@ -45,4 +45,11 @@ protected: // binpac::Syslog_on_TCP::Syslog_TCP_Conn* interp; //}; // -} } // namespace analyzer::* + +} // namespace zeek::analyzer::syslog + +namespace analyzer::syslog { + +using Syslog_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::syslog::Syslog_Analyzer.")]] = zeek::analyzer::syslog::Syslog_Analyzer; + +} // namespace analyzer::syslog diff --git a/src/analyzer/protocol/tcp/ContentLine.cc b/src/analyzer/protocol/tcp/ContentLine.cc index f8fcef337c..a8d88d4ded 100644 --- a/src/analyzer/protocol/tcp/ContentLine.cc +++ b/src/analyzer/protocol/tcp/ContentLine.cc @@ -4,7 +4,7 @@ #include "events.bif.h" -using namespace analyzer::tcp; +namespace zeek::analyzer::tcp { ContentLine_Analyzer::ContentLine_Analyzer(zeek::Connection* conn, bool orig, int max_line_length) : TCP_SupportAnalyzer("CONTENTLINE", conn, orig), max_line_length(max_line_length) @@ -338,3 +338,5 @@ void ContentLine_Analyzer::SkipBytes(int64_t length) skip_pending = 0; seq_to_skip = SeqDelivered() + length; } + +} // namespace zeek::analyzer::tcp diff --git a/src/analyzer/protocol/tcp/ContentLine.h b/src/analyzer/protocol/tcp/ContentLine.h index b9d1837a73..cf7dd0866c 100644 --- a/src/analyzer/protocol/tcp/ContentLine.h +++ b/src/analyzer/protocol/tcp/ContentLine.h @@ -4,13 +4,13 @@ #include "analyzer/protocol/tcp/TCP.h" -namespace analyzer { namespace tcp { +namespace zeek::analyzer::tcp { #define CR_as_EOL 1 #define LF_as_EOL 2 // Slightly smaller than 16MB so that the buffer is not unnecessarily resized to 32M. -#define DEFAULT_MAX_LINE_LENGTH 16 * 1024 * 1024 - 100 +constexpr auto DEFAULT_MAX_LINE_LENGTH = 16 * 1024 * 1024 - 100; class ContentLine_Analyzer : public TCP_SupportAnalyzer { public: @@ -114,4 +114,10 @@ protected: bool skip_partial; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::tcp + +namespace analyzer::tcp { + +using ContentLine_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::ContentLine_Analyzer.")]] = zeek::analyzer::tcp::ContentLine_Analyzer; + +} // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/Plugin.cc b/src/analyzer/protocol/tcp/Plugin.cc index be35d2a45f..4780aaa183 100644 --- a/src/analyzer/protocol/tcp/Plugin.cc +++ b/src/analyzer/protocol/tcp/Plugin.cc @@ -4,15 +4,14 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_TCP { +namespace zeek::plugin::detail::Zeek_TCP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("TCP", ::analyzer::tcp::TCP_Analyzer::Instantiate)); - AddComponent(new zeek::analyzer::Component("TCPStats", ::analyzer::tcp::TCPStats_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("TCP", zeek::analyzer::tcp::TCP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("TCPStats", zeek::analyzer::tcp::TCPStats_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("CONTENTLINE", nullptr)); AddComponent(new zeek::analyzer::Component("Contents", nullptr)); @@ -23,5 +22,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_TCP diff --git a/src/analyzer/protocol/tcp/Stats.cc b/src/analyzer/protocol/tcp/Stats.cc index 5ed6b8de23..c4b7e6cd07 100644 --- a/src/analyzer/protocol/tcp/Stats.cc +++ b/src/analyzer/protocol/tcp/Stats.cc @@ -4,7 +4,7 @@ #include "events.bif.h" -using namespace analyzer::tcp; +namespace zeek::analyzer::tcp { TCPStateStats::TCPStateStats() { @@ -81,3 +81,5 @@ void TCPStateStats::PrintStats(zeek::File* file, const char* prefix) file->Write("\n"); } } + +} // namespace zeek::analyzer::tcp diff --git a/src/analyzer/protocol/tcp/Stats.h b/src/analyzer/protocol/tcp/Stats.h index 3e358d9d71..77c7fb8f58 100644 --- a/src/analyzer/protocol/tcp/Stats.h +++ b/src/analyzer/protocol/tcp/Stats.h @@ -3,7 +3,7 @@ #include "TCP_Endpoint.h" -namespace analyzer { namespace tcp { +namespace zeek::analyzer::tcp { // A TCPStateStats object tracks the distribution of TCP states for // the currently active connections. @@ -65,4 +65,10 @@ private: unsigned int state_cnt[TCP_ENDPOINT_RESET+1][TCP_ENDPOINT_RESET+1]; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::tcp + +namespace analyzer::tcp { + +using TCPStateStats [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCPStateStats.")]] = zeek::analyzer::tcp::TCPStateStats; + +} // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 8ec00cf130..99fde8955c 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -8,7 +8,7 @@ #include "analyzer/protocol/pia/PIA.h" #include "IP.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "File.h" #include "Event.h" @@ -19,13 +19,13 @@ #include "events.bif.h" #include "types.bif.h" -using namespace analyzer::tcp; - namespace { // local namespace const bool DEBUG_tcp_data_sent = false; const bool DEBUG_tcp_connection_close = false; } +namespace zeek::analyzer::tcp { + // The following are not included in all systems' tcp.h. #ifndef TH_ECE @@ -36,7 +36,6 @@ namespace { // local namespace #define TH_CWR 0x80 #endif - #define TOO_LARGE_SEQ_DELTA 1048576 static const int ORIG = 1; @@ -128,7 +127,7 @@ TCP_Analyzer::TCP_Analyzer(zeek::Connection* conn) { // Set a timer to eventually time out this connection. ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, - network_time + tcp_SYN_timeout, false, + zeek::run_state::network_time + zeek::detail::tcp_SYN_timeout, false, zeek::detail::TIMER_TCP_EXPIRE); deferred_gen_event = close_deferred = 0; @@ -167,7 +166,7 @@ void TCP_Analyzer::Done() { Analyzer::Done(); - if ( terminating && connection_pending && is_active && ! BothClosed() ) + if ( zeek::run_state::terminating && connection_pending && is_active && ! BothClosed() ) Event(connection_pending); LOOP_OVER_GIVEN_CHILDREN(i, packet_children) @@ -276,7 +275,7 @@ const struct tcphdr* TCP_Analyzer::ExtractTCP_Header(const u_char*& data, bool TCP_Analyzer::ValidateChecksum(const struct tcphdr* tp, TCP_Endpoint* endpoint, int len, int caplen) { - if ( ! current_pkt->l3_checksummed && ! ignore_checksums && caplen >= len && + if ( ! zeek::run_state::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >= len && ! endpoint->ValidChecksum(tp, len) ) { Weird("bad_TCP_checksum"); @@ -494,9 +493,9 @@ void TCP_Analyzer::UpdateInactiveState(double t, else endpoint->SetState(TCP_ENDPOINT_SYN_SENT); - if ( tcp_attempt_delay ) + if ( zeek::detail::tcp_attempt_delay ) ADD_ANALYZER_TIMER(&TCP_Analyzer::AttemptTimer, - t + tcp_attempt_delay, true, + t + zeek::detail::tcp_attempt_delay, true, zeek::detail::TIMER_TCP_ATTEMPT); } else @@ -726,7 +725,7 @@ void TCP_Analyzer::UpdateClosedState(double t, TCP_Endpoint* endpoint, if ( connection_reset ) ADD_ANALYZER_TIMER(&TCP_Analyzer::ResetTimer, - t + tcp_reset_delay, true, + t + zeek::detail::tcp_reset_delay, true, zeek::detail::TIMER_TCP_RESET); } } @@ -822,7 +821,7 @@ void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip) { if ( is_orig && ! (first_packet_seen & ORIG) ) { - pia::PIA_TCP* pia = static_cast(Conn()->GetPrimaryPIA()); + auto* pia = static_cast(Conn()->GetPrimaryPIA()); if ( pia ) pia->FirstPacket(is_orig, ip); first_packet_seen |= ORIG; @@ -830,7 +829,7 @@ void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip) if ( ! is_orig && ! (first_packet_seen & RESP) ) { - pia::PIA_TCP* pia = static_cast(Conn()->GetPrimaryPIA()); + auto* pia = static_cast(Conn()->GetPrimaryPIA()); if ( pia ) pia->FirstPacket(is_orig, ip); first_packet_seen |= RESP; @@ -838,8 +837,8 @@ void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip) } uint64_t TCP_Analyzer::get_relative_seq(const TCP_Endpoint* endpoint, - uint32_t cur_base, uint32_t last, - uint32_t wraps, bool* underflow) + uint32_t cur_base, uint32_t last, + uint32_t wraps, bool* underflow) { int32_t delta = seq_delta(cur_base, last); @@ -1075,7 +1074,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint32_t seq_one_past_segment = base_seq + seg_len; init_endpoint(endpoint, flags, base_seq, seq_one_past_segment, - current_timestamp); + zeek::run_state::current_timestamp); bool seq_underflow = false; uint64_t rel_seq = get_relative_seq(endpoint, base_seq, endpoint->LastSeq(), @@ -1092,7 +1091,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, update_window(endpoint, ntohs(tp->th_win), base_seq, ack_seq, flags); if ( ! orig->did_close || ! resp->did_close ) - Conn()->SetLastTime(current_timestamp); + Conn()->SetLastTime(zeek::run_state::current_timestamp); if ( flags.SYN() ) { @@ -1114,8 +1113,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { ++endpoint->FIN_cnt; - if ( endpoint->FIN_cnt >= tcp_storm_thresh && current_timestamp < - endpoint->last_time + tcp_storm_interarrival_thresh ) + if ( endpoint->FIN_cnt >= zeek::detail::tcp_storm_thresh && zeek::run_state::current_timestamp < + endpoint->last_time + zeek::detail::tcp_storm_interarrival_thresh ) Weird("FIN_storm"); endpoint->FIN_seq = rel_seq + seg_len; @@ -1125,8 +1124,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, { ++endpoint->RST_cnt; - if ( endpoint->RST_cnt >= tcp_storm_thresh && current_timestamp < - endpoint->last_time + tcp_storm_interarrival_thresh ) + if ( endpoint->RST_cnt >= zeek::detail::tcp_storm_thresh && zeek::run_state::current_timestamp < + endpoint->last_time + zeek::detail::tcp_storm_interarrival_thresh ) Weird("RST_storm"); // This now happens often enough that it's @@ -1172,11 +1171,11 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, } int32_t delta_last = update_last_seq(endpoint, seq_one_past_segment, flags, len); - endpoint->last_time = current_timestamp; + endpoint->last_time = zeek::run_state::current_timestamp; bool do_close; bool gen_event; - UpdateStateMachine(current_timestamp, endpoint, peer, base_seq, ack_seq, + UpdateStateMachine(zeek::run_state::current_timestamp, endpoint, peer, base_seq, ack_seq, len, delta_last, is_orig, flags, do_close, gen_event); if ( flags.ACK() ) @@ -1211,7 +1210,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( DEBUG_tcp_data_sent ) { DEBUG_MSG("%.6f before DataSent: len=%d caplen=%d skip=%d\n", - network_time, len, caplen, Skipping()); + zeek::run_state::network_time, len, caplen, Skipping()); } uint64_t rel_data_seq = flags.SYN() ? rel_seq + 1 : rel_seq; @@ -1219,7 +1218,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, int need_contents = 0; if ( len > 0 && (caplen >= len || packet_children.size()) && ! flags.RST() && ! Skipping() && ! seq_underflow ) - need_contents = DeliverData(current_timestamp, data, len, caplen, ip, + need_contents = DeliverData(zeek::run_state::current_timestamp, data, len, caplen, ip, tp, endpoint, rel_data_seq, is_orig, flags); endpoint->CheckEOF(); @@ -1388,7 +1387,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) else { add_option_data(option_record, o, length); - Weird("tcp_option_mss_invalid_len", fmt("%d", length)); + Weird("tcp_option_mss_invalid_len", zeek::util::fmt("%d", length)); } break; @@ -1402,7 +1401,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) else { add_option_data(option_record, o, length); - Weird("tcp_option_window_scale_invalid_len", fmt("%d", length)); + Weird("tcp_option_window_scale_invalid_len", zeek::util::fmt("%d", length)); } break; @@ -1411,7 +1410,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) if ( length != 2 ) { add_option_data(option_record, o, length); - Weird("tcp_option_sack_invalid_len", fmt("%d", length)); + Weird("tcp_option_sack_invalid_len", zeek::util::fmt("%d", length)); } break; @@ -1433,7 +1432,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) else { add_option_data(option_record, o, length); - Weird("tcp_option_sack_blocks_invalid_len", fmt("%d", length)); + Weird("tcp_option_sack_blocks_invalid_len", zeek::util::fmt("%d", length)); } break; @@ -1449,7 +1448,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) else { add_option_data(option_record, o, length); - Weird("tcp_option_timestamps_invalid_len", fmt("%d", length)); + Weird("tcp_option_timestamps_invalid_len", zeek::util::fmt("%d", length)); } break; @@ -1514,7 +1513,7 @@ void TCP_Analyzer::ExpireTimer(double t) if ( ! is_active ) return; - if ( Conn()->LastTime() + tcp_connection_linger < t ) + if ( Conn()->LastTime() + zeek::detail::tcp_connection_linger < t ) { if ( orig->did_close || resp->did_close ) { @@ -1559,7 +1558,7 @@ void TCP_Analyzer::ExpireTimer(double t) // Connection still active, so reschedule timer. // ### if PQ_Element's were Obj's, could just Ref the timer // and adjust its value here, instead of creating a new timer. - ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, t + tcp_session_timer, + ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, t + zeek::detail::tcp_session_timer, false, zeek::detail::TIMER_TCP_EXPIRE); } @@ -1665,7 +1664,8 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer, if ( DEBUG_tcp_connection_close ) { DEBUG_MSG("%.6f close_complete=%d tcp_close_delay=%f\n", - network_time, close_complete, tcp_close_delay); + zeek::run_state::network_time, close_complete, + zeek::detail::tcp_close_delay); } if ( close_complete ) @@ -1698,9 +1698,9 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer, // // here, because that would cause the object to be // deleted out from under us. - if ( tcp_close_delay != 0.0 ) + if ( zeek::detail::tcp_close_delay != 0.0 ) ADD_ANALYZER_TIMER(&TCP_Analyzer::ConnDeleteTimer, - Conn()->LastTime() + tcp_close_delay, false, + Conn()->LastTime() + zeek::detail::tcp_close_delay, false, zeek::detail::TIMER_CONN_DELETE); else ADD_ANALYZER_TIMER(&TCP_Analyzer::DeleteTimer, Conn()->LastTime(), false, @@ -1713,7 +1713,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer, { // First time we've seen anything from this side. if ( connection_partial_close ) ADD_ANALYZER_TIMER(&TCP_Analyzer::PartialCloseTimer, - Conn()->LastTime() + tcp_partial_close_delay, false, + Conn()->LastTime() + zeek::detail::tcp_partial_close_delay, false, zeek::detail::TIMER_TCP_PARTIAL_CLOSE ); } @@ -1722,7 +1722,7 @@ void TCP_Analyzer::ConnectionClosed(TCP_Endpoint* endpoint, TCP_Endpoint* peer, // Create a timer to look for the other side closing, // too. ADD_ANALYZER_TIMER(&TCP_Analyzer::ExpireTimer, - Conn()->LastTime() + tcp_session_timer, false, + Conn()->LastTime() + zeek::detail::tcp_session_timer, false, zeek::detail::TIMER_TCP_EXPIRE); } } @@ -1870,7 +1870,7 @@ bool TCP_Analyzer::IsReuse(double t, const u_char* pkt) resp->state != TCP_ENDPOINT_RESET ) Weird("active_connection_reuse"); - else if ( t - Conn()->LastTime() < tcp_connection_linger && + else if ( t - Conn()->LastTime() < zeek::detail::tcp_connection_linger && orig->state != TCP_ENDPOINT_RESET && resp->state != TCP_ENDPOINT_RESET ) Weird("premature_connection_reuse"); @@ -1907,7 +1907,7 @@ void TCP_ApplicationAnalyzer::DeliverPacket(int len, const u_char* data, Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); DBG_LOG(zeek::DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]", len, is_orig ? "T" : "F", seq, ip, caplen, - fmt_bytes((const char*) data, std::min(40, len)), len > 40 ? "..." : ""); + zeek::util::fmt_bytes((const char*) data, std::min(40, len)), len > 40 ? "..." : ""); } void TCP_ApplicationAnalyzer::SetEnv(bool /* is_orig */, char* name, char* val) @@ -2058,7 +2058,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl } DEBUG_MSG("%.6f rexmit %" PRIu64" + %d <= %" PRIu64" data_in_flight = %d\n", - network_time, seq, len, max_top_seq, data_in_flight); + zeek::run_state::network_time, seq, len, max_top_seq, data_in_flight); if ( tcp_rexmit ) endp->TCP()->EnqueueConnEvent(tcp_rexmit, @@ -2129,7 +2129,9 @@ void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); if ( is_orig ) - orig_stats->DataSent(network_time, seq, len, caplen, data, ip, nullptr); + orig_stats->DataSent(zeek::run_state::network_time, seq, len, caplen, data, ip, nullptr); else - resp_stats->DataSent(network_time, seq, len, caplen, data, ip, nullptr); + resp_stats->DataSent(zeek::run_state::network_time, seq, len, caplen, data, ip, nullptr); } + +} // namespace zeek::analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 96ce110c34..22d6c9fa31 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -13,13 +13,13 @@ // - TCP_ApplicationAnalyzer is an abstract base class for analyzers for a // protocol running on top of TCP. // -namespace analyzer { namespace pia { class PIA_TCP; } }; -namespace analyzer { namespace tcp { +ZEEK_FORWARD_DECLARE_NAMESPACED(PIA_TCP, zeek, analyzer::pia); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_Endpoint, zeek, analyzer::tcp); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_Reassembler, zeek, analyzer::tcp); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_ApplicationAnalyzer, zeek, analyzer::tcp); -class TCP_Endpoint; -class TCP_ApplicationAnalyzer; -class TCP_Reassembler; +namespace zeek::analyzer::tcp { class TCP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: @@ -74,7 +74,7 @@ public: protected: friend class TCP_ApplicationAnalyzer; friend class TCP_Reassembler; - friend class analyzer::pia::PIA_TCP; + friend class zeek::analyzer::pia::PIA_TCP; // Analyzer interface. void Init() override; @@ -302,4 +302,14 @@ protected: TCPStats_Endpoint* resp_stats; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::tcp + +namespace analyzer::tcp { + +using TCP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_Analyzer.")]] = zeek::analyzer::tcp::TCP_Analyzer; +using TCP_ApplicationAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ApplicationAnalyzer.")]] = zeek::analyzer::tcp::TCP_ApplicationAnalyzer; +using TCP_SupportAnalyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_SupportAnalyzer.")]] = zeek::analyzer::tcp::TCP_SupportAnalyzer; +using TCPStats_Endpoint [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCPStats_Endpoint.")]] = zeek::analyzer::tcp::TCPStats_Endpoint; +using TCPStats_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCPStats_Analyzer.")]] = zeek::analyzer::tcp::TCPStats_Analyzer; + +} // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index e16624620f..185d3da518 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -2,7 +2,7 @@ #include -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "analyzer/protocol/tcp/TCP.h" #include "TCP_Reassembler.h" @@ -14,7 +14,7 @@ #include "events.bif.h" -using namespace analyzer::tcp; +namespace zeek::analyzer::tcp { TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, bool arg_is_orig) { @@ -151,7 +151,7 @@ void TCP_Endpoint::SetState(EndpointState new_state) // handshake. if ( ! is_handshake(new_state) ) if ( is_handshake(state) && is_handshake(peer->state) ) - Conn()->SetInactivityTimeout(tcp_inactivity_timeout); + Conn()->SetInactivityTimeout(zeek::detail::tcp_inactivity_timeout); prev_state = state; state = new_state; @@ -233,7 +233,7 @@ bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen, if ( fwrite(data, 1, len, f) < unsigned(len) ) { char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); zeek::reporter->Error("TCP contents write failed: %s", buf); if ( contents_file_write_failure ) @@ -319,3 +319,5 @@ void TCP_Endpoint::Gap(uint64_t seq, uint64_t len) gap_cnt, gap_thresh) ) Conn()->HistoryThresholdEvent(tcp_multiple_gap, IsOrig(), t); } + +} // namespace zeek::analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index f55b01b566..f6fde3babb 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -7,13 +7,12 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_Analyzer, zeek, analyzer::tcp); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_Reassembler, zeek, analyzer::tcp); -namespace analyzer { namespace tcp { +namespace zeek::analyzer::tcp { -class TCP_Analyzer; -class TCP_Reassembler; - -typedef enum { +enum EndpointState { TCP_ENDPOINT_INACTIVE, // no SYN (or other packets) seen for this side TCP_ENDPOINT_SYN_SENT, // SYN seen, but no ack TCP_ENDPOINT_SYN_ACK_SENT, // SYN ack seen, no initial SYN @@ -22,7 +21,7 @@ typedef enum { // sent by responder) TCP_ENDPOINT_CLOSED, // FIN seen TCP_ENDPOINT_RESET // RST seen -} EndpointState; +}; // One endpoint of a TCP connection. class TCP_Endpoint { @@ -253,4 +252,19 @@ protected: #define ENDIAN_BIG 2 #define ENDIAN_CONFUSED 3 -} } // namespace analyzer::* +} // namespace zeek::analyzer::tcp + +namespace analyzer::tcp { + +using EndpointState [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::EndpointState.")]] = zeek::analyzer::tcp::EndpointState; +constexpr auto TCP_ENDPOINT_INACTIVE [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE; +constexpr auto TCP_ENDPOINT_SYN_SENT [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_SYN_SENT.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_SYN_SENT; +constexpr auto TCP_ENDPOINT_SYN_ACK_SENT [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_SYN_ACK_SENT; +constexpr auto TCP_ENDPOINT_PARTIAL [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_PARTIAL; +constexpr auto TCP_ENDPOINT_ESTABLISHED [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_ESTABLISHED.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_ESTABLISHED; +constexpr auto TCP_ENDPOINT_CLOSED [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_CLOSED; +constexpr auto TCP_ENDPOINT_RESET [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_ENDPOINT_RESET.")]] = zeek::analyzer::tcp::TCP_ENDPOINT_RESET; + +using TCP_Endpoint [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_Endpoint.")]] = zeek::analyzer::tcp::TCP_Endpoint; + +} // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP_Flags.h b/src/analyzer/protocol/tcp/TCP_Flags.h index d15bbe5468..248debfc46 100644 --- a/src/analyzer/protocol/tcp/TCP_Flags.h +++ b/src/analyzer/protocol/tcp/TCP_Flags.h @@ -1,6 +1,6 @@ #pragma once -namespace analyzer { namespace tcp { +namespace zeek::analyzer::tcp { class TCP_Flags { public: @@ -46,7 +46,11 @@ inline std::string TCP_Flags::AsString() const *p++ = '\0'; return tcp_flags; } -} +} // namespace zeek::analyzer::tcp -} +namespace analyzer::tcp { + +using TCP_Flags [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_Flags.")]] = zeek::analyzer::tcp::TCP_Flags; + +} // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 23e4c90dc2..f8fad22f32 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -11,13 +11,13 @@ #include -using namespace analyzer::tcp; +namespace zeek::analyzer::tcp { // Note, sequence numbers are relative. I.e., they start with 1. -const bool DEBUG_tcp_contents = false; -const bool DEBUG_tcp_connection_close = false; -const bool DEBUG_tcp_match_undelivered = false; +constexpr bool DEBUG_tcp_contents = false; +constexpr bool DEBUG_tcp_connection_close = false; +constexpr bool DEBUG_tcp_match_undelivered = false; TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer, TCP_Analyzer* arg_tcp_analyzer, @@ -36,8 +36,8 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer, seq_to_skip = 0; in_delivery = false; - if ( tcp_max_old_segments ) - SetMaxOldBlocks(tcp_max_old_segments); + if ( zeek::detail::tcp_max_old_segments ) + SetMaxOldBlocks(zeek::detail::tcp_max_old_segments); if ( ::tcp_contents ) { @@ -50,8 +50,8 @@ TCP_Reassembler::TCP_Reassembler(zeek::analyzer::Analyzer* arg_dst_analyzer, tcp_content_delivery_ports_resp; auto result = ports->FindOrDefault(dst_port_val); - if ( (IsOrig() && tcp_content_deliver_all_orig) || - (! IsOrig() && tcp_content_deliver_all_resp) || + if ( (IsOrig() && zeek::detail::tcp_content_deliver_all_orig) || + (! IsOrig() && zeek::detail::tcp_content_deliver_all_resp) || (result && result->AsBool()) ) deliver_tcp_contents = true; } @@ -195,7 +195,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq) DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64", last_reassm=%" PRIu64", " "endp: FIN_cnt=%d, RST_cnt=%d, " "peer: FIN_cnt=%d, RST_cnt=%d\n", - network_time, IsOrig(), up_to_seq, last_reassem_seq, + zeek::run_state::network_time, IsOrig(), up_to_seq, last_reassem_seq, endpoint->FIN_cnt, endpoint->RST_cnt, peer->FIN_cnt, peer->RST_cnt); } @@ -225,7 +225,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq) { DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%" PRIu64", len=%" PRIu64", " "skip_deliveries=%d\n", - network_time, IsOrig(), last_reassem_seq, + zeek::run_state::network_time, IsOrig(), last_reassem_seq, up_to_seq - last_reassem_seq, skip_deliveries); } @@ -272,7 +272,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq) if ( record_contents_file ) RecordToSeq(last_reassem_seq, up_to_seq, record_contents_file); - if ( tcp_match_undelivered ) + if ( zeek::detail::tcp_match_undelivered ) MatchUndelivered(up_to_seq, false); // But we need to re-adjust last_reassem_seq in either case. @@ -365,7 +365,7 @@ void TCP_Reassembler::RecordBlock(const zeek::DataBlock& b, const zeek::FilePtr& void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, const zeek::FilePtr& f) { - if ( f->Write(fmt("\n<>\n", upper_seq - start_seq)) ) + if ( f->Write(zeek::util::fmt("\n<>\n", upper_seq - start_seq)) ) return; zeek::reporter->Error("TCP_Reassembler contents gap write failed"); @@ -422,8 +422,8 @@ void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it) // the now-delivered data. TrimToSeq(last_reassem_seq); - else if ( e->NoDataAcked() && tcp_max_initial_window && - e->Size() > static_cast(tcp_max_initial_window) ) + else if ( e->NoDataAcked() && zeek::detail::tcp_max_initial_window && + e->Size() > static_cast(zeek::detail::tcp_max_initial_window) ) // We've sent quite a bit of data, yet none of it has // been acked. Presume that we're not seeing the peer's // acks (perhaps due to filtering or split routing) and @@ -440,7 +440,7 @@ void TCP_Reassembler::BlockInserted(zeek::DataBlockMap::const_iterator it) void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n) { if ( DEBUG_tcp_contents ) - DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", network_time, n, IsOrig()); + DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", zeek::run_state::network_time, n, IsOrig()); if ( rexmit_inconsistency && memcmp((const void*) b1, (const void*) b2, n) && @@ -477,7 +477,7 @@ bool TCP_Reassembler::DataSent(double t, uint64_t seq, int len, if ( DEBUG_tcp_contents ) { DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%" PRIu64" upper=%" PRIu64" ack=%" PRIu64"\n", - network_time, IsOrig(), seq, upper_seq, ack); + zeek::run_state::network_time, IsOrig(), seq, upper_seq, ack); } if ( skip_deliveries ) @@ -504,16 +504,16 @@ bool TCP_Reassembler::DataSent(double t, uint64_t seq, int len, NewBlock(t, seq, len, data); flags = TCP_Flags(); - if ( Endpoint()->NoDataAcked() && tcp_max_above_hole_without_any_acks && - NumUndeliveredBytes() > static_cast(tcp_max_above_hole_without_any_acks) ) + if ( Endpoint()->NoDataAcked() && zeek::detail::tcp_max_above_hole_without_any_acks && + NumUndeliveredBytes() > static_cast(zeek::detail::tcp_max_above_hole_without_any_acks) ) { tcp_analyzer->Weird("above_hole_data_without_any_acks"); ClearBlocks(); skip_deliveries = true; } - if ( tcp_excessive_data_without_further_acks && - block_list.DataSize() > static_cast(tcp_excessive_data_without_further_acks) ) + if ( zeek::detail::tcp_excessive_data_without_further_acks && + block_list.DataSize() > static_cast(zeek::detail::tcp_excessive_data_without_further_acks) ) { tcp_analyzer->Weird("excessive_data_without_further_acks"); ClearBlocks(); @@ -581,7 +581,7 @@ void TCP_Reassembler::CheckEOF() if ( DEBUG_tcp_connection_close ) { DEBUG_MSG("%.6f EOF for %d\n", - network_time, endp->IsOrig()); + zeek::run_state::network_time, endp->IsOrig()); } did_EOF = true; @@ -680,3 +680,5 @@ bool TCP_Reassembler::DataPending() const return false; } + +} // namespace zeek::analyzer::tcp diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index ccd460c32a..53200b8c20 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -7,10 +7,9 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); +ZEEK_FORWARD_DECLARE_NAMESPACED(TCP_Analyzer, zeek, analyzer::tcp); -namespace analyzer::tcp { - -class TCP_Analyzer; +namespace zeek::analyzer::tcp { class TCP_Reassembler final : public zeek::Reassembler { public: @@ -113,4 +112,10 @@ private: Type type; }; +} // namespace zeek::analyzer::tcp + +namespace analyzer::tcp { + +using TCP_Reassembler [[deprecated("Remove in v4.1. Use zeek::analyzer::tcp::TCP_Reassembler.")]] = zeek::analyzer::tcp::TCP_Reassembler; + } // namespace analyzer::tcp diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 194da778b2..1d367be61c 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -27,7 +27,7 @@ function get_orig_seq%(cid: conn_id%): count zeek::analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); if ( tc ) - return zeek::val_mgr->Count(static_cast<::analyzer::tcp::TCP_Analyzer*>(tc)->OrigSeq()); + return zeek::val_mgr->Count(static_cast(tc)->OrigSeq()); else { reporter->Error("connection does not have TCP analyzer"); @@ -56,7 +56,7 @@ function get_resp_seq%(cid: conn_id%): count zeek::analyzer::Analyzer* tc = c->FindAnalyzer("TCP"); if ( tc ) - return zeek::val_mgr->Count(static_cast<::analyzer::tcp::TCP_Analyzer*>(tc)->RespSeq()); + return zeek::val_mgr->Count(static_cast(tc)->RespSeq()); else { reporter->Error("connection does not have TCP analyzer"); diff --git a/src/analyzer/protocol/teredo/Plugin.cc b/src/analyzer/protocol/teredo/Plugin.cc index 02fbc94d31..998880ec78 100644 --- a/src/analyzer/protocol/teredo/Plugin.cc +++ b/src/analyzer/protocol/teredo/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_Teredo { +namespace zeek::plugin::detail::Zeek_Teredo { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("Teredo", ::analyzer::teredo::Teredo_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("Teredo", zeek::analyzer::teredo::Teredo_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Teredo"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Teredo diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index 036bcad99c..d98455aa10 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -6,16 +6,13 @@ #include "Reporter.h" #include "Sessions.h" #include "ZeekString.h" +#include "RunState.h" #include "events.bif.h" -using namespace analyzer::teredo; +namespace zeek::analyzer::teredo { -void Teredo_Analyzer::Done() - { - Analyzer::Done(); - Event(udp_session_done); - } +namespace detail { bool TeredoEncapsulation::DoParse(const u_char* data, int& len, bool found_origin, bool found_auth) @@ -134,6 +131,14 @@ zeek::RecordValPtr TeredoEncapsulation::BuildVal(const zeek::IP_Hdr* inner) cons return teredo_hdr; } +} // namespace detail + +void Teredo_Analyzer::Done() + { + Analyzer::Done(); + Event(udp_session_done); + } + void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { @@ -144,7 +149,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, else valid_resp = false; - TeredoEncapsulation te(this); + detail::TeredoEncapsulation te(this); if ( ! te.Parse(data, len) ) { @@ -228,5 +233,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO); - zeek::sessions->DoNextInnerPacket(network_time, nullptr, inner, e, ec); + zeek::sessions->DoNextInnerPacket(zeek::run_state::network_time, nullptr, inner, e, ec); } + +} // namespace zeek::analyzer::teredo diff --git a/src/analyzer/protocol/teredo/Teredo.h b/src/analyzer/protocol/teredo/Teredo.h index 4a956e957b..96cabef2e4 100644 --- a/src/analyzer/protocol/teredo/Teredo.h +++ b/src/analyzer/protocol/teredo/Teredo.h @@ -4,7 +4,7 @@ #include "NetVar.h" #include "Reporter.h" -namespace analyzer { namespace teredo { +namespace zeek::analyzer::teredo { class Teredo_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -50,6 +50,8 @@ protected: bool valid_resp; }; +namespace detail { + class TeredoEncapsulation { public: explicit TeredoEncapsulation(const Teredo_Analyzer* ta) @@ -86,4 +88,13 @@ protected: const Teredo_Analyzer* analyzer; }; -} } // namespace analyzer::* +} // namespace detail + +} // namespace zeek::analyzer::teredo + +namespace analyzer::teredo { + +using Teredo_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::teredo::Teredo_Analyzer.")]] = zeek::analyzer::teredo::Teredo_Analyzer; +using TeredoEncapsulation [[deprecated("Remove in v4.1. Use zeek::analyzer::teredo::detail::TeredoEncapsulation.")]] = zeek::analyzer::teredo::detail::TeredoEncapsulation; + +} // namespace analyzer::teredo diff --git a/src/analyzer/protocol/udp/Plugin.cc b/src/analyzer/protocol/udp/Plugin.cc index 7117f8cffc..403ccc464b 100644 --- a/src/analyzer/protocol/udp/Plugin.cc +++ b/src/analyzer/protocol/udp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_UDP { +namespace zeek::plugin::detail::Zeek_UDP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("UDP", ::analyzer::udp::UDP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("UDP", zeek::analyzer::udp::UDP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::UDP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_UDP diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 8626c7ff1b..b71078425f 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -4,7 +4,7 @@ #include "zeek-config.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "analyzer/protocol/udp/UDP.h" #include "analyzer/Manager.h" @@ -13,13 +13,13 @@ #include "events.bif.h" -using namespace analyzer::udp; +namespace zeek::analyzer::udp { UDP_Analyzer::UDP_Analyzer(zeek::Connection* conn) -: TransportLayerAnalyzer("UDP", conn) + : zeek::analyzer::TransportLayerAnalyzer("UDP", conn) { conn->EnableStatusUpdateTimer(); - conn->SetInactivityTimeout(udp_inactivity_timeout); + conn->SetInactivityTimeout(zeek::detail::udp_inactivity_timeout); request_len = reply_len = -1; // -1 means "haven't seen any activity" req_chk_cnt = rep_chk_cnt = 0; @@ -62,7 +62,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, int chksum = up->uh_sum; - auto validate_checksum = ! current_pkt->l3_checksummed && ! ignore_checksums && caplen >=len; + auto validate_checksum = ! zeek::run_state::current_pkt->l3_checksummed && ! zeek::detail::ignore_checksums && caplen >=len; constexpr auto vxlan_len = 8; constexpr auto eth_len = 14; @@ -124,13 +124,13 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, int ulen = ntohs(up->uh_ulen); if ( ulen != len ) - Weird("UDP_datagram_length_mismatch", fmt("%d != %d", ulen, len)); + Weird("UDP_datagram_length_mismatch", zeek::util::fmt("%d != %d", ulen, len)); len -= sizeof(struct udphdr); ulen -= sizeof(struct udphdr); caplen -= sizeof(struct udphdr); - Conn()->SetLastTime(current_timestamp); + Conn()->SetLastTime(zeek::run_state::current_timestamp); if ( udp_contents ) { @@ -146,22 +146,22 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, do_udp_contents = true; else { - uint16_t p = udp_content_delivery_ports_use_resp ? Conn()->RespPort() - : up->uh_dport; + uint16_t p = zeek::detail::udp_content_delivery_ports_use_resp ? Conn()->RespPort() + : up->uh_dport; const auto& port_val = zeek::val_mgr->Port(ntohs(p), TRANSPORT_UDP); if ( is_orig ) { auto result = udp_content_delivery_ports_orig->FindOrDefault(port_val); - if ( udp_content_deliver_all_orig || (result && result->AsBool()) ) + if ( zeek::detail::udp_content_deliver_all_orig || (result && result->AsBool()) ) do_udp_contents = true; } else { auto result = udp_content_delivery_ports_resp->FindOrDefault(port_val); - if ( udp_content_deliver_all_resp || (result && result->AsBool()) ) + if ( zeek::detail::udp_content_deliver_all_resp || (result && result->AsBool()) ) do_udp_contents = true; } } @@ -268,14 +268,16 @@ bool UDP_Analyzer::ValidateChecksum(const zeek::IP_Hdr* ip, const udphdr* up, in else sum = 0; - sum = ones_complement_checksum(ip->SrcAddr(), sum); - sum = ones_complement_checksum(ip->DstAddr(), sum); + sum = zeek::ones_complement_checksum(ip->SrcAddr(), sum); + sum = zeek::ones_complement_checksum(ip->DstAddr(), sum); // Note, for IPv6, strictly speaking the protocol and length fields are // 32 bits rather than 16 bits. But because the upper bits are all zero, // we get the same checksum either way. sum += htons(IPPROTO_UDP); sum += htons((unsigned short) len); - sum = ones_complement_checksum((void*) up, len, sum); + sum = zeek::ones_complement_checksum((void*) up, len, sum); return sum == 0xffff; } + +} // namespace zeek::analyzer::udp diff --git a/src/analyzer/protocol/udp/UDP.h b/src/analyzer/protocol/udp/UDP.h index 211478b129..819ee0015c 100644 --- a/src/analyzer/protocol/udp/UDP.h +++ b/src/analyzer/protocol/udp/UDP.h @@ -5,14 +5,14 @@ #include "analyzer/Analyzer.h" #include -namespace analyzer { namespace udp { +namespace zeek::analyzer::udp { -typedef enum { +enum UDP_EndpointState { UDP_INACTIVE, // no packet seen UDP_ACTIVE, // packets seen -} UDP_EndpointState; +}; - class UDP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { +class UDP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: explicit UDP_Analyzer(zeek::Connection* conn); ~UDP_Analyzer() override; @@ -51,4 +51,14 @@ private: uint32_t rep_chk_cnt, rep_chk_thresh; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::udp + +namespace analyzer::udp { + +using UDP_EndpointState [[deprecated("Remove in v4.1. Use zeek::analyzer::udp::UDP_EndpointState.")]] = zeek::analyzer::udp::UDP_EndpointState; +constexpr auto UDP_INACTIVE [[deprecated("Remove in v4.1. Use zeek::analyzer::udp::UDP_INACTIVE.")]] = zeek::analyzer::udp::UDP_INACTIVE; +constexpr auto UDP_ACTIVE [[deprecated("Remove in v4.1. Use zeek::analyzer::udp::UDP_ACTIVE.")]] = zeek::analyzer::udp::UDP_ACTIVE; + +using UDP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::udp::UDP_Analyzer.")]] = zeek::analyzer::udp::UDP_Analyzer; + +} // namespace analyzer::udp diff --git a/src/analyzer/protocol/vxlan/Plugin.cc b/src/analyzer/protocol/vxlan/Plugin.cc index 370475444f..d6bc81a2aa 100644 --- a/src/analyzer/protocol/vxlan/Plugin.cc +++ b/src/analyzer/protocol/vxlan/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_VXLAN { +namespace zeek::plugin::detail::Zeek_VXLAN { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("VXLAN", ::analyzer::vxlan::VXLAN_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("VXLAN", zeek::analyzer::vxlan::VXLAN_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::VXLAN"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_VXLAN diff --git a/src/analyzer/protocol/vxlan/VXLAN.cc b/src/analyzer/protocol/vxlan/VXLAN.cc index 8112773152..15f2bfc239 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.cc +++ b/src/analyzer/protocol/vxlan/VXLAN.cc @@ -6,7 +6,7 @@ #include "TunnelEncapsulation.h" #include "Conn.h" #include "IP.h" -#include "Net.h" +#include "RunState.h" #include "Sessions.h" #include "Reporter.h" @@ -16,7 +16,7 @@ extern "C" { #include } -using namespace analyzer::vxlan; +namespace zeek::analyzer::vxlan { void VXLAN_Analyzer::Done() { @@ -61,8 +61,8 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, len -= vxlan_len; pkt_timeval ts; - ts.tv_sec = (time_t) current_timestamp; - ts.tv_usec = (suseconds_t) ((current_timestamp - (double)ts.tv_sec) * 1000000); + ts.tv_sec = (time_t) zeek::run_state::current_timestamp; + ts.tv_usec = (suseconds_t) ((zeek::run_state::current_timestamp - (double)ts.tv_sec) * 1000000); zeek::Packet pkt(DLT_EN10MB, &ts, caplen, len, data); if ( ! pkt.Layer2Valid() ) @@ -105,5 +105,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, inner->ToPktHdrVal(), zeek::val_mgr->Count(vni)); zeek::EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN); - zeek::sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec); + zeek::sessions->DoNextInnerPacket(zeek::run_state::network_time, &pkt, inner, estack, ec); } + +} // namespace zeek::analyzer::vxlan diff --git a/src/analyzer/protocol/vxlan/VXLAN.h b/src/analyzer/protocol/vxlan/VXLAN.h index afbad5bdf1..7d86fa9193 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.h +++ b/src/analyzer/protocol/vxlan/VXLAN.h @@ -4,7 +4,7 @@ #include "analyzer/Analyzer.h" -namespace analyzer { namespace vxlan { +namespace zeek::analyzer::vxlan { class VXLAN_Analyzer final : public zeek::analyzer::Analyzer { public: @@ -21,4 +21,10 @@ public: { return new VXLAN_Analyzer(conn); } }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::vxlan + +namespace analyzer::vxlan { + +using VXLAN_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::vxlan::VXLAN_Analyzer.")]] = zeek::analyzer::vxlan::VXLAN_Analyzer; + +} // namespace analyzer::vxlan diff --git a/src/analyzer/protocol/xmpp/Plugin.cc b/src/analyzer/protocol/xmpp/Plugin.cc index 649cf97576..5df3cda31c 100644 --- a/src/analyzer/protocol/xmpp/Plugin.cc +++ b/src/analyzer/protocol/xmpp/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_XMPP { +namespace zeek::plugin::detail::Zeek_XMPP { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new zeek::analyzer::Component("XMPP", ::analyzer::xmpp::XMPP_Analyzer::Instantiate)); + AddComponent(new zeek::analyzer::Component("XMPP", zeek::analyzer::xmpp::XMPP_Analyzer::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::XMPP"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_XMPP diff --git a/src/analyzer/protocol/xmpp/XMPP.cc b/src/analyzer/protocol/xmpp/XMPP.cc index 3969d8efaf..8651c3f615 100644 --- a/src/analyzer/protocol/xmpp/XMPP.cc +++ b/src/analyzer/protocol/xmpp/XMPP.cc @@ -4,10 +4,10 @@ #include "analyzer/protocol/tcp/TCP_Reassembler.h" #include "analyzer/Manager.h" -using namespace analyzer::xmpp; +namespace zeek::analyzer::xmpp { XMPP_Analyzer::XMPP_Analyzer(zeek::Connection* conn) - : tcp::TCP_ApplicationAnalyzer("XMPP", conn) + : zeek::analyzer::tcp::TCP_ApplicationAnalyzer("XMPP", conn) { interp = unique_ptr(new binpac::XMPP::XMPP_Conn(this)); had_gap = false; @@ -20,7 +20,7 @@ XMPP_Analyzer::~XMPP_Analyzer() void XMPP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); @@ -28,13 +28,13 @@ void XMPP_Analyzer::Done() void XMPP_Analyzer::EndpointEOF(bool is_orig) { - tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } void XMPP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); if ( tls_active ) { @@ -60,13 +60,13 @@ void XMPP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg())); } } void XMPP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) { - tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + zeek::analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; interp->NewGap(orig, len); } @@ -83,3 +83,5 @@ void XMPP_Analyzer::StartTLS() if ( ssl ) AddChildAnalyzer(ssl); } + +} // namespace zeek::analyzer::xmpp diff --git a/src/analyzer/protocol/xmpp/XMPP.h b/src/analyzer/protocol/xmpp/XMPP.h index b5b32cfea2..fc9ad7742b 100644 --- a/src/analyzer/protocol/xmpp/XMPP.h +++ b/src/analyzer/protocol/xmpp/XMPP.h @@ -6,9 +6,9 @@ #include "xmpp_pac.h" -namespace analyzer { namespace xmpp { +namespace zeek::analyzer::xmpp { -class XMPP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { +class XMPP_Analyzer final : public zeek::analyzer::tcp::TCP_ApplicationAnalyzer { public: explicit XMPP_Analyzer(zeek::Connection* conn); ~XMPP_Analyzer() override; @@ -17,7 +17,7 @@ public: void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; - // Overriden from tcp::TCP_ApplicationAnalyzer. + // Overriden from zeek::analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; void StartTLS(); @@ -32,4 +32,10 @@ protected: bool tls_active; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::xmpp + +namespace analyzer::xmpp { + +using XMPP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::xmpp::XMPP_Analyzer.")]] = zeek::analyzer::xmpp::XMPP_Analyzer; + +} // namespace analyzer::xmpp diff --git a/src/analyzer/protocol/xmpp/xmpp.pac b/src/analyzer/protocol/xmpp/xmpp.pac index 79e5159914..e735b5ecec 100644 --- a/src/analyzer/protocol/xmpp/xmpp.pac +++ b/src/analyzer/protocol/xmpp/xmpp.pac @@ -11,9 +11,9 @@ #include "Reporter.h" #include "events.bif.h" -namespace analyzer { namespace xmpp { class XMPP_Analyzer; } } +namespace zeek::analyzer::xmpp { class XMPP_Analyzer; } namespace binpac { namespace XMPP { class XMPP_Conn; } } -typedef analyzer::xmpp::XMPP_Analyzer* XMPPAnalyzer; +using XMPPAnalyzer = zeek::analyzer::xmpp::XMPP_Analyzer*; #include "XMPP.h" %} diff --git a/src/analyzer/protocol/zip/Plugin.cc b/src/analyzer/protocol/zip/Plugin.cc index 7ad3604a7d..b7c3d5b770 100644 --- a/src/analyzer/protocol/zip/Plugin.cc +++ b/src/analyzer/protocol/zip/Plugin.cc @@ -4,8 +4,7 @@ #include "plugin/Plugin.h" #include "analyzer/Component.h" -namespace plugin { -namespace Zeek_ZIP { +namespace zeek::plugin::detail::Zeek_ZIP { class Plugin : public zeek::plugin::Plugin { public: @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_ZIP diff --git a/src/analyzer/protocol/zip/ZIP.cc b/src/analyzer/protocol/zip/ZIP.cc index cea4ab2066..7fe335e80e 100644 --- a/src/analyzer/protocol/zip/ZIP.cc +++ b/src/analyzer/protocol/zip/ZIP.cc @@ -2,10 +2,10 @@ #include "ZIP.h" -using namespace analyzer::zip; +namespace zeek::analyzer::zip { ZIP_Analyzer::ZIP_Analyzer(zeek::Connection* conn, bool orig, Method arg_method) -: tcp::TCP_SupportAnalyzer("ZIP", conn, orig) +: zeek::analyzer::tcp::TCP_SupportAnalyzer("ZIP", conn, orig) { zip = nullptr; zip_status = Z_OK; @@ -45,7 +45,7 @@ void ZIP_Analyzer::Done() void ZIP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { - tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); + zeek::analyzer::tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig); if ( ! len || zip_status != Z_OK ) return; @@ -113,3 +113,5 @@ void ZIP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } } } + +} // namespace zeek::analyzer::zip diff --git a/src/analyzer/protocol/zip/ZIP.h b/src/analyzer/protocol/zip/ZIP.h index ab075c7a14..8ccf99a0cb 100644 --- a/src/analyzer/protocol/zip/ZIP.h +++ b/src/analyzer/protocol/zip/ZIP.h @@ -7,9 +7,9 @@ #include "zlib.h" #include "analyzer/protocol/tcp/TCP.h" -namespace analyzer { namespace zip { +namespace zeek::analyzer::zip { -class ZIP_Analyzer final : public tcp::TCP_SupportAnalyzer { +class ZIP_Analyzer final : public zeek::analyzer::tcp::TCP_SupportAnalyzer { public: enum Method { GZIP, DEFLATE }; @@ -27,4 +27,10 @@ protected: Method method; }; -} } // namespace analyzer::* +} // namespace zeek::analyzer::zip + +namespace analyzer::zip { + +using ZIP_Analyzer [[deprecated("Remove in v4.1. Use zeek::analyzer::zip::ZIP_Analyzer.")]] = zeek::analyzer::zip::ZIP_Analyzer; + +} // namespace analyzer::zip diff --git a/src/binpac_bro-lib.pac b/src/binpac_bro-lib.pac index 4b029813f1..a1ff878d45 100644 --- a/src/binpac_bro-lib.pac +++ b/src/binpac_bro-lib.pac @@ -4,6 +4,7 @@ #include "Reporter.h" #include "Val.h" #include "ConvertUTF.h" +#include "RunState.h" %} %code{ @@ -63,5 +64,5 @@ zeek::StringVal* utf16_bytestring_to_utf8_val(zeek::Connection* conn, const byte function network_time(): double %{ - return ::network_time; + return zeek::run_state::network_time; %} diff --git a/src/binpac_bro.h b/src/binpac_bro.h index 73b984967a..aa2177a7d4 100644 --- a/src/binpac_bro.h +++ b/src/binpac_bro.h @@ -12,7 +12,7 @@ namespace binpac { using BroAnalyzer = zeek::analyzer::Analyzer*; -using BroFileAnalyzer = file_analysis::Analyzer; +using BroFileAnalyzer = zeek::file_analysis::Analyzer; using BroVal = zeek::Val*; using BroPortVal = zeek::PortVal*; using BroStringVal = zeek::StringVal*; diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 19eaed9311..e27f8d4b06 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -14,11 +14,16 @@ using namespace std; -zeek::OpaqueTypePtr bro_broker::opaque_of_data_type; -zeek::OpaqueTypePtr bro_broker::opaque_of_set_iterator; -zeek::OpaqueTypePtr bro_broker::opaque_of_table_iterator; -zeek::OpaqueTypePtr bro_broker::opaque_of_vector_iterator; -zeek::OpaqueTypePtr bro_broker::opaque_of_record_iterator; +zeek::OpaqueTypePtr zeek::Broker::detail::opaque_of_data_type; +zeek::OpaqueTypePtr& bro_broker::opaque_of_data_type = zeek::Broker::detail::opaque_of_data_type; +zeek::OpaqueTypePtr zeek::Broker::detail::opaque_of_set_iterator; +zeek::OpaqueTypePtr& bro_broker::opaque_of_set_iterator = zeek::Broker::detail::opaque_of_set_iterator; +zeek::OpaqueTypePtr zeek::Broker::detail::opaque_of_table_iterator; +zeek::OpaqueTypePtr& bro_broker::opaque_of_table_iterator = zeek::Broker::detail::opaque_of_table_iterator; +zeek::OpaqueTypePtr zeek::Broker::detail::opaque_of_vector_iterator; +zeek::OpaqueTypePtr& bro_broker::opaque_of_vector_iterator = zeek::Broker::detail::opaque_of_vector_iterator; +zeek::OpaqueTypePtr zeek::Broker::detail::opaque_of_record_iterator; +zeek::OpaqueTypePtr& bro_broker::opaque_of_record_iterator = zeek::Broker::detail::opaque_of_record_iterator; static bool data_type_check(const broker::data& d, zeek::Type* t); @@ -47,7 +52,7 @@ TEST_CASE("converting Zeek to Broker protocol constants") broker::port::protocol::unknown); } -TransportProto bro_broker::to_bro_port_proto(broker::port::protocol tp) +TransportProto zeek::Broker::detail::to_zeek_port_proto(broker::port::protocol tp) { switch ( tp ) { case broker::port::protocol::tcp: @@ -64,11 +69,11 @@ TransportProto bro_broker::to_bro_port_proto(broker::port::protocol tp) TEST_CASE("converting Broker to Zeek protocol constants") { - using bro_broker::to_bro_port_proto; - CHECK_EQ(to_bro_port_proto(broker::port::protocol::tcp), TRANSPORT_TCP); - CHECK_EQ(to_bro_port_proto(broker::port::protocol::udp), TRANSPORT_UDP); - CHECK_EQ(to_bro_port_proto(broker::port::protocol::icmp), TRANSPORT_ICMP); - CHECK_EQ(to_bro_port_proto(broker::port::protocol::unknown), + using zeek::Broker::detail::to_zeek_port_proto; + CHECK_EQ(to_zeek_port_proto(broker::port::protocol::tcp), TRANSPORT_TCP); + CHECK_EQ(to_zeek_port_proto(broker::port::protocol::udp), TRANSPORT_UDP); + CHECK_EQ(to_zeek_port_proto(broker::port::protocol::icmp), TRANSPORT_ICMP); + CHECK_EQ(to_zeek_port_proto(broker::port::protocol::unknown), TRANSPORT_UNKNOWN); } @@ -154,7 +159,7 @@ struct val_converter { result_type operator()(broker::port& a) { if ( type->Tag() == zeek::TYPE_PORT ) - return zeek::val_mgr->Port(a.number(), bro_broker::to_bro_port_proto(a.type())); + return zeek::val_mgr->Port(a.number(), zeek::Broker::detail::to_zeek_port_proto(a.type())); return nullptr; } @@ -184,7 +189,7 @@ struct val_converter { if ( type->Tag() == zeek::TYPE_ENUM ) { auto etype = type->AsEnumType(); - auto i = etype->Lookup(GLOBAL_MODULE_NAME, a.name.data()); + auto i = etype->Lookup(zeek::detail::GLOBAL_MODULE_NAME, a.name.data()); if ( i == -1 ) return nullptr; @@ -239,8 +244,8 @@ struct val_converter { for ( size_t i = 0; i < indices->size(); ++i ) { - auto index_val = bro_broker::data_to_val(move((*indices)[i]), - expected_index_types[i].get()); + auto index_val = zeek::Broker::detail::data_to_val(move((*indices)[i]), + expected_index_types[i].get()); if ( ! index_val ) return nullptr; @@ -298,8 +303,8 @@ struct val_converter { for ( size_t i = 0; i < indices->size(); ++i ) { - auto index_val = bro_broker::data_to_val(move((*indices)[i]), - expected_index_types[i].get()); + auto index_val = zeek::Broker::detail::data_to_val(move((*indices)[i]), + expected_index_types[i].get()); if ( ! index_val ) return nullptr; @@ -307,8 +312,8 @@ struct val_converter { list_val->Append(std::move(index_val)); } - auto value_val = bro_broker::data_to_val(move(item.second), - tt->Yield().get()); + auto value_val = zeek::Broker::detail::data_to_val(move(item.second), + tt->Yield().get()); if ( ! value_val ) return nullptr; @@ -328,7 +333,7 @@ struct val_converter { for ( auto& item : a ) { - auto item_val = bro_broker::data_to_val(move(item), vt->Yield().get()); + auto item_val = zeek::Broker::detail::data_to_val(move(item), vt->Yield().get()); if ( ! item_val ) return nullptr; @@ -396,8 +401,8 @@ struct val_converter { continue; } - auto item_val = bro_broker::data_to_val(move(a[idx]), - rt->GetFieldType(i).get()); + auto item_val = zeek::Broker::detail::data_to_val(move(a[idx]), + rt->GetFieldType(i).get()); if ( ! item_val ) return nullptr; @@ -535,7 +540,7 @@ struct type_checker { if ( type->Tag() == zeek::TYPE_ENUM ) { auto etype = type->AsEnumType(); - auto i = etype->Lookup(GLOBAL_MODULE_NAME, a.name.data()); + auto i = etype->Lookup(zeek::detail::GLOBAL_MODULE_NAME, a.name.data()); return i != -1; } @@ -775,15 +780,15 @@ static bool data_type_check(const broker::data& d, zeek::Type* t) return caf::visit(type_checker{t}, d); } -zeek::ValPtr bro_broker::data_to_val(broker::data d, zeek::Type* type) +zeek::ValPtr zeek::Broker::detail::data_to_val(broker::data d, zeek::Type* type) { if ( type->Tag() == zeek::TYPE_ANY ) - return bro_broker::make_data_val(move(d)); + return zeek::Broker::detail::make_data_val(move(d)); return caf::visit(val_converter{type}, std::move(d)); } -broker::expected bro_broker::val_to_data(const zeek::Val* v) +broker::expected zeek::Broker::detail::val_to_data(const zeek::Val* v) { switch ( v->GetType()->Tag() ) { case zeek::TYPE_BOOL: @@ -1004,7 +1009,7 @@ broker::expected bro_broker::val_to_data(const zeek::Val* v) return broker::ec::invalid_data; } -zeek::RecordValPtr bro_broker::make_data_val(zeek::Val* v) +zeek::RecordValPtr zeek::Broker::detail::make_data_val(zeek::Val* v) { auto rval = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); auto data = val_to_data(v); @@ -1017,7 +1022,7 @@ zeek::RecordValPtr bro_broker::make_data_val(zeek::Val* v) return rval; } -zeek::RecordValPtr bro_broker::make_data_val(broker::data d) +zeek::RecordValPtr zeek::Broker::detail::make_data_val(broker::data d) { auto rval = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); rval->Assign(0, zeek::make_intrusive(move(d))); @@ -1106,12 +1111,12 @@ struct data_type_getter { } }; -zeek::EnumValPtr bro_broker::get_data_type(zeek::RecordVal* v, zeek::detail::Frame* frame) +zeek::EnumValPtr zeek::Broker::detail::get_data_type(zeek::RecordVal* v, zeek::detail::Frame* frame) { return caf::visit(data_type_getter{}, opaque_field_to_data(v, frame)); } -broker::data& bro_broker::opaque_field_to_data(zeek::RecordVal* v, zeek::detail::Frame* f) +broker::data& zeek::Broker::detail::opaque_field_to_data(zeek::RecordVal* v, zeek::detail::Frame* f) { const auto& d = v->GetField(0); @@ -1124,50 +1129,50 @@ broker::data& bro_broker::opaque_field_to_data(zeek::RecordVal* v, zeek::detail: return static_cast(d.get())->data; } -void bro_broker::DataVal::ValDescribe(zeek::ODesc* d) const +void zeek::Broker::detail::DataVal::ValDescribe(zeek::ODesc* d) const { d->Add("broker::data{"); d->Add(broker::to_string(data)); d->Add("}"); } -bool bro_broker::DataVal::canCastTo(zeek::Type* t) const +bool zeek::Broker::detail::DataVal::canCastTo(zeek::Type* t) const { return data_type_check(data, t); } -zeek::ValPtr bro_broker::DataVal::castTo(zeek::Type* t) +zeek::ValPtr zeek::Broker::detail::DataVal::castTo(zeek::Type* t) { return data_to_val(data, t); } -const zeek::TypePtr& bro_broker::DataVal::ScriptDataType() +const zeek::TypePtr& zeek::Broker::detail::DataVal::ScriptDataType() { static auto script_data_type = zeek::id::find_type("Broker::Data"); return script_data_type; } -IMPLEMENT_OPAQUE_VALUE(bro_broker::DataVal) +IMPLEMENT_OPAQUE_VALUE(zeek::Broker::detail::DataVal) -broker::expected bro_broker::DataVal::DoSerialize() const +broker::expected zeek::Broker::detail::DataVal::DoSerialize() const { return data; } -bool bro_broker::DataVal::DoUnserialize(const broker::data& data_) +bool zeek::Broker::detail::DataVal::DoUnserialize(const broker::data& data_) { data = data_; return true; } -IMPLEMENT_OPAQUE_VALUE(bro_broker::SetIterator) +IMPLEMENT_OPAQUE_VALUE(zeek::Broker::detail::SetIterator) -broker::expected bro_broker::SetIterator::DoSerialize() const +broker::expected zeek::Broker::detail::SetIterator::DoSerialize() const { return broker::vector{dat, *it}; } -bool bro_broker::SetIterator::DoUnserialize(const broker::data& data) +bool zeek::Broker::detail::SetIterator::DoUnserialize(const broker::data& data) { auto v = caf::get_if(&data); if ( ! (v && v->size() == 2) ) @@ -1187,14 +1192,14 @@ bool bro_broker::SetIterator::DoUnserialize(const broker::data& data) return true; } -IMPLEMENT_OPAQUE_VALUE(bro_broker::TableIterator) +IMPLEMENT_OPAQUE_VALUE(zeek::Broker::detail::TableIterator) -broker::expected bro_broker::TableIterator::DoSerialize() const +broker::expected zeek::Broker::detail::TableIterator::DoSerialize() const { return broker::vector{dat, it->first}; } -bool bro_broker::TableIterator::DoUnserialize(const broker::data& data) +bool zeek::Broker::detail::TableIterator::DoUnserialize(const broker::data& data) { auto v = caf::get_if(&data); if ( ! (v && v->size() == 2) ) @@ -1214,15 +1219,15 @@ bool bro_broker::TableIterator::DoUnserialize(const broker::data& data) return true; } -IMPLEMENT_OPAQUE_VALUE(bro_broker::VectorIterator) +IMPLEMENT_OPAQUE_VALUE(zeek::Broker::detail::VectorIterator) -broker::expected bro_broker::VectorIterator::DoSerialize() const +broker::expected zeek::Broker::detail::VectorIterator::DoSerialize() const { broker::integer difference = it - dat.begin(); return broker::vector{dat, difference}; } -bool bro_broker::VectorIterator::DoUnserialize(const broker::data& data) +bool zeek::Broker::detail::VectorIterator::DoUnserialize(const broker::data& data) { auto v = caf::get_if(&data); if ( ! (v && v->size() == 2) ) @@ -1239,15 +1244,15 @@ bool bro_broker::VectorIterator::DoUnserialize(const broker::data& data) return true; } -IMPLEMENT_OPAQUE_VALUE(bro_broker::RecordIterator) +IMPLEMENT_OPAQUE_VALUE(zeek::Broker::detail::RecordIterator) -broker::expected bro_broker::RecordIterator::DoSerialize() const +broker::expected zeek::Broker::detail::RecordIterator::DoSerialize() const { broker::integer difference = it - dat.begin(); return broker::vector{dat, difference}; } -bool bro_broker::RecordIterator::DoUnserialize(const broker::data& data) +bool zeek::Broker::detail::RecordIterator::DoUnserialize(const broker::data& data) { auto v = caf::get_if(&data); if ( ! (v && v->size() == 2) ) @@ -1264,7 +1269,7 @@ bool bro_broker::RecordIterator::DoUnserialize(const broker::data& data) return true; } -broker::data bro_broker::threading_field_to_data(const threading::Field* f) +broker::data zeek::Broker::detail::threading_field_to_data(const zeek::threading::Field* f) { auto name = f->name; auto type = static_cast(f->type); @@ -1279,7 +1284,7 @@ broker::data bro_broker::threading_field_to_data(const threading::Field* f) return broker::vector({name, secondary, type, subtype, optional}); } -threading::Field* bro_broker::data_to_threading_field(broker::data d) +zeek::threading::Field* zeek::Broker::detail::data_to_threading_field(broker::data d) { if ( ! caf::holds_alternative(d) ) return nullptr; @@ -1297,9 +1302,9 @@ threading::Field* bro_broker::data_to_threading_field(broker::data d) if ( secondary != broker::nil && ! caf::holds_alternative(secondary) ) return nullptr; - return new threading::Field(name->c_str(), - secondary != broker::nil ? caf::get(secondary).c_str() : nullptr, - static_cast(*type), - static_cast(*subtype), - *optional); + return new zeek::threading::Field(name->c_str(), + secondary != broker::nil ? caf::get(secondary).c_str() : nullptr, + static_cast(*type), + static_cast(*subtype), + *optional); } diff --git a/src/broker/Data.h b/src/broker/Data.h index cbd136d35e..1d2aad1118 100644 --- a/src/broker/Data.h +++ b/src/broker/Data.h @@ -6,13 +6,16 @@ #include "Expr.h" ZEEK_FORWARD_DECLARE_NAMESPACED(ODesc, zeek); - +namespace zeek::threading { + struct Value; + struct Field; +} namespace threading { -struct Value; -struct Field; + using Value [[deprecated("Remove in v4.1. Use zeek::threading::Value.")]] = zeek::threading::Value; + using Field [[deprecated("Remove in v4.1. Use zeek::threading::Field.")]] = zeek::threading::Field; } -namespace bro_broker { +namespace zeek::Broker::detail { extern zeek::OpaqueTypePtr opaque_of_data_type; extern zeek::OpaqueTypePtr opaque_of_set_iterator; @@ -21,9 +24,9 @@ extern zeek::OpaqueTypePtr opaque_of_vector_iterator; extern zeek::OpaqueTypePtr opaque_of_record_iterator; /** - * Convert a broker port protocol to a bro port protocol. + * Convert a broker port protocol to a zeek port protocol. */ -TransportProto to_bro_port_proto(broker::port::protocol tp); +TransportProto to_zeek_port_proto(broker::port::protocol tp); /** * Create a Broker::Data value from a Bro value. @@ -65,34 +68,34 @@ broker::expected val_to_data(const zeek::Val* v); zeek::ValPtr data_to_val(broker::data d, zeek::Type* type); /** - * Convert a Bro threading::Value to a Broker data value. - * @param v a Bro threading::Value. - * @return a Broker data value if the Bro threading::Value could be converted to one. + * Convert a zeek::threading::Value to a Broker data value. + * @param v a zeek::threading::Value. + * @return a Broker data value if the zeek::threading::Value could be converted to one. */ -broker::expected threading_val_to_data(const threading::Value* v); +broker::expected threading_val_to_data(const zeek::threading::Value* v); /** - * Convert a Bro threading::Field to a Broker data value. - * @param f a Bro threading::Field. - * @return a Broker data value if the Bro threading::Field could be converted to one. + * Convert a zeek::threading::Field to a Broker data value. + * @param f a zeek::threading::Field. + * @return a Broker data value if the zeek::threading::Field could be converted to one. */ -broker::data threading_field_to_data(const threading::Field* f); +broker::data threading_field_to_data(const zeek::threading::Field* f); /** - * Convert a Broker data value to a Bro threading::Value. + * Convert a Broker data value to a zeek::threading::Value. * @param d a Broker data value. - * @return a pointer to a new Bro threading::Value or a nullptr if the conversion was not + * @return a pointer to a new zeek::threading::Value or a nullptr if the conversion was not * possible. */ -threading::Value* data_to_threading_val(broker::data d); +zeek::threading::Value* data_to_threading_val(broker::data d); /** - * Convert a Broker data value to a Bro threading::Value. + * Convert a Broker data value to a zeek::threading::Value. * @param d a Broker data value. - * @return a pointer to a new Bro threading::Value or a nullptr if the conversion was not + * @return a pointer to a new zeek::threading::Value or a nullptr if the conversion was not * possible. */ -threading::Field* data_to_threading_field(broker::data d); +zeek::threading::Field* data_to_threading_field(broker::data d); /** * A Bro value which wraps a Broker data value. @@ -101,7 +104,7 @@ class DataVal : public zeek::OpaqueVal { public: DataVal(broker::data arg_data) - : OpaqueVal(bro_broker::opaque_of_data_type), data(std::move(arg_data)) + : OpaqueVal(zeek::Broker::detail::opaque_of_data_type), data(std::move(arg_data)) {} void ValDescribe(zeek::ODesc* d) const override; @@ -118,10 +121,10 @@ public: protected: DataVal() - : OpaqueVal(bro_broker::opaque_of_data_type) + : OpaqueVal(zeek::Broker::detail::opaque_of_data_type) {} - DECLARE_OPAQUE_VALUE(bro_broker::DataVal) + DECLARE_OPAQUE_VALUE(zeek::Broker::detail::DataVal) }; /** @@ -228,7 +231,7 @@ class SetIterator : public zeek::OpaqueVal { public: SetIterator(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail::Frame* f) - : zeek::OpaqueVal(bro_broker::opaque_of_set_iterator), + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_set_iterator), dat(require_data_type(v, zeek::TYPE_TABLE, f)), it(dat.begin()) {} @@ -238,17 +241,17 @@ public: protected: SetIterator() - : zeek::OpaqueVal(bro_broker::opaque_of_set_iterator) + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_set_iterator) {} - DECLARE_OPAQUE_VALUE(bro_broker::SetIterator) + DECLARE_OPAQUE_VALUE(zeek::Broker::detail::SetIterator) }; class TableIterator : public zeek::OpaqueVal { public: TableIterator(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail::Frame* f) - : zeek::OpaqueVal(bro_broker::opaque_of_table_iterator), + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_table_iterator), dat(require_data_type(v, zeek::TYPE_TABLE, f)), it(dat.begin()) {} @@ -258,17 +261,17 @@ public: protected: TableIterator() - : zeek::OpaqueVal(bro_broker::opaque_of_table_iterator) + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_table_iterator) {} - DECLARE_OPAQUE_VALUE(bro_broker::TableIterator) + DECLARE_OPAQUE_VALUE(zeek::Broker::detail::TableIterator) }; class VectorIterator : public zeek::OpaqueVal { public: VectorIterator(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail::Frame* f) - : zeek::OpaqueVal(bro_broker::opaque_of_vector_iterator), + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_vector_iterator), dat(require_data_type(v, zeek::TYPE_VECTOR, f)), it(dat.begin()) {} @@ -278,17 +281,17 @@ public: protected: VectorIterator() - : zeek::OpaqueVal(bro_broker::opaque_of_vector_iterator) + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_vector_iterator) {} - DECLARE_OPAQUE_VALUE(bro_broker::VectorIterator) + DECLARE_OPAQUE_VALUE(zeek::Broker::detail::VectorIterator) }; class RecordIterator : public zeek::OpaqueVal { public: RecordIterator(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail::Frame* f) - : zeek::OpaqueVal(bro_broker::opaque_of_record_iterator), + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_record_iterator), dat(require_data_type(v, zeek::TYPE_RECORD, f)), it(dat.begin()) {} @@ -298,10 +301,59 @@ public: protected: RecordIterator() - : zeek::OpaqueVal(bro_broker::opaque_of_record_iterator) + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_record_iterator) {} - DECLARE_OPAQUE_VALUE(bro_broker::RecordIterator) + DECLARE_OPAQUE_VALUE(zeek::Broker::detail::RecordIterator) }; +} // namespace zeek::Broker + +namespace bro_broker { + +extern zeek::OpaqueTypePtr& opaque_of_data_type; +extern zeek::OpaqueTypePtr& opaque_of_set_iterator; +extern zeek::OpaqueTypePtr& opaque_of_table_iterator; +extern zeek::OpaqueTypePtr& opaque_of_vector_iterator; +extern zeek::OpaqueTypePtr& opaque_of_record_iterator; + +constexpr auto to_bro_port_proto [[deprecated("Remove in v4.1. Use zeek::Broker::detail::to_zeek_port_proto.")]] = zeek::Broker::detail::to_zeek_port_proto; + +[[deprecated("Remove in v4.1. Use zeek::Broker::detail::make_data_val.")]] +inline zeek::RecordValPtr make_data_val(zeek::Val* v) { return zeek::Broker::detail::make_data_val(v); } +[[deprecated("Remove in v4.1. Use zeek::Broker::detail::make_data_val.")]] +inline zeek::RecordValPtr make_data_val(broker::data d) { return zeek::Broker::detail::make_data_val(d); } + +constexpr auto get_data_type [[deprecated("Remove in v4.1. Use zeek::Broker::detail::get_data_type.")]] = zeek::Broker::detail::get_data_type; +constexpr auto val_to_data [[deprecated("Remove in v4.1. Use zeek::Broker::detail::val_to_data.")]] = zeek::Broker::detail::val_to_data; +constexpr auto data_to_val [[deprecated("Remove in v4.1. Use zeek::Broker::detail::data_to_val.")]] = zeek::Broker::detail::data_to_val; +constexpr auto threading_val_to_data [[deprecated("Remove in v4.1. Use zeek::Broker::detail::threading_val_to_data.")]] = zeek::Broker::detail::threading_val_to_data; +constexpr auto threading_field_to_data [[deprecated("Remove in v4.1. Use zeek::Broker::detail::threading_field_to_data.")]] = zeek::Broker::detail::threading_field_to_data; +constexpr auto data_to_threading_val [[deprecated("Remove in v4.1. Use zeek::Broker::detail::data_to_threading_val.")]] = zeek::Broker::detail::data_to_threading_val; +constexpr auto data_to_threading_field [[deprecated("Remove in v4.1. Use zeek::Broker::detail::data_to_threading_field.")]] = zeek::Broker::detail::data_to_threading_field; + +using DataVal [[deprecated("Remove in v4.1. Use zeek::Broker::detail::DataVal.")]] = zeek::Broker::detail::DataVal; +using type_name_getter [[deprecated("Remove in v4.1. Use zeek::Broker::detail::type_name_getter.")]] = zeek::Broker::detail::type_name_getter; + +constexpr auto opaque_field_to_data [[deprecated("Remove in v4.1. Use zeek::Broker::detail::opaque_field_to_data.")]] = zeek::Broker::detail::opaque_field_to_data; + +template +[[deprecated("Remove in v4.1. Use zeek::Broker::detail::require_data_type.")]] +T& require_data_type(broker::data& d, zeek::TypeTag tag, zeek::detail::Frame* f) + { + return zeek::Broker::detail::require_data_type(d, tag, f); + } + +template +[[deprecated("Remove in v4.1. Use zeek::Broker::detail::require_data_type.")]] +inline T& require_data_type(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail::Frame* f) + { + return zeek::Broker::detail::require_data_type(v, tag, f); + } + +using SetIterator [[deprecated("Remove in v4.1. Use zeek::Broker::detail::SetIterator.")]] = zeek::Broker::detail::SetIterator; +using TableIterator [[deprecated("Remove in v4.1. Use zeek::Broker::detail::TableIterator.")]] = zeek::Broker::detail::TableIterator; +using VectorIterator [[deprecated("Remove in v4.1. Use zeek::Broker::detail::VectorIterator.")]] = zeek::Broker::detail::VectorIterator; +using RecordIterator [[deprecated("Remove in v4.1. Use zeek::Broker::detail::RecordIterator.")]] = zeek::Broker::detail::RecordIterator; + } // namespace bro_broker diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index c83b75abde..2f3b87ec83 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -22,11 +22,11 @@ #include "DebugLogger.h" #include "iosource/Manager.h" #include "SerializationFormat.h" -#include "Net.h" +#include "RunState.h" using namespace std; -namespace bro_broker { +namespace zeek::Broker { static inline zeek::Val* get_option(const char* option) { @@ -84,17 +84,17 @@ struct scoped_reporter_location { #ifdef DEBUG static std::string RenderMessage(std::string topic, const broker::data& x) { - return fmt("%s -> %s", broker::to_string(x).c_str(), topic.c_str()); + return zeek::util::fmt("%s -> %s", broker::to_string(x).c_str(), topic.c_str()); } static std::string RenderEvent(std::string topic, std::string name, const broker::data& args) { - return fmt("%s(%s) -> %s", name.c_str(), broker::to_string(args).c_str(), topic.c_str()); + return zeek::util::fmt("%s(%s) -> %s", name.c_str(), broker::to_string(args).c_str(), topic.c_str()); } static std::string RenderMessage(const broker::store::response& x) { - return fmt("%s [id %" PRIu64 "]", (x.answer ? broker::to_string(*x.answer).c_str() : ""), x.id); + return zeek::util::fmt("%s [id %" PRIu64 "]", (x.answer ? broker::to_string(*x.answer).c_str() : ""), x.id); } static std::string RenderMessage(const broker::vector* xs) @@ -119,7 +119,7 @@ static std::string RenderMessage(const broker::status& s) static std::string RenderMessage(const broker::error& e) { - return fmt("%s (%s)", broker::to_string(e.code()).c_str(), + return zeek::util::fmt("%s (%s)", broker::to_string(e.code()).c_str(), caf::to_string(e.context()).c_str()); } @@ -154,16 +154,16 @@ void Manager::InitPostScript() zeek_table_manager = get_option("Broker::table_store_master")->AsBool(); zeek_table_db_directory = get_option("Broker::table_store_db_directory")->AsString()->CheckString(); - opaque_of_data_type = zeek::make_intrusive("Broker::Data"); - opaque_of_set_iterator = zeek::make_intrusive("Broker::SetIterator"); - opaque_of_table_iterator = zeek::make_intrusive("Broker::TableIterator"); - opaque_of_vector_iterator = zeek::make_intrusive("Broker::VectorIterator"); - opaque_of_record_iterator = zeek::make_intrusive("Broker::RecordIterator"); - opaque_of_store_handle = zeek::make_intrusive("Broker::Store"); + detail::opaque_of_data_type = zeek::make_intrusive("Broker::Data"); + detail::opaque_of_set_iterator = zeek::make_intrusive("Broker::SetIterator"); + detail::opaque_of_table_iterator = zeek::make_intrusive("Broker::TableIterator"); + detail::opaque_of_vector_iterator = zeek::make_intrusive("Broker::VectorIterator"); + detail::opaque_of_record_iterator = zeek::make_intrusive("Broker::RecordIterator"); + detail::opaque_of_store_handle = zeek::make_intrusive("Broker::Store"); vector_of_data_type = zeek::make_intrusive(zeek::id::find_type("Broker::Data")); // Register as a "dont-count" source first, we may change that later. - iosource_mgr->Register(this, true); + zeek::iosource_mgr->Register(this, true); broker::broker_options options; options.disable_ssl = get_option("Broker::disable_ssl")->AsBool(); @@ -174,14 +174,14 @@ void Manager::InitPostScript() auto scheduler_policy = get_option("Broker::scheduler_policy")->AsString()->CheckString(); - if ( streq(scheduler_policy, "sharing") ) + if ( zeek::util::streq(scheduler_policy, "sharing") ) config.set("scheduler.policy", caf::atom("sharing")); - else if ( streq(scheduler_policy, "stealing") ) + else if ( zeek::util::streq(scheduler_policy, "stealing") ) config.set("scheduler.policy", caf::atom("stealing")); else zeek::reporter->FatalError("Invalid Broker::scheduler_policy: %s", scheduler_policy); - auto max_threads_env = zeekenv("ZEEK_BROKER_MAX_THREADS"); + auto max_threads_env = zeek::util::zeekenv("ZEEK_BROKER_MAX_THREADS"); if ( max_threads_env ) config.set("scheduler.max-threads", atoi(max_threads_env)); @@ -210,9 +210,9 @@ void Manager::InitPostScript() auto cqs = get_option("Broker::congestion_queue_size")->AsCount(); bstate = std::make_shared(std::move(config), cqs); - if ( ! iosource_mgr->RegisterFd(bstate->subscriber.fd(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(bstate->subscriber.fd(), this) ) zeek::reporter->FatalError("Failed to register broker subscriber with iosource_mgr"); - if ( ! iosource_mgr->RegisterFd(bstate->status_subscriber.fd(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(bstate->status_subscriber.fd(), this) ) zeek::reporter->FatalError("Failed to register broker status subscriber with iosource_mgr"); bstate->subscriber.add_topic(broker::topics::store_events, true); @@ -243,7 +243,7 @@ void Manager::InitializeBrokerStoreForwarding() if ( ! zeek_table_manager ) continue; - auto backend = bro_broker::to_backend_type(e); + auto backend = detail::to_backend_type(e); auto suffix = ".store"; switch ( backend ) { @@ -268,8 +268,8 @@ void Manager::Terminate() { FlushLogBuffers(); - iosource_mgr->UnregisterFd(bstate->subscriber.fd(), this); - iosource_mgr->UnregisterFd(bstate->status_subscriber.fd(), this); + zeek::iosource_mgr->UnregisterFd(bstate->subscriber.fd(), this); + zeek::iosource_mgr->UnregisterFd(bstate->status_subscriber.fd(), this); vector stores_to_close; @@ -353,7 +353,7 @@ uint16_t Manager::Listen(const string& addr, uint16_t port) addr.empty() ? "INADDR_ANY" : addr.c_str(), port); // Register as a "does-count" source now. - iosource_mgr->Register(this, false); + zeek::iosource_mgr->Register(this, false); DBG_LOG(zeek::DBG_BROKER, "Listening on %s:%" PRIu16, addr.empty() ? "INADDR_ANY" : addr.c_str(), port); @@ -369,7 +369,7 @@ void Manager::Peer(const string& addr, uint16_t port, double retry) DBG_LOG(zeek::DBG_BROKER, "Starting to peer with %s:%" PRIu16, addr.c_str(), port); - auto e = zeekenv("ZEEK_DEFAULT_CONNECT_RETRY"); + auto e = zeek::util::zeekenv("ZEEK_DEFAULT_CONNECT_RETRY"); if ( e ) retry = atoi(e); @@ -385,7 +385,7 @@ void Manager::Peer(const string& addr, uint16_t port, double retry) if ( counts_as_iosource ) // Register as a "does-count" source now. - iosource_mgr->Register(this, false); + zeek::iosource_mgr->Register(this, false); } void Manager::Unpeer(const string& addr, uint16_t port) @@ -394,7 +394,7 @@ void Manager::Unpeer(const string& addr, uint16_t port) return; DBG_LOG(zeek::DBG_BROKER, "Stopping to peer with %s:%" PRIu16, - addr.c_str(), port); + addr.c_str(), port); FlushLogBuffers(); bstate->endpoint.unpeer_nosync(addr, port); @@ -448,7 +448,7 @@ bool Manager::PublishEvent(string topic, zeek::RecordVal* args) for ( auto i = 0u; i < vv->Size(); ++i ) { const auto& val = vv->At(i)->AsRecordVal()->GetField(0); - auto data_val = static_cast(val.get()); + auto data_val = static_cast(val.get()); xs.emplace_back(data_val->data); } @@ -475,7 +475,7 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) // receiving side, but not sure what use that would be. return false; - auto data = val_to_data(val.get()); + auto data = detail::val_to_data(val.get()); if ( ! data ) { @@ -493,8 +493,8 @@ bool Manager::PublishIdentifier(std::string topic, std::string id) } bool Manager::PublishLogCreate(zeek::EnumVal* stream, zeek::EnumVal* writer, - const logging::WriterBackend::WriterInfo& info, - int num_fields, const threading::Field* const * fields, + const zeek::logging::WriterBackend::WriterInfo& info, + int num_fields, const zeek::threading::Field* const * fields, const broker::endpoint_info& peer) { if ( bstate->endpoint.is_shutdown() ) @@ -528,7 +528,7 @@ bool Manager::PublishLogCreate(zeek::EnumVal* stream, zeek::EnumVal* writer, for ( auto i = 0; i < num_fields; ++i ) { - auto field_data = threading_field_to_data(fields[i]); + auto field_data = detail::threading_field_to_data(fields[i]); fields_data.push_back(move(field_data)); } @@ -550,7 +550,7 @@ bool Manager::PublishLogCreate(zeek::EnumVal* stream, zeek::EnumVal* writer, } bool Manager::PublishLogWrite(zeek::EnumVal* stream, zeek::EnumVal* writer, string path, - int num_fields, const threading::Value* const * vals) + int num_fields, const zeek::threading::Value* const * vals) { if ( bstate->endpoint.is_shutdown() ) return true; @@ -679,7 +679,7 @@ void Manager::Error(const char* format, ...) { va_list args; va_start(args, format); - auto msg = vfmt(format, args); + auto msg = zeek::util::vfmt(format, args); va_end(args); if ( script_scope ) @@ -749,7 +749,7 @@ bool Manager::AutoUnpublishEvent(const string& topic, zeek::Val* event) return true; } -zeek::RecordVal* Manager::MakeEvent(val_list* args, zeek::detail::Frame* frame) +zeek::RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) { auto rval = new zeek::RecordVal(zeek::BifType::Record::Broker::Event); auto arg_vec = zeek::make_intrusive(vector_of_data_type); @@ -806,10 +806,10 @@ zeek::RecordVal* Manager::MakeEvent(val_list* args, zeek::detail::Frame* frame) zeek::RecordValPtr data_val; - if ( same_type(got_type, bro_broker::DataVal::ScriptDataType()) ) + if ( same_type(got_type, detail::DataVal::ScriptDataType()) ) data_val = {zeek::NewRef{}, (*args)[i]->AsRecordVal()}; else - data_val = make_data_val((*args)[i]); + data_val = detail::make_data_val((*args)[i]); if ( ! data_val->GetField(0) ) { @@ -923,7 +923,7 @@ void Manager::Process() // Ensure that time gets update before processing broker messages, or events // based on them might get scheduled wrong. if ( use_real_time ) - net_update_time(current_time()); + zeek::run_state::detail::update_network_time(zeek::util::current_time()); bool had_input = false; @@ -995,11 +995,11 @@ void Manager::Process() if ( had_input ) { - if ( network_time == 0 ) + if ( zeek::run_state::network_time == 0 ) // If we're getting Broker messages, but still haven't initialized - // network_time, may as well do so now because otherwise the + // zeek::run_state::network_time, may as well do so now because otherwise the // broker/cluster logs will end up using timestamp 0. - net_update_time(current_time()); + zeek::run_state::detail::update_network_time(zeek::util::current_time()); } } @@ -1031,7 +1031,7 @@ void Manager::ProcessStoreEventInsertUpdate(const zeek::TableValPtr& table, const auto& its = table->GetType()->AsTableType()->GetIndexTypes(); assert( its.size() == 1 ); - auto zeek_key = data_to_val(key, its[0].get()); + auto zeek_key = detail::data_to_val(key, its[0].get()); if ( ! zeek_key ) { zeek::reporter->Error("ProcessStoreEvent %s: could not convert key \"%s\" for store \"%s\" while receiving remote data. This probably means the tables have different types on different nodes.", type, to_string(key).c_str(), store_id.c_str()); @@ -1045,7 +1045,7 @@ void Manager::ProcessStoreEventInsertUpdate(const zeek::TableValPtr& table, } // it is a table - auto zeek_value = data_to_val(data, table->GetType()->Yield().get()); + auto zeek_value = detail::data_to_val(data, table->GetType()->Yield().get()); if ( ! zeek_value ) { zeek::reporter->Error("ProcessStoreEvent %s: could not convert value \"%s\" for key \"%s\" in store \"%s\" while receiving remote data. This probably means the tables have different types on different nodes.", type, to_string(data).c_str(), to_string(key).c_str(), store_id.c_str()); @@ -1107,7 +1107,7 @@ void Manager::ProcessStoreEvent(broker::data msg) DBG_LOG(zeek::DBG_BROKER, "Store %s: Erase key %s", erase.store_id().c_str(), to_string(key).c_str()); const auto& its = table->GetType()->AsTableType()->GetIndexTypes(); assert( its.size() == 1 ); - auto zeek_key = data_to_val(key, its[0].get()); + auto zeek_key = detail::data_to_val(key, its[0].get()); if ( ! zeek_key ) { zeek::reporter->Error("ProcessStoreEvent: could not convert key \"%s\" for store \"%s\" while receiving remote erase. This probably means the tables have different types on different nodes.", to_string(key).c_str(), insert.store_id().c_str()); @@ -1190,7 +1190,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::zeek::Event ev) { auto got_type = args[i].get_type_name(); const auto& expected_type = arg_types[i]; - auto val = data_to_val(std::move(args[i]), expected_type.get()); + auto val = detail::data_to_val(std::move(args[i]), expected_type.get()); if ( val ) vl.emplace_back(std::move(val)); @@ -1216,10 +1216,10 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::zeek::Event ev) } if ( vl.size() == args.size() ) - zeek::event_mgr.Enqueue(handler, std::move(vl), SOURCE_BROKER); + zeek::event_mgr.Enqueue(handler, std::move(vl), zeek::util::detail::SOURCE_BROKER); } -bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) +bool Manager::ProcessLogCreate(broker::zeek::LogCreate lc) { DBG_LOG(zeek::DBG_BROKER, "Received log-create: %s", RenderMessage(lc.as_data()).c_str()); if ( ! lc.valid() ) @@ -1229,21 +1229,21 @@ bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) return false; } - auto stream_id = data_to_val(std::move(lc.stream_id()), log_id_type); + auto stream_id = detail::data_to_val(std::move(lc.stream_id()), log_id_type); if ( ! stream_id ) { zeek::reporter->Warning("failed to unpack remote log stream id"); return false; } - auto writer_id = data_to_val(std::move(lc.writer_id()), writer_id_type); + auto writer_id = detail::data_to_val(std::move(lc.writer_id()), writer_id_type); if ( ! writer_id ) { zeek::reporter->Warning("failed to unpack remote log writer id"); return false; } - auto writer_info = std::unique_ptr(new logging::WriterBackend::WriterInfo); + auto writer_info = std::make_unique(); if ( ! writer_info->FromBroker(std::move(lc.writer_info())) ) { zeek::reporter->Warning("failed to unpack remote log writer info"); @@ -1260,11 +1260,11 @@ bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) } auto num_fields = fields_data->size(); - auto fields = new threading::Field* [num_fields]; + auto fields = new zeek::threading::Field* [num_fields]; for ( size_t i = 0; i < num_fields; ++i ) { - if ( auto field = data_to_threading_field(std::move((*fields_data)[i])) ) + if ( auto field = detail::data_to_threading_field(std::move((*fields_data)[i])) ) fields[i] = field; else { @@ -1274,7 +1274,7 @@ bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) } } - if ( ! log_mgr->CreateWriterForRemoteLog(stream_id->AsEnumVal(), writer_id->AsEnumVal(), writer_info.release(), num_fields, fields) ) + if ( ! zeek::log_mgr->CreateWriterForRemoteLog(stream_id->AsEnumVal(), writer_id->AsEnumVal(), writer_info.release(), num_fields, fields) ) { zeek::ODesc d; stream_id->Describe(&d); @@ -1284,7 +1284,7 @@ bool bro_broker::Manager::ProcessLogCreate(broker::zeek::LogCreate lc) return true; } -bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) +bool Manager::ProcessLogWrite(broker::zeek::LogWrite lw) { DBG_LOG(zeek::DBG_BROKER, "Received log-write: %s", RenderMessage(lw.as_data()).c_str()); @@ -1299,7 +1299,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) auto& stream_id_name = lw.stream_id().name; // Get stream ID. - auto stream_id = data_to_val(std::move(lw.stream_id()), log_id_type); + auto stream_id = detail::data_to_val(std::move(lw.stream_id()), log_id_type); if ( ! stream_id ) { @@ -1309,7 +1309,7 @@ bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) } // Get writer ID. - auto writer_id = data_to_val(std::move(lw.writer_id()), writer_id_type); + auto writer_id = detail::data_to_val(std::move(lw.writer_id()), writer_id_type); if ( ! writer_id ) { zeek::reporter->Warning("failed to unpack remote log writer id for stream: %s", stream_id_name.data()); @@ -1344,11 +1344,11 @@ bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) return false; } - auto vals = new threading::Value* [num_fields]; + auto vals = new zeek::threading::Value* [num_fields]; for ( int i = 0; i < num_fields; ++i ) { - vals[i] = new threading::Value; + vals[i] = new zeek::threading::Value; if ( ! vals[i]->Read(&fmt) ) { @@ -1362,8 +1362,8 @@ bool bro_broker::Manager::ProcessLogWrite(broker::zeek::LogWrite lw) } } - log_mgr->WriteFromRemote(stream_id->AsEnumVal(), writer_id->AsEnumVal(), - std::move(*path), num_fields, vals); + zeek::log_mgr->WriteFromRemote(stream_id->AsEnumVal(), writer_id->AsEnumVal(), + std::move(*path), num_fields, vals); fmt.EndRead(); return true; } @@ -1391,7 +1391,7 @@ bool Manager::ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu) return false; } - auto val = data_to_val(std::move(id_value), id->GetType().get()); + auto val = detail::data_to_val(std::move(id_value), id->GetType().get()); if ( ! val ) { @@ -1413,24 +1413,24 @@ void Manager::ProcessStatus(broker::status stat) zeek::EventHandlerPtr event; switch (stat.code()) { case broker::sc::unspecified: - event = Broker::status; + event = ::Broker::status; break; case broker::sc::peer_added: ++peer_count; assert(ctx); - log_mgr->SendAllWritersTo(*ctx); - event = Broker::peer_added; + zeek::log_mgr->SendAllWritersTo(*ctx); + event = ::Broker::peer_added; break; case broker::sc::peer_removed: --peer_count; - event = Broker::peer_removed; + event = ::Broker::peer_removed; break; case broker::sc::peer_lost: --peer_count; - event = Broker::peer_lost; + event = ::Broker::peer_lost; break; default: @@ -1476,7 +1476,7 @@ void Manager::ProcessError(broker::error err) { DBG_LOG(zeek::DBG_BROKER, "Received error message: %s", RenderMessage(err).c_str()); - if ( ! Broker::error ) + if ( ! ::Broker::error ) return; BifEnum::Broker::ErrorCode ec; @@ -1499,15 +1499,15 @@ void Manager::ProcessError(broker::error err) else { ec = BifEnum::Broker::ErrorCode::CAF_ERROR; - msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); + msg = zeek::util::fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str()); } - zeek::event_mgr.Enqueue(Broker::error, + zeek::event_mgr.Enqueue(::Broker::error, zeek::BifType::Enum::Broker::ErrorCode->GetEnumVal(ec), zeek::make_intrusive(msg)); } -void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response response) +void Manager::ProcessStoreResponse(detail::StoreHandleVal* s, broker::store::response response) { DBG_LOG(zeek::DBG_BROKER, "Received store response: %s", RenderMessage(response).c_str()); @@ -1529,7 +1529,7 @@ void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response re } if ( response.answer ) - request->second->Result(query_result(make_data_val(std::move(*response.answer)))); + request->second->Result(detail::query_result(detail::make_data_val(std::move(*response.answer)))); else if ( response.answer.error() == broker::ec::request_timeout ) { // Fine, trigger's timeout takes care of things. @@ -1543,7 +1543,7 @@ void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response re // this type of error (which is less easily handled programmatically). } else if ( response.answer.error() == broker::ec::no_such_key ) - request->second->Result(query_result()); + request->second->Result(detail::query_result()); else zeek::reporter->InternalWarning("unknown store response status: %s", to_string(response.answer.error()).c_str()); @@ -1552,8 +1552,8 @@ void Manager::ProcessStoreResponse(StoreHandleVal* s, broker::store::response re pending_queries.erase(request); } -StoreHandleVal* Manager::MakeMaster(const string& name, broker::backend type, - broker::backend_options opts) +detail::StoreHandleVal* Manager::MakeMaster(const string& name, broker::backend type, + broker::backend_options opts) { if ( bstate->endpoint.is_shutdown() ) return nullptr; @@ -1594,11 +1594,11 @@ StoreHandleVal* Manager::MakeMaster(const string& name, broker::backend type, return nullptr; } - auto handle = new StoreHandleVal{*result}; + auto handle = new detail::StoreHandleVal{*result}; Ref(handle); data_stores.emplace(name, handle); - iosource_mgr->RegisterFd(handle->proxy.mailbox().descriptor(), this); + zeek::iosource_mgr->RegisterFd(handle->proxy.mailbox().descriptor(), this); PrepareForwarding(name); if ( ! bstate->endpoint.use_real_time() ) @@ -1611,7 +1611,7 @@ StoreHandleVal* Manager::MakeMaster(const string& name, broker::backend type, return handle; } -void Manager::BrokerStoreToZeekTable(const std::string& name, const StoreHandleVal* handle) +void Manager::BrokerStoreToZeekTable(const std::string& name, const detail::StoreHandleVal* handle) { if ( ! handle->forward_to ) return; @@ -1631,7 +1631,7 @@ void Manager::BrokerStoreToZeekTable(const std::string& name, const StoreHandleV for ( const auto& key : *set ) { - auto zeek_key = data_to_val(key, its[0].get()); + auto zeek_key = detail::data_to_val(key, its[0].get()); if ( ! zeek_key ) { zeek::reporter->Error("Failed to convert key \"%s\" while importing broker store to table for store \"%s\". Aborting import.", to_string(key).c_str(), name.c_str()); @@ -1654,7 +1654,7 @@ void Manager::BrokerStoreToZeekTable(const std::string& name, const StoreHandleV continue; } - auto zeek_value = data_to_val(*value, table->GetType()->Yield().get()); + auto zeek_value = detail::data_to_val(*value, table->GetType()->Yield().get()); if ( ! zeek_value ) { zeek::reporter->Error("Could not convert %s to table value while trying to import Broker store %s. Aborting import.", to_string(value).c_str(), name.c_str()); @@ -1669,9 +1669,9 @@ void Manager::BrokerStoreToZeekTable(const std::string& name, const StoreHandleV return; } -StoreHandleVal* Manager::MakeClone(const string& name, double resync_interval, - double stale_interval, - double mutation_buffer_interval) +detail::StoreHandleVal* Manager::MakeClone(const string& name, double resync_interval, + double stale_interval, + double mutation_buffer_interval) { if ( bstate->endpoint.is_shutdown() ) return nullptr; @@ -1691,16 +1691,16 @@ StoreHandleVal* Manager::MakeClone(const string& name, double resync_interval, return nullptr; } - auto handle = new StoreHandleVal{*result}; + auto handle = new detail::StoreHandleVal{*result}; Ref(handle); data_stores.emplace(name, handle); - iosource_mgr->RegisterFd(handle->proxy.mailbox().descriptor(), this); + zeek::iosource_mgr->RegisterFd(handle->proxy.mailbox().descriptor(), this); PrepareForwarding(name); return handle; } -StoreHandleVal* Manager::LookupStore(const string& name) +detail::StoreHandleVal* Manager::LookupStore(const string& name) { auto i = data_stores.find(name); return i == data_stores.end() ? nullptr : i->second; @@ -1714,7 +1714,7 @@ bool Manager::CloseStore(const string& name) if ( s == data_stores.end() ) return false; - iosource_mgr->UnregisterFd(s->second->proxy.mailbox().descriptor(), this); + zeek::iosource_mgr->UnregisterFd(s->second->proxy.mailbox().descriptor(), this); for ( auto i = pending_queries.begin(); i != pending_queries.end(); ) if ( i->second->Store().name() == name ) @@ -1733,8 +1733,8 @@ bool Manager::CloseStore(const string& name) return true; } -bool Manager::TrackStoreQuery(StoreHandleVal* handle, broker::request_id id, - StoreQueryCallback* cb) +bool Manager::TrackStoreQuery(detail::StoreHandleVal* handle, broker::request_id id, + detail::StoreQueryCallback* cb) { auto rval = pending_queries.emplace(std::make_pair(id, handle), cb).second; @@ -1784,4 +1784,4 @@ void Manager::PrepareForwarding(const std::string &name) DBG_LOG(zeek::DBG_BROKER, "Resolved table forward for data store %s", name.c_str()); } -} // namespace bro_broker +} // namespace zeek::Broker diff --git a/src/broker/Manager.h b/src/broker/Manager.h index 953bdd1aa7..7721dde2fe 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -30,12 +30,14 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek); namespace zeek { using VectorTypePtr = zeek::IntrusivePtr; using TableValPtr = zeek::IntrusivePtr; -} -namespace bro_broker { +namespace Broker { +namespace detail { class StoreHandleVal; class StoreQueryCallback; +}; + class BrokerState; /** @@ -66,7 +68,7 @@ struct Stats { * Manages various forms of communication between peer Bro processes * or other external applications via use of the Broker messaging library. */ -class Manager : public iosource::IOSource { +class Manager : public zeek::iosource::IOSource { public: static const broker::endpoint_info NoPeer; @@ -187,9 +189,9 @@ public: * @return true if the message is sent successfully. */ bool PublishLogCreate(zeek::EnumVal* stream, zeek::EnumVal* writer, - const logging::WriterBackend::WriterInfo& info, + const zeek::logging::WriterBackend::WriterInfo& info, int num_fields, - const threading::Field* const * fields, + const zeek::threading::Field* const * fields, const broker::endpoint_info& peer = NoPeer); /** @@ -205,7 +207,7 @@ public: */ bool PublishLogWrite(zeek::EnumVal* stream, zeek::EnumVal* writer, std::string path, int num_vals, - const threading::Value* const * vals); + const zeek::threading::Value* const * vals); /** * Automatically send an event to any interested peers whenever it is @@ -234,7 +236,7 @@ public: * @return an `Event` record value. If an invalid event or arguments * were supplied the optional "name" field will not be set. */ - zeek::RecordVal* MakeEvent(val_list* args, zeek::detail::Frame* frame); + zeek::RecordVal* MakeEvent(ValPList* args, zeek::detail::Frame* frame); /** * Register interest in peer event messages that use a certain topic prefix. @@ -271,8 +273,8 @@ public: * @param opts The backend options. * @return a pointer to the newly created store a nullptr on failure. */ - StoreHandleVal* MakeMaster(const std::string& name, broker::backend type, - broker::backend_options opts); + detail::StoreHandleVal* MakeMaster(const std::string& name, broker::backend type, + broker::backend_options opts); /** * Create a new *clone* data store. @@ -292,17 +294,17 @@ public: * the master. A negative/zero value indicates to never buffer commands. * @return a pointer to the newly created store a nullptr on failure. */ - StoreHandleVal* MakeClone(const std::string& name, - double resync_interval = 10.0, - double stale_interval = 300.0, - double mutation_buffer_interval = 120.0); + detail::StoreHandleVal* MakeClone(const std::string& name, + double resync_interval = 10.0, + double stale_interval = 300.0, + double mutation_buffer_interval = 120.0); /** * Lookup a data store by it's identifier name and type. * @param name the store's name. * @return a pointer to the store handle if it exists else nullptr. */ - StoreHandleVal* LookupStore(const std::string& name); + detail::StoreHandleVal* LookupStore(const std::string& name); /** * Register a Zeek table that is associated with a Broker store that is backing it. This @@ -328,8 +330,8 @@ public: * @param cb the callback info to use when the query completes or times out. * @return true if now tracking a data store query. */ - bool TrackStoreQuery(StoreHandleVal* handle, broker::request_id id, - StoreQueryCallback* cb); + bool TrackStoreQuery(detail::StoreHandleVal* handle, broker::request_id id, + detail::StoreQueryCallback* cb); /** * Send all pending log write messages. @@ -370,7 +372,7 @@ private: bool ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu); void ProcessStatus(broker::status stat); void ProcessError(broker::error err); - void ProcessStoreResponse(StoreHandleVal*, broker::store::response response); + void ProcessStoreResponse(detail::StoreHandleVal*, broker::store::response response); void FlushPendingQueries(); // Initializes the masters for Broker backed Zeek tables when using the &backend attribute void InitializeBrokerStoreForwarding(); @@ -378,7 +380,7 @@ private: void PrepareForwarding(const std::string& name); // Send the content of a Broker store to the backing table. This is typically used // when a master/clone is created. - void BrokerStoreToZeekTable(const std::string& name, const StoreHandleVal* handle); + void BrokerStoreToZeekTable(const std::string& name, const detail::StoreHandleVal* handle); void Error(const char* format, ...) __attribute__((format (printf, 2, 3))); @@ -397,7 +399,7 @@ private: }; // Data stores - using query_id = std::pair; + using query_id = std::pair; struct query_id_hasher { size_t operator()(const query_id& qid) const @@ -412,9 +414,9 @@ private: std::vector log_buffers; // Indexed by stream ID enum. std::string default_log_topic_prefix; std::shared_ptr bstate; - std::unordered_map data_stores; + std::unordered_map data_stores; std::unordered_map forwarded_stores; - std::unordered_map pending_queries; std::vector forwarded_prefixes; @@ -436,6 +438,17 @@ private: static int script_scope; }; -} // namespace bro_broker +} // namespace Broker -extern bro_broker::Manager* broker_mgr; +extern Broker::Manager* broker_mgr; + +} // namespace zeek + +extern zeek::Broker::Manager*& broker_mgr [[deprecated("Remove in v4.1. Use zeek::broker_mgr.")]]; + +namespace bro_broker { + +using Stats [[deprecated("Remove in v4.1. Use zeek::Broker::Stats.")]] = zeek::Broker::Stats; +using Manager [[deprecated("Remove in v4.1. Use zeek::Broker::Manager.")]] = zeek::Broker::Manager; + +} // namespace bro_broker diff --git a/src/broker/Store.cc b/src/broker/Store.cc index 90a18c3c0d..c0f7f47dc7 100644 --- a/src/broker/Store.cc +++ b/src/broker/Store.cc @@ -1,11 +1,12 @@ -#include "Store.h" +#include "broker/Store.h" #include "Desc.h" #include "ID.h" #include "broker/Manager.h" -namespace bro_broker { +zeek::OpaqueTypePtr zeek::Broker::detail::opaque_of_store_handle; +zeek::OpaqueTypePtr& bro_broker::opaque_of_store_handle = zeek::Broker::detail::opaque_of_store_handle; -zeek::OpaqueTypePtr opaque_of_store_handle; +namespace zeek::Broker::detail { zeek::EnumValPtr query_status(bool success) { @@ -123,4 +124,4 @@ broker::backend_options to_backend_options(broker::backend backend, return broker::backend_options{}; } -} // namespace bro_broker +} // namespace zeek::Broker diff --git a/src/broker/Store.h b/src/broker/Store.h index fb98627080..60bbfc4ad0 100644 --- a/src/broker/Store.h +++ b/src/broker/Store.h @@ -10,7 +10,7 @@ #include #include -namespace bro_broker { +namespace zeek::Broker::detail { extern zeek::OpaqueTypePtr opaque_of_store_handle; @@ -71,7 +71,7 @@ static broker::optional convert_expiry(double e) class StoreQueryCallback { public: StoreQueryCallback(zeek::detail::trigger::Trigger* arg_trigger, const zeek::detail::CallExpr* arg_call, - broker::store store) + broker::store store) : trigger(arg_trigger), call(arg_call), store(std::move(store)) { Ref(trigger); @@ -114,7 +114,7 @@ private: class StoreHandleVal : public zeek::OpaqueVal { public: StoreHandleVal(broker::store s) - : zeek::OpaqueVal(bro_broker::opaque_of_store_handle), store{s}, proxy{store}, store_pid{store.frontend_id()} + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_store_handle), store{s}, proxy{store}, store_pid{store.frontend_id()} { } void ValDescribe(zeek::ODesc* d) const override; @@ -131,7 +131,7 @@ protected: { return { zeek::NewRef{}, this }; } StoreHandleVal() - : zeek::OpaqueVal(bro_broker::opaque_of_store_handle) + : zeek::OpaqueVal(zeek::Broker::detail::opaque_of_store_handle) {} DECLARE_OPAQUE_VALUE(StoreHandleVal) @@ -144,4 +144,29 @@ broker::backend to_backend_type(BifEnum::Broker::BackendType type); broker::backend_options to_backend_options(broker::backend backend, zeek::RecordVal* options); +} // namespace zeek::Broker + +namespace bro_broker { + +extern zeek::OpaqueTypePtr& opaque_of_store_handle [[deprecated("Remove in v4.1. Use zeek::Broker::detail::opaque_of_store_handle.")]]; + +[[deprecated("Remove in v4.1. Use zeek::Broker::detail::query_result.")]] +inline zeek::RecordValPtr query_result() + { + return zeek::Broker::detail::query_result(); + } + +[[deprecated("Remove in v4.1. Use zeek::Broker::detail::query_result.")]] +inline zeek::RecordValPtr query_result(zeek::RecordValPtr data) + { + return zeek::Broker::detail::query_result(); + } + +constexpr auto convert_expiry [[deprecated("Remove in v4.1. Use zeek::Broker::detail::convert_expiry.")]] = zeek::Broker::detail::convert_expiry; +using StoreQueryCallback [[deprecated("Remove in v4.1. Use zeek::Broker::detail::StoreQueryCallback.")]] = zeek::Broker::detail::StoreQueryCallback; +using StoreHandleVal [[deprecated("Remove in v4.1. Use zeek::Broker::detail::StoreHandleVal.")]] = zeek::Broker::detail::StoreHandleVal; + +constexpr auto to_backend_type [[deprecated("Remove in v4.1. Use zeek::Broker::detail::to_backend_type.")]] = zeek::Broker::detail::to_backend_type; +constexpr auto to_backend_options [[deprecated("Remove in v4.1. Use zeek::Broker::detail::to_backend_options.")]] = zeek::Broker::detail::to_backend_options; + } // namespace bro_broker diff --git a/src/broker/comm.bif b/src/broker/comm.bif index cf7060678c..c997530780 100644 --- a/src/broker/comm.bif +++ b/src/broker/comm.bif @@ -59,7 +59,7 @@ enum PeerStatus %{ function Broker::__listen%(a: string, p: port%): port %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; if ( ! p->IsTCP() ) { @@ -73,7 +73,7 @@ function Broker::__listen%(a: string, p: port%): port function Broker::__peer%(a: string, p: port, retry: interval%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; if ( ! p->IsTCP() ) { @@ -87,7 +87,7 @@ function Broker::__peer%(a: string, p: port, retry: interval%): bool function Broker::__unpeer%(a: string, p: port%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; if ( ! p->IsTCP() ) { @@ -101,7 +101,7 @@ function Broker::__unpeer%(a: string, p: port%): bool function Broker::__peers%(%): PeerInfos %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; auto rval = zeek::make_intrusive(zeek::id::find_type("Broker::PeerInfos")); auto i = 0; @@ -142,6 +142,6 @@ function Broker::__peers%(%): PeerInfos function Broker::__node_id%(%): string %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; return zeek::make_intrusive(broker_mgr->NodeID()); %} diff --git a/src/broker/data.bif b/src/broker/data.bif index 1d3cf1c799..425b534633 100644 --- a/src/broker/data.bif +++ b/src/broker/data.bif @@ -33,12 +33,12 @@ type Broker::TableItem: record; function Broker::__data%(d: any%): Broker::Data %{ - return bro_broker::make_data_val(d); + return zeek::Broker::detail::make_data_val(d); %} function Broker::__data_type%(d: Broker::Data%): Broker::DataType %{ - return bro_broker::get_data_type(d->AsRecordVal(), frame); + return zeek::Broker::detail::get_data_type(d->AsRecordVal(), frame); %} # For testing only. @@ -57,29 +57,29 @@ function Broker::__opaque_clone_through_serialization%(d: any%): any function Broker::__set_create%(%): Broker::Data %{ - return bro_broker::make_data_val(broker::set()); + return zeek::Broker::detail::make_data_val(broker::set()); %} function Broker::__set_clear%(s: Broker::Data%): bool %{ - auto& v = bro_broker::require_data_type(s->AsRecordVal(), - zeek::TYPE_TABLE, frame); + auto& v = zeek::Broker::detail::require_data_type(s->AsRecordVal(), + zeek::TYPE_TABLE, frame); v.clear(); return zeek::val_mgr->True(); %} function Broker::__set_size%(s: Broker::Data%): count %{ - auto& v = bro_broker::require_data_type(s->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(s->AsRecordVal(), zeek::TYPE_TABLE, frame); return zeek::val_mgr->Count(static_cast(v.size())); %} function Broker::__set_contains%(s: Broker::Data, key: any%): bool %{ - auto& v = bro_broker::require_data_type(s->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(s->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -92,10 +92,10 @@ function Broker::__set_contains%(s: Broker::Data, key: any%): bool function Broker::__set_insert%(s: Broker::Data, key: any%): bool %{ - auto& v = bro_broker::require_data_type(s->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(s->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -108,9 +108,9 @@ function Broker::__set_insert%(s: Broker::Data, key: any%): bool function Broker::__set_remove%(s: Broker::Data, key: any%): bool %{ - auto& v = bro_broker::require_data_type(s->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(s->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -123,18 +123,18 @@ function Broker::__set_remove%(s: Broker::Data, key: any%): bool function Broker::__set_iterator%(s: Broker::Data%): opaque of Broker::SetIterator %{ - return zeek::make_intrusive(s->AsRecordVal(), zeek::TYPE_TABLE, frame); + return zeek::make_intrusive(s->AsRecordVal(), zeek::TYPE_TABLE, frame); %} function Broker::__set_iterator_last%(it: opaque of Broker::SetIterator%): bool %{ - auto set_it = static_cast(it); + auto set_it = static_cast(it); return zeek::val_mgr->Bool(set_it->it == set_it->dat.end()); %} function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool %{ - auto set_it = static_cast(it); + auto set_it = static_cast(it); if ( set_it->it == set_it->dat.end() ) return zeek::val_mgr->False(); @@ -145,7 +145,7 @@ function Broker::__set_iterator_next%(it: opaque of Broker::SetIterator%): bool function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Broker::Data %{ - auto set_it = static_cast(it); + auto set_it = static_cast(it); auto rval = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); if ( set_it->it == set_it->dat.end() ) @@ -154,18 +154,18 @@ function Broker::__set_iterator_value%(it: opaque of Broker::SetIterator%): Brok return rval; } - rval->Assign(0, zeek::make_intrusive(*set_it->it)); + rval->Assign(0, zeek::make_intrusive(*set_it->it)); return rval; %} function Broker::__table_create%(%): Broker::Data %{ - return bro_broker::make_data_val(broker::table()); + return zeek::Broker::detail::make_data_val(broker::table()); %} function Broker::__table_clear%(t: Broker::Data%): bool %{ - auto& v = bro_broker::require_data_type(t->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(t->AsRecordVal(), zeek::TYPE_TABLE, frame); v.clear(); return zeek::val_mgr->True(); @@ -173,17 +173,17 @@ function Broker::__table_clear%(t: Broker::Data%): bool function Broker::__table_size%(t: Broker::Data%): count %{ - auto& v = bro_broker::require_data_type(t->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(t->AsRecordVal(), zeek::TYPE_TABLE, frame); return zeek::val_mgr->Count(static_cast(v.size())); %} function Broker::__table_contains%(t: Broker::Data, key: any%): bool %{ - auto& v = bro_broker::require_data_type(t->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(t->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -196,10 +196,10 @@ function Broker::__table_contains%(t: Broker::Data, key: any%): bool function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker::Data %{ - auto& table = bro_broker::require_data_type(t->AsRecordVal(), + auto& table = zeek::Broker::detail::require_data_type(t->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -207,7 +207,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker:: return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); } - auto v = bro_broker::val_to_data(val); + auto v = zeek::Broker::detail::val_to_data(val); if ( ! v ) { @@ -218,7 +218,7 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker:: try { auto& prev = table.at(*k); - auto rval = bro_broker::make_data_val(move(prev)); + auto rval = zeek::Broker::detail::make_data_val(move(prev)); prev = std::move(*v); return rval; } @@ -231,10 +231,10 @@ function Broker::__table_insert%(t: Broker::Data, key: any, val: any%): Broker:: function Broker::__table_remove%(t: Broker::Data, key: any%): Broker::Data %{ - auto& table = bro_broker::require_data_type(t->AsRecordVal(), + auto& table = zeek::Broker::detail::require_data_type(t->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -248,7 +248,7 @@ function Broker::__table_remove%(t: Broker::Data, key: any%): Broker::Data return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); else { - auto rval = bro_broker::make_data_val(move(it->second)); + auto rval = zeek::Broker::detail::make_data_val(move(it->second)); table.erase(it); return rval; } @@ -256,10 +256,10 @@ function Broker::__table_remove%(t: Broker::Data, key: any%): Broker::Data function Broker::__table_lookup%(t: Broker::Data, key: any%): Broker::Data %{ - auto& table = bro_broker::require_data_type(t->AsRecordVal(), + auto& table = zeek::Broker::detail::require_data_type(t->AsRecordVal(), zeek::TYPE_TABLE, frame); - auto k = bro_broker::val_to_data(key); + auto k = zeek::Broker::detail::val_to_data(key); if ( ! k ) { @@ -272,23 +272,23 @@ function Broker::__table_lookup%(t: Broker::Data, key: any%): Broker::Data if ( it == table.end() ) return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); else - return bro_broker::make_data_val(it->second); + return zeek::Broker::detail::make_data_val(it->second); %} function Broker::__table_iterator%(t: Broker::Data%): opaque of Broker::TableIterator %{ - return zeek::make_intrusive(t->AsRecordVal(), zeek::TYPE_TABLE, frame); + return zeek::make_intrusive(t->AsRecordVal(), zeek::TYPE_TABLE, frame); %} function Broker::__table_iterator_last%(it: opaque of Broker::TableIterator%): bool %{ - auto ti = static_cast(it); + auto ti = static_cast(it); return zeek::val_mgr->Bool(ti->it == ti->dat.end()); %} function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): bool %{ - auto ti = static_cast(it); + auto ti = static_cast(it); if ( ti->it == ti->dat.end() ) return zeek::val_mgr->False(); @@ -299,7 +299,7 @@ function Broker::__table_iterator_next%(it: opaque of Broker::TableIterator%): b function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): Broker::TableItem %{ - auto ti = static_cast(it); + auto ti = static_cast(it); auto rval = zeek::make_intrusive(zeek::BifType::Record::Broker::TableItem); auto key_val = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); auto val_val = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); @@ -312,19 +312,19 @@ function Broker::__table_iterator_value%(it: opaque of Broker::TableIterator%): return rval; } - key_val->Assign(0, zeek::make_intrusive(ti->it->first)); - val_val->Assign(0, zeek::make_intrusive(ti->it->second)); + key_val->Assign(0, zeek::make_intrusive(ti->it->first)); + val_val->Assign(0, zeek::make_intrusive(ti->it->second)); return rval; %} function Broker::__vector_create%(%): Broker::Data %{ - return bro_broker::make_data_val(broker::vector()); + return zeek::Broker::detail::make_data_val(broker::vector()); %} function Broker::__vector_clear%(v: Broker::Data%): bool %{ - auto& vec = bro_broker::require_data_type(v->AsRecordVal(), + auto& vec = zeek::Broker::detail::require_data_type(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); vec.clear(); return zeek::val_mgr->True(); @@ -332,16 +332,16 @@ function Broker::__vector_clear%(v: Broker::Data%): bool function Broker::__vector_size%(v: Broker::Data%): count %{ - auto& vec = bro_broker::require_data_type(v->AsRecordVal(), + auto& vec = zeek::Broker::detail::require_data_type(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); return zeek::val_mgr->Count(static_cast(vec.size())); %} function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool %{ - auto& vec = bro_broker::require_data_type(v->AsRecordVal(), + auto& vec = zeek::Broker::detail::require_data_type(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); - auto item = bro_broker::val_to_data(d); + auto item = zeek::Broker::detail::val_to_data(d); if ( ! item ) { @@ -356,9 +356,9 @@ function Broker::__vector_insert%(v: Broker::Data, idx:count, d: any%): bool function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker::Data %{ - auto& vec = bro_broker::require_data_type(v->AsRecordVal(), + auto& vec = zeek::Broker::detail::require_data_type(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); - auto item = bro_broker::val_to_data(d); + auto item = zeek::Broker::detail::val_to_data(d); if ( ! item ) { @@ -369,49 +369,49 @@ function Broker::__vector_replace%(v: Broker::Data, idx: count, d: any%): Broker if ( idx >= vec.size() ) return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); - auto rval = bro_broker::make_data_val(move(vec[idx])); + auto rval = zeek::Broker::detail::make_data_val(move(vec[idx])); vec[idx] = std::move(*item); return rval; %} function Broker::__vector_remove%(v: Broker::Data, idx: count%): Broker::Data %{ - auto& vec = bro_broker::require_data_type(v->AsRecordVal(), + auto& vec = zeek::Broker::detail::require_data_type(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); if ( idx >= vec.size() ) return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); - auto rval = bro_broker::make_data_val(move(vec[idx])); + auto rval = zeek::Broker::detail::make_data_val(move(vec[idx])); vec.erase(vec.begin() + idx); return rval; %} function Broker::__vector_lookup%(v: Broker::Data, idx: count%): Broker::Data %{ - auto& vec = bro_broker::require_data_type(v->AsRecordVal(), + auto& vec = zeek::Broker::detail::require_data_type(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); if ( idx >= vec.size() ) return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); - return bro_broker::make_data_val(vec[idx]); + return zeek::Broker::detail::make_data_val(vec[idx]); %} function Broker::__vector_iterator%(v: Broker::Data%): opaque of Broker::VectorIterator %{ - return zeek::make_intrusive(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); + return zeek::make_intrusive(v->AsRecordVal(), zeek::TYPE_VECTOR, frame); %} function Broker::__vector_iterator_last%(it: opaque of Broker::VectorIterator%): bool %{ - auto vi = static_cast(it); + auto vi = static_cast(it); return zeek::val_mgr->Bool(vi->it == vi->dat.end()); %} function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): bool %{ - auto vi = static_cast(it); + auto vi = static_cast(it); if ( vi->it == vi->dat.end() ) return zeek::val_mgr->False(); @@ -422,7 +422,7 @@ function Broker::__vector_iterator_next%(it: opaque of Broker::VectorIterator%): function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%): Broker::Data %{ - auto vi = static_cast(it); + auto vi = static_cast(it); auto rval = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); if ( vi->it == vi->dat.end() ) @@ -431,30 +431,30 @@ function Broker::__vector_iterator_value%(it: opaque of Broker::VectorIterator%) return rval; } - rval->Assign(0, zeek::make_intrusive(*vi->it)); + rval->Assign(0, zeek::make_intrusive(*vi->it)); return rval; %} function Broker::__record_create%(sz: count%): Broker::Data %{ - return bro_broker::make_data_val(broker::vector(sz)); + return zeek::Broker::detail::make_data_val(broker::vector(sz)); %} function Broker::__record_size%(r: Broker::Data%): count %{ - auto& v = bro_broker::require_data_type(r->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(r->AsRecordVal(), zeek::TYPE_RECORD, frame); return zeek::val_mgr->Count(static_cast(v.size())); %} function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool %{ - auto& v = bro_broker::require_data_type(r->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(r->AsRecordVal(), zeek::TYPE_RECORD, frame); if ( idx >= v.size() ) return zeek::val_mgr->False(); - auto item = bro_broker::val_to_data(d); + auto item = zeek::Broker::detail::val_to_data(d); if ( ! item ) { @@ -468,29 +468,29 @@ function Broker::__record_assign%(r: Broker::Data, idx: count, d: any%): bool function Broker::__record_lookup%(r: Broker::Data, idx: count%): Broker::Data %{ - auto& v = bro_broker::require_data_type(r->AsRecordVal(), + auto& v = zeek::Broker::detail::require_data_type(r->AsRecordVal(), zeek::TYPE_RECORD, frame); if ( idx >= v.size() || caf::get_if(&v[idx]) ) return zeek::make_intrusive(zeek::BifType::Record::Broker::Data); - return bro_broker::make_data_val(v[idx]); + return zeek::Broker::detail::make_data_val(v[idx]); %} function Broker::__record_iterator%(r: Broker::Data%): opaque of Broker::RecordIterator %{ - return zeek::make_intrusive(r->AsRecordVal(), zeek::TYPE_RECORD, frame); + return zeek::make_intrusive(r->AsRecordVal(), zeek::TYPE_RECORD, frame); %} function Broker::__record_iterator_last%(it: opaque of Broker::RecordIterator%): bool %{ - auto ri = static_cast(it); + auto ri = static_cast(it); return zeek::val_mgr->Bool(ri->it == ri->dat.end()); %} function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): bool %{ - auto ri = static_cast(it); + auto ri = static_cast(it); if ( ri->it == ri->dat.end() ) return zeek::val_mgr->False(); @@ -501,7 +501,7 @@ function Broker::__record_iterator_next%(it: opaque of Broker::RecordIterator%): function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%): Broker::Data %{ - auto ri = static_cast(it); + auto ri = static_cast(it); auto rval = zeek::make_intrusive(zeek::BifType::Record::Broker::Data); if ( ri->it == ri->dat.end() ) @@ -513,6 +513,6 @@ function Broker::__record_iterator_value%(it: opaque of Broker::RecordIterator%) if ( caf::get_if(&(*ri->it)) ) return rval; // field isn't set - rval->Assign(0, zeek::make_intrusive(*ri->it)); + rval->Assign(0, zeek::make_intrusive(*ri->it)); return rval; %} diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index da95cdb988..eb41c66645 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -47,19 +47,19 @@ std::set val_to_topic_set(zeek::Val* val) return rval; } -static bool publish_event_args(val_list& args, const zeek::String* topic, +static bool publish_event_args(zeek::ValPList& args, const zeek::String* topic, zeek::detail::Frame* frame) { - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; auto rval = false; if ( args[0]->GetType()->Tag() == zeek::TYPE_RECORD ) - rval = broker_mgr->PublishEvent(topic->CheckString(), - args[0]->AsRecordVal()); + rval = zeek::broker_mgr->PublishEvent(topic->CheckString(), + args[0]->AsRecordVal()); else { - auto ev = broker_mgr->MakeEvent(&args, frame); - rval = broker_mgr->PublishEvent(topic->CheckString(), ev); + auto ev = zeek::broker_mgr->MakeEvent(&args, frame); + rval = zeek::broker_mgr->PublishEvent(topic->CheckString(), ev); Unref(ev); } @@ -82,14 +82,14 @@ type Broker::Event: record; ## event. function Broker::make_event%(...%): Broker::Event %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; const auto& bif_args = @ARGS@; - val_list args(bif_args->size()); + ValPList args(bif_args->size()); for ( auto i = 0u; i < bif_args->size(); ++i ) args.push_back((*bif_args)[i].get()); - return RecordValPtr{zeek::AdoptRef{}, broker_mgr->MakeEvent(&args, frame)}; + return RecordValPtr{zeek::AdoptRef{}, zeek::broker_mgr->MakeEvent(&args, frame)}; %} ## Publishes an event at a given topic. @@ -104,7 +104,7 @@ function Broker::make_event%(...%): Broker::Event function Broker::publish%(topic: string, ...%): bool %{ const auto& bif_args = @ARGS@; - val_list args(bif_args->size() - 1); + ValPList args(bif_args->size() - 1); for ( auto i = 1u; i < bif_args->size(); ++i ) args.push_back((*bif_args)[i].get()); @@ -115,50 +115,50 @@ function Broker::publish%(topic: string, ...%): bool function Broker::__flush_logs%(%): count %{ - auto rval = broker_mgr->FlushLogBuffers(); + auto rval = zeek::broker_mgr->FlushLogBuffers(); return zeek::val_mgr->Count(static_cast(rval)); %} function Broker::__publish_id%(topic: string, id: string%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; - auto rval = broker_mgr->PublishIdentifier(topic->CheckString(), - id->CheckString()); + zeek::Broker::Manager::ScriptScopeGuard ssg; + auto rval = zeek::broker_mgr->PublishIdentifier(topic->CheckString(), + id->CheckString()); return zeek::val_mgr->Bool(rval); %} function Broker::__auto_publish%(topic: string, ev: any%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; - auto rval = broker_mgr->AutoPublishEvent(topic->CheckString(), ev); + zeek::Broker::Manager::ScriptScopeGuard ssg; + auto rval = zeek::broker_mgr->AutoPublishEvent(topic->CheckString(), ev); return zeek::val_mgr->Bool(rval); %} function Broker::__auto_unpublish%(topic: string, ev: any%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; - auto rval = broker_mgr->AutoUnpublishEvent(topic->CheckString(), ev); + zeek::Broker::Manager::ScriptScopeGuard ssg; + auto rval = zeek::broker_mgr->AutoUnpublishEvent(topic->CheckString(), ev); return zeek::val_mgr->Bool(rval); %} function Broker::__subscribe%(topic_prefix: string%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; - auto rval = broker_mgr->Subscribe(topic_prefix->CheckString()); + zeek::Broker::Manager::ScriptScopeGuard ssg; + auto rval = zeek::broker_mgr->Subscribe(topic_prefix->CheckString()); return zeek::val_mgr->Bool(rval); %} function Broker::__forward%(topic_prefix: string%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; - auto rval = broker_mgr->Forward(topic_prefix->CheckString()); + zeek::Broker::Manager::ScriptScopeGuard ssg; + auto rval = zeek::broker_mgr->Forward(topic_prefix->CheckString()); return zeek::val_mgr->Bool(rval); %} function Broker::__unsubscribe%(topic_prefix: string%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; - auto rval = broker_mgr->Unsubscribe(topic_prefix->CheckString()); + zeek::Broker::Manager::ScriptScopeGuard ssg; + auto rval = zeek::broker_mgr->Unsubscribe(topic_prefix->CheckString()); return zeek::val_mgr->Bool(rval); %} @@ -194,7 +194,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool return zeek::val_mgr->False(); const auto& bif_args = @ARGS@; - val_list args(bif_args->size() - 2); + ValPList args(bif_args->size() - 2); for ( auto i = 2u; i < bif_args->size(); ++i ) args.push_back((*bif_args)[i].get()); @@ -231,7 +231,7 @@ function Cluster::publish_hrw%(pool: Pool, key: any, ...%): bool return zeek::val_mgr->False(); const auto& bif_args = @ARGS@; - val_list args(bif_args->size() - 2); + ValPList args(bif_args->size() - 2); for ( auto i = 2u; i < bif_args->size(); ++i ) args.push_back((*bif_args)[i].get()); diff --git a/src/broker/store.bif b/src/broker/store.bif index 81dfe0e44f..fceb43e68b 100644 --- a/src/broker/store.bif +++ b/src/broker/store.bif @@ -7,8 +7,8 @@ #include "broker/Data.h" #include "Trigger.h" -static bro_broker::StoreHandleVal* to_store_handle(zeek::Val* h) - { return dynamic_cast(h); } +static zeek::Broker::detail::StoreHandleVal* to_store_handle(zeek::Val* h) + { return dynamic_cast(h); } %%} module Broker; @@ -26,7 +26,7 @@ enum BackendType %{ function Broker::__create_master%(id: string, b: BackendType, options: BackendOptions &default = BackendOptions()%): opaque of Broker::Store %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; auto name = id->CheckString(); auto rval = broker_mgr->LookupStore(name); @@ -34,14 +34,14 @@ function Broker::__create_master%(id: string, b: BackendType, return ValPtr{zeek::NewRef{}, rval}; auto e = static_cast(b->AsEnum()); - auto type = bro_broker::to_backend_type(e); - auto opts = bro_broker::to_backend_options(type, options->AsRecordVal()); + auto type = zeek::Broker::detail::to_backend_type(e); + auto opts = zeek::Broker::detail::to_backend_options(type, options->AsRecordVal()); ValPtr store{zeek::AdoptRef{}, broker_mgr->MakeMaster(name, type, std::move(opts))}; if ( ! store ) { - zeek::emit_builtin_error(fmt("Could not create Broker master store '%s'", name)); + zeek::emit_builtin_error(zeek::util::fmt("Could not create Broker master store '%s'", name)); return nullptr; } @@ -52,7 +52,7 @@ function Broker::__create_clone%(id: string, resync_interval: interval, stale_interval: interval, mutation_buffer_interval: interval%): opaque of Broker::Store %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; auto name = id->CheckString(); auto rval = broker_mgr->LookupStore(name); @@ -66,7 +66,7 @@ function Broker::__create_clone%(id: string, resync_interval: interval, if ( ! store ) { - zeek::emit_builtin_error(fmt("Could not create clone of Broker store '%s'", name)); + zeek::emit_builtin_error(zeek::util::fmt("Could not create clone of Broker store '%s'", name)); return nullptr; } @@ -75,7 +75,7 @@ function Broker::__create_clone%(id: string, resync_interval: interval, function Broker::__is_closed%(h: opaque of Broker::Store%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; auto handle = to_store_handle(h); if ( ! handle ) @@ -86,7 +86,7 @@ function Broker::__is_closed%(h: opaque of Broker::Store%): bool function Broker::__close%(h: opaque of Broker::Store%): bool %{ - bro_broker::Manager::ScriptScopeGuard ssg; + zeek::Broker::Manager::ScriptScopeGuard ssg; auto handle = to_store_handle(h); if ( ! handle ) @@ -116,15 +116,15 @@ function Broker::__exists%(h: opaque of Broker::Store, if ( ! handle ) { zeek::emit_builtin_error("invalid Broker store handle", h); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } - auto key = bro_broker::val_to_data(k); + auto key = zeek::Broker::detail::val_to_data(k); if ( ! key ) { zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto trigger = frame->GetTrigger(); @@ -132,7 +132,7 @@ function Broker::__exists%(h: opaque of Broker::Store, if ( ! trigger ) { zeek::emit_builtin_error("Broker queries can only be called inside when-condition"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto timeout = trigger->TimeoutValue(); @@ -140,14 +140,14 @@ function Broker::__exists%(h: opaque of Broker::Store, if ( timeout < 0 ) { zeek::emit_builtin_error("Broker queries must specify a timeout block"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } frame->SetDelayed(); trigger->Hold(); - auto cb = new bro_broker::StoreQueryCallback(trigger, frame->GetCall(), - handle->store); + auto cb = new zeek::Broker::detail::StoreQueryCallback(trigger, frame->GetCall(), + handle->store); auto req_id = handle->proxy.exists(std::move(*key)); broker_mgr->TrackStoreQuery(handle, req_id, cb); @@ -162,15 +162,15 @@ function Broker::__get%(h: opaque of Broker::Store, if ( ! handle ) { zeek::emit_builtin_error("invalid Broker store handle", h); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } - auto key = bro_broker::val_to_data(k); + auto key = zeek::Broker::detail::val_to_data(k); if ( ! key ) { zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto trigger = frame->GetTrigger(); @@ -178,7 +178,7 @@ function Broker::__get%(h: opaque of Broker::Store, if ( ! trigger ) { zeek::emit_builtin_error("Broker queries can only be called inside when-condition"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto timeout = trigger->TimeoutValue(); @@ -186,14 +186,14 @@ function Broker::__get%(h: opaque of Broker::Store, if ( timeout < 0 ) { zeek::emit_builtin_error("Broker queries must specify a timeout block"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } frame->SetDelayed(); trigger->Hold(); - auto cb = new bro_broker::StoreQueryCallback(trigger, frame->GetCall(), - handle->store); + auto cb = new zeek::Broker::detail::StoreQueryCallback(trigger, frame->GetCall(), + handle->store); auto req_id = handle->proxy.get(std::move(*key)); broker_mgr->TrackStoreQuery(handle, req_id, cb); @@ -208,22 +208,22 @@ function Broker::__put_unique%(h: opaque of Broker::Store, if ( ! handle ) { zeek::emit_builtin_error("invalid Broker store handle", h); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } - auto key = bro_broker::val_to_data(k); - auto val = bro_broker::val_to_data(v); + auto key = zeek::Broker::detail::val_to_data(k); + auto val = zeek::Broker::detail::val_to_data(v); if ( ! key ) { zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } if ( ! val ) { zeek::emit_builtin_error("invalid Broker data conversion for value argument", v); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto trigger = frame->GetTrigger(); @@ -231,7 +231,7 @@ function Broker::__put_unique%(h: opaque of Broker::Store, if ( ! trigger ) { zeek::emit_builtin_error("Broker queries can only be called inside when-condition"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto timeout = trigger->TimeoutValue(); @@ -239,17 +239,17 @@ function Broker::__put_unique%(h: opaque of Broker::Store, if ( timeout < 0 ) { zeek::emit_builtin_error("Broker queries must specify a timeout block"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } frame->SetDelayed(); trigger->Hold(); - auto cb = new bro_broker::StoreQueryCallback(trigger, frame->GetCall(), - handle->store); + auto cb = new zeek::Broker::detail::StoreQueryCallback(trigger, frame->GetCall(), + handle->store); auto req_id = handle->proxy.put_unique(std::move(*key), std::move(*val), - bro_broker::convert_expiry(e)); + zeek::Broker::detail::convert_expiry(e)); broker_mgr->TrackStoreQuery(handle, req_id, cb); return nullptr; @@ -263,23 +263,23 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( ! handle ) { zeek::emit_builtin_error("invalid Broker store handle", h); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } - auto key = bro_broker::val_to_data(k); + auto key = zeek::Broker::detail::val_to_data(k); if ( ! key ) { zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } - auto index = bro_broker::val_to_data(i); + auto index = zeek::Broker::detail::val_to_data(i); if ( ! index ) { zeek::emit_builtin_error("invalid Broker data conversion for index argument", i); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto trigger = frame->GetTrigger(); @@ -287,7 +287,7 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( ! trigger ) { zeek::emit_builtin_error("Broker queries can only be called inside when-condition"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto timeout = trigger->TimeoutValue(); @@ -295,14 +295,14 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( timeout < 0 ) { zeek::emit_builtin_error("Broker queries must specify a timeout block"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } frame->SetDelayed(); trigger->Hold(); - auto cb = new bro_broker::StoreQueryCallback(trigger, frame->GetCall(), - handle->store); + auto cb = new zeek::Broker::detail::StoreQueryCallback(trigger, frame->GetCall(), + handle->store); auto req_id = handle->proxy.get_index_from_value(std::move(*key), std::move(*index)); broker_mgr->TrackStoreQuery(handle, req_id, cb); @@ -317,7 +317,7 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult if ( ! handle ) { zeek::emit_builtin_error("invalid Broker store handle", h); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto trigger = frame->GetTrigger(); @@ -325,7 +325,7 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult if ( ! trigger ) { zeek::emit_builtin_error("Broker queries can only be called inside when-condition"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } auto timeout = trigger->TimeoutValue(); @@ -333,13 +333,13 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult if ( timeout < 0 ) { zeek::emit_builtin_error("Broker queries must specify a timeout block"); - return bro_broker::query_result(); + return zeek::Broker::detail::query_result(); } frame->SetDelayed(); trigger->Hold(); - auto cb = new bro_broker::StoreQueryCallback(trigger, frame->GetCall(), + auto cb = new zeek::Broker::detail::StoreQueryCallback(trigger, frame->GetCall(), handle->store); auto req_id = handle->proxy.keys(); broker_mgr->TrackStoreQuery(handle, req_id, cb); @@ -358,8 +358,8 @@ function Broker::__put%(h: opaque of Broker::Store, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto val = bro_broker::val_to_data(v); + auto key = zeek::Broker::detail::val_to_data(k); + auto val = zeek::Broker::detail::val_to_data(v); if ( ! key ) { @@ -373,7 +373,7 @@ function Broker::__put%(h: opaque of Broker::Store, return zeek::val_mgr->False(); } - handle->store.put(std::move(*key), std::move(*val), bro_broker::convert_expiry(e)); + handle->store.put(std::move(*key), std::move(*val), zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -387,7 +387,7 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); + auto key = zeek::Broker::detail::val_to_data(k); if ( ! key ) { @@ -410,8 +410,8 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto amount = bro_broker::val_to_data(a); + auto key = zeek::Broker::detail::val_to_data(k); + auto amount = zeek::Broker::detail::val_to_data(a); if ( ! key ) { @@ -426,7 +426,7 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, } handle->store.increment(std::move(*key), std::move(*amount), - bro_broker::convert_expiry(e)); + zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -441,8 +441,8 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto amount = bro_broker::val_to_data(a); + auto key = zeek::Broker::detail::val_to_data(k); + auto amount = zeek::Broker::detail::val_to_data(a); if ( ! key ) { @@ -456,7 +456,7 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, return zeek::val_mgr->False(); } - handle->store.decrement(std::move(*key), std::move(*amount), bro_broker::convert_expiry(e)); + handle->store.decrement(std::move(*key), std::move(*amount), zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -471,8 +471,8 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto str = bro_broker::val_to_data(s); + auto key = zeek::Broker::detail::val_to_data(k); + auto str = zeek::Broker::detail::val_to_data(s); if ( ! key ) { @@ -486,7 +486,7 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, return zeek::val_mgr->False(); } - handle->store.append(std::move(*key), std::move(*str), bro_broker::convert_expiry(e)); + handle->store.append(std::move(*key), std::move(*str), zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -501,8 +501,8 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto idx = bro_broker::val_to_data(i); + auto key = zeek::Broker::detail::val_to_data(k); + auto idx = zeek::Broker::detail::val_to_data(i); if ( ! key ) { @@ -517,7 +517,7 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, } handle->store.insert_into(std::move(*key), std::move(*idx), - bro_broker::convert_expiry(e)); + zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -532,9 +532,9 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto idx = bro_broker::val_to_data(i); - auto val = bro_broker::val_to_data(v); + auto key = zeek::Broker::detail::val_to_data(k); + auto idx = zeek::Broker::detail::val_to_data(i); + auto val = zeek::Broker::detail::val_to_data(v); if ( ! key ) { @@ -555,7 +555,7 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, } handle->store.insert_into(std::move(*key), std::move(*idx), - std::move(*val), bro_broker::convert_expiry(e)); + std::move(*val), zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -570,8 +570,8 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto idx = bro_broker::val_to_data(i); + auto key = zeek::Broker::detail::val_to_data(k); + auto idx = zeek::Broker::detail::val_to_data(i); if ( ! key ) { @@ -586,7 +586,7 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, } handle->store.remove_from(std::move(*key), std::move(*idx), - bro_broker::convert_expiry(e)); + zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -601,8 +601,8 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); - auto val = bro_broker::val_to_data(v); + auto key = zeek::Broker::detail::val_to_data(k); + auto val = zeek::Broker::detail::val_to_data(v); if ( ! key ) { @@ -616,7 +616,7 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, return zeek::val_mgr->False(); } - handle->store.push(std::move(*key), std::move(*val), bro_broker::convert_expiry(e)); + handle->store.push(std::move(*key), std::move(*val), zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} @@ -630,7 +630,7 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool return zeek::val_mgr->False(); } - auto key = bro_broker::val_to_data(k); + auto key = zeek::Broker::detail::val_to_data(k); if ( ! key ) { @@ -638,7 +638,7 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool return zeek::val_mgr->False(); } - handle->store.pop(std::move(*key), bro_broker::convert_expiry(e)); + handle->store.pop(std::move(*key), zeek::Broker::detail::convert_expiry(e)); return zeek::val_mgr->True(); %} diff --git a/src/file_analysis/Analyzer.cc b/src/file_analysis/Analyzer.cc index 79d1f91101..b7b156003e 100644 --- a/src/file_analysis/Analyzer.cc +++ b/src/file_analysis/Analyzer.cc @@ -4,23 +4,25 @@ #include "Manager.h" #include "Val.h" -file_analysis::ID file_analysis::Analyzer::id_counter = 0; +namespace zeek::file_analysis { -file_analysis::Analyzer::~Analyzer() +ID Analyzer::id_counter = 0; + +Analyzer::~Analyzer() { DBG_LOG(zeek::DBG_FILE_ANALYSIS, "Destroy file analyzer %s", file_mgr->GetComponentName(tag).c_str()); } -void file_analysis::Analyzer::SetAnalyzerTag(const file_analysis::Tag& arg_tag) +void Analyzer::SetAnalyzerTag(const zeek::file_analysis::Tag& arg_tag) { assert(! tag || tag == arg_tag); tag = arg_tag; } -file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, - zeek::RecordValPtr arg_args, - File* arg_file) +Analyzer::Analyzer(zeek::file_analysis::Tag arg_tag, + zeek::RecordValPtr arg_args, + File* arg_file) : tag(arg_tag), args(std::move(arg_args)), file(arg_file), @@ -30,16 +32,18 @@ file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, id = ++id_counter; } -file_analysis::Analyzer::Analyzer(zeek::RecordValPtr arg_args, File* arg_file) +Analyzer::Analyzer(zeek::RecordValPtr arg_args, File* arg_file) : Analyzer({}, std::move(arg_args), arg_file) {} -file_analysis::Analyzer::Analyzer(file_analysis::Tag arg_tag, - zeek::RecordVal* arg_args, - File* arg_file) +Analyzer::Analyzer(zeek::file_analysis::Tag arg_tag, + zeek::RecordVal* arg_args, + File* arg_file) : Analyzer(arg_tag, {zeek::NewRef{}, arg_args}, arg_file) {} -file_analysis::Analyzer::Analyzer(zeek::RecordVal* arg_args, File* arg_file) +Analyzer::Analyzer(zeek::RecordVal* arg_args, File* arg_file) : Analyzer({}, {zeek::NewRef{}, arg_args}, arg_file) {} + +} // namespace zeek::file_analysis diff --git a/src/file_analysis/Analyzer.h b/src/file_analysis/Analyzer.h index 8858b17a7c..bc7d973132 100644 --- a/src/file_analysis/Analyzer.h +++ b/src/file_analysis/Analyzer.h @@ -11,11 +11,11 @@ namespace zeek { using RecordValPtr = zeek::IntrusivePtr; } -namespace file_analysis { +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); -class File; +namespace zeek::file_analysis { -typedef uint32_t ID; +using ID = uint32_t; /** * Base class for analyzers that can be attached to file_analysis::File objects. @@ -185,4 +185,11 @@ private: static ID id_counter; }; +} // namespace zeek::file_analysis + +namespace file_analysis { + +using ID [[deprecated("Remove in v4.1. Use zeek::file_analysis::ID.")]] = zeek::file_analysis::ID; +using Analyzer [[deprecated("Remove in v4.1. Use zeek::file_analysis::Analyzer.")]] = zeek::file_analysis::Analyzer; + } // namespace file_analysis diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc index 51261e9e63..585db7d0c4 100644 --- a/src/file_analysis/AnalyzerSet.cc +++ b/src/file_analysis/AnalyzerSet.cc @@ -8,7 +8,7 @@ #include "Val.h" #include "file_analysis/file_analysis.bif.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { static void analyzer_del_func(void* v) { @@ -210,3 +210,5 @@ void AnalyzerSet::DrainModifications() DBG_LOG(zeek::DBG_FILE_ANALYSIS, "[%s] End flushing analyzer mod queue.", file->GetID().c_str()); } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/AnalyzerSet.h b/src/file_analysis/AnalyzerSet.h index f1ae1dad61..c18e1e0617 100644 --- a/src/file_analysis/AnalyzerSet.h +++ b/src/file_analysis/AnalyzerSet.h @@ -14,10 +14,10 @@ namespace zeek { using RecordValPtr = zeek::IntrusivePtr; } -namespace file_analysis { +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, file_analysis); +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); -class Analyzer; -class File; +namespace zeek::file_analysis::detail { /** * A set of file analysis analyzers indexed by an \c AnalyzerArgs (script-layer @@ -212,4 +212,10 @@ private: ModQueue mod_queue; /**< A queue of analyzer additions/removals requests. */ }; -} // namespace file_analysiss +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using AnalyzerSet [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::AnalyzerSet.")]] = zeek::file_analysis::detail::AnalyzerSet; + +} // namespace file_analysis diff --git a/src/file_analysis/Component.cc b/src/file_analysis/Component.cc index eb26589760..100ba6b465 100644 --- a/src/file_analysis/Component.cc +++ b/src/file_analysis/Component.cc @@ -6,11 +6,11 @@ #include "../Desc.h" #include "../util.h" -using namespace file_analysis; +namespace zeek::file_analysis { Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t subtype) : zeek::plugin::Component(zeek::plugin::component::FILE_ANALYZER, name), - plugin::TaggedComponent(subtype) + zeek::plugin::TaggedComponent(subtype) { factory = arg_factory; factory_func = nullptr; @@ -18,7 +18,7 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag: Component::Component(const std::string& name, factory_function arg_factory, Tag::subtype_t subtype) : zeek::plugin::Component(zeek::plugin::component::FILE_ANALYZER, name), - plugin::TaggedComponent(subtype) + zeek::plugin::TaggedComponent(subtype) { factory = nullptr; factory_func = arg_factory; @@ -42,3 +42,5 @@ void Component::DoDescribe(zeek::ODesc* d) const d->Add(CanonicalName()); } } + +} // namespace zeek::file_analysis diff --git a/src/file_analysis/Component.h b/src/file_analysis/Component.h index 769ea4e34f..b452536d76 100644 --- a/src/file_analysis/Component.h +++ b/src/file_analysis/Component.h @@ -13,11 +13,11 @@ namespace zeek { using RecordValPtr = zeek::IntrusivePtr; } -namespace file_analysis { +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); +ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, file_analysis); +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, file_analysis); -class File; -class Analyzer; -class Manager; +namespace zeek::file_analysis { /** * Component description for plugins providing file analyzers. @@ -26,7 +26,7 @@ class Manager; * analyzer component, describing the analyzer. */ class Component : public zeek::plugin::Component, - public plugin::TaggedComponent { + public zeek::plugin::TaggedComponent { public: typedef Analyzer* (*factory_callback)(zeek::RecordVal* args, File* file); using factory_function = Analyzer* (*)(zeek::RecordValPtr args, File* file); @@ -83,10 +83,16 @@ protected: void DoDescribe(zeek::ODesc* d) const override; private: - friend class file_analysis::Manager; + friend class zeek::file_analysis::Manager; factory_callback factory; // The analyzer's factory callback (deprecated). factory_function factory_func; // The analyzer's factory callback. }; -} +} // namespace zeek::file_analysis + +namespace file_analysis { + +using Component [[deprecated("Remove in v4.1. Use zeek::file_analysis::Component.")]] = zeek::file_analysis::Component; + +} // namespace file_analysis diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 10baa0454f..8177d746c8 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -19,7 +19,7 @@ #include "analyzer/extract/Extract.h" -using namespace file_analysis; +namespace zeek::file_analysis { static zeek::TableValPtr empty_connection_table() { @@ -115,7 +115,7 @@ File::~File() void File::UpdateLastActivityTime() { - val->Assign(last_active_idx, zeek::make_intrusive(network_time)); + val->Assign(last_active_idx, zeek::make_intrusive(zeek::run_state::network_time)); } double File::GetLastActivityTime() const @@ -214,7 +214,7 @@ bool File::SetExtractionLimit(zeek::RecordValPtr args, uint64_t bytes) if ( ! a ) return false; - Extract* e = dynamic_cast(a); + auto* e = dynamic_cast(a); if ( ! e ) return false; @@ -250,7 +250,7 @@ bool File::IsComplete() const void File::ScheduleInactivityTimer() const { - zeek::detail::timer_mgr->Add(new FileTimer(network_time, id, GetTimeoutInterval())); + zeek::detail::timer_mgr->Add(new detail::FileTimer(zeek::run_state::network_time, id, GetTimeoutInterval())); } bool File::AddAnalyzer(file_analysis::Tag tag, zeek::RecordVal* args) @@ -390,7 +390,7 @@ void File::DeliverStream(const u_char* data, uint64_t len) "[%s] %" PRIu64 " stream bytes in at offset %" PRIu64 "; %s [%s%s]", id.c_str(), len, stream_offset, IsComplete() ? "complete" : "incomplete", - fmt_bytes((const char*) data, std::min((uint64_t)40, len)), + zeek::util::fmt_bytes((const char*) data, std::min((uint64_t)40, len)), len > 40 ? "..." : ""); file_analysis::Analyzer* a = nullptr; @@ -469,7 +469,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) } // Forward data to the reassembler. - file_reassembler->NewBlock(network_time, offset, len, data); + file_reassembler->NewBlock(zeek::run_state::network_time, offset, len, data); } else if ( stream_offset == offset ) { @@ -482,7 +482,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) // This is data that doesn't match the offset and the reassembler // needs to be enabled. file_reassembler = new FileReassembler(this, stream_offset); - file_reassembler->NewBlock(network_time, offset, len, data); + file_reassembler->NewBlock(zeek::run_state::network_time, offset, len, data); } else { @@ -494,7 +494,7 @@ void File::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) "[%s] %" PRIu64 " chunk bytes in at offset %" PRIu64 "; %s [%s%s]", id.c_str(), len, offset, IsComplete() ? "complete" : "incomplete", - fmt_bytes((const char*) data, std::min((uint64_t)40, len)), + zeek::util::fmt_bytes((const char*) data, std::min((uint64_t)40, len)), len > 40 ? "..." : ""); file_analysis::Analyzer* a = nullptr; @@ -625,13 +625,13 @@ void File::FileEvent(zeek::EventHandlerPtr h) FileEvent(h, zeek::Args{val}); } -void File::FileEvent(zeek::EventHandlerPtr h, val_list* vl) +void File::FileEvent(zeek::EventHandlerPtr h, ValPList* vl) { FileEvent(h, zeek::val_list_to_args(*vl)); delete vl; } -void File::FileEvent(zeek::EventHandlerPtr h, val_list vl) +void File::FileEvent(zeek::EventHandlerPtr h, ValPList vl) { FileEvent(h, zeek::val_list_to_args(vl)); } @@ -655,3 +655,5 @@ bool File::PermitWeird(const char* name, uint64_t threshold, uint64_t rate, { return zeek::detail::PermitWeird(weird_state, name, threshold, rate, duration); } + +} // namespace zeek::file_analysis diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index da47e10cff..b2daf15226 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -9,7 +9,7 @@ #include "analyzer/Tag.h" #include "AnalyzerSet.h" #include "ZeekString.h" -#include "BroList.h" // for val_list +#include "ZeekList.h" // for ValPList #include "ZeekArgs.h" #include "WeirdState.h" @@ -22,10 +22,10 @@ using RecordValPtr = zeek::IntrusivePtr; using RecordTypePtr = zeek::IntrusivePtr; } -namespace file_analysis { +ZEEK_FORWARD_DECLARE_NAMESPACED(FileReassembler, zeek, file_analysis); +ZEEK_FORWARD_DECLARE_NAMESPACED(Tag, zeek, file_analysis); -class FileReassembler; -class Tag; +namespace zeek::file_analysis { /** * Wrapper class around \c fa_file record values from script layer. @@ -193,7 +193,7 @@ public: * @param vl list of argument values to pass to event call. */ [[deprecated("Remove in v4.1. Use zeek::Args overload instead.")]] - void FileEvent(zeek::EventHandlerPtr h, val_list* vl); + void FileEvent(zeek::EventHandlerPtr h, ValPList* vl); /** * Raises an event related to the file's life-cycle. @@ -201,7 +201,7 @@ public: * @param vl list of argument values to pass to event call. */ [[deprecated("Remove in v4.1. Use zeek::Args overload instead.")]] - void FileEvent(zeek::EventHandlerPtr h, val_list vl); + void FileEvent(zeek::EventHandlerPtr h, ValPList vl); /** * Raises an event related to the file's life-cycle. @@ -359,7 +359,7 @@ protected: bool reassembly_enabled; /**< Whether file stream reassembly is needed. */ bool postpone_timeout; /**< Whether postponing timeout is requested. */ bool done; /**< If this object is about to be deleted. */ - AnalyzerSet analyzers; /**< A set of attached file analyzers. */ + detail::AnalyzerSet analyzers; /**< A set of attached file analyzers. */ std::list done_analyzers; /**< Analyzers we're done with, remembered here until they can be safely deleted. */ struct BOF_Buffer { @@ -396,3 +396,9 @@ protected: }; } // namespace file_analysis + +namespace file_analysis { + +using File [[deprecated("Remove in v4.1. Use zeek::file_analysis::File.")]] = zeek::file_analysis::File; + +} // namespace zeek::file_analysis diff --git a/src/file_analysis/FileReassembler.cc b/src/file_analysis/FileReassembler.cc index 4db56d684c..3f6757ffe8 100644 --- a/src/file_analysis/FileReassembler.cc +++ b/src/file_analysis/FileReassembler.cc @@ -1,11 +1,11 @@ +// See the file "COPYING" in the main distribution directory for copyright. #include "FileReassembler.h" #include "File.h" +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); -namespace file_analysis { - -class File; +namespace zeek::file_analysis { FileReassembler::FileReassembler(File *f, uint64_t starting_offset) : zeek::Reassembler(starting_offset, zeek::REASSEM_FILE), the_file(f), flushing(false) diff --git a/src/file_analysis/FileReassembler.h b/src/file_analysis/FileReassembler.h index 5386b766ae..7c71736ba4 100644 --- a/src/file_analysis/FileReassembler.h +++ b/src/file_analysis/FileReassembler.h @@ -1,3 +1,5 @@ +// See the file "COPYING" in the main distribution directory for copyright. + #pragma once #include "Reassem.h" @@ -6,10 +8,9 @@ namespace zeek { class File; } using BroFile [[deprecated("Remove in v4.1. Use zeek::File.")]] = zeek::File; ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); -namespace file_analysis { - -class File; +namespace zeek::file_analysis { class FileReassembler final : public zeek::Reassembler { public: @@ -57,4 +58,10 @@ protected: bool flushing = false; }; -} // namespace analyzer::* +} // namespace zeek::file_analysis + +namespace file_analysis { + +using FileReassembler [[deprecated("Remove in v4.1. Use zeek::file_analysis::FileReassembler.")]] = zeek::file_analysis::FileReassembler; + +} // namespace file_analysis diff --git a/src/file_analysis/FileTimer.cc b/src/file_analysis/FileTimer.cc index dce4d46d33..80d72bbbc1 100644 --- a/src/file_analysis/FileTimer.cc +++ b/src/file_analysis/FileTimer.cc @@ -4,7 +4,7 @@ #include "File.h" #include "Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { FileTimer::FileTimer(double t, const std::string& id, double interval) : zeek::detail::Timer(t + interval, zeek::detail::TIMER_FILE_ANALYSIS_INACTIVITY), file_id(id) @@ -39,3 +39,5 @@ void FileTimer::Dispatch(double t, bool is_expire) else if ( ! is_expire ) file->ScheduleInactivityTimer(); } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/FileTimer.h b/src/file_analysis/FileTimer.h index 529498d317..5523fc7307 100644 --- a/src/file_analysis/FileTimer.h +++ b/src/file_analysis/FileTimer.h @@ -5,7 +5,7 @@ #include #include "Timer.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * Timer to periodically check if file analysis for a given file is inactive. @@ -33,4 +33,10 @@ private: std::string file_id; }; +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using FileTimer [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::FileTimer.")]] = zeek::file_analysis::detail::FileTimer; + } // namespace file_analysis diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 09bb527bc6..4034e93539 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -13,12 +13,13 @@ #include -using namespace file_analysis; using namespace std; +namespace zeek::file_analysis { + Manager::Manager() - : plugin::ComponentManager("Files", "Tag"), + : plugin::ComponentManager("Files", "Tag"), current_file_id(), magic_state(), cumulative_files(0), max_files(0) { } @@ -69,7 +70,7 @@ string Manager::HashHandle(const string& handle) const zeek::detail::hash128_t hash; zeek::detail::KeyedHash::StaticHash128(handle.data(), handle.size(), &hash); - return zeek::UID(bits_per_uid, hash, 2).Base62("F"); + return zeek::UID(zeek::detail::bits_per_uid, hash, 2).Base62("F"); } void Manager::SetHandle(const string& handle) @@ -273,11 +274,11 @@ bool Manager::SetExtractionLimit(const string& file_id, return file->SetExtractionLimit(std::move(args), n); } -bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag, +bool Manager::AddAnalyzer(const string& file_id, const zeek::file_analysis::Tag& tag, zeek::RecordVal* args) const { return AddAnalyzer(file_id, tag, {zeek::NewRef{}, args}); } -bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag, +bool Manager::AddAnalyzer(const string& file_id, const zeek::file_analysis::Tag& tag, zeek::RecordValPtr args) const { File* file = LookupFile(file_id); @@ -288,11 +289,11 @@ bool Manager::AddAnalyzer(const string& file_id, const file_analysis::Tag& tag, return file->AddAnalyzer(tag, std::move(args)); } -bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& tag, +bool Manager::RemoveAnalyzer(const string& file_id, const zeek::file_analysis::Tag& tag, zeek::RecordVal* args) const { return RemoveAnalyzer(file_id, tag, {zeek::NewRef{}, args}); } -bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& tag, +bool Manager::RemoveAnalyzer(const string& file_id, const zeek::file_analysis::Tag& tag, zeek::RecordValPtr args) const { File* file = LookupFile(file_id); @@ -518,7 +519,7 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const return *(matches.begin()->second.begin()); } -zeek::VectorValPtr file_analysis::GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m) +zeek::VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m) { static auto mime_matches = zeek::id::find_type("mime_matches"); static auto mime_match = zeek::id::find_type("mime_match"); @@ -541,3 +542,5 @@ zeek::VectorValPtr file_analysis::GenMIMEMatchesVal(const zeek::detail::RuleMatc return rval; } + +} // namespace zeek::file_analysis diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index dc5a667942..24ddbb6ea9 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -7,27 +7,27 @@ #include #include "Component.h" -#include "Net.h" +#include "RunState.h" #include "RuleMatcher.h" #include "plugin/ComponentManager.h" - #include "analyzer/Tag.h" +#include "FileTimer.h" ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); ZEEK_FORWARD_DECLARE_NAMESPACED(Tag, zeek, analyzer); +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); +ZEEK_FORWARD_DECLARE_NAMESPACED(Tag, zeek, file_analysis); +namespace zeek { namespace file_analysis { -class File; -class Tag; - /** * Main entry point for interacting with file analysis. */ -class Manager : public plugin::ComponentManager { +class Manager : public zeek::plugin::ComponentManager { public: /** @@ -349,7 +349,7 @@ public: { return cumulative_files; } protected: - friend class FileTimer; + friend class zeek::file_analysis::detail::FileTimer; /** * Create a new file to be analyzed or retrieve an existing one. @@ -381,7 +381,7 @@ protected: * @param is_termination whether the Manager (and probably Bro) is in a * terminating state. If true, then the timeout cannot be postponed. */ - void Timeout(const std::string& file_id, bool is_terminating = ::terminating); + void Timeout(const std::string& file_id, bool is_terminating = zeek::run_state::terminating); /** * Immediately remove file_analysis::File object associated with \a file_id. @@ -441,3 +441,13 @@ zeek::VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Match } // namespace file_analysis extern file_analysis::Manager* file_mgr; + +} // namespace zeek + +namespace file_analysis { + +using Manager [[deprecated("Remove in v4.1. Use zeek::file_analysis::Manager.")]] = zeek::file_analysis::Manager; + +} // namespace file_analysis + +extern zeek::file_analysis::Manager*& file_mgr [[deprecated("Remove in v4.1. Use zeek::file_mgr.")]]; diff --git a/src/file_analysis/Tag.cc b/src/file_analysis/Tag.cc index 30a8728f1a..ef933f9b1f 100644 --- a/src/file_analysis/Tag.cc +++ b/src/file_analysis/Tag.cc @@ -3,35 +3,37 @@ #include "Tag.h" #include "Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis { -const file_analysis::Tag file_analysis::Tag::Error; +const Tag Tag::Error; -file_analysis::Tag::Tag(type_t type, subtype_t subtype) +Tag::Tag(type_t type, subtype_t subtype) : ::Tag(file_mgr->GetTagType(), type, subtype) { } -file_analysis::Tag& file_analysis::Tag::operator=(const file_analysis::Tag& other) +Tag& Tag::operator=(const Tag& other) { zeek::Tag::operator=(other); return *this; } -const zeek::EnumValPtr& file_analysis::Tag::AsVal() const +const zeek::EnumValPtr& Tag::AsVal() const { return zeek::Tag::AsVal(file_mgr->GetTagType()); } -zeek::EnumVal* file_analysis::Tag::AsEnumVal() const +zeek::EnumVal* Tag::AsEnumVal() const { return AsVal().get(); } -file_analysis::Tag::Tag(zeek::EnumValPtr val) +Tag::Tag(zeek::EnumValPtr val) : zeek::Tag(std::move(val)) { } -file_analysis::Tag::Tag(zeek::EnumVal* val) +Tag::Tag(zeek::EnumVal* val) : zeek::Tag({zeek::NewRef{}, val}) { } + +} // namespace zeek::file_analysis diff --git a/src/file_analysis/Tag.h b/src/file_analysis/Tag.h index ad4fcf2960..2ca3233a5f 100644 --- a/src/file_analysis/Tag.h +++ b/src/file_analysis/Tag.h @@ -20,9 +20,9 @@ namespace plugin { zeek::plugin::ComponentManager; } -namespace file_analysis { +ZEEK_FORWARD_DECLARE_NAMESPACED(Component, zeek, file_analysis); -class Component; +namespace zeek::file_analysis { /** * Class to identify a file analyzer type. @@ -122,4 +122,10 @@ protected: explicit Tag(zeek::EnumVal* val); }; -} +} // namespace zeek::file_analysis + +namespace file_analysis { + +using Tag [[deprecated("Remove in v4.1. Use zeek::file_analysis::Tag.")]] = zeek::file_analysis::Tag; + +} // namespace file_analysis diff --git a/src/file_analysis/analyzer/data_event/DataEvent.cc b/src/file_analysis/analyzer/data_event/DataEvent.cc index c55c4c9386..d7b599a6db 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.cc +++ b/src/file_analysis/analyzer/data_event/DataEvent.cc @@ -9,18 +9,18 @@ #include "util.h" #include "file_analysis/Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { -DataEvent::DataEvent(zeek::RecordValPtr args, File* file, +DataEvent::DataEvent(zeek::RecordValPtr args, zeek::file_analysis::File* file, zeek::EventHandlerPtr ce, zeek::EventHandlerPtr se) - : file_analysis::Analyzer(file_mgr->GetComponentTag("DATA_EVENT"), + : file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("DATA_EVENT"), std::move(args), file), chunk_event(ce), stream_event(se) { } -file_analysis::Analyzer* DataEvent::Instantiate(zeek::RecordValPtr args, - File* file) +zeek::file_analysis::Analyzer* DataEvent::Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { const auto& chunk_val = args->GetField("chunk_event"); const auto& stream_val = args->GetField("stream_event"); @@ -63,3 +63,5 @@ bool DataEvent::DeliverStream(const u_char* data, uint64_t len) return true; } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/data_event/DataEvent.h b/src/file_analysis/analyzer/data_event/DataEvent.h index ddc4a9dcc1..23f220e35d 100644 --- a/src/file_analysis/analyzer/data_event/DataEvent.h +++ b/src/file_analysis/analyzer/data_event/DataEvent.h @@ -9,12 +9,12 @@ #include "Analyzer.h" #include "EventHandler.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * An analyzer to send file data to script-layer via events. */ -class DataEvent : public file_analysis::Analyzer { +class DataEvent : public zeek::file_analysis::Analyzer { public: /** @@ -43,8 +43,8 @@ public: * @return the new DataEvent analyzer instance or a null pointer if * no "chunk_event" or "stream_event" field was specfied in \a args. */ - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file); + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file); protected: @@ -57,7 +57,7 @@ protected: * @param se pointer to event handler which will be called to receive * sequential file data. */ - DataEvent(zeek::RecordValPtr args, File* file, + DataEvent(zeek::RecordValPtr args, zeek::file_analysis::File* file, zeek::EventHandlerPtr ce, zeek::EventHandlerPtr se); private: @@ -65,4 +65,10 @@ private: zeek::EventHandlerPtr stream_event; }; +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using DataEvent [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::DataEvent.")]] = zeek::file_analysis::detail::DataEvent; + } // namespace file_analysis diff --git a/src/file_analysis/analyzer/data_event/Plugin.cc b/src/file_analysis/analyzer/data_event/Plugin.cc index e90e628c4e..48be7fe92d 100644 --- a/src/file_analysis/analyzer/data_event/Plugin.cc +++ b/src/file_analysis/analyzer/data_event/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_FileDataEvent { +namespace zeek::plugin::detail::Zeek_FileDataEvent { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("DATA_EVENT", ::file_analysis::DataEvent::Instantiate)); + AddComponent(new zeek::file_analysis::Component("DATA_EVENT", zeek::file_analysis::detail::DataEvent::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::FileDataEvent"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_FileDataEvent diff --git a/src/file_analysis/analyzer/entropy/Entropy.cc b/src/file_analysis/analyzer/entropy/Entropy.cc index 32f8d702ed..56dd45c20b 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.cc +++ b/src/file_analysis/analyzer/entropy/Entropy.cc @@ -7,13 +7,12 @@ #include "Event.h" #include "file_analysis/Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { -Entropy::Entropy(zeek::RecordValPtr args, File* file) - : file_analysis::Analyzer(file_mgr->GetComponentTag("ENTROPY"), - std::move(args), file) +Entropy::Entropy(zeek::RecordValPtr args, zeek::file_analysis::File* file) + : zeek::file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("ENTROPY"), + std::move(args), file) { - //entropy->Init(); entropy = new zeek::EntropyVal; fed = false; } @@ -23,8 +22,8 @@ Entropy::~Entropy() Unref(entropy); } -file_analysis::Analyzer* Entropy::Instantiate(zeek::RecordValPtr args, - File* file) +zeek::file_analysis::Analyzer* Entropy::Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return new Entropy(std::move(args), file); } @@ -51,7 +50,6 @@ bool Entropy::Undelivered(uint64_t offset, uint64_t len) void Entropy::Finalize() { - //if ( ! entropy->IsValid() || ! fed ) if ( ! fed ) return; @@ -75,3 +73,5 @@ void Entropy::Finalize() std::move(ent_result) ); } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/entropy/Entropy.h b/src/file_analysis/analyzer/entropy/Entropy.h index 0614e10df7..1f611cf0d0 100644 --- a/src/file_analysis/analyzer/entropy/Entropy.h +++ b/src/file_analysis/analyzer/entropy/Entropy.h @@ -11,12 +11,12 @@ #include "events.bif.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * An analyzer to produce entropy of file contents. */ -class Entropy : public file_analysis::Analyzer { +class Entropy : public zeek::file_analysis::Analyzer { public: /** @@ -31,8 +31,8 @@ public: * @return the new Entropy analyzer instance or a null pointer if the * the "extraction_file" field of \a args wasn't set. */ - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file); + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file); /** * Calculate entropy of next chunk of file contents. @@ -66,7 +66,7 @@ protected: * @param hv specific hash calculator object. * @param kind human readable name of the hash algorithm to use. */ - Entropy(zeek::RecordValPtr args, File* file); + Entropy(zeek::RecordValPtr args, zeek::file_analysis::File* file); /** * If some file contents have been seen, finalizes the entropy of them and @@ -79,4 +79,10 @@ private: bool fed; }; +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using Entropy [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::Entropy.")]] = zeek::file_analysis::detail::Entropy; + } // namespace file_analysis diff --git a/src/file_analysis/analyzer/entropy/Plugin.cc b/src/file_analysis/analyzer/entropy/Plugin.cc index 1592ce7a95..3a14c3e190 100644 --- a/src/file_analysis/analyzer/entropy/Plugin.cc +++ b/src/file_analysis/analyzer/entropy/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_FileEntropy { +namespace zeek::plugin::detail::Zeek_FileEntropy { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("ENTROPY", ::file_analysis::Entropy::Instantiate)); + AddComponent(new zeek::file_analysis::Component("ENTROPY", zeek::file_analysis::detail::Entropy::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::FileEntropy"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_FileEntropy diff --git a/src/file_analysis/analyzer/extract/Extract.cc b/src/file_analysis/analyzer/extract/Extract.cc index a84f78e377..5df33a6141 100644 --- a/src/file_analysis/analyzer/extract/Extract.cc +++ b/src/file_analysis/analyzer/extract/Extract.cc @@ -8,11 +8,11 @@ #include "Event.h" #include "file_analysis/Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { -Extract::Extract(zeek::RecordValPtr args, File* file, +Extract::Extract(zeek::RecordValPtr args, zeek::file_analysis::File* file, const std::string& arg_filename, uint64_t arg_limit) - : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), + : file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("EXTRACT"), std::move(args), file), filename(arg_filename), limit(arg_limit), depth(0) { @@ -22,7 +22,7 @@ Extract::Extract(zeek::RecordValPtr args, File* file, { fd = 0; char buf[128]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); zeek::reporter->Error("cannot open %s: %s", filename.c_str(), buf); } } @@ -30,7 +30,7 @@ Extract::Extract(zeek::RecordValPtr args, File* file, Extract::~Extract() { if ( fd ) - safe_close(fd); + zeek::util::safe_close(fd); } static const zeek::ValPtr& get_extract_field_val(const zeek::RecordValPtr& args, @@ -44,7 +44,8 @@ static const zeek::ValPtr& get_extract_field_val(const zeek::RecordValPtr& args, return rval; } -file_analysis::Analyzer* Extract::Instantiate(zeek::RecordValPtr args, File* file) +zeek::file_analysis::Analyzer* Extract::Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { const auto& fname = get_extract_field_val(args, "extract_filename"); const auto& limit = get_extract_field_val(args, "extract_limit"); @@ -92,7 +93,7 @@ bool Extract::DeliverStream(const u_char* data, uint64_t len) if ( limit_exceeded && file_extraction_limit ) { - File* f = GetFile(); + zeek::file_analysis::File* f = GetFile(); f->FileEvent(file_extraction_limit, { f->ToVal(), GetArgs(), @@ -106,7 +107,7 @@ bool Extract::DeliverStream(const u_char* data, uint64_t len) if ( towrite > 0 ) { - safe_write(fd, reinterpret_cast(data), towrite); + zeek::util::safe_write(fd, reinterpret_cast(data), towrite); depth += towrite; } @@ -118,10 +119,12 @@ bool Extract::Undelivered(uint64_t offset, uint64_t len) if ( depth == offset ) { char* tmp = new char[len](); - safe_write(fd, tmp, len); + zeek::util::safe_write(fd, tmp, len); delete [] tmp; depth += len; } return true; } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/extract/Extract.h b/src/file_analysis/analyzer/extract/Extract.h index 3d146dba68..3d3f5ded15 100644 --- a/src/file_analysis/analyzer/extract/Extract.h +++ b/src/file_analysis/analyzer/extract/Extract.h @@ -10,12 +10,12 @@ #include "analyzer/extract/events.bif.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * An analyzer to extract content of files to local disk. */ -class Extract : public file_analysis::Analyzer { +class Extract : public zeek::file_analysis::Analyzer { public: /** @@ -47,8 +47,8 @@ public: * @return the new Extract analyzer instance or a null pointer if the * the "extraction_file" field of \a args wasn't set. */ - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file); + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file); /** * Sets the maximum allowed extracted file size. A value of zero means @@ -67,7 +67,7 @@ protected: * to which the contents of the file will be extracted/written. * @param arg_limit the maximum allowed file size. */ - Extract(zeek::RecordValPtr args, File* file, + Extract(zeek::RecordValPtr args, zeek::file_analysis::File* file, const std::string& arg_filename, uint64_t arg_limit); private: @@ -77,4 +77,10 @@ private: uint64_t depth; }; +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using Extract [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::Extract.")]] = zeek::file_analysis::detail::Extract; + } // namespace file_analysis diff --git a/src/file_analysis/analyzer/extract/Plugin.cc b/src/file_analysis/analyzer/extract/Plugin.cc index 8b9d442c40..6ac9223b24 100644 --- a/src/file_analysis/analyzer/extract/Plugin.cc +++ b/src/file_analysis/analyzer/extract/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_FileExtract { +namespace zeek::plugin::detail::Zeek_FileExtract { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("EXTRACT", ::file_analysis::Extract::Instantiate)); + AddComponent(new zeek::file_analysis::Component("EXTRACT", zeek::file_analysis::detail::Extract::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::FileExtract"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_FileExtract diff --git a/src/file_analysis/analyzer/extract/functions.bif b/src/file_analysis/analyzer/extract/functions.bif index 60efadffbf..8155c1f1dc 100644 --- a/src/file_analysis/analyzer/extract/functions.bif +++ b/src/file_analysis/analyzer/extract/functions.bif @@ -12,8 +12,8 @@ function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool %{ using zeek::BifType::Record::Files::AnalyzerArgs; auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); - bool result = file_mgr->SetExtractionLimit(file_id->CheckString(), - std::move(rv), n); + bool result = zeek::file_mgr->SetExtractionLimit(file_id->CheckString(), + std::move(rv), n); return zeek::val_mgr->Bool(result); %} diff --git a/src/file_analysis/analyzer/hash/Hash.cc b/src/file_analysis/analyzer/hash/Hash.cc index f44aa13ce7..087d5554ce 100644 --- a/src/file_analysis/analyzer/hash/Hash.cc +++ b/src/file_analysis/analyzer/hash/Hash.cc @@ -7,11 +7,12 @@ #include "Event.h" #include "file_analysis/Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { -Hash::Hash(zeek::RecordValPtr args, File* file, zeek::HashVal* hv, const char* arg_kind) - : file_analysis::Analyzer(file_mgr->GetComponentTag(to_upper(arg_kind).c_str()), - std::move(args), file), +Hash::Hash(zeek::RecordValPtr args, zeek::file_analysis::File* file, + zeek::HashVal* hv, const char* arg_kind) + : zeek::file_analysis::Analyzer(zeek::file_mgr->GetComponentTag(zeek::util::to_upper(arg_kind).c_str()), + std::move(args), file), hash(hv), fed(false), kind(arg_kind) { hash->Init(); @@ -59,3 +60,5 @@ void Hash::Finalize() hash->Get() ); } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/hash/Hash.h b/src/file_analysis/analyzer/hash/Hash.h index 3a87e00182..6b2d53945a 100644 --- a/src/file_analysis/analyzer/hash/Hash.h +++ b/src/file_analysis/analyzer/hash/Hash.h @@ -11,12 +11,12 @@ #include "events.bif.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * An analyzer to produce a hash of file contents. */ -class Hash : public file_analysis::Analyzer { +class Hash : public zeek::file_analysis::Analyzer { public: /** @@ -56,7 +56,7 @@ protected: * @param hv specific hash calculator object. * @param kind human readable name of the hash algorithm to use. */ - Hash(zeek::RecordValPtr args, File* file, zeek::HashVal* hv, const char* kind); + Hash(zeek::RecordValPtr args, zeek::file_analysis::File* file, zeek::HashVal* hv, const char* kind); /** * If some file contents have been seen, finalizes the hash of them and @@ -83,8 +83,8 @@ public: * @return the new MD5 analyzer instance or a null pointer if there's no * handler for the "file_hash" event. */ - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file) + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return file_hash ? new MD5(std::move(args), file) : nullptr; } protected: @@ -94,7 +94,7 @@ protected: * @param args the \c AnalyzerArgs value which represents the analyzer. * @param file the file to which the analyzer will be attached. */ - MD5(zeek::RecordValPtr args, File* file) + MD5(zeek::RecordValPtr args, zeek::file_analysis::File* file) : Hash(std::move(args), file, new zeek::MD5Val(), "md5") {} }; @@ -112,8 +112,8 @@ public: * @return the new MD5 analyzer instance or a null pointer if there's no * handler for the "file_hash" event. */ - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file) + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return file_hash ? new SHA1(std::move(args), file) : nullptr; } protected: @@ -123,7 +123,7 @@ protected: * @param args the \c AnalyzerArgs value which represents the analyzer. * @param file the file to which the analyzer will be attached. */ - SHA1(zeek::RecordValPtr args, File* file) + SHA1(zeek::RecordValPtr args, zeek::file_analysis::File* file) : Hash(std::move(args), file, new zeek::SHA1Val(), "sha1") {} }; @@ -141,8 +141,8 @@ public: * @return the new MD5 analyzer instance or a null pointer if there's no * handler for the "file_hash" event. */ - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file) + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return file_hash ? new SHA256(std::move(args), file) : nullptr; } protected: @@ -152,9 +152,18 @@ protected: * @param args the \c AnalyzerArgs value which represents the analyzer. * @param file the file to which the analyzer will be attached. */ - SHA256(zeek::RecordValPtr args, File* file) + SHA256(zeek::RecordValPtr args, zeek::file_analysis::File* file) : Hash(std::move(args), file, new zeek::SHA256Val(), "sha256") {} }; +} // namespace zeek::file_analysis + +namespace file_analysis { + +using Hash [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::Hash.")]] = zeek::file_analysis::detail::Hash; +using MD5 [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::MD5.")]] = zeek::file_analysis::detail::MD5; +using SHA1 [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::SHA1.")]] = zeek::file_analysis::detail::SHA1; +using SHA256 [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::SHA256.")]] = zeek::file_analysis::detail::SHA256; + } // namespace file_analysis diff --git a/src/file_analysis/analyzer/hash/Plugin.cc b/src/file_analysis/analyzer/hash/Plugin.cc index e7c09c5417..d889308d35 100644 --- a/src/file_analysis/analyzer/hash/Plugin.cc +++ b/src/file_analysis/analyzer/hash/Plugin.cc @@ -4,16 +4,15 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_FileHash { +namespace zeek::plugin::detail::Zeek_FileHash { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("MD5", ::file_analysis::MD5::Instantiate)); - AddComponent(new ::file_analysis::Component("SHA1", ::file_analysis::SHA1::Instantiate)); - AddComponent(new ::file_analysis::Component("SHA256", ::file_analysis::SHA256::Instantiate)); + AddComponent(new zeek::file_analysis::Component("MD5", zeek::file_analysis::detail::MD5::Instantiate)); + AddComponent(new zeek::file_analysis::Component("SHA1", zeek::file_analysis::detail::SHA1::Instantiate)); + AddComponent(new zeek::file_analysis::Component("SHA256", zeek::file_analysis::detail::SHA256::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::FileHash"; @@ -22,5 +21,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_FileHash diff --git a/src/file_analysis/analyzer/pe/PE.cc b/src/file_analysis/analyzer/pe/PE.cc index 5217f4e107..e34b99c169 100644 --- a/src/file_analysis/analyzer/pe/PE.cc +++ b/src/file_analysis/analyzer/pe/PE.cc @@ -1,11 +1,12 @@ #include "PE.h" #include "file_analysis/Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { -PE::PE(zeek::RecordValPtr args, File* file) - : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), std::move(args), - file) +PE::PE(zeek::RecordValPtr args, zeek::file_analysis::File* file) + : zeek::file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("PE"), + std::move(args), + file) { conn = new binpac::PE::MockConnection(this); interp = new binpac::PE::File(conn); @@ -39,3 +40,5 @@ bool PE::EndOfFile() { return false; } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/pe/PE.h b/src/file_analysis/analyzer/pe/PE.h index ef14744c3f..de101c2a6d 100644 --- a/src/file_analysis/analyzer/pe/PE.h +++ b/src/file_analysis/analyzer/pe/PE.h @@ -6,17 +6,17 @@ #include "../File.h" #include "pe_pac.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * Analyze Portable Executable files */ -class PE : public file_analysis::Analyzer { +class PE : public zeek::file_analysis::Analyzer { public: ~PE(); - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file) + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return new PE(std::move(args), file); } virtual bool DeliverStream(const u_char* data, uint64_t len); @@ -24,10 +24,16 @@ public: virtual bool EndOfFile(); protected: - PE(zeek::RecordValPtr args, File* file); + PE(zeek::RecordValPtr args, zeek::file_analysis::File* file); binpac::PE::File* interp; binpac::PE::MockConnection* conn; bool done; }; +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using PE [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::PE.")]] = zeek::file_analysis::detail::PE; + } // namespace file_analysis diff --git a/src/file_analysis/analyzer/pe/Plugin.cc b/src/file_analysis/analyzer/pe/Plugin.cc index 5e7800c9c7..77663c2e80 100644 --- a/src/file_analysis/analyzer/pe/Plugin.cc +++ b/src/file_analysis/analyzer/pe/Plugin.cc @@ -4,14 +4,13 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_PE { +namespace zeek::plugin::detail::Zeek_PE { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("PE", ::file_analysis::PE::Instantiate)); + AddComponent(new zeek::file_analysis::Component("PE", zeek::file_analysis::detail::PE::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::PE"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_PE diff --git a/src/file_analysis/analyzer/unified2/Plugin.cc b/src/file_analysis/analyzer/unified2/Plugin.cc index 2e33ed0881..b01e24e8a5 100644 --- a/src/file_analysis/analyzer/unified2/Plugin.cc +++ b/src/file_analysis/analyzer/unified2/Plugin.cc @@ -6,14 +6,13 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_Unified2 { +namespace zeek::plugin::detail::Zeek_Unified2 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("UNIFIED2", ::file_analysis::Unified2::Instantiate)); + AddComponent(new zeek::file_analysis::Component("UNIFIED2", zeek::file_analysis::detail::Unified2::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Unified2"; @@ -22,5 +21,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Unified2 diff --git a/src/file_analysis/analyzer/unified2/Unified2.cc b/src/file_analysis/analyzer/unified2/Unified2.cc index 0fdde8f668..ecf09aa708 100644 --- a/src/file_analysis/analyzer/unified2/Unified2.cc +++ b/src/file_analysis/analyzer/unified2/Unified2.cc @@ -3,10 +3,11 @@ #include "Unified2.h" #include "file_analysis/Manager.h" -using namespace file_analysis; +namespace zeek::file_analysis::detail { -Unified2::Unified2(zeek::RecordValPtr args, File* file) - : file_analysis::Analyzer(file_mgr->GetComponentTag("UNIFIED2"), std::move(args), file) +Unified2::Unified2(zeek::RecordValPtr args, zeek::file_analysis::File* file) + : file_analysis::Analyzer(zeek::file_mgr->GetComponentTag("UNIFIED2"), + std::move(args), file) { interp = new binpac::Unified2::Unified2_Analyzer(this); } @@ -16,7 +17,8 @@ Unified2::~Unified2() delete interp; } -file_analysis::Analyzer* Unified2::Instantiate(zeek::RecordValPtr args, File* file) +zeek::file_analysis::Analyzer* Unified2::Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return new Unified2(std::move(args), file); } @@ -35,3 +37,5 @@ bool Unified2::DeliverStream(const u_char* data, uint64_t len) return true; } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/unified2/Unified2.h b/src/file_analysis/analyzer/unified2/Unified2.h index 479ac96e84..fcf975c91f 100644 --- a/src/file_analysis/analyzer/unified2/Unified2.h +++ b/src/file_analysis/analyzer/unified2/Unified2.h @@ -9,21 +9,22 @@ #include "Analyzer.h" #include "unified2_pac.h" -namespace file_analysis { +namespace zeek::file_analysis::detail { /** * An analyzer to extract content of files from local disk. */ -class Unified2 : public file_analysis::Analyzer { +class Unified2 : public zeek::file_analysis::Analyzer { public: ~Unified2() override; bool DeliverStream(const u_char* data, uint64_t len) override; - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, File* file); + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file); protected: - Unified2(zeek::RecordValPtr args, File* file); + Unified2(zeek::RecordValPtr args, zeek::file_analysis::File* file); private: binpac::Unified2::Unified2_Analyzer* interp; @@ -31,4 +32,10 @@ private: string filename; }; +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using Unified2 [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::Unified2.")]] = zeek::file_analysis::detail::Unified2; + } // namespace file_analysis diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index 454cdec3a4..b13081f77a 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -29,7 +29,7 @@ X509* helper_sk_X509_value(const STACK_OF(X509)* certs, int i) return sk_X509_value(certs, i); } -using namespace file_analysis; +namespace zeek::file_analysis::detail { #define OCSP_STRING_BUF_SIZE 2048 @@ -113,38 +113,40 @@ static bool ocsp_add_cert_id(const OCSP_CERTID* cert_id, zeek::Args* vl, BIO* bi return true; } -file_analysis::Analyzer* OCSP::InstantiateRequest(zeek::RecordValPtr args, File* file) +zeek::file_analysis::Analyzer* OCSP::InstantiateRequest(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return new OCSP(std::move(args), file, true); } -file_analysis::Analyzer* OCSP::InstantiateReply(zeek::RecordValPtr args, File* file) +zeek::file_analysis::Analyzer* OCSP::InstantiateReply(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return new OCSP(std::move(args), file, false); } -file_analysis::OCSP::OCSP(zeek::RecordValPtr args, file_analysis::File* file, +OCSP::OCSP(zeek::RecordValPtr args, zeek::file_analysis::File* file, bool arg_request) - : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("OCSP"), - std::move(args), file), + : X509Common::X509Common(zeek::file_mgr->GetComponentTag("OCSP"), + std::move(args), file), request(arg_request) { } -bool file_analysis::OCSP::DeliverStream(const u_char* data, uint64_t len) +bool OCSP::DeliverStream(const u_char* data, uint64_t len) { ocsp_data.append(reinterpret_cast(data), len); return true; } -bool file_analysis::OCSP::Undelivered(uint64_t offset, uint64_t len) +bool OCSP::Undelivered(uint64_t offset, uint64_t len) { return false; } // we parse the entire OCSP response in EOF, because we just pass it on // to OpenSSL. -bool file_analysis::OCSP::EndOfFile() +bool OCSP::EndOfFile() { const unsigned char* ocsp_char = reinterpret_cast(ocsp_data.data()); @@ -399,7 +401,7 @@ static uint64_t parse_request_version(OCSP_REQUEST* req) } #endif -void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) +void OCSP::ParseRequest(OCSP_REQUEST* req) { char buf[OCSP_STRING_BUF_SIZE]; // we need a buffer for some of the openssl functions memset(buf, 0, sizeof(buf)); @@ -441,7 +443,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req) BIO_free(bio); } -void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp) +void OCSP::ParseResponse(OCSP_RESPONSE *resp) { //OCSP_RESPBYTES *resp_bytes = resp->responseBytes; OCSP_BASICRESP *basic_resp = nullptr; @@ -636,7 +638,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp) ::X509 *this_cert = X509_dup(helper_sk_X509_value(certs, i)); //::X509 *this_cert = X509_dup(sk_X509_value(certs, i)); if (this_cert) - certs_vector->Assign(i, zeek::make_intrusive(this_cert)); + certs_vector->Assign(i, zeek::make_intrusive(this_cert)); else zeek::reporter->Weird("OpenSSL returned null certificate"); } @@ -662,7 +664,7 @@ clean_up: BIO_free(bio); } -void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid) +void OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid) { // In OpenSSL 1.0.2+, we can get the extension by using NID_ct_cert_scts. // In OpenSSL <= 1.0.1, this is not yet defined yet, so we have to manually @@ -674,3 +676,5 @@ void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool globa #endif ParseSignedCertificateTimestamps(ex); } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/x509/OCSP.h b/src/file_analysis/analyzer/x509/OCSP.h index e0ebc8eca8..7319620a22 100644 --- a/src/file_analysis/analyzer/x509/OCSP.h +++ b/src/file_analysis/analyzer/x509/OCSP.h @@ -3,28 +3,27 @@ #pragma once #include +#include #include "X509Common.h" -#include +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); -namespace file_analysis { +namespace zeek::file_analysis::detail { -class File; - -class OCSP : public file_analysis::X509Common { +class OCSP : public zeek::file_analysis::detail::X509Common { public: bool DeliverStream(const u_char* data, uint64_t len) override; bool Undelivered(uint64_t offset, uint64_t len) override; bool EndOfFile() override; - static file_analysis::Analyzer* InstantiateRequest(zeek::RecordValPtr args, - File* file); - static file_analysis::Analyzer* InstantiateReply(zeek::RecordValPtr args, - File* file); + static zeek::file_analysis::Analyzer* InstantiateRequest(zeek::RecordValPtr args, + zeek::file_analysis::File* file); + static zeek::file_analysis::Analyzer* InstantiateReply(zeek::RecordValPtr args, + zeek::file_analysis::File* file); protected: - OCSP(zeek::RecordValPtr args, File* file, bool request); + OCSP(zeek::RecordValPtr args, zeek::file_analysis::File* file, bool request); private: void ParseResponse(OCSP_RESPONSE*); @@ -35,4 +34,10 @@ private: bool request = false; // true if ocsp request, false if reply }; -} +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using OCSP [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::OCSP.")]] = zeek::file_analysis::detail::OCSP; + +} // namespace file_analysis diff --git a/src/file_analysis/analyzer/x509/Plugin.cc b/src/file_analysis/analyzer/x509/Plugin.cc index e52be3f8d5..4b6ac5a52e 100644 --- a/src/file_analysis/analyzer/x509/Plugin.cc +++ b/src/file_analysis/analyzer/x509/Plugin.cc @@ -5,16 +5,15 @@ #include "plugin/Plugin.h" #include "file_analysis/Component.h" -namespace plugin { -namespace Zeek_X509 { +namespace zeek::plugin::detail::Zeek_X509 { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::file_analysis::Component("X509", ::file_analysis::X509::Instantiate)); - AddComponent(new ::file_analysis::Component("OCSP_REQUEST", ::file_analysis::OCSP::InstantiateRequest)); - AddComponent(new ::file_analysis::Component("OCSP_REPLY", ::file_analysis::OCSP::InstantiateReply)); + AddComponent(new zeek::file_analysis::Component("X509", zeek::file_analysis::detail::X509::Instantiate)); + AddComponent(new zeek::file_analysis::Component("OCSP_REQUEST", zeek::file_analysis::detail::OCSP::InstantiateRequest)); + AddComponent(new zeek::file_analysis::Component("OCSP_REPLY", zeek::file_analysis::detail::OCSP::InstantiateReply)); zeek::plugin::Configuration config; config.name = "Zeek::X509"; @@ -25,9 +24,8 @@ public: void Done() override { zeek::plugin::Plugin::Done(); - ::file_analysis::X509::FreeRootStore(); + zeek::file_analysis::detail::X509::FreeRootStore(); } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_X509 diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index ac3c293f4c..25e289f953 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -21,28 +21,28 @@ #include #include -using namespace file_analysis; +namespace zeek::file_analysis::detail { -file_analysis::X509::X509(zeek::RecordValPtr args, file_analysis::File* file) - : file_analysis::X509Common::X509Common(file_mgr->GetComponentTag("X509"), - std::move(args), file) +X509::X509(zeek::RecordValPtr args, zeek::file_analysis::File* file) + : X509Common::X509Common(zeek::file_mgr->GetComponentTag("X509"), + std::move(args), file) { cert_data.clear(); } -bool file_analysis::X509::DeliverStream(const u_char* data, uint64_t len) +bool X509::DeliverStream(const u_char* data, uint64_t len) { // just add it to the data we have so far, since we cannot do anything else anyways... cert_data.append(reinterpret_cast(data), len); return true; } -bool file_analysis::X509::Undelivered(uint64_t offset, uint64_t len) +bool X509::Undelivered(uint64_t offset, uint64_t len) { return false; } -bool file_analysis::X509::EndOfFile() +bool X509::EndOfFile() { const unsigned char* cert_char = reinterpret_cast(cert_data.data()); if ( certificate_cache ) @@ -113,7 +113,8 @@ bool file_analysis::X509::EndOfFile() return false; } -zeek::RecordValPtr file_analysis::X509::ParseCertificate(X509Val* cert_val, File* f) +zeek::RecordValPtr X509::ParseCertificate(X509Val* cert_val, + zeek::file_analysis::File* f) { ::X509* ssl_cert = cert_val->GetCertificate(); @@ -240,7 +241,7 @@ zeek::RecordValPtr file_analysis::X509::ParseCertificate(X509Val* cert_val, File return pX509Cert; } -X509_STORE* file_analysis::X509::GetRootStore(zeek::TableVal* root_certs) +X509_STORE* X509::GetRootStore(zeek::TableVal* root_certs) { // If this certificate store was built previously, just reuse the old one. if ( x509_stores.count(root_certs) > 0 ) @@ -260,7 +261,7 @@ X509_STORE* file_analysis::X509::GetRootStore(zeek::TableVal* root_certs) ::X509* x = d2i_X509(NULL, &data, sv->Len()); if ( ! x ) { - zeek::emit_builtin_error(fmt("Root CA error: %s", ERR_error_string(ERR_get_error(), NULL))); + zeek::emit_builtin_error(zeek::util::fmt("Root CA error: %s", ERR_error_string(ERR_get_error(), NULL))); return nullptr; } @@ -274,13 +275,13 @@ X509_STORE* file_analysis::X509::GetRootStore(zeek::TableVal* root_certs) return ctx; } -void file_analysis::X509::FreeRootStore() +void X509::FreeRootStore() { for ( const auto& e : x509_stores ) X509_STORE_free(e.second); } -void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) +void X509::ParseBasicConstraints(X509_EXTENSION* ex) { assert(OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_basic_constraints); @@ -309,7 +310,7 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex) zeek::reporter->Weird(GetFile(), "x509_invalid_basic_constraint"); } -void file_analysis::X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid) +void X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid) { // look if we have a specialized handler for this event... if ( OBJ_obj2nid(ext_asn) == NID_basic_constraints ) @@ -329,7 +330,7 @@ void file_analysis::X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool globa ParseSignedCertificateTimestamps(ex); } -void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) +void X509::ParseSAN(X509_EXTENSION* ext) { assert(OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_subject_alt_name); @@ -407,7 +408,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) else { - zeek::reporter->Weird(GetFile(), "x509_san_ip_length", fmt("%d", gen->d.ip->length)); + zeek::reporter->Weird(GetFile(), "x509_san_ip_length", zeek::util::fmt("%d", gen->d.ip->length)); continue; } } @@ -443,7 +444,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) GENERAL_NAMES_free(altname); } -zeek::StringValPtr file_analysis::X509::KeyCurve(EVP_PKEY* key) +zeek::StringValPtr X509::KeyCurve(EVP_PKEY* key) { assert(key != nullptr); @@ -476,7 +477,7 @@ zeek::StringValPtr file_analysis::X509::KeyCurve(EVP_PKEY* key) #endif } -unsigned int file_analysis::X509::KeyLength(EVP_PKEY *key) +unsigned int X509::KeyLength(EVP_PKEY *key) { assert(key != NULL); @@ -583,3 +584,5 @@ bool X509Val::DoUnserialize(const broker::data& data) certificate = d2i_X509(NULL, &opensslbuf, s->size()); return (certificate != nullptr); } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/x509/X509.h b/src/file_analysis/analyzer/x509/X509.h index 884e1402d1..1bfd43f92d 100644 --- a/src/file_analysis/analyzer/x509/X509.h +++ b/src/file_analysis/analyzer/x509/X509.h @@ -63,11 +63,11 @@ static void RSA_get0_key(const RSA *r, #endif -namespace file_analysis { +namespace zeek::file_analysis::detail { class X509Val; -class X509 : public file_analysis::X509Common { +class X509 : public zeek::file_analysis::detail::X509Common { public: bool DeliverStream(const u_char* data, uint64_t len) override; bool Undelivered(uint64_t offset, uint64_t len) override; @@ -86,10 +86,10 @@ public: * @param Returns the new record value and passes ownership to * caller. */ - static zeek::RecordValPtr ParseCertificate(X509Val* cert_val, File* file = nullptr); + static zeek::RecordValPtr ParseCertificate(X509Val* cert_val, zeek::file_analysis::File* file = nullptr); - static file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, - File* file) + static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args, + zeek::file_analysis::File* file) { return new X509(std::move(args), file); } /** @@ -127,7 +127,7 @@ public: { cache_hit_callback = std::move(func); } protected: - X509(zeek::RecordValPtr args, File* file); + X509(zeek::RecordValPtr args, zeek::file_analysis::File* file); private: void ParseBasicConstraints(X509_EXTENSION* ex); @@ -196,4 +196,11 @@ private: ::X509* certificate; // the wrapped certificate }; -} +} // namespace zeek::file_analysis::detail + +namespace file_analysis { + +using X509 [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::X509.")]] = zeek::file_analysis::detail::X509; +using X509Val [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::X509Val.")]] = zeek::file_analysis::detail::X509Val; + +} // namespace file_analysis diff --git a/src/file_analysis/analyzer/x509/X509Common.cc b/src/file_analysis/analyzer/x509/X509Common.cc index a0f2bb97f4..a35c6aa1ed 100644 --- a/src/file_analysis/analyzer/x509/X509Common.cc +++ b/src/file_analysis/analyzer/x509/X509Common.cc @@ -14,15 +14,16 @@ #include #include -using namespace file_analysis; +namespace zeek::file_analysis::detail { -X509Common::X509Common(const file_analysis::Tag& arg_tag, - zeek::RecordValPtr arg_args, File* arg_file) - : file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file) +X509Common::X509Common(const zeek::file_analysis::Tag& arg_tag, + zeek::RecordValPtr arg_args, + zeek::file_analysis::File* arg_file) + : zeek::file_analysis::Analyzer(arg_tag, std::move(arg_args), arg_file) { } -static void EmitWeird(const char* name, File* file, const char* addl = "") +static void EmitWeird(const char* name, zeek::file_analysis::File* file, const char* addl = "") { if ( file ) zeek::reporter->Weird(file, name, addl); @@ -30,7 +31,7 @@ static void EmitWeird(const char* name, File* file, const char* addl = "") zeek::reporter->Weird(name); } -double X509Common::GetTimeFromAsn1(const ASN1_TIME* atime, File* f, zeek::Reporter* reporter) +double X509Common::GetTimeFromAsn1(const ASN1_TIME* atime, zeek::file_analysis::File* f, zeek::Reporter* reporter) { time_t lResult = 0; @@ -187,7 +188,7 @@ double X509Common::GetTimeFromAsn1(const ASN1_TIME* atime, File* f, zeek::Report return lResult; } -void file_analysis::X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION* ext) +void X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION* ext) { // Ok, signed certificate timestamps are a bit of an odd case out; we don't // want to use the (basically nonexistant) OpenSSL functionality to parse them. @@ -231,7 +232,7 @@ void file_analysis::X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION* delete conn; } -void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const zeek::EventHandlerPtr& h, bool global) +void X509Common::ParseExtension(X509_EXTENSION* ex, const zeek::EventHandlerPtr& h, bool global) { char name[256]; char oid[256]; @@ -298,7 +299,7 @@ void file_analysis::X509Common::ParseExtension(X509_EXTENSION* ex, const zeek::E ParseExtensionsSpecific(ex, global, ext_asn, oid); } -zeek::StringValPtr file_analysis::X509Common::GetExtensionFromBIO(BIO* bio, File* f) +zeek::StringValPtr X509Common::GetExtensionFromBIO(BIO* bio, zeek::file_analysis::File* f) { BIO_flush(bio); ERR_clear_error(); @@ -338,3 +339,5 @@ zeek::StringValPtr file_analysis::X509Common::GetExtensionFromBIO(BIO* bio, File return ext_val; } + +} // namespace zeek::file_analysis::detail diff --git a/src/file_analysis/analyzer/x509/X509Common.h b/src/file_analysis/analyzer/x509/X509Common.h index 4503799984..58181f9670 100644 --- a/src/file_analysis/analyzer/x509/X509Common.h +++ b/src/file_analysis/analyzer/x509/X509Common.h @@ -13,18 +13,17 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Reporter, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(File, zeek, file_analysis); +ZEEK_FORWARD_DECLARE_NAMESPACED(Tag, zeek, file_analysis); namespace zeek { template class IntrusivePtr; using StringValPtr = zeek::IntrusivePtr; } -namespace file_analysis { +namespace zeek::file_analysis::detail { -class Tag; -class File; - -class X509Common : public file_analysis::Analyzer { +class X509Common : public zeek::file_analysis::Analyzer { public: ~X509Common() override {}; @@ -39,17 +38,25 @@ public: * * @return The X509 extension value. */ - static zeek::StringValPtr GetExtensionFromBIO(BIO* bio, File* f = nullptr); + static zeek::StringValPtr GetExtensionFromBIO(BIO* bio, zeek::file_analysis::File* f = nullptr); - static double GetTimeFromAsn1(const ASN1_TIME* atime, File* f, zeek::Reporter* reporter); + static double GetTimeFromAsn1(const ASN1_TIME* atime, zeek::file_analysis::File* f, + zeek::Reporter* reporter); protected: - X509Common(const file_analysis::Tag& arg_tag, - zeek::RecordValPtr arg_args, File* arg_file); + X509Common(const zeek::file_analysis::Tag& arg_tag, + zeek::RecordValPtr arg_args, + zeek::file_analysis::File* arg_file); void ParseExtension(X509_EXTENSION* ex, const zeek::EventHandlerPtr& h, bool global); void ParseSignedCertificateTimestamps(X509_EXTENSION* ext); virtual void ParseExtensionsSpecific(X509_EXTENSION* ex, bool, ASN1_OBJECT*, const char*) = 0; }; -} +} // namespace zeek:file_analysis + +namespace file_analysis { + +using X509Common [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::X509Common.")]] = zeek::file_analysis::detail::X509Common; + +} // namespace file_analysis diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index 05d06bf9b2..b6cdfab0b8 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -29,7 +29,7 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec) STACK_OF(X509)* untrusted_certs = sk_X509_new_null(); if ( ! untrusted_certs ) { - zeek::emit_builtin_error(fmt("Untrusted certificate stack initialization error: %s", + zeek::emit_builtin_error(zeek::util::fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_get_error(),NULL))); return 0; } @@ -42,11 +42,11 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec) continue; // Fixme: check type - X509* x = ((file_analysis::X509Val*) sv.get())->GetCertificate(); + X509* x = ((zeek::file_analysis::detail::X509Val*) sv.get())->GetCertificate(); if ( ! x ) { sk_X509_free(untrusted_certs); - zeek::emit_builtin_error(fmt("No certificate in opaque in stack")); + zeek::emit_builtin_error(zeek::util::fmt("No certificate in opaque in stack")); return 0; } @@ -147,9 +147,9 @@ const EVP_MD* hash_to_evp(int hash) function x509_parse%(cert: opaque of x509%): X509::Certificate %{ assert(cert); - file_analysis::X509Val* h = (file_analysis::X509Val*) cert; + auto* h = (zeek::file_analysis::detail::X509Val*) cert; - return file_analysis::X509::ParseCertificate(h); + return zeek::file_analysis::detail::X509::ParseCertificate(h); %} ## Constructs an opaque of X509 from a der-formatted string. @@ -162,7 +162,7 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate function x509_from_der%(der: string%): opaque of x509 %{ const u_char* data = der->Bytes(); - return zeek::make_intrusive(d2i_X509(nullptr, &data, der->Len())); + return zeek::make_intrusive(d2i_X509(nullptr, &data, der->Len())); %} ## Returns the string form of a certificate. @@ -180,7 +180,7 @@ function x509_from_der%(der: string%): opaque of x509 function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string %{ assert(cert); - file_analysis::X509Val* h = (file_analysis::X509Val*) cert; + auto* h = (zeek::file_analysis::detail::X509Val*) cert; BIO *bio = BIO_new(BIO_s_mem()); @@ -190,7 +190,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F else i2d_X509_bio(bio, h->GetCertificate()); - auto ext_val = file_analysis::X509::GetExtensionFromBIO(bio); + auto ext_val = zeek::file_analysis::detail::X509::GetExtensionFromBIO(bio); if ( ! ext_val ) ext_val = zeek::val_mgr->EmptyString(); @@ -217,7 +217,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result %{ zeek::RecordValPtr rval; - X509_STORE* ctx = ::file_analysis::X509::GetRootStore(root_certs->AsTableVal()); + X509_STORE* ctx = zeek::file_analysis::detail::X509::GetRootStore(root_certs->AsTableVal()); if ( ! ctx ) return x509_result_record(-1, "Problem initializing root store"); @@ -238,12 +238,12 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c return x509_result_record(-1, "undefined value in certificate vector"); } - file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) sv.get(); + auto* cert_handle = (zeek::file_analysis::detail::X509Val*) sv.get(); X509* cert = cert_handle->GetCertificate(); if ( ! cert ) { - zeek::emit_builtin_error(fmt("No certificate in opaque")); + zeek::emit_builtin_error(zeek::util::fmt("No certificate in opaque")); return x509_result_record(-1, "No certificate in opaque"); } @@ -503,7 +503,7 @@ x509_ocsp_cleanup: ## x509_get_certificate_string x509_ocsp_verify sct_verify function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result %{ - X509_STORE* ctx = ::file_analysis::X509::GetRootStore(root_certs->AsTableVal()); + X509_STORE* ctx = zeek::file_analysis::detail::X509::GetRootStore(root_certs->AsTableVal()); if ( ! ctx ) return x509_result_record(-1, "Problem initializing root store"); @@ -523,12 +523,12 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str zeek::emit_builtin_error("undefined value in certificate vector"); return x509_result_record(-1, "undefined value in certificate vector"); } - file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) sv.get(); + auto* cert_handle = (zeek::file_analysis::detail::X509Val*) sv.get(); X509* cert = cert_handle->GetCertificate(); if ( ! cert ) { - zeek::emit_builtin_error(fmt("No certificate in opaque")); + zeek::emit_builtin_error(zeek::util::fmt("No certificate in opaque")); return x509_result_record(-1, "No certificate in opaque"); } @@ -565,7 +565,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str if ( currcert ) // X509Val takes ownership of currcert. - chainVector->Assign(i, zeek::make_intrusive(currcert)); + chainVector->Assign(i, zeek::make_intrusive(currcert)); else { zeek::reporter->InternalWarning("OpenSSL returned null certificate"); @@ -614,8 +614,8 @@ x509_verify_chainerror: function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signature: string, timestamp: count, hash_algorithm: count, issuer_key_hash: string &default=""%): bool %{ assert(cert); - file_analysis::X509Val* h = (file_analysis::X509Val*) cert; - X509* x = ((file_analysis::X509Val*) h)->GetCertificate(); + auto* h = (zeek::file_analysis::detail::X509Val*) cert; + X509* x = ((zeek::file_analysis::detail::X509Val*) h)->GetCertificate(); assert(sizeof(timestamp) >= 8); uint64_t timestamp_network = htonll(timestamp); @@ -762,7 +762,7 @@ sct_verify_err: * 1 -> issuer name * 2 -> pubkey */ -zeek::StringValPtr x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int hash_alg, unsigned int type) +zeek::StringValPtr x509_entity_hash(zeek::file_analysis::detail::X509Val *cert_handle, unsigned int hash_alg, unsigned int type) { assert(cert_handle); @@ -842,7 +842,7 @@ zeek::StringValPtr x509_entity_hash(file_analysis::X509Val *cert_handle, unsigne ## x509_verify sct_verify function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ - file_analysis::X509Val *cert_handle = (file_analysis::X509Val *) cert; + auto* cert_handle = (zeek::file_analysis::detail::X509Val *) cert; return x509_entity_hash(cert_handle, hash_alg, 0); %} @@ -860,7 +860,7 @@ function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string ## x509_verify sct_verify function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ - file_analysis::X509Val *cert_handle = (file_analysis::X509Val *) cert; + auto* cert_handle = (zeek::file_analysis::detail::X509Val *) cert; return x509_entity_hash(cert_handle, hash_alg, 1); %} @@ -878,7 +878,7 @@ function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string ## x509_verify sct_verify function x509_spki_hash%(cert: opaque of x509, hash_alg: count%): string %{ - file_analysis::X509Val *cert_handle = (file_analysis::X509Val *) cert; + auto* cert_handle = (zeek::file_analysis::detail::X509Val *) cert; return x509_entity_hash(cert_handle, hash_alg, 2); %} @@ -901,7 +901,7 @@ function x509_spki_hash%(cert: opaque of x509, hash_alg: count%): string ## .. zeek:see:: x509_set_certificate_cache_hit_callback function x509_set_certificate_cache%(tbl: string_any_table%) : bool %{ - file_analysis::X509::SetCertificateCache({zeek::NewRef{}, tbl->AsTableVal()}); + zeek::file_analysis::detail::X509::SetCertificateCache({zeek::NewRef{}, tbl->AsTableVal()}); return zeek::val_mgr->True(); %} @@ -919,7 +919,7 @@ function x509_set_certificate_cache%(tbl: string_any_table%) : bool ## .. zeek:see:: x509_set_certificate_cache function x509_set_certificate_cache_hit_callback%(f: string_any_file_hook%) : bool %{ - file_analysis::X509::SetCertificateCacheHitCallback({zeek::NewRef{}, f->AsFunc()}); + zeek::file_analysis::detail::X509::SetCertificateCacheHitCallback({zeek::NewRef{}, f->AsFunc()}); return zeek::val_mgr->True(); %} diff --git a/src/file_analysis/file_analysis.bif b/src/file_analysis/file_analysis.bif index c79e23fcac..2dae1e1856 100644 --- a/src/file_analysis/file_analysis.bif +++ b/src/file_analysis/file_analysis.bif @@ -13,28 +13,28 @@ type AnalyzerArgs: record; ## :zeek:see:`Files::set_timeout_interval`. function Files::__set_timeout_interval%(file_id: string, t: interval%): bool %{ - bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t); + bool result = zeek::file_mgr->SetTimeoutInterval(file_id->CheckString(), t); return zeek::val_mgr->Bool(result); %} ## :zeek:see:`Files::enable_reassembly`. function Files::__enable_reassembly%(file_id: string%): bool %{ - bool result = file_mgr->EnableReassembly(file_id->CheckString()); + bool result = zeek::file_mgr->EnableReassembly(file_id->CheckString()); return zeek::val_mgr->Bool(result); %} ## :zeek:see:`Files::disable_reassembly`. function Files::__disable_reassembly%(file_id: string%): bool %{ - bool result = file_mgr->DisableReassembly(file_id->CheckString()); + bool result = zeek::file_mgr->DisableReassembly(file_id->CheckString()); return zeek::val_mgr->Bool(result); %} ## :zeek:see:`Files::set_reassembly_buffer_size`. function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool %{ - bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max); + bool result = zeek::file_mgr->SetReassemblyBuffer(file_id->CheckString(), max); return zeek::val_mgr->Bool(result); %} @@ -43,9 +43,10 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b %{ using zeek::BifType::Record::Files::AnalyzerArgs; auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); - bool result = file_mgr->AddAnalyzer(file_id->CheckString(), - file_mgr->GetComponentTag(tag), - std::move(rv)); + bool result = zeek::file_mgr->AddAnalyzer( + file_id->CheckString(), + zeek::file_mgr->GetComponentTag(tag), + std::move(rv)); return zeek::val_mgr->Bool(result); %} @@ -54,30 +55,31 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%) %{ using zeek::BifType::Record::Files::AnalyzerArgs; auto rv = args->AsRecordVal()->CoerceTo(AnalyzerArgs); - bool result = file_mgr->RemoveAnalyzer(file_id->CheckString(), - file_mgr->GetComponentTag(tag), - std::move(rv)); + bool result = zeek::file_mgr->RemoveAnalyzer( + file_id->CheckString(), + zeek::file_mgr->GetComponentTag(tag), + std::move(rv)); return zeek::val_mgr->Bool(result); %} ## :zeek:see:`Files::stop`. function Files::__stop%(file_id: string%): bool %{ - bool result = file_mgr->IgnoreFile(file_id->CheckString()); + bool result = zeek::file_mgr->IgnoreFile(file_id->CheckString()); return zeek::val_mgr->Bool(result); %} ## :zeek:see:`Files::analyzer_name`. function Files::__analyzer_name%(tag: Files::Tag%) : string %{ - const auto& n = file_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, tag->AsEnumVal()}); + const auto& n = zeek::file_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, tag->AsEnumVal()}); return zeek::make_intrusive(n); %} ## :zeek:see:`Files::file_exists`. function Files::__file_exists%(fuid: string%): bool %{ - if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr ) + if ( zeek::file_mgr->LookupFile(fuid->CheckString()) != nullptr ) return zeek::val_mgr->True(); else return zeek::val_mgr->False(); @@ -86,7 +88,7 @@ function Files::__file_exists%(fuid: string%): bool ## :zeek:see:`Files::lookup_file`. function Files::__lookup_file%(fuid: string%): fa_file %{ - auto f = file_mgr->LookupFile(fuid->CheckString()); + auto f = zeek::file_mgr->LookupFile(fuid->CheckString()); if ( f != nullptr ) return f->ToVal(); @@ -108,6 +110,6 @@ function set_file_handle%(handle: string%): any %{ auto bytes = reinterpret_cast(handle->Bytes()); auto h = std::string(bytes, handle->Len()); - file_mgr->SetHandle(h); + zeek::file_mgr->SetHandle(h); return nullptr; %} diff --git a/src/fuzzers/fuzzer-setup.h b/src/fuzzers/fuzzer-setup.h index be0b983a87..42f5cd9959 100644 --- a/src/fuzzers/fuzzer-setup.h +++ b/src/fuzzers/fuzzer-setup.h @@ -18,11 +18,11 @@ extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { // Set up an expected script search path for use with OSS-Fuzz auto constexpr oss_fuzz_scripts = "oss-fuzz-zeek-scripts"; - auto fuzzer_path = get_exe_path(*argv[0]); + auto fuzzer_path = zeek::util::detail::get_exe_path(*argv[0]); auto fuzzer_dir = SafeDirname(fuzzer_path).result; - std::string fs = fmt("%s/%s", fuzzer_dir.data(), oss_fuzz_scripts); + std::string fs = zeek::util::fmt("%s/%s", fuzzer_dir.data(), oss_fuzz_scripts); auto p = fs.data(); - auto oss_fuzz_zeekpath = fmt(".:%s:%s/policy:%s/site", p, p, p); + auto oss_fuzz_zeekpath = zeek::util::fmt(".:%s:%s/policy:%s/site", p, p, p); if ( setenv("ZEEKPATH", oss_fuzz_zeekpath, true) == -1 ) abort(); @@ -49,7 +49,7 @@ namespace zeek { namespace detail { void fuzzer_cleanup_one_input() { - terminating = true; + run_state::terminating = true; broker_mgr->ClearStores(); file_mgr->Terminate(); timer_mgr->Expire(); @@ -58,7 +58,7 @@ void fuzzer_cleanup_one_input() sessions->Drain(); zeek::event_mgr.Drain(); sessions->Clear(); - terminating = false; + run_state::terminating = false; } }} // namespace zeek::detail diff --git a/src/fuzzers/pop3-fuzzer.cc b/src/fuzzers/pop3-fuzzer.cc index cbba377722..a8d18abf31 100644 --- a/src/fuzzers/pop3-fuzzer.cc +++ b/src/fuzzers/pop3-fuzzer.cc @@ -1,6 +1,6 @@ #include "binpac.h" -#include "Net.h" +#include "RunState.h" #include "Conn.h" #include "Sessions.h" #include "analyzer/Analyzer.h" @@ -16,7 +16,7 @@ static constexpr auto ZEEK_FUZZ_ANALYZER = "pop3"; static zeek::Connection* add_connection() { static constexpr double network_time_start = 1439471031; - net_update_time(network_time_start); + zeek::run_state::detail::update_network_time(network_time_start); zeek::Packet p; zeek::ConnID conn_id; @@ -34,8 +34,8 @@ static zeek::Connection* add_connection() static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) { - analyzer::tcp::TCP_Analyzer* tcp = new analyzer::tcp::TCP_Analyzer(conn); - analyzer::pia::PIA* pia = new analyzer::pia::PIA_TCP(conn); + auto* tcp = new zeek::analyzer::tcp::TCP_Analyzer(conn); + auto* pia = new zeek::analyzer::pia::PIA_TCP(conn); auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); tcp->AddChildAnalyzer(a); tcp->AddChildAnalyzer(pia->AsAnalyzer()); diff --git a/src/input.h b/src/input.h index ab21d276ad..a50ae842ae 100644 --- a/src/input.h +++ b/src/input.h @@ -5,8 +5,9 @@ #include #include -#include "BroList.h" +#include "ZeekList.h" +// These are required by the lexer in scan.l and are intentionally not namespaced. extern int yyparse(); extern int yydebug; extern int brolex(); @@ -33,13 +34,28 @@ extern void do_doc_token_stop(); extern int line_number; extern const char* filename; -extern int bro_argc; -extern char** bro_argv; +ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); + +namespace zeek::detail { + +extern int zeek_argc; +extern char** zeek_argv; extern const char* prog; extern std::vector zeek_script_prefixes; // -p flag extern const char* command_line_policy; // -e flag extern std::vector params; -ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); -extern zeek::detail::Stmt* stmts; // global statements +extern zeek::detail::Stmt* stmts; // global statements + +} // namespace zeek::detail + +extern int& bro_argc [[deprecated("Remove in v4.1. Use zeek::detail::zeek_argc.")]]; +extern char**& bro_argv [[deprecated("Remove in v4.1. Use zeek::detail::zeek_argv.")]]; +extern const char*& prog [[deprecated("Remove in v4.1. Use zeek::detail::prog.")]]; + +extern std::vector& zeek_script_prefixes [[deprecated("Remove in v4.1. Use zeek::detail::zeek_script_prefixes.")]]; +extern const char*& command_line_policy [[deprecated("Remove in v4.1. Use zeek::detail::command_line_policy.")]]; +extern std::vector& params [[deprecated("Remove in v4.1. Use zeek::detail::params.")]]; + +extern zeek::detail::Stmt*& stmts [[deprecated("Remove in v4.1. Use zeek::detail::stmts.")]]; diff --git a/src/input/Component.cc b/src/input/Component.cc index 1a227bd033..07e1a0f5a5 100644 --- a/src/input/Component.cc +++ b/src/input/Component.cc @@ -6,7 +6,7 @@ #include "../Desc.h" #include "../util.h" -using namespace input; +namespace zeek::input { Component::Component(const std::string& name, factory_callback arg_factory) : zeek::plugin::Component(zeek::plugin::component::READER, name) @@ -29,3 +29,5 @@ void Component::DoDescribe(zeek::ODesc* d) const d->Add("Input::READER_"); d->Add(CanonicalName()); } + +} // namespace zeek::input diff --git a/src/input/Component.h b/src/input/Component.h index 39e904d9ef..ec328206f1 100644 --- a/src/input/Component.h +++ b/src/input/Component.h @@ -6,16 +6,16 @@ #include "plugin/Component.h" #include "plugin/TaggedComponent.h" -namespace input { +ZEEK_FORWARD_DECLARE_NAMESPACED(ReaderFrontend, zeek, input); +ZEEK_FORWARD_DECLARE_NAMESPACED(ReaderBackend, zeek, input); -class ReaderFrontend; -class ReaderBackend; +namespace zeek::input { /** * Component description for plugins providing log readers. */ class Component : public zeek::plugin::Component, - public plugin::TaggedComponent { + public plugin::TaggedComponent { public: typedef ReaderBackend* (*factory_callback)(ReaderFrontend* frontend); @@ -60,4 +60,10 @@ private: factory_callback factory; }; -} +} // namespace zeek::input + +namespace input { + +using Component [[deprecated("Remove in v4.1. Use zeek::input::Component.")]] = zeek::input::Component; + +} // namespace input diff --git a/src/input/Manager.cc b/src/input/Manager.cc index d0c8250997..5dd1767b57 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -15,17 +15,18 @@ #include "Event.h" #include "EventHandler.h" #include "NetVar.h" -#include "Net.h" +#include "RunState.h" #include "CompHash.h" #include "Func.h" #include "../file_analysis/Manager.h" #include "../threading/SerialTypes.h" -using namespace input; using namespace std; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; + +namespace zeek::input { /** * InputHashes are used as Dictionaries to store the value and index hashes @@ -243,8 +244,8 @@ bool Manager::CreateStream(Stream* info, zeek::RecordVal* description) string source((const char*) bsource->Bytes(), bsource->Len()); ReaderBackend::ReaderInfo rinfo; - rinfo.source = copy_string(source.c_str()); - rinfo.name = copy_string(name.c_str()); + rinfo.source = zeek::util::copy_string(source.c_str()); + rinfo.name = zeek::util::copy_string(name.c_str()); auto mode_val = description->GetFieldOrDefault("mode"); auto mode = mode_val->AsEnumVal(); @@ -281,7 +282,7 @@ bool Manager::CreateStream(Stream* info, zeek::RecordVal* description) auto index = info->config->RecreateIndex(*k); string key = index->Idx(0)->AsString()->CheckString(); string value = v->GetVal()->AsString()->CheckString(); - rinfo.config.insert(std::make_pair(copy_string(key.c_str()), copy_string(value.c_str()))); + rinfo.config.insert(std::make_pair(zeek::util::copy_string(key.c_str()), zeek::util::copy_string(value.c_str()))); delete k; } } @@ -783,7 +784,7 @@ bool Manager::CreateAnalysisStream(zeek::RecordVal* fval) return false; } - stream->file_id = file_mgr->HashHandle(stream->name); + stream->file_id = zeek::file_mgr->HashHandle(stream->name); assert(stream->reader); @@ -1099,9 +1100,9 @@ void Manager::SendEntry(ReaderFrontend* reader, Value* *vals) { readFields = 1; assert(vals[0]->type == zeek::TYPE_STRING); - file_mgr->DataIn(reinterpret_cast(vals[0]->val.string_val.data), - vals[0]->val.string_val.length, - static_cast(i)->file_id, i->name); + zeek::file_mgr->DataIn(reinterpret_cast(vals[0]->val.string_val.data), + vals[0]->val.string_val.length, + static_cast(i)->file_id, i->name); } else @@ -1437,7 +1438,7 @@ void Manager::SendEndOfData(const Stream *i) new zeek::StringVal(i->reader->Info().source)); if ( i->stream_type == ANALYSIS_STREAM ) - file_mgr->EndOfFile(static_cast(i)->file_id); + zeek::file_mgr->EndOfFile(static_cast(i)->file_id); } void Manager::Put(ReaderFrontend* reader, Value* *vals) @@ -1469,9 +1470,9 @@ void Manager::Put(ReaderFrontend* reader, Value* *vals) { readFields = 1; assert(vals[0]->type == zeek::TYPE_STRING); - file_mgr->DataIn(reinterpret_cast(vals[0]->val.string_val.data), - vals[0]->val.string_val.length, - static_cast(i)->file_id, i->name); + zeek::file_mgr->DataIn(reinterpret_cast(vals[0]->val.string_val.data), + vals[0]->val.string_val.length, + static_cast(i)->file_id, i->name); } else @@ -1827,7 +1828,7 @@ void Manager::SendEvent(zeek::EventHandlerPtr ev, const int numvals, ...) const va_end(lP); if ( ev ) - zeek::event_mgr.Enqueue(ev, std::move(vl), SOURCE_LOCAL); + zeek::event_mgr.Enqueue(ev, std::move(vl), zeek::util::detail::SOURCE_LOCAL); } void Manager::SendEvent(zeek::EventHandlerPtr ev, list events) const @@ -1844,7 +1845,7 @@ void Manager::SendEvent(zeek::EventHandlerPtr ev, list events) const vl.emplace_back(zeek::AdoptRef{}, *i); if ( ev ) - zeek::event_mgr.Enqueue(ev, std::move(vl), SOURCE_LOCAL); + zeek::event_mgr.Enqueue(ev, std::move(vl), zeek::util::detail::SOURCE_LOCAL); } // Convert a bro list value to a bro record value. @@ -2319,8 +2320,8 @@ zeek::Val* Manager::ValueToVal(const Stream* i, const Value* val, zeek::Type* re // \0's... string enum_string(val->val.string_val.data, val->val.string_val.length); - string module = extract_module_name(enum_string.c_str()); - string var = extract_var_name(enum_string.c_str()); + string module = zeek::detail::extract_module_name(enum_string.c_str()); + string var = zeek::detail::extract_var_name(enum_string.c_str()); // Well, this is kind of stupid, because EnumType just // mangles the module name and the var name together again... @@ -2511,3 +2512,5 @@ void Manager::ErrorHandler(const Stream* i, ErrorType et, bool reporter_send, co free(buf); } + +} // namespace zeek::input diff --git a/src/input/Manager.h b/src/input/Manager.h index 64aa050f5e..91bbe6ef3d 100644 --- a/src/input/Manager.h +++ b/src/input/Manager.h @@ -13,12 +13,12 @@ #include "Tag.h" ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(ReaderFrontend, zeek, input); +ZEEK_FORWARD_DECLARE_NAMESPACED(ReaderBackend, zeek, input); +namespace zeek { namespace input { -class ReaderFrontend; -class ReaderBackend; - /** * Singleton class for managing input streams. */ @@ -256,7 +256,16 @@ private: zeek::EventHandlerPtr end_of_data; }; - -} +} // namespace input extern input::Manager* input_mgr; + +} // namespace zeek + +extern zeek::input::Manager*& input_mgr [[deprecated("Remove in v4.1. Use zeek::input_mgr.")]]; + +namespace input { + +using Manager [[deprecated("Remove in v4.1. Use zeek::input::Manager.")]] = zeek::input::Manager; + +} // namespace input diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc index 7e0fbd7685..14dfa4262e 100644 --- a/src/input/ReaderBackend.cc +++ b/src/input/ReaderBackend.cc @@ -4,10 +4,10 @@ #include "ReaderFrontend.h" #include "Manager.h" -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; -namespace input { +namespace zeek::input { class PutMessage final : public threading::OutputMessage { public: @@ -63,7 +63,7 @@ public: ReaderErrorMessage(ReaderFrontend* reader, Type arg_type, const char* arg_msg) : threading::OutputMessage("ReaderErrorMessage", reader) - { type = arg_type; msg = copy_string(arg_msg); } + { type = arg_type; msg = zeek::util::copy_string(arg_msg); } ~ReaderErrorMessage() override { delete [] msg; } @@ -340,4 +340,4 @@ void ReaderBackend::Error(const char* msg) DisableFrontend(); } -} +} // namespace zeek::input diff --git a/src/input/ReaderBackend.h b/src/input/ReaderBackend.h index f6ad3995ba..e7acc222ec 100644 --- a/src/input/ReaderBackend.h +++ b/src/input/ReaderBackend.h @@ -9,7 +9,9 @@ #include "Component.h" -namespace input { +ZEEK_FORWARD_DECLARE_NAMESPACED(ReaderFrontend, zeek::input); + +namespace zeek::input { /** * The modes a reader can be in. @@ -41,8 +43,6 @@ enum ReaderMode { MODE_NONE }; -class ReaderFrontend; - /** * Base class for reader implementation. When the input:Manager creates a new * input stream, it instantiates a ReaderFrontend. That then in turn creates @@ -75,7 +75,7 @@ public: struct ReaderInfo { // Structure takes ownership of the strings. - typedef std::map config_map; + typedef std::map config_map; /** * A string left to the interpretation of the reader @@ -111,12 +111,12 @@ public: ReaderInfo(const ReaderInfo& other) { - source = other.source ? copy_string(other.source) : nullptr; - name = other.name ? copy_string(other.name) : nullptr; + source = other.source ? zeek::util::copy_string(other.source) : nullptr; + name = other.name ? zeek::util::copy_string(other.name) : nullptr; mode = other.mode; for ( config_map::const_iterator i = other.config.begin(); i != other.config.end(); i++ ) - config.insert(std::make_pair(copy_string(i->first), copy_string(i->second))); + config.insert(std::make_pair(zeek::util::copy_string(i->first), zeek::util::copy_string(i->second))); } ~ReaderInfo() @@ -364,4 +364,16 @@ private: bool suppress_warnings = false; }; -} +} // namespace zeek::input + +namespace input { + +using ReaderMode [[deprecated("Remove in v4.1. Use zeek::input::ReaderMode.")]] = zeek::input::ReaderMode; +constexpr auto MODE_MANUAL [[deprecated("Remove in v4.1. Use zeek::input::MODE_MANUAL.")]] = zeek::input::MODE_MANUAL; +constexpr auto MODE_REREAD [[deprecated("Remove in v4.1. Use zeek::input::MODE_REREAD.")]] = zeek::input::MODE_REREAD; +constexpr auto MODE_STREAM [[deprecated("Remove in v4.1. Use zeek::input::MODE_STREAM.")]] = zeek::input::MODE_STREAM; +constexpr auto MODE_NONE [[deprecated("Remove in v4.1. Use zeek::input::MODE_NONE.")]] = zeek::input::MODE_NONE; + +using ReaderBackend [[deprecated("Remove in v4.1. Use zeek::input::ReaderBackend.")]] = zeek::input::ReaderBackend; + +} // namespace input diff --git a/src/input/ReaderFrontend.cc b/src/input/ReaderFrontend.cc index e25d92dfeb..cd1367dc6d 100644 --- a/src/input/ReaderFrontend.cc +++ b/src/input/ReaderFrontend.cc @@ -4,7 +4,7 @@ #include "ReaderFrontend.h" #include "ReaderBackend.h" -namespace input { +namespace zeek::input { class InitMessage final : public threading::InputMessage { @@ -40,7 +40,7 @@ ReaderFrontend::ReaderFrontend(const ReaderBackend::ReaderInfo& arg_info, zeek:: info = new ReaderBackend::ReaderInfo(arg_info); const char* t = type->GetType()->AsEnumType()->Lookup(type->InternalInt()); - name = copy_string(fmt("%s/%s", arg_info.source, t)); + name = zeek::util::copy_string(zeek::util::fmt("%s/%s", arg_info.source, t)); backend = input_mgr->CreateBackend(this, type); assert(backend); @@ -97,4 +97,4 @@ const char* ReaderFrontend::Name() const return name; } -} +} // namespace zeek::input diff --git a/src/input/ReaderFrontend.h b/src/input/ReaderFrontend.h index 9a6392adbe..4c2e231dae 100644 --- a/src/input/ReaderFrontend.h +++ b/src/input/ReaderFrontend.h @@ -6,10 +6,9 @@ #include "threading/SerialTypes.h" ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, input); -namespace input { - -class Manager; +namespace zeek::input { /** * Bridge class between the input::Manager and backend input threads. The @@ -119,7 +118,7 @@ public: const threading::Field* const * Fields() const { return fields; } protected: - friend class Manager; + friend class zeek::input::Manager; private: ReaderBackend* backend; // The backend we have instanatiated. @@ -131,4 +130,10 @@ private: const char* name; // Descriptive name. }; -} +} // namespace zeek::input + +namespace input { + +using ReaderFrontend [[deprecated("Remove in v4.1. Use zeek::input::ReaderFrontend.")]] = zeek::input::ReaderFrontend; + +} // namespace input diff --git a/src/input/Tag.cc b/src/input/Tag.cc index 28c68f1938..cb4a0bd5a1 100644 --- a/src/input/Tag.cc +++ b/src/input/Tag.cc @@ -3,33 +3,37 @@ #include "Tag.h" #include "Manager.h" -const input::Tag input::Tag::Error; +namespace zeek::input { -input::Tag::Tag(type_t type, subtype_t subtype) +const Tag Tag::Error; + +Tag::Tag(type_t type, subtype_t subtype) : zeek::Tag(input_mgr->GetTagType(), type, subtype) { } -input::Tag& input::Tag::operator=(const input::Tag& other) +Tag& Tag::operator=(const Tag& other) { zeek::Tag::operator=(other); return *this; } -const zeek::EnumValPtr& input::Tag::AsVal() const +const zeek::EnumValPtr& Tag::AsVal() const { return zeek::Tag::AsVal(input_mgr->GetTagType()); } -zeek::EnumVal* input::Tag::AsEnumVal() const +zeek::EnumVal* Tag::AsEnumVal() const { return AsVal().get(); } -input::Tag::Tag(zeek::EnumValPtr val) +Tag::Tag(zeek::EnumValPtr val) : zeek::Tag(std::move(val)) { } -input::Tag::Tag(zeek::EnumVal* val) +Tag::Tag(zeek::EnumVal* val) : zeek::Tag({zeek::NewRef{}, val}) { } + +} // namespace zeek::input diff --git a/src/input/Tag.h b/src/input/Tag.h index 0b98977e77..08035e2c75 100644 --- a/src/input/Tag.h +++ b/src/input/Tag.h @@ -20,10 +20,10 @@ namespace plugin { zeek::plugin::ComponentManager; } -namespace input { +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, input); +ZEEK_FORWARD_DECLARE_NAMESPACED(Component, zeek, input); -class Manager; -class Component; +namespace zeek::input { /** * Class to identify a reader type. @@ -123,4 +123,10 @@ protected: explicit Tag(zeek::EnumVal* val); }; -} +} // namespace zeek::input + +namespace input { + +using Tag [[deprecated("Remove in v4.1. Use zeek::input::Tag.")]] = zeek::input::Tag; + +} // namespace input diff --git a/src/input/input.bif b/src/input/input.bif index bcb2d06558..990e68a475 100644 --- a/src/input/input.bif +++ b/src/input/input.bif @@ -18,31 +18,31 @@ type AnalysisDescription: record; function Input::__create_table_stream%(description: Input::TableDescription%) : bool %{ - bool res = input_mgr->CreateTableStream(description->AsRecordVal()); + bool res = zeek::input_mgr->CreateTableStream(description->AsRecordVal()); return zeek::val_mgr->Bool(res); %} function Input::__create_event_stream%(description: Input::EventDescription%) : bool %{ - bool res = input_mgr->CreateEventStream(description->AsRecordVal()); + bool res = zeek::input_mgr->CreateEventStream(description->AsRecordVal()); return zeek::val_mgr->Bool(res); %} function Input::__create_analysis_stream%(description: Input::AnalysisDescription%) : bool %{ - bool res = input_mgr->CreateAnalysisStream(description->AsRecordVal()); + bool res = zeek::input_mgr->CreateAnalysisStream(description->AsRecordVal()); return zeek::val_mgr->Bool(res); %} function Input::__remove_stream%(id: string%) : bool %{ - bool res = input_mgr->RemoveStream(id->AsString()->CheckString()); + bool res = zeek::input_mgr->RemoveStream(id->AsString()->CheckString()); return zeek::val_mgr->Bool(res); %} function Input::__force_update%(id: string%) : bool %{ - bool res = input_mgr->ForceUpdate(id->AsString()->CheckString()); + bool res = zeek::input_mgr->ForceUpdate(id->AsString()->CheckString()); return zeek::val_mgr->Bool(res); %} diff --git a/src/input/readers/ascii/Ascii.cc b/src/input/readers/ascii/Ascii.cc index a9b4eb7fc2..5330ffb4a7 100644 --- a/src/input/readers/ascii/Ascii.cc +++ b/src/input/readers/ascii/Ascii.cc @@ -12,11 +12,11 @@ #include "threading/SerialTypes.h" -using namespace input::reader; -using namespace threading; using namespace std; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; + +namespace zeek::input::reader::detail { FieldMapping::FieldMapping(const string& arg_name, const zeek::TypeTag& arg_type, int arg_position) : name(arg_name), type(arg_type), subtype(zeek::TYPE_ERROR) @@ -47,7 +47,7 @@ FieldMapping FieldMapping::subType() return FieldMapping(name, subtype, position); } -Ascii::Ascii(ReaderFrontend *frontend) : ReaderBackend(frontend) +Ascii::Ascii(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend) { mtime = 0; ino = 0; @@ -113,8 +113,8 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f if ( set_separator.size() != 1 ) Error("set_separator length has to be 1. Separator will be truncated."); - formatter::Ascii::SeparatorInfo sep_info(separator, set_separator, unset_field, empty_field); - formatter = unique_ptr(new formatter::Ascii(this, sep_info)); + zeek::threading::formatter::Ascii::SeparatorInfo sep_info(separator, set_separator, unset_field, empty_field); + formatter = unique_ptr(new zeek::threading::formatter::Ascii(this, sep_info)); return DoUpdate(); } @@ -274,7 +274,7 @@ bool Ascii::DoUpdate() return ! fail_on_file_problem; switch ( Info().mode ) { - case MODE_REREAD: + case zeek::input::MODE_REREAD: { // check if the file has changed struct stat sb; @@ -301,14 +301,14 @@ bool Ascii::DoUpdate() // File changed. Fall through to re-read. } - case MODE_MANUAL: - case MODE_STREAM: + case zeek::input::MODE_MANUAL: + case zeek::input::MODE_STREAM: { // dirty, fix me. (well, apparently after trying seeking, etc // - this is not that bad) if ( file.is_open() ) { - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) { file.clear(); // remove end of file evil bits if ( ! ReadHeader(true) ) @@ -367,7 +367,7 @@ bool Ascii::DoUpdate() if ( ! fit->present ) { // add non-present field - fields[fpos] = new Value((*fit).type, false); + fields[fpos] = new Value((*fit).type, false); fpos++; continue; } @@ -434,13 +434,13 @@ bool Ascii::DoUpdate() //printf("fpos: %d, second.num_fields: %d\n", fpos, (*it).second.num_fields); assert ( fpos == NumFields() ); - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) Put(fields); else SendEntry(fields); } - if ( Info().mode != MODE_STREAM ) + if ( Info().mode != zeek::input::MODE_STREAM ) EndCurrentSend(); return true; @@ -453,12 +453,12 @@ bool Ascii::DoHeartbeat(double network_time, double current_time) switch ( Info().mode ) { - case MODE_MANUAL: + case zeek::input::MODE_MANUAL: // yay, we do nothing :) break; - case MODE_REREAD: - case MODE_STREAM: + case zeek::input::MODE_REREAD: + case zeek::input::MODE_STREAM: Update(); // Call Update, not DoUpdate, because Update // checks the "disabled" flag. break; @@ -469,3 +469,5 @@ bool Ascii::DoHeartbeat(double network_time, double current_time) return true; } + +} // namespace zeek::input::reader::detail diff --git a/src/input/readers/ascii/Ascii.h b/src/input/readers/ascii/Ascii.h index b38bfa3284..88460b9080 100644 --- a/src/input/readers/ascii/Ascii.h +++ b/src/input/readers/ascii/Ascii.h @@ -11,7 +11,7 @@ #include "input/ReaderBackend.h" #include "threading/formatters/Ascii.h" -namespace input { namespace reader { +namespace zeek::input::reader::detail { // Description for input field mapping. struct FieldMapping { @@ -34,9 +34,9 @@ struct FieldMapping { /** * Reader for structured ASCII files. */ -class Ascii : public ReaderBackend { +class Ascii : public zeek::input::ReaderBackend { public: - explicit Ascii(ReaderFrontend* frontend); + explicit Ascii(zeek::input::ReaderFrontend* frontend); ~Ascii() override; // prohibit copying and moving @@ -45,7 +45,7 @@ public: Ascii& operator=(const Ascii&) = delete; Ascii& operator=(Ascii&&) = delete; - static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Ascii(frontend); } + static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Ascii(frontend); } protected: bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override; @@ -82,9 +82,14 @@ private: bool fail_on_file_problem; std::string path_prefix; - std::unique_ptr formatter; + std::unique_ptr formatter; }; +} // namespace zeek::input::reader::detail -} -} +namespace input::reader { + +using FieldMapping [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::FieldMapping.")]] = zeek::input::reader::detail::FieldMapping; +using Ascii [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::Ascii.")]] = zeek::input::reader::detail::Ascii; + +} // namespace input::reader diff --git a/src/input/readers/ascii/Plugin.cc b/src/input/readers/ascii/Plugin.cc index 296d6bdd2e..0078a8ebd0 100644 --- a/src/input/readers/ascii/Plugin.cc +++ b/src/input/readers/ascii/Plugin.cc @@ -4,14 +4,13 @@ #include "Ascii.h" -namespace plugin { -namespace Zeek_AsciiReader { +namespace zeek::plugin::detail::Zeek_AsciiReader { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::input::Component("Ascii", ::input::reader::Ascii::Instantiate)); + AddComponent(new zeek::input::Component("Ascii", zeek::input::reader::detail::Ascii::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::AsciiReader"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_AsciiReader diff --git a/src/input/readers/benchmark/Benchmark.cc b/src/input/readers/benchmark/Benchmark.cc index f656c721c9..6b25c9c350 100644 --- a/src/input/readers/benchmark/Benchmark.cc +++ b/src/input/readers/benchmark/Benchmark.cc @@ -11,11 +11,12 @@ #include "threading/SerialTypes.h" #include "threading/Manager.h" -using namespace input::reader; using threading::Value; using threading::Field; -Benchmark::Benchmark(ReaderFrontend *frontend) : ReaderBackend(frontend) +namespace zeek::input::reader::detail { + +Benchmark::Benchmark(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend) { num_lines = 0; multiplication_factor = double(zeek::BifConst::InputBenchmark::factor); @@ -28,7 +29,7 @@ Benchmark::Benchmark(ReaderFrontend *frontend) : ReaderBackend(frontend) heartbeatstarttime = 0; heartbeat_interval = double(zeek::BifConst::Threading::heartbeat_interval); - ascii = new threading::formatter::Ascii(this, threading::formatter::Ascii::SeparatorInfo()); + ascii = new zeek::threading::formatter::Ascii(this, zeek::threading::formatter::Ascii::SeparatorInfo()); } Benchmark::~Benchmark() @@ -42,7 +43,7 @@ void Benchmark::DoClose() { } -bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields) +bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const zeek::threading::Field* const* fields) { num_lines = atoi(info.source); @@ -87,11 +88,11 @@ bool Benchmark::DoUpdate() int linestosend = num_lines * heartbeat_interval; for ( int i = 0; i < linestosend; i++ ) { - Value** field = new Value*[NumFields()]; + zeek::threading::Value** field = new zeek::threading::Value*[NumFields()]; for (int j = 0; j < NumFields(); j++ ) field[j] = EntryToVal(Fields()[j]->type, Fields()[j]->subtype); - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) // do not do tracking, spread out elements over the second that we have... Put(field); else @@ -117,15 +118,15 @@ bool Benchmark::DoUpdate() } - if ( Info().mode != MODE_STREAM ) + if ( Info().mode != zeek::input::MODE_STREAM ) EndCurrentSend(); return true; } -threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag subtype) +zeek::threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag subtype) { - Value* val = new Value(type, subtype, true); + auto* val = new zeek::threading::Value(type, subtype, true); // basically construct something random from the fields that we want. @@ -136,7 +137,7 @@ threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag subtyp case zeek::TYPE_STRING: { std::string rnd = RandomString(10); - val->val.string_val.data = copy_string(rnd.c_str()); + val->val.string_val.data = zeek::util::copy_string(rnd.c_str()); val->val.string_val.length = rnd.size(); break; } @@ -188,7 +189,7 @@ threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag subtyp // how many entries do we have... unsigned int length = random() / (RAND_MAX / 15); - Value** lvals = new Value* [length]; + zeek::threading::Value** lvals = new zeek::threading::Value* [length]; if ( type == zeek::TYPE_TABLE ) { @@ -208,7 +209,7 @@ threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag subtyp for ( unsigned int pos = 0; pos < length; pos++ ) { - Value* newval = EntryToVal(subtype, zeek::TYPE_ENUM); + zeek::threading::Value* newval = EntryToVal(subtype, zeek::TYPE_ENUM); if ( newval == nullptr ) { Error("Error while reading set"); @@ -240,19 +241,19 @@ bool Benchmark::DoHeartbeat(double network_time, double current_time) heartbeatstarttime = CurrTime(); switch ( Info().mode ) { - case MODE_MANUAL: + case zeek::input::MODE_MANUAL: // yay, we do nothing :) break; - case MODE_REREAD: - case MODE_STREAM: + case zeek::input::MODE_REREAD: + case zeek::input::MODE_STREAM: if ( multiplication_factor != 1 || add != 0 ) { // we have to document at what time we changed the factor to what value. - Value** v = new Value*[2]; - v[0] = new Value(zeek::TYPE_COUNT, true); + zeek::threading::Value** v = new zeek::threading::Value*[2]; + v[0] = new zeek::threading::Value(zeek::TYPE_COUNT, true); v[0]->val.uint_val = num_lines; - v[1] = new Value(zeek::TYPE_TIME, true); + v[1] = new zeek::threading::Value(zeek::TYPE_TIME, true); v[1]->val.double_val = CurrTime(); SendEvent("lines_changed", 2, v); @@ -273,3 +274,5 @@ bool Benchmark::DoHeartbeat(double network_time, double current_time) return true; } + +} // namespace zeek::input::reader::detail diff --git a/src/input/readers/benchmark/Benchmark.h b/src/input/readers/benchmark/Benchmark.h index e969ee77ea..cd0e2c2e30 100644 --- a/src/input/readers/benchmark/Benchmark.h +++ b/src/input/readers/benchmark/Benchmark.h @@ -5,17 +5,17 @@ #include "input/ReaderBackend.h" #include "threading/formatters/Ascii.h" -namespace input { namespace reader { +namespace zeek::input::reader::detail { /** * A benchmark reader to measure performance of the input framework. */ -class Benchmark : public ReaderBackend { +class Benchmark : public zeek::input::ReaderBackend { public: - explicit Benchmark(ReaderFrontend* frontend); + explicit Benchmark(zeek::input::ReaderFrontend* frontend); ~Benchmark() override; - static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Benchmark(frontend); } + static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Benchmark(frontend); } protected: bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override; @@ -39,9 +39,13 @@ private: double timedspread; double heartbeat_interval; - threading::formatter::Ascii* ascii; + zeek::threading::formatter::Ascii* ascii; }; +} // namespace zeek::input::reader -} -} +namespace input::reader { + +using Benchmark [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::Benchmark.")]] = zeek::input::reader::detail::Benchmark; + +} // namespace input::reader diff --git a/src/input/readers/benchmark/Plugin.cc b/src/input/readers/benchmark/Plugin.cc index ce81218f54..acf251f0b5 100644 --- a/src/input/readers/benchmark/Plugin.cc +++ b/src/input/readers/benchmark/Plugin.cc @@ -4,14 +4,13 @@ #include "Benchmark.h" -namespace plugin { -namespace Zeek_BenchmarkReader { +namespace zeek::plugin::detail::Zeek_BenchmarkReader { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::input::Component("Benchmark", ::input::reader::Benchmark::Instantiate)); + AddComponent(new zeek::input::Component("Benchmark", zeek::input::reader::detail::Benchmark::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::BenchmarkReader"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_BenchmarkReader diff --git a/src/input/readers/binary/Binary.cc b/src/input/readers/binary/Binary.cc index 8d17e2ff01..fa1108c9c0 100644 --- a/src/input/readers/binary/Binary.cc +++ b/src/input/readers/binary/Binary.cc @@ -7,15 +7,16 @@ #include "threading/SerialTypes.h" -using namespace input::reader; using namespace std; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; + +namespace zeek::input::reader::detail { streamsize Binary::chunk_size = 0; -Binary::Binary(ReaderFrontend *frontend) - : ReaderBackend(frontend), in(nullptr), mtime(0), ino(0), firstrun(true) +Binary::Binary(zeek::input::ReaderFrontend *frontend) + : zeek::input::ReaderBackend(frontend), in(nullptr), mtime(0), ino(0), firstrun(true) { if ( ! chunk_size ) { @@ -197,7 +198,7 @@ bool Binary::DoUpdate() else { switch ( Info().mode ) { - case MODE_REREAD: + case zeek::input::MODE_REREAD: { switch ( UpdateModificationTime() ) { case -1: @@ -212,9 +213,9 @@ bool Binary::DoUpdate() // fallthrough } - case MODE_MANUAL: - case MODE_STREAM: - if ( Info().mode == MODE_STREAM && in ) + case zeek::input::MODE_MANUAL: + case zeek::input::MODE_STREAM: + if ( Info().mode == zeek::input::MODE_STREAM && in ) { in->clear(); // remove end of file evil bits break; @@ -246,13 +247,13 @@ bool Binary::DoUpdate() val->val.string_val.length = size; fields[0] = val; - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) Put(fields); else SendEntry(fields); } - if ( Info().mode != MODE_STREAM ) + if ( Info().mode != zeek::input::MODE_STREAM ) EndCurrentSend(); #ifdef DEBUG @@ -265,12 +266,12 @@ bool Binary::DoUpdate() bool Binary::DoHeartbeat(double network_time, double current_time) { switch ( Info().mode ) { - case MODE_MANUAL: + case zeek::input::MODE_MANUAL: // yay, we do nothing :) break; - case MODE_REREAD: - case MODE_STREAM: + case zeek::input::MODE_REREAD: + case zeek::input::MODE_STREAM: #ifdef DEBUG Debug(zeek::DBG_INPUT, "Starting Heartbeat update"); #endif @@ -286,3 +287,5 @@ bool Binary::DoHeartbeat(double network_time, double current_time) return true; } + +} // namespace zeek::input::reader::detail diff --git a/src/input/readers/binary/Binary.h b/src/input/readers/binary/Binary.h index dd9c6b5c13..2794c091ee 100644 --- a/src/input/readers/binary/Binary.h +++ b/src/input/readers/binary/Binary.h @@ -7,17 +7,17 @@ #include "input/ReaderBackend.h" -namespace input { namespace reader { +namespace zeek::input::reader::detail { /** * Binary mode file reader. */ -class Binary : public ReaderBackend { +class Binary : public zeek::input::ReaderBackend { public: - explicit Binary(ReaderFrontend* frontend); + explicit Binary(zeek::input::ReaderFrontend* frontend); ~Binary() override; - static ReaderBackend* Instantiate(ReaderFrontend* frontend) + static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Binary(frontend); } protected: @@ -44,5 +44,10 @@ private: std::string path_prefix; }; -} -} +} // namespace zeek::input::reader::detail + +namespace input::reader { + +using Binary [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::Binary.")]] = zeek::input::reader::detail::Binary; + +} // namespace input::reader diff --git a/src/input/readers/binary/Plugin.cc b/src/input/readers/binary/Plugin.cc index c258d20549..765f52d4dc 100644 --- a/src/input/readers/binary/Plugin.cc +++ b/src/input/readers/binary/Plugin.cc @@ -4,14 +4,13 @@ #include "Binary.h" -namespace plugin { -namespace Zeek_BinaryReader { +namespace zeek::plugin::detail::Zeek_BinaryReader { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::input::Component("Binary", ::input::reader::Binary::Instantiate)); + AddComponent(new zeek::input::Component("Binary", zeek::input::reader::detail::Binary::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::BinaryReader"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_BinaryReader diff --git a/src/input/readers/config/Config.cc b/src/input/readers/config/Config.cc index 6af8881340..de926a23c0 100644 --- a/src/input/readers/config/Config.cc +++ b/src/input/readers/config/Config.cc @@ -15,12 +15,12 @@ #include "input/Manager.h" #include "threading/SerialTypes.h" -using namespace input::reader; -using namespace threading; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; -Config::Config(ReaderFrontend *frontend) : ReaderBackend(frontend) +namespace zeek::input::reader::detail { + +Config::Config(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend) { mtime = 0; ino = 0; @@ -36,7 +36,7 @@ Config::Config(ReaderFrontend *frontend) : ReaderBackend(frontend) continue; if ( id->GetType()->Tag() == zeek::TYPE_RECORD || - ! input::Manager::IsCompatibleType(id->GetType().get()) ) + ! zeek::input::Manager::IsCompatibleType(id->GetType().get()) ) { option_types[id->Name()] = std::make_tuple(zeek::TYPE_ERROR, id->GetType()->Tag()); continue; @@ -71,8 +71,9 @@ bool Config::DoInit(const ReaderInfo& info, int num_fields, const Field* const* empty_field.assign( (const char*) zeek::BifConst::InputConfig::empty_field->Bytes(), zeek::BifConst::InputConfig::empty_field->Len()); - formatter::Ascii::SeparatorInfo sep_info("\t", set_separator, "", empty_field); - formatter = std::unique_ptr(new formatter::Ascii(this, sep_info)); + zeek::threading::formatter::Ascii::SeparatorInfo sep_info("\t", set_separator, "", empty_field); + formatter = std::unique_ptr( + new zeek::threading::formatter::Ascii(this, sep_info)); return DoUpdate(); } @@ -118,7 +119,7 @@ bool Config::DoUpdate() return ! fail_on_file_problem; switch ( Info().mode ) { - case MODE_REREAD: + case zeek::input::MODE_REREAD: { // check if the file has changed struct stat sb; @@ -145,14 +146,14 @@ bool Config::DoUpdate() // File changed. Fall through to re-read. } - case MODE_MANUAL: - case MODE_STREAM: + case zeek::input::MODE_MANUAL: + case zeek::input::MODE_STREAM: { // dirty, fix me. (well, apparently after trying seeking, etc // - this is not that bad) if ( file.is_open() ) { - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) { file.clear(); // remove end of file evil bits break; @@ -247,14 +248,14 @@ bool Config::DoUpdate() Value** fields = new Value*[2]; Value* keyval = new threading::Value(zeek::TYPE_STRING, true); keyval->val.string_val.length = key.size(); - keyval->val.string_val.data = copy_string(key.c_str()); + keyval->val.string_val.data = zeek::util::copy_string(key.c_str()); fields[0] = keyval; Value* val = new threading::Value(zeek::TYPE_STRING, true); val->val.string_val.length = value.size(); - val->val.string_val.data = copy_string(value.c_str()); + val->val.string_val.data = zeek::util::copy_string(value.c_str()); fields[1] = val; - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) Put(fields); else SendEntry(fields); @@ -263,13 +264,13 @@ bool Config::DoUpdate() { Value** vals = new Value*[4]; vals[0] = new Value(zeek::TYPE_STRING, true); - vals[0]->val.string_val.data = copy_string(Info().name); + vals[0]->val.string_val.data = zeek::util::copy_string(Info().name); vals[0]->val.string_val.length = strlen(Info().name); vals[1] = new Value(zeek::TYPE_STRING, true); - vals[1]->val.string_val.data = copy_string(Info().source); + vals[1]->val.string_val.data = zeek::util::copy_string(Info().source); vals[1]->val.string_val.length = strlen(Info().source); vals[2] = new Value(zeek::TYPE_STRING, true); - vals[2]->val.string_val.data = copy_string(key.c_str()); + vals[2]->val.string_val.data = zeek::util::copy_string(key.c_str()); vals[2]->val.string_val.length = key.size(); vals[3] = eventval; @@ -279,7 +280,7 @@ bool Config::DoUpdate() regfree(&re); - if ( Info().mode != MODE_STREAM ) + if ( Info().mode != zeek::input::MODE_STREAM ) EndCurrentSend(); // clean up all options we did not see @@ -293,12 +294,12 @@ bool Config::DoHeartbeat(double network_time, double current_time) { switch ( Info().mode ) { - case MODE_MANUAL: + case zeek::input::MODE_MANUAL: // yay, we do nothing :) break; - case MODE_REREAD: - case MODE_STREAM: + case zeek::input::MODE_REREAD: + case zeek::input::MODE_STREAM: Update(); // Call Update, not DoUpdate, because Update // checks the "disabled" flag. break; @@ -309,3 +310,5 @@ bool Config::DoHeartbeat(double network_time, double current_time) return true; } + +} // namespace zeek::input::reader::detail diff --git a/src/input/readers/config/Config.h b/src/input/readers/config/Config.h index 005da75b7c..22ccb5a4f5 100644 --- a/src/input/readers/config/Config.h +++ b/src/input/readers/config/Config.h @@ -12,14 +12,14 @@ #include "input/ReaderBackend.h" #include "threading/formatters/Ascii.h" -namespace input { namespace reader { +namespace zeek::input::reader::detail { /** * Reader for Configuration files. */ -class Config : public ReaderBackend { +class Config : public zeek::input::ReaderBackend { public: - explicit Config(ReaderFrontend* frontend); + explicit Config(zeek::input::ReaderFrontend* frontend); ~Config() override; // prohibit copying and moving @@ -28,7 +28,7 @@ public: Config& operator=(const Config&) = delete; Config& operator=(Config&&) = delete; - static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Config(frontend); } + static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Config(frontend); } protected: bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override; @@ -49,11 +49,15 @@ private: std::string set_separator; std::string empty_field; - std::unique_ptr formatter; + std::unique_ptr formatter; std::unordered_map> option_types; std::unordered_map option_values; }; +} // namespace zeek::input::reader::detail -} -} +namespace input::reader { + +using Config [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::Config.")]] = zeek::input::reader::detail::Config; + +} // namespace input::reader diff --git a/src/input/readers/config/Plugin.cc b/src/input/readers/config/Plugin.cc index 8ea2c115ed..34128f2d01 100644 --- a/src/input/readers/config/Plugin.cc +++ b/src/input/readers/config/Plugin.cc @@ -4,14 +4,13 @@ #include "Config.h" -namespace plugin { -namespace Zeek_ConfigReader { +namespace zeek::plugin::detail::Zeek_ConfigReader { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::input::Component("Config", ::input::reader::Config::Instantiate)); + AddComponent(new zeek::input::Component("Config", zeek::input::reader::detail::Config::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::ConfigReader"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_ConfigReader diff --git a/src/input/readers/raw/Plugin.cc b/src/input/readers/raw/Plugin.cc index ae25c62850..6e48208b1f 100644 --- a/src/input/readers/raw/Plugin.cc +++ b/src/input/readers/raw/Plugin.cc @@ -2,9 +2,9 @@ #include "Plugin.h" -namespace plugin { namespace Zeek_RawReader { Plugin plugin; } } +namespace zeek::plugin::detail::Zeek_RawReader { -using namespace plugin::Zeek_RawReader; +Plugin plugin; Plugin::Plugin() { @@ -12,7 +12,7 @@ Plugin::Plugin() zeek::plugin::Configuration Plugin::Configure() { - AddComponent(new ::input::Component("Raw", ::input::reader::Raw::Instantiate)); + AddComponent(new zeek::input::Component("Raw", zeek::input::reader::detail::Raw::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::RawReader"; @@ -32,3 +32,5 @@ std::unique_lock Plugin::ForkMutex() { return std::unique_lock(fork_mutex, std::defer_lock); } + +} // namespace zeek::plugin::detail::Zeek_RawReader diff --git a/src/input/readers/raw/Plugin.h b/src/input/readers/raw/Plugin.h index 86fded2575..43f937a8be 100644 --- a/src/input/readers/raw/Plugin.h +++ b/src/input/readers/raw/Plugin.h @@ -8,8 +8,7 @@ #include "Raw.h" -namespace plugin { -namespace Zeek_RawReader { +namespace zeek::plugin::detail::Zeek_RawReader { class Plugin : public zeek::plugin::Plugin { public: @@ -29,5 +28,4 @@ private: extern Plugin plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_RawReader diff --git a/src/input/readers/raw/Raw.cc b/src/input/readers/raw/Raw.cc index b859e6e195..11177d8573 100644 --- a/src/input/readers/raw/Raw.cc +++ b/src/input/readers/raw/Raw.cc @@ -20,13 +20,14 @@ extern "C" { #include "setsignal.h" } -using namespace input::reader; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; + +namespace zeek::input::reader::detail { const int Raw::block_size = 4096; // how big do we expect our chunks of data to be. -Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(frontend), file(nullptr, fclose), stderrfile(nullptr, fclose) +Raw::Raw(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend), file(nullptr, fclose), stderrfile(nullptr, fclose) { execute = false; firstrun = true; @@ -81,7 +82,7 @@ void Raw::ClosePipeEnd(int i) if ( pipes[i] == -1 ) return; - safe_close(pipes[i]); + zeek::util::safe_close(pipes[i]); pipes[i] = -1; } @@ -91,7 +92,7 @@ bool Raw::SetFDFlags(int fd, int cmd, int flags) return true; char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); Error(Fmt("failed to set fd flags: %s", buf)); return false; } @@ -99,7 +100,7 @@ bool Raw::SetFDFlags(int fd, int cmd, int flags) std::unique_lock Raw::AcquireForkMutex() { - auto lock = plugin::Zeek_RawReader::plugin.ForkMutex(); + auto lock = plugin::detail::Zeek_RawReader::plugin.ForkMutex(); try { @@ -198,7 +199,7 @@ bool Raw::Execute() else { char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); Warning(Fmt("Could not set child process group: %s", buf)); } } @@ -207,7 +208,7 @@ bool Raw::Execute() ClosePipeEnd(stdout_out); - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) { if ( ! SetFDFlags(pipes[stdout_in], F_SETFL, O_NONBLOCK) ) return false; @@ -294,7 +295,7 @@ bool Raw::OpenInput() if ( fseek(file.get(), pos, whence) < 0 ) { char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); Error(Fmt("Seek failed in init: %s", buf)); } } @@ -377,14 +378,15 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie } it = info.config.find("offset"); // we want to seek to a given offset inside the file - if ( it != info.config.end() && ! execute && (Info().mode == MODE_STREAM || Info().mode == MODE_MANUAL) ) + if ( it != info.config.end() && ! execute && (Info().mode == zeek::input::MODE_STREAM || + Info().mode == zeek::input::MODE_MANUAL) ) { std::string offset_s = it->second; offset = strtoll(offset_s.c_str(), 0, 10); } else if ( it != info.config.end() ) { - Error("Offset only is supported for MODE_STREAM and MODE_MANUAL; it is also not supported when executing a command"); + Error("Offset only is supported for zeek::input::MODE_STREAM and zeek::input::MODE_MANUAL; it is also not supported when executing a command"); return false; } @@ -407,7 +409,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie return false; } - if ( execute && Info().mode == MODE_REREAD ) + if ( execute && Info().mode == zeek::input::MODE_REREAD ) { // for execs this makes no sense - would have to execute each heartbeat? Error("Rereading only supported for files, not for executables."); @@ -457,7 +459,8 @@ int64_t Raw::GetLine(FILE* arg_file) // researching everything each time is a bit... cpu-intensive. But otherwhise we have // to deal with situations where the separator is multi-character and split over multiple // reads... - int found = strstr_n(pos, (unsigned char*) buf.get(), separator.size(), (unsigned char*) separator.c_str()); + int found = zeek::util::strstr_n(pos, (unsigned char*) buf.get(), + separator.size(), (unsigned char*) separator.c_str()); if ( found == -1 ) { @@ -528,7 +531,7 @@ void Raw::WriteToStdin() if ( stdin_towrite == 0 ) // send EOF when we are done. ClosePipeEnd(stdin_out); - if ( Info().mode == MODE_MANUAL && stdin_towrite != 0 ) + if ( Info().mode == zeek::input::MODE_MANUAL && stdin_towrite != 0 ) { Error(Fmt("Could not write whole string to stdin of child process in one go. Please use STREAM mode to pass more data to child.")); } @@ -544,7 +547,7 @@ bool Raw::DoUpdate() else { switch ( Info().mode ) { - case MODE_REREAD: + case zeek::input::MODE_REREAD: { assert(childpid == -1); // mode may not be used to execute child programs // check if the file has changed @@ -566,9 +569,9 @@ bool Raw::DoUpdate() // fallthrough } - case MODE_MANUAL: - case MODE_STREAM: - if ( Info().mode == MODE_STREAM && file ) + case zeek::input::MODE_MANUAL: + case zeek::input::MODE_STREAM: + if ( Info().mode == zeek::input::MODE_STREAM && file ) { clearerr(file.get()); // remove end of file evil bits break; @@ -645,7 +648,7 @@ bool Raw::DoUpdate() } } - if ( ( Info().mode == MODE_MANUAL ) || ( Info().mode == MODE_REREAD ) ) + if ( ( Info().mode == zeek::input::MODE_MANUAL ) || ( Info().mode == zeek::input::MODE_REREAD ) ) // done with the current data source EndCurrentSend(); @@ -676,10 +679,10 @@ bool Raw::DoUpdate() Value** vals = new Value*[4]; vals[0] = new Value(zeek::TYPE_STRING, true); - vals[0]->val.string_val.data = copy_string(Info().name); + vals[0]->val.string_val.data = zeek::util::copy_string(Info().name); vals[0]->val.string_val.length = strlen(Info().name); vals[1] = new Value(zeek::TYPE_STRING, true); - vals[1]->val.string_val.data = copy_string(Info().source); + vals[1]->val.string_val.data = zeek::util::copy_string(Info().source); vals[1]->val.string_val.length = strlen(Info().source); vals[2] = new Value(zeek::TYPE_COUNT, true); vals[2]->val.int_val = code; @@ -687,7 +690,7 @@ bool Raw::DoUpdate() vals[3]->val.int_val = signal; // and in this case we can signal end_of_data even for the streaming reader - if ( Info().mode == MODE_STREAM ) + if ( Info().mode == zeek::input::MODE_STREAM ) EndCurrentSend(); SendEvent("InputRaw::process_finished", 4, vals); @@ -706,12 +709,12 @@ bool Raw::DoUpdate() bool Raw::DoHeartbeat(double network_time, double current_time) { switch ( Info().mode ) { - case MODE_MANUAL: + case zeek::input::MODE_MANUAL: // yay, we do nothing :) break; - case MODE_REREAD: - case MODE_STREAM: + case zeek::input::MODE_REREAD: + case zeek::input::MODE_STREAM: #ifdef DEBUG Debug(zeek::DBG_INPUT, "Starting Heartbeat update"); #endif @@ -727,3 +730,5 @@ bool Raw::DoHeartbeat(double network_time, double current_time) return true; } + +} // namespace zeek::input::reader::detail diff --git a/src/input/readers/raw/Raw.h b/src/input/readers/raw/Raw.h index 6076503b23..844eeb4779 100644 --- a/src/input/readers/raw/Raw.h +++ b/src/input/readers/raw/Raw.h @@ -9,15 +9,15 @@ #include "input/ReaderBackend.h" -namespace input { namespace reader { +namespace zeek::input::reader::detail { /** * A reader that returns a file (or the output of a command) as a single * blob. */ -class Raw : public ReaderBackend { +class Raw : public zeek::input::ReaderBackend { public: - explicit Raw(ReaderFrontend* frontend); + explicit Raw(zeek::input::ReaderFrontend* frontend); ~Raw() override; // prohibit copying and moving @@ -26,7 +26,7 @@ public: Raw& operator=(const Raw&) = delete; Raw& operator=(Raw&&) = delete; - static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Raw(frontend); } + static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Raw(frontend); } protected: bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override; @@ -89,5 +89,10 @@ private: static const int block_size; }; -} -} +} // namespace zeek::input::reader::detail + +namespace input::reader { + +using Raw [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::Raw.")]] = zeek::input::reader::detail::Raw; + +} // namespace input::reader diff --git a/src/input/readers/sqlite/Plugin.cc b/src/input/readers/sqlite/Plugin.cc index 5b5a296263..a5bb1a91a8 100644 --- a/src/input/readers/sqlite/Plugin.cc +++ b/src/input/readers/sqlite/Plugin.cc @@ -4,14 +4,13 @@ #include "SQLite.h" -namespace plugin { -namespace Zeek_SQLiteReader { +namespace zeek::plugin::detail::Zeek_SQLiteReader { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::input::Component("SQLite", ::input::reader::SQLite::Instantiate)); + AddComponent(new zeek::input::Component("SQLite", zeek::input::reader::detail::SQLite::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SQLiteReader"; @@ -20,5 +19,4 @@ public: } } plugin; -} -} +} // namespae zeek::plugin::detail::Zeek_SQLiteReader diff --git a/src/input/readers/sqlite/SQLite.cc b/src/input/readers/sqlite/SQLite.cc index d2b9cd236e..4491472ead 100644 --- a/src/input/readers/sqlite/SQLite.cc +++ b/src/input/readers/sqlite/SQLite.cc @@ -15,12 +15,13 @@ #include "threading/SerialTypes.h" -using namespace input::reader; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; -SQLite::SQLite(ReaderFrontend *frontend) - : ReaderBackend(frontend), +namespace zeek::input::reader::detail { + +SQLite::SQLite(zeek::input::ReaderFrontend *frontend) + : zeek::input::ReaderBackend(frontend), fields(), num_fields(), mode(), started(), query(), db(), st() { set_separator.assign( @@ -38,7 +39,8 @@ SQLite::SQLite(ReaderFrontend *frontend) zeek::BifConst::InputSQLite::empty_field->Len() ); - io = new threading::formatter::Ascii(this, threading::formatter::Ascii::SeparatorInfo(std::string(), set_separator, unset_field, empty_field)); + io = new zeek::threading::formatter::Ascii(this, zeek::threading::formatter::Ascii::SeparatorInfo( + std::string(), set_separator, unset_field, empty_field)); } SQLite::~SQLite() @@ -82,7 +84,7 @@ bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading: // allows simultaneous writes to one file. sqlite3_enable_shared_cache(1); - if ( Info().mode != MODE_MANUAL ) + if ( Info().mode != zeek::input::MODE_MANUAL ) { Error("SQLite only supports manual reading mode."); return false; @@ -341,3 +343,5 @@ bool SQLite::DoUpdate() return true; } + +} // namespace zeek::input::reader::detail diff --git a/src/input/readers/sqlite/SQLite.h b/src/input/readers/sqlite/SQLite.h index fbab67df7a..9c815a023a 100644 --- a/src/input/readers/sqlite/SQLite.h +++ b/src/input/readers/sqlite/SQLite.h @@ -11,17 +11,17 @@ #include "threading/formatters/Ascii.h" #include "3rdparty/sqlite3.h" -namespace input { namespace reader { +namespace zeek::input::reader::detail { -class SQLite : public ReaderBackend { +class SQLite : public zeek::input::ReaderBackend { public: - explicit SQLite(ReaderFrontend* frontend); + explicit SQLite(zeek::input::ReaderFrontend* frontend); ~SQLite() override; - static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new SQLite(frontend); } + static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new SQLite(frontend); } protected: - bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* arg_fields) override; + bool DoInit(const ReaderInfo& info, int arg_num_fields, const zeek::threading::Field* const* arg_fields) override; void DoClose() override; bool DoUpdate() override; bool DoHeartbeat(double network_time, double current_time) override { return true; } @@ -29,7 +29,7 @@ protected: private: bool checkError(int code); - threading::Value* EntryToVal(sqlite3_stmt *st, const threading::Field *field, int pos, int subpos); + zeek::threading::Value* EntryToVal(sqlite3_stmt *st, const zeek::threading::Field *field, int pos, int subpos); const threading::Field* const * fields; // raw mapping unsigned int num_fields; @@ -38,13 +38,17 @@ private: std::string query; sqlite3 *db; sqlite3_stmt *st; - threading::formatter::Ascii* io; + zeek::threading::formatter::Ascii* io; std::string set_separator; std::string unset_field; std::string empty_field; }; +} // namespace zeek::input::reader -} -} +namespace input::reader { + +using SQLite [[deprecated("Remove in v4.1. Use zeek::input::reader::detail::SQLite.")]] = zeek::input::reader::detail::SQLite; + +} // namespace input::reader diff --git a/src/iosource/BPF_Program.cc b/src/iosource/BPF_Program.cc index 35724ea42a..993b95ed6d 100644 --- a/src/iosource/BPF_Program.cc +++ b/src/iosource/BPF_Program.cc @@ -59,7 +59,7 @@ int pcap_compile_nopcap(int snaplen_arg, int linktype_arg, } #endif -namespace zeek::detail { +namespace zeek::iosource::detail { // Simple heuristic to identify filters that always match, so that we can // skip the filtering in that case. "ip or not ip" is Bro's default filter. @@ -161,4 +161,4 @@ void BPF_Program::FreeCode() } } -} // namespace zeek::detail +} // namespace zeek::iosource::detail diff --git a/src/iosource/BPF_Program.h b/src/iosource/BPF_Program.h index e8ea2b3dd2..f19909f1ad 100644 --- a/src/iosource/BPF_Program.h +++ b/src/iosource/BPF_Program.h @@ -8,7 +8,7 @@ extern "C" { #include -namespace zeek::detail { +namespace zeek::iosource::detail { // BPF_Programs are an abstraction around struct bpf_program, // to create a clean facility for creating, compiling, and @@ -56,6 +56,6 @@ protected: struct bpf_program m_program; }; -} // namespace zeek::detail +} // namespace zeek::iosource::detail -using BPF_Program [[deprecated("Remove in v4.1. Use zeek::detail::BPF_Program.")]] = zeek::detail::BPF_Program; +using BPF_Program [[deprecated("Remove in v4.1. Use zeek::iosource::detail::BPF_Program.")]] = zeek::iosource::detail::BPF_Program; diff --git a/src/iosource/Component.cc b/src/iosource/Component.cc index b7ad278e68..8a2b6abe74 100644 --- a/src/iosource/Component.cc +++ b/src/iosource/Component.cc @@ -5,7 +5,7 @@ #include "Desc.h" #include "Reporter.h" -using namespace iosource; +namespace zeek::iosource { Component::Component(const std::string& name) : zeek::plugin::Component(zeek::plugin::component::IOSOURCE, name) @@ -24,7 +24,7 @@ Component::~Component() PktSrcComponent::PktSrcComponent(const std::string& arg_name, const std::string& arg_prefix, InputType arg_type, factory_callback arg_factory) : iosource::Component(zeek::plugin::component::PKTSRC, arg_name) { - tokenize_string(arg_prefix, ":", &prefixes); + zeek::util::tokenize_string(arg_prefix, ":", &prefixes); type = arg_type; factory = arg_factory; } @@ -110,7 +110,7 @@ void PktSrcComponent::DoDescribe(zeek::ODesc* d) const PktDumperComponent::PktDumperComponent(const std::string& name, const std::string& arg_prefix, factory_callback arg_factory) : zeek::plugin::Component(zeek::plugin::component::PKTDUMPER, name) { - tokenize_string(arg_prefix, ":", &prefixes); + zeek::util::tokenize_string(arg_prefix, ":", &prefixes); factory = arg_factory; } @@ -163,3 +163,5 @@ void PktDumperComponent::DoDescribe(zeek::ODesc* d) const d->Add(": "); d->Add(prefs); } + +} // namespace zeek::iosource diff --git a/src/iosource/Component.h b/src/iosource/Component.h index 0916709b28..fbde50d2ce 100644 --- a/src/iosource/Component.h +++ b/src/iosource/Component.h @@ -2,16 +2,16 @@ #pragma once -#include "plugin/Component.h" - #include #include -namespace iosource { +#include "plugin/Component.h" -class IOSource; -class PktSrc; -class PktDumper; +ZEEK_FORWARD_DECLARE_NAMESPACED(IOSource, zeek, iosource); +ZEEK_FORWARD_DECLARE_NAMESPACED(PktSrc, zeek, iosource); +ZEEK_FORWARD_DECLARE_NAMESPACED(PktDumper, zeek, iosource); + +namespace zeek::iosource { /** * Component description for plugins providing IOSources. @@ -49,7 +49,7 @@ protected: /** * Component description for plugins providing a PktSrc for packet input. */ -class PktSrcComponent : public iosource::Component { +class PktSrcComponent : public zeek::iosource::Component { public: /** * Type of input a packet source supports. @@ -167,4 +167,12 @@ private: factory_callback factory; }; -} +} // namespace zeek::iosource + +namespace iosource { + +using Component [[deprecated("Remove in v4.1. Use zeek::iosource::Component.")]] = zeek::iosource::Component; +using PktSrcComponent [[deprecated("Remove in v4.1. Use zeek::iosource::PktSrcComponent.")]] = zeek::iosource::PktSrcComponent; +using PktDumperComponent [[deprecated("Remove in v4.1. Use zeek::iosource::PktDumperComponent.")]] = zeek::iosource::PktDumperComponent; + +} // namespace iosource diff --git a/src/iosource/IOSource.h b/src/iosource/IOSource.h index ea218a675b..3645dbec0e 100644 --- a/src/iosource/IOSource.h +++ b/src/iosource/IOSource.h @@ -2,7 +2,7 @@ #pragma once -namespace iosource { +namespace zeek::iosource { /** * Interface class for components providing/consuming data inside Bro's main @@ -86,4 +86,10 @@ private: bool closed; }; -} +} // namespace zeek::iosource + +namespace iosource { + +using IOSource [[deprecated("Remove in v4.1. Use zeek::iosource::IOSource.")]] = zeek::iosource::IOSource; + +} // namespace iosource diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc index de07a87bfa..50e831f868 100644 --- a/src/iosource/Manager.cc +++ b/src/iosource/Manager.cc @@ -9,7 +9,7 @@ #include "Manager.h" #include "Component.h" #include "IOSource.h" -#include "Net.h" +#include "RunState.h" #include "PktSrc.h" #include "PktDumper.h" #include "plugin/Manager.h" @@ -20,7 +20,7 @@ #define DEFAULT_PREFIX "pcap" -using namespace iosource; +namespace zeek::iosource { Manager::WakeupHandler::WakeupHandler() { @@ -115,7 +115,7 @@ void Manager::FindReadySources(std::vector* ready) // If there aren't any sources and exit_only_after_terminate is false, just // return an empty set of sources. We want the main loop to end. - if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || terminating ) ) + if ( Size() == 0 && ( ! zeek::BifConst::exit_only_after_terminate || zeek::run_state::terminating ) ) return; double timeout = -1; @@ -166,7 +166,7 @@ void Manager::FindReadySources(std::vector* ready) } else { - if ( ! pseudo_realtime ) + if ( ! zeek::run_state::pseudo_realtime ) // A pcap file is always ready to process unless it's suspended ready->push_back(pkt_src); } @@ -315,7 +315,7 @@ void Manager::Register(PktSrc* src) // little bit for those sources. if ( src->IsLive() ) poll_interval = 10; - else if ( pseudo_realtime ) + else if ( zeek::run_state::pseudo_realtime ) poll_interval = 1; Register(src, false); @@ -417,3 +417,5 @@ PktDumper* Manager::OpenPktDumper(const std::string& path, bool append) return pd; } + +} // namespace zeek::iosource diff --git a/src/iosource/Manager.h b/src/iosource/Manager.h index bd875f5fae..71551e99ae 100644 --- a/src/iosource/Manager.h +++ b/src/iosource/Manager.h @@ -14,10 +14,11 @@ struct timespec; struct kevent; -namespace iosource { +ZEEK_FORWARD_DECLARE_NAMESPACED(PktSrc, zeek, iosource); +ZEEK_FORWARD_DECLARE_NAMESPACED(PktDumper, zeek, iosource); -class PktSrc; -class PktDumper; +namespace zeek { +namespace iosource { /** * Manager class for IO sources. This handles all of the polling of sources @@ -209,6 +210,16 @@ private: std::vector events; }; -} +} // namespace iosource extern iosource::Manager* iosource_mgr; + +} // namespace zeek + +extern zeek::iosource::Manager*& iosource_mgr [[deprecated("Remove in v4.1. Use zeek::iosource_mgr.")]]; + +namespace iosource { + +using Manager [[deprecated("Remove in v4.1. Use zeek::iosource::Manager.")]] = zeek::iosource::Manager; + +} // namespace iosource diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index d517ba440c..6d0d1349f9 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -560,16 +560,16 @@ void Packet::ProcessLayer2() } } - else if ( encap_hdr_size ) + else if ( zeek::detail::encap_hdr_size ) { // Blanket encapsulation. We assume that what remains is IP. - if ( pdata + encap_hdr_size + sizeof(struct ip) >= end_of_data ) + if ( pdata + zeek::detail::encap_hdr_size + sizeof(struct ip) >= end_of_data ) { Weird("no_ip_left_after_encap"); return; } - pdata += encap_hdr_size; + pdata += zeek::detail::encap_hdr_size; const struct ip* ip = (const struct ip *)pdata; diff --git a/src/iosource/PktDumper.cc b/src/iosource/PktDumper.cc index 1ada2a3021..0ca6511df9 100644 --- a/src/iosource/PktDumper.cc +++ b/src/iosource/PktDumper.cc @@ -6,7 +6,7 @@ #include "PktDumper.h" #include "DebugLogger.h" -using namespace iosource; +namespace zeek::iosource { PktDumper::PktDumper() { @@ -80,3 +80,5 @@ void PktDumper::Error(const std::string& msg) IsOpen() ? props.path.c_str() : "", msg.c_str()); } + +} // namespace zeek::iosource diff --git a/src/iosource/PktDumper.h b/src/iosource/PktDumper.h index f474a7e8a3..e105bc0039 100644 --- a/src/iosource/PktDumper.h +++ b/src/iosource/PktDumper.h @@ -7,7 +7,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek); -namespace iosource { +namespace zeek::iosource { /** * Base class for packet dumpers. @@ -139,4 +139,10 @@ private: std::string errmsg; }; -} +} // namespace zeek::iosource + +namespace iosource { + +using PktDumper [[deprecated("Remove in v4.1. Use zeek::iosource::PktDumper.")]] = zeek::iosource::PktDumper; + +} // namespace iosource diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index 3db44cc9ae..f551445aac 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -7,7 +7,7 @@ #include "util.h" #include "Hash.h" -#include "Net.h" +#include "RunState.h" #include "Sessions.h" #include "broker/Manager.h" #include "iosource/Manager.h" @@ -15,7 +15,7 @@ #include "pcap/pcap.bif.h" -using namespace iosource; +namespace zeek::iosource { PktSrc::Properties::Properties() { @@ -82,8 +82,8 @@ double PktSrc::CurrentPacketTimestamp() double PktSrc::CurrentPacketWallClock() { // We stop time when we are suspended. - if ( net_is_processing_suspended() ) - current_wallclock = current_time(true); + if ( zeek::run_state::is_processing_suspended() ) + current_wallclock = zeek::util::current_time(true); return current_wallclock; } @@ -112,7 +112,7 @@ void PktSrc::Opened(const Properties& arg_props) if ( props.is_live ) { - Info(fmt("listening on %s\n", props.path.c_str())); + Info(zeek::util::fmt("listening on %s\n", props.path.c_str())); // We only register the file descriptor if we're in live // mode because libpcap's file descriptor for trace files @@ -163,7 +163,7 @@ void PktSrc::InternalError(const std::string& msg) void PktSrc::ContinueAfterSuspend() { - current_wallclock = current_time(true); + current_wallclock = zeek::util::current_time(true); } double PktSrc::CheckPseudoTime() @@ -175,9 +175,9 @@ double PktSrc::CheckPseudoTime() return 0; double pseudo_time = current_packet.time - first_timestamp; - double ct = (current_time(true) - first_wallclock) * pseudo_realtime; + double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::run_state::pseudo_realtime; - return pseudo_time <= ct ? bro_start_time + pseudo_time : 0; + return pseudo_time <= ct ? zeek::run_state::zeek_start_time + pseudo_time : 0; } void PktSrc::InitSource() @@ -201,16 +201,16 @@ void PktSrc::Process() if ( current_packet.Layer2Valid() ) { - if ( pseudo_realtime ) + if ( zeek::run_state::pseudo_realtime ) { current_pseudo = CheckPseudoTime(); - net_packet_dispatch(current_pseudo, ¤t_packet, this); + zeek::run_state::detail::dispatch_packet(current_pseudo, ¤t_packet, this); if ( ! first_wallclock ) - first_wallclock = current_time(true); + first_wallclock = zeek::util::current_time(true); } else - net_packet_dispatch(current_packet.time, ¤t_packet, this); + zeek::run_state::detail::dispatch_packet(current_packet.time, ¤t_packet, this); } have_packet = false; @@ -231,11 +231,11 @@ bool PktSrc::ExtractNextPacketInternal() // Don't return any packets if processing is suspended (except for the // very first packet which we need to set up times). - if ( net_is_processing_suspended() && first_timestamp ) + if ( zeek::run_state::is_processing_suspended() && first_timestamp ) return false; - if ( pseudo_realtime ) - current_wallclock = current_time(true); + if ( zeek::run_state::pseudo_realtime ) + current_wallclock = zeek::util::current_time(true); if ( ExtractNextPacket(¤t_packet) ) { @@ -252,7 +252,7 @@ bool PktSrc::ExtractNextPacketInternal() return true; } - if ( pseudo_realtime && ! IsOpen() ) + if ( zeek::run_state::pseudo_realtime && ! IsOpen() ) { if ( broker_mgr->Active() ) iosource_mgr->Terminate(); @@ -269,11 +269,11 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter) char errbuf[PCAP_ERRBUF_SIZE]; // Compile filter. - auto* code = new zeek::detail::BPF_Program(); + auto* code = new zeek::iosource::detail::BPF_Program(); if ( ! code->Compile(zeek::BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask(), errbuf, sizeof(errbuf)) ) { - std::string msg = fmt("cannot compile BPF filter \"%s\"", filter.c_str()); + std::string msg = zeek::util::fmt("cannot compile BPF filter \"%s\"", filter.c_str()); if ( *errbuf ) msg += ": " + std::string(errbuf); @@ -296,7 +296,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter) return true; } -zeek::detail::BPF_Program* PktSrc::GetBPFFilter(int index) +zeek::iosource::detail::BPF_Program* PktSrc::GetBPFFilter(int index) { if ( index < 0 ) return nullptr; @@ -306,11 +306,11 @@ zeek::detail::BPF_Program* PktSrc::GetBPFFilter(int index) bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_char *pkt) { - zeek::detail::BPF_Program* code = GetBPFFilter(index); + zeek::iosource::detail::BPF_Program* code = GetBPFFilter(index); if ( ! code ) { - Error(fmt("BPF filter %d not compiled", index)); + Error(zeek::util::fmt("BPF filter %d not compiled", index)); Close(); return false; } @@ -344,15 +344,17 @@ double PktSrc::GetNextTimeout() // but we're not in pseudo-realtime mode, let the loop just spin as fast as it can. If we're // in pseudo-realtime mode, find the next time that a packet is ready and have poll block until // then. - if ( IsLive() || net_is_processing_suspended() ) + if ( IsLive() || zeek::run_state::is_processing_suspended() ) return -1; - else if ( ! pseudo_realtime ) + else if ( ! zeek::run_state::pseudo_realtime ) return 0; if ( ! have_packet ) ExtractNextPacketInternal(); double pseudo_time = current_packet.time - first_timestamp; - double ct = (current_time(true) - first_wallclock) * pseudo_realtime; + double ct = (zeek::util::current_time(true) - first_wallclock) * zeek::run_state::pseudo_realtime; return std::max(0.0, pseudo_time - ct); } + +} // namespace zeek::iosource diff --git a/src/iosource/PktSrc.h b/src/iosource/PktSrc.h index 2dd340cf4a..9b97bad3bc 100644 --- a/src/iosource/PktSrc.h +++ b/src/iosource/PktSrc.h @@ -10,9 +10,9 @@ #include // for u_char struct pcap_pkthdr; -ZEEK_FORWARD_DECLARE_NAMESPACED(BPF_Program, zeek::detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(BPF_Program, zeek::iosource::detail); -namespace iosource { +namespace zeek::iosource { /** * Base class for packet sources. @@ -136,7 +136,7 @@ public: * @return The BPF filter associated, or null if none has been * (successfully) compiled. */ - zeek::detail::BPF_Program* GetBPFFilter(int index); + zeek::iosource::detail::BPF_Program* GetBPFFilter(int index); /** * Applies a precompiled BPF filter to a packet. This will close the @@ -368,7 +368,7 @@ private: zeek::Packet current_packet; // For BPF filtering support. - std::vector filters; + std::vector filters; // Only set in pseudo-realtime mode. double first_timestamp; @@ -380,4 +380,10 @@ private: std::string errbuf; }; -} +} // namespace zeek::iosource + +namespace iosource { + +using PktSrc [[deprecated("Remove in v4.1. Use zeek::iosource::PktSrc.")]] = zeek::iosource::PktSrc; + +} // namespace iosource diff --git a/src/iosource/pcap/Dumper.cc b/src/iosource/pcap/Dumper.cc index 83072a4f49..f558c67840 100644 --- a/src/iosource/pcap/Dumper.cc +++ b/src/iosource/pcap/Dumper.cc @@ -5,11 +5,11 @@ #include "Dumper.h" #include "../PktSrc.h" -#include "../../Net.h" +#include "../../RunState.h" #include "pcap.bif.h" -using namespace iosource::pcap; +namespace zeek::iosource::pcap { PcapDumper::PcapDumper(const std::string& path, bool arg_append) { @@ -47,11 +47,11 @@ void PcapDumper::Open() if ( append ) { // See if output file already exists (and is non-empty). - exists = stat(props.path.c_str(), &s); ; + exists = stat(props.path.c_str(), &s); if ( exists < 0 && errno != ENOENT ) { - Error(fmt("can't stat file %s: %s", props.path.c_str(), strerror(errno))); + Error(zeek::util::fmt("can't stat file %s: %s", props.path.c_str(), strerror(errno))); return; } } @@ -76,12 +76,12 @@ void PcapDumper::Open() dumper = (pcap_dumper_t*) fopen(props.path.c_str(), "a"); if ( ! dumper ) { - Error(fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno))); + Error(zeek::util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno))); return; } } - props.open_time = network_time; + props.open_time = zeek::run_state::network_time; props.hdr_size = zeek::Packet::GetLinkHeaderSize(pcap_datalink(pd)); Opened(props); } @@ -117,3 +117,5 @@ iosource::PktDumper* PcapDumper::Instantiate(const std::string& path, bool appen { return new PcapDumper(path, append); } + +} // namespace zeek::iosource::pcap diff --git a/src/iosource/pcap/Dumper.h b/src/iosource/pcap/Dumper.h index 131c675983..0c4c122591 100644 --- a/src/iosource/pcap/Dumper.h +++ b/src/iosource/pcap/Dumper.h @@ -8,8 +8,7 @@ extern "C" { #include "../PktDumper.h" -namespace iosource { -namespace pcap { +namespace zeek::iosource::pcap { class PcapDumper : public PktDumper { public: @@ -32,5 +31,10 @@ private: pcap_t* pd; }; -} -} +} // namespace zeek::iosource::pcap + +namespace iosource::pcap { + +using PcapDumper [[deprecated("Remove in v4.1. Use zeek::iosource::pcap::PcapDumper.")]] = zeek::iosource::pcap::PcapDumper; + +} // namespace iosource::pcap diff --git a/src/iosource/pcap/Plugin.cc b/src/iosource/pcap/Plugin.cc index 388645a598..c23a77a137 100644 --- a/src/iosource/pcap/Plugin.cc +++ b/src/iosource/pcap/Plugin.cc @@ -5,15 +5,17 @@ #include "plugin/Plugin.h" #include "iosource/Component.h" -namespace plugin { -namespace Zeek_Pcap { +namespace zeek::plugin::detail::Zeek_Pcap { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::iosource::PktSrcComponent("PcapReader", "pcap", ::iosource::PktSrcComponent::BOTH, ::iosource::pcap::PcapSource::Instantiate)); - AddComponent(new ::iosource::PktDumperComponent("PcapWriter", "pcap", ::iosource::pcap::PcapDumper::Instantiate)); + AddComponent(new zeek::iosource::PktSrcComponent( + "PcapReader", "pcap", zeek::iosource::PktSrcComponent::BOTH, + zeek::iosource::pcap::PcapSource::Instantiate)); + AddComponent(new zeek::iosource::PktDumperComponent( + "PcapWriter", "pcap", zeek::iosource::pcap::PcapDumper::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::Pcap"; @@ -22,5 +24,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_Pcap diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index ae0be127b2..2aa522e751 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -14,7 +14,7 @@ #include #endif -using namespace iosource::pcap; +namespace zeek::iosource::pcap { PcapSource::~PcapSource() { @@ -61,7 +61,7 @@ void PcapSource::OpenLive() if ( pcap_findalldevs(&devs, errbuf) < 0 ) { - Error(fmt("pcap_findalldevs: %s", errbuf)); + Error(zeek::util::fmt("pcap_findalldevs: %s", errbuf)); return; } @@ -157,7 +157,7 @@ void PcapSource::OpenLive() #endif #ifdef HAVE_PCAP_INT_H - Info(fmt("pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize)); + Info(zeek::util::fmt("pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize)); #endif props.selectable_fd = pcap_get_selectable_fd(pd); @@ -258,7 +258,7 @@ bool PcapSource::SetFilter(int index) char errbuf[PCAP_ERRBUF_SIZE]; - zeek::detail::BPF_Program* code = GetBPFFilter(index); + zeek::iosource::detail::BPF_Program* code = GetBPFFilter(index); if ( ! code ) { @@ -328,12 +328,12 @@ void PcapSource::PcapError(const char* where) std::string location; if ( where ) - location = fmt(" (%s)", where); + location = zeek::util::fmt(" (%s)", where); if ( pd ) - Error(fmt("pcap_error: %s%s", pcap_geterr(pd), location.c_str())); + Error(zeek::util::fmt("pcap_error: %s%s", pcap_geterr(pd), location.c_str())); else - Error(fmt("pcap_error: not open%s", location.c_str())); + Error(zeek::util::fmt("pcap_error: not open%s", location.c_str())); Close(); } @@ -342,3 +342,5 @@ iosource::PktSrc* PcapSource::Instantiate(const std::string& path, bool is_live) { return new PcapSource(path, is_live); } + +} // namespace zeek::iosource::pcap diff --git a/src/iosource/pcap/Source.h b/src/iosource/pcap/Source.h index 78f57afe39..5309bd36dc 100644 --- a/src/iosource/pcap/Source.h +++ b/src/iosource/pcap/Source.h @@ -10,10 +10,9 @@ extern "C" { #include // for u_char -namespace iosource { -namespace pcap { +namespace zeek::iosource::pcap { -class PcapSource : public iosource::PktSrc { +class PcapSource : public zeek::iosource::PktSrc { public: PcapSource(const std::string& path, bool is_live); ~PcapSource() override; @@ -41,5 +40,10 @@ private: pcap_t *pd; }; -} -} +} // namespace zeek::iosource::pcap + +namespace iosource::pcap { + +using PcapSource [[deprecated("Remove in v4.1. Use zeek::iosource::pcap::PcapSource.")]] = zeek::iosource::pcap::PcapSource; + +} // namespace iosource::pcap diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index 5fe6b92233..5655a8fac9 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -33,13 +33,14 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool // We use a vector as underlying data structure for fast // lookups and limit the ID space so that that doesn't grow too // large. - zeek::emit_builtin_error(fmt("PCAP filter ids must remain below 100 (is %" PRId64 ")", id->AsInt())); + zeek::emit_builtin_error( + zeek::util::fmt("PCAP filter ids must remain below 100 (is %" PRId64 ")", id->AsInt())); return zeek::val_mgr->False(); } bool success = true; - iosource::PktSrc* ps = iosource_mgr->GetPktSrc(); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); if ( ps && ! ps->PrecompileFilter(id->ForceAsInt(), s->CheckString()) ) success = false; @@ -68,7 +69,7 @@ function Pcap::install_pcap_filter%(id: PcapFilterID%): bool %{ bool success = true; - iosource::PktSrc* ps = iosource_mgr->GetPktSrc(); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); if ( ps && ! ps->SetFilter(id->ForceAsInt()) ) success = false; @@ -91,7 +92,7 @@ function Pcap::install_pcap_filter%(id: PcapFilterID%): bool ## uninstall_dst_net_filter function error%(%): string %{ - iosource::PktSrc* ps = iosource_mgr->GetPktSrc(); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); if ( ps ) { const char* err = ps->ErrorMsg(); diff --git a/src/legacy-netvar-init.cc b/src/legacy-netvar-init.cc index de4dc83972..fed53a1f1e 100644 --- a/src/legacy-netvar-init.cc +++ b/src/legacy-netvar-init.cc @@ -4,6 +4,8 @@ #include "ID.h" #include "Scope.h" +namespace zeek::detail { + // Compiled separately to avoid deprecation warnings at the assignment sites. void zeek_legacy_netvar_init() { @@ -92,3 +94,5 @@ void zeek_legacy_netvar_init() if ( anon_id ) preserve_other_addr = anon_id->GetVal()->AsTableVal(); } + +} // namespace zeek::detail diff --git a/src/logging/Component.cc b/src/logging/Component.cc index d3f5807307..644bc83c11 100644 --- a/src/logging/Component.cc +++ b/src/logging/Component.cc @@ -5,7 +5,7 @@ #include "../Desc.h" #include "../util.h" -using namespace logging; +namespace zeek::logging { Component::Component(const std::string& name, factory_callback arg_factory) : zeek::plugin::Component(zeek::plugin::component::WRITER, name) @@ -28,3 +28,5 @@ void Component::DoDescribe(zeek::ODesc* d) const d->Add("Log::WRITER_"); d->Add(CanonicalName()); } + +} // namespace zeek::logging diff --git a/src/logging/Component.h b/src/logging/Component.h index 8a98f9afa1..d0cb52615f 100644 --- a/src/logging/Component.h +++ b/src/logging/Component.h @@ -6,16 +6,16 @@ #include "plugin/Component.h" #include "plugin/TaggedComponent.h" -namespace logging { +ZEEK_FORWARD_DECLARE_NAMESPACED(WriterFrontend, zeek, logging); +ZEEK_FORWARD_DECLARE_NAMESPACED(WriterBackend, zeek, logging); -class WriterFrontend; -class WriterBackend; +namespace zeek::logging { /** * Component description for plugins providing log writers. */ class Component : public zeek::plugin::Component, - public plugin::TaggedComponent { + public zeek::plugin::TaggedComponent { public: typedef WriterBackend* (*factory_callback)(WriterFrontend* frontend); @@ -60,4 +60,4 @@ private: factory_callback factory; }; -} +} // namespace zeek::logging diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 690099cb11..4c41558393 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -7,7 +7,7 @@ #include "Event.h" #include "EventHandler.h" #include "NetVar.h" -#include "Net.h" +#include "RunState.h" #include "Type.h" #include "File.h" #include "input.h" @@ -28,7 +28,8 @@ #include using namespace std; -using namespace logging; + +namespace zeek::logging { struct Manager::Filter { zeek::Val* fval; @@ -854,15 +855,15 @@ bool Manager::Write(zeek::EnumVal* id, zeek::RecordVal* columns_arg) if ( const auto& val = filter->field_name_map->Find(fn) ) { delete [] filter->fields[j]->name; - filter->fields[j]->name = copy_string(val->AsStringVal()->CheckString()); + filter->fields[j]->name = zeek::util::copy_string(val->AsStringVal()->CheckString()); } } arg_fields[j] = new threading::Field(*filter->fields[j]); } info = new WriterBackend::WriterInfo; - info->path = copy_string(path.c_str()); - info->network_time = network_time; + info->path = zeek::util::copy_string(path.c_str()); + info->network_time = zeek::run_state::network_time; zeek::detail::HashKey* k; zeek::IterCookie* c = filter->config->AsTable()->InitForIteration(); @@ -873,7 +874,7 @@ bool Manager::Write(zeek::EnumVal* id, zeek::RecordVal* columns_arg) auto index = filter->config->RecreateIndex(*k); string key = index->Idx(0)->AsString()->CheckString(); string value = v->GetVal()->AsString()->CheckString(); - info->config.insert(std::make_pair(copy_string(key.c_str()), copy_string(value.c_str()))); + info->config.insert(std::make_pair(zeek::util::copy_string(key.c_str()), zeek::util::copy_string(value.c_str()))); delete k; } @@ -943,14 +944,14 @@ threading::Value* Manager::ValToLogVal(zeek::Val* val, zeek::Type* ty) if ( s ) { - lval->val.string_val.data = copy_string(s); + lval->val.string_val.data = zeek::util::copy_string(s); lval->val.string_val.length = strlen(s); } else { val->GetType()->Error("enum type does not contain value", val); - lval->val.string_val.data = copy_string(""); + lval->val.string_val.data = zeek::util::copy_string(""); lval->val.string_val.length = 0; } break; @@ -994,7 +995,7 @@ threading::Value* Manager::ValToLogVal(zeek::Val* val, zeek::Type* ty) { const zeek::File* f = val->AsFile(); string s = f->Name(); - lval->val.string_val.data = copy_string(s.c_str()); + lval->val.string_val.data = zeek::util::copy_string(s.c_str()); lval->val.string_val.length = s.size(); break; } @@ -1005,7 +1006,7 @@ threading::Value* Manager::ValToLogVal(zeek::Val* val, zeek::Type* ty) const zeek::Func* f = val->AsFunc(); f->Describe(&d); const char* s = d.Description(); - lval->val.string_val.data = copy_string(s); + lval->val.string_val.data = zeek::util::copy_string(s); lval->val.string_val.length = strlen(s); break; } @@ -1150,7 +1151,7 @@ WriterFrontend* Manager::CreateWriter(zeek::EnumVal* id, zeek::EnumVal* writer, WriterInfo* winfo = new WriterInfo; winfo->type = writer->Ref()->AsEnumVal(); winfo->writer = nullptr; - winfo->open_time = network_time; + winfo->open_time = zeek::run_state::network_time; winfo->rotation_timer = nullptr; winfo->interval = 0; winfo->postprocessor = nullptr; @@ -1178,7 +1179,7 @@ WriterFrontend* Manager::CreateWriter(zeek::EnumVal* id, zeek::EnumVal* writer, if ( f->postprocessor ) { delete [] winfo->info->post_proc_func; - winfo->info->post_proc_func = copy_string(f->postprocessor->Name()); + winfo->info->post_proc_func = zeek::util::copy_string(f->postprocessor->Name()); } break; @@ -1214,7 +1215,7 @@ WriterFrontend* Manager::CreateWriter(zeek::EnumVal* id, zeek::EnumVal* writer, static auto base_time = log_rotate_base_time->AsString()->CheckString(); winfo->info->rotation_interval = winfo->interval; - winfo->info->rotation_base = parse_rotate_base_time(base_time); + winfo->info->rotation_base = zeek::util::detail::parse_rotate_base_time(base_time); winfo->writer = new WriterFrontend(*winfo->info, id, writer, local, remote); winfo->writer->Init(num_fields, fields); @@ -1344,7 +1345,7 @@ bool Manager::Flush(zeek::EnumVal* id) for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) - i->second->writer->Flush(network_time); + i->second->writer->Flush(zeek::run_state::network_time); RemoveDisabledWriters(stream); @@ -1440,14 +1441,14 @@ void RotationTimer::Dispatch(double t, bool is_expire) if ( ! is_expire ) { - winfo->open_time = network_time; + winfo->open_time = zeek::run_state::network_time; log_mgr->InstallRotationTimer(winfo); } } void Manager::InstallRotationTimer(WriterInfo* winfo) { - if ( terminating ) + if ( zeek::run_state::terminating ) return; if ( winfo->rotation_timer ) @@ -1460,25 +1461,25 @@ void Manager::InstallRotationTimer(WriterInfo* winfo) if ( rotation_interval ) { - // When this is called for the first time, network_time can still be + // When this is called for the first time, zeek::run_state::network_time can still be // zero. If so, we set a timer which fires immediately but doesn't // rotate when it expires. - if ( ! network_time ) + if ( ! zeek::run_state::network_time ) winfo->rotation_timer = new RotationTimer(1, winfo, false); else { if ( ! winfo->open_time ) - winfo->open_time = network_time; + winfo->open_time = zeek::run_state::network_time; static auto log_rotate_base_time = zeek::id::find_val("log_rotate_base_time"); static auto base_time = log_rotate_base_time->AsString()->CheckString(); - double base = parse_rotate_base_time(base_time); + double base = zeek::util::detail::parse_rotate_base_time(base_time); double delta_t = - calc_next_rotate(network_time, rotation_interval, base); + zeek::util::detail::calc_next_rotate(zeek::run_state::network_time, rotation_interval, base); winfo->rotation_timer = - new RotationTimer(network_time + delta_t, winfo, true); + new RotationTimer(zeek::run_state::network_time + delta_t, winfo, true); } zeek::detail::timer_mgr->Add(winfo->rotation_timer); @@ -1521,7 +1522,7 @@ std::string Manager::FormatRotationPath(zeek::EnumValPtr writer, auto prefix = rp_val->GetField(1)->AsString()->CheckString(); auto dir = dir_val->AsString()->CheckString(); - if ( ! streq(dir, "") && ! ensure_intermediate_dirs(dir) ) + if ( ! zeek::util::streq(dir, "") && ! zeek::util::detail::ensure_intermediate_dirs(dir) ) { zeek::reporter->Error("Failed to create dir '%s' returned by " "Log::rotation_format_func for path %.*s: %s", @@ -1530,17 +1531,17 @@ std::string Manager::FormatRotationPath(zeek::EnumValPtr writer, dir = ""; } - if ( streq(dir, "") ) + if ( zeek::util::streq(dir, "") ) rval = prefix; else - rval = fmt("%s/%s", dir, prefix); + rval = zeek::util::fmt("%s/%s", dir, prefix); } catch ( zeek::InterpreterException& e ) { auto rot_str = format_rotation_time_fallback((time_t)open); - rval = fmt("%.*s-%s", static_cast(path.size()), path.data(), - rot_str.data()); + rval = zeek::util::fmt("%.*s-%s", static_cast(path.size()), path.data(), + rot_str.data()); zeek::reporter->Error("Failed to call Log::rotation_format_func for path %.*s " "continuing with rotation to: ./%s", static_cast(path.size()), path.data(), rval.data()); @@ -1552,7 +1553,7 @@ std::string Manager::FormatRotationPath(zeek::EnumValPtr writer, void Manager::Rotate(WriterInfo* winfo) { DBG_LOG(zeek::DBG_LOGGING, "Rotating %s at %.6f", - winfo->writer->Name(), network_time); + winfo->writer->Name(), zeek::run_state::network_time); static auto default_ppf = zeek::id::find_func("Log::__default_rotation_postprocessor"); @@ -1565,11 +1566,11 @@ void Manager::Rotate(WriterInfo* winfo) auto rotation_path = FormatRotationPath({zeek::NewRef{}, winfo->type}, winfo->writer->Info().path, - winfo->open_time, network_time, - terminating, + winfo->open_time, zeek::run_state::network_time, + zeek::run_state::terminating, std::move(ppf)); - winfo->writer->Rotate(rotation_path.data(), winfo->open_time, network_time, terminating); + winfo->writer->Rotate(rotation_path.data(), winfo->open_time, zeek::run_state::network_time, zeek::run_state::terminating); ++rotations_pending; } @@ -1584,12 +1585,12 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con if ( ! success ) { DBG_LOG(zeek::DBG_LOGGING, "Non-successful rotating writer '%s', file '%s' at %.6f,", - writer->Name(), filename, network_time); + writer->Name(), filename, zeek::run_state::network_time); return true; } DBG_LOG(zeek::DBG_LOGGING, "Finished rotating %s at %.6f, new name %s", - writer->Name(), network_time, new_name); + writer->Name(), zeek::run_state::network_time, new_name); WriterInfo* winfo = FindWriter(writer); if ( ! winfo ) @@ -1621,3 +1622,5 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con return result; } + +} // namespace zeek::logging diff --git a/src/logging/Manager.h b/src/logging/Manager.h index 60bf4819da..0a3235a8d4 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -16,17 +16,19 @@ namespace broker { struct endpoint_info; } ZEEK_FORWARD_DECLARE_NAMESPACED(SerializationFormat, zeek::detail); -class RotationTimer; +ZEEK_FORWARD_DECLARE_NAMESPACED(WriterFrontend, zeek, logging); +ZEEK_FORWARD_DECLARE_NAMESPACED(RotationFinishedMessage, zeek, logging); + +namespace zeek { namespace logging { -class WriterFrontend; -class RotationFinishedMessage; +class RotationTimer; /** * Singleton class for managing log streams. */ -class Manager : public plugin::ComponentManager { +class Manager : public zeek::plugin::ComponentManager { public: /** @@ -251,7 +253,7 @@ protected: friend class WriterFrontend; friend class RotationFinishedMessage; friend class RotationFailedMessage; - friend class ::RotationTimer; + friend class RotationTimer; // Instantiates a new WriterBackend of the given type (note that // doing so creates a new thread!). @@ -298,6 +300,16 @@ private: zeek::FuncPtr rotation_format_func; }; -} +} // namespace logging; extern logging::Manager* log_mgr; + +} // namespace zeek + +extern zeek::logging::Manager*& log_mgr [[deprecated("Remove in v4.1. Use zeek::log_mgr.")]]; + +namespace logging { + +using Manager [[deprecated("Remove in v4.1. Use zeek::logging::Manager.")]] = zeek::logging::Manager; + +} // namespace logging diff --git a/src/logging/Tag.cc b/src/logging/Tag.cc index ffe366f48d..7600ebbf31 100644 --- a/src/logging/Tag.cc +++ b/src/logging/Tag.cc @@ -3,39 +3,43 @@ #include "Tag.h" #include "Manager.h" -const logging::Tag logging::Tag::Error; +namespace zeek::logging { -logging::Tag::Tag(type_t type, subtype_t subtype) +const Tag Tag::Error; + +Tag::Tag(type_t type, subtype_t subtype) : zeek::Tag(log_mgr->GetTagType(), type, subtype) { } -logging::Tag& logging::Tag::operator=(const logging::Tag& other) +Tag& Tag::operator=(const Tag& other) { zeek::Tag::operator=(other); return *this; } -logging::Tag& logging::Tag::operator=(const logging::Tag&& other) noexcept +Tag& Tag::operator=(const Tag&& other) noexcept { zeek::Tag::operator=(other); return *this; } -const zeek::EnumValPtr& logging::Tag::AsVal() const +const zeek::EnumValPtr& Tag::AsVal() const { return zeek::Tag::AsVal(log_mgr->GetTagType()); } -zeek::EnumVal* logging::Tag::AsEnumVal() const +zeek::EnumVal* Tag::AsEnumVal() const { return AsVal().get(); } -logging::Tag::Tag(zeek::EnumValPtr val) +Tag::Tag(zeek::EnumValPtr val) : zeek::Tag(std::move(val)) { } -logging::Tag::Tag(zeek::EnumVal* val) +Tag::Tag(zeek::EnumVal* val) : zeek::Tag({zeek::NewRef{}, val}) { } + +} // namespace zeek::logging diff --git a/src/logging/Tag.h b/src/logging/Tag.h index b3a05920e9..17622027a5 100644 --- a/src/logging/Tag.h +++ b/src/logging/Tag.h @@ -20,10 +20,10 @@ namespace plugin { zeek::plugin::ComponentManager; } -namespace logging { +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, logging); +ZEEK_FORWARD_DECLARE_NAMESPACED(Component, zeek, logging); -class Manager; -class Component; +namespace zeek::logging { /** * Class to identify a writer type. @@ -128,4 +128,10 @@ protected: explicit Tag(zeek::EnumVal* val); }; -} +} // namespace zeek::logging + +namespace logging { + +using Tag [[deprecated("Remove in v4.1. Use zeek::logging::Tag.")]] = zeek::logging::Tag; + +} // namespace logging diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 9bb691c594..6658f880c6 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -11,10 +11,10 @@ // Messages sent from backend to frontend (i.e., "OutputMessages"). -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; -namespace logging { +namespace zeek::logging { class RotationFinishedMessage final : public threading::OutputMessage { @@ -22,7 +22,7 @@ public: RotationFinishedMessage(WriterFrontend* writer, const char* new_name, const char* old_name, double open, double close, bool success, bool terminating) : threading::OutputMessage("RotationFinished", writer), - new_name(copy_string(new_name)), old_name(copy_string(old_name)), open(open), + new_name(zeek::util::copy_string(new_name)), old_name(zeek::util::copy_string(old_name)), open(open), close(close), success(success), terminating(terminating) { } ~RotationFinishedMessage() override @@ -63,12 +63,8 @@ public: bool Process() override { Object()->SetDisable(); return true; } }; -} - // Backend methods. -using namespace logging; - broker::data WriterBackend::WriterInfo::ToBroker() const { auto t = broker::table(); @@ -101,8 +97,8 @@ bool WriterBackend::WriterInfo::FromBroker(broker::data d) if ( ! (bpath && brotation_base && brotation_interval && bnetwork_time && bconfig && bppf) ) return false; - path = copy_string(bpath->c_str()); - post_proc_func = copy_string(bppf->c_str()); + path = zeek::util::copy_string(bpath->c_str()); + post_proc_func = zeek::util::copy_string(bppf->c_str()); rotation_base = *brotation_base; rotation_interval = *brotation_interval; network_time = *bnetwork_time; @@ -115,7 +111,7 @@ bool WriterBackend::WriterInfo::FromBroker(broker::data d) if ( ! (k && v) ) return false; - auto p = std::make_pair(copy_string(k->c_str()), copy_string(v->c_str())); + auto p = std::make_pair(zeek::util::copy_string(k->c_str()), zeek::util::copy_string(v->c_str())); config.insert(p); } @@ -331,3 +327,5 @@ bool WriterBackend::OnHeartbeat(double network_time, double current_time) SendOut(new FlushWriteBufferMessage(frontend)); return DoHeartbeat(network_time, current_time); } + +} // namespace zeek::logging diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 14fe515dbf..c10d8e22f2 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -10,9 +10,9 @@ namespace broker { class data; } -namespace logging { +ZEEK_FORWARD_DECLARE_NAMESPACED(WriterFrontend, zeek, logging); -class WriterFrontend; +namespace zeek::logging { /** * Base class for writer implementation. When the logging::Manager creates a @@ -50,7 +50,7 @@ public: struct WriterInfo { // Structure takes ownership of these strings. - typedef std::map config_map; + typedef std::map config_map; /** * A string left to the interpretation of the writer @@ -98,14 +98,15 @@ public: WriterInfo(const WriterInfo& other) { - path = other.path ? copy_string(other.path) : nullptr; - post_proc_func = other.post_proc_func ? copy_string(other.post_proc_func) : nullptr; + path = other.path ? zeek::util::copy_string(other.path) : nullptr; + post_proc_func = other.post_proc_func ? zeek::util::copy_string(other.post_proc_func) : nullptr; rotation_interval = other.rotation_interval; rotation_base = other.rotation_base; network_time = other.network_time; for ( config_map::const_iterator i = other.config.begin(); i != other.config.end(); i++ ) - config.insert(std::make_pair(copy_string(i->first), copy_string(i->second))); + config.insert(std::make_pair(zeek::util::copy_string(i->first), + zeek::util::copy_string(i->second))); } ~WriterInfo() @@ -398,5 +399,10 @@ private: int rotation_counter; // Tracks FinishedRotation() calls. }; +} // namespace zeek::logging -} +namespace logging { + +using WriterBackend [[deprecated("Remove in v4.1. Use zeek::logging::WriterBackend.")]] = zeek::logging::WriterBackend; + +} // namespace logging diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 60c432b07e..9a57ac3d30 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -1,5 +1,5 @@ -#include "Net.h" +#include "RunState.h" #include "threading/SerialTypes.h" #include "broker/Manager.h" @@ -7,22 +7,21 @@ #include "WriterFrontend.h" #include "WriterBackend.h" -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; -namespace logging { +namespace zeek::logging { // Messages sent from frontend to backend (i.e., "InputMessages"). -class InitMessage final : public threading::InputMessage +class InitMessage final : public zeek::threading::InputMessage { public: InitMessage(WriterBackend* backend, const int num_fields, const Field* const* fields) - : threading::InputMessage("Init", backend), + : zeek::threading::InputMessage("Init", backend), num_fields(num_fields), fields(fields) {} - bool Process() override { return Object()->Init(num_fields, fields); } private: @@ -30,14 +29,14 @@ private: const Field * const* fields; }; -class RotateMessage final : public threading::InputMessage +class RotateMessage final : public zeek::threading::InputMessage { public: RotateMessage(WriterBackend* backend, WriterFrontend* frontend, const char* rotated_path, const double open, - const double close, const bool terminating) - : threading::InputMessage("Rotate", backend), + const double close, const bool terminating) + : zeek::threading::InputMessage("Rotate", backend), frontend(frontend), - rotated_path(copy_string(rotated_path)), open(open), + rotated_path(zeek::util::copy_string(rotated_path)), open(open), close(close), terminating(terminating) { } virtual ~RotateMessage() { delete [] rotated_path; } @@ -52,11 +51,11 @@ private: const bool terminating; }; -class WriteMessage final : public threading::InputMessage +class WriteMessage final : public zeek::threading::InputMessage { public: WriteMessage(WriterBackend* backend, int num_fields, int num_writes, Value*** vals) - : threading::InputMessage("Write", backend), + : zeek::threading::InputMessage("Write", backend), num_fields(num_fields), num_writes(num_writes), vals(vals) {} bool Process() override { return Object()->Write(num_fields, num_writes, vals); } @@ -67,11 +66,11 @@ private: Value ***vals; }; -class SetBufMessage final : public threading::InputMessage +class SetBufMessage final : public zeek::threading::InputMessage { public: SetBufMessage(WriterBackend* backend, const bool enabled) - : threading::InputMessage("SetBuf", backend), + : zeek::threading::InputMessage("SetBuf", backend), enabled(enabled) { } bool Process() override { return Object()->SetBuf(enabled); } @@ -80,11 +79,11 @@ private: const bool enabled; }; -class FlushMessage final : public threading::InputMessage +class FlushMessage final : public zeek::threading::InputMessage { public: FlushMessage(WriterBackend* backend, double network_time) - : threading::InputMessage("Flush", backend), + : zeek::threading::InputMessage("Flush", backend), network_time(network_time) {} bool Process() override { return Object()->Flush(network_time); } @@ -92,12 +91,8 @@ private: double network_time; }; -} - // Frontend methods. -using namespace logging; - WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, zeek::EnumVal* arg_stream, zeek::EnumVal* arg_writer, bool arg_local, bool arg_remote) { @@ -118,7 +113,7 @@ WriterFrontend::WriterFrontend(const WriterBackend::WriterInfo& arg_info, zeek:: fields = nullptr; const char* w = arg_writer->GetType()->AsEnumType()->Lookup(arg_writer->InternalInt()); - name = copy_string(fmt("%s/%s", arg_info.path, w)); + name = zeek::util::copy_string(zeek::util::fmt("%s/%s", arg_info.path, w)); if ( local ) { @@ -231,7 +226,7 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals) write_buffer[write_buffer_pos++] = vals; - if ( write_buffer_pos >= WRITER_BUFFER_SIZE || ! buf || terminating ) + if ( write_buffer_pos >= WRITER_BUFFER_SIZE || ! buf || zeek::run_state::terminating ) // Buffer full (or no bufferin desired or termiating). FlushWriteBuffer(); @@ -299,3 +294,5 @@ void WriterFrontend::DeleteVals(int num_fields, Value** vals) delete [] vals; } + +} // namespace zeek::logging diff --git a/src/logging/WriterFrontend.h b/src/logging/WriterFrontend.h index d2e5b846d6..74f07ad323 100644 --- a/src/logging/WriterFrontend.h +++ b/src/logging/WriterFrontend.h @@ -4,9 +4,9 @@ #include "WriterBackend.h" -namespace logging { +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, logging); -class Manager; +namespace zeek::logging { /** * Bridge class between the logging::Manager and backend writer threads. The @@ -209,4 +209,10 @@ protected: threading::Value*** write_buffer; // Buffer of size WRITER_BUFFER_SIZE. }; -} +} // namespace zeek::logging + +namespace logging { + +using WriterFrontend [[deprecated("Remove in v4.1. Use zeek::logging::WriterFrontend.")]] = zeek::logging::WriterFrontend; + +} // namespace logging diff --git a/src/logging/logging.bif b/src/logging/logging.bif index eb2d8c6efc..82d8e0047c 100644 --- a/src/logging/logging.bif +++ b/src/logging/logging.bif @@ -19,54 +19,54 @@ enum PrintLogType %{ function Log::__create_stream%(id: Log::ID, stream: Log::Stream%) : bool %{ - bool result = log_mgr->CreateStream(id->AsEnumVal(), stream->AsRecordVal()); + bool result = zeek::log_mgr->CreateStream(id->AsEnumVal(), stream->AsRecordVal()); return zeek::val_mgr->Bool(result); %} function Log::__remove_stream%(id: Log::ID%) : bool %{ - bool result = log_mgr->RemoveStream(id->AsEnumVal()); + bool result = zeek::log_mgr->RemoveStream(id->AsEnumVal()); return zeek::val_mgr->Bool(result); %} function Log::__enable_stream%(id: Log::ID%) : bool %{ - bool result = log_mgr->EnableStream(id->AsEnumVal()); + bool result = zeek::log_mgr->EnableStream(id->AsEnumVal()); return zeek::val_mgr->Bool(result); %} function Log::__disable_stream%(id: Log::ID%) : bool %{ - bool result = log_mgr->DisableStream(id->AsEnumVal()); + bool result = zeek::log_mgr->DisableStream(id->AsEnumVal()); return zeek::val_mgr->Bool(result); %} function Log::__add_filter%(id: Log::ID, filter: Log::Filter%) : bool %{ - bool result = log_mgr->AddFilter(id->AsEnumVal(), filter->AsRecordVal()); + bool result = zeek::log_mgr->AddFilter(id->AsEnumVal(), filter->AsRecordVal()); return zeek::val_mgr->Bool(result); %} function Log::__remove_filter%(id: Log::ID, name: string%) : bool %{ - bool result = log_mgr->RemoveFilter(id->AsEnumVal(), name); + bool result = zeek::log_mgr->RemoveFilter(id->AsEnumVal(), name); return zeek::val_mgr->Bool(result); %} function Log::__write%(id: Log::ID, columns: any%) : bool %{ - bool result = log_mgr->Write(id->AsEnumVal(), columns->AsRecordVal()); + bool result = zeek::log_mgr->Write(id->AsEnumVal(), columns->AsRecordVal()); return zeek::val_mgr->Bool(result); %} function Log::__set_buf%(id: Log::ID, buffered: bool%): bool %{ - bool result = log_mgr->SetBuf(id->AsEnumVal(), buffered); + bool result = zeek::log_mgr->SetBuf(id->AsEnumVal(), buffered); return zeek::val_mgr->Bool(result); %} function Log::__flush%(id: Log::ID%): bool %{ - bool result = log_mgr->Flush(id->AsEnumVal()); + bool result = zeek::log_mgr->Flush(id->AsEnumVal()); return zeek::val_mgr->Bool(result); %} diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc index 6a3256daba..4f37ede80e 100644 --- a/src/logging/writers/ascii/Ascii.cc +++ b/src/logging/writers/ascii/Ascii.cc @@ -15,6 +15,7 @@ #include #include "Func.h" +#include "RunState.h" #include "supervisor/Supervisor.h" #include "logging/Manager.h" #include "threading/SerialTypes.h" @@ -23,13 +24,13 @@ #include "ascii.bif.h" using namespace std; -using namespace logging::writer; -using namespace threading; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; static constexpr auto shadow_file_prefix = ".shadow."; +namespace zeek::logging::writer::detail { + /** * Information about an leftover log file: that is, one that a previous * process was in the middle of writing, but never completed a rotation @@ -106,7 +107,7 @@ static std::optional parse_shadow_log(const std::string& fname) if ( ! sf_stream ) { - rval.error = fmt("Failed to open %s: %s", + rval.error = zeek::util::fmt("Failed to open %s: %s", rval.shadow_filename.data(), strerror(errno)); return rval; } @@ -115,7 +116,7 @@ static std::optional parse_shadow_log(const std::string& fname) if ( res == -1 ) { - rval.error = fmt("Failed to fseek(SEEK_END) on %s: %s", + rval.error = zeek::util::fmt("Failed to fseek(SEEK_END) on %s: %s", rval.shadow_filename.data(), strerror(errno)); fclose(sf_stream); return rval; @@ -125,7 +126,7 @@ static std::optional parse_shadow_log(const std::string& fname) if ( sf_len == -1 ) { - rval.error = fmt("Failed to ftell() on %s: %s", + rval.error = zeek::util::fmt("Failed to ftell() on %s: %s", rval.shadow_filename.data(), strerror(errno)); fclose(sf_stream); return rval; @@ -135,7 +136,7 @@ static std::optional parse_shadow_log(const std::string& fname) if ( res == -1 ) { - rval.error = fmt("Failed to fseek(SEEK_SET) on %s: %s", + rval.error = zeek::util::fmt("Failed to fseek(SEEK_SET) on %s: %s", rval.shadow_filename.data(), strerror(errno)); fclose(sf_stream); return rval; @@ -152,11 +153,11 @@ static std::optional parse_shadow_log(const std::string& fname) } std::string_view sf_view(sf_content.get(), sf_len); - auto sf_lines = tokenize_string(sf_view, '\n'); + auto sf_lines = zeek::util::tokenize_string(sf_view, '\n'); if ( sf_lines.size() < 2 ) { - rval.error = fmt("Found leftover log, '%s', but the associated shadow " + rval.error = zeek::util::fmt("Found leftover log, '%s', but the associated shadow " " file, '%s', required to process it is invalid", rval.filename.data(), rval.shadow_filename.data()); return rval; @@ -170,7 +171,7 @@ static std::optional parse_shadow_log(const std::string& fname) // Use shadow file's modification time as creation time. if ( stat(rval.shadow_filename.data(), &st) != 0 ) { - rval.error = fmt("Failed to stat %s: %s", + rval.error = zeek::util::fmt("Failed to stat %s: %s", rval.shadow_filename.data(), strerror(errno)); return rval; } @@ -180,7 +181,7 @@ static std::optional parse_shadow_log(const std::string& fname) // Use log file's modification time for closing time. if ( stat(rval.filename.data(), &st) != 0 ) { - rval.error = fmt("Failed to stat %s: %s", + rval.error = zeek::util::fmt("Failed to stat %s: %s", rval.filename.data(), strerror(errno)); return rval; } @@ -190,7 +191,7 @@ static std::optional parse_shadow_log(const std::string& fname) return rval; } -Ascii::Ascii(WriterFrontend* frontend) : WriterBackend(frontend) +Ascii::Ascii(zeek::logging::WriterFrontend* frontend) : zeek::logging::WriterBackend(frontend) { fd = 0; ascii_done = false; @@ -358,22 +359,22 @@ bool Ascii::InitFormatter() if ( use_json ) { - formatter::JSON::TimeFormat tf = formatter::JSON::TS_EPOCH; + zeek::threading::formatter::JSON::TimeFormat tf = zeek::threading::formatter::JSON::TS_EPOCH; // Write out JSON formatted logs. if ( strcmp(json_timestamps.c_str(), "JSON::TS_EPOCH") == 0 ) - tf = formatter::JSON::TS_EPOCH; + tf = zeek::threading::formatter::JSON::TS_EPOCH; else if ( strcmp(json_timestamps.c_str(), "JSON::TS_MILLIS") == 0 ) - tf = formatter::JSON::TS_MILLIS; + tf = zeek::threading::formatter::JSON::TS_MILLIS; else if ( strcmp(json_timestamps.c_str(), "JSON::TS_ISO8601") == 0 ) - tf = formatter::JSON::TS_ISO8601; + tf = zeek::threading::formatter::JSON::TS_ISO8601; else { Error(Fmt("Invalid JSON timestamp format: %s", json_timestamps.c_str())); return false; } - formatter = new formatter::JSON(this, tf); + formatter = new zeek::threading::formatter::JSON(this, tf); // Using JSON implicitly turns off the header meta fields. include_meta = false; } @@ -386,8 +387,8 @@ bool Ascii::InitFormatter() // Use the default "Bro logs" format. desc.EnableEscaping(); desc.AddEscapeSequence(separator); - formatter::Ascii::SeparatorInfo sep_info(separator, set_separator, unset_field, empty_field); - formatter = new formatter::Ascii(this, sep_info); + zeek::threading::formatter::Ascii::SeparatorInfo sep_info(separator, set_separator, unset_field, empty_field); + formatter = new zeek::threading::formatter::Ascii(this, sep_info); } return true; @@ -398,7 +399,7 @@ Ascii::~Ascii() if ( ! ascii_done ) // In case of errors aborting the logging altogether, // DoFinish() may not have been called. - CloseFile(network_time); + CloseFile(zeek::run_state::network_time); delete formatter; } @@ -423,7 +424,7 @@ void Ascii::CloseFile(double t) gzfile = nullptr; } -bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * fields) +bool Ascii::DoInit(const WriterInfo& info, int num_fields, const zeek::threading::Field* const * fields) { assert(! fd); @@ -462,17 +463,17 @@ bool Ascii::DoInit(const WriterInfo& info, int num_fields, const Field* const * return false; } - safe_write(sfd, ext.data(), ext.size()); - safe_write(sfd, "\n", 1); + zeek::util::safe_write(sfd, ext.data(), ext.size()); + zeek::util::safe_write(sfd, "\n", 1); auto ppf = info.post_proc_func; if ( ppf ) - safe_write(sfd, ppf, strlen(ppf)); + zeek::util::safe_write(sfd, ppf, strlen(ppf)); - safe_write(sfd, "\n", 1); + zeek::util::safe_write(sfd, "\n", 1); - safe_close(sfd); + zeek::util::safe_close(sfd); } } @@ -552,16 +553,16 @@ bool Ascii::WriteHeader(const string& path) string str = meta_prefix + "separator " // Always use space as separator here. - + get_escaped_string(separator, false) + + zeek::util::get_escaped_string(separator, false) + "\n"; if ( ! InternalWrite(fd, str.c_str(), str.length()) ) return false; - if ( ! (WriteHeaderField("set_separator", get_escaped_string(set_separator, false)) && - WriteHeaderField("empty_field", get_escaped_string(empty_field, false)) && - WriteHeaderField("unset_field", get_escaped_string(unset_field, false)) && - WriteHeaderField("path", get_escaped_string(path, false)) && + if ( ! (WriteHeaderField("set_separator", zeek::util::get_escaped_string(set_separator, false)) && + WriteHeaderField("empty_field", zeek::util::get_escaped_string(empty_field, false)) && + WriteHeaderField("unset_field", zeek::util::get_escaped_string(unset_field, false)) && + WriteHeaderField("path", zeek::util::get_escaped_string(path, false)) && WriteHeaderField("open", Timestamp(0))) ) return false; @@ -595,8 +596,8 @@ bool Ascii::DoFinish(double network_time) return true; } -bool Ascii::DoWrite(int num_fields, const Field* const * fields, - Value** vals) +bool Ascii::DoWrite(int num_fields, const zeek::threading::Field* const * fields, + zeek::threading::Value** vals) { if ( ! fd ) DoInit(Info(), NumFields(), Fields()); @@ -615,7 +616,7 @@ bool Ascii::DoWrite(int num_fields, const Field* const * fields, { // It would so escape the first character. char hex[4] = {'\\', 'x', '0', '0'}; - bytetohex(bytes[0], hex + 2); + zeek::util::bytetohex(bytes[0], hex + 2); if ( ! InternalWrite(fd, hex, 4) ) goto write_error; @@ -659,7 +660,7 @@ bool Ascii::DoRotate(const char* rotated_path, double open, double close, bool t if ( rename(fname.c_str(), nname.c_str()) != 0 ) { char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek::util::zeek_strerror_r(errno, buf, sizeof(buf)); Error(Fmt("failed to rename %s to %s: %s", fname.c_str(), nname.c_str(), buf)); FinishedRotation(); @@ -717,7 +718,7 @@ static std::vector find_leftover_logs() std::string log_name = dp->d_name + prefix_len; - if ( is_file(log_name) ) + if ( zeek::util::is_file(log_name) ) { if ( auto ll = parse_shadow_log(log_name) ) { @@ -783,8 +784,8 @@ void Ascii::RotateLeftoverLogs() ll.filename.data(), ll.post_proc_func.data()); } - auto rotation_path = log_mgr->FormatRotationPath( - writer_val, ll.Path(), ll.open_time, ll.close_time, false, ppf); + auto rotation_path = zeek::log_mgr->FormatRotationPath( + writer_val, ll.Path(), ll.open_time, ll.close_time, false, ppf); rotation_path += ll.extension; @@ -822,7 +823,7 @@ void Ascii::RotateLeftoverLogs() string Ascii::LogExt() { - const char* ext = zeekenv("ZEEK_LOG_SUFFIX"); + const char* ext = zeek::util::zeekenv("ZEEK_LOG_SUFFIX"); if ( ! ext ) ext = "log"; @@ -857,7 +858,7 @@ string Ascii::Timestamp(double t) bool Ascii::InternalWrite(int fd, const char* data, int len) { if ( ! gzfile ) - return safe_write(fd, data, len); + return zeek::util::safe_write(fd, data, len); while ( len > 0 ) { @@ -881,7 +882,7 @@ bool Ascii::InternalClose(int fd) { if ( ! gzfile ) { - safe_close(fd); + zeek::util::safe_close(fd); return true; } @@ -908,3 +909,5 @@ bool Ascii::InternalClose(int fd) return false; } + +} // namespace zeek::logging::writer::detail diff --git a/src/logging/writers/ascii/Ascii.h b/src/logging/writers/ascii/Ascii.h index 5f3ba6663b..49b55bb1f5 100644 --- a/src/logging/writers/ascii/Ascii.h +++ b/src/logging/writers/ascii/Ascii.h @@ -10,25 +10,25 @@ #include "Desc.h" #include "zlib.h" -namespace plugin::Zeek_AsciiWriter { class Plugin; } +namespace zeek::plugin::detail::Zeek_AsciiWriter { class Plugin; } -namespace logging { namespace writer { +namespace zeek::logging::writer::detail { -class Ascii : public WriterBackend { +class Ascii : public zeek::logging::WriterBackend { public: - explicit Ascii(WriterFrontend* frontend); + explicit Ascii(zeek::logging::WriterFrontend* frontend); ~Ascii() override; static std::string LogExt(); - static WriterBackend* Instantiate(WriterFrontend* frontend) + static zeek::logging::WriterBackend* Instantiate(zeek::logging::WriterFrontend* frontend) { return new Ascii(frontend); } protected: bool DoInit(const WriterInfo& info, int num_fields, - const threading::Field* const* fields) override; - bool DoWrite(int num_fields, const threading::Field* const* fields, - threading::Value** vals) override; + const zeek::threading::Field* const* fields) override; + bool DoWrite(int num_fields, const zeek::threading::Field* const* fields, + zeek::threading::Value** vals) override; bool DoSetBuf(bool enabled) override; bool DoRotate(const char* rotated_path, double open, double close, bool terminating) override; @@ -37,7 +37,7 @@ protected: bool DoHeartbeat(double network_time, double current_time) override; private: - friend class plugin::Zeek_AsciiWriter::Plugin; + friend class zeek::plugin::detail::Zeek_AsciiWriter::Plugin; static void RotateLeftoverLogs(); @@ -75,9 +75,8 @@ private: bool enable_utf_8; std::string json_timestamps; - threading::formatter::Formatter* formatter; + zeek::threading::Formatter* formatter; bool init_options; }; -} -} +} // namespace zeek::logging::writer::detail diff --git a/src/logging/writers/ascii/Plugin.cc b/src/logging/writers/ascii/Plugin.cc index 4692a9828a..43d151837a 100644 --- a/src/logging/writers/ascii/Plugin.cc +++ b/src/logging/writers/ascii/Plugin.cc @@ -5,14 +5,13 @@ #include "Ascii.h" -namespace plugin { -namespace Zeek_AsciiWriter { +namespace zeek::plugin::detail::Zeek_AsciiWriter { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::logging::Component("Ascii", ::logging::writer::Ascii::Instantiate)); + AddComponent(new zeek::logging::Component("Ascii", zeek::logging::writer::detail::Ascii::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::AsciiWriter"; @@ -20,13 +19,11 @@ public: return config; } protected: - void InitPostScript() override; + void InitPostScript() override + { + zeek::logging::writer::detail::Ascii::RotateLeftoverLogs(); + } } plugin; -void Plugin::InitPostScript() - { - ::logging::writer::Ascii::RotateLeftoverLogs(); - } -} -} +} // namespace zeek::plugin::detail::Zeek_AsciiWriter diff --git a/src/logging/writers/none/None.cc b/src/logging/writers/none/None.cc index b8a4d8aa71..21e81472a8 100644 --- a/src/logging/writers/none/None.cc +++ b/src/logging/writers/none/None.cc @@ -1,13 +1,11 @@ #include +#include #include "None.h" #include "none.bif.h" -#include - -using namespace logging; -using namespace writer; +namespace zeek::logging::writer::detail { bool None::DoInit(const WriterInfo& info, int num_fields, const threading::Field* const * fields) @@ -54,3 +52,5 @@ bool None::DoRotate(const char* rotated_path, double open, double close, bool te return true; } + +} // namespace zeek::logging::writer::detail diff --git a/src/logging/writers/none/None.h b/src/logging/writers/none/None.h index b00616f597..6b45587770 100644 --- a/src/logging/writers/none/None.h +++ b/src/logging/writers/none/None.h @@ -6,14 +6,14 @@ #include "logging/WriterBackend.h" -namespace logging { namespace writer { +namespace zeek::logging::writer::detail { -class None : public WriterBackend { +class None : public zeek::logging::WriterBackend { public: - explicit None(WriterFrontend* frontend) : WriterBackend(frontend) {} + explicit None(zeek::logging::WriterFrontend* frontend) : zeek::logging::WriterBackend(frontend) {} ~None() override {}; - static WriterBackend* Instantiate(WriterFrontend* frontend) + static zeek::logging::WriterBackend* Instantiate(zeek::logging::WriterFrontend* frontend) { return new None(frontend); } protected: @@ -29,5 +29,4 @@ protected: bool DoHeartbeat(double network_time, double current_time) override { return true; } }; -} -} +} // namespace zeek::logging::writer::detail diff --git a/src/logging/writers/none/Plugin.cc b/src/logging/writers/none/Plugin.cc index e767fc28d3..07a46a0820 100644 --- a/src/logging/writers/none/Plugin.cc +++ b/src/logging/writers/none/Plugin.cc @@ -5,14 +5,13 @@ #include "None.h" -namespace plugin { -namespace Zeek_NoneWriter { +namespace zeek::plugin::detail::Zeek_NoneWriter { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::logging::Component("None", ::logging::writer::None::Instantiate)); + AddComponent(new zeek::logging::Component("None", zeek::logging::writer::detail::None::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::NoneWriter"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_NoneWriter diff --git a/src/logging/writers/sqlite/Plugin.cc b/src/logging/writers/sqlite/Plugin.cc index 906407b673..1c40a608d2 100644 --- a/src/logging/writers/sqlite/Plugin.cc +++ b/src/logging/writers/sqlite/Plugin.cc @@ -5,14 +5,13 @@ #include "SQLite.h" -namespace plugin { -namespace Zeek_SQLiteWriter { +namespace zeek::plugin::detail::Zeek_SQLiteWriter { class Plugin : public zeek::plugin::Plugin { public: zeek::plugin::Configuration Configure() override { - AddComponent(new ::logging::Component("SQLite", ::logging::writer::SQLite::Instantiate)); + AddComponent(new zeek::logging::Component("SQLite", zeek::logging::writer::detail::SQLite::Instantiate)); zeek::plugin::Configuration config; config.name = "Zeek::SQLiteWriter"; @@ -21,5 +20,4 @@ public: } } plugin; -} -} +} // namespace zeek::plugin::detail::Zeek_SQLiteWriter diff --git a/src/logging/writers/sqlite/SQLite.cc b/src/logging/writers/sqlite/SQLite.cc index 5305eef58d..6ced41bf6b 100644 --- a/src/logging/writers/sqlite/SQLite.cc +++ b/src/logging/writers/sqlite/SQLite.cc @@ -12,13 +12,13 @@ #include "sqlite.bif.h" using namespace std; -using namespace logging; -using namespace writer; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; -SQLite::SQLite(WriterFrontend* frontend) - : WriterBackend(frontend), +namespace zeek::logging::writer::detail { + +SQLite::SQLite(zeek::logging::WriterFrontend* frontend) + : zeek::logging::WriterBackend(frontend), fields(), num_fields(), db(), st() { set_separator.assign( @@ -36,8 +36,8 @@ SQLite::SQLite(WriterFrontend* frontend) zeek::BifConst::LogSQLite::empty_field->Len() ); - threading::formatter::Ascii::SeparatorInfo sep_info(string(), set_separator, unset_field, empty_field); - io = new threading::formatter::Ascii(this, sep_info); + zeek::threading::formatter::Ascii::SeparatorInfo sep_info(string(), set_separator, unset_field, empty_field); + io = new zeek::threading::formatter::Ascii(this, sep_info); } SQLite::~SQLite() @@ -112,7 +112,7 @@ bool SQLite::checkError(int code) } bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, - const Field* const * arg_fields) + const Field* const * arg_fields) { if ( sqlite3_threadsafe() == 0 ) { @@ -365,3 +365,5 @@ bool SQLite::DoRotate(const char* rotated_path, double open, double close, bool return true; } + +} // namespace zeek::logging::writer::detail diff --git a/src/logging/writers/sqlite/SQLite.h b/src/logging/writers/sqlite/SQLite.h index 6d6914be1f..0902195eac 100644 --- a/src/logging/writers/sqlite/SQLite.h +++ b/src/logging/writers/sqlite/SQLite.h @@ -11,14 +11,14 @@ #include "3rdparty/sqlite3.h" #include "Desc.h" -namespace logging { namespace writer { +namespace zeek::logging::writer::detail { -class SQLite : public WriterBackend { +class SQLite : public zeek::logging::WriterBackend { public: - explicit SQLite(WriterFrontend* frontend); + explicit SQLite(zeek::logging::WriterFrontend* frontend); ~SQLite() override; - static WriterBackend* Instantiate(WriterFrontend* frontend) + static zeek::logging::WriterBackend* Instantiate(zeek::logging::WriterFrontend* frontend) { return new SQLite(frontend); } protected: @@ -49,8 +49,7 @@ private: std::string unset_field; std::string empty_field; - threading::formatter::Ascii* io; + zeek::threading::formatter::Ascii* io; }; -} -} +} // namespace zeek::logging::writer::detail diff --git a/src/main.cc b/src/main.cc index cdabc30176..35a95491c3 100644 --- a/src/main.cc +++ b/src/main.cc @@ -5,19 +5,19 @@ #include "iosource/Manager.h" #include "supervisor/Supervisor.h" -#include "Net.h" +#include "RunState.h" int main(int argc, char** argv) { - auto time_start = current_time(true); + auto time_start = zeek::util::current_time(true); auto setup_result = zeek::detail::setup(argc, argv); if ( setup_result.code ) return setup_result.code; auto& options = setup_result.options; - auto do_net_run = iosource_mgr->Size() > 0 || - have_pending_timers || + auto do_net_run = zeek::iosource_mgr->Size() > 0 || + zeek::run_state::detail::have_pending_timers || zeek::BifConst::exit_only_after_terminate; if ( do_net_run ) @@ -40,41 +40,41 @@ int main(int argc, char** argv) if ( zeek::Supervisor::ThisNode() ) zeek::detail::timer_mgr->Add(new zeek::detail::ParentProcessCheckTimer(1, 1)); - double time_net_start = current_time(true);; + double time_net_start = zeek::util::current_time(true);; uint64_t mem_net_start_total; uint64_t mem_net_start_malloced; if ( options.print_execution_time ) { - get_memory_usage(&mem_net_start_total, &mem_net_start_malloced); + zeek::util::get_memory_usage(&mem_net_start_total, &mem_net_start_malloced); fprintf(stderr, "# initialization %.6f\n", time_net_start - time_start); fprintf(stderr, "# initialization %" PRIu64 "M/%" PRIu64 "M\n", - mem_net_start_total / 1024 / 1024, - mem_net_start_malloced / 1024 / 1024); + mem_net_start_total / 1024 / 1024, + mem_net_start_malloced / 1024 / 1024); } - net_run(); + zeek::run_state::detail::run_loop(); - double time_net_done = current_time(true);; + double time_net_done = zeek::util::current_time(true); uint64_t mem_net_done_total; uint64_t mem_net_done_malloced; if ( options.print_execution_time ) { - get_memory_usage(&mem_net_done_total, &mem_net_done_malloced); + zeek::util::get_memory_usage(&mem_net_done_total, &mem_net_done_malloced); fprintf(stderr, "# total time %.6f, processing %.6f\n", - time_net_done - time_start, time_net_done - time_net_start); + time_net_done - time_start, time_net_done - time_net_start); fprintf(stderr, "# total mem %" PRId64 "M/%" PRId64 "M, processing %" PRId64 "M/%" PRId64 "M\n", - mem_net_done_total / 1024 / 1024, - mem_net_done_malloced / 1024 / 1024, - (mem_net_done_total - mem_net_start_total) / 1024 / 1024, - (mem_net_done_malloced - mem_net_start_malloced) / 1024 / 1024); + mem_net_done_total / 1024 / 1024, + mem_net_done_malloced / 1024 / 1024, + (mem_net_done_total - mem_net_start_total) / 1024 / 1024, + (mem_net_done_malloced - mem_net_start_malloced) / 1024 / 1024); } } diff --git a/src/module_util.cc b/src/module_util.cc index e0737fc35e..32ac0fc837 100644 --- a/src/module_util.cc +++ b/src/module_util.cc @@ -11,6 +11,8 @@ using namespace std; +namespace zeek::detail { + static int streq(const char* s1, const char* s2) { return ! strcmp(s1, s2); @@ -111,3 +113,5 @@ string make_full_var_name(const char* module_name, const char* var_name) return full_name; } + +} // namespace zeek::detail diff --git a/src/module_util.h b/src/module_util.h index 1186ddcb12..169b7d4bbc 100644 --- a/src/module_util.h +++ b/src/module_util.h @@ -6,6 +6,8 @@ #include +namespace zeek::detail { + static constexpr const char* GLOBAL_MODULE_NAME = "GLOBAL"; extern std::string extract_module_name(const char* name); @@ -15,3 +17,11 @@ extern std::string normalized_module_name(const char* module_name); // w/o :: // Concatenates module_name::var_name unless var_name is already fully // qualified, in which case it is returned unmodified. extern std::string make_full_var_name(const char* module_name, const char* var_name); + +} // namespace zeek::detail + +constexpr auto GLOBAL_MODULE_NAME [[deprecated("Remove in v4.1. Use zeek::detail::GLOBAL_MODULE_NAME.")]] = zeek::detail::GLOBAL_MODULE_NAME; +constexpr auto extract_module_name [[deprecated("Remove in v4.1. Use zeek::detail::extract_module_name.")]] = zeek::detail::extract_module_name; +constexpr auto extract_var_name [[deprecated("Remove in v4.1. Use zeek::detail::extract_var_name.")]] = zeek::detail::extract_var_name; +constexpr auto normalized_module_name [[deprecated("Remove in v4.1. Use zeek::detail::normalized_module_name.")]] = zeek::detail::normalized_module_name; +constexpr auto make_full_var_name [[deprecated("Remove in v4.1. Use zeek::detail::make_full_var_name.")]] = zeek::detail::make_full_var_name; diff --git a/src/net_util.cc b/src/net_util.cc index 0f0f89d63e..54b6c22dae 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -14,6 +14,8 @@ #include "IPAddr.h" #include "IP.h" +namespace zeek { + // - adapted from tcpdump // Returns the ones-complement checksum of a chunk of b short-aligned bytes. int ones_complement_checksum(const void* p, int b, uint32_t sum) @@ -182,3 +184,5 @@ uint32_t extract_uint32(const u_char* data) return val; } + +} // namespace zeek diff --git a/src/net_util.h b/src/net_util.h index 6bd094e9e6..cc3b0b423c 100644 --- a/src/net_util.h +++ b/src/net_util.h @@ -116,6 +116,23 @@ struct ip6_rthdr { #define TCPOPT_TIMESTAMP TCPOPT_TSTAMP #endif +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); + +namespace zeek { + +// Returns the ones-complement checksum of a chunk of b short-aligned bytes. +extern int ones_complement_checksum(const void* p, int b, uint32_t sum); + +extern int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum); + +extern int icmp6_checksum(const struct icmp* icmpp, const zeek::IP_Hdr* ip, int len); +extern int icmp_checksum(const struct icmp* icmpp, int len); + +#ifdef ENABLE_MOBILE_IPV6 +extern int mobility_header_checksum(const zeek::IP_Hdr* ip); +#endif + // True if sequence # a is between b and c (b <= a <= c). It must be true // that b <= c in the sequence space. inline bool seq_between(uint32_t a, uint32_t b, uint32_t c) @@ -132,21 +149,6 @@ inline int32_t seq_delta(uint32_t a, uint32_t b) return a - b; } -ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); -ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); - -// Returns the ones-complement checksum of a chunk of b short-aligned bytes. -extern int ones_complement_checksum(const void* p, int b, uint32_t sum); - -extern int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum); - -extern int icmp6_checksum(const struct icmp* icmpp, const zeek::IP_Hdr* ip, int len); -extern int icmp_checksum(const struct icmp* icmpp, int len); - -#ifdef ENABLE_MOBILE_IPV6 -extern int mobility_header_checksum(const zeek::IP_Hdr* ip); -#endif - // Returns 'A', 'B', 'C' or 'D' extern char addr_to_class(uint32_t addr); @@ -230,3 +232,43 @@ inline uint64_t htonll(uint64_t i) { return ntohll(i); } #endif #endif + +} // namespace zeek + +constexpr auto seq_between [[deprecated("Remove in v4.1. Use zeek::seq_between.")]] = zeek::seq_between; +constexpr auto seq_delta [[deprecated("Remove in v4.1. Use zeek::seq_delta.")]] = zeek::seq_delta; +constexpr auto icmp6_checksum [[deprecated("Remove in v4.1. Use zeek::icmp6_checksum.")]] = zeek::icmp6_checksum; +constexpr auto icmp_checksum [[deprecated("Remove in v4.1. Use zeek::icmp_checksum.")]] = zeek::icmp_checksum; + +[[deprecated("Remove in v4.1. Use zeek::ones_complement_checksum.")]] +inline int ones_complement_checksum(const void* p, int b, uint32_t sum) + { return zeek::ones_complement_checksum(p, b, sum); } +[[deprecated("Remove in v4.1. Use zeek::ones_complement_checksum.")]] +inline int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum) + { return zeek::ones_complement_checksum(a, sum); } + +#ifdef ENABLE_MOBILE_IPV6 +constexpr auto mobility_header_checksum [[deprecated("Remove in v4.1. Use zeek::mobility_header_checksum.")]] = zeek::mobility_header_checksum; +#endif + +constexpr auto addr_to_class [[deprecated("Remove in v4.1. Use zeek::addr_to_class.")]] = zeek::addr_to_class; + +[[deprecated("Remove in v4.1. Use zeek::fmt_conn_id.")]] +inline const char* fmt_conn_id(const zeek::IPAddr& src_addr, uint32_t src_port, + const zeek::IPAddr& dst_addr, uint32_t dst_port) + { return zeek::fmt_conn_id(src_addr, src_port, dst_addr, dst_port); } +[[deprecated("Remove in v4.1. Use zeek::fmt_conn_id.")]] +inline const char* fmt_conn_id(const uint32_t* src_addr, uint32_t src_port, + const uint32_t* dst_addr, uint32_t dst_port) + { return zeek::fmt_conn_id(src_addr, src_port, dst_addr, dst_port); } + +constexpr auto fmt_mac [[deprecated("Remove in v4.1. Use zeek::fmt_mac.")]] = zeek::fmt_mac; +constexpr auto extract_uint32 [[deprecated("Remove in v4.1. Use zeek::extract_uint32.")]] = zeek::extract_uint32; + +constexpr auto ntohd [[deprecated("Remove in v4.1. Use zeek::ntohd.")]] = zeek::ntohd; +constexpr auto htond [[deprecated("Remove in v4.1. Use zeek::htond.")]] = zeek::htond; + +#ifndef HAVE_BYTEORDER_64 +constexpr auto ntohll [[deprecated("Remove in v4.1. Use zeek::ntohll.")]] = zeek::ntohll; +constexpr auto htonll [[deprecated("Remove in v4.1. Use zeek::htonll.")]] = zeek::htonll; +#endif diff --git a/src/option.bif b/src/option.bif index f2e5ee939b..e9de84be63 100644 --- a/src/option.bif +++ b/src/option.bif @@ -61,31 +61,31 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool const auto& i = zeek::detail::global_scope()->Find(ID->CheckString()); if ( ! i ) { - zeek::emit_builtin_error(fmt("Could not find ID named '%s'", ID->CheckString())); + zeek::emit_builtin_error(zeek::util::fmt("Could not find ID named '%s'", ID->CheckString())); return zeek::val_mgr->False(); } if ( ! i->HasVal() ) { // should be impossible because initialization is enforced - zeek::emit_builtin_error(fmt("ID '%s' has no value", ID->CheckString())); + zeek::emit_builtin_error(zeek::util::fmt("ID '%s' has no value", ID->CheckString())); return zeek::val_mgr->False(); } if ( ! i->IsOption() ) { - zeek::emit_builtin_error(fmt("ID '%s' is not an option", ID->CheckString())); + zeek::emit_builtin_error(zeek::util::fmt("ID '%s' is not an option", ID->CheckString())); return zeek::val_mgr->False(); } - if ( same_type(val->GetType(), bro_broker::DataVal::ScriptDataType()) ) + if ( same_type(val->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) ) { - auto dv = static_cast(val->AsRecordVal()->GetField(0).get()); + auto dv = static_cast(val->AsRecordVal()->GetField(0).get()); auto val_from_data = dv->castTo(i->GetType().get()); if ( ! val_from_data ) { - zeek::emit_builtin_error(fmt("Incompatible type for set of ID '%s': got broker data '%s', need '%s'", + zeek::emit_builtin_error(zeek::util::fmt("Incompatible type for set of ID '%s': got broker data '%s', need '%s'", ID->CheckString(), dv->data.get_type_name(), type_name(i->GetType()->Tag()))); return zeek::val_mgr->False(); @@ -109,7 +109,7 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool return zeek::val_mgr->Bool(rval); } - zeek::emit_builtin_error(fmt("Incompatible type for set of ID '%s': got '%s', need '%s'", + zeek::emit_builtin_error(zeek::util::fmt("Incompatible type for set of ID '%s': got '%s', need '%s'", ID->CheckString(), type_name(val->GetType()->Tag()), type_name(i->GetType()->Tag()))); return zeek::val_mgr->False(); @@ -148,19 +148,19 @@ function Option::set_change_handler%(ID: string, on_change: any, priority: int & const auto& i = zeek::detail::global_scope()->Find(ID->CheckString()); if ( ! i ) { - zeek::emit_builtin_error(fmt("Could not find ID named '%s'", ID->CheckString())); + zeek::emit_builtin_error(zeek::util::fmt("Could not find ID named '%s'", ID->CheckString())); return zeek::val_mgr->False(); } if ( ! i->IsOption() ) { - zeek::emit_builtin_error(fmt("ID '%s' is not an option", ID->CheckString())); + zeek::emit_builtin_error(zeek::util::fmt("ID '%s' is not an option", ID->CheckString())); return zeek::val_mgr->False(); } if ( on_change->GetType()->Tag() != TYPE_FUNC ) { - zeek::emit_builtin_error(fmt("Option::on_change needs function argument; got '%s' for ID '%s'", + zeek::emit_builtin_error(zeek::util::fmt("Option::on_change needs function argument; got '%s' for ID '%s'", type_name(on_change->GetType()->Tag()), ID->CheckString())); return zeek::val_mgr->False(); } @@ -174,21 +174,21 @@ function Option::set_change_handler%(ID: string, on_change: any, priority: int & const auto& args = on_change->GetType()->AsFuncType()->ParamList()->GetTypes(); if ( args.size() < 2 || args.size() > 3 ) { - zeek::emit_builtin_error(fmt("Wrong number of arguments for passed function in Option::on_change for ID '%s'; expected 2 or 3, got %zu", + zeek::emit_builtin_error(zeek::util::fmt("Wrong number of arguments for passed function in Option::on_change for ID '%s'; expected 2 or 3, got %zu", ID->CheckString(), args.size())); return zeek::val_mgr->False(); } if ( args[0]->Tag() != TYPE_STRING ) { - zeek::emit_builtin_error(fmt("First argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'", + zeek::emit_builtin_error(zeek::util::fmt("First argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'", ID->CheckString(), type_name(args[0]->Tag()))); return zeek::val_mgr->False(); } if ( ! same_type(args[1], i->GetType()) ) { - zeek::emit_builtin_error(fmt("Second argument of passed function has to be %s in Option::on_change for ID '%s'; got '%s'", + zeek::emit_builtin_error(zeek::util::fmt("Second argument of passed function has to be %s in Option::on_change for ID '%s'; got '%s'", type_name(i->GetType()->Tag()), ID->CheckString(), type_name(args[1]->Tag()))); return zeek::val_mgr->False(); @@ -196,14 +196,14 @@ function Option::set_change_handler%(ID: string, on_change: any, priority: int & if ( args.size() == 3 && args[2]->Tag() != TYPE_STRING ) { - zeek::emit_builtin_error(fmt("Third argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'", + zeek::emit_builtin_error(zeek::util::fmt("Third argument of passed function has to be string in Option::on_change for ID '%s'; got '%s'", ID->CheckString(), type_name(args[2]->Tag()))); return zeek::val_mgr->False(); } if ( ! same_type(on_change->GetType()->AsFuncType()->Yield(), i->GetType()) ) { - zeek::emit_builtin_error(fmt("Passed function needs to return type '%s' for ID '%s'; got '%s'", + zeek::emit_builtin_error(zeek::util::fmt("Passed function needs to return type '%s' for ID '%s'; got '%s'", type_name(i->GetType()->Tag()), ID->CheckString(), type_name(on_change->GetType()->AsFuncType()->Yield()->Tag()))); return zeek::val_mgr->False(); diff --git a/src/parse.y b/src/parse.y index fd195ad768..4b3b6afdbd 100644 --- a/src/parse.y +++ b/src/parse.y @@ -78,15 +78,17 @@ #include #include +#include +#include + #include "input.h" -#include "BroList.h" +#include "ZeekList.h" #include "Desc.h" #include "Expr.h" #include "Func.h" #include "Stmt.h" #include "Val.h" #include "Var.h" -/* #include "analyzer/protocol/dns/DNS.h" */ #include "RE.h" #include "Scope.h" #include "Reporter.h" @@ -95,9 +97,6 @@ #include "module_util.h" #include "IntrusivePtr.h" -#include -#include - extern const char* filename; // Absolute path of file currently being parsed. extern const char* last_filename; // Absolute path of last file parsed. extern const char* last_tok_filename; @@ -233,7 +232,7 @@ static bool expr_is_table_type_name(const zeek::detail::Expr* expr) bool b; char* str; zeek::detail::ID* id; - id_list* id_l; + zeek::IDPList* id_l; zeek::detail::InitClass ic; zeek::Val* val; zeek::RE_Matcher* re; @@ -259,10 +258,10 @@ static bool expr_is_table_type_name(const zeek::detail::Expr* expr) bro: decl_list stmt_list { - if ( stmts ) - stmts->AsStmtList()->Stmts().push_back($2); + if ( zeek::detail::stmts ) + zeek::detail::stmts->AsStmtList()->Stmts().push_back($2); else - stmts = $2; + zeek::detail::stmts = $2; // Any objects creates from here on out should not // have file positions associated with them. @@ -468,8 +467,8 @@ expr: | TOK_LOCAL local_id '=' expr { zeek::detail::set_location(@2, @4); - $$ = add_and_assign_local({zeek::AdoptRef{}, $2}, {zeek::AdoptRef{}, $4}, - zeek::val_mgr->True()).release(); + $$ = zeek::detail::add_and_assign_local({zeek::AdoptRef{}, $2}, {zeek::AdoptRef{}, $4}, + zeek::val_mgr->True()).release(); } | expr '[' expr_list ']' @@ -497,9 +496,9 @@ expr: func_hdr_location = @1; auto func_id = zeek::detail::current_scope()->GenerateTemporary("anonymous-function"); func_id->SetInferReturnType(true); - begin_func(std::move(func_id), zeek::detail::current_module.c_str(), - zeek::FUNC_FLAVOR_FUNCTION, false, - {zeek::AdoptRef{}, $3}); + zeek::detail::begin_func(std::move(func_id), zeek::detail::current_module.c_str(), + zeek::FUNC_FLAVOR_FUNCTION, false, + {zeek::AdoptRef{}, $3}); } lambda_body { @@ -669,12 +668,12 @@ expr: false, is_export); */ - yyerror(fmt("unknown identifier %s", $1)); + yyerror(zeek::util::fmt("unknown identifier %s", $1)); YYERROR; } else { - yyerror(fmt("unknown identifier %s", $1)); + yyerror(zeek::util::fmt("unknown identifier %s", $1)); YYERROR; } } @@ -1032,7 +1031,7 @@ type_decl: $$ = new zeek::TypeDecl($1, {zeek::AdoptRef{}, $3}, std::move(attrs)); if ( in_record > 0 && cur_decl_type_id ) - zeekygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); + zeek::detail::zeekygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1067,7 +1066,7 @@ decl: TOK_MODULE TOK_ID ';' { zeek::detail::current_module = $2; - zeekygen_mgr->ModuleUsage(::filename, zeek::detail::current_module); + zeek::detail::zeekygen_mgr->ModuleUsage(::filename, zeek::detail::current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1076,49 +1075,49 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { zeek::IntrusivePtr id{zeek::AdoptRef{}, $2}; - add_global(id, {zeek::AdoptRef{}, $3}, $4, {zeek::AdoptRef{}, $5}, - std::unique_ptr>{$6}, - VAR_REGULAR); - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::add_global(id, {zeek::AdoptRef{}, $3}, $4, {zeek::AdoptRef{}, $5}, + std::unique_ptr>{$6}, + zeek::detail::VAR_REGULAR); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } | TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';' { zeek::IntrusivePtr id{zeek::AdoptRef{}, $2}; - add_global(id, {zeek::AdoptRef{}, $3}, $4, {zeek::AdoptRef{}, $5}, - std::unique_ptr>{$6}, - VAR_OPTION); - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::add_global(id, {zeek::AdoptRef{}, $3}, $4, {zeek::AdoptRef{}, $5}, + std::unique_ptr>{$6}, + zeek::detail::VAR_OPTION); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { zeek::IntrusivePtr id{zeek::AdoptRef{}, $2}; - add_global(id, {zeek::AdoptRef{}, $3}, $4, {zeek::AdoptRef{}, $5}, - std::unique_ptr>{$6}, - VAR_CONST); - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::add_global(id, {zeek::AdoptRef{}, $3}, $4, {zeek::AdoptRef{}, $5}, + std::unique_ptr>{$6}, + zeek::detail::VAR_CONST); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { zeek::IntrusivePtr id{zeek::AdoptRef{}, $2}; zeek::detail::ExprPtr init{zeek::AdoptRef{}, $5}; - add_global(id, {zeek::AdoptRef{}, $3}, $4, init, - std::unique_ptr>{$6}, - VAR_REDEF); - zeekygen_mgr->Redef(id.get(), ::filename, $4, std::move(init)); + zeek::detail::add_global(id, {zeek::AdoptRef{}, $3}, $4, init, + std::unique_ptr>{$6}, + zeek::detail::VAR_REDEF); + zeek::detail::zeekygen_mgr->Redef(id.get(), ::filename, $4, std::move(init)); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{' - { parser_redef_enum($3); zeekygen_mgr->Redef($3, ::filename); } + { parser_redef_enum($3); zeek::detail::zeekygen_mgr->Redef($3, ::filename); } enum_body '}' ';' { // Zeekygen already grabbed new enum IDs as the type created them. } | TOK_REDEF TOK_RECORD global_id - { cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename); } + { cur_decl_type_id = $3; zeek::detail::zeekygen_mgr->Redef($3, ::filename); } TOK_ADD_TO '{' { ++in_record; } type_decl_list @@ -1135,14 +1134,14 @@ decl: } | TOK_TYPE global_id ':' - { cur_decl_type_id = $2; zeekygen_mgr->StartType({zeek::NewRef{}, $2}); } + { cur_decl_type_id = $2; zeek::detail::zeekygen_mgr->StartType({zeek::NewRef{}, $2}); } type opt_attr ';' { cur_decl_type_id = 0; zeek::IntrusivePtr id{zeek::AdoptRef{}, $2}; - add_type(id.get(), {zeek::AdoptRef{}, $5}, - std::unique_ptr>{$6}); - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::add_type(id.get(), {zeek::AdoptRef{}, $5}, + std::unique_ptr>{$6}); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } | func_hdr { func_hdr_location = @1; } func_body @@ -1173,40 +1172,40 @@ func_hdr: TOK_FUNCTION def_global_id func_params opt_attr { zeek::IntrusivePtr id{zeek::AdoptRef{}, $2}; - begin_func(id, zeek::detail::current_module.c_str(), - zeek::FUNC_FLAVOR_FUNCTION, 0, {zeek::NewRef{}, $3}, - std::unique_ptr>{$4}); + zeek::detail::begin_func(id, zeek::detail::current_module.c_str(), + zeek::FUNC_FLAVOR_FUNCTION, 0, {zeek::NewRef{}, $3}, + std::unique_ptr>{$4}); $$ = $3; - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } | TOK_EVENT event_id func_params opt_attr { const char* name = $2->Name(); - if ( streq("bro_init", name) || streq("bro_done", name) || streq("bro_script_loaded", name) ) + if ( zeek::util::streq("bro_init", name) || zeek::util::streq("bro_done", name) || zeek::util::streq("bro_script_loaded", name) ) { auto base = std::string(name).substr(4); zeek::reporter->Error("event %s() is no longer available, use zeek_%s() instead", name, base.c_str()); } - begin_func({zeek::NewRef{}, $2}, zeek::detail::current_module.c_str(), - zeek::FUNC_FLAVOR_EVENT, 0, {zeek::NewRef{}, $3}, - std::unique_ptr>{$4}); + zeek::detail::begin_func({zeek::NewRef{}, $2}, zeek::detail::current_module.c_str(), + zeek::FUNC_FLAVOR_EVENT, 0, {zeek::NewRef{}, $3}, + std::unique_ptr>{$4}); $$ = $3; } | TOK_HOOK def_global_id func_params opt_attr { $3->ClearYieldType(zeek::FUNC_FLAVOR_HOOK); $3->SetYieldType(zeek::base_type(zeek::TYPE_BOOL)); - begin_func({zeek::NewRef{}, $2}, zeek::detail::current_module.c_str(), - zeek::FUNC_FLAVOR_HOOK, 0, {zeek::NewRef{}, $3}, - std::unique_ptr>{$4}); + zeek::detail::begin_func({zeek::NewRef{}, $2}, zeek::detail::current_module.c_str(), + zeek::FUNC_FLAVOR_HOOK, 0, {zeek::NewRef{}, $3}, + std::unique_ptr>{$4}); $$ = $3; } | TOK_REDEF TOK_EVENT event_id func_params opt_attr { - begin_func({zeek::NewRef{}, $3}, zeek::detail::current_module.c_str(), - zeek::FUNC_FLAVOR_EVENT, 1, {zeek::NewRef{}, $4}, - std::unique_ptr>{$5}); + zeek::detail::begin_func({zeek::NewRef{}, $3}, zeek::detail::current_module.c_str(), + zeek::FUNC_FLAVOR_EVENT, 1, {zeek::NewRef{}, $4}, + std::unique_ptr>{$5}); $$ = $4; } ; @@ -1227,7 +1226,7 @@ func_body: '}' { zeek::detail::set_location(func_hdr_location, @5); - end_func({zeek::AdoptRef{}, $3}); + zeek::detail::end_func({zeek::AdoptRef{}, $3}); } ; @@ -1256,7 +1255,7 @@ lambda_body: auto ingredients = std::make_unique( zeek::IntrusivePtr{zeek::NewRef{}, zeek::detail::current_scope()}, zeek::IntrusivePtr{zeek::AdoptRef{}, $3}); - id_list outer_ids = gather_outer_ids(zeek::detail::pop_scope().get(), ingredients->body.get()); + zeek::IDPList outer_ids = zeek::detail::gather_outer_ids(zeek::detail::pop_scope().get(), ingredients->body.get()); $$ = new zeek::detail::LambdaExpr(std::move(ingredients), std::move(outer_ids)); } @@ -1271,7 +1270,7 @@ begin_func: func_params { auto id = zeek::detail::current_scope()->GenerateTemporary("anonymous-function"); - begin_func(id, zeek::detail::current_module.c_str(), zeek::FUNC_FLAVOR_FUNCTION, 0, {zeek::AdoptRef{}, $1}); + zeek::detail::begin_func(id, zeek::detail::current_module.c_str(), zeek::FUNC_FLAVOR_FUNCTION, 0, {zeek::AdoptRef{}, $1}); $$ = id.release(); } ; @@ -1517,10 +1516,10 @@ stmt: | TOK_LOCAL local_id opt_type init_class opt_init opt_attr ';' opt_no_test { zeek::detail::set_location(@1, @7); - $$ = add_local({zeek::AdoptRef{}, $2}, {zeek::AdoptRef{}, $3}, $4, - {zeek::AdoptRef{}, $5}, - std::unique_ptr>{$6}, - VAR_REGULAR).release(); + $$ = zeek::detail::add_local({zeek::AdoptRef{}, $2}, {zeek::AdoptRef{}, $3}, $4, + {zeek::AdoptRef{}, $5}, + std::unique_ptr>{$6}, + zeek::detail::VAR_REGULAR).release(); if ( ! $8 ) zeek::detail::script_coverage_mgr.AddStmt($$); } @@ -1528,10 +1527,10 @@ stmt: | TOK_CONST local_id opt_type init_class opt_init opt_attr ';' opt_no_test { zeek::detail::set_location(@1, @6); - $$ = add_local({zeek::AdoptRef{}, $2}, {zeek::AdoptRef{}, $3}, $4, - {zeek::AdoptRef{}, $5}, - std::unique_ptr>{$6}, - VAR_CONST).release(); + $$ = zeek::detail::add_local({zeek::AdoptRef{}, $2}, {zeek::AdoptRef{}, $3}, $4, + {zeek::AdoptRef{}, $5}, + std::unique_ptr>{$6}, + zeek::detail::VAR_CONST).release(); if ( ! $8 ) zeek::detail::script_coverage_mgr.AddStmt($$); } @@ -1618,7 +1617,7 @@ event: { if ( ! id->IsGlobal() ) { - yyerror(fmt("local identifier \"%s\" cannot be used to reference an event", $1)); + yyerror(zeek::util::fmt("local identifier \"%s\" cannot be used to reference an event", $1)); YYERROR; } @@ -1654,7 +1653,7 @@ case_type_list: | case_type { - $$ = new id_list; + $$ = new zeek::IDPList; $$->push_back($1); } ; @@ -1677,8 +1676,8 @@ case_type: else case_var = zeek::detail::install_ID(name, zeek::detail::current_module.c_str(), false, false); - add_local(case_var, std::move(type), zeek::detail::INIT_NONE, nullptr, nullptr, - VAR_REGULAR); + zeek::detail::add_local(case_var, std::move(type), zeek::detail::INIT_NONE, nullptr, nullptr, + zeek::detail::VAR_REGULAR); $$ = case_var.release(); } @@ -1705,7 +1704,7 @@ for_head: false, false); } - id_list* loop_vars = new id_list; + auto* loop_vars = new zeek::IDPList; loop_vars->push_back(loop_var.release()); $$ = new zeek::detail::ForStmt(loop_vars, {zeek::AdoptRef{}, $5}); @@ -1743,7 +1742,7 @@ for_head: else val_var = zeek::detail::install_ID($5, module, false, false); - id_list* loop_vars = new id_list; + auto* loop_vars = new zeek::IDPList; loop_vars->push_back(key_var.release()); $$ = new zeek::detail::ForStmt(loop_vars, {zeek::AdoptRef{}, $7}, std::move(val_var)); @@ -1774,7 +1773,7 @@ local_id_list: { $1->push_back($3); } | local_id { - $$ = new id_list; + $$ = new zeek::IDPList; $$->push_back($1); } ; @@ -1905,7 +1904,7 @@ opt_deprecated: int yyerror(const char msg[]) { if ( in_debug ) - g_curr_debug_error = copy_string(msg); + g_curr_debug_error = zeek::util::copy_string(msg); if ( last_tok[0] == '\n' ) zeek::reporter->Error("%s, on previous line", msg); @@ -1919,7 +1918,7 @@ int yyerror(const char msg[]) else { if ( last_last_tok_filename && last_tok_filename && - ! streq(last_last_tok_filename, last_tok_filename) ) + ! zeek::util::streq(last_last_tok_filename, last_tok_filename) ) zeek::reporter->Error("%s, at or near \"%s\" or end of file %s", msg, last_tok, last_last_tok_filename); else diff --git a/src/plugin/Component.cc b/src/plugin/Component.cc index 7a7ef38f5e..bd51703214 100644 --- a/src/plugin/Component.cc +++ b/src/plugin/Component.cc @@ -11,7 +11,7 @@ Component::Component(component::Type arg_type, const std::string& arg_name) { type = arg_type; name = arg_name; - canon_name = canonify_name(name); + canon_name = zeek::util::canonify_name(name); } Component::~Component() diff --git a/src/plugin/Component.h b/src/plugin/Component.h index 695be4bbda..538730f7b1 100644 --- a/src/plugin/Component.h +++ b/src/plugin/Component.h @@ -105,7 +105,7 @@ private: std::string canon_name; }; -} +} // namespace zeek::plugin namespace plugin { diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index ecfef4c06d..4f4bf1ab1b 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -139,8 +139,8 @@ ComponentManager::ComponentManager(const std::string& arg_module, const st tag_enum_type(zeek::make_intrusive(module + "::" + local_id)) { auto id = zeek::detail::install_ID(local_id.c_str(), module.c_str(), true, true); - add_type(id.get(), tag_enum_type, nullptr); - zeekygen_mgr->Identifier(std::move(id)); + zeek::detail::add_type(id.get(), tag_enum_type, nullptr); + zeek::detail::zeekygen_mgr->Identifier(std::move(id)); } template @@ -221,7 +221,7 @@ template C* ComponentManager::Lookup(const std::string& name) const { typename std::map::const_iterator i = - components_by_name.find(to_upper(name)); + components_by_name.find(zeek::util::to_upper(name)); return i != components_by_name.end() ? i->second : 0; } @@ -259,16 +259,18 @@ void ComponentManager::RegisterComponent(C* component, component->Tag().AsVal()->InternalInt(), component)); // Install an identfier for enum value - std::string id = fmt("%s%s", prefix.c_str(), cname.c_str()); + std::string id = zeek::util::fmt("%s%s", prefix.c_str(), cname.c_str()); tag_enum_type->AddName(module, id.c_str(), component->Tag().AsVal()->InternalInt(), true, nullptr); } -} // namespace plugin +} // namespace zeek::plugin namespace plugin { - template - using ComponentManager [[deprecated("Remove in v4.1. Use zeek::plugin::ComponentManager instead.")]] = - zeek::plugin::ComponentManager; -} + +template +using ComponentManager [[deprecated("Remove in v4.1. Use zeek::plugin::ComponentManager instead.")]] = + zeek::plugin::ComponentManager; + +} // namespace plugin diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index 34a795b970..d391bdfa28 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -63,7 +63,7 @@ void Manager::SearchDynamicPlugins(const std::string& dir) return; } - if ( ! is_dir(dir) ) + if ( ! zeek::util::is_dir(dir) ) { DBG_LOG(zeek::DBG_PLUGINS, "Not a valid plugin directory: %s", dir.c_str()); return; @@ -73,7 +73,7 @@ void Manager::SearchDynamicPlugins(const std::string& dir) const std::string magic = dir + "/__bro_plugin__"; - if ( is_file(magic) ) + if ( zeek::util::is_file(magic) ) { // It's a plugin, get it's name. std::ifstream in(magic.c_str()); @@ -83,8 +83,8 @@ void Manager::SearchDynamicPlugins(const std::string& dir) std::string name; std::getline(in, name); - strstrip(name); - string lower_name = strtolower(name); + zeek::util::strstrip(name); + string lower_name = zeek::util::strtolower(name); if ( name.empty() ) reporter->FatalError("empty plugin magic file %s", magic.c_str()); @@ -141,7 +141,7 @@ void Manager::SearchDynamicPlugins(const std::string& dir) bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found) { - dynamic_plugin_map::iterator m = dynamic_plugins.find(strtolower(name)); + dynamic_plugin_map::iterator m = dynamic_plugins.find(zeek::util::strtolower(name)); if ( m == dynamic_plugins.end() ) { @@ -177,50 +177,50 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ // Add the "scripts" and "bif" directories to ZEEKPATH. std::string scripts = dir + "scripts"; - if ( is_dir(scripts) ) + if ( zeek::util::is_dir(scripts) ) { DBG_LOG(zeek::DBG_PLUGINS, " Adding %s to ZEEKPATH", scripts.c_str()); - add_to_bro_path(scripts); + zeek::util::detail::add_to_zeek_path(scripts); } string init; // First load {scripts}/__preload__.zeek automatically. - for (const string& ext : script_extensions) + for (const string& ext : zeek::util::detail::script_extensions) { init = dir + "scripts/__preload__" + ext; - if ( is_file(init) ) + if ( zeek::util::is_file(init) ) { DBG_LOG(zeek::DBG_PLUGINS, " Loading %s", init.c_str()); - warn_if_legacy_script(init); + zeek::util::detail::warn_if_legacy_script(init); scripts_to_load.push_back(init); break; } } // Load {bif,scripts}/__load__.zeek automatically. - for (const string& ext : script_extensions) + for (const string& ext : zeek::util::detail::script_extensions) { init = dir + "lib/bif/__load__" + ext; - if ( is_file(init) ) + if ( zeek::util::is_file(init) ) { DBG_LOG(zeek::DBG_PLUGINS, " Loading %s", init.c_str()); - warn_if_legacy_script(init); + zeek::util::detail::warn_if_legacy_script(init); scripts_to_load.push_back(init); break; } } - for (const string& ext : script_extensions) + for (const string& ext : zeek::util::detail::script_extensions) { init = dir + "scripts/__load__" + ext; - if ( is_file(init) ) + if ( zeek::util::is_file(init) ) { DBG_LOG(zeek::DBG_PLUGINS, " Loading %s", init.c_str()); - warn_if_legacy_script(init); + zeek::util::detail::warn_if_legacy_script(init); scripts_to_load.push_back(init); break; } @@ -259,7 +259,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ DBG_LOG(zeek::DBG_PLUGINS, " InitialzingComponents"); current_plugin->InitializeComponents(); - plugins_by_path.insert(std::make_pair(normalize_path(dir), current_plugin)); + plugins_by_path.insert(std::make_pair(zeek::util::detail::normalize_path(dir), current_plugin)); // We execute the pre-script initialization here; this in // fact could be *during* script initialization if we got @@ -268,7 +268,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ // Make sure the name the plugin reports is consistent with // what we expect from its magic file. - if ( strtolower(current_plugin->Name()) != strtolower(name) ) + if ( zeek::util::strtolower(current_plugin->Name()) != zeek::util::strtolower(name) ) reporter->FatalError("inconsistent plugin name: %s vs %s", current_plugin->Name().c_str(), name.c_str()); @@ -306,7 +306,7 @@ bool Manager::ActivateDynamicPlugins(bool all) { // Activate plugins that our environment tells us to. vector p; - tokenize_string(bro_plugin_activate(), ",", &p); + zeek::util::tokenize_string(zeek::util::zeek_plugin_activate(), ",", &p); for ( size_t n = 0; n < p.size(); ++n ) ActivateDynamicPluginInternal(p[n], true); @@ -337,7 +337,7 @@ void Manager::UpdateInputFiles() static bool plugin_cmp(const Plugin* a, const Plugin* b) { - return strtolower(a->Name()) < strtolower(b->Name()); + return zeek::util::strtolower(a->Name()) < zeek::util::strtolower(b->Name()); } void Manager::RegisterPlugin(Plugin *plugin) @@ -346,7 +346,7 @@ void Manager::RegisterPlugin(Plugin *plugin) if ( current_dir && current_sopath ) // A dynamic plugin, record its location. - plugin->SetPluginLocation(normalize_path(current_dir), current_sopath); + plugin->SetPluginLocation(zeek::util::detail::normalize_path(current_dir), current_sopath); current_plugin = plugin; } @@ -355,7 +355,7 @@ void Manager::RegisterBifFile(const char* plugin, bif_init_func c) { bif_init_func_map* bifs = BifFilesInternal(); - std::string lower_plugin = strtolower(plugin); + std::string lower_plugin = zeek::util::strtolower(plugin); bif_init_func_map::iterator i = bifs->find(lower_plugin); if ( i == bifs->end() ) @@ -398,7 +398,7 @@ void Manager::InitBifs() for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin(); i != Manager::ActivePluginsInternal()->end(); i++ ) { - bif_init_func_map::const_iterator b = bifs->find(strtolower((*i)->Name())); + bif_init_func_map::const_iterator b = bifs->find(zeek::util::strtolower((*i)->Name())); if ( b != bifs->end() ) { @@ -447,7 +447,7 @@ Manager::inactive_plugin_list Manager::InactivePlugins() const for ( plugin_list::const_iterator j = all->begin(); j != all->end(); j++ ) { - if ( (*i).first == strtolower((*j)->Name()) ) + if ( (*i).first == zeek::util::strtolower((*j)->Name()) ) { found = true; break; @@ -483,10 +483,10 @@ Manager::bif_init_func_map* Manager::BifFilesInternal() Plugin* Manager::LookupPluginByPath(std::string_view _path) { - auto path = normalize_path(_path); + auto path = zeek::util::detail::normalize_path(_path); - if ( is_file(path) ) - path = SafeDirname(path).result; + if ( zeek::util::is_file(path) ) + path = zeek::util::SafeDirname(path).result; while ( path.size() ) { @@ -509,7 +509,7 @@ Plugin* Manager::LookupPluginByPath(std::string_view _path) static bool hook_cmp(std::pair a, std::pair b) { if ( a.first == b.first ) - return strtolower(a.second->Name()) < strtolower(a.second->Name()); + return zeek::util::strtolower(a.second->Name()) < zeek::util::strtolower(a.second->Name()); // Reverse sort. return a.first > b.first; @@ -621,7 +621,7 @@ Manager::HookCallFunction(const zeek::Func* func, zeek::detail::Frame* parent, zeek::Args* vecargs) const { HookArgumentList args; - val_list vargs; + ValPList vargs; if ( HavePluginForHook(zeek::plugin::META_HOOK_PRE) ) { @@ -865,7 +865,7 @@ bool Manager::HookLogWrite(const std::string& writer, } bool Manager::HookReporter(const std::string& prefix, const EventHandlerPtr event, - const zeek::Connection* conn, const val_list* addl, bool location, + const zeek::Connection* conn, const ValPList* addl, bool location, const zeek::detail::Location* location1, const zeek::detail::Location* location2, bool time, const std::string& message) diff --git a/src/plugin/Manager.h b/src/plugin/Manager.h index 819ca2ff65..b448cd1bab 100644 --- a/src/plugin/Manager.h +++ b/src/plugin/Manager.h @@ -389,7 +389,7 @@ public: * if the event call should be skipped */ bool HookReporter(const std::string& prefix, const EventHandlerPtr event, - const Connection* conn, const val_list* addl, bool location, + const Connection* conn, const ValPList* addl, bool location, const zeek::detail::Location* location1, const zeek::detail::Location* location2, bool time, const std::string& message); @@ -481,14 +481,7 @@ std::list Manager::Components() const return result; } -} // namespace plugin - -extern zeek::plugin::Manager* plugin_mgr; - -} // namespace zeek - -// TOOD: should this just be zeek::detail? -namespace zeek::detail::plugin { +namespace detail { /** * Internal class used by bifcl-generated code to register its init functions at runtime. @@ -501,11 +494,18 @@ public: } }; -} +} // namespace detail +} // namespace plugin + +extern zeek::plugin::Manager* plugin_mgr; + +} // namespace zeek namespace plugin { - using Manager [[deprecated("Remove in v4.1. Use zeek::plugin::Manager.")]] = zeek::plugin::Manager; -} + +using Manager [[deprecated("Remove in v4.1. Use zeek::plugin::Manager.")]] = zeek::plugin::Manager; + +} // namespace plugin /** * The global plugin manager singleton. diff --git a/src/plugin/Plugin.cc b/src/plugin/Plugin.cc index 30dafeb078..0dd8eda839 100644 --- a/src/plugin/Plugin.cc +++ b/src/plugin/Plugin.cc @@ -379,7 +379,7 @@ std::pair Plugin::HookFunctionCall(const zeek::Func* func, zeek::detail::Frame* parent, zeek::Args* args) { - val_list vlargs(args->size()); + ValPList vlargs(args->size()); for ( auto& v : *args ) vlargs.push_back(v.release()); @@ -396,7 +396,7 @@ Plugin::HookFunctionCall(const zeek::Func* func, zeek::detail::Frame* parent, } std::pair Plugin::HookCallFunction( - const zeek::Func* func, zeek::detail::Frame *parent, val_list* args) + const zeek::Func* func, zeek::detail::Frame *parent, ValPList* args) { std::pair result(false, NULL); return result; @@ -440,7 +440,7 @@ bool Plugin::HookLogWrite(const std::string& writer, const std::string& filter, } bool Plugin::HookReporter(const std::string& prefix, const EventHandlerPtr event, - const Connection* conn, const val_list* addl, bool location, + const Connection* conn, const ValPList* addl, bool location, const zeek::detail::Location* location1, const zeek::detail::Location* location2, bool time, const std::string& message) diff --git a/src/plugin/Plugin.h b/src/plugin/Plugin.h index 84d1d276b8..d2002df1d7 100644 --- a/src/plugin/Plugin.h +++ b/src/plugin/Plugin.h @@ -21,6 +21,13 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Event, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail); +namespace zeek::threading { + struct Field; +} +namespace threading { + using Field [[deprecated("Remove in v4.1. Use zeek::threading::Field.")]] = zeek::threading::Field; +} + namespace zeek { template class IntrusivePtr; using ValPtr = zeek::IntrusivePtr; @@ -29,10 +36,6 @@ class Obj; using BroObj [[deprecated("Remove in v4.1. Use zeek::Obj instead.")]] = zeek::Obj; -namespace threading { -struct Field; -} - namespace zeek::plugin { class Manager; @@ -223,7 +226,7 @@ public: /** * Constructor with a list of Bro values argument. */ - explicit HookArgument(const val_list* a) { type = VAL_LIST; arg.vals = a; } + explicit HookArgument(const ValPList* a) { type = VAL_LIST; arg.vals = a; } /** * Constructor with a void pointer argument. @@ -336,7 +339,7 @@ public: * Returns the value for a list of Bro values argument. The argument's type must * match accordingly. */ - const val_list* AsValList() const { assert(type == VAL_LIST); return arg.vals; } + const ValPList* AsValList() const { assert(type == VAL_LIST); return arg.vals; } /** * Returns the value as a zeek::Args. @@ -372,7 +375,7 @@ private: const zeek::detail::Frame* frame; int int_; const Val* val; - const val_list* vals; + const ValPList* vals; const zeek::Args* args; const void* voidp; const logging::WriterBackend::WriterInfo* winfo; @@ -679,7 +682,7 @@ protected: HookFunctionCall(const zeek::Func* func, zeek::detail::Frame* parent, zeek::Args* args); [[deprecated("Remove in v4.1. Use HookFunctionCall()")]] - virtual std::pair HookCallFunction(const zeek::Func* func, zeek::detail::Frame *parent, val_list* args); + virtual std::pair HookCallFunction(const zeek::Func* func, zeek::detail::Frame *parent, ValPList* args); /** * Hook into raising events. Whenever the script interpreter is about @@ -830,7 +833,7 @@ protected: * if the event call should be skipped */ virtual bool HookReporter(const std::string& prefix, const EventHandlerPtr event, - const Connection* conn, const val_list* addl, bool location, + const Connection* conn, const ValPList* addl, bool location, const zeek::detail::Location* location1, const zeek::detail::Location* location2, bool time, const std::string& message); diff --git a/src/plugin/TaggedComponent.h b/src/plugin/TaggedComponent.h index 1fcb8fccc0..d1a37a5794 100644 --- a/src/plugin/TaggedComponent.h +++ b/src/plugin/TaggedComponent.h @@ -70,10 +70,12 @@ T TaggedComponent::Tag() const template typename T::type_t TaggedComponent::type_counter(0); -} // namespace plugin +} // namespace zeek::plugin namespace plugin { - template - using TaggedComponent [[deprecated("Remove in v4.1. Use zeek::plugin::TaggedComponent instead.")]] = - zeek::plugin::TaggedComponent; -} + +template +using TaggedComponent [[deprecated("Remove in v4.1. Use zeek::plugin::TaggedComponent instead.")]] = + zeek::plugin::TaggedComponent; + +} // namespace plugin diff --git a/src/probabilistic/BitVector.cc b/src/probabilistic/BitVector.cc index c37a57b69a..92014df714 100644 --- a/src/probabilistic/BitVector.cc +++ b/src/probabilistic/BitVector.cc @@ -10,7 +10,7 @@ #include "digest.h" -using namespace probabilistic; +namespace zeek::probabilistic::detail { BitVector::size_type BitVector::npos = static_cast(-1); BitVector::block_type BitVector::bits_per_block = @@ -263,8 +263,6 @@ BitVector& BitVector::operator-=(BitVector const& other) return *this; } -namespace probabilistic { - BitVector operator&(BitVector const& x, BitVector const& y) { BitVector b(x); @@ -318,8 +316,6 @@ bool operator<(BitVector const& x, BitVector const& y) return false; } -} - void BitVector::Resize(size_type n, bool value) { size_type old = Blocks(); @@ -581,3 +577,5 @@ BitVector::size_type BitVector::find_from(size_type i) const return i * bits_per_block + lowest_bit(bits[i]); } + +} // namespace zeek::probabilistic::detail diff --git a/src/probabilistic/BitVector.h b/src/probabilistic/BitVector.h index cbbcedd80b..be6025fa18 100644 --- a/src/probabilistic/BitVector.h +++ b/src/probabilistic/BitVector.h @@ -10,7 +10,7 @@ namespace broker { class data; } -namespace probabilistic { +namespace zeek::probabilistic::detail { /** * A vector of bits. @@ -356,4 +356,10 @@ private: size_type num_bits; }; -} +} // namespace zeek::probabilistic::detail + +namespace probabilistic { + +using BitVector [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::BitVector.")]] = zeek::probabilistic::detail::BitVector; + +} // namespace probabilistic diff --git a/src/probabilistic/BloomFilter.cc b/src/probabilistic/BloomFilter.cc index ce175c5283..3ef3ee06e2 100644 --- a/src/probabilistic/BloomFilter.cc +++ b/src/probabilistic/BloomFilter.cc @@ -13,14 +13,14 @@ #include "../util.h" #include "../Reporter.h" -using namespace probabilistic; +namespace zeek::probabilistic { BloomFilter::BloomFilter() { hasher = nullptr; } -BloomFilter::BloomFilter(const Hasher* arg_hasher) +BloomFilter::BloomFilter(const detail::Hasher* arg_hasher) { hasher = arg_hasher; } @@ -56,7 +56,7 @@ std::unique_ptr BloomFilter::Unserialize(const broker::data& data) if ( ! type ) return nullptr; - auto hasher_ = Hasher::Unserialize((*v)[1]); + auto hasher_ = detail::Hasher::Unserialize((*v)[1]); if ( ! hasher_ ) return nullptr; @@ -130,14 +130,14 @@ BasicBloomFilter* BasicBloomFilter::Clone() const BasicBloomFilter* copy = new BasicBloomFilter(); copy->hasher = hasher->Clone(); - copy->bits = new BitVector(*bits); + copy->bits = new detail::BitVector(*bits); return copy; } std::string BasicBloomFilter::InternalState() const { - return fmt("%" PRIu64, bits->Hash()); + return zeek::util::fmt("%" PRIu64, bits->Hash()); } BasicBloomFilter::BasicBloomFilter() @@ -145,10 +145,10 @@ BasicBloomFilter::BasicBloomFilter() bits = nullptr; } -BasicBloomFilter::BasicBloomFilter(const Hasher* hasher, size_t cells) +BasicBloomFilter::BasicBloomFilter(const detail::Hasher* hasher, size_t cells) : BloomFilter(hasher) { - bits = new BitVector(cells); + bits = new detail::BitVector(cells); } BasicBloomFilter::~BasicBloomFilter() @@ -158,7 +158,7 @@ BasicBloomFilter::~BasicBloomFilter() void BasicBloomFilter::Add(const zeek::detail::HashKey* key) { - Hasher::digest_vector h = hasher->Hash(key); + detail::Hasher::digest_vector h = hasher->Hash(key); for ( size_t i = 0; i < h.size(); ++i ) bits->Set(h[i] % bits->Size()); @@ -166,7 +166,7 @@ void BasicBloomFilter::Add(const zeek::detail::HashKey* key) size_t BasicBloomFilter::Count(const zeek::detail::HashKey* key) const { - Hasher::digest_vector h = hasher->Hash(key); + detail::Hasher::digest_vector h = hasher->Hash(key); for ( size_t i = 0; i < h.size(); ++i ) { @@ -185,7 +185,7 @@ broker::expected BasicBloomFilter::DoSerialize() const bool BasicBloomFilter::DoUnserialize(const broker::data& data) { - auto b = BitVector::Unserialize(data); + auto b = detail::BitVector::Unserialize(data); if ( ! b ) return false; @@ -198,11 +198,11 @@ CountingBloomFilter::CountingBloomFilter() cells = nullptr; } -CountingBloomFilter::CountingBloomFilter(const Hasher* hasher, - size_t arg_cells, size_t width) +CountingBloomFilter::CountingBloomFilter(const detail::Hasher* hasher, + size_t arg_cells, size_t width) : BloomFilter(hasher) { - cells = new CounterVector(width, arg_cells); + cells = new detail::CounterVector(width, arg_cells); } CountingBloomFilter::~CountingBloomFilter() @@ -249,20 +249,20 @@ CountingBloomFilter* CountingBloomFilter::Clone() const CountingBloomFilter* copy = new CountingBloomFilter(); copy->hasher = hasher->Clone(); - copy->cells = new CounterVector(*cells); + copy->cells = new detail::CounterVector(*cells); return copy; } std::string CountingBloomFilter::InternalState() const { - return fmt("%" PRIu64, cells->Hash()); + return zeek::util::fmt("%" PRIu64, cells->Hash()); } // TODO: Use partitioning in add/count to allow for reusing CMS bounds. void CountingBloomFilter::Add(const zeek::detail::HashKey* key) { - Hasher::digest_vector h = hasher->Hash(key); + detail::Hasher::digest_vector h = hasher->Hash(key); for ( size_t i = 0; i < h.size(); ++i ) cells->Increment(h[i] % cells->Size()); @@ -270,14 +270,14 @@ void CountingBloomFilter::Add(const zeek::detail::HashKey* key) size_t CountingBloomFilter::Count(const zeek::detail::HashKey* key) const { - Hasher::digest_vector h = hasher->Hash(key); + detail::Hasher::digest_vector h = hasher->Hash(key); - CounterVector::size_type min = - std::numeric_limits::max(); + detail::CounterVector::size_type min = + std::numeric_limits::max(); for ( size_t i = 0; i < h.size(); ++i ) { - CounterVector::size_type cnt = cells->Count(h[i] % cells->Size()); + detail::CounterVector::size_type cnt = cells->Count(h[i] % cells->Size()); if ( cnt < min ) min = cnt; } @@ -293,10 +293,12 @@ broker::expected CountingBloomFilter::DoSerialize() const bool CountingBloomFilter::DoUnserialize(const broker::data& data) { - auto c = CounterVector::Unserialize(data); + auto c = detail::CounterVector::Unserialize(data); if ( ! c ) return false; cells = c.release(); return true; } + +} // namespace zeek::probabilistic diff --git a/src/probabilistic/BloomFilter.h b/src/probabilistic/BloomFilter.h index 409d369569..3fbbce4511 100644 --- a/src/probabilistic/BloomFilter.h +++ b/src/probabilistic/BloomFilter.h @@ -2,6 +2,8 @@ #pragma once +#include "zeek-config.h" + #include #include #include @@ -13,9 +15,9 @@ namespace broker { class data; } -namespace probabilistic { +ZEEK_FORWARD_DECLARE_NAMESPACED(CounterVector, zeek, probabilistic, detail); -class CounterVector; +namespace zeek::probabilistic { /** Types of derived BloomFilter classes. */ enum BloomFilterType { Basic, Counting }; @@ -94,13 +96,13 @@ protected: * * @param hasher The hasher to use for this Bloom filter. */ - explicit BloomFilter(const Hasher* hasher); + explicit BloomFilter(const detail::Hasher* hasher); virtual broker::expected DoSerialize() const = 0; virtual bool DoUnserialize(const broker::data& data) = 0; virtual BloomFilterType Type() const = 0; - const Hasher* hasher; + const detail::Hasher* hasher; }; /** @@ -117,7 +119,7 @@ public: * * @param cells The number of cells. */ - BasicBloomFilter(const Hasher* hasher, size_t cells); + BasicBloomFilter(const detail::Hasher* hasher, size_t cells); /** * Destructor. @@ -176,7 +178,7 @@ protected: { return BloomFilterType::Basic; } private: - BitVector* bits; + detail::BitVector* bits; }; /** @@ -194,7 +196,7 @@ public: * * @param width The maximal bit-width of counter values. */ - CountingBloomFilter(const Hasher* hasher, size_t cells, size_t width); + CountingBloomFilter(const detail::Hasher* hasher, size_t cells, size_t width); /** * Destructor. @@ -225,7 +227,19 @@ protected: { return BloomFilterType::Counting; } private: - CounterVector* cells; + detail::CounterVector* cells; }; -} +} // namespace zeek::probabilistic + +namespace probabilistic { + +using BloomFilterType [[deprecated("Remove in v4.1. Use zeek::probabilistic::BloomFilterType.")]] = zeek::probabilistic::BloomFilterType; +constexpr auto Basic [[deprecated("Remove in v4.1. Use zeek::probabilistic::Basic.")]] = zeek::probabilistic::Basic; +constexpr auto Counting [[deprecated("Remove in v4.1. Use zeek::probabilistic::Counting.")]] = zeek::probabilistic::Counting; + +using BloomFilter [[deprecated("Remove in v4.1. Use zeek::probabilistic::BloomFilter.")]] = zeek::probabilistic::BloomFilter; +using BasicBloomFilter [[deprecated("Remove in v4.1. Use zeek::probabilistic::BasicBloomFilter.")]] = zeek::probabilistic::BasicBloomFilter; +using CountingBloomFilter [[deprecated("Remove in v4.1. Use zeek::probabilistic::CountingBloomFilter.")]] = zeek::probabilistic::CountingBloomFilter; + +} // namespace probabilistic diff --git a/src/probabilistic/CardinalityCounter.cc b/src/probabilistic/CardinalityCounter.cc index 13bdc02e15..db2fa85936 100644 --- a/src/probabilistic/CardinalityCounter.cc +++ b/src/probabilistic/CardinalityCounter.cc @@ -10,7 +10,7 @@ #include "Reporter.h" -using namespace probabilistic; +namespace zeek::probabilistic::detail { int CardinalityCounter::OptimalB(double error, double confidence) const { @@ -279,14 +279,15 @@ std::unique_ptr CardinalityCounter::Unserialize(const broker /* * Find Last Set bit */ -int -CardinalityCounter::flsll(uint64_t mask) -{ - int bit; +int CardinalityCounter::flsll(uint64_t mask) + { + int bit; - if (mask == 0) - return (0); - for (bit = 1; mask != 1; bit++) - mask = (uint64_t)mask >> 1; - return (bit); -} + if (mask == 0) + return (0); + for (bit = 1; mask != 1; bit++) + mask = (uint64_t)mask >> 1; + return (bit); + } + +} // namespace zeek::probabilistic::detail diff --git a/src/probabilistic/CardinalityCounter.h b/src/probabilistic/CardinalityCounter.h index a36f7aa610..025b540400 100644 --- a/src/probabilistic/CardinalityCounter.h +++ b/src/probabilistic/CardinalityCounter.h @@ -11,7 +11,7 @@ namespace broker { class data; } -namespace probabilistic { +namespace zeek::probabilistic::detail { /** * A probabilistic cardinality counter using the HyperLogLog algorithm. @@ -186,4 +186,10 @@ private: int p; // the log2 of m }; -} +} // namespace zeek::probabilistic::detail + +namespace probabilistic { + +using CardinalityCounter [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::CardinalityCounter.")]] = zeek::probabilistic::detail::CardinalityCounter; + +} // namespace probabilistic diff --git a/src/probabilistic/CounterVector.cc b/src/probabilistic/CounterVector.cc index d4b073bca1..e308ed0178 100644 --- a/src/probabilistic/CounterVector.cc +++ b/src/probabilistic/CounterVector.cc @@ -11,7 +11,7 @@ #include "BitVector.h" #include "util.h" -using namespace probabilistic; +namespace zeek::probabilistic::detail { CounterVector::CounterVector(size_t arg_width, size_t cells) { @@ -143,8 +143,6 @@ CounterVector& CounterVector::Merge(const CounterVector& other) return *this; } -namespace probabilistic { - CounterVector& CounterVector::operator|=(const CounterVector& other) { return Merge(other); @@ -156,8 +154,6 @@ CounterVector operator|(const CounterVector& x, const CounterVector& y) return cv |= y; } -} - uint64_t CounterVector::Hash() const { return bits->Hash(); @@ -190,5 +186,4 @@ std::unique_ptr CounterVector::Unserialize(const broker::data& da return cv; } - - +} // namespace zeek::probabilistic::detail diff --git a/src/probabilistic/CounterVector.h b/src/probabilistic/CounterVector.h index 0cdd05be95..29da2f0305 100644 --- a/src/probabilistic/CounterVector.h +++ b/src/probabilistic/CounterVector.h @@ -2,6 +2,8 @@ #pragma once +#include "zeek-config.h" + #include #include #include @@ -10,9 +12,9 @@ namespace broker { class data; } -namespace probabilistic { +ZEEK_FORWARD_DECLARE_NAMESPACED(BitVector, zeek, probabilistic, detail); -class BitVector; +namespace zeek::probabilistic::detail { /** * A vector of counters, each of which has a fixed number of bits. @@ -154,4 +156,10 @@ private: size_t width; }; -} +} // namespace zeek::probabilistic::detail + +namespace probabilistic { + +using CounterVector [[deprecated("Remove in v4.1. Use zeek::probabilisitc::detail::CounterVector.")]] = zeek::probabilistic::detail::CounterVector; + +} // namespace probabilistic diff --git a/src/probabilistic/Hasher.cc b/src/probabilistic/Hasher.cc index f24ddecca0..06062a479c 100644 --- a/src/probabilistic/Hasher.cc +++ b/src/probabilistic/Hasher.cc @@ -13,7 +13,7 @@ #include -using namespace probabilistic; +namespace zeek::probabilistic::detail { Hasher::seed_t Hasher::MakeSeed(const void* data, size_t size) { @@ -33,7 +33,7 @@ Hasher::seed_t Hasher::MakeSeed(const void* data, size_t size) else { - unsigned int first_seed = initial_seed(); + unsigned int first_seed = zeek::util::detail::initial_seed(); zeek::detail::hash_update(ctx, &first_seed, sizeof(first_seed)); } @@ -119,7 +119,7 @@ DefaultHasher::DefaultHasher(size_t k, Hasher::seed_t seed) for ( size_t i = 1; i <= k; ++i ) { seed_t s = Seed(); - s.h[0] += zeek::prng(i); + s.h[0] += zeek::util::detail::prng(i); hash_functions.push_back(UHF(s)); } } @@ -149,7 +149,7 @@ bool DefaultHasher::Equals(const Hasher* other) const } DoubleHasher::DoubleHasher(size_t k, seed_t seed) - : Hasher(k, seed), h1(seed + zeek::prng(1)), h2(seed + zeek::prng(2)) + : Hasher(k, seed), h1(seed + zeek::util::detail::prng(1)), h2(seed + zeek::util::detail::prng(2)) { } @@ -178,3 +178,5 @@ bool DoubleHasher::Equals(const Hasher* other) const const DoubleHasher* o = static_cast(other); return h1 == o->h1 && h2 == o->h2; } + +} // namespace zeek::probabilistic::detail diff --git a/src/probabilistic/Hasher.h b/src/probabilistic/Hasher.h index 8154a0dcb2..7506c62f91 100644 --- a/src/probabilistic/Hasher.h +++ b/src/probabilistic/Hasher.h @@ -10,7 +10,7 @@ namespace broker { class data; } -namespace probabilistic { +namespace zeek::probabilistic::detail { /** Types of derived Hasher classes. */ enum HasherType { Default, Double }; @@ -257,4 +257,17 @@ private: UHF h2; }; -} +} // namespace zeek::probabilistic::detail + +namespace probabilistic { + +using HasherType [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::HasherType.")]] = zeek::probabilistic::detail::HasherType; +constexpr auto Default [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::Default.")]] = zeek::probabilistic::detail::Default; +constexpr auto Double [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::Double.")]] = zeek::probabilistic::detail::Double; + +using Hasher [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::Hasher.")]] = zeek::probabilistic::detail::Hasher; +using UHF [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::UHF.")]] = zeek::probabilistic::detail::UHF; +using DefaultHasher [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::DefaultHasher.")]] = zeek::probabilistic::detail::DefaultHasher; +using DoubleHasher [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::DoubleHasher.")]] = zeek::probabilistic::detail::DoubleHasher; + +} // namespace probabilistic diff --git a/src/probabilistic/Topk.cc b/src/probabilistic/Topk.cc index 06a1543209..fa35a7da6f 100644 --- a/src/probabilistic/Topk.cc +++ b/src/probabilistic/Topk.cc @@ -9,7 +9,7 @@ #include "Reporter.h" #include "Dict.h" -namespace probabilistic { +namespace zeek::probabilistic::detail { static void topk_element_hash_delete_func(void* val) { @@ -429,7 +429,7 @@ broker::expected TopkVal::DoSerialize() const { Element* element = *eit; d.emplace_back(element->epsilon); - auto v = bro_broker::val_to_data(element->value.get()); + auto v = zeek::Broker::detail::val_to_data(element->value.get()); if ( ! v ) return broker::ec::invalid_data; @@ -494,7 +494,7 @@ bool TopkVal::DoUnserialize(const broker::data& data) for ( uint64_t j = 0; j < *elements_count; j++ ) { auto epsilon = caf::get_if(&(*v)[idx++]); - auto val = bro_broker::data_to_val((*v)[idx++], type.get()); + auto val = zeek::Broker::detail::data_to_val((*v)[idx++], type.get()); if ( ! (epsilon && val) ) return false; @@ -519,4 +519,5 @@ bool TopkVal::DoUnserialize(const broker::data& data) assert(i == numElements); return true; } -} + +} // namespace zeek::probabilistic::detail diff --git a/src/probabilistic/Topk.h b/src/probabilistic/Topk.h index f776eada29..00f3f7a950 100644 --- a/src/probabilistic/Topk.h +++ b/src/probabilistic/Topk.h @@ -11,7 +11,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail); -namespace probabilistic { +namespace zeek::probabilistic::detail { struct Element; @@ -172,4 +172,12 @@ private: bool pruned; // was this data structure pruned? }; -}; +} // namespace zeek::probabilistic::detail + +namespace probabilistic { + +using Element [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::Element.")]] = zeek::probabilistic::detail::Element; +using Bucket [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::Bucket.")]] = zeek::probabilistic::detail::Bucket; +using TopkVal [[deprecated("Remove in v4.1. Use zeek::probabilistic::detail::TopkVal.")]] = zeek::probabilistic::detail::TopkVal; + +} //namespace probabilistic diff --git a/src/probabilistic/bloom-filter.bif b/src/probabilistic/bloom-filter.bif index 1ca5a4fdbb..c5fb31f9b8 100644 --- a/src/probabilistic/bloom-filter.bif +++ b/src/probabilistic/bloom-filter.bif @@ -40,13 +40,13 @@ function bloomfilter_basic_init%(fp: double, capacity: count, return nullptr; } - size_t cells = BasicBloomFilter::M(fp, capacity); - size_t optimal_k = BasicBloomFilter::K(cells, capacity); - Hasher::seed_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0, - name->Len()); - const Hasher* h = new DoubleHasher(optimal_k, seed); + size_t cells = zeek::probabilistic::BasicBloomFilter::M(fp, capacity); + size_t optimal_k = zeek::probabilistic::BasicBloomFilter::K(cells, capacity); + zeek::probabilistic::detail::Hasher::seed_t seed = + zeek::probabilistic::detail::Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0, name->Len()); + const zeek::probabilistic::detail::Hasher* h = new zeek::probabilistic::detail::DoubleHasher(optimal_k, seed); - return zeek::make_intrusive(new BasicBloomFilter(h, cells)); + return zeek::make_intrusive(new zeek::probabilistic::BasicBloomFilter(h, cells)); %} ## Creates a basic Bloom filter. This function serves as a low-level @@ -82,11 +82,11 @@ function bloomfilter_basic_init2%(k: count, cells: count, return nullptr; } - Hasher::seed_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0, - name->Len()); - const Hasher* h = new DoubleHasher(k, seed); + zeek::probabilistic::detail::Hasher::seed_t seed = + zeek::probabilistic::detail::Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0, name->Len()); + const zeek::probabilistic::detail::Hasher* h = new zeek::probabilistic::detail::DoubleHasher(k, seed); - return zeek::make_intrusive(new BasicBloomFilter(h, cells)); + return zeek::make_intrusive(new zeek::probabilistic::BasicBloomFilter(h, cells)); %} ## Creates a counting Bloom filter. @@ -121,16 +121,16 @@ function bloomfilter_counting_init%(k: count, cells: count, max: count, return nullptr; } - Hasher::seed_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0, - name->Len()); + zeek::probabilistic::detail::Hasher::seed_t seed = + zeek::probabilistic::detail::Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0, name->Len()); - const Hasher* h = new DefaultHasher(k, seed); + const zeek::probabilistic::detail::Hasher* h = new zeek::probabilistic::detail::DefaultHasher(k, seed); uint16_t width = 1; while ( max >>= 1 ) ++width; - return zeek::make_intrusive(new CountingBloomFilter(h, cells, width)); + return zeek::make_intrusive(new zeek::probabilistic::CountingBloomFilter(h, cells, width)); %} ## Adds an element to a Bloom filter. @@ -144,7 +144,7 @@ function bloomfilter_counting_init%(k: count, cells: count, max: count, ## bloomfilter_merge function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any %{ - BloomFilterVal* bfv = static_cast(bf); + auto* bfv = static_cast(bf); if ( ! bfv->Type() && ! bfv->Typify(x->GetType()) ) reporter->Error("failed to set Bloom filter type"); @@ -171,7 +171,7 @@ function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any ## bloomfilter_merge function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count %{ - const BloomFilterVal* bfv = static_cast(bf); + const auto* bfv = static_cast(bf); if ( ! bfv->Type() ) return zeek::val_mgr->Count(0); @@ -196,7 +196,7 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count ## bloomfilter_merge function bloomfilter_clear%(bf: opaque of bloomfilter%): any %{ - BloomFilterVal* bfv = static_cast(bf); + auto* bfv = static_cast(bf); if ( bfv->Type() ) // Untyped Bloom filters are already empty. bfv->Clear(); @@ -222,8 +222,8 @@ function bloomfilter_clear%(bf: opaque of bloomfilter%): any function bloomfilter_merge%(bf1: opaque of bloomfilter, bf2: opaque of bloomfilter%): opaque of bloomfilter %{ - const BloomFilterVal* bfv1 = static_cast(bf1); - const BloomFilterVal* bfv2 = static_cast(bf2); + const auto* bfv1 = static_cast(bf1); + const auto* bfv2 = static_cast(bf2); if ( bfv1->Type() && // any one 0 is ok here bfv2->Type() && @@ -244,6 +244,6 @@ function bloomfilter_merge%(bf1: opaque of bloomfilter, ## Returns: a string with a representation of a Bloom filter's internal state. function bloomfilter_internal_state%(bf: opaque of bloomfilter%): string %{ - BloomFilterVal* bfv = static_cast(bf); + auto* bfv = static_cast(bf); return zeek::make_intrusive(bfv->InternalState()); %} diff --git a/src/probabilistic/cardinality-counter.bif b/src/probabilistic/cardinality-counter.bif index 8069003c2b..da1fd4baf3 100644 --- a/src/probabilistic/cardinality-counter.bif +++ b/src/probabilistic/cardinality-counter.bif @@ -22,7 +22,7 @@ module GLOBAL; ## hll_cardinality_copy function hll_cardinality_init%(err: double, confidence: double%): opaque of cardinality %{ - CardinalityCounter* c = new CardinalityCounter(err, confidence); + auto* c = new zeek::probabilistic::detail::CardinalityCounter(err, confidence); auto cv = zeek::make_intrusive(c); return cv; @@ -40,7 +40,7 @@ function hll_cardinality_init%(err: double, confidence: double%): opaque of card ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool %{ - CardinalityVal* cv = static_cast(handle); + auto* cv = static_cast(handle); if ( ! cv->Type() && ! cv->Typify(elem->GetType()) ) { @@ -73,8 +73,8 @@ function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: opaque of cardinality%): bool %{ - CardinalityVal* v1 = static_cast(handle1); - CardinalityVal* v2 = static_cast(handle2); + auto* v1 = static_cast(handle1); + auto* v2 = static_cast(handle2); if ( (v1->Type() != v2->Type()) && // both 0 is ok (v1->Type() != nullptr) && // any one 0 also is ok @@ -85,8 +85,8 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op return zeek::val_mgr->False(); } - CardinalityCounter* h1 = v1->Get(); - CardinalityCounter* h2 = v2->Get(); + zeek::probabilistic::detail::CardinalityCounter* h1 = v1->Get(); + zeek::probabilistic::detail::CardinalityCounter* h2 = v2->Get(); bool res = h1->Merge(h2); if ( ! res ) @@ -108,8 +108,8 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_estimate%(handle: opaque of cardinality%): double %{ - CardinalityVal* cv = static_cast(handle); - CardinalityCounter* h = cv->Get(); + auto* cv = static_cast(handle); + zeek::probabilistic::detail::CardinalityCounter* h = cv->Get(); double estimate = h->Size(); @@ -126,9 +126,9 @@ function hll_cardinality_estimate%(handle: opaque of cardinality%): double ## hll_cardinality_init function hll_cardinality_copy%(handle: opaque of cardinality%): opaque of cardinality %{ - CardinalityVal* cv = static_cast(handle); - CardinalityCounter* h = cv->Get(); - CardinalityCounter* h2 = new CardinalityCounter(*h); + auto* cv = static_cast(handle); + zeek::probabilistic::detail::CardinalityCounter* h = cv->Get(); + auto* h2 = new zeek::probabilistic::detail::CardinalityCounter(*h); auto out = zeek::make_intrusive(h2); return out; diff --git a/src/probabilistic/top-k.bif b/src/probabilistic/top-k.bif index 64faeaa31b..9695dcf26e 100644 --- a/src/probabilistic/top-k.bif +++ b/src/probabilistic/top-k.bif @@ -14,7 +14,7 @@ ## topk_size topk_sum topk_merge topk_merge_prune function topk_init%(size: count%): opaque of topk %{ - auto v = zeek::make_intrusive(size); + auto v = zeek::make_intrusive(size); return v; %} @@ -33,7 +33,7 @@ function topk_init%(size: count%): opaque of topk function topk_add%(handle: opaque of topk, value: any%): any %{ assert(handle); - probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; + auto* h = (zeek::probabilistic::detail::TopkVal*) handle; h->Encountered({zeek::NewRef{}, value}); return nullptr; @@ -52,7 +52,7 @@ function topk_add%(handle: opaque of topk, value: any%): any function topk_get_top%(handle: opaque of topk, k: count%): any_vec %{ assert(handle); - probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; + auto* h = (zeek::probabilistic::detail::TopkVal*) handle; return h->GetTopK(k); %} @@ -73,7 +73,7 @@ function topk_get_top%(handle: opaque of topk, k: count%): any_vec function topk_count%(handle: opaque of topk, value: any%): count %{ assert(handle); - probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; + auto* h = (zeek::probabilistic::detail::TopkVal*) handle; return zeek::val_mgr->Count(h->GetCount(value)); %} @@ -93,7 +93,7 @@ function topk_count%(handle: opaque of topk, value: any%): count function topk_epsilon%(handle: opaque of topk, value: any%): count %{ assert(handle); - probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; + auto* h = (zeek::probabilistic::detail::TopkVal*) handle; return zeek::val_mgr->Count(h->GetEpsilon(value)); %} @@ -112,7 +112,7 @@ function topk_epsilon%(handle: opaque of topk, value: any%): count function topk_size%(handle: opaque of topk%): count %{ assert(handle); - probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; + auto* h = (zeek::probabilistic::detail::TopkVal*) handle; return zeek::val_mgr->Count(h->GetSize()); %} @@ -132,7 +132,7 @@ function topk_size%(handle: opaque of topk%): count function topk_sum%(handle: opaque of topk%): count %{ assert(handle); - probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle; + auto* h = (zeek::probabilistic::detail::TopkVal*) handle; return zeek::val_mgr->Count(h->GetSum()); %} @@ -152,8 +152,8 @@ function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any assert(handle1); assert(handle2); - probabilistic::TopkVal* h1 = (probabilistic::TopkVal*) handle1; - probabilistic::TopkVal* h2 = (probabilistic::TopkVal*) handle2; + auto* h1 = (zeek::probabilistic::detail::TopkVal*) handle1; + auto* h2 = (zeek::probabilistic::detail::TopkVal*) handle2; h1->Merge(h2); @@ -178,8 +178,8 @@ function topk_merge_prune%(handle1: opaque of topk, handle2: opaque of topk%): a assert(handle1); assert(handle2); - probabilistic::TopkVal* h1 = (probabilistic::TopkVal*) handle1; - probabilistic::TopkVal* h2 = (probabilistic::TopkVal*) handle2; + auto* h1 = (zeek::probabilistic::detail::TopkVal*) handle1; + auto* h2 = (zeek::probabilistic::detail::TopkVal*) handle2; h1->Merge(h2, true); diff --git a/src/re-scan.l b/src/re-scan.l index 333f670b15..17ffd1879a 100644 --- a/src/re-scan.l +++ b/src/re-scan.l @@ -84,7 +84,7 @@ CCL_EXPR ("[:"[[:alpha:]]+":]") } "{"{NAME}"}" { - char* nmstr = copy_string(yytext+1); + char* nmstr = zeek::util::copy_string(yytext+1); nmstr[yyleng - 2] = '\0'; // chop trailing brace std::string namedef = zeek::detail::rem->LookupDef(nmstr); @@ -212,7 +212,7 @@ CCL_EXPR ("[:"[[:alpha:]]+":]") {ESCSEQ} { const char* esc_text = yytext + 1; - yylval.int_val = expand_escape(esc_text); + yylval.int_val = zeek::util::detail::expand_escape(esc_text); if ( YY_START == SC_FIRST_CCL ) BEGIN(SC_CCL); diff --git a/src/reporter.bif b/src/reporter.bif index d557f6364c..f83c35ea84 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -149,7 +149,7 @@ function Reporter::conn_weird%(name: string, c: connection, addl: string &defaul function Reporter::file_weird%(name: string, f: fa_file, addl: string &default=""%): bool %{ auto fuid = f->AsRecordVal()->GetField(0)->AsStringVal(); - auto file = file_mgr->LookupFile(fuid->CheckString()); + auto file = zeek::file_mgr->LookupFile(fuid->CheckString()); if ( ! file ) return zeek::val_mgr->False(); diff --git a/src/rule-scan.l b/src/rule-scan.l index 53efdd19ec..ff4c6b0dfa 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -43,13 +43,13 @@ PID {PIDCOMPONENT}(::{PIDCOMPONENT})* } {IP6} { - rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(extract_ip(yytext)), 128, true); + rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(zeek::util::detail::extract_ip(yytext)), 128, true); return TOK_IP6; } {IP6}{OWS}"/"{OWS}{D} { int len = 0; - std::string ip = extract_ip_and_len(yytext, &len); + std::string ip = zeek::util::detail::extract_ip_and_len(yytext, &len); rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(ip), len, true); return TOK_IP6; } diff --git a/src/scan.l b/src/scan.l index 86024093e4..201c3ab128 100644 --- a/src/scan.l +++ b/src/scan.l @@ -31,9 +31,10 @@ #include "broparse.h" #include "Reporter.h" #include "RE.h" -#include "Net.h" +#include "RunState.h" #include "Traverse.h" #include "module_util.h" +#include "ScannedFile.h" #include "analyzer/Analyzer.h" #include "zeekygen/Manager.h" @@ -46,7 +47,7 @@ extern YYLTYPE yylloc; // holds start line and column of token extern zeek::EnumType* cur_enum_type; // Track the @if... depth. -ptr_compat_int current_depth = 0; +std::intptr_t current_depth = 0; zeek::detail::int_list if_stack; @@ -81,9 +82,9 @@ static std::string find_relative_file(const std::string& filename, const std::st return std::string(); if ( filename[0] == '.' ) - return find_file(filename, SafeDirname(::filename).result, ext); + return zeek::util::find_file(filename, zeek::util::SafeDirname(::filename).result, ext); else - return find_file(filename, bro_path(), ext); + return zeek::util::find_file(filename, zeek::util::zeek_path(), ext); } static std::string find_relative_script_file(const std::string& filename) @@ -92,9 +93,9 @@ static std::string find_relative_script_file(const std::string& filename) return std::string(); if ( filename[0] == '.' ) - return find_script_file(filename, SafeDirname(::filename).result); + return zeek::util::find_script_file(filename, zeek::util::SafeDirname(::filename).result); else - return find_script_file(filename, bro_path()); + return zeek::util::find_script_file(filename, zeek::util::zeek_path()); } class FileInfo { @@ -146,19 +147,19 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - zeekygen_mgr->SummaryComment(::filename, yytext + 3); + zeek::detail::zeekygen_mgr->SummaryComment(::filename, yytext + 3); } ##<.* { std::string hint(cur_enum_type && last_id_tok ? - make_full_var_name(zeek::detail::current_module.c_str(), last_id_tok) : ""); + zeek::detail::make_full_var_name(zeek::detail::current_module.c_str(), last_id_tok) : ""); - zeekygen_mgr->PostComment(yytext + 3, hint); + zeek::detail::zeekygen_mgr->PostComment(yytext + 3, hint); } ##.* { if ( yytext[2] != '#' ) - zeekygen_mgr->PreComment(yytext + 2); + zeek::detail::zeekygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -175,12 +176,12 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) /* IPv6 literal constant patterns */ {IP6} { - RET_CONST(new zeek::AddrVal(extract_ip(yytext))) + RET_CONST(new zeek::AddrVal(zeek::util::detail::extract_ip(yytext))) } {IP6}{OWS}"/"{OWS}{D} { int len = 0; - std::string ip = extract_ip_and_len(yytext, &len); + std::string ip = zeek::util::detail::extract_ip_and_len(yytext, &len); RET_CONST(new zeek::SubNetVal(zeek::IPPrefix(zeek::IPAddr(ip), len, true))) } @@ -189,7 +190,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) ({D}"."){3}{D}{OWS}"/"{OWS}{D} { int len = 0; - std::string ip = extract_ip_and_len(yytext, &len); + std::string ip = zeek::util::detail::extract_ip_and_len(yytext, &len); RET_CONST(new zeek::SubNetVal(zeek::IPPrefix(zeek::IPAddr(ip), len))) } @@ -289,7 +290,7 @@ when return TOK_WHEN; @deprecated.* { auto num_files = file_stack.length(); - auto comment = skip_whitespace(yytext + 11); + auto comment = zeek::util::skip_whitespace(yytext + 11); if ( num_files > 0 ) { @@ -308,7 +309,7 @@ when return TOK_WHEN; @DEBUG return TOK_DEBUG; // marks input for debugger @DIR { - std::string rval = SafeDirname(::filename).result; + std::string rval = zeek::util::SafeDirname(::filename).result; if ( ! rval.empty() && rval[0] == '.' ) { @@ -324,19 +325,19 @@ when return TOK_WHEN; } @FILENAME { - RET_CONST(new zeek::StringVal(SafeBasename(::filename).result)); + RET_CONST(new zeek::StringVal(zeek::util::SafeBasename(::filename).result)); } @load{WS}{FILE} { - const char* new_file = skip_whitespace(yytext + 5); // Skip "@load". + const char* new_file = zeek::util::skip_whitespace(yytext + 5); // Skip "@load". std::string loader = ::filename; // load_files may change ::filename, save copy std::string loading = find_relative_script_file(new_file); (void) load_files(new_file); - zeekygen_mgr->ScriptDependency(loader, loading); + zeek::detail::zeekygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { - const char* file = skip_whitespace(yytext + 10); + const char* file = zeek::util::skip_whitespace(yytext + 10); std::string path = find_relative_file(file, ".sig"); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(zeek::plugin::Plugin::SIGNATURES, file, path), -1); @@ -347,7 +348,7 @@ when return TOK_WHEN; zeek::reporter->Error("failed to find file associated with @load-sigs %s", file); else - sig_files.push_back(copy_string(path.c_str())); + zeek::detail::sig_files.push_back(zeek::util::copy_string(path.c_str())); break; case 0: @@ -368,7 +369,7 @@ when return TOK_WHEN; } @load-plugin{WS}{ID} { - const char* plugin = skip_whitespace(yytext + 12); + const char* plugin = zeek::util::skip_whitespace(yytext + 12); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(zeek::plugin::Plugin::PLUGIN, plugin, ""), -1); switch ( rc ) { @@ -396,7 +397,7 @@ when return TOK_WHEN; @unload{WS}{FILE} { // Skip "@unload". - const char* file = skip_whitespace(yytext + 7); + const char* file = zeek::util::skip_whitespace(yytext + 7); std::string path = find_relative_script_file(file); if ( path.empty() ) @@ -404,13 +405,13 @@ when return TOK_WHEN; else { // All we have to do is pretend we've already scanned it. - ScannedFile sf(file_stack.length(), std::move(path), true); - files_scanned.push_back(std::move(sf)); + zeek::detail::ScannedFile sf(file_stack.length(), std::move(path), true); + zeek::detail::files_scanned.push_back(std::move(sf)); } } @prefixes{WS}("+"?)={WS}{PREFIX} { - char* pref = skip_whitespace(yytext + 9); // Skip "@prefixes". + char* pref = zeek::util::skip_whitespace(yytext + 9); // Skip "@prefixes". int append = 0; if ( *pref == '+' ) @@ -419,12 +420,12 @@ when return TOK_WHEN; ++pref; } - pref = skip_whitespace(pref + 1); // Skip over '='. + pref = zeek::util::skip_whitespace(pref + 1); // Skip over '='. if ( ! append ) - zeek_script_prefixes = { "" }; // don't delete the "" prefix + zeek::detail::zeek_script_prefixes = { "" }; // don't delete the "" prefix - tokenize_string(pref, ":", &zeek_script_prefixes); + zeek::util::tokenize_string(pref, ":", &zeek::detail::zeek_script_prefixes); } @if return TOK_ATIF; @@ -445,7 +446,7 @@ T RET_CONST(zeek::val_mgr->True()->Ref()) F RET_CONST(zeek::val_mgr->False()->Ref()) {ID} { - yylval.str = copy_string(yytext); + yylval.str = zeek::util::copy_string(yytext); last_id_tok = yylval.str; return TOK_ID; } @@ -516,7 +517,7 @@ F RET_CONST(zeek::val_mgr->False()->Ref()) if ( *text == '\\' ) { ++text; // skip '\' - s[i++] = expand_escape(text); + s[i++] = zeek::util::detail::expand_escape(text); --text; // point to end of sequence } else @@ -537,7 +538,7 @@ F RET_CONST(zeek::val_mgr->False()->Ref()) } ([^/\\\n]|{ESCSEQ})+ { - yylval.str = copy_string(yytext); + yylval.str = zeek::util::copy_string(yytext); return TOK_PATTERN_TEXT; } @@ -571,8 +572,6 @@ YYLTYPE zeek::detail::GetCurrentLocation() return currloc; } -static auto constexpr canonical_stdin_path = ""; - static int load_files(const char* orig_file) { std::string file_path = find_relative_script_file(orig_file); @@ -594,12 +593,12 @@ static int load_files(const char* orig_file) assert(rc == -1); // No plugin in charge of this file. - FILE* f = 0; + FILE* f = nullptr; - if ( streq(orig_file, "-") ) + if ( zeek::util::streq(orig_file, "-") ) { f = stdin; - file_path = canonical_stdin_path; + file_path = zeek::detail::ScannedFile::canonical_stdin_path; if ( zeek::detail::g_policy_debug ) { @@ -613,16 +612,16 @@ static int load_files(const char* orig_file) if ( file_path.empty() ) zeek::reporter->FatalError("can't find %s", orig_file); - if ( is_dir(file_path.c_str()) ) - f = open_package(file_path); + if ( zeek::util::is_dir(file_path.c_str()) ) + f = zeek::util::detail::open_package(file_path); else - f = open_file(file_path); + f = zeek::util::open_file(file_path); if ( ! f ) zeek::reporter->FatalError("can't open %s", file_path.c_str()); } - ScannedFile sf(file_stack.length(), file_path); + zeek::detail::ScannedFile sf(file_stack.length(), file_path); if ( sf.AlreadyScanned() ) { @@ -632,7 +631,7 @@ static int load_files(const char* orig_file) return 0; } - files_scanned.push_back(std::move(sf)); + zeek::detail::files_scanned.push_back(std::move(sf)); if ( zeek::detail::g_policy_debug && ! file_path.empty() ) { @@ -647,7 +646,7 @@ static int load_files(const char* orig_file) // this @load was done when we're finished processing it. file_stack.push_back(new FileInfo(zeek::detail::current_module)); - zeekygen_mgr->Script(file_path); + zeek::detail::zeekygen_mgr->Script(file_path); DBG_LOG(zeek::DBG_SCRIPTS, "Loading %s", file_path.c_str()); @@ -659,7 +658,7 @@ static int load_files(const char* orig_file) // Don't delete the old filename - it's pointed to by // every Obj created when parsing it. - yylloc.filename = filename = copy_string(file_path.c_str()); + yylloc.filename = filename = zeek::util::copy_string(file_path.c_str()); return 1; } @@ -794,7 +793,7 @@ void add_essential_input_file(const char* file) if ( ! filename ) (void) load_files(file); else - essential_input_files.push_back(copy_string(file)); + essential_input_files.push_back(zeek::util::copy_string(file)); } void add_input_file(const char* file) @@ -805,7 +804,7 @@ void add_input_file(const char* file) if ( ! filename ) (void) load_files(file); else - input_files.push_back(copy_string(file)); + input_files.push_back(zeek::util::copy_string(file)); } void add_input_file_at_front(const char* file) @@ -816,7 +815,7 @@ void add_input_file_at_front(const char* file) if ( ! filename ) (void) load_files(file); else - input_files.push_front(copy_string(file)); + input_files.push_front(zeek::util::copy_string(file)); } void add_to_name_list(char* s, char delim, zeek::name_list& nl) @@ -827,7 +826,7 @@ void add_to_name_list(char* s, char delim, zeek::name_list& nl) if ( s_delim ) *s_delim = 0; - nl.push_back(copy_string(s)); + nl.push_back(zeek::util::copy_string(s)); if ( s_delim ) s = s_delim + 1; @@ -888,23 +887,22 @@ int yywrap() // the scanned file is "__load__.zeek", that part of the flattened // file name is discarded. If the prefix is non-empty, it gets placed // in front of the flattened path, separated with another '.' - std::list::iterator it; bool found_prefixed_files = false; - for ( it = files_scanned.begin(); it != files_scanned.end(); ++it ) + for ( auto& scanned_file : zeek::detail::files_scanned ) { - if ( it->skipped || it->prefixes_checked ) + if ( scanned_file.skipped || scanned_file.prefixes_checked ) continue; - it->prefixes_checked = true; + scanned_file.prefixes_checked = true; // Prefixes are pushed onto a stack, so iterate backwards. - for ( int i = zeek_script_prefixes.size() - 1; i >= 0; --i ) + for ( int i = zeek::detail::zeek_script_prefixes.size() - 1; i >= 0; --i ) { // Don't look at empty prefixes. - if ( ! zeek_script_prefixes[i][0] ) + if ( ! zeek::detail::zeek_script_prefixes[i][0] ) continue; - std::string canon = without_bropath_component(it->name); - std::string flat = flatten_script_name(canon, zeek_script_prefixes[i]); + std::string canon = zeek::util::detail::without_zeekpath_component(scanned_file.name); + std::string flat = zeek::util::detail::flatten_script_name(canon, zeek::detail::zeek_script_prefixes[i]); std::string path = find_relative_script_file(flat); if ( ! path.empty() ) @@ -914,7 +912,7 @@ int yywrap() } //printf("====== prefix search ======\n"); - //printf("File : %s\n", it->name.c_str()); + //printf("File : %s\n", scanned_file.name.c_str()); //printf("Canon : %s\n", canon.c_str()); //printf("Flat : %s\n", flat.c_str()); //printf("Found : %s\n", path.empty() ? "F" : "T"); @@ -926,11 +924,11 @@ int yywrap() return 0; // Add redef statements for any X=Y command line parameters. - if ( ! params.empty() ) + if ( ! zeek::detail::params.empty() ) { std::string policy; - for ( const auto& pi : params ) + for ( const auto& pi : zeek::detail::params ) { auto p = pi.data(); @@ -973,10 +971,10 @@ int yywrap() auto fmt_str = use_quotes ? "redef %s %s= \"%s\";" : "redef %s %s= %s;"; - policy += fmt(fmt_str, id_str.data(), op.data(), val_str.data()); + policy += zeek::util::fmt(fmt_str, id_str.data(), op.data(), val_str.data()); } - params.clear(); + zeek::detail::params.clear(); yylloc.filename = filename = ""; yy_scan_string(policy.c_str()); return 0; @@ -987,18 +985,18 @@ int yywrap() // Use a synthetic filename, and add an extra semicolon on its own // line (so that things like @load work), so that a semicolon is // not strictly necessary. - if ( command_line_policy ) + if ( zeek::detail::command_line_policy ) { - int tmp_len = strlen(command_line_policy) + 32; + int tmp_len = strlen(zeek::detail::command_line_policy) + 32; char* tmp = new char[tmp_len]; - snprintf(tmp, tmp_len, "%s\n;\n", command_line_policy); + snprintf(tmp, tmp_len, "%s\n;\n", zeek::detail::command_line_policy); yylloc.filename = filename = ""; yy_scan_string(tmp); delete [] tmp; // Make sure we do not get here again: - command_line_policy = 0; + zeek::detail::command_line_policy = 0; return 0; } @@ -1027,42 +1025,3 @@ FileInfo::~FileInfo() if ( restore_module != "" ) zeek::detail::current_module = restore_module; } - -ScannedFile::ScannedFile(int arg_include_level, - std::string arg_name, - bool arg_skipped, - bool arg_prefixes_checked) - : include_level(arg_include_level), - skipped(arg_skipped), - prefixes_checked(arg_prefixes_checked), - name(std::move(arg_name)) - { - if ( name == canonical_stdin_path ) - canonical_path = canonical_stdin_path; - else - { - char buf[PATH_MAX]; - auto res = realpath(name.data(), buf); - - if ( ! res ) - zeek::reporter->FatalError("failed to get realpath() of %s: %s", - name.data(), strerror(errno)); - - canonical_path = res; - } - } - -bool ScannedFile::AlreadyScanned() const - { - auto rval = false; - - for ( const auto& it : files_scanned ) - if ( it.canonical_path == canonical_path ) - { - rval = true; - break; - } - - DBG_LOG(zeek::DBG_SCRIPTS, "AlreadyScanned result (%d) %s", rval, canonical_path.data()); - return rval; - } diff --git a/src/stats.bif b/src/stats.bif index 86d2350e0e..805d4a832f 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -44,9 +44,9 @@ function get_net_stats%(%): NetStats uint64_t link = 0; uint64_t bytes_recv = 0; - if ( iosource::PktSrc* ps = iosource_mgr->GetPktSrc() ) + if ( zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc() ) { - struct iosource::PktSrc::Stats stat; + struct zeek::iosource::PktSrc::Stats stat; ps->Statistics(&stat); recv += stat.received; drop += stat.dropped; @@ -140,7 +140,7 @@ function get_proc_stats%(%): ProcStats auto r = zeek::make_intrusive(ProcStats); int n = 0; - double elapsed_time = current_time() - bro_start_time; + double elapsed_time = zeek::util::current_time() - zeek::run_state::zeek_start_time; double user_time = double(ru.ru_utime.tv_sec) + double(ru.ru_utime.tv_usec) / 1e6; double system_time = @@ -152,14 +152,14 @@ function get_proc_stats%(%): ProcStats r->Assign(n++, zeek::val_mgr->Count(0)); #endif - r->Assign(n++, zeek::make_intrusive(bro_start_time)); + r->Assign(n++, zeek::make_intrusive(zeek::run_state::zeek_start_time)); r->Assign(n++, zeek::make_intrusive(elapsed_time, Seconds)); r->Assign(n++, zeek::make_intrusive(user_time, Seconds)); r->Assign(n++, zeek::make_intrusive(system_time, Seconds)); uint64_t total_mem; - get_memory_usage(&total_mem, NULL); + zeek::util::get_memory_usage(&total_mem, NULL); r->Assign(n++, zeek::val_mgr->Count(unsigned(total_mem))); r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_minflt))); @@ -311,9 +311,9 @@ function get_file_analysis_stats%(%): FileAnalysisStats auto r = zeek::make_intrusive(FileAnalysisStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(file_mgr->CurrentFiles())); - r->Assign(n++, zeek::val_mgr->Count(file_mgr->MaxFiles())); - r->Assign(n++, zeek::val_mgr->Count(file_mgr->CumulativeFiles())); + r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->CurrentFiles())); + r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->MaxFiles())); + r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->CumulativeFiles())); return r; %} @@ -339,7 +339,7 @@ function get_thread_stats%(%): ThreadStats auto r = zeek::make_intrusive(ThreadStats); int n = 0; - r->Assign(n++, zeek::val_mgr->Count(thread_mgr->NumThreads())); + r->Assign(n++, zeek::val_mgr->Count(zeek::thread_mgr->NumThreads())); return r; %} diff --git a/src/strings.bif b/src/strings.bif index 534ba2a419..95f29113ad 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -487,7 +487,7 @@ function subst_string%(s: string, from: string, to: string%): string while ( big_len >= little_len ) { - int j = strstr_n(big_len, big, little_len, from->Bytes()); + int j = zeek::util::strstr_n(big_len, big, little_len, from->Bytes()); if ( j < 0 ) break; @@ -688,7 +688,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su auto* subseq = zeek::detail::smith_waterman(s1->AsString(), s2->AsString(), sw_params); auto result = zeek::VectorValPtr{zeek::AdoptRef{}, zeek::detail::Substring::VecToPolicy(subseq)}; - delete_each(subseq); + zeek::util::delete_each(subseq); delete subseq; return result; diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index c7e440ffd4..9933f7af12 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -24,7 +24,7 @@ #include "DebugLogger.h" #include "ID.h" #include "Val.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "zeek-config.h" #include "util.h" @@ -180,7 +180,7 @@ read_msgs(int fd, std::string* buffer, char delim) static std::string make_create_message(const Supervisor::NodeConfig& node) { auto json_str = node.ToJSON(); - return fmt("create %s %s", node.name.data(), json_str.data()); + return zeek::util::fmt("create %s %s", node.name.data(), json_str.data()); } zeek::detail::ParentProcessCheckTimer::ParentProcessCheckTimer(double t, @@ -200,10 +200,10 @@ void zeek::detail::ParentProcessCheckTimer::Dispatch(double t, bool is_expire) // FreeBSD: procctl(PROC_PDEATHSIG_CTL) // Also note the Stem process has its own polling loop with similar logic. if ( zeek::Supervisor::ThisNode()->parent_pid != getppid() ) - zeek_terminate_loop("supervised node was orphaned"); + zeek::run_state::detail::zeek_terminate_loop("supervised node was orphaned"); if ( ! is_expire ) - timer_mgr->Add(new ParentProcessCheckTimer(network_time + interval, + timer_mgr->Add(new ParentProcessCheckTimer(zeek::run_state::network_time + interval, interval)); } @@ -255,8 +255,8 @@ Supervisor::~Supervisor() return; } - iosource_mgr->UnregisterFd(signal_flare.FD(), this); - iosource_mgr->UnregisterFd(stem_pipe->InFD(), this); + zeek::iosource_mgr->UnregisterFd(signal_flare.FD(), this); + zeek::iosource_mgr->UnregisterFd(stem_pipe->InFD(), this); DBG_LOG(zeek::DBG_SUPERVISOR, "shutdown, killing stem process %d", stem_pid); @@ -265,7 +265,7 @@ Supervisor::~Supervisor() if ( kill_res == -1 ) { char tmp[256]; - bro_strerror_r(errno, tmp, sizeof(tmp)); + zeek::util::zeek_strerror_r(errno, tmp, sizeof(tmp)); reporter->Error("Failed to send SIGTERM to stem process: %s", tmp); } else @@ -276,7 +276,7 @@ Supervisor::~Supervisor() if ( wait_res == -1 ) { char tmp[256]; - bro_strerror_r(errno, tmp, sizeof(tmp)); + zeek::util::zeek_strerror_r(errno, tmp, sizeof(tmp)); reporter->Error("Failed to wait for stem process to exit: %s", tmp); } } @@ -308,7 +308,7 @@ void Supervisor::ReapStem() if ( res == -1 ) { char tmp[256]; - bro_strerror_r(errno, tmp, sizeof(tmp)); + zeek::util::zeek_strerror_r(errno, tmp, sizeof(tmp)); reporter->Error("Supervisor failed to get exit status" " of stem process: %s", tmp); return; @@ -410,7 +410,7 @@ void Supervisor::HandleChildSignal() { stem_pid = 0; char tmp[256]; - bro_strerror_r(errno, tmp, sizeof(tmp)); + zeek::util::zeek_strerror_r(errno, tmp, sizeof(tmp)); reporter->Error("failed to fork Zeek supervisor stem process: %s\n", tmp); signal_flare.Fire(); // Sleep to avoid spinning too fast in a revival-fail loop. @@ -421,9 +421,9 @@ void Supervisor::HandleChildSignal() if ( stem_pid == 0 ) { // Child stem process needs to exec() - auto stem_env = fmt("%d,%d,%d,%d,%d", stem_ppid, - stem_pipe->In().ReadFD(), stem_pipe->In().WriteFD(), - stem_pipe->Out().ReadFD(), stem_pipe->Out().WriteFD()); + auto stem_env = zeek::util::fmt("%d,%d,%d,%d,%d", stem_ppid, + stem_pipe->In().ReadFD(), stem_pipe->In().WriteFD(), + stem_pipe->Out().ReadFD(), stem_pipe->Out().WriteFD()); if ( setenv("ZEEK_STEM", stem_env, true) == -1 ) { @@ -435,12 +435,12 @@ void Supervisor::HandleChildSignal() stem_pipe->In().UnsetFlags(FD_CLOEXEC); stem_pipe->Out().UnsetFlags(FD_CLOEXEC); - char** args = new char*[bro_argc + 1]; + char** args = new char*[zeek::detail::zeek_argc + 1]; args[0] = config.zeek_exe_path.data(); - args[bro_argc] = nullptr; + args[zeek::detail::zeek_argc] = nullptr; - for ( auto i = 1; i < bro_argc; ++i ) - args[i] = bro_argv[i]; + for ( auto i = 1; i < zeek::detail::zeek_argc; ++i ) + args[i] = zeek::detail::zeek_argv[i]; auto res = execv(config.zeek_exe_path.data(), args); fprintf(stderr, "failed to exec Zeek supervisor stem process: %s\n", @@ -449,11 +449,11 @@ void Supervisor::HandleChildSignal() } else { - if ( ! iosource_mgr->UnregisterFd(stem_stdout.pipe->ReadFD(), this) ) + if ( ! zeek::iosource_mgr->UnregisterFd(stem_stdout.pipe->ReadFD(), this) ) reporter->FatalError("Revived supervisor stem failed to unregister " "redirected stdout pipe"); - if ( ! iosource_mgr->UnregisterFd(stem_stderr.pipe->ReadFD(), this) ) + if ( ! zeek::iosource_mgr->UnregisterFd(stem_stderr.pipe->ReadFD(), this) ) reporter->FatalError("Revived supervisor stem failed to unregister " "redirected stderr pipe"); @@ -462,11 +462,11 @@ void Supervisor::HandleChildSignal() stem_stdout.pipe = std::move(fork_res.stdout_pipe); stem_stderr.pipe = std::move(fork_res.stderr_pipe); - if ( ! iosource_mgr->RegisterFd(stem_stdout.pipe->ReadFD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(stem_stdout.pipe->ReadFD(), this) ) reporter->FatalError("Revived supervisor stem failed to register " "redirected stdout pipe"); - if ( ! iosource_mgr->RegisterFd(stem_stderr.pipe->ReadFD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(stem_stderr.pipe->ReadFD(), this) ) reporter->FatalError("Revived supervisor stem failed to register " "redirected stderr pipe"); } @@ -485,7 +485,7 @@ void Supervisor::HandleChildSignal() { const auto& node = n.second; auto msg = make_create_message(node.config); - safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); + zeek::util::safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); } } @@ -494,18 +494,18 @@ void Supervisor::InitPostScript() stem_stdout.hook = id::find_func("Supervisor::stdout_hook"); stem_stderr.hook = id::find_func("Supervisor::stderr_hook"); - iosource_mgr->Register(this); + zeek::iosource_mgr->Register(this); - if ( ! iosource_mgr->RegisterFd(signal_flare.FD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(signal_flare.FD(), this) ) reporter->FatalError("Supervisor stem failed to register signal_flare"); - if ( ! iosource_mgr->RegisterFd(stem_pipe->InFD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(stem_pipe->InFD(), this) ) reporter->FatalError("Supervisor stem failed to register stem_pipe"); - if ( ! iosource_mgr->RegisterFd(stem_stdout.pipe->ReadFD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(stem_stdout.pipe->ReadFD(), this) ) reporter->FatalError("Supervisor stem failed to register stdout pipe"); - if ( ! iosource_mgr->RegisterFd(stem_stderr.pipe->ReadFD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(stem_stderr.pipe->ReadFD(), this) ) reporter->FatalError("Supervisor stem failed to register stderr pipe"); } @@ -593,7 +593,7 @@ size_t Supervisor::ProcessMessages() { DBG_LOG(zeek::DBG_SUPERVISOR, "read msg from Stem: %s", msg.data()); std::vector msg_tokens; - tokenize_string(msg, " ", &msg_tokens); + zeek::util::tokenize_string(msg, " ", &msg_tokens); const auto& type = msg_tokens[0]; if ( type == "status" ) @@ -611,7 +611,7 @@ size_t Supervisor::ProcessMessages() else if ( type == "error" ) { msg_tokens.erase(msg_tokens.begin()); - auto err_msg = implode_string_vector(msg_tokens, " "); + auto err_msg = zeek::util::implode_string_vector(msg_tokens, " "); reporter->Error("%s", err_msg.data()); } else @@ -624,7 +624,7 @@ size_t Supervisor::ProcessMessages() Stem::Stem(State ss) : parent_pid(ss.parent_pid), signal_flare(new zeek::detail::Flare()), pipe(std::move(ss.pipe)) { - zeek::set_thread_name("zeek.stem"); + zeek::util::detail::set_thread_name("zeek.stem"); pipe->Swap(); stem = this; setsignal(SIGCHLD, stem_signal_handler); @@ -826,7 +826,7 @@ std::optional Stem::Revive() std::variant Stem::Spawn(SupervisorNode* node) { auto ppid = getpid(); - auto fork_res = fork_with_stdio_redirect(fmt("node %s", node->Name().data())); + auto fork_res = fork_with_stdio_redirect(zeek::util::fmt("node %s", node->Name().data())); auto node_pid = fork_res.pid; if ( node_pid == -1 ) @@ -840,7 +840,7 @@ std::variant Stem::Spawn(SupervisorNode* node) { setsignal(SIGCHLD, SIG_DFL); setsignal(SIGTERM, SIG_DFL); - zeek::set_thread_name(fmt("zeek.%s", node->Name().data())); + zeek::util::detail::set_thread_name(zeek::util::fmt("zeek.%s", node->Name().data())); SupervisedNode rval; rval.config = node->config; rval.parent_pid = ppid; @@ -848,7 +848,7 @@ std::variant Stem::Spawn(SupervisorNode* node) } node->pid = node_pid; - auto prefix = fmt("[%s] ", node->Name().data()); + auto prefix = zeek::util::fmt("[%s] ", node->Name().data()); node->stdout_pipe.pipe = std::move(fork_res.stdout_pipe); node->stdout_pipe.prefix = prefix; node->stdout_pipe.stream = stdout; @@ -926,13 +926,13 @@ void Stem::Shutdown(int exit_code) void Stem::ReportStatus(const SupervisorNode& node) const { - std::string msg = fmt("status %s %d", node.Name().data(), node.pid); - safe_write(pipe->OutFD(), msg.data(), msg.size() + 1); + std::string msg = zeek::util::fmt("status %s %d", node.Name().data(), node.pid); + zeek::util::safe_write(pipe->OutFD(), msg.data(), msg.size() + 1); } void Stem::Log(std::string_view type, const char* format, va_list args) const { - auto raw_msg = vfmt(format, args); + auto raw_msg = zeek::util::vfmt(format, args); if ( getenv("ZEEK_DEBUG_STEM_STDERR") ) { @@ -944,7 +944,7 @@ void Stem::Log(std::string_view type, const char* format, va_list args) const std::string msg{type.data(), type.size()}; msg += " "; msg += raw_msg; - safe_write(pipe->OutFD(), msg.data(), msg.size() + 1); + zeek::util::safe_write(pipe->OutFD(), msg.data(), msg.size() + 1); } void Stem::LogDebug(const char* format, ...) const @@ -1090,7 +1090,7 @@ std::optional Stem::Poll() for ( auto& msg : msgs ) { std::vector msg_tokens; - tokenize_string(std::move(msg), " ", &msg_tokens, 2); + zeek::util::tokenize_string(std::move(msg), " ", &msg_tokens, 2); const auto& cmd = msg_tokens[0]; const auto& node_name = msg_tokens[1]; @@ -1153,7 +1153,7 @@ std::optional Supervisor::CreateStem(bool supervisor_mode) setlinebuf(stdout); setlinebuf(stderr); std::vector zeek_stem_nums; - tokenize_string(zeek_stem_env, ",", &zeek_stem_nums); + zeek::util::tokenize_string(zeek_stem_env, ",", &zeek_stem_nums); if ( zeek_stem_nums.size() != 5 ) { @@ -1507,7 +1507,7 @@ void SupervisedNode::Init(zeek::Options* options) const exit(1); } - safe_close(fd); + zeek::util::safe_close(fd); } if ( config.stdout_file ) @@ -1524,7 +1524,7 @@ void SupervisedNode::Init(zeek::Options* options) const exit(1); } - safe_close(fd); + zeek::util::safe_close(fd); } if ( config.cpu_affinity ) @@ -1602,23 +1602,23 @@ std::string Supervisor::Create(const Supervisor::NodeConfig& node) return "node names must not be an empty string"; if ( node.name.find(' ') != std::string::npos ) - return fmt("node names must not contain spaces: '%s'", + return zeek::util::fmt("node names must not contain spaces: '%s'", node.name.data()); if ( nodes.find(node.name) != nodes.end() ) - return fmt("node with name '%s' already exists", node.name.data()); + return zeek::util::fmt("node with name '%s' already exists", node.name.data()); if ( node.directory ) { - auto res = ensure_intermediate_dirs(node.directory->data()); + auto res = zeek::util::detail::ensure_intermediate_dirs(node.directory->data()); if ( ! res ) - return fmt("failed to create working directory %s\n", - node.directory->data()); + return zeek::util::fmt("failed to create working directory %s\n", + node.directory->data()); } auto msg = make_create_message(node); - safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); + zeek::util::safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); nodes.emplace(node.name, node); return ""; } @@ -1630,7 +1630,7 @@ bool Supervisor::Destroy(std::string_view node_name) std::stringstream ss; ss << "destroy " << name; std::string msg = ss.str(); - safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); + zeek::util::safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); }; if ( node_name.empty() ) @@ -1659,7 +1659,7 @@ bool Supervisor::Restart(std::string_view node_name) std::stringstream ss; ss << "restart " << name; std::string msg = ss.str(); - safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); + zeek::util::safe_write(stem_pipe->OutFD(), msg.data(), msg.size() + 1); }; if ( node_name.empty() ) diff --git a/src/threading/BasicThread.cc b/src/threading/BasicThread.cc index c6bc01f39c..dcac59ead5 100644 --- a/src/threading/BasicThread.cc +++ b/src/threading/BasicThread.cc @@ -7,7 +7,7 @@ #include "Manager.h" #include "util.h" -using namespace threading; +namespace zeek::threading { static const int STD_FMT_BUF_LEN = 2048; @@ -20,11 +20,11 @@ BasicThread::BasicThread() killed = false; buf_len = STD_FMT_BUF_LEN; - buf = (char*) safe_malloc(buf_len); + buf = (char*) zeek::util::safe_malloc(buf_len); strerr_buffer = nullptr; - name = copy_string(fmt("thread-%" PRIu64, ++thread_counter)); + name = zeek::util::copy_string(zeek::util::fmt("thread-%" PRIu64, ++thread_counter)); thread_mgr->AddThread(this); } @@ -41,13 +41,13 @@ BasicThread::~BasicThread() void BasicThread::SetName(const char* arg_name) { delete [] name; - name = copy_string(arg_name); + name = zeek::util::copy_string(arg_name); } void BasicThread::SetOSName(const char* arg_name) { static_assert(std::is_same::value, "libstdc++ doesn't use pthread_t"); - zeek::set_thread_name(arg_name, thread.native_handle()); + zeek::util::detail::set_thread_name(arg_name, thread.native_handle()); } const char* BasicThread::Fmt(const char* format, ...) @@ -55,7 +55,7 @@ const char* BasicThread::Fmt(const char* format, ...) if ( buf_len > 10 * STD_FMT_BUF_LEN ) { // Shrink back to normal. - buf = (char*) safe_realloc(buf, STD_FMT_BUF_LEN); + buf = (char*) zeek::util::safe_realloc(buf, STD_FMT_BUF_LEN); buf_len = STD_FMT_BUF_LEN; } @@ -67,7 +67,7 @@ const char* BasicThread::Fmt(const char* format, ...) if ( (unsigned int) n >= buf_len ) { // Not enough room, grow the buffer. buf_len = n + 32; - buf = (char*) safe_realloc(buf, buf_len); + buf = (char*) zeek::util::safe_realloc(buf, buf_len); // Is it portable to restart? va_start(al, format); @@ -83,7 +83,7 @@ const char* BasicThread::Strerror(int err) if ( ! strerr_buffer ) strerr_buffer = new char[256]; - bro_strerror_r(err, strerr_buffer, 256); + zeek::util::zeek_strerror_r(err, strerr_buffer, 256); return strerr_buffer; } @@ -193,3 +193,5 @@ void* BasicThread::launcher(void *arg) return nullptr; } + +} // namespace zeek::threading diff --git a/src/threading/BasicThread.h b/src/threading/BasicThread.h index fa65e070ee..3917f627fe 100644 --- a/src/threading/BasicThread.h +++ b/src/threading/BasicThread.h @@ -1,14 +1,16 @@ #pragma once +#include "zeek-config.h" + #include #include #include -namespace threading { +ZEEK_FORWARD_DECLARE_NAMESPACED(Manager, zeek, threading); -class Manager; +namespace zeek::threading { /** * Base class for all threads. @@ -111,7 +113,7 @@ public: bool Killed() const { return killed; } /** - * A version of fmt() that the thread can safely use. + * A version of zeek::util::fmt() that the thread can safely use. * * This is safe to call from Run() but must not be used from any * other thread than the current one. @@ -211,4 +213,10 @@ private: static uint64_t thread_counter; }; -} +} // namespace zeek::threading + +namespace threading { + +using BasicThread [[deprecated("Remove in v4.1. Use zeek::threading::BasicThread.")]] = zeek::threading::BasicThread; + +} // namespace threading diff --git a/src/threading/Formatter.cc b/src/threading/Formatter.cc index b5b0643676..ad454ae1d6 100644 --- a/src/threading/Formatter.cc +++ b/src/threading/Formatter.cc @@ -8,10 +8,10 @@ #include "MsgThread.h" #include "bro_inet_ntop.h" -using namespace threading; -using namespace formatter; -using threading::Value; -using threading::Field; +using zeek::threading::Value; +using zeek::threading::Field; + +namespace zeek::threading { Formatter::Formatter(threading::MsgThread* t) { @@ -125,3 +125,5 @@ std::string Formatter::Render(TransportProto proto) else return "unknown"; } + +} // namespace zeek::threading::formatter diff --git a/src/threading/Formatter.h b/src/threading/Formatter.h index dc834ccd81..ef688c6635 100644 --- a/src/threading/Formatter.h +++ b/src/threading/Formatter.h @@ -7,11 +7,9 @@ #include "Type.h" #include "SerialTypes.h" -namespace threading { +ZEEK_FORWARD_DECLARE_NAMESPACED(MsgThread, zeek, threading); -class MsgThread; - -namespace formatter { +namespace zeek::threading { /** * A thread-safe class for converting values into some textual format. This @@ -164,4 +162,10 @@ private: threading::MsgThread* thread; }; -}} +} // namespace zeek::threading + +namespace threading::formatter { + +using Formatter [[deprecated("Remove in v4.1. Use zeek::threading::Formatter.")]] = zeek::threading::Formatter; + +} // namespace threading::formatter diff --git a/src/threading/Manager.cc b/src/threading/Manager.cc index 8591006723..d92c0c55e6 100644 --- a/src/threading/Manager.cc +++ b/src/threading/Manager.cc @@ -7,8 +7,10 @@ #include "iosource/Manager.h" #include "Event.h" #include "IPAddr.h" +#include "RunState.h" -using namespace threading; +namespace zeek::threading { +namespace detail { void HeartbeatTimer::Dispatch(double t, bool is_expire) { @@ -19,6 +21,8 @@ void HeartbeatTimer::Dispatch(double t, bool is_expire) thread_mgr->StartHeartbeatTimer(); } +} // namespace detail + Manager::Manager() { DBG_LOG(zeek::DBG_THREADING, "Creating thread manager ..."); @@ -127,7 +131,7 @@ void Manager::SendHeartbeats() void Manager::StartHeartbeatTimer() { heartbeat_timer_running = true; - zeek::detail::timer_mgr->Add(new HeartbeatTimer(network_time + zeek::BifConst::Threading::heartbeat_interval)); + zeek::detail::timer_mgr->Add(new detail::HeartbeatTimer(zeek::run_state::network_time + zeek::BifConst::Threading::heartbeat_interval)); } // Raise everything in here as warnings so it is passed to scriptland without @@ -179,7 +183,7 @@ bool Manager::SendEvent(MsgThread* thread, const std::string& name, const int nu if ( convert_error ) return false; else if ( handler ) - zeek::event_mgr.Enqueue(handler, std::move(vl), SOURCE_LOCAL); + zeek::event_mgr.Enqueue(handler, std::move(vl), zeek::util::detail::SOURCE_LOCAL); return true; } @@ -188,10 +192,10 @@ void Manager::Flush() { bool do_beat = false; - if ( network_time && (network_time > next_beat || ! next_beat) ) + if ( zeek::run_state::network_time && (zeek::run_state::network_time > next_beat || ! next_beat) ) { do_beat = true; - next_beat = ::network_time + zeek::BifConst::Threading::heartbeat_interval; + next_beat = ::zeek::run_state::network_time + zeek::BifConst::Threading::heartbeat_interval; } did_process = false; @@ -210,7 +214,7 @@ void Manager::Flush() if ( msg->Process() ) { - if ( network_time ) + if ( zeek::run_state::network_time ) did_process = true; } @@ -250,7 +254,8 @@ void Manager::Flush() delete t; } -// fprintf(stderr, "P %.6f %.6f do_beat=%d did_process=%d next_next=%.6f\n", network_time, zeek::detail::timer_mgr->Time(), do_beat, (int)did_process, next_beat); + // fprintf(stderr, "P %.6f %.6f do_beat=%d did_process=%d next_next=%.6f\n", zeek::run_state::network_time, + // zeek::detail::timer_mgr->Time(), do_beat, (int)did_process, next_beat); } const threading::Manager::msg_stats_list& threading::Manager::GetMsgThreadStats() @@ -269,3 +274,5 @@ const threading::Manager::msg_stats_list& threading::Manager::GetMsgThreadStats( return stats; } + +} // namespace zeek::threading diff --git a/src/threading/Manager.h b/src/threading/Manager.h index 443473954d..be01f72982 100644 --- a/src/threading/Manager.h +++ b/src/threading/Manager.h @@ -7,7 +7,9 @@ #include #include +namespace zeek { namespace threading { +namespace detail { class HeartbeatTimer final : public zeek::detail::Timer { public: @@ -21,6 +23,8 @@ protected: void Init(); }; +} // namespace detail + /** * The thread manager coordinates all child threads. Once a BasicThread is * instantitated, it gets addedd to the manager, which will delete it later @@ -103,7 +107,7 @@ public: protected: friend class BasicThread; friend class MsgThread; - friend class HeartbeatTimer; + friend class detail::HeartbeatTimer; /** * Registers a new basic thread with the manager. This is @@ -151,10 +155,25 @@ private: bool heartbeat_timer_running = false; }; -} +} // namespace threading /** * A singleton instance of the thread manager. All methods must only be - * called from Bro's main thread. + * called from Zeek's main thread. */ extern threading::Manager* thread_mgr; + +} // namespace zeek + +extern zeek::threading::Manager*& thread_mgr [[deprecated("Remove in v4.1. Use zeek::thread_mgr.")]]; + +namespace threading { + +using Manager [[deprecated("Remove in v4.1. Use zeek::threading::Manager.")]] = zeek::threading::Manager; + +namespace detail { + +using HeartbeatTimer [[deprecated("Remove in v4.1. Use zeek::threading::detail::HeartbeatTimer.")]] = zeek::threading::detail::HeartbeatTimer; + +} // namespace detail +} // namespace threading diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index ce1004b0f5..684c0ba774 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -7,10 +7,13 @@ #include "MsgThread.h" #include "Manager.h" #include "iosource/Manager.h" +#include "RunState.h" -using namespace threading; +// Set by Zeek's main signal handler. +extern int signal_val; -namespace threading { +namespace zeek::threading { +namespace detail { ////// Messages. @@ -75,7 +78,7 @@ public: ReporterMessage(Type arg_type, MsgThread* thread, const char* arg_msg) : OutputMessage("ReporterMessage", thread) - { type = arg_type; msg = copy_string(arg_msg); } + { type = arg_type; msg = zeek::util::copy_string(arg_msg); } ~ReporterMessage() override { delete [] msg; } @@ -109,7 +112,7 @@ class DebugMessage final : public OutputMessage public: DebugMessage(zeek::DebugStream arg_stream, MsgThread* thread, const char* arg_msg) : OutputMessage("DebugMessage", thread) - { stream = arg_stream; msg = copy_string(arg_msg); } + { stream = arg_stream; msg = zeek::util::copy_string(arg_msg); } ~DebugMessage() override { delete [] msg; } @@ -124,14 +127,12 @@ private: }; #endif -} - // An event that the child wants to pass into the main event queue class SendEventMessage final : public OutputMessage { public: SendEventMessage(MsgThread* thread, const char* name, const int num_vals, Value* *val) : OutputMessage("SendEvent", thread), - name(copy_string(name)), num_vals(num_vals), val(val) {} + name(zeek::util::copy_string(name)), num_vals(num_vals), val(val) {} ~SendEventMessage() override { delete [] name; } @@ -151,13 +152,6 @@ private: Value* *val; }; -////// Methods. - -Message::~Message() - { - delete [] name; - } - bool ReporterMessage::Process() { switch ( type ) { @@ -197,6 +191,15 @@ bool ReporterMessage::Process() return true; } +} // namespace detail + +////// Methods. + +Message::~Message() + { + delete [] name; + } + MsgThread::MsgThread() : BasicThread(), queue_in(this, nullptr), queue_out(nullptr, this) { cnt_sent_in = cnt_sent_out = 0; @@ -206,7 +209,7 @@ MsgThread::MsgThread() : BasicThread(), queue_in(this, nullptr), queue_out(nullp failed = false; thread_mgr->AddMsgThread(this); - if ( ! iosource_mgr->RegisterFd(flare.FD(), this) ) + if ( ! zeek::iosource_mgr->RegisterFd(flare.FD(), this) ) zeek::reporter->FatalError("Failed to register MsgThread fd with iosource_mgr"); SetClosed(false); @@ -216,12 +219,9 @@ MsgThread::~MsgThread() { // Unregister this thread from the iosource manager so it doesn't wake // up the main poll anymore. - iosource_mgr->UnregisterFd(flare.FD(), this); + zeek::iosource_mgr->UnregisterFd(flare.FD(), this); } -// Set by Bro's main signal handler. -extern int signal_val; - void MsgThread::OnSignalStop() { if ( main_finished || Killed() || child_sent_finish ) @@ -229,7 +229,7 @@ void MsgThread::OnSignalStop() child_sent_finish = true; // Signal thread to terminate. - SendIn(new FinishMessage(this, network_time), true); + SendIn(new detail::FinishMessage(this, zeek::run_state::network_time), true); } void MsgThread::OnWaitForStop() @@ -303,43 +303,43 @@ void MsgThread::Heartbeat() if ( child_sent_finish ) return; - SendIn(new HeartbeatMessage(this, network_time, current_time())); + SendIn(new detail::HeartbeatMessage(this, zeek::run_state::network_time, zeek::util::current_time())); } void MsgThread::Finished() { child_finished = true; - SendOut(new FinishedMessage(this)); + SendOut(new detail::FinishedMessage(this)); } void MsgThread::Info(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::INFO, this, msg)); + SendOut(new detail::ReporterMessage(detail::ReporterMessage::INFO, this, msg)); } void MsgThread::Warning(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::WARNING, this, msg)); + SendOut(new detail::ReporterMessage(detail::ReporterMessage::WARNING, this, msg)); } void MsgThread::Error(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::ERROR, this, msg)); + SendOut(new detail::ReporterMessage(detail::ReporterMessage::ERROR, this, msg)); } void MsgThread::FatalError(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::FATAL_ERROR, this, msg)); + SendOut(new detail::ReporterMessage(detail::ReporterMessage::FATAL_ERROR, this, msg)); } void MsgThread::FatalErrorWithCore(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::FATAL_ERROR_WITH_CORE, this, msg)); + SendOut(new detail::ReporterMessage(detail::ReporterMessage::FATAL_ERROR_WITH_CORE, this, msg)); } void MsgThread::InternalWarning(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::INTERNAL_WARNING, this, msg)); + SendOut(new detail::ReporterMessage(detail::ReporterMessage::INTERNAL_WARNING, this, msg)); } void MsgThread::InternalError(const char* msg) @@ -353,7 +353,7 @@ void MsgThread::InternalError(const char* msg) void MsgThread::Debug(zeek::DebugStream stream, const char* msg) { - SendOut(new DebugMessage(stream, this, msg)); + SendOut(new detail::DebugMessage(stream, this, msg)); } #endif @@ -390,7 +390,7 @@ void MsgThread::SendOut(BasicOutputMessage* msg, bool force) void MsgThread::SendEvent(const char* name, const int num_vals, Value* *vals) { - SendOut(new SendEventMessage(this, name, num_vals, vals)); + SendOut(new detail::SendEventMessage(this, name, num_vals, vals)); } BasicOutputMessage* MsgThread::RetrieveOut() @@ -440,7 +440,7 @@ void MsgThread::Run() // after all other outgoing messages (in particular // error messages have been processed by then main // thread). - SendOut(new KillMeMessage(this)); + SendOut(new detail::KillMeMessage(this)); failed = true; } } @@ -450,7 +450,7 @@ void MsgThread::Run() // anymore. if ( ! child_finished && ! Killed() ) { - OnFinish(network_time); + OnFinish(zeek::run_state::network_time); Finished(); } } @@ -483,3 +483,5 @@ void MsgThread::Process() delete msg; } } + +} // namespace zeek::threading diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h index 4eac9e1d36..0c1f7b706e 100644 --- a/src/threading/MsgThread.h +++ b/src/threading/MsgThread.h @@ -8,13 +8,29 @@ #include "iosource/IOSource.h" #include "Flare.h" +namespace zeek::threading { + struct Value; + struct Field; +} namespace threading { + using Value [[deprecated("Remove in v4.1. Use zeek::threading::Value.")]] = zeek::threading::Value; + using Field [[deprecated("Remove in v4.1. Use zeek::threading::Field.")]] = zeek::threading::Field; +} + +namespace zeek::threading { class BasicInputMessage; class BasicOutputMessage; + +namespace detail { + +// These classes are marked as friends later so they need to be forward declared. class HeartbeatMessage; -struct Value; -struct Field; +class FinishMessage; +class FinishedMessage; +class KillMeMessage; + +} /** * A specialized thread that provides bi-directional message passing between @@ -27,7 +43,7 @@ struct Field; * that happens, the thread stops accepting any new messages, finishes * processes all remaining ones still in the queue, and then exits. */ -class MsgThread : public BasicThread, public iosource::IOSource +class MsgThread : public BasicThread, public zeek::iosource::IOSource { public: /** @@ -205,10 +221,10 @@ public: protected: friend class Manager; - friend class HeartbeatMessage; - friend class FinishMessage; - friend class FinishedMessage; - friend class KillMeMessage; + friend class detail::HeartbeatMessage; + friend class detail::FinishMessage; + friend class detail::FinishedMessage; + friend class detail::KillMeMessage; /** * Pops a message sent by the child from the child-to-main queue. @@ -370,7 +386,7 @@ protected: * mainly for debugging purposes. */ explicit Message(const char* arg_name) - { name = copy_string(arg_name); } + { name = zeek::util::copy_string(arg_name); } private: const char* name; @@ -464,4 +480,15 @@ private: O* object; }; -} +} // namespace zeek::threading + +namespace threading { + +using MsgThread [[deprecated("Remove in v4.1. Use zeek::threading::MsgThread.")]] = zeek::threading::MsgThread; +using Message [[deprecated("Remove in v4.1. Use zeek::threading::Message.")]] = zeek::threading::Message; +using BasicInputMessage [[deprecated("Remove in v4.1. Use zeek::threading::BasicInputMessage.")]] = zeek::threading::BasicInputMessage; +using BasicOutputMessage [[deprecated("Remove in v4.1. Use zeek::threading::BasicOutputMessage.")]] = zeek::threading::BasicOutputMessage; +template using InputMessage [[deprecated("Remove in v4.1. Use zeek::threading::InputMessage.")]] = zeek::threading::InputMessage; +template using OutputMessage [[deprecated("Remove in v4.1. Use zeek::threading::OutputMessage.")]] = zeek::threading::OutputMessage; + +} // namespace threading diff --git a/src/threading/Queue.h b/src/threading/Queue.h index 1840540ac6..e3db579557 100644 --- a/src/threading/Queue.h +++ b/src/threading/Queue.h @@ -12,7 +12,7 @@ #undef Queue // Defined elsewhere unfortunately. -namespace threading { +namespace zeek::threading { /** * A thread-safe single-reader single-writer queue. @@ -261,4 +261,10 @@ inline void Queue::WakeUp() } } -} +} // namespace zeek::threading + +namespace threading { + +template using Queue [[deprecated("Remove in v4.1. Use zeek::threading::Queue.")]] = zeek::threading::Queue; + +} // namespace threading diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index 97e3d055f3..5593bf4da2 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -14,7 +14,7 @@ #include "Scope.h" #include "IPAddr.h" -using namespace threading; +namespace zeek::threading { bool Field::Read(zeek::detail::SerializationFormat* fmt) { @@ -32,7 +32,7 @@ bool Field::Read(zeek::detail::SerializationFormat* fmt) if ( ! fmt->Read(&tmp_secondary_name, "secondary_name") ) return false; - secondary_name = copy_string(tmp_secondary_name.c_str()); + secondary_name = zeek::util::copy_string(tmp_secondary_name.c_str()); } else secondary_name = nullptr; @@ -45,7 +45,7 @@ bool Field::Read(zeek::detail::SerializationFormat* fmt) if ( ! success ) return false; - name = copy_string(tmp_name.c_str()); + name = zeek::util::copy_string(tmp_name.c_str()); type = static_cast(t); subtype = static_cast(st); @@ -603,7 +603,7 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool& std::string enum_string(val->val.string_val.data, val->val.string_val.length); // let's try looking it up by global ID. - const auto& id = zeek::detail::lookup_ID(enum_string.c_str(), GLOBAL_MODULE_NAME); + const auto& id = zeek::detail::lookup_ID(enum_string.c_str(), zeek::detail::GLOBAL_MODULE_NAME); if ( ! id || ! id->IsEnumConst() ) { @@ -636,3 +636,5 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool& assert(false); return nullptr; } + +} // namespace zeek::threading diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index e1c5c886e2..2a869c6126 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -11,7 +11,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(SerializationFormat, zeek::detail); -namespace threading { +namespace zeek::threading { /** * Definition of a log file, i.e., one column of a log stream. @@ -29,16 +29,16 @@ struct Field { * Constructor. */ Field(const char* name, const char* secondary_name, zeek::TypeTag type, zeek::TypeTag subtype, bool optional) - : name(name ? copy_string(name) : nullptr), - secondary_name(secondary_name ? copy_string(secondary_name) : nullptr), + : name(name ? zeek::util::copy_string(name) : nullptr), + secondary_name(secondary_name ? zeek::util::copy_string(secondary_name) : nullptr), type(type), subtype(subtype), optional(optional) { } /** * Copy constructor. */ Field(const Field& other) - : name(other.name ? copy_string(other.name) : nullptr), - secondary_name(other.secondary_name ? copy_string(other.secondary_name) : nullptr), + : name(other.name ? zeek::util::copy_string(other.name) : nullptr), + secondary_name(other.secondary_name ? zeek::util::copy_string(other.secondary_name) : nullptr), type(other.type), subtype(other.subtype), optional(other.optional) { } ~Field() @@ -214,4 +214,11 @@ private: Value(const Value& other) = delete; }; -} +} // namespace zeek::threading + +namespace threading { + +using Field [[deprecated("Remove in v4.1. Use zeek::threading::Field.")]] = zeek::threading::Field; +using Value [[deprecated("Remove in v4.1. Use zeek::threading::Value.")]] = zeek::threading::Value; + +} // namespace threading diff --git a/src/threading/formatters/Ascii.cc b/src/threading/formatters/Ascii.cc index f171d0b467..113ddf7fa7 100644 --- a/src/threading/formatters/Ascii.cc +++ b/src/threading/formatters/Ascii.cc @@ -10,7 +10,8 @@ #include using namespace std; -using namespace threading::formatter; + +namespace zeek::threading::formatter { // If the value we'd write out would match exactly the a reserved string, we // escape the first character so that the output won't be ambigious. If this @@ -21,7 +22,7 @@ static inline bool escapeReservedContent(zeek::ODesc* desc, const string& reserv return false; char hex[4] = {'\\', 'x', '0', '0'}; - bytetohex(*data, hex + 2); + zeek::util::bytetohex(*data, hex + 2); desc->AddRaw(hex, 4); desc->AddN(data + 1, size - 1); return true; @@ -47,7 +48,7 @@ Ascii::SeparatorInfo::SeparatorInfo(const string& arg_separator, empty_field = arg_empty_field; } -Ascii::Ascii(threading::MsgThread* t, const SeparatorInfo& info) : Formatter(t) +Ascii::Ascii(zeek::threading::MsgThread* t, const SeparatorInfo& info) : zeek::threading::Formatter(t) { separators = info; } @@ -56,8 +57,8 @@ Ascii::~Ascii() { } -bool Ascii::Describe(zeek::ODesc* desc, int num_fields, const threading::Field* const * fields, - threading::Value** vals) const +bool Ascii::Describe(zeek::ODesc* desc, int num_fields, const zeek::threading::Field* const * fields, + zeek::threading::Value** vals) const { for ( int i = 0; i < num_fields; i++ ) { @@ -71,7 +72,7 @@ bool Ascii::Describe(zeek::ODesc* desc, int num_fields, const threading::Field* return true; } -bool Ascii::Describe(zeek::ODesc* desc, threading::Value* val, const string& name) const +bool Ascii::Describe(zeek::ODesc* desc, zeek::threading::Value* val, const string& name) const { if ( ! val->present ) { @@ -207,12 +208,12 @@ bool Ascii::Describe(zeek::ODesc* desc, threading::Value* val, const string& nam } -threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::TypeTag type, zeek::TypeTag subtype) const +zeek::threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::TypeTag type, zeek::TypeTag subtype) const { if ( ! separators.unset_field.empty() && s.compare(separators.unset_field) == 0 ) // field is not set... - return new threading::Value(type, false); + return new zeek::threading::Value(type, false); - threading::Value* val = new threading::Value(type, subtype, true); + zeek::threading::Value* val = new zeek::threading::Value(type, subtype, true); const char* start = s.c_str(); char* end = nullptr; errno = 0; @@ -222,15 +223,15 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T case zeek::TYPE_ENUM: case zeek::TYPE_STRING: { - string unescaped = get_unescaped_string(s); + string unescaped = zeek::util::get_unescaped_string(s); val->val.string_val.length = unescaped.size(); - val->val.string_val.data = copy_string(unescaped.c_str()); + val->val.string_val.data = zeek::util::copy_string(unescaped.c_str()); break; } case zeek::TYPE_BOOL: { - auto stripped = strstrip(s); + auto stripped = zeek::util::strstrip(s); if ( stripped == "T" || stripped == "1" ) val->val.int_val = 1; else if ( stripped == "F" || stripped == "0" ) @@ -266,20 +267,20 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T case zeek::TYPE_PORT: { - auto stripped = strstrip(s); + auto stripped = zeek::util::strstrip(s); val->val.port_val.proto = TRANSPORT_UNKNOWN; pos = stripped.find('/'); string numberpart; if ( pos != std::string::npos && stripped.length() > pos + 1 ) { auto proto = stripped.substr(pos+1); - if ( strtolower(proto) == "tcp" ) + if ( zeek::util::strtolower(proto) == "tcp" ) val->val.port_val.proto = TRANSPORT_TCP; - else if ( strtolower(proto) == "udp" ) + else if ( zeek::util::strtolower(proto) == "udp" ) val->val.port_val.proto = TRANSPORT_UDP; - else if ( strtolower(proto) == "icmp" ) + else if ( zeek::util::strtolower(proto) == "icmp" ) val->val.port_val.proto = TRANSPORT_ICMP; - else if ( strtolower(proto) == "unknown" ) + else if ( zeek::util::strtolower(proto) == "unknown" ) val->val.port_val.proto = TRANSPORT_UNKNOWN; else GetThread()->Warning(GetThread()->Fmt("Port '%s' contained unknown protocol '%s'", s.c_str(), proto.c_str())); @@ -298,7 +299,7 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T case zeek::TYPE_SUBNET: { - string unescaped = strstrip(get_unescaped_string(s)); + string unescaped = zeek::util::strstrip(zeek::util::get_unescaped_string(s)); size_t pos = unescaped.find('/'); if ( pos == unescaped.npos ) { @@ -321,14 +322,14 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T case zeek::TYPE_ADDR: { - string unescaped = strstrip(get_unescaped_string(s)); + string unescaped = zeek::util::strstrip(zeek::util::get_unescaped_string(s)); val->val.addr_val = ParseAddr(unescaped); break; } case zeek::TYPE_PATTERN: { - string candidate = get_unescaped_string(s); + string candidate = zeek::util::get_unescaped_string(s); // A string is a candidate pattern iff it begins and ends with // a '/'. Rather or not the rest of the string is legal will // be determined later when it is given to the RE engine. @@ -340,7 +341,7 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T // Remove the '/'s candidate.erase(0, 1); candidate.erase(candidate.size() - 1); - val->val.pattern_text_val = copy_string(candidate.c_str()); + val->val.pattern_text_val = zeek::util::copy_string(candidate.c_str()); break; } } @@ -373,7 +374,7 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T if ( separators.empty_field.empty() && s.empty() ) length = 0; - threading::Value** lvals = new threading::Value* [length]; + zeek::threading::Value** lvals = new zeek::threading::Value* [length]; if ( type == zeek::TYPE_TABLE ) { @@ -409,7 +410,7 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, zeek::T break; } - threading::Value* newval = ParseValue(element, name, subtype); + zeek::threading::Value* newval = ParseValue(element, name, subtype); if ( newval == nullptr ) { GetThread()->Warning("Error while reading set or vector"); @@ -474,7 +475,7 @@ parse_error: bool Ascii::CheckNumberError(const char* start, const char* end) const { - threading::MsgThread* thread = GetThread(); + zeek::threading::MsgThread* thread = GetThread(); if ( end == start && *end != '\0' ) { thread->Warning(thread->Fmt("String '%s' contained no parseable number", start)); @@ -504,3 +505,5 @@ bool Ascii::CheckNumberError(const char* start, const char* end) const return false; } + +} // namespace zeek::threading::formatter diff --git a/src/threading/formatters/Ascii.h b/src/threading/formatters/Ascii.h index b010e29b90..f8b0607a0c 100644 --- a/src/threading/formatters/Ascii.h +++ b/src/threading/formatters/Ascii.h @@ -4,9 +4,9 @@ #include "../Formatter.h" -namespace threading { namespace formatter { +namespace zeek::threading::formatter { -class Ascii final : public Formatter { +class Ascii final : public zeek::threading::Formatter { public: /** * A struct to pass the necessary configuration values to the @@ -44,14 +44,14 @@ public: * @param info SeparatorInfo structure defining the necessary * separators. */ - Ascii(threading::MsgThread* t, const SeparatorInfo& info); + Ascii(zeek::threading::MsgThread* t, const SeparatorInfo& info); virtual ~Ascii(); - virtual bool Describe(zeek::ODesc* desc, threading::Value* val, const std::string& name = "") const; - virtual bool Describe(zeek::ODesc* desc, int num_fields, const threading::Field* const * fields, - threading::Value** vals) const; - virtual threading::Value* ParseValue(const std::string& s, const std::string& name, - zeek::TypeTag type, zeek::TypeTag subtype = zeek::TYPE_ERROR) const; + virtual bool Describe(zeek::ODesc* desc, zeek::threading::Value* val, const std::string& name = "") const; + virtual bool Describe(zeek::ODesc* desc, int num_fields, const zeek::threading::Field* const * fields, + zeek::threading::Value** vals) const; + virtual zeek::threading::Value* ParseValue(const std::string& s, const std::string& name, + zeek::TypeTag type, zeek::TypeTag subtype = zeek::TYPE_ERROR) const; private: bool CheckNumberError(const char* start, const char* end) const; @@ -59,4 +59,10 @@ private: SeparatorInfo separators; }; -}} +} // namespace zeek::threading::formatter + +namespace threading::formatter { + +using Ascii [[deprecated("Remove in v4.1. Use zeek::threading::formatter::Ascii.")]] = zeek::threading::formatter::Ascii; + +} // namespace threading::formatter diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index e7563d78b5..eb41ca1e55 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -16,7 +16,7 @@ #include #include -using namespace threading::formatter; +namespace zeek::threading::formatter { bool JSON::NullDoubleWriter::Double(double d) { @@ -26,7 +26,7 @@ bool JSON::NullDoubleWriter::Double(double d) return rapidjson::Writer::Double(d); } -JSON::JSON(MsgThread* t, TimeFormat tf) : Formatter(t), surrounding_braces(true) +JSON::JSON(zeek::threading::MsgThread* t, TimeFormat tf) : zeek::threading::Formatter(t), surrounding_braces(true) { timestamps = tf; } @@ -35,8 +35,8 @@ JSON::~JSON() { } -bool JSON::Describe(zeek::ODesc* desc, int num_fields, const Field* const * fields, - Value** vals) const +bool JSON::Describe(zeek::ODesc* desc, int num_fields, const zeek::threading::Field* const * fields, + zeek::threading::Value** vals) const { rapidjson::StringBuffer buffer; NullDoubleWriter writer(buffer); @@ -55,7 +55,7 @@ bool JSON::Describe(zeek::ODesc* desc, int num_fields, const Field* const * fiel return true; } -bool JSON::Describe(zeek::ODesc* desc, Value* val, const std::string& name) const +bool JSON::Describe(zeek::ODesc* desc, zeek::threading::Value* val, const std::string& name) const { if ( desc->IsBinary() ) { @@ -78,13 +78,14 @@ bool JSON::Describe(zeek::ODesc* desc, Value* val, const std::string& name) cons return true; } -threading::Value* JSON::ParseValue(const std::string& s, const std::string& name, zeek::TypeTag type, zeek::TypeTag subtype) const +zeek::threading::Value* JSON::ParseValue(const std::string& s, const std::string& name, + zeek::TypeTag type, zeek::TypeTag subtype) const { GetThread()->Error("JSON formatter does not support parsing yet."); return nullptr; } -void JSON::BuildJSON(NullDoubleWriter& writer, Value* val, const std::string& name) const +void JSON::BuildJSON(NullDoubleWriter& writer, zeek::threading::Value* val, const std::string& name) const { if ( ! val->present ) { @@ -173,7 +174,8 @@ void JSON::BuildJSON(NullDoubleWriter& writer, Value* val, const std::string& na case zeek::TYPE_FILE: case zeek::TYPE_FUNC: { - writer.String(json_escape_utf8(std::string(val->val.string_val.data, val->val.string_val.length))); + writer.String(zeek::util::json_escape_utf8( + std::string(val->val.string_val.data, val->val.string_val.length))); break; } @@ -204,3 +206,5 @@ void JSON::BuildJSON(NullDoubleWriter& writer, Value* val, const std::string& na break; } } + +} // namespace zeek::threading::formatter diff --git a/src/threading/formatters/JSON.h b/src/threading/formatters/JSON.h index a02d8367c6..70fac3089e 100644 --- a/src/threading/formatters/JSON.h +++ b/src/threading/formatters/JSON.h @@ -8,13 +8,13 @@ #include "../Formatter.h" -namespace threading { namespace formatter { +namespace zeek::threading::formatter { /** * A thread-safe class for converting values into a JSON representation * and vice versa. */ -class JSON : public Formatter { +class JSON : public zeek::threading::Formatter { public: enum TimeFormat { TS_EPOCH, // Doubles that represents seconds from the UNIX epoch. @@ -22,14 +22,14 @@ public: TS_MILLIS // Milliseconds from the UNIX epoch. Some consumers need this (e.g., elasticsearch). }; - JSON(threading::MsgThread* t, TimeFormat tf); + JSON(zeek::threading::MsgThread* t, TimeFormat tf); ~JSON() override; - bool Describe(zeek::ODesc* desc, threading::Value* val, const std::string& name = "") const override; - bool Describe(zeek::ODesc* desc, int num_fields, const threading::Field* const * fields, - threading::Value** vals) const override; - threading::Value* ParseValue(const std::string& s, const std::string& name, zeek::TypeTag type, - zeek::TypeTag subtype = zeek::TYPE_ERROR) const override; + bool Describe(zeek::ODesc* desc, zeek::threading::Value* val, const std::string& name = "") const override; + bool Describe(zeek::ODesc* desc, int num_fields, const zeek::threading::Field* const * fields, + zeek::threading::Value** vals) const override; + zeek::threading::Value* ParseValue(const std::string& s, const std::string& name, zeek::TypeTag type, + zeek::TypeTag subtype = zeek::TYPE_ERROR) const override; class NullDoubleWriter : public rapidjson::Writer { public: @@ -38,10 +38,16 @@ public: }; private: - void BuildJSON(NullDoubleWriter& writer, Value* val, const std::string& name = "") const; + void BuildJSON(NullDoubleWriter& writer, zeek::threading::Value* val, const std::string& name = "") const; TimeFormat timestamps; bool surrounding_braces; }; -}} +} // namespace zeek::threading::formatter + +namespace threading::formatter { + +using JSON [[deprecated("Remove in v4.1. Use zeek::threading::formatter::JSON.")]] = zeek::threading::formatter::JSON; + +} // namespace threading::formatter diff --git a/src/util.cc b/src/util.cc index 417aed4d2b..36f3d19139 100644 --- a/src/util.cc +++ b/src/util.cc @@ -52,7 +52,7 @@ #include "Obj.h" #include "Val.h" #include "NetVar.h" -#include "Net.h" +#include "RunState.h" #include "Reporter.h" #include "iosource/Manager.h" #include "iosource/PktSrc.h" @@ -70,6 +70,13 @@ using namespace std; +extern const char* proc_status_file; + +static bool can_read(const string& path) + { + return access(path.c_str(), R_OK) == 0; + } + static bool starts_with(std::string_view s, std::string_view beginning) { if ( beginning.size() > s.size() ) @@ -100,6 +107,11 @@ TEST_CASE("util ends_with") CHECK(ends_with("abcde", "abcedf") == false); } +static string zeek_path_value; + +namespace zeek::util { +namespace detail { + TEST_CASE("util extract_ip") { CHECK(extract_ip("[1.2.3.4]") == "1.2.3.4"); @@ -162,6 +174,863 @@ std::string extract_ip_and_len(const std::string& i, int* len) return extract_ip(i.substr(0, pos)); } + +static constexpr int parse_octal_digit(char ch) noexcept + { + if ( ch >= '0' && ch <= '7' ) + return ch - '0'; + else + return -1; + } + +static constexpr int parse_hex_digit(char ch) noexcept + { + if ( ch >= '0' && ch <= '9' ) + return ch - '0'; + else if ( ch >= 'a' && ch <= 'f' ) + return 10 + ch - 'a'; + else if ( ch >= 'A' && ch <= 'F' ) + return 10 + ch - 'A'; + else + return -1; + } + +int expand_escape(const char*& s) + { + switch ( *(s++) ) { + case 'b': return '\b'; + case 'f': return '\f'; + case 'n': return '\n'; + case 'r': return '\r'; + case 't': return '\t'; + case 'a': return '\a'; + case 'v': return '\v'; + + case '0': case '1': case '2': case '3': case '4': + case '5': case '6': case '7': + { // \{1,3} + --s; // put back the first octal digit + const char* start = s; + + // require at least one octal digit and parse at most three + + int result = parse_octal_digit(*s++); + + if ( result < 0 ) + { + zeek::reporter->Error("bad octal escape: %s", start); + return 0; + } + + // second digit? + int digit = parse_octal_digit(*s); + + if ( digit >= 0 ) + { + result = (result << 3) | digit; + ++s; + + // third digit? + digit = parse_octal_digit(*s); + + if ( digit >= 0 ) + { + result = (result << 3) | digit; + ++s; + } + } + + return result; + } + + case 'x': + { /* \x */ + const char* start = s; + + // Look at most 2 characters, so that "\x0ddir" -> "^Mdir". + + int result = parse_hex_digit(*s++); + + if ( result < 0 ) + { + zeek::reporter->Error("bad hexadecimal escape: %s", start); + return 0; + } + + // second digit? + int digit = parse_hex_digit(*s); + + if ( digit >= 0 ) + { + result = (result << 4) | digit; + ++s; + } + + return result; + } + + default: + return s[-1]; + } + } + +const char* fmt_access_time(double t) + { + static char buf[256]; + time_t time = (time_t) t; + struct tm ts; + + if ( ! localtime_r(&time, &ts) ) + { + zeek::reporter->InternalError("unable to get time"); + } + + strftime(buf, sizeof(buf), "%d/%m-%H:%M", &ts); + return buf; + } + +bool ensure_intermediate_dirs(const char* dirname) + { + if ( ! dirname || strlen(dirname) == 0 ) + return false; + + bool absolute = dirname[0] == '/'; + string path = normalize_path(dirname); + + const auto path_components = tokenize_string(path, '/'); + + string current_dir; + + for ( size_t i = 0; i < path_components.size(); ++i ) + { + if ( i > 0 || absolute ) + current_dir += "/"; + + current_dir += path_components[i]; + + if ( ! ensure_dir(current_dir.c_str()) ) + return false; + } + + return true; + } + +bool ensure_dir(const char *dirname) + { + if ( mkdir(dirname, 0700) == 0 ) + return true; + + auto mkdir_errno = errno; + struct stat st; + + if ( stat(dirname, &st) == -1 ) + { + // Show the original failure reason for mkdir() since nothing's there + // or we can't even tell what is now. + zeek::reporter->Warning("can't create directory %s: %s", + dirname, strerror(mkdir_errno)); + return false; + } + + if ( S_ISDIR(st.st_mode) ) + return true; + + zeek::reporter->Warning("%s exists but is not a directory", dirname); + return false; + } + +void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]) + { + if ( ! zeek::detail::KeyedHash::seeds_initialized ) + zeek::reporter->InternalError("HMAC-MD5 invoked before the HMAC key is set"); + + zeek::detail::internal_md5(bytes, size, digest); + + for ( int i = 0; i < 16; ++i ) + digest[i] ^= zeek::detail::KeyedHash::shared_hmac_md5_key[i]; + + zeek::detail::internal_md5(digest, 16, digest); + } + +static bool read_random_seeds(const char* read_file, uint32_t* seed, + std::array& buf) + { + FILE* f = nullptr; + + if ( ! (f = fopen(read_file, "r")) ) + { + zeek::reporter->Warning("Could not open seed file '%s': %s", + read_file, strerror(errno)); + return false; + } + + // Read seed for srandom(). + if ( fscanf(f, "%u", seed) != 1 ) + { + fclose(f); + return false; + } + + // Read seeds for hmac-md5/siphash/highwayhash. + for ( auto &v : buf ) + { + int tmp; + if ( fscanf(f, "%u", &tmp) != 1 ) + { + fclose(f); + return false; + } + + v = tmp; + } + + fclose(f); + return true; + } + +static bool write_random_seeds(const char* write_file, uint32_t seed, + std::array& buf) + { + FILE* f = nullptr; + + if ( ! (f = fopen(write_file, "w+")) ) + { + zeek::reporter->Warning("Could not create seed file '%s': %s", + write_file, strerror(errno)); + return false; + } + + fprintf(f, "%u\n", seed); + + for ( const auto &v: buf ) + fprintf(f, "%u\n", v); + + fclose(f); + return true; + } + +static bool zeek_rand_determistic = false; +static long int zeek_rand_state = 0; +static bool first_seed_saved = false; +static unsigned int first_seed = 0; + +static void zeek_srandom(unsigned int seed, bool deterministic) + { + zeek_rand_state = seed == 0 ? 1 : seed; + zeek_rand_determistic = deterministic; + + srandom(seed); + } + +void seed_random(unsigned int seed) + { + if ( zeek_rand_determistic ) + zeek_rand_state = seed == 0 ? 1 : seed; + else + srandom(seed); + } + +void init_random_seed(const char* read_file, const char* write_file, + bool use_empty_seeds) + { + std::array buf = {}; + size_t pos = 0; // accumulates entropy + bool seeds_done = false; + uint32_t seed = 0; + + if ( read_file ) + { + if ( ! read_random_seeds(read_file, &seed, buf) ) + zeek::reporter->FatalError("Could not load seeds from file '%s'.\n", + read_file); + else + seeds_done = true; + } + else if ( use_empty_seeds ) + seeds_done = true; + + if ( ! seeds_done ) + { +#ifdef HAVE_GETRANDOM + // getrandom() guarantees reads up to 256 bytes are always successful, + assert(sizeof(buf) < 256); + auto nbytes = getrandom(buf.data(), sizeof(buf), 0); + assert(nbytes == sizeof(buf)); + pos += nbytes / sizeof(uint32_t); +#else + // Gather up some entropy. + gettimeofday((struct timeval *)(buf.data() + pos), 0); + pos += sizeof(struct timeval) / sizeof(uint32_t); + + // use urandom. For reasons see e.g. http://www.2uo.de/myths-about-urandom/ +#if defined(O_NONBLOCK) + int fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK); +#elif defined(O_NDELAY) + int fd = open("/dev/urandom", O_RDONLY | O_NDELAY); +#else + int fd = open("/dev/urandom", O_RDONLY); +#endif + + if ( fd >= 0 ) + { + int amt = read(fd, buf.data() + pos, + sizeof(uint32_t) * (zeek::detail::KeyedHash::SEED_INIT_SIZE - pos)); + safe_close(fd); + + if ( amt > 0 ) + pos += amt / sizeof(uint32_t); + else + // Clear errno, which can be set on some + // systems due to a lack of entropy. + errno = 0; + } +#endif + + if ( pos < zeek::detail::KeyedHash::SEED_INIT_SIZE ) + zeek::reporter->FatalError("Could not read enough random data. Wanted %d, got %zu", + zeek::detail::KeyedHash::SEED_INIT_SIZE, pos); + + if ( ! seed ) + { + for ( size_t i = 0; i < pos; ++i ) + { + seed ^= buf[i]; + seed = (seed << 1) | (seed >> 31); + } + } + else + seeds_done = true; + } + + zeek_srandom(seed, seeds_done); + + if ( ! first_seed_saved ) + { + first_seed = seed; + first_seed_saved = true; + } + + if ( ! zeek::detail::KeyedHash::IsInitialized() ) + zeek::detail::KeyedHash::InitializeSeeds(buf); + + if ( write_file && ! write_random_seeds(write_file, seed, buf) ) + zeek::reporter->Error("Could not write seeds to file '%s'.\n", + write_file); + } + +unsigned int initial_seed() + { + return first_seed; + } + +bool have_random_seed() + { + return zeek_rand_determistic; + } + +constexpr uint32_t zeek_prng_mod = 2147483647; +constexpr uint32_t zeek_prng_max = zeek_prng_mod - 1; + +long int max_random() + { + return zeek_rand_determistic ? zeek_prng_max : RAND_MAX; + } + +long int prng(long int state) + { + // Use our own simple linear congruence PRNG to make sure we are + // predictable across platforms. (Lehmer RNG, Schrage's method) + // Note: the choice of "long int" storage type for the state is mostly + // for parity with the possible return values of random(). + constexpr uint32_t m = zeek_prng_mod; + constexpr uint32_t a = 16807; + constexpr uint32_t q = m / a; + constexpr uint32_t r = m % a; + + uint32_t rem = state % q; + uint32_t div = state / q; + int32_t s = a * rem; + int32_t t = r * div; + int32_t res = s - t; + + if ( res < 0 ) + res += m; + + return res; + } + +long int random_number() + { + if ( ! zeek_rand_determistic ) + return random(); // Use system PRNG. + + zeek_rand_state = detail::prng(zeek_rand_state); + + return zeek_rand_state; + } + +// Returns a 64-bit random string. +uint64_t rand64bit() + { + uint64_t base = 0; + int i; + + for ( i = 1; i <= 4; ++i ) + base = (base<<16) | detail::random_number(); + return base; + } + +const array script_extensions = {".zeek", ".bro"}; + +void warn_if_legacy_script(std::string_view filename) + { + if ( ends_with(filename, ".bro") ) + { + std::string x(filename); + zeek::reporter->Warning("Loading script '%s' with legacy extension, support for '.bro' will be removed in Zeek v4.1", x.c_str()); + } + } + +TEST_CASE("util is_package_loader") + { + CHECK(is_package_loader("/some/path/__load__.zeek") == true); + CHECK(is_package_loader("/some/path/notload.zeek") == false); + } + +bool is_package_loader(const string& path) + { + string filename(std::move(SafeBasename(path).result)); + + for ( const string& ext : script_extensions ) + { + if ( filename == "__load__" + ext ) + { + warn_if_legacy_script(filename); + return true; + } + } + + return false; + } + +void add_to_zeek_path(const string& dir) + { + // Make sure path is initialized. + zeek_path(); + + zeek_path_value += string(":") + dir; + } + +FILE* open_package(string& path, const string& mode) + { + string arg_path = path; + path.append("/__load__"); + + for ( const string& ext : script_extensions ) + { + string p = path + ext; + if ( can_read(p) ) + { + warn_if_legacy_script(path); + path.append(ext); + return open_file(path, mode); + } + } + + path.append(script_extensions[0]); + string package_loader = "__load__" + script_extensions[0]; + zeek::reporter->Error("Failed to open package '%s': missing '%s' file", + arg_path.c_str(), package_loader.c_str()); + return nullptr; + } + +void SafePathOp::CheckValid(const char* op_result, const char* path, + bool error_aborts) + { + if ( op_result ) + { + result = op_result; + error = false; + } + else + { + if ( error_aborts ) + zeek::reporter->InternalError("Path operation failed on %s: %s", + path ? path : "", strerror(errno)); + else + error = true; + } + } + +TEST_CASE("util flatten_script_name") + { + CHECK(flatten_script_name("script", "some/path") == "some.path.script"); + CHECK(flatten_script_name("other/path/__load__.zeek", "some/path") == "some.path.other.path"); + CHECK(flatten_script_name("path/to/script", "") == "path.to.script"); + } + +string flatten_script_name(const string& name, const string& prefix) + { + string rval = prefix; + + if ( ! rval.empty() ) + rval.append("."); + + if ( is_package_loader(name) ) + rval.append(SafeDirname(name).result); + else + rval.append(name); + + size_t i; + + while ( (i = rval.find('/')) != string::npos ) + rval[i] = '.'; + + return rval; + } + +TEST_CASE("util normalize_path") + { + CHECK(normalize_path("/1/2/3") == "/1/2/3"); + CHECK(normalize_path("/1/./2/3") == "/1/2/3"); + CHECK(normalize_path("/1/2/../3") == "/1/3"); + CHECK(normalize_path("1/2/3/") == "1/2/3"); + CHECK(normalize_path("1/2//3///") == "1/2/3"); + CHECK(normalize_path("~/zeek/testing") == "~/zeek/testing"); + CHECK(normalize_path("~jon/zeek/testing") == "~jon/zeek/testing"); + CHECK(normalize_path("~jon/./zeek/testing") == "~jon/zeek/testing"); + CHECK(normalize_path("~/zeek/testing/../././.") == "~/zeek"); + CHECK(normalize_path("./zeek") == "./zeek"); + CHECK(normalize_path("../zeek") == "../zeek"); + CHECK(normalize_path("../zeek/testing/..") == "../zeek"); + CHECK(normalize_path("./zeek/..") == "."); + CHECK(normalize_path("./zeek/../..") == ".."); + CHECK(normalize_path("./zeek/../../..") == "../.."); + CHECK(normalize_path("./..") == ".."); + CHECK(normalize_path("../..") == "../.."); + CHECK(normalize_path("/..") == "/.."); + CHECK(normalize_path("~/..") == "~/.."); + CHECK(normalize_path("/../..") == "/../.."); + CHECK(normalize_path("~/../..") == "~/../.."); + CHECK(normalize_path("zeek/..") == ""); + CHECK(normalize_path("zeek/../..") == ".."); + } + +string normalize_path(std::string_view path) + { + if ( path.find("/.") == std::string_view::npos && + path.find("//") == std::string_view::npos ) + { + // no need to normalize anything + if ( path.size() > 1 && path.back() == '/' ) + path.remove_suffix(1); + return std::string(path); + } + + size_t n; + vector final_components; + string new_path; + new_path.reserve(path.size()); + + if ( ! path.empty() && path[0] == '/' ) + new_path = "/"; + + const auto components = tokenize_string(path, '/'); + final_components.reserve(components.size()); + + for ( auto it = components.begin(); it != components.end(); ++it ) + { + if ( *it == "" ) continue; + if ( *it == "." && it != components.begin() ) continue; + + final_components.push_back(*it); + + if ( *it == ".." ) + { + auto cur_idx = final_components.size() - 1; + + if ( cur_idx != 0 ) + { + auto last_idx = cur_idx - 1; + auto& last_component = final_components[last_idx]; + + if ( last_component == "/" || last_component == "~" || + last_component == ".." ) + continue; + + if ( last_component == "." ) + { + last_component = ".."; + final_components.pop_back(); + } + else + { + final_components.pop_back(); + final_components.pop_back(); + } + } + } + } + + for ( auto it = final_components.begin(); it != final_components.end(); ++it ) + { + new_path.append(*it); + new_path.append("/"); + } + + if ( new_path.size() > 1 && new_path[new_path.size() - 1] == '/' ) + new_path.erase(new_path.size() - 1); + + return new_path; + } + +string without_zeekpath_component(std::string_view path) + { + string rval = normalize_path(path); + + const auto paths = tokenize_string(zeek_path(), ':'); + + for ( size_t i = 0; i < paths.size(); ++i ) + { + string common = normalize_path(paths[i]); + + if ( rval.find(common) != 0 ) + continue; + + // Found the containing directory. + std::string_view v(rval); + v.remove_prefix(common.size()); + + // Remove leading path separators. + while ( !v.empty() && v.front() == '/' ) + v.remove_prefix(1); + + return std::string(v); + } + + return rval; + } + +std::string get_exe_path(const std::string& invocation) + { + if ( invocation.empty() ) + return ""; + + if ( invocation[0] == '/' || invocation[0] == '~' ) + // Absolute path + return invocation; + + if ( invocation.find('/') != std::string::npos ) + { + // Relative path + char cwd[PATH_MAX]; + + if ( ! getcwd(cwd, sizeof(cwd)) ) + { + fprintf(stderr, "failed to get current directory: %s\n", + strerror(errno)); + exit(1); + } + + return std::string(cwd) + "/" + invocation; + } + + auto path = getenv("PATH"); + + if ( ! path ) + return ""; + + return find_file(invocation, path); + } + +FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info) + { + // Build file names. + const int buflen = strlen(name) + 128; + + auto newname_buf = std::make_unique(buflen); + auto tmpname_buf = std::make_unique(buflen + 4); + auto newname = newname_buf.get(); + auto tmpname = tmpname_buf.get(); + + snprintf(newname, buflen, "%s.%d.%.06f.tmp", + name, getpid(), zeek::run_state::network_time); + newname[buflen-1] = '\0'; + strcpy(tmpname, newname); + strcat(tmpname, ".tmp"); + + // First open the new file using a temporary name. + FILE* newf = fopen(tmpname, "w"); + if ( ! newf ) + { + zeek::reporter->Error("rotate_file: can't open %s: %s", tmpname, strerror(errno)); + return nullptr; + } + + // Then move old file to ".." and make sure + // it really gets created. + struct stat dummy; + if ( link(name, newname) < 0 || stat(newname, &dummy) < 0 ) + { + zeek::reporter->Error("rotate_file: can't move %s to %s: %s", name, newname, strerror(errno)); + fclose(newf); + unlink(newname); + unlink(tmpname); + return nullptr; + } + + // Close current file, and move the tmp to its place. + if ( unlink(name) < 0 || link(tmpname, name) < 0 || unlink(tmpname) < 0 ) + { + zeek::reporter->Error("rotate_file: can't move %s to %s: %s", tmpname, name, strerror(errno)); + exit(1); // hard to fix, but shouldn't happen anyway... + } + + // Init rotate_info. + if ( rotate_info ) + { + rotate_info->Assign(0, name); + rotate_info->Assign(1, newname); + rotate_info->Assign(2, zeek::run_state::network_time); + rotate_info->Assign(3, zeek::run_state::network_time); + } + + return newf; + } + +const char* log_file_name(const char* tag) + { + const char* env = zeekenv("ZEEK_LOG_SUFFIX"); + return fmt("%s.%s", tag, (env ? env : "log")); + } + +double parse_rotate_base_time(const char* rotate_base_time) + { + double base = -1; + + if ( rotate_base_time && rotate_base_time[0] != '\0' ) + { + struct tm t; + if ( ! strptime(rotate_base_time, "%H:%M", &t) ) + zeek::reporter->Error("calc_next_rotate(): can't parse rotation base time"); + else + base = t.tm_min * 60 + t.tm_hour * 60 * 60; + } + + return base; + } + +double calc_next_rotate(double current, double interval, double base) + { + if ( ! interval ) + { + zeek::reporter->Error("calc_next_rotate(): interval is zero, falling back to 24hrs"); + interval = 86400; + } + + // Calculate start of day. + time_t teatime = time_t(current); + + struct tm t; + if ( ! localtime_r(&teatime, &t) ) + { + zeek::reporter->Error("calc_next_rotate(): failure processing current time (%.6f)", current); + + // fall back to the method used if no base time is given + base = -1; + } + + if ( base < 0 ) + // No base time given. To get nice timestamps, we round + // the time up to the next multiple of the rotation interval. + return floor(current / interval) * interval + + interval - current; + + t.tm_hour = t.tm_min = t.tm_sec = 0; + double startofday = mktime(&t); + + // current < startofday + base + i * interval <= current + interval + return startofday + base + + ceil((current - startofday - base) / interval) * interval - + current; + } + +void terminate_processing() + { + if ( ! zeek::run_state::terminating ) + raise(SIGTERM); + } + +void set_processing_status(const char* status, const char* reason) + { + if ( ! proc_status_file ) + return; + + // This function can be called from a signal context, so we have to + // make sure to only call reentrant functions and to restore errno + // afterwards. + + int old_errno = errno; + + int fd = open(proc_status_file, O_CREAT | O_WRONLY | O_TRUNC, 0700); + + if ( fd < 0 ) + { + char buf[256]; + zeek_strerror_r(errno, buf, sizeof(buf)); + if ( zeek::reporter ) + zeek::reporter->Error("Failed to open process status file '%s': %s", + proc_status_file, buf); + else + fprintf(stderr, "Failed to open process status file '%s': %s\n", + proc_status_file, buf); + errno = old_errno; + return; + } + + auto write_str = [](int fd, const char* s) + { + int len = strlen(s); + while ( len ) + { + int n = write(fd, s, len); + + if ( n < 0 && errno != EINTR && errno != EAGAIN ) + // Ignore errors, as they're too difficult to + // safely report here. + break; + + s += n; + len -= n; + } + }; + + write_str(fd, status); + write_str(fd, " ["); + write_str(fd, reason); + write_str(fd, "]\n"); + safe_close(fd); + + errno = old_errno; + } + +void set_thread_name(const char* name, pthread_t tid) + { +#ifdef HAVE_LINUX + prctl(PR_SET_NAME, name, 0, 0, 0); +#endif + +#ifdef __APPLE__ + pthread_setname_np(name); +#endif + +#ifdef __FreeBSD__ + pthread_set_name_np(tid, name); +#endif + } + +} // namespace detail + TEST_CASE("util get_unescaped_string") { CHECK(get_unescaped_string("abcde") == "abcde"); @@ -300,105 +1169,6 @@ int streq(const char* s1, const char* s2) return ! strcmp(s1, s2); } -static constexpr int parse_octal_digit(char ch) noexcept - { - if ( ch >= '0' && ch <= '7' ) - return ch - '0'; - else - return -1; - } - -static constexpr int parse_hex_digit(char ch) noexcept - { - if ( ch >= '0' && ch <= '9' ) - return ch - '0'; - else if ( ch >= 'a' && ch <= 'f' ) - return 10 + ch - 'a'; - else if ( ch >= 'A' && ch <= 'F' ) - return 10 + ch - 'A'; - else - return -1; - } - -int expand_escape(const char*& s) - { - switch ( *(s++) ) { - case 'b': return '\b'; - case 'f': return '\f'; - case 'n': return '\n'; - case 'r': return '\r'; - case 't': return '\t'; - case 'a': return '\a'; - case 'v': return '\v'; - - case '0': case '1': case '2': case '3': case '4': - case '5': case '6': case '7': - { // \{1,3} - --s; // put back the first octal digit - const char* start = s; - - // require at least one octal digit and parse at most three - - int result = parse_octal_digit(*s++); - - if ( result < 0 ) - { - zeek::reporter->Error("bad octal escape: %s", start); - return 0; - } - - // second digit? - int digit = parse_octal_digit(*s); - - if ( digit >= 0 ) - { - result = (result << 3) | digit; - ++s; - - // third digit? - digit = parse_octal_digit(*s); - - if ( digit >= 0 ) - { - result = (result << 3) | digit; - ++s; - } - } - - return result; - } - - case 'x': - { /* \x */ - const char* start = s; - - // Look at most 2 characters, so that "\x0ddir" -> "^Mdir". - - int result = parse_hex_digit(*s++); - - if ( result < 0 ) - { - zeek::reporter->Error("bad hexadecimal escape: %s", start); - return 0; - } - - // second digit? - int digit = parse_hex_digit(*s); - - if ( digit >= 0 ) - { - result = (result << 4) | digit; - ++s; - } - - return result; - } - - default: - return s[-1]; - } - } - char* skip_whitespace(char* s) { while ( *s == ' ' || *s == '\t' ) @@ -858,71 +1628,6 @@ const char* fmt(const char* format, ...) return rval; } -const char* fmt_access_time(double t) - { - static char buf[256]; - time_t time = (time_t) t; - struct tm ts; - - if ( ! localtime_r(&time, &ts) ) - { - zeek::reporter->InternalError("unable to get time"); - } - - strftime(buf, sizeof(buf), "%d/%m-%H:%M", &ts); - return buf; - } - -bool ensure_intermediate_dirs(const char* dirname) - { - if ( ! dirname || strlen(dirname) == 0 ) - return false; - - bool absolute = dirname[0] == '/'; - string path = normalize_path(dirname); - - const auto path_components = tokenize_string(path, '/'); - - string current_dir; - - for ( size_t i = 0; i < path_components.size(); ++i ) - { - if ( i > 0 || absolute ) - current_dir += "/"; - - current_dir += path_components[i]; - - if ( ! ensure_dir(current_dir.c_str()) ) - return false; - } - - return true; - } - -bool ensure_dir(const char *dirname) - { - if ( mkdir(dirname, 0700) == 0 ) - return true; - - auto mkdir_errno = errno; - struct stat st; - - if ( stat(dirname, &st) == -1 ) - { - // Show the original failure reason for mkdir() since nothing's there - // or we can't even tell what is now. - zeek::reporter->Warning("can't create directory %s: %s", - dirname, strerror(mkdir_errno)); - return false; - } - - if ( S_ISDIR(st.st_mode) ) - return true; - - zeek::reporter->Warning("%s exists but is not a directory", dirname); - return false; - } - bool is_dir(const std::string& path) { struct stat st; @@ -995,266 +1700,10 @@ std::string strstrip(std::string s) return s; } -void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]) - { - if ( ! zeek::detail::KeyedHash::seeds_initialized ) - zeek::reporter->InternalError("HMAC-MD5 invoked before the HMAC key is set"); - - zeek::detail::internal_md5(bytes, size, digest); - - for ( int i = 0; i < 16; ++i ) - digest[i] ^= zeek::detail::KeyedHash::shared_hmac_md5_key[i]; - - zeek::detail::internal_md5(digest, 16, digest); - } - -static bool read_random_seeds(const char* read_file, uint32_t* seed, - std::array& buf) - { - FILE* f = nullptr; - - if ( ! (f = fopen(read_file, "r")) ) - { - zeek::reporter->Warning("Could not open seed file '%s': %s", - read_file, strerror(errno)); - return false; - } - - // Read seed for srandom(). - if ( fscanf(f, "%u", seed) != 1 ) - { - fclose(f); - return false; - } - - // Read seeds for hmac-md5/siphash/highwayhash. - for ( auto &v : buf ) - { - int tmp; - if ( fscanf(f, "%u", &tmp) != 1 ) - { - fclose(f); - return false; - } - - v = tmp; - } - - fclose(f); - return true; - } - -static bool write_random_seeds(const char* write_file, uint32_t seed, - std::array& buf) - { - FILE* f = nullptr; - - if ( ! (f = fopen(write_file, "w+")) ) - { - zeek::reporter->Warning("Could not create seed file '%s': %s", - write_file, strerror(errno)); - return false; - } - - fprintf(f, "%u\n", seed); - - for ( const auto &v: buf ) - fprintf(f, "%u\n", v); - - fclose(f); - return true; - } - -static bool bro_rand_determistic = false; -static long int bro_rand_state = 0; -static bool first_seed_saved = false; -static unsigned int first_seed = 0; - -static void bro_srandom(unsigned int seed, bool deterministic) - { - bro_rand_state = seed == 0 ? 1 : seed; - bro_rand_determistic = deterministic; - - srandom(seed); - } - -void zeek::seed_random(unsigned int seed) - { - if ( bro_rand_determistic ) - bro_rand_state = seed == 0 ? 1 : seed; - else - srandom(seed); - } - -void bro_srandom(unsigned int seed) - { - zeek::seed_random(seed); - } - -void init_random_seed(const char* read_file, const char* write_file, - bool use_empty_seeds) - { - std::array buf = {}; - size_t pos = 0; // accumulates entropy - bool seeds_done = false; - uint32_t seed = 0; - - if ( read_file ) - { - if ( ! read_random_seeds(read_file, &seed, buf) ) - zeek::reporter->FatalError("Could not load seeds from file '%s'.\n", - read_file); - else - seeds_done = true; - } - else if ( use_empty_seeds ) - seeds_done = true; - - if ( ! seeds_done ) - { -#ifdef HAVE_GETRANDOM - // getrandom() guarantees reads up to 256 bytes are always successful, - assert(sizeof(buf) < 256); - auto nbytes = getrandom(buf.data(), sizeof(buf), 0); - assert(nbytes == sizeof(buf)); - pos += nbytes / sizeof(uint32_t); -#else - // Gather up some entropy. - gettimeofday((struct timeval *)(buf.data() + pos), 0); - pos += sizeof(struct timeval) / sizeof(uint32_t); - - // use urandom. For reasons see e.g. http://www.2uo.de/myths-about-urandom/ -#if defined(O_NONBLOCK) - int fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK); -#elif defined(O_NDELAY) - int fd = open("/dev/urandom", O_RDONLY | O_NDELAY); -#else - int fd = open("/dev/urandom", O_RDONLY); -#endif - - if ( fd >= 0 ) - { - int amt = read(fd, buf.data() + pos, - sizeof(uint32_t) * (zeek::detail::KeyedHash::SEED_INIT_SIZE - pos)); - safe_close(fd); - - if ( amt > 0 ) - pos += amt / sizeof(uint32_t); - else - // Clear errno, which can be set on some - // systems due to a lack of entropy. - errno = 0; - } -#endif - - if ( pos < zeek::detail::KeyedHash::SEED_INIT_SIZE ) - zeek::reporter->FatalError("Could not read enough random data. Wanted %d, got %zu", - zeek::detail::KeyedHash::SEED_INIT_SIZE, pos); - - if ( ! seed ) - { - for ( size_t i = 0; i < pos; ++i ) - { - seed ^= buf[i]; - seed = (seed << 1) | (seed >> 31); - } - } - else - seeds_done = true; - } - - bro_srandom(seed, seeds_done); - - if ( ! first_seed_saved ) - { - first_seed = seed; - first_seed_saved = true; - } - - if ( ! zeek::detail::KeyedHash::IsInitialized() ) - zeek::detail::KeyedHash::InitializeSeeds(buf); - - if ( write_file && ! write_random_seeds(write_file, seed, buf) ) - zeek::reporter->Error("Could not write seeds to file '%s'.\n", - write_file); - } - -unsigned int initial_seed() - { - return first_seed; - } - -bool have_random_seed() - { - return bro_rand_determistic; - } - -constexpr uint32_t zeek_prng_mod = 2147483647; -constexpr uint32_t zeek_prng_max = zeek_prng_mod - 1; - -long int zeek::max_random() - { - return bro_rand_determistic ? zeek_prng_max : RAND_MAX; - } - -long int zeek::prng(long int state) - { - // Use our own simple linear congruence PRNG to make sure we are - // predictable across platforms. (Lehmer RNG, Schrage's method) - // Note: the choice of "long int" storage type for the state is mostly - // for parity with the possible return values of random(). - constexpr uint32_t m = zeek_prng_mod; - constexpr uint32_t a = 16807; - constexpr uint32_t q = m / a; - constexpr uint32_t r = m % a; - - uint32_t rem = state % q; - uint32_t div = state / q; - int32_t s = a * rem; - int32_t t = r * div; - int32_t res = s - t; - - if ( res < 0 ) - res += m; - - return res; - } - -unsigned int bro_prng(unsigned int state) - { - return zeek::prng(state); - } - -long int zeek::random_number() - { - if ( ! bro_rand_determistic ) - return random(); // Use system PRNG. - - bro_rand_state = zeek::prng(bro_rand_state); - - return bro_rand_state; - } - -long int bro_random() - { - return zeek::random_number(); - } - -// Returns a 64-bit random string. -uint64_t rand64bit() - { - uint64_t base = 0; - int i; - - for ( i = 1; i <= 4; ++i ) - base = (base<<16) | zeek::random_number(); - return base; - } - int int_list_cmp(const void* v1, const void* v2) { - ptr_compat_int i1 = *(ptr_compat_int*) v1; - ptr_compat_int i2 = *(ptr_compat_int*) v2; + std::intptr_t i1 = *(std::intptr_t*) v1; + std::intptr_t i2 = *(std::intptr_t*) v2; if ( i1 < i2 ) return -1; @@ -1264,32 +1713,22 @@ int int_list_cmp(const void* v1, const void* v2) return 1; } -static string bro_path_value; - -const std::string& bro_path() +const std::string& zeek_path() { - if ( bro_path_value.empty() ) + if ( zeek_path_value.empty() ) { const char* path = zeekenv("ZEEKPATH"); if ( ! path ) path = DEFAULT_ZEEKPATH; - bro_path_value = path; + zeek_path_value = path; } - return bro_path_value; + return zeek_path_value; } -extern void add_to_bro_path(const string& dir) - { - // Make sure path is initialized. - bro_path(); - - bro_path_value += string(":") + dir; - } - -const char* bro_plugin_path() +const char* zeek_plugin_path() { const char* path = zeekenv("ZEEK_PLUGIN_PATH"); @@ -1299,7 +1738,7 @@ const char* bro_plugin_path() return path; } -const char* bro_plugin_activate() +const char* zeek_plugin_activate() { const char* names = zeekenv("ZEEK_PLUGIN_ACTIVATE"); @@ -1309,11 +1748,11 @@ const char* bro_plugin_activate() return names; } -string bro_prefixes() +string zeek_prefixes() { string rval; - for ( const auto& prefix : zeek_script_prefixes ) + for ( const auto& prefix : zeek::detail::zeek_script_prefixes ) { if ( ! rval.empty() ) rval.append(":"); @@ -1323,39 +1762,6 @@ string bro_prefixes() return rval; } -TEST_CASE("util is_package_loader") - { - CHECK(is_package_loader("/some/path/__load__.zeek") == true); - CHECK(is_package_loader("/some/path/notload.zeek") == false); - } - -const array script_extensions = {".zeek", ".bro"}; - -void warn_if_legacy_script(std::string_view filename) - { - if ( ends_with(filename, ".bro") ) - { - std::string x(filename); - zeek::reporter->Warning("Loading script '%s' with legacy extension, support for '.bro' will be removed in Zeek v4.1", x.c_str()); - } - } - -bool is_package_loader(const string& path) - { - string filename(std::move(SafeBasename(path).result)); - - for ( const string& ext : script_extensions ) - { - if ( filename == "__load__" + ext ) - { - warn_if_legacy_script(filename); - return true; - } - } - - return false; - } - FILE* open_file(const string& path, const string& mode) { if ( path.empty() ) @@ -1366,41 +1772,13 @@ FILE* open_file(const string& path, const string& mode) if ( ! rval ) { char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek_strerror_r(errno, buf, sizeof(buf)); zeek::reporter->Error("Failed to open file %s: %s", filename, buf); } return rval; } -static bool can_read(const string& path) - { - return access(path.c_str(), R_OK) == 0; - } - -FILE* open_package(string& path, const string& mode) - { - string arg_path = path; - path.append("/__load__"); - - for ( const string& ext : script_extensions ) - { - string p = path + ext; - if ( can_read(p) ) - { - warn_if_legacy_script(path); - path.append(ext); - return open_file(path, mode); - } - } - - path.append(script_extensions[0]); - string package_loader = "__load__" + script_extensions[0]; - zeek::reporter->Error("Failed to open package '%s': missing '%s' file", - arg_path.c_str(), package_loader.c_str()); - return nullptr; - } - TEST_CASE("util path ops") { SUBCASE("SafeDirname") @@ -1427,24 +1805,6 @@ TEST_CASE("util path ops") } } -void SafePathOp::CheckValid(const char* op_result, const char* path, - bool error_aborts) - { - if ( op_result ) - { - result = op_result; - error = false; - } - else - { - if ( error_aborts ) - zeek::reporter->InternalError("Path operation failed on %s: %s", - path ? path : "", strerror(errno)); - else - error = true; - } - } - SafeDirname::SafeDirname(const char* path, bool error_aborts) : SafePathOp() { @@ -1459,7 +1819,7 @@ SafeDirname::SafeDirname(const string& path, bool error_aborts) void SafeDirname::DoFunc(const string& path, bool error_aborts) { - char* tmp = copy_string(path.c_str()); + char* tmp = zeek::util::copy_string(path.c_str()); CheckValid(dirname(tmp), tmp, error_aborts); delete [] tmp; } @@ -1478,7 +1838,7 @@ SafeBasename::SafeBasename(const string& path, bool error_aborts) void SafeBasename::DoFunc(const string& path, bool error_aborts) { - char* tmp = copy_string(path.c_str()); + char* tmp = zeek::util::copy_string(path.c_str()); CheckValid(basename(tmp), tmp, error_aborts); delete [] tmp; } @@ -1509,33 +1869,6 @@ string implode_string_vector(const std::vector& v, return rval; } -TEST_CASE("util flatten_script_name") - { - CHECK(flatten_script_name("script", "some/path") == "some.path.script"); - CHECK(flatten_script_name("other/path/__load__.zeek", "some/path") == "some.path.other.path"); - CHECK(flatten_script_name("path/to/script", "") == "path.to.script"); - } - -string flatten_script_name(const string& name, const string& prefix) - { - string rval = prefix; - - if ( ! rval.empty() ) - rval.append("."); - - if ( is_package_loader(name) ) - rval.append(SafeDirname(name).result); - else - rval.append(name); - - size_t i; - - while ( (i = rval.find('/')) != string::npos ) - rval[i] = '.'; - - return rval; - } - TEST_CASE("util tokenize_string") { auto v = tokenize_string("/this/is/a/path", "/", nullptr); @@ -1602,128 +1935,6 @@ vector tokenize_string(std::string_view input, const char deli return rval; } -TEST_CASE("util normalize_path") - { - CHECK(normalize_path("/1/2/3") == "/1/2/3"); - CHECK(normalize_path("/1/./2/3") == "/1/2/3"); - CHECK(normalize_path("/1/2/../3") == "/1/3"); - CHECK(normalize_path("1/2/3/") == "1/2/3"); - CHECK(normalize_path("1/2//3///") == "1/2/3"); - CHECK(normalize_path("~/zeek/testing") == "~/zeek/testing"); - CHECK(normalize_path("~jon/zeek/testing") == "~jon/zeek/testing"); - CHECK(normalize_path("~jon/./zeek/testing") == "~jon/zeek/testing"); - CHECK(normalize_path("~/zeek/testing/../././.") == "~/zeek"); - CHECK(normalize_path("./zeek") == "./zeek"); - CHECK(normalize_path("../zeek") == "../zeek"); - CHECK(normalize_path("../zeek/testing/..") == "../zeek"); - CHECK(normalize_path("./zeek/..") == "."); - CHECK(normalize_path("./zeek/../..") == ".."); - CHECK(normalize_path("./zeek/../../..") == "../.."); - CHECK(normalize_path("./..") == ".."); - CHECK(normalize_path("../..") == "../.."); - CHECK(normalize_path("/..") == "/.."); - CHECK(normalize_path("~/..") == "~/.."); - CHECK(normalize_path("/../..") == "/../.."); - CHECK(normalize_path("~/../..") == "~/../.."); - CHECK(normalize_path("zeek/..") == ""); - CHECK(normalize_path("zeek/../..") == ".."); - } - -string normalize_path(std::string_view path) - { - if ( path.find("/.") == std::string_view::npos && - path.find("//") == std::string_view::npos ) - { - // no need to normalize anything - if ( path.size() > 1 && path.back() == '/' ) - path.remove_suffix(1); - return std::string(path); - } - - size_t n; - vector final_components; - string new_path; - new_path.reserve(path.size()); - - if ( ! path.empty() && path[0] == '/' ) - new_path = "/"; - - const auto components = tokenize_string(path, '/'); - final_components.reserve(components.size()); - - for ( auto it = components.begin(); it != components.end(); ++it ) - { - if ( *it == "" ) continue; - if ( *it == "." && it != components.begin() ) continue; - - final_components.push_back(*it); - - if ( *it == ".." ) - { - auto cur_idx = final_components.size() - 1; - - if ( cur_idx != 0 ) - { - auto last_idx = cur_idx - 1; - auto& last_component = final_components[last_idx]; - - if ( last_component == "/" || last_component == "~" || - last_component == ".." ) - continue; - - if ( last_component == "." ) - { - last_component = ".."; - final_components.pop_back(); - } - else - { - final_components.pop_back(); - final_components.pop_back(); - } - } - } - } - - for ( auto it = final_components.begin(); it != final_components.end(); ++it ) - { - new_path.append(*it); - new_path.append("/"); - } - - if ( new_path.size() > 1 && new_path[new_path.size() - 1] == '/' ) - new_path.erase(new_path.size() - 1); - - return new_path; - } - -string without_bropath_component(std::string_view path) - { - string rval = normalize_path(path); - - const auto paths = tokenize_string(bro_path(), ':'); - - for ( size_t i = 0; i < paths.size(); ++i ) - { - string common = normalize_path(paths[i]); - - if ( rval.find(common) != 0 ) - continue; - - // Found the containing directory. - std::string_view v(rval); - v.remove_prefix(common.size()); - - // Remove leading path separators. - while ( !v.empty() && v.front() == '/' ) - v.remove_prefix(1); - - return std::string(v); - } - - return rval; - } - static string find_file_in_path(const string& filename, const string& path, const vector& opt_ext) { @@ -1758,38 +1969,6 @@ static string find_file_in_path(const string& filename, const string& path, return string(); } -std::string get_exe_path(const std::string& invocation) - { - if ( invocation.empty() ) - return ""; - - if ( invocation[0] == '/' || invocation[0] == '~' ) - // Absolute path - return invocation; - - if ( invocation.find('/') != std::string::npos ) - { - // Relative path - char cwd[PATH_MAX]; - - if ( ! getcwd(cwd, sizeof(cwd)) ) - { - fprintf(stderr, "failed to get current directory: %s\n", - strerror(errno)); - exit(1); - } - - return std::string(cwd) + "/" + invocation; - } - - auto path = getenv("PATH"); - - if ( ! path ) - return ""; - - return find_file(invocation, path); - } - string find_file(const string& filename, const string& path_set, const string& opt_ext) { @@ -1816,7 +1995,7 @@ string find_script_file(const string& filename, const string& path_set) vector paths; tokenize_string(path_set, ":", &paths); - vector ext(script_extensions.begin(), script_extensions.end()); + vector ext(detail::script_extensions.begin(), detail::script_extensions.end()); for ( size_t n = 0; n < paths.size(); ++n ) { @@ -1824,14 +2003,14 @@ string find_script_file(const string& filename, const string& path_set) if ( ! f.empty() ) { - warn_if_legacy_script(f); + detail::warn_if_legacy_script(f); return f; } } if ( ends_with(filename, ".bro") ) { - warn_if_legacy_script(filename); + detail::warn_if_legacy_script(filename); // We were looking for a file explicitly ending in .bro and didn't // find it, so fall back to one ending in .zeek, if it exists. @@ -1842,181 +2021,8 @@ string find_script_file(const string& filename, const string& path_set) return string(); } -FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info) - { - // Build file names. - const int buflen = strlen(name) + 128; - - auto newname_buf = std::make_unique(buflen); - auto tmpname_buf = std::make_unique(buflen + 4); - auto newname = newname_buf.get(); - auto tmpname = tmpname_buf.get(); - - snprintf(newname, buflen, "%s.%d.%.06f.tmp", - name, getpid(), network_time); - newname[buflen-1] = '\0'; - strcpy(tmpname, newname); - strcat(tmpname, ".tmp"); - - // First open the new file using a temporary name. - FILE* newf = fopen(tmpname, "w"); - if ( ! newf ) - { - zeek::reporter->Error("rotate_file: can't open %s: %s", tmpname, strerror(errno)); - return nullptr; - } - - // Then move old file to ".." and make sure - // it really gets created. - struct stat dummy; - if ( link(name, newname) < 0 || stat(newname, &dummy) < 0 ) - { - zeek::reporter->Error("rotate_file: can't move %s to %s: %s", name, newname, strerror(errno)); - fclose(newf); - unlink(newname); - unlink(tmpname); - return nullptr; - } - - // Close current file, and move the tmp to its place. - if ( unlink(name) < 0 || link(tmpname, name) < 0 || unlink(tmpname) < 0 ) - { - zeek::reporter->Error("rotate_file: can't move %s to %s: %s", tmpname, name, strerror(errno)); - exit(1); // hard to fix, but shouldn't happen anyway... - } - - // Init rotate_info. - if ( rotate_info ) - { - rotate_info->Assign(0, name); - rotate_info->Assign(1, newname); - rotate_info->Assign(2, network_time); - rotate_info->Assign(3, network_time); - } - - return newf; - } - -const char* log_file_name(const char* tag) - { - const char* env = zeekenv("ZEEK_LOG_SUFFIX"); - return fmt("%s.%s", tag, (env ? env : "log")); - } - -double parse_rotate_base_time(const char* rotate_base_time) - { - double base = -1; - - if ( rotate_base_time && rotate_base_time[0] != '\0' ) - { - struct tm t; - if ( ! strptime(rotate_base_time, "%H:%M", &t) ) - zeek::reporter->Error("calc_next_rotate(): can't parse rotation base time"); - else - base = t.tm_min * 60 + t.tm_hour * 60 * 60; - } - - return base; - } - -double calc_next_rotate(double current, double interval, double base) - { - if ( ! interval ) - { - zeek::reporter->Error("calc_next_rotate(): interval is zero, falling back to 24hrs"); - interval = 86400; - } - - // Calculate start of day. - time_t teatime = time_t(current); - - struct tm t; - if ( ! localtime_r(&teatime, &t) ) - { - zeek::reporter->Error("calc_next_rotate(): failure processing current time (%.6f)", current); - - // fall back to the method used if no base time is given - base = -1; - } - - if ( base < 0 ) - // No base time given. To get nice timestamps, we round - // the time up to the next multiple of the rotation interval. - return floor(current / interval) * interval - + interval - current; - - t.tm_hour = t.tm_min = t.tm_sec = 0; - double startofday = mktime(&t); - - // current < startofday + base + i * interval <= current + interval - return startofday + base + - ceil((current - startofday - base) / interval) * interval - - current; - } - - RETSIGTYPE sig_handler(int signo); -void terminate_processing() - { - if ( ! terminating ) - raise(SIGTERM); - } - -extern const char* proc_status_file; -void set_processing_status(const char* status, const char* reason) - { - if ( ! proc_status_file ) - return; - - // This function can be called from a signal context, so we have to - // make sure to only call reentrant functions and to restore errno - // afterwards. - - int old_errno = errno; - - int fd = open(proc_status_file, O_CREAT | O_WRONLY | O_TRUNC, 0700); - - if ( fd < 0 ) - { - char buf[256]; - bro_strerror_r(errno, buf, sizeof(buf)); - if ( zeek::reporter ) - zeek::reporter->Error("Failed to open process status file '%s': %s", - proc_status_file, buf); - else - fprintf(stderr, "Failed to open process status file '%s': %s\n", - proc_status_file, buf); - errno = old_errno; - return; - } - - auto write_str = [](int fd, const char* s) - { - int len = strlen(s); - while ( len ) - { - int n = write(fd, s, len); - - if ( n < 0 && errno != EINTR && errno != EAGAIN ) - // Ignore errors, as they're too difficult to - // safely report here. - break; - - s += n; - len -= n; - } - }; - - write_str(fd, status); - write_str(fd, " ["); - write_str(fd, reason); - write_str(fd, "]\n"); - safe_close(fd); - - errno = old_errno; - } - double current_time(bool real) { struct timeval tv; @@ -2025,13 +2031,13 @@ double current_time(bool real) double t = double(tv.tv_sec) + double(tv.tv_usec) / 1e6; - if ( ! pseudo_realtime || real || ! iosource_mgr || ! iosource_mgr->GetPktSrc() ) + if ( ! zeek::run_state::pseudo_realtime || real || ! zeek::iosource_mgr || ! zeek::iosource_mgr->GetPktSrc() ) return t; // This obviously only works for a single source ... - iosource::PktSrc* src = iosource_mgr->GetPktSrc(); + zeek::iosource::PktSrc* src = zeek::iosource_mgr->GetPktSrc(); - if ( net_is_processing_suspended() ) + if ( zeek::run_state::is_processing_suspended() ) return src->CurrentPacketTimestamp(); // We don't scale with pseudo_realtime here as that would give us a @@ -2097,7 +2103,7 @@ uint64_t calculate_unique_id(size_t pool) if ( uid_pool[pool].needs_init ) { // This is the first time we need a UID for this pool. - if ( ! have_random_seed() ) + if ( ! detail::have_random_seed() ) { // If we don't need deterministic output (as // indicated by a set seed), we calculate the @@ -2117,7 +2123,7 @@ uint64_t calculate_unique_id(size_t pool) gettimeofday(&unique.time, 0); unique.pool = (uint64_t) pool; unique.pid = getpid(); - unique.rnd = static_cast(zeek::random_number()); + unique.rnd = static_cast(detail::random_number()); uid_instance = zeek::detail::HashKey::HashBytes(&unique, sizeof(unique)); ++uid_instance; // Now it's larger than zero. @@ -2205,23 +2211,12 @@ void safe_close(int fd) if ( close(fd) < 0 && errno != EINTR ) { char buf[128]; - bro_strerror_r(errno, buf, sizeof(buf)); + zeek_strerror_r(errno, buf, sizeof(buf)); fprintf(stderr, "safe_close error %d: %s\n", errno, buf); abort(); } } -extern "C" void out_of_memory(const char* where) - { - fprintf(stderr, "out of memory in %s.\n", where); - - if ( zeek::reporter ) - // Guess that might fail here if memory is really tight ... - zeek::reporter->FatalError("out of memory in %s.\n", where); - - abort(); - } - void get_memory_usage(uint64_t* total, uint64_t* malloced) { uint64_t ret_total; @@ -2274,7 +2269,7 @@ void* debug_malloc(size_t t) { void* v = malloc(t); if ( malloc_debug ) - printf("%.6f malloc %x %d\n", network_time, v, t); + printf("%.6f malloc %x %d\n", zeek::run_state::network_time, v, t); return v; } @@ -2282,14 +2277,14 @@ void* debug_realloc(void* v, size_t t) { v = realloc(v, t); if ( malloc_debug ) - printf("%.6f realloc %x %d\n", network_time, v, t); + printf("%.6f realloc %x %d\n", zeek::run_state::network_time, v, t); return v; } void debug_free(void* v) { if ( malloc_debug ) - printf("%.6f free %x\n", network_time, v); + printf("%.6f free %x\n", zeek::run_state::network_time, v); free(v); } @@ -2297,7 +2292,7 @@ void* operator new(size_t t) { void* v = malloc(t); if ( malloc_debug ) - printf("%.6f new %x %d\n", network_time, v, t); + printf("%.6f new %x %d\n", zeek::run_state::network_time, v, t); return v; } @@ -2305,21 +2300,21 @@ void* operator new[](size_t t) { void* v = malloc(t); if ( malloc_debug ) - printf("%.6f new[] %x %d\n", network_time, v, t); + printf("%.6f new[] %x %d\n", zeek::run_state::network_time, v, t); return v; } void operator delete(void* v) { if ( malloc_debug ) - printf("%.6f delete %x\n", network_time, v); + printf("%.6f delete %x\n", zeek::run_state::network_time, v); free(v); } void operator delete[](void* v) { if ( malloc_debug ) - printf("%.6f delete %x\n", network_time, v); + printf("%.6f delete %x\n", zeek::run_state::network_time, v); free(v); } @@ -2358,9 +2353,9 @@ static void strerror_r_helper(char* result, char* buf, size_t buflen) static void strerror_r_helper(int result, char* buf, size_t buflen) { /* XSI flavor of strerror_r, no-op. */ } -void bro_strerror_r(int bro_errno, char* buf, size_t buflen) +void zeek_strerror_r(int zeek_errno, char* buf, size_t buflen) { - auto res = strerror_r(bro_errno, buf, buflen); + auto res = strerror_r(zeek_errno, buf, buflen); // GNU vs. XSI flavors make it harder to use strerror_r. strerror_r_helper(res, buf, buflen); } @@ -2532,17 +2527,96 @@ string json_escape_utf8(const string& val) return result; } -void zeek::set_thread_name(const char* name, pthread_t tid) +} // namespace zeek::util + +// Remove in v4.1. +double& network_time = zeek::run_state::network_time; + +unsigned int bro_prng(unsigned int state) + { return zeek::util::detail::prng(state); } + +long int bro_random() + { return zeek::util::detail::random_number(); } + +void bro_srandom(unsigned int seed) + { zeek::util::detail::seed_random(seed); } + +zeek::ODesc* get_escaped_string(zeek::ODesc* d, const char* str, size_t len, bool escape_all) + { return zeek::util::get_escaped_string(d, str, len, escape_all); } +std::string get_escaped_string(const char* str, size_t len, bool escape_all) + { return zeek::util::get_escaped_string(str, len, escape_all); } +std::string get_escaped_string(const std::string& str, bool escape_all) + { return zeek::util::get_escaped_string(str, escape_all); } + +std::vector* tokenize_string(std::string_view input, + std::string_view delim, + std::vector* rval, int limit) + { return zeek::util::tokenize_string(input, delim, rval, limit); } +std::vector tokenize_string(std::string_view input, const char delim) noexcept + { return zeek::util::tokenize_string(input, delim); } + +char* skip_whitespace(char* s) + { return zeek::util::skip_whitespace(s); } +const char* skip_whitespace(const char* s) + { return zeek::util::skip_whitespace(s); } +char* skip_whitespace(char* s, char* end_of_s) + { return zeek::util::skip_whitespace(s, end_of_s); } +const char* skip_whitespace(const char* s, const char* end_of_s) + { return zeek::util::skip_whitespace(s, end_of_s); } + +char* get_word(char*& s) + { return zeek::util::get_word(s); } +void get_word(int length, const char* s, int& pwlen, const char*& pw) + { zeek::util::get_word(length, s, pwlen, pw); } +void to_upper(char* s) + { zeek::util::to_upper(s); } +std::string to_upper(const std::string& s) + { return zeek::util::to_upper(s); } + +char* uitoa_n(uint64_t value, char* str, int n, int base, const char* prefix) + { return zeek::util::uitoa_n(value, str, n, base, prefix); } +int fputs(int len, const char* s, FILE* fp) + { return zeek::util::fputs(len, s, fp); } + +std::string implode_string_vector(const std::vector& v, + const std::string& delim) + { return zeek::util::implode_string_vector(v, delim); } +std::string flatten_script_name(const std::string& name, + const std::string& prefix) + { return zeek::util::detail::flatten_script_name(name, prefix); } + +std::string find_file(const std::string& filename, const std::string& path_set, + const std::string& opt_ext) + { return zeek::util::find_file(filename, path_set, opt_ext); } +FILE* open_file(const std::string& path, const std::string& mode) + { return zeek::util::open_file(path, mode); } +FILE* open_package(std::string& path, const std::string& mode) + { return zeek::util::detail::open_package(path, mode); } + +double current_time(bool real) + { return zeek::util::current_time(real); } + +uint64_t calculate_unique_id() + { return zeek::util::calculate_unique_id(); } +uint64_t calculate_unique_id(const size_t pool) + { return zeek::util::calculate_unique_id(pool); } + +const array& script_extensions = zeek::util::detail::script_extensions; + +namespace zeek { + +void set_thread_name(const char* name, pthread_t tid) + { zeek::util::detail::set_thread_name(name, tid); } + +} // namespace zeek + +extern "C" void out_of_memory(const char* where) { -#ifdef HAVE_LINUX - prctl(PR_SET_NAME, name, 0, 0, 0); -#endif + fprintf(stderr, "out of memory in %s.\n", where); -#ifdef __APPLE__ - pthread_setname_np(name); -#endif + if ( zeek::reporter ) + // Guess that might fail here if memory is really tight ... + zeek::reporter->FatalError("out of memory in %s.\n", where); -#ifdef __FreeBSD__ - pthread_set_name_np(tid, name); -#endif + abort(); } diff --git a/src/util.h b/src/util.h index 5d18591ef0..470b144241 100644 --- a/src/util.h +++ b/src/util.h @@ -50,7 +50,6 @@ extern HeapLeakChecker* heap_checker; #endif -#include #include #ifdef HAVE_LINUX @@ -79,23 +78,16 @@ typedef int16_t int16; [[deprecated("Remove in v4.1. Use int8_t instead.")]] typedef int8_t int8; -typedef int64_t bro_int_t; -typedef uint64_t bro_uint_t; - // "ptr_compat_uint" and "ptr_compat_int" are (un)signed integers of // pointer size. They can be cast safely to a pointer, e.g. in Lists, // which represent their entities as void* pointers. // #if SIZEOF_VOID_P == 8 -typedef uint64_t ptr_compat_uint; -typedef int64_t ptr_compat_int; -#define PRI_PTR_COMPAT_INT PRId64 // Format to use with printf. -#define PRI_PTR_COMPAT_UINT PRIu64 +typedef uint64_t ptr_compat_uint [[deprecated("Remove in v4.1. Use std::uintptr_t.")]]; +typedef int64_t ptr_compat_int [[deprecated("Remove in v4.1. Use std::intptr_t.")]]; #elif SIZEOF_VOID_P == 4 -typedef uint32_t ptr_compat_uint; -typedef int32_t ptr_compat_int; -#define PRI_PTR_COMPAT_INT PRId32 -#define PRI_PTR_COMPAT_UINT PRIu32 +typedef uint32_t ptr_compat_uint [[deprecated("Remove in v4.1. Use std::uintptr_t")]]; +typedef int32_t ptr_compat_int [[deprecated("Remove in v4.1. Use std::intptr_t")]]; #else # error "Unsupported pointer size." #endif @@ -105,419 +97,21 @@ extern "C" #include "modp_numtoa.h" } -template -void delete_each(T* t) - { - typedef typename T::iterator iterator; - for ( iterator it = t->begin(); it != t->end(); ++it ) - delete *it; - } - -std::string extract_ip(const std::string& i); -std::string extract_ip_and_len(const std::string& i, int* len); - -inline void bytetohex(unsigned char byte, char* hex_out) - { - static constexpr char hex_chars[] = "0123456789abcdef"; - hex_out[0] = hex_chars[(byte & 0xf0) >> 4]; - hex_out[1] = hex_chars[byte & 0x0f]; - } - -std::string get_unescaped_string(const std::string& str); +using bro_int_t = int64_t; +using bro_uint_t = uint64_t; ZEEK_FORWARD_DECLARE_NAMESPACED(ODesc, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); -zeek::ODesc* get_escaped_string(zeek::ODesc* d, const char* str, size_t len, - bool escape_all); -std::string get_escaped_string(const char* str, size_t len, bool escape_all); - -inline std::string get_escaped_string(const std::string& str, bool escape_all) - { - return get_escaped_string(str.data(), str.length(), escape_all); - } - -std::vector* tokenize_string(std::string_view input, - std::string_view delim, - std::vector* rval = nullptr, int limit = 0); - -std::vector tokenize_string(std::string_view input, const char delim) noexcept; - -extern char* copy_string(const char* s); -extern int streq(const char* s1, const char* s2); - -// Returns the character corresponding to the given escape sequence (s points -// just past the '\'), and updates s to point just beyond the last character -// of the sequence. -extern int expand_escape(const char*& s); - -extern char* skip_whitespace(char* s); -extern const char* skip_whitespace(const char* s); -extern char* skip_whitespace(char* s, char* end_of_s); -extern const char* skip_whitespace(const char* s, const char* end_of_s); -extern char* skip_digits(char* s); -extern char* get_word(char*& s); -extern void get_word(int length, const char* s, int& pwlen, const char*& pw); -extern void to_upper(char* s); -extern std::string to_upper(const std::string& s); -extern int decode_hex(char ch); -extern unsigned char encode_hex(int h); #ifndef HAVE_STRCASESTR extern char* strcasestr(const char* s, const char* find); #endif -extern const char* strpbrk_n(size_t len, const char* s, const char* charset); -template int atoi_n(int len, const char* s, const char** end, int base, T& result); -extern char* uitoa_n(uint64_t value, char* str, int n, int base, const char* prefix=nullptr); -int strstr_n(const int big_len, const unsigned char* big, - const int little_len, const unsigned char* little); -extern int fputs(int len, const char* s, FILE* fp); -extern bool is_printable(const char* s, int len); - -// Return a lower-cased version of the string. -extern std::string strtolower(const std::string& s); - -extern const char* fmt_bytes(const char* data, int len); - -// Note: returns a pointer into a shared buffer. -extern const char* vfmt(const char* format, va_list args); -// Note: returns a pointer into a shared buffer. -extern const char* fmt(const char* format, ...) - __attribute__((format (printf, 1, 2))); -extern const char* fmt_access_time(double time); - -extern bool ensure_intermediate_dirs(const char* dirname); -extern bool ensure_dir(const char *dirname); - -// Returns true if path exists and is a directory. -bool is_dir(const std::string& path); - -// Returns true if path exists and is a file. -bool is_file(const std::string& path); - -// Replaces all occurences of *o* in *s* with *n*. -extern std::string strreplace(const std::string& s, const std::string& o, const std::string& n); - -// Remove all leading and trailing white space from string. -extern std::string strstrip(std::string s); - -extern void hmac_md5(size_t size, const unsigned char* bytes, - unsigned char digest[16]); - -// Initializes RNGs for zeek::random_number() and MD5 usage. If load_file is given, -// the seeds (both random & MD5) are loaded from that file. This takes -// precedence over the "use_empty_seeds" argument, which just -// zero-initializes all seed values. If write_file is given, the seeds are -// written to that file. -extern void init_random_seed(const char* load_file, const char* write_file, - bool use_empty_seeds); - -// Retrieves the initial seed computed after the very first call to -// init_random_seed(). Repeated calls to init_random_seed() will not affect -// the return value of this function. -unsigned int initial_seed(); - -// Returns true if the user explicitly set a seed via init_random_seed(); -extern bool have_random_seed(); - -// A simple linear congruence PRNG. It takes its state as argument and -// returns a new random value, which can serve as state for subsequent calls. -[[deprecated("Remove in v4.1. Use zeek::prng()")]] -unsigned int bro_prng(unsigned int state); - -// Replacement for the system random(), to which is normally falls back -// except when a seed has been given. In that case, the function bro_prng. -[[deprecated("Remove in v4.1. Use zeek::random_number()")]] -long int bro_random(); - -// Calls the system srandom() function with the given seed if not running -// in deterministic mode, else it updates the state of the deterministic PRNG. -[[deprecated("Remove in v4.1. Use zeek::seed_random()")]] -void bro_srandom(unsigned int seed); - -extern uint64_t rand64bit(); - -// Each event source that may generate events gets an internally unique ID. -// This is always LOCAL for a local Bro. For remote event sources, it gets -// assigned by the RemoteSerializer. -// -// FIXME: Find a nicer place for this type definition. -// Unfortunately, it introduces circular dependencies when defined in one of -// the obvious places (like Event.h or RemoteSerializer.h) - -typedef ptr_compat_uint SourceID; -#define PRI_SOURCE_ID PRI_PTR_COMPAT_UINT -static const SourceID SOURCE_LOCAL = 0; - -// TODO: This is a temporary marker to flag events coming in via Broker. -// Those are remote events but we don't have any further peer informationa -// available for them (as the old communication code would have). Once we -// remove RemoteSerializer, we can turn the SourceID into a simple boolean -// indicating whether it's a local or remote event. -static const SourceID SOURCE_BROKER = 0xffffffff; - -extern void pinpoint(); -extern int int_list_cmp(const void* v1, const void* v2); - -extern const std::string& bro_path(); -extern const char* bro_magic_path(); -extern const char* bro_plugin_path(); -extern const char* bro_plugin_activate(); -extern std::string bro_prefixes(); - -extern const std::array script_extensions; - -/** Prints a warning if the filename ends in .bro. */ -void warn_if_legacy_script(std::string_view filename); - -bool is_package_loader(const std::string& path); - -extern void add_to_bro_path(const std::string& dir); - - -/** - * Wrapper class for functions like dirname(3) or basename(3) that won't - * modify the path argument and may optionally abort execution on error. - */ -class SafePathOp { -public: - - std::string result; - bool error; - -protected: - - SafePathOp() - : result(), error() - { } - - void CheckValid(const char* result, const char* path, bool error_aborts); - -}; - -class SafeDirname : public SafePathOp { -public: - - explicit SafeDirname(const char* path, bool error_aborts = true); - explicit SafeDirname(const std::string& path, bool error_aborts = true); - -private: - - void DoFunc(const std::string& path, bool error_aborts = true); -}; - -class SafeBasename : public SafePathOp { -public: - - explicit SafeBasename(const char* path, bool error_aborts = true); - explicit SafeBasename(const std::string& path, bool error_aborts = true); - -private: - - void DoFunc(const std::string& path, bool error_aborts = true); -}; - -std::string implode_string_vector(const std::vector& v, - const std::string& delim = "\n"); - -/** - * Flatten a script name by replacing '/' path separators with '.'. - * @param file A path to a Bro script. If it is a __load__.zeek, that part - * is discarded when constructing the flattened the name. - * @param prefix A string to prepend to the flattened script name. - * @return The flattened script name. - */ -std::string flatten_script_name(const std::string& name, - const std::string& prefix = ""); - -/** - * Return a canonical/shortened path string by removing superfluous elements - * (path delimiters, dots referring to CWD or parent dir). - * @param path A filesystem path. - * @return A canonical/shortened version of \a path. - */ -std::string normalize_path(std::string_view path); - -/** - * Strip the ZEEKPATH component from a path. - * @param path A file/directory path that may be within a ZEEKPATH component. - * @return *path* minus the common ZEEKPATH component (if any) removed. - */ -std::string without_bropath_component(std::string_view path); - -/** - * Gets the full path used to invoke some executable. - * @param invocation any possible string that may be seen in argv[0], such as - * absolute path, relative path, or name to lookup in PATH. - * @return the absolute path to the executable file - */ -std::string get_exe_path(const std::string& invocation); - -/** - * Locate a file within a given search path. - * @param filename Name of a file to find. - * @param path_set Colon-delimited set of paths to search for the file. - * @param opt_ext A filename extension/suffix to allow. - * @return Path to the found file, or an empty string if not found. - */ -std::string find_file(const std::string& filename, const std::string& path_set, - const std::string& opt_ext = ""); - -/** - * Locate a script file within a given search path. - * @param filename Name of a file to find. - * @param path_set Colon-delimited set of paths to search for the file. - * @return Path to the found file, or an empty string if not found. - */ -std::string find_script_file(const std::string& filename, const std::string& path_set); - -// Wrapper around fopen(3). Emits an error when failing to open. -FILE* open_file(const std::string& path, const std::string& mode = "r"); - -/** Opens a Bro script package. - * @param path Location of a Bro script package (a directory). Will be changed - * to the path of the package's loader script. - * @param mode An fopen(3) mode. - * @return The return value of fopen(3) on the loader script or null if one - * doesn't exist. - */ -FILE* open_package(std::string& path, const std::string& mode = "r"); - -// Renames the given file to a new temporary name, and opens a new file with -// the original name. Returns new file or NULL on error. Inits rotate_info if -// given (open time is set network time). -ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); -extern FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info); - -// This mimics the script-level function with the same name. -const char* log_file_name(const char* tag); - -// Parse a time string of the form "HH:MM" (as used for the rotation base -// time) into a double representing the number of seconds. Returns -1 if the -// string cannot be parsed. The function's result is intended to be used with -// calc_next_rotate(). -// -// This function is not thread-safe. -double parse_rotate_base_time(const char* rotate_base_time); - -// Calculate the duration until the next time a file is to be rotated, based -// on the given rotate_interval and rotate_base_time. 'current' the the -// current time to be used as base, 'rotate_interval' the rotation interval, -// and 'base' the value returned by parse_rotate_base_time(). For the latter, -// if the function returned -1, that's fine, calc_next_rotate() handles that. -// -// This function is thread-safe. -double calc_next_rotate(double current, double rotate_interval, double base); - -// Terminates processing gracefully, similar to pressing CTRL-C. -void terminate_processing(); - -// Sets the current status of the Bro process to the given string. -// If the option --status-file has been set, this is written into -// the the corresponding file. Otherwise, the function is a no-op. -void set_processing_status(const char* status, const char* reason); // Current timestamp, from a networking perspective, not a wall-clock // perspective. In particular, if we're reading from a savefile this // is the time of the most recent packet, not the time returned by // gettimeofday(). -extern double network_time; - -// Returns the current time. -// (In pseudo-realtime mode this is faked to be the start time of the -// trace plus the time interval Bro has been running. To avoid this, -// call with real=true). -extern double current_time(bool real=false); - -// Convert a time represented as a double to a timeval struct. -extern struct timeval double_to_timeval(double t); - -// Return > 0 if tv_a > tv_b, 0 if equal, < 0 if tv_a < tv_b. -extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); - -// Returns an integer that's very likely to be unique, even across Bro -// instances. The integer can be drawn from different pools, which is helpful -// when the random number generator is seeded to be deterministic. In that -// case, the same sequence of integers is generated per pool. -#define UID_POOL_DEFAULT_INTERNAL 1 -#define UID_POOL_DEFAULT_SCRIPT 2 -#define UID_POOL_CUSTOM_SCRIPT 10 // First available custom script level pool. -extern uint64_t calculate_unique_id(); -extern uint64_t calculate_unique_id(const size_t pool); - -// For now, don't use hash_maps - they're not fully portable. -#if 0 -// Use for hash_map's string keys. -struct eqstr { - bool operator()(const char* s1, const char* s2) const - { - return strcmp(s1, s2) == 0; - } -}; -#endif - -// Use for map's string keys. -struct ltstr { - bool operator()(const char* s1, const char* s2) const - { - return strcmp(s1, s2) < 0; - } -}; - -// Versions of realloc/malloc which abort() on out of memory - -inline size_t pad_size(size_t size) - { - // We emulate glibc here (values measured on Linux i386). - // FIXME: We should better copy the portable value definitions from glibc. - if ( size == 0 ) - return 0; // glibc allocated 16 bytes anyway. - - const int pad = 8; - if ( size < 12 ) - return 2 * pad; - - return ((size+3) / pad + 1) * pad; - } - -#define padded_sizeof(x) (pad_size(sizeof(x))) - -// Like write() but handles interrupted system calls by restarting. Returns -// true if the write was successful, otherwise sets errno. This function is -// thread-safe as long as no two threads write to the same descriptor. -extern bool safe_write(int fd, const char* data, int len); - -// Same as safe_write(), but for pwrite(). -extern bool safe_pwrite(int fd, const unsigned char* data, size_t len, - size_t offset); - -// Wraps close(2) to emit error messages and abort on unrecoverable errors. -extern void safe_close(int fd); - -extern "C" void out_of_memory(const char* where); - -inline void* safe_realloc(void* ptr, size_t size) - { - ptr = realloc(ptr, size); - if ( size && ! ptr ) - out_of_memory("realloc"); - - return ptr; - } - -inline void* safe_malloc(size_t size) - { - void* ptr = malloc(size); - if ( ! ptr ) - out_of_memory("malloc"); - - return ptr; - } - -inline char* safe_strncpy(char* dest, const char* src, size_t n) - { - char* result = strncpy(dest, src, n-1); - dest[n-1] = '\0'; - return result; - } +extern double& network_time [[deprecated("Remove in v4.1. Use zeek::run_state::network_time.")]]; [[deprecated("Remove in v4.1: Use system snprintf instead")]] inline int safe_snprintf(char* str, size_t size, const char* format, ...) @@ -539,57 +133,45 @@ inline int safe_vsnprintf(char* str, size_t size, const char* format, va_list al return result; } -// Returns total memory allocations and (if available) amount actually -// handed out by malloc. -extern void get_memory_usage(uint64_t* total, uint64_t* malloced); +// This is used by the patricia code and so it remains outside of hte namespace. +extern "C" void out_of_memory(const char* where); -// Class to be used as a third argument for STL maps to be able to use -// char*'s as keys. Otherwise the pointer values will be compared instead of -// the actual string values. -struct CompareString - { - bool operator()(char const *a, char const *b) const - { - return strcmp(a, b) < 0; - } - }; +namespace zeek::util { +namespace detail { -/** - * Canonicalizes a name by converting it to uppercase letters and replacing - * all non-alphanumeric characters with an underscore. - * @param name The string to canonicalize. - * @return The canonicalized version of \a name which caller may later delete[]. - */ -std::string canonify_name(const std::string& name); +std::string extract_ip(const std::string& i); +std::string extract_ip_and_len(const std::string& i, int* len); -/** - * Reentrant version of strerror(). Takes care of the difference between the - * XSI-compliant and the GNU-specific version of strerror_r(). - */ -void bro_strerror_r(int bro_errno, char* buf, size_t buflen); +// Returns the character corresponding to the given escape sequence (s points +// just past the '\'), and updates s to point just beyond the last character +// of the sequence. +extern int expand_escape(const char*& s); -/** - * A wrapper function for getenv(). Helps check for existence of - * legacy environment variable names that map to the latest \a name. - */ -char* zeekenv(const char* name); +extern const char* fmt_access_time(double time); -/** - * Escapes bytes in a string that are not valid UTF8 characters with \xYY format. Used - * by the JSON writer and BIF methods. - * @param val the input string to be escaped - * @return the escaped string - */ -std::string json_escape_utf8(const std::string& val); +extern bool ensure_intermediate_dirs(const char* dirname); +extern bool ensure_dir(const char *dirname); -namespace zeek { -/** - * Set the process/thread name. May not be supported on all OSs. - * @param name new name for the process/thread. OS limitations typically - * truncate the name to 15 bytes maximum. - * @param tid handle of thread whose name shall change - */ -void set_thread_name(const char* name, pthread_t tid = pthread_self()); +extern void hmac_md5(size_t size, const unsigned char* bytes, + unsigned char digest[16]); + +// Initializes RNGs for zeek::random_number() and MD5 usage. If load_file is given, +// the seeds (both random & MD5) are loaded from that file. This takes +// precedence over the "use_empty_seeds" argument, which just +// zero-initializes all seed values. If write_file is given, the seeds are +// written to that file. +extern void init_random_seed(const char* load_file, const char* write_file, + bool use_empty_seeds); + +// Retrieves the initial seed computed after the very first call to +// init_random_seed(). Repeated calls to init_random_seed() will not affect +// the return value of this function. +unsigned int initial_seed(); + +// Returns true if the user explicitly set a seed via init_random_seed(); +extern bool have_random_seed(); + +extern uint64_t rand64bit(); /** * A platform-independent PRNG implementation. Note that this is not @@ -623,4 +205,576 @@ long int max_random(); */ void seed_random(unsigned int seed); +/** + * Set the process/thread name. May not be supported on all OSs. + * @param name new name for the process/thread. OS limitations typically + * truncate the name to 15 bytes maximum. + * @param tid handle of thread whose name shall change + */ +void set_thread_name(const char* name, pthread_t tid = pthread_self()); + +// Each event source that may generate events gets an internally unique ID. +// This is always LOCAL for a local Bro. For remote event sources, it gets +// assigned by the RemoteSerializer. +// +// FIXME: Find a nicer place for this type definition. +// Unfortunately, it introduces circular dependencies when defined in one of +// the obvious places (like Event.h or RemoteSerializer.h) + +using SourceID = std::uintptr_t; +constexpr SourceID SOURCE_LOCAL = 0; + +// TODO: This is a temporary marker to flag events coming in via Broker. +// Those are remote events but we don't have any further peer informationa +// available for them (as the old communication code would have). Once we +// remove RemoteSerializer, we can turn the SourceID into a simple boolean +// indicating whether it's a local or remote event. +constexpr SourceID SOURCE_BROKER = 0xffffffff; + +extern const std::array script_extensions; + +/** Prints a warning if the filename ends in .bro. */ +void warn_if_legacy_script(std::string_view filename); + +bool is_package_loader(const std::string& path); + +extern void add_to_zeek_path(const std::string& dir); + +/** + * Wrapper class for functions like dirname(3) or basename(3) that won't + * modify the path argument and may optionally abort execution on error. + */ +class SafePathOp { +public: + + std::string result; + bool error; + +protected: + + SafePathOp() + : result(), error() + { } + + void CheckValid(const char* result, const char* path, bool error_aborts); + +}; + +/** + * Flatten a script name by replacing '/' path separators with '.'. + * @param file A path to a Zeek script. If it is a __load__.zeek, that part + * is discarded when constructing the flattened the name. + * @param prefix A string to prepend to the flattened script name. + * @return The flattened script name. + */ +std::string flatten_script_name(const std::string& name, + const std::string& prefix = ""); + +/** + * Return a canonical/shortened path string by removing superfluous elements + * (path delimiters, dots referring to CWD or parent dir). + * @param path A filesystem path. + * @return A canonical/shortened version of \a path. + */ +std::string normalize_path(std::string_view path); + +/** + * Strip the ZEEKPATH component from a path. + * @param path A file/directory path that may be within a ZEEKPATH component. + * @return *path* minus the common ZEEKPATH component (if any) removed. + */ +std::string without_zeekpath_component(std::string_view path); + +/** + * Gets the full path used to invoke some executable. + * @param invocation any possible string that may be seen in argv[0], such as + * absolute path, relative path, or name to lookup in PATH. + * @return the absolute path to the executable file + */ +std::string get_exe_path(const std::string& invocation); + +/** Opens a Zeek script package. + * @param path Location of a Zeek script package (a directory). Will be changed + * to the path of the package's loader script. + * @param mode An fopen(3) mode. + * @return The return value of fopen(3) on the loader script or null if one + * doesn't exist. + */ +FILE* open_package(std::string& path, const std::string& mode = "r"); + +// This mimics the script-level function with the same name. +const char* log_file_name(const char* tag); + +// Terminates processing gracefully, similar to pressing CTRL-C. +void terminate_processing(); + +// Sets the current status of the Zeek process to the given string. +// If the option --status-file has been set, this is written into +// the the corresponding file. Otherwise, the function is a no-op. +void set_processing_status(const char* status, const char* reason); + +// Renames the given file to a new temporary name, and opens a new file with +// the original name. Returns new file or NULL on error. Inits rotate_info if +// given (open time is set network time). +extern FILE* rotate_file(const char* name, zeek::RecordVal* rotate_info); + +// Parse a time string of the form "HH:MM" (as used for the rotation base +// time) into a double representing the number of seconds. Returns -1 if the +// string cannot be parsed. The function's result is intended to be used with +// calc_next_rotate(). +// +// This function is not thread-safe. +double parse_rotate_base_time(const char* rotate_base_time); + +// Calculate the duration until the next time a file is to be rotated, based +// on the given rotate_interval and rotate_base_time. 'current' the the +// current time to be used as base, 'rotate_interval' the rotation interval, +// and 'base' the value returned by parse_rotate_base_time(). For the latter, +// if the function returned -1, that's fine, calc_next_rotate() handles that. +// +// This function is thread-safe. +double calc_next_rotate(double current, double rotate_interval, double base); + +} // namespace detail + +template +void delete_each(T* t) + { + typedef typename T::iterator iterator; + for ( iterator it = t->begin(); it != t->end(); ++it ) + delete *it; + } + +inline void bytetohex(unsigned char byte, char* hex_out) + { + static constexpr char hex_chars[] = "0123456789abcdef"; + hex_out[0] = hex_chars[(byte & 0xf0) >> 4]; + hex_out[1] = hex_chars[byte & 0x0f]; + } + +std::string get_unescaped_string(const std::string& str); + +zeek::ODesc* get_escaped_string(zeek::ODesc* d, const char* str, size_t len, + bool escape_all); +std::string get_escaped_string(const char* str, size_t len, bool escape_all); + +inline std::string get_escaped_string(const std::string& str, bool escape_all) + { + return get_escaped_string(str.data(), str.length(), escape_all); + } + +std::vector* tokenize_string(std::string_view input, + std::string_view delim, + std::vector* rval = nullptr, int limit = 0); + +std::vector tokenize_string(std::string_view input, const char delim) noexcept; + +extern char* copy_string(const char* s); +extern int streq(const char* s1, const char* s2); + +extern char* skip_whitespace(char* s); +extern const char* skip_whitespace(const char* s); +extern char* skip_whitespace(char* s, char* end_of_s); +extern const char* skip_whitespace(const char* s, const char* end_of_s); +extern char* skip_digits(char* s); +extern char* get_word(char*& s); +extern void get_word(int length, const char* s, int& pwlen, const char*& pw); +extern void to_upper(char* s); +extern std::string to_upper(const std::string& s); +extern int decode_hex(char ch); +extern unsigned char encode_hex(int h); +template int atoi_n(int len, const char* s, const char** end, int base, T& result); +extern char* uitoa_n(uint64_t value, char* str, int n, int base, const char* prefix=nullptr); +extern const char* strpbrk_n(size_t len, const char* s, const char* charset); +int strstr_n(const int big_len, const unsigned char* big, + const int little_len, const unsigned char* little); + +// Replaces all occurences of *o* in *s* with *n*. +extern std::string strreplace(const std::string& s, const std::string& o, const std::string& n); + +// Remove all leading and trailing white space from string. +extern std::string strstrip(std::string s); + +// Return a lower-cased version of the string. +extern std::string strtolower(const std::string& s); + +extern int fputs(int len, const char* s, FILE* fp); +extern bool is_printable(const char* s, int len); + +extern const char* fmt_bytes(const char* data, int len); + +// Note: returns a pointer into a shared buffer. +extern const char* vfmt(const char* format, va_list args); +// Note: returns a pointer into a shared buffer. +extern const char* fmt(const char* format, ...) + __attribute__((format (printf, 1, 2))); + +// Returns true if path exists and is a directory. +bool is_dir(const std::string& path); + +// Returns true if path exists and is a file. +bool is_file(const std::string& path); + +extern int int_list_cmp(const void* v1, const void* v2); + +extern const std::string& zeek_path(); +extern const char* zeek_plugin_path(); +extern const char* zeek_plugin_activate(); +extern std::string zeek_prefixes(); + +class SafeDirname : public detail::SafePathOp { +public: + + explicit SafeDirname(const char* path, bool error_aborts = true); + explicit SafeDirname(const std::string& path, bool error_aborts = true); + +private: + + void DoFunc(const std::string& path, bool error_aborts = true); +}; + +class SafeBasename : public detail::SafePathOp { +public: + + explicit SafeBasename(const char* path, bool error_aborts = true); + explicit SafeBasename(const std::string& path, bool error_aborts = true); + +private: + + void DoFunc(const std::string& path, bool error_aborts = true); +}; + +std::string implode_string_vector(const std::vector& v, + const std::string& delim = "\n"); + +/** + * Locate a file within a given search path. + * @param filename Name of a file to find. + * @param path_set Colon-delimited set of paths to search for the file. + * @param opt_ext A filename extension/suffix to allow. + * @return Path to the found file, or an empty string if not found. + */ +std::string find_file(const std::string& filename, const std::string& path_set, + const std::string& opt_ext = ""); + +/** + * Locate a script file within a given search path. + * @param filename Name of a file to find. + * @param path_set Colon-delimited set of paths to search for the file. + * @return Path to the found file, or an empty string if not found. + */ +std::string find_script_file(const std::string& filename, const std::string& path_set); + +// Wrapper around fopen(3). Emits an error when failing to open. +FILE* open_file(const std::string& path, const std::string& mode = "r"); + +// Returns the current time. +// (In pseudo-realtime mode this is faked to be the start time of the +// trace plus the time interval Zeek has been running. To avoid this, +// call with real=true). +extern double current_time(bool real=false); + +// Convert a time represented as a double to a timeval struct. +extern struct timeval double_to_timeval(double t); + +// Return > 0 if tv_a > tv_b, 0 if equal, < 0 if tv_a < tv_b. +extern int time_compare(struct timeval* tv_a, struct timeval* tv_b); + +// Returns an integer that's very likely to be unique, even across Zeek +// instances. The integer can be drawn from different pools, which is helpful +// when the random number generator is seeded to be deterministic. In that +// case, the same sequence of integers is generated per pool. +#define UID_POOL_DEFAULT_INTERNAL 1 +#define UID_POOL_DEFAULT_SCRIPT 2 +#define UID_POOL_CUSTOM_SCRIPT 10 // First available custom script level pool. +extern uint64_t calculate_unique_id(); +extern uint64_t calculate_unique_id(const size_t pool); + +// Use for map's string keys. +struct ltstr { + bool operator()(const char* s1, const char* s2) const + { + return strcmp(s1, s2) < 0; + } +}; + +constexpr size_t pad_size(size_t size) + { + // We emulate glibc here (values measured on Linux i386). + // FIXME: We should better copy the portable value definitions from glibc. + if ( size == 0 ) + return 0; // glibc allocated 16 bytes anyway. + + const int pad = 8; + if ( size < 12 ) + return 2 * pad; + + return ((size+3) / pad + 1) * pad; + } + +#define padded_sizeof(x) (zeek::util::pad_size(sizeof(x))) + +// Like write() but handles interrupted system calls by restarting. Returns +// true if the write was successful, otherwise sets errno. This function is +// thread-safe as long as no two threads write to the same descriptor. +extern bool safe_write(int fd, const char* data, int len); + +// Same as safe_write(), but for pwrite(). +extern bool safe_pwrite(int fd, const unsigned char* data, size_t len, + size_t offset); + +// Wraps close(2) to emit error messages and abort on unrecoverable errors. +extern void safe_close(int fd); + +// Versions of realloc/malloc which abort() on out of memory + +// Versions of realloc/malloc which abort() on out of memory + +inline void* safe_realloc(void* ptr, size_t size) + { + ptr = realloc(ptr, size); + if ( size && ! ptr ) + out_of_memory("realloc"); + + return ptr; + } + +inline void* safe_malloc(size_t size) + { + void* ptr = malloc(size); + if ( ! ptr ) + out_of_memory("malloc"); + + return ptr; + } + +inline char* safe_strncpy(char* dest, const char* src, size_t n) + { + char* result = strncpy(dest, src, n-1); + dest[n-1] = '\0'; + return result; + } + +// Returns total memory allocations and (if available) amount actually +// handed out by malloc. +extern void get_memory_usage(uint64_t* total, uint64_t* malloced); + +// Class to be used as a third argument for STL maps to be able to use +// char*'s as keys. Otherwise the pointer values will be compared instead of +// the actual string values. +struct CompareString + { + bool operator()(char const *a, char const *b) const + { + return strcmp(a, b) < 0; + } + }; + +/** + * Canonicalizes a name by converting it to uppercase letters and replacing + * all non-alphanumeric characters with an underscore. + * @param name The string to canonicalize. + * @return The canonicalized version of \a name which caller may later delete[]. + */ +std::string canonify_name(const std::string& name); + +/** + * Reentrant version of strerror(). Takes care of the difference between the + * XSI-compliant and the GNU-specific version of strerror_r(). + */ +void zeek_strerror_r(int zeek_errno, char* buf, size_t buflen); + +/** + * A wrapper function for getenv(). Helps check for existence of + * legacy environment variable names that map to the latest \a name. + */ +char* zeekenv(const char* name); + +/** + * Escapes bytes in a string that are not valid UTF8 characters with \xYY format. Used + * by the JSON writer and BIF methods. + * @param val the input string to be escaped + * @return the escaped string + */ +std::string json_escape_utf8(const std::string& val); + +} // namespace zeek::util + +// A simple linear congruence PRNG. It takes its state as argument and +// returns a new random value, which can serve as state for subsequent calls. +[[deprecated("Remove in v4.1. Use zeek::util::prng()")]] +unsigned int bro_prng(unsigned int state); + +// Replacement for the system random(), to which is normally falls back +// except when a seed has been given. In that case, the function bro_prng. +[[deprecated("Remove in v4.1. Use zeek::util::random_number()")]] +long int bro_random(); + +// Calls the system srandom() function with the given seed if not running +// in deterministic mode, else it updates the state of the deterministic PRNG. +[[deprecated("Remove in v4.1. Use zeek::util::seed_random()")]] +void bro_srandom(unsigned int seed); + +template +[[ deprecated("Remove in v4.1. Use zeek::util::delete_each.")]] +void delete_each(T* t) { zeek::util::delete_each(t); } + +constexpr auto extract_ip [[deprecated("Remove in v4.1. Use zeek::util::detail::extract_ip.")]] = zeek::util::detail::extract_ip; +constexpr auto extract_ip_and_len [[deprecated("Remove in v4.1. Use zeek::util::detail::extract_ip_and_len.")]] = zeek::util::detail::extract_ip_and_len; +constexpr auto bytetohex [[deprecated("Remove in v4.1. Use zeek::util::bytetohex.")]] = zeek::util::bytetohex; +constexpr auto get_unescaped_string [[deprecated("Remove in v4.1. Use zeek::util::get_unescaped_string.")]] = zeek::util::get_unescaped_string; + +[[deprecated("Remove in v4.1. Use zeek::util::get_escaped_string.")]] +extern zeek::ODesc* get_escaped_string(zeek::ODesc* d, const char* str, size_t len, bool escape_all); +[[deprecated("Remove in v4.1. Use zeek::util::get_escaped_string.")]] +extern std::string get_escaped_string(const char* str, size_t len, bool escape_all); +[[deprecated("Remove in v4.1. Use zeek::util::get_escaped_string.")]] +extern std::string get_escaped_string(const std::string& str, bool escape_all); +[[deprecated("Remove in v4.1. Use zeek::util::tokenize_string.")]] +extern std::vector* tokenize_string(std::string_view input, + std::string_view delim, + std::vector* rval = nullptr, int limit = 0); +[[deprecated("Remove in v4.1. Use zeek::util::tokenize_string.")]] +std::vector tokenize_string(std::string_view input, const char delim) noexcept; + +constexpr auto copy_string [[deprecated("Remove in v4.1. Use zeek::util::copy_string.")]] = zeek::util::copy_string; +constexpr auto streq [[deprecated("Remove in v4.1. Use zeek::util::streq.")]] = zeek::util::streq; +constexpr auto expand_escape [[deprecated("Remove in v4.1. Use zeek::util::detail::expand_escape.")]] = zeek::util::detail::expand_escape; +constexpr auto skip_digits [[deprecated("Remove in v4.1. Use zeek::util::skip_digits.")]] = zeek::util::skip_digits; + +[[deprecated("Remove in v4.1. Use zeek::util::skip_whitespace.")]] +extern char* skip_whitespace(char* s); +[[deprecated("Remove in v4.1. Use zeek::util::skip_whitespace.")]] +extern const char* skip_whitespace(const char* s); +[[deprecated("Remove in v4.1. Use zeek::util::skip_whitespace.")]] +extern char* skip_whitespace(char* s, char* end_of_s); +[[deprecated("Remove in v4.1. Use zeek::util::skip_whitespace.")]] +extern const char* skip_whitespace(const char* s, const char* end_of_s); + +[[deprecated("Remove in v4.1. Use zeek::util::get_word.")]] +extern char* get_word(char*& s); +[[deprecated("Remove in v4.1. Use zeek::util::get_word.")]] +extern void get_word(int length, const char* s, int& pwlen, const char*& pw); +[[deprecated("Remove in v4.1. Use zeek::util::to_upper.")]] +extern void to_upper(char* s); +[[deprecated("Remove in v4.1. Use zeek::util::to_upper.")]] +extern std::string to_upper(const std::string& s); + +constexpr auto decode_hex [[deprecated("Remove in v4.1. Use zeek::util::decode_hex.")]] = zeek::util::decode_hex; +constexpr auto encode_hex [[deprecated("Remove in v4.1. Use zeek::util::encode_hex.")]] = zeek::util::encode_hex; +constexpr auto strpbrk_n [[deprecated("Remove in v4.1. Use zeek::util::strpbrk_n.")]] = zeek::util::strpbrk_n; +constexpr auto strstr_n [[deprecated("Remove in v4.1. Use zeek::util::strstr_n.")]] = zeek::util::strstr_n; +constexpr auto strreplace [[deprecated("Remove in v4.1. Use zeek::util::strreplace.")]] = zeek::util::strreplace; +constexpr auto strstrip [[deprecated("Remove in v4.1. Use zeek::util::strstrip.")]] = zeek::util::strstrip; + +template +[[deprecated("Remove in v4.1. Use zeek::util::atoi_n.")]] +int atoi_n(int len, const char* s, const char** end, int base, T& result) + { return zeek::util::atoi_n(len, s, end, base, result); } + +[[deprecated("Remove in v4.1. Use zeek::util::uitoa_n.")]] +extern char* uitoa_n(uint64_t value, char* str, int n, int base, const char* prefix=nullptr); + +[[deprecated("Remove in v4.1. Use zeek::util::fputs.")]] +extern int fputs(int len, const char* s, FILE* fp); + +constexpr auto is_printable [[deprecated("Remove in v4.1. Use zeek::util::is_printable.")]] = zeek::util::is_printable; +constexpr auto strtolower [[deprecated("Remove in v4.1. Use zeek::util::strtolower.")]] = zeek::util::strtolower; +constexpr auto fmt_bytes [[deprecated("Remove in v4.1. Use zeek::util::fmt_bytes.")]] = zeek::util::fmt_bytes; +constexpr auto vfmt [[deprecated("Remove in v4.1. Use zeek::util::vfmt.")]] = zeek::util::vfmt; +constexpr auto fmt [[deprecated("Remove in v4.1. Use zeek::util::fmt.")]] = zeek::util::fmt; +constexpr auto fmt_access_time [[deprecated("Remove in v4.1. Use zeek::util::detail::fmt_access_time.")]] = zeek::util::detail::fmt_access_time; +constexpr auto ensure_intermediate_dirs [[deprecated("Remove in v4.1. Use zeek::util::detail::ensure_intermediate_dirs.")]] = zeek::util::detail::ensure_intermediate_dirs; +constexpr auto ensure_dir [[deprecated("Remove in v4.1. Use zeek::util::detail::ensure_dir.")]] = zeek::util::detail::ensure_dir; +constexpr auto is_dir [[deprecated("Remove in v4.1. Use zeek::util::is_dir.")]] = zeek::util::is_dir; +constexpr auto is_file [[deprecated("Remove in v4.1. Use zeek::util::is_file.")]] = zeek::util::is_file; +constexpr auto hmac_md5 [[deprecated("Remove in v4.1. Use zeek::util::detail::hmac_md5.")]] = zeek::util::detail::hmac_md5; +constexpr auto init_random_seed [[deprecated("Remove in v4.1. Use zeek::util::detail::init_random_seed.")]] = zeek::util::detail::init_random_seed; +constexpr auto initial_seed [[deprecated("Remove in v4.1. Use zeek::util::detail::initial_seed.")]] = zeek::util::detail::initial_seed; +constexpr auto have_random_seed [[deprecated("Remove in v4.1. Use zeek::util::detail::have_random_seed.")]] = zeek::util::detail::have_random_seed; +constexpr auto rand64bit [[deprecated("Remove in v4.1. Use zeek::util::detail::rand64bit.")]] = zeek::util::detail::rand64bit; + +using SourceID [[deprecated("Remove in v4.1. Use zeek::util::detail::SourceID.")]] = zeek::util::detail::SourceID; +static const zeek::util::detail::SourceID SOURCE_LOCAL [[deprecated("Remove in v4.1. Use zeek::util::detail::SOURCE_LOCAL.")]] = zeek::util::detail::SOURCE_LOCAL; +static const zeek::util::detail::SourceID SOURCE_BROKER [[deprecated("Remove in v4.1. Use zeek::util::detail::SOURCE_BROKER.")]] = zeek::util::detail::SOURCE_BROKER; + +constexpr auto int_list_cmp [[deprecated("Remove in v4.1. Use zeek::util::int_list_cmp.")]] = zeek::util::int_list_cmp; +constexpr auto bro_path [[deprecated("Remove in v4.1. Use zeek::util::zeek_path.")]] = zeek::util::zeek_path; +constexpr auto bro_plugin_path [[deprecated("Remove in v4.1. Use zeek::util::zeek_plugin_path.")]] = zeek::util::zeek_plugin_path; +constexpr auto bro_plugin_activate [[deprecated("Remove in v4.1. Use zeek::util::zeek_plugin_activate.")]] = zeek::util::zeek_plugin_activate; +constexpr auto bro_prefixes [[deprecated("Remove in v4.1. Use zeek::util::zeek_prefixes.")]] = zeek::util::zeek_prefixes; + +extern const std::array& script_extensions [[deprecated("Remove in v4.1. Use zeek::util::detail::script_extensions.")]]; + +constexpr auto warn_if_legacy_script [[deprecated("Remove in v4.1. Use zeek::util::detail::warn_if_legacy_script.")]] = zeek::util::detail::warn_if_legacy_script; +constexpr auto is_package_loader [[deprecated("Remove in v4.1. Use zeek::util::detail::is_package_loader.")]] = zeek::util::detail::is_package_loader; +constexpr auto add_to_bro_path [[deprecated("Remove in v4.1. Use zeek::util::detail::add_to_zeek_path.")]] = zeek::util::detail::add_to_zeek_path; + +using SafePathOp [[deprecated("Remove in v4.1. Use zeek::util::detail::SafePathOp.")]] = zeek::util::detail::SafePathOp; +using SafeDirname [[deprecated("Remove in v4.1. Use zeek::util::SafeDirname.")]] = zeek::util::SafeDirname; +using SafeBasename [[deprecated("Remove in v4.1. Use zeek::util::SafeBasename.")]] = zeek::util::SafeBasename; + +[[deprecated("Remove in v4.1. Use zeek::util::implode_string_vector.")]] +std::string implode_string_vector(const std::vector& v, + const std::string& delim = "\n"); +[[deprecated("Remove in v4.1. Use zeek::util::flatten_script_name.")]] +std::string flatten_script_name(const std::string& name, + const std::string& prefix = ""); + +constexpr auto normalize_path [[deprecated("Remove in v4.1. Use zeek::util::detail::normalize_path.")]] = zeek::util::detail::normalize_path; +constexpr auto without_bropath_component [[deprecated("Remove in v4.1. Use zeek::util::detail::without_zeekpath_component.")]] = zeek::util::detail::without_zeekpath_component; +constexpr auto get_exe_path [[deprecated("Remove in v4.1. Use zeek::util::detail::get_exe_path.")]] = zeek::util::detail::get_exe_path; +constexpr auto find_script_file [[deprecated("Remove in v4.1. Use zeek::util::find_script_file.")]] = zeek::util::find_script_file; + +[[deprecated("Remove in v4.1. Use zeek::util::find_file.")]] +std::string find_file(const std::string& filename, const std::string& path_set, + const std::string& opt_ext = ""); +[[deprecated("Remove in v4.1. Use zeek::util::open_file.")]] +FILE* open_file(const std::string& path, const std::string& mode = "r"); +[[deprecated("Remove in v4.1. Use zeek::util::open_package.")]] +FILE* open_package(std::string& path, const std::string& mode = "r"); + +constexpr auto rotate_file [[deprecated("Remove in v4.1. Use zeek::util::detail::rotate_file.")]] = zeek::util::detail::rotate_file; +constexpr auto log_file_name [[deprecated("Remove in v4.1. Use zeek::util::detail::log_file_name.")]] = zeek::util::detail::log_file_name; +constexpr auto parse_rotate_base_time [[deprecated("Remove in v4.1. Use zeek::util::detail::parse_rotate_base_time.")]] = zeek::util::detail::parse_rotate_base_time; +constexpr auto calc_next_rotate [[deprecated("Remove in v4.1. Use zeek::util::detail::calc_next_rotate.")]] = zeek::util::detail::calc_next_rotate; +constexpr auto terminate_processing [[deprecated("Remove in v4.1. Use zeek::util::detail::terminate_processing.")]] = zeek::util::detail::terminate_processing; +constexpr auto set_processing_status [[deprecated("Remove in v4.1. Use zeek::util::detail::set_processing_status.")]] = zeek::util::detail::set_processing_status; + +[[deprecated("Remove in v4.1. Use zeek::util::current_time.")]] +extern double current_time(bool real=false); + +constexpr auto double_to_timeval [[deprecated("Remove in v4.1. Use zeek::util::double_to_timeval.")]] = zeek::util::double_to_timeval; +constexpr auto time_compare [[deprecated("Remove in v4.1. Use zeek::util::time_compare.")]] = zeek::util::time_compare; + +[[deprecated("Remove in v4.1. Use zeek::util::calculate_unique_id.")]] +extern uint64_t calculate_unique_id(); +[[deprecated("Remove in v4.1. Use zeek::util::calculate_unique_id.")]] +extern uint64_t calculate_unique_id(const size_t pool); + +using ltstr [[deprecated("Remove in v4.1. Use zeek::util::ltstr.")]] = zeek::util::ltstr; +constexpr auto pad_size [[deprecated("Remove in v4.1. Use zeek::util::pad_size.")]] = zeek::util::pad_size; +constexpr auto safe_write [[deprecated("Remove in v4.1. Use zeek::util::safe_write.")]] = zeek::util::safe_write; +constexpr auto safe_pwrite [[deprecated("Remove in v4.1. Use zeek::util::safe_pwrite.")]] = zeek::util::safe_pwrite; +constexpr auto safe_close [[deprecated("Remove in v4.1. Use zeek::util::safe_close.")]] = zeek::util::safe_close; +constexpr auto safe_realloc [[deprecated("Remove in v4.1. Use zeek::util::safe_realloc.")]] = zeek::util::safe_realloc; +constexpr auto safe_malloc [[deprecated("Remove in v4.1. Use zeek::util::safe_malloc.")]] = zeek::util::safe_malloc; +constexpr auto safe_strncpy [[deprecated("Remove in v4.1. Use zeek::util::safe_strncpy.")]] = zeek::util::safe_strncpy; +constexpr auto get_memory_usage [[deprecated("Remove in v4.1. Use zeek::util::get_memory_usage.")]] = zeek::util::get_memory_usage; +using CompareString [[deprecated("Remove in v4.1. Use zeek::util::CompareString.")]] = zeek::util::CompareString; +constexpr auto canonify_name [[deprecated("Remove in v4.1. Use zeek::util::canonify_name.")]] = zeek::util::canonify_name; +constexpr auto bro_strerror_r [[deprecated("Remove in v4.1. Use zeek::util::zeek_strerror_r.")]] = zeek::util::zeek_strerror_r; +constexpr auto zeekenv [[deprecated("Remove in v4.1. Use zeek::util::zeekenv.")]] = zeek::util::zeekenv; +constexpr auto json_escape_utf8 [[deprecated("Remove in v4.1. Use zeek::util::json_escape_utf8.")]] = zeek::util::json_escape_utf8; + +namespace zeek { + +[[deprecated("Remove in v4.1. Use zeek::util::set_thread_name.")]] +void set_thread_name(const char* name, pthread_t tid = pthread_self()); + +constexpr auto prng [[deprecated("Remove in v4.1. Use zeek::util::detail::prng.")]] = zeek::util::detail::prng; +constexpr auto random_number [[deprecated("Remove in v4.1. Use zeek::util::detail::random_number.")]] = zeek::util::detail::random_number; +constexpr auto max_random [[deprecated("Remove in v4.1. Use zeek::util::detail::max_random.")]] = zeek::util::detail::max_random; +constexpr auto seed_random [[deprecated("Remove in v4.1. Use zeek::util::detail::seed_random.")]] = zeek::util::detail::seed_random; + } // namespace zeek diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index 6c31e5ae32..c2f2a8b2b7 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -29,7 +29,7 @@ extern "C" { #include "Event.h" #include "File.h" #include "Reporter.h" -#include "Net.h" +#include "RunState.h" #include "NetVar.h" #include "Var.h" #include "Timer.h" @@ -46,6 +46,7 @@ extern "C" { #include "Trigger.h" #include "Hash.h" #include "Func.h" +#include "ScannedFile.h" #include "supervisor/Supervisor.h" #include "threading/Manager.h" @@ -102,18 +103,28 @@ zeek::detail::DNS_Mgr*& dns_mgr = zeek::detail::dns_mgr; zeek::detail::TimerMgr* zeek::detail::timer_mgr = nullptr; zeek::detail::TimerMgr*& timer_mgr = zeek::detail::timer_mgr; -logging::Manager* log_mgr = nullptr; -threading::Manager* thread_mgr = nullptr; -input::Manager* input_mgr = nullptr; -file_analysis::Manager* file_mgr = nullptr; -zeekygen::Manager* zeekygen_mgr = nullptr; -iosource::Manager* iosource_mgr = nullptr; -bro_broker::Manager* broker_mgr = nullptr; +zeek::logging::Manager* zeek::log_mgr = nullptr; +zeek::logging::Manager*& log_mgr = zeek::log_mgr; +zeek::threading::Manager* zeek::thread_mgr = nullptr; +zeek::threading::Manager*& thread_mgr = zeek::thread_mgr; +zeek::input::Manager* zeek::input_mgr = nullptr; +zeek::input::Manager*& input_mgr = zeek::input_mgr; +zeek::file_analysis::Manager* zeek::file_mgr = nullptr; +zeek::file_analysis::Manager*& file_mgr = zeek::file_mgr; +zeek::zeekygen::detail::Manager* zeek::detail::zeekygen_mgr = nullptr; +zeek::zeekygen::detail::Manager*& zeekygen_mgr = zeek::detail::zeekygen_mgr; +zeek::iosource::Manager* zeek::iosource_mgr = nullptr; +zeek::iosource::Manager*& iosource_mgr = zeek::iosource_mgr; +zeek::Broker::Manager* zeek::broker_mgr = nullptr; +zeek::Broker::Manager*& broker_mgr = zeek::broker_mgr; zeek::Supervisor* zeek::supervisor_mgr = nullptr; -zeek::detail::trigger::Manager* trigger_mgr = nullptr; +zeek::detail::trigger::Manager* zeek::detail::trigger_mgr = nullptr; +zeek::detail::trigger::Manager*& trigger_mgr = zeek::detail::trigger_mgr; -std::vector zeek_script_prefixes; -zeek::detail::Stmt* stmts; +std::vector zeek::detail::zeek_script_prefixes; +std::vector& zeek_script_prefixes = zeek::detail::zeek_script_prefixes; +zeek::detail::Stmt* zeek::detail::stmts = nullptr; +zeek::detail::Stmt*& stmts = zeek::detail::stmts; zeek::EventRegistry* zeek::event_registry = nullptr; zeek::EventRegistry*& event_registry = zeek::event_registry; zeek::detail::ProfileLogger* zeek::detail::profiling_logger = nullptr; @@ -124,8 +135,10 @@ zeek::detail::SampleLogger* zeek::detail::sample_logger = nullptr; zeek::detail::SampleLogger*& sample_logger = zeek::detail::sample_logger; int signal_val = 0; extern char version[]; -const char* command_line_policy = nullptr; -vector params; +const char* zeek::detail::command_line_policy = nullptr; +const char*& command_line_policy = zeek::detail::command_line_policy; +vector zeek::detail::params; +vector& params = zeek::detail::params; set requested_plugins; const char* proc_status_file = nullptr; @@ -141,8 +154,12 @@ zeek::OpaqueTypePtr ocsp_resp_opaque_type; zeek::OpaqueTypePtr paraglob_type; // Keep copy of command line -int bro_argc; -char** bro_argv; +int zeek::detail::zeek_argc; +int& bro_argc = zeek::detail::zeek_argc; +char** zeek::detail::zeek_argv; +char**& bro_argv = zeek::detail::zeek_argv; + +namespace zeek { const char* zeek_version() { @@ -162,6 +179,8 @@ const char* zeek_version() #endif } +namespace detail { + static std::vector to_cargs(const std::vector& args) { std::vector rval; @@ -173,7 +192,7 @@ static std::vector to_cargs(const std::vector& args) return rval; } -bool show_plugins(int level) +static bool show_plugins(int level) { zeek::plugin::Manager::plugin_list plugins = zeek::plugin_mgr->ActivePlugins(); @@ -223,9 +242,9 @@ bool show_plugins(int level) return count != 0; } -void done_with_network() +static void done_with_network() { - set_processing_status("TERMINATING", "done_with_network"); + zeek::util::detail::set_processing_status("TERMINATING", "done_with_network"); // Cancel any pending alarms (watchdog, in particular). (void) alarm(0); @@ -242,7 +261,7 @@ void done_with_network() if ( zeek::detail::profiling_logger ) zeek::detail::profiling_logger->Log(); - terminating = true; + zeek::run_state::terminating = true; zeek::analyzer_mgr->Done(); zeek::detail::timer_mgr->Expire(); @@ -250,7 +269,7 @@ void done_with_network() zeek::event_mgr.Drain(); zeek::event_mgr.Drain(); - net_finish(1); + zeek::run_state::detail::finish_run(1); #ifdef USE_PERFTOOLS_DEBUG @@ -270,17 +289,17 @@ void done_with_network() ZEEK_LSAN_DISABLE(); } -void terminate_bro() +static void terminate_bro() { - set_processing_status("TERMINATING", "terminate_bro"); + zeek::util::detail::set_processing_status("TERMINATING", "terminate_bro"); - terminating = true; + zeek::run_state::terminating = true; - iosource_mgr->Wakeup("terminate_bro"); + zeek::iosource_mgr->Wakeup("terminate_bro"); // File analysis termination may produce events, so do it early on in // the termination process. - file_mgr->Terminate(); + zeek::file_mgr->Terminate(); zeek::detail::script_coverage_mgr.WriteStats(); @@ -302,24 +321,24 @@ void terminate_bro() zeek::event_mgr.Drain(); - notifier::registry.Terminate(); - log_mgr->Terminate(); - input_mgr->Terminate(); - thread_mgr->Terminate(); - broker_mgr->Terminate(); + zeek::notifier::detail::registry.Terminate(); + zeek::log_mgr->Terminate(); + zeek::input_mgr->Terminate(); + zeek::thread_mgr->Terminate(); + zeek::broker_mgr->Terminate(); zeek::detail::dns_mgr->Terminate(); zeek::event_mgr.Drain(); zeek::plugin_mgr->FinishPlugins(); - delete zeekygen_mgr; + delete zeek::detail::zeekygen_mgr; delete zeek::analyzer_mgr; - delete file_mgr; + delete zeek::file_mgr; // broker_mgr, timer_mgr, and supervisor are deleted via iosource_mgr - delete iosource_mgr; + delete zeek::iosource_mgr; delete zeek::event_registry; - delete log_mgr; + delete zeek::log_mgr; delete zeek::reporter; delete zeek::plugin_mgr; delete zeek::val_mgr; @@ -330,40 +349,20 @@ void terminate_bro() zeek::reporter = nullptr; } -void zeek_terminate_loop(const char* reason) - { - set_processing_status("TERMINATING", reason); - zeek::reporter->Info("%s", reason); - - net_get_final_stats(); - done_with_network(); - net_delete(); - - terminate_bro(); - - // Close files after net_delete(), because net_delete() - // might write to connection content files. - zeek::File::CloseOpenFiles(); - - delete zeek::detail::rule_matcher; - - exit(0); - } - RETSIGTYPE sig_handler(int signo) { - set_processing_status("TERMINATING", "sig_handler"); + zeek::util::detail::set_processing_status("TERMINATING", "sig_handler"); signal_val = signo; - if ( ! terminating ) - iosource_mgr->Wakeup("sig_handler"); + if ( ! zeek::run_state::terminating ) + zeek::iosource_mgr->Wakeup("sig_handler"); return RETSIGVAL; } static void atexit_handler() { - set_processing_status("TERMINATED", "atexit"); + zeek::util::detail::set_processing_status("TERMINATED", "atexit"); } static void bro_new_handler() @@ -377,7 +376,7 @@ static std::vector get_script_signature_files() // Parse rule files defined on the script level. char* script_signature_files = - copy_string(zeek::id::find_val("signature_files")->AsString()->CheckString()); + zeek::util::copy_string(zeek::id::find_val("signature_files")->AsString()->CheckString()); char* tmp = script_signature_files; char* s; @@ -389,13 +388,13 @@ static std::vector get_script_signature_files() return rval; } -zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, - zeek::Options* zopts) +zeek::detail::SetupResult setup(int argc, char** argv, + zeek::Options* zopts) { ZEEK_LSAN_DISABLE(); std::set_new_handler(bro_new_handler); - auto zeek_exe_path = get_exe_path(argv[0]); + auto zeek_exe_path = zeek::util::detail::get_exe_path(argv[0]); if ( zeek_exe_path.empty() ) { @@ -403,11 +402,11 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, exit(1); } - bro_argc = argc; - bro_argv = new char* [argc]; + zeek_argc = argc; + zeek_argv = new char* [argc]; for ( int i = 0; i < argc; i++ ) - bro_argv[i] = copy_string(argv[i]); + zeek_argv[i] = zeek::util::copy_string(argv[i]); auto options = zopts ? *zopts : zeek::parse_cmdline(argc, argv); @@ -444,12 +443,12 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, RETSIGTYPE (*oldhandler)(int); zeek_script_prefixes = options.script_prefixes; - auto zeek_prefixes = zeekenv("ZEEK_PREFIXES"); + auto zeek_prefixes = zeek::util::zeekenv("ZEEK_PREFIXES"); if ( zeek_prefixes ) - tokenize_string(zeek_prefixes, ":", &zeek_script_prefixes); + zeek::util::tokenize_string(zeek_prefixes, ":", &zeek_script_prefixes); - pseudo_realtime = options.pseudo_realtime; + zeek::run_state::pseudo_realtime = options.pseudo_realtime; #ifdef USE_PERFTOOLS_DEBUG perftools_leaks = options.perftools_check_leaks; @@ -472,16 +471,16 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, } if ( options.process_status_file ) - proc_status_file = copy_string(options.process_status_file->data()); + proc_status_file = zeek::util::copy_string(options.process_status_file->data()); atexit(atexit_handler); - set_processing_status("INITIALIZING", "main"); + zeek::util::detail::set_processing_status("INITIALIZING", "main"); - bro_start_time = current_time(true); + zeek::run_state::zeek_start_time = zeek::util::current_time(true); zeek::val_mgr = new ValManager(); reporter = new Reporter(options.abort_on_scripting_errors); - thread_mgr = new threading::Manager(); + zeek::thread_mgr = new threading::Manager(); zeek::plugin_mgr = new zeek::plugin::Manager(); #ifdef DEBUG @@ -504,14 +503,14 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, zeek::supervisor_mgr = new zeek::Supervisor(std::move(cfg), std::move(*stem)); } - const char* seed_load_file = zeekenv("ZEEK_SEED_FILE"); + const char* seed_load_file = zeek::util::zeekenv("ZEEK_SEED_FILE"); if ( options.random_seed_input_file ) seed_load_file = options.random_seed_input_file->data(); - init_random_seed((seed_load_file && *seed_load_file ? seed_load_file : nullptr), - options.random_seed_output_file ? options.random_seed_output_file->data() : nullptr, - options.deterministic_mode); + zeek::util::detail::init_random_seed((seed_load_file && *seed_load_file ? seed_load_file : nullptr), + options.random_seed_output_file ? options.random_seed_output_file->data() : nullptr, + options.deterministic_mode); // DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key)); init_hash_function(); @@ -540,7 +539,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, zeek::detail::timer_mgr = new zeek::detail::PQ_TimerMgr(); auto zeekygen_cfg = options.zeekygen_config_file.value_or(""); - zeekygen_mgr = new zeekygen::Manager(zeekygen_cfg, bro_argv[0]); + zeek::detail::zeekygen_mgr = new zeek::zeekygen::detail::Manager(zeekygen_cfg, zeek_argv[0]); add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -548,7 +547,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( ! options.bare_mode ) add_input_file("base/init-default.zeek"); - zeek::plugin_mgr->SearchDynamicPlugins(bro_plugin_path()); + zeek::plugin_mgr->SearchDynamicPlugins(zeek::util::zeek_plugin_path()); if ( options.plugins_to_load.empty() && options.scripts_to_load.empty() && options.script_options_to_set.empty() && @@ -576,20 +575,20 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, // policy, but we can't parse policy without DNS resolution. zeek::detail::dns_mgr->SetDir(".state"); - iosource_mgr = new iosource::Manager(); - event_registry = new EventRegistry(); + zeek::iosource_mgr = new iosource::Manager(); + zeek::event_registry = new EventRegistry(); zeek::analyzer_mgr = new analyzer::Manager(); - log_mgr = new logging::Manager(); - input_mgr = new input::Manager(); - file_mgr = new file_analysis::Manager(); + zeek::log_mgr = new logging::Manager(); + zeek::input_mgr = new input::Manager(); + zeek::file_mgr = new file_analysis::Manager(); auto broker_real_time = ! options.pcap_file && ! options.deterministic_mode; - broker_mgr = new bro_broker::Manager(broker_real_time); - trigger_mgr = new zeek::detail::trigger::Manager(); + zeek::broker_mgr = new zeek::Broker::Manager(broker_real_time); + zeek::detail::trigger_mgr = new zeek::detail::trigger::Manager(); zeek::plugin_mgr->InitPreScript(); zeek::analyzer_mgr->InitPreScript(); - file_mgr->InitPreScript(); - zeekygen_mgr->InitPreScript(); + zeek::file_mgr->InitPreScript(); + zeek::detail::zeekygen_mgr->InitPreScript(); bool missing_plugin = false; @@ -629,9 +628,9 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, HeapLeakChecker::Disabler disabler; #endif - is_parsing = true; + zeek::run_state::is_parsing = true; yyparse(); - is_parsing = false; + zeek::run_state::is_parsing = false; RecordVal::DoneParsing(); TableVal::DoneParsing(); @@ -656,11 +655,11 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( zeek::reporter->Errors() > 0 ) exit(1); - iosource_mgr->InitPostScript(); - log_mgr->InitPostScript(); + zeek::iosource_mgr->InitPostScript(); + zeek::log_mgr->InitPostScript(); zeek::plugin_mgr->InitPostScript(); - zeekygen_mgr->InitPostScript(); - broker_mgr->InitPostScript(); + zeek::detail::zeekygen_mgr->InitPostScript(); + zeek::broker_mgr->InitPostScript(); zeek::detail::timer_mgr->InitPostScript(); zeek::event_mgr.InitPostScript(); @@ -674,7 +673,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, } zeek::analyzer_mgr->InitPostScript(); - file_mgr->InitPostScript(); + zeek::file_mgr->InitPostScript(); zeek::detail::dns_mgr->InitPostScript(); if ( options.parse_only ) @@ -695,7 +694,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, zeek::reporter->InitOptions(); KeyedHash::InitOptions(); - zeekygen_mgr->GenerateDocs(); + zeek::detail::zeekygen_mgr->GenerateDocs(); if ( options.pcap_filter ) { @@ -714,7 +713,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, all_signature_files.emplace_back(std::move(sf)); // Append signature files defined in @load-sigs - for ( const auto& sf : sig_files ) + for ( const auto& sf : zeek::detail::sig_files ) all_signature_files.emplace_back(sf); if ( ! all_signature_files.empty() ) @@ -729,7 +728,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( options.print_signature_debug_info ) rule_matcher->PrintDebug(); - file_mgr->InitMagic(); + zeek::file_mgr->InitMagic(); } if ( g_policy_debug ) @@ -752,7 +751,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, } if ( dns_type != DNS_PRIME ) - net_init(options.interface, options.pcap_file, options.pcap_output_file, options.use_watchdog); + zeek::run_state::detail::init_run(options.interface, options.pcap_file, options.pcap_output_file, options.use_watchdog); if ( ! g_policy_debug ) { @@ -804,16 +803,16 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, zeek::detail::segment_logger = zeek::detail::profiling_logger; } - if ( ! reading_live && ! reading_traces ) + if ( ! zeek::run_state::reading_live && ! zeek::run_state::reading_traces ) // Set up network_time to track real-time, since // we don't have any other source for it. - net_update_time(current_time()); + zeek::run_state::detail::update_network_time(zeek::util::current_time()); if ( zeek_init ) zeek::event_mgr.Enqueue(zeek_init, zeek::Args{}); EventRegistry::string_list dead_handlers = - event_registry->UnusedHandlers(); + zeek::event_registry->UnusedHandlers(); if ( ! dead_handlers.empty() && check_for_unused_event_handlers ) { @@ -830,7 +829,7 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( stmts ) { - stmt_flow_type flow; + StmtFlowType flow; Frame f(current_scope()->Length(), nullptr, nullptr); g_frame_stack.push_back(&f); @@ -852,14 +851,14 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, if ( zeek_script_loaded ) { // Queue events reporting loaded scripts. - for ( std::list::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ ) + for ( const auto& file : zeek::detail::files_scanned ) { - if ( i->skipped ) + if ( file.skipped ) continue; zeek::event_mgr.Enqueue(zeek_script_loaded, - zeek::make_intrusive(i->name.c_str()), - zeek::val_mgr->Count(i->include_level)); + zeek::make_intrusive(file.name.c_str()), + zeek::val_mgr->Count(file.include_level)); } } @@ -868,24 +867,24 @@ zeek::detail::SetupResult zeek::detail::setup(int argc, char** argv, // Drain the event queue here to support the protocols framework configuring DPM zeek::event_mgr.Drain(); - if ( zeek::reporter->Errors() > 0 && ! zeekenv("ZEEK_ALLOW_INIT_ERRORS") ) + if ( zeek::reporter->Errors() > 0 && ! zeek::util::zeekenv("ZEEK_ALLOW_INIT_ERRORS") ) zeek::reporter->FatalError("errors occurred while initializing"); - broker_mgr->ZeekInitDone(); + zeek::broker_mgr->ZeekInitDone(); zeek::reporter->ZeekInitDone(); zeek::analyzer_mgr->DumpDebug(); - have_pending_timers = ! reading_traces && zeek::detail::timer_mgr->Size() > 0; + zeek::run_state::detail::have_pending_timers = ! zeek::run_state::reading_traces && zeek::detail::timer_mgr->Size() > 0; return {0, std::move(options)}; } -int zeek::detail::cleanup(bool did_net_run) +int cleanup(bool did_net_run) { if ( did_net_run ) done_with_network(); - net_delete(); + zeek::run_state::detail::delete_run(); terminate_bro(); sqlite3_shutdown(); @@ -902,3 +901,30 @@ int zeek::detail::cleanup(bool did_net_run) return 0; } + +} // namespace detail + +namespace run_state::detail { + +void zeek_terminate_loop(const char* reason) + { + zeek::util::detail::set_processing_status("TERMINATING", reason); + zeek::reporter->Info("%s", reason); + + get_final_stats(); + zeek::detail::done_with_network(); + delete_run(); + + zeek::detail::terminate_bro(); + + // Close files after net_delete(), because net_delete() + // might write to connection content files. + zeek::File::CloseOpenFiles(); + + delete zeek::detail::rule_matcher; + + exit(0); + } + +} // namespace run_state::detail +} // namespace zeek diff --git a/src/zeek-setup.h b/src/zeek-setup.h index 22cb85fde7..89333ac673 100644 --- a/src/zeek-setup.h +++ b/src/zeek-setup.h @@ -4,7 +4,7 @@ #include "Options.h" -namespace zeek { namespace detail { +namespace zeek::detail { struct SetupResult { int code = 0; @@ -28,4 +28,4 @@ SetupResult setup(int argc, char** argv, zeek::Options* options = nullptr); */ int cleanup(bool did_net_run); -}} // namespace zeek::detail +} // namespace zeek::detail diff --git a/src/zeek.bif b/src/zeek.bif index fc751831fd..f2a1d4b2cb 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -33,7 +33,7 @@ using namespace std; zeek::TableType* var_sizes; -static iosource::PktDumper* addl_pkt_dumper = 0; +static zeek::iosource::PktDumper* addl_pkt_dumper = nullptr; bro_int_t parse_int(const char*& fmt) { @@ -319,7 +319,7 @@ static int next_fmt(const char*& fmt, const zeek::Args* args, zeek::ODesc* d, in ## .. zeek:see:: network_time function current_time%(%): time %{ - return zeek::make_intrusive(current_time()); + return zeek::make_intrusive(zeek::util::current_time()); %} ## Returns the timestamp of the last packet processed. This function returns @@ -331,7 +331,7 @@ function current_time%(%): time ## .. zeek:see:: current_time function network_time%(%): time %{ - return zeek::make_intrusive(network_time); + return zeek::make_intrusive(zeek::run_state::network_time); %} ## Returns a system environment variable. @@ -344,7 +344,7 @@ function network_time%(%): time ## .. zeek:see:: setenv function getenv%(var: string%): string %{ - const char* env_val = zeekenv(var->CheckString()); + const char* env_val = zeek::util::zeekenv(var->CheckString()); if ( ! env_val ) env_val = ""; // ### return zeek::make_intrusive(env_val); @@ -388,10 +388,10 @@ function exit%(code: int%): any ## .. zeek:see:: exit zeek_is_terminating function terminate%(%): bool %{ - if ( terminating ) + if ( zeek::run_state::terminating ) return zeek::val_mgr->False(); - terminate_processing(); + zeek::util::detail::terminate_processing(); return zeek::val_mgr->True(); %} @@ -415,10 +415,10 @@ static bool prepare_environment(zeek::TableVal* tbl, bool set) return false; } - char* tmp = copy_string(key->AsString()->CheckString()); - to_upper(tmp); - std::string var1 = fmt("ZEEK_ARG_%s", tmp); - std::string var2 = fmt("BRO_ARG_%s", tmp); // legacy support + char* tmp = zeek::util::copy_string(key->AsString()->CheckString()); + zeek::util::to_upper(tmp); + std::string var1 = zeek::util::fmt("ZEEK_ARG_%s", tmp); + std::string var2 = zeek::util::fmt("BRO_ARG_%s", tmp); // legacy support delete [] tmp; if ( set ) @@ -930,7 +930,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count ## provided by the OS. function rand%(max: count%): count %{ - auto result = bro_uint_t(double(max) * double(zeek::random_number()) / (zeek::max_random() + 1.0)); + auto result = bro_uint_t(double(max) * double(zeek::util::detail::random_number()) / (zeek::util::detail::max_random() + 1.0)); return zeek::val_mgr->Count(result); %} @@ -946,7 +946,7 @@ function rand%(max: count%): count ## provided by the OS. function srand%(seed: count%): any %{ - zeek::seed_random(seed); + zeek::util::detail::seed_random(seed); return nullptr; %} @@ -980,7 +980,7 @@ function identify_data%(data: string, return_mime: bool &default=T%): string if ( ! return_mime ) zeek::reporter->Warning("identify_data() builtin-function only returns MIME types, but verbose file info requested"); - string strongest_match = file_mgr->DetectMIME(data->Bytes(), data->Len()); + string strongest_match = zeek::file_mgr->DetectMIME(data->Bytes(), data->Len()); if ( strongest_match.empty() ) return zeek::make_intrusive(""); @@ -999,7 +999,7 @@ function identify_data%(data: string, return_mime: bool &default=T%): string function file_magic%(data: string%): mime_matches %{ zeek::detail::RuleMatcher::MIME_Matches matches; - file_mgr->DetectMIME(data->Bytes(), data->Len(), &matches); + zeek::file_mgr->DetectMIME(data->Bytes(), data->Len(), &matches); return file_analysis::GenMIMEMatchesVal(matches); %} @@ -1123,8 +1123,9 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result function unique_id%(prefix: string%) : string %{ char tmp[20]; - uint64_t uid = calculate_unique_id(UID_POOL_DEFAULT_SCRIPT); - return zeek::make_intrusive(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); + uint64_t uid = zeek::util::calculate_unique_id(UID_POOL_DEFAULT_SCRIPT); + return zeek::make_intrusive( + zeek::util::uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} ## Creates an identifier that is unique with high probability. @@ -1141,8 +1142,9 @@ function unique_id_from%(pool: int, prefix: string%) : string pool += UID_POOL_CUSTOM_SCRIPT; // Make sure we don't conflict with internal pool. char tmp[20]; - uint64_t uid = calculate_unique_id(pool); - return zeek::make_intrusive(uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); + uint64_t uid = zeek::util::calculate_unique_id(pool); + return zeek::make_intrusive( + zeek::util::uitoa_n(uid, tmp, sizeof(tmp), 62, prefix->CheckString())); %} # =========================================================================== @@ -1804,7 +1806,9 @@ function getpid%(%) : count %} %%{ +namespace zeek { extern const char* zeek_version(); +} // namespace zeek %%} ## Returns the Zeek version string. @@ -1812,7 +1816,7 @@ extern const char* zeek_version(); ## Returns: Zeek's version, e.g., 2.0-beta-47-debug. function zeek_version%(%): string %{ - return zeek::make_intrusive(zeek_version()); + return zeek::make_intrusive(zeek::zeek_version()); %} ## Converts a record type name to a vector of strings, where each element is @@ -1855,8 +1859,8 @@ function zeek_args%(%): string_vec auto sv = zeek::id::string_vec; auto rval = zeek::make_intrusive(std::move(sv)); - for ( auto i = 0; i < bro_argc; ++i ) - rval->Assign(rval->Size(), zeek::make_intrusive(bro_argv[i])); + for ( auto i = 0; i < zeek::detail::zeek_argc; ++i ) + rval->Assign(rval->Size(), zeek::make_intrusive(zeek::detail::zeek_argv[i])); return rval; %} @@ -1871,7 +1875,7 @@ function zeek_args%(%): string_vec ## .. zeek:see:: reading_traces packet_source function reading_live_traffic%(%): bool %{ - return zeek::val_mgr->Bool(reading_live); + return zeek::val_mgr->Bool(zeek::run_state::reading_live); %} ## Checks whether Zeek reads traffic from a trace file (as opposed to from a @@ -1882,7 +1886,7 @@ function reading_live_traffic%(%): bool ## .. zeek:see:: reading_live_traffic packet_source function reading_traces%(%): bool %{ - return zeek::val_mgr->Bool(reading_traces); + return zeek::val_mgr->Bool(zeek::run_state::reading_traces); %} ## Returns: the packet source being read by Zeek. @@ -1891,7 +1895,7 @@ function reading_traces%(%): bool function packet_source%(%): PacketSource %{ static auto ps_type = zeek::id::find_type("PacketSource"); - auto ps = iosource_mgr->GetPktSrc(); + auto ps = zeek::iosource_mgr->GetPktSrc(); auto r = zeek::make_intrusive(ps_type); if ( ps ) @@ -2105,7 +2109,7 @@ function dump_rule_stats%(f: file%): bool ## .. zeek:see:: terminate function zeek_is_terminating%(%): bool %{ - return zeek::val_mgr->Bool(terminating); + return zeek::val_mgr->Bool(zeek::run_state::terminating); %} ## Returns the hostname of the machine Zeek runs on. @@ -2653,11 +2657,11 @@ function to_port%(s: string%): port if ( ! errno ) { ++slash; - if ( streq(slash, "tcp") ) + if ( zeek::util::streq(slash, "tcp") ) return zeek::val_mgr->Port(port, TRANSPORT_TCP); - else if ( streq(slash, "udp") ) + else if ( zeek::util::streq(slash, "udp") ) return zeek::val_mgr->Port(port, TRANSPORT_UDP); - else if ( streq(slash, "icmp") ) + else if ( zeek::util::streq(slash, "icmp") ) return zeek::val_mgr->Port(port, TRANSPORT_ICMP); } } @@ -3361,7 +3365,7 @@ function lookup_connection%(cid: conn_id%): connection c->Assign(1, std::move(orig_endp)); c->Assign(2, std::move(resp_endp)); - c->Assign(3, zeek::make_intrusive(network_time)); + c->Assign(3, zeek::make_intrusive(zeek::run_state::network_time)); c->Assign(4, zeek::make_intrusive(0.0)); c->Assign(5, zeek::make_intrusive(zeek::id::string_set)); // service c->Assign(6, zeek::val_mgr->EmptyString()); // history @@ -3380,8 +3384,8 @@ const char* conn_id_string(zeek::Val* c) const zeek::IPAddr& resp_h = (*vl)[2]->AsAddr(); uint32_t resp_p = (*vl)[3]->AsPortVal()->Port(); - return fmt("%s/%u -> %s/%u\n", orig_h.AsString().c_str(), orig_p, - resp_h.AsString().c_str(), resp_p); + return zeek::util::fmt("%s/%u -> %s/%u\n", orig_h.AsString().c_str(), orig_p, + resp_h.AsString().c_str(), resp_p); } %%} @@ -3396,8 +3400,8 @@ function dump_current_packet%(file_name: string%) : bool %{ const Packet* pkt; - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&pkt) ) + if ( ! zeek::run_state::detail::current_pktsrc || + ! zeek::run_state::detail::current_pktsrc->GetCurrentPacket(&pkt) ) return zeek::val_mgr->False(); if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString()) @@ -3407,7 +3411,7 @@ function dump_current_packet%(file_name: string%) : bool } if ( ! addl_pkt_dumper ) - addl_pkt_dumper = iosource_mgr->OpenPktDumper(file_name->CheckString(), true); + addl_pkt_dumper = zeek::iosource_mgr->OpenPktDumper(file_name->CheckString(), true); if ( addl_pkt_dumper ) { @@ -3429,8 +3433,8 @@ function get_current_packet%(%) : pcap_packet const Packet* p; auto pkt = zeek::make_intrusive(pcap_packet); - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&p) ) + if ( ! zeek::run_state::detail::current_pktsrc || + ! zeek::run_state::detail::current_pktsrc->GetCurrentPacket(&p) ) { pkt->Assign(0, zeek::val_mgr->Count(0)); pkt->Assign(1, zeek::val_mgr->Count(0)); @@ -3461,8 +3465,8 @@ function get_current_packet_header%(%) : raw_pkt_hdr %{ const Packet* p; - if ( current_pktsrc && - current_pktsrc->GetCurrentPacket(&p) ) + if ( zeek::run_state::detail::current_pktsrc && + zeek::run_state::detail::current_pktsrc->GetCurrentPacket(&p) ) { return p->ToRawPktHdrVal(); } @@ -3490,7 +3494,7 @@ function dump_packet%(pkt: pcap_packet, file_name: string%) : bool } if ( ! addl_pkt_dumper ) - addl_pkt_dumper = iosource_mgr->OpenPktDumper(file_name->CheckString(), true); + addl_pkt_dumper = zeek::iosource_mgr->OpenPktDumper(file_name->CheckString(), true); if ( ! addl_pkt_dumper->IsError() ) { @@ -3684,10 +3688,10 @@ static constexpr double mmdb_msg_suppression_duration = 300; static void report_mmdb_msg(const char* format, ...) { - if ( network_time > mmdb_msg_suppression_time + mmdb_msg_suppression_duration ) + if ( zeek::run_state::network_time > mmdb_msg_suppression_time + mmdb_msg_suppression_duration ) { mmdb_msg_count = 0; - mmdb_msg_suppression_time = network_time; + mmdb_msg_suppression_time = zeek::run_state::network_time; } if ( mmdb_msg_count >= mmdb_msg_limit ) @@ -3697,7 +3701,7 @@ static void report_mmdb_msg(const char* format, ...) va_list al; va_start(al, format); - std::string msg = fmt(format, al); + std::string msg = zeek::util::fmt(format, al); va_end(al); zeek::reporter->Info("%s", msg.data()); @@ -4437,7 +4441,7 @@ function open%(f: string%): file %{ const char* file = f->CheckString(); - if ( streq(file, "-") ) + if ( zeek::util::streq(file, "-") ) return zeek::make_intrusive(zeek::make_intrusive(stdout, "-", "w")); else return zeek::make_intrusive(zeek::make_intrusive(file, "w")); @@ -4544,8 +4548,8 @@ function mkdir%(f: string%): bool && S_ISDIR(filestat.st_mode) ) return zeek::val_mgr->True(); - zeek::emit_builtin_error(fmt("cannot create directory '%s': %s", filename, - strerror(error))); + zeek::emit_builtin_error(zeek::util::fmt("cannot create directory '%s': %s", filename, + strerror(error))); return zeek::val_mgr->False(); } else @@ -4569,8 +4573,8 @@ function rmdir%(d: string%): bool if ( rmdir(dirname) < 0 ) { - zeek::emit_builtin_error(fmt("cannot remove directory '%s': %s", dirname, - strerror(errno))); + zeek::emit_builtin_error(zeek::util::fmt("cannot remove directory '%s': %s", dirname, + strerror(errno))); return zeek::val_mgr->False(); } else @@ -4593,8 +4597,8 @@ function unlink%(f: string%): bool if ( unlink(filename) < 0 ) { - zeek::emit_builtin_error(fmt("cannot unlink file '%s': %s", filename, - strerror(errno))); + zeek::emit_builtin_error(zeek::util::fmt("cannot unlink file '%s': %s", filename, + strerror(errno))); return zeek::val_mgr->False(); } else @@ -4619,8 +4623,8 @@ function rename%(src_f: string, dst_f: string%): bool if ( rename(src_filename, dst_filename) < 0 ) { - zeek::emit_builtin_error(fmt("cannot rename file '%s' to '%s': %s", src_filename, - dst_filename, strerror(errno))); + zeek::emit_builtin_error(zeek::util::fmt("cannot rename file '%s' to '%s': %s", src_filename, + dst_filename, strerror(errno))); return zeek::val_mgr->False(); } else @@ -4697,20 +4701,21 @@ function rotate_file_by_name%(f: string%): rotate_info bool is_addl_pkt_dumper = false; // Special case: one of current dump files. - if ( pkt_dumper && streq(pkt_dumper->Path().c_str(), f->CheckString()) ) + if ( zeek::run_state::detail::pkt_dumper && + zeek::util::streq(zeek::run_state::detail::pkt_dumper->Path().c_str(), f->CheckString()) ) { is_pkt_dumper = true; - pkt_dumper->Close(); + zeek::run_state::detail::pkt_dumper->Close(); } if ( addl_pkt_dumper && - streq(addl_pkt_dumper->Path().c_str(), f->CheckString()) ) + zeek::util::streq(addl_pkt_dumper->Path().c_str(), f->CheckString()) ) { is_addl_pkt_dumper = true; addl_pkt_dumper->Close(); } - FILE* file = rotate_file(f->CheckString(), info.get()); + FILE* file = zeek::util::detail::rotate_file(f->CheckString(), info.get()); if ( ! file ) { // Record indicating error. @@ -4725,8 +4730,8 @@ function rotate_file_by_name%(f: string%): rotate_info if ( is_pkt_dumper ) { - info->Assign(2, zeek::make_intrusive(pkt_dumper->OpenTime())); - pkt_dumper->Open(); + info->Assign(2, zeek::make_intrusive(zeek::run_state::detail::pkt_dumper->OpenTime())); + zeek::run_state::detail::pkt_dumper->Open(); } if ( is_addl_pkt_dumper ) @@ -4748,8 +4753,8 @@ function calc_next_rotate%(i: interval%) : interval static auto log_rotate_base_time = zeek::id::find_val("log_rotate_base_time"); static auto base_time = log_rotate_base_time->AsString()->CheckString(); - double base = parse_rotate_base_time(base_time); - return zeek::make_intrusive(calc_next_rotate(network_time, i, base)); + double base = zeek::util::detail::parse_rotate_base_time(base_time); + return zeek::make_intrusive(zeek::util::detail::calc_next_rotate(zeek::run_state::network_time, i, base)); %} ## Returns the size of a given file. @@ -4997,7 +5002,7 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool ## Returns: True if the last raised event came from a remote peer. function is_remote_event%(%) : bool %{ - return zeek::val_mgr->Bool(zeek::event_mgr.CurrentSource() != SOURCE_LOCAL); + return zeek::val_mgr->Bool(zeek::event_mgr.CurrentSource() != zeek::util::detail::SOURCE_LOCAL); %} ## Stops Zeek's packet processing. This function is used to synchronize @@ -5007,7 +5012,7 @@ function is_remote_event%(%) : bool ## .. zeek:see:: continue_processing function suspend_processing%(%) : any %{ - net_suspend_processing(); + zeek::run_state::suspend_processing(); return nullptr; %} @@ -5016,7 +5021,7 @@ function suspend_processing%(%) : any ## .. zeek:see:: suspend_processing function continue_processing%(%) : any %{ - net_continue_processing(); + zeek::run_state::continue_processing(); return nullptr; %} @@ -5167,5 +5172,5 @@ function to_json%(val: any, only_loggable: bool &default=F, field_escape_pattern ## Returns: a compressed version of the input path. function compress_path%(dir: string%): string %{ - return zeek::make_intrusive(normalize_path(dir->ToStdString())); + return zeek::make_intrusive(zeek::util::detail::normalize_path(dir->ToStdString())); %} diff --git a/src/zeekygen/Configuration.cc b/src/zeekygen/Configuration.cc index 7cd885c110..d8fe3e8bc0 100644 --- a/src/zeekygen/Configuration.cc +++ b/src/zeekygen/Configuration.cc @@ -10,9 +10,10 @@ #include #include -using namespace zeekygen; using namespace std; +namespace zeek::zeekygen::detail { + static TargetFactory create_target_factory() { TargetFactory rval; @@ -46,7 +47,7 @@ Config::Config(const string& arg_file, const string& delim) { ++line_number; vector tokens; - tokenize_string(line, delim, &tokens); + zeek::util::tokenize_string(line, delim, &tokens); tokens.erase(remove(tokens.begin(), tokens.end(), ""), tokens.end()); if ( tokens.empty() ) @@ -98,5 +99,7 @@ time_t Config::GetModificationTime() const if ( file.empty() ) return 0; - return zeekygen::get_mtime(file); + return get_mtime(file); } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/Configuration.h b/src/zeekygen/Configuration.h index 669d341e6d..fab76bd4d0 100644 --- a/src/zeekygen/Configuration.h +++ b/src/zeekygen/Configuration.h @@ -9,7 +9,7 @@ #include // for time_t -namespace zeekygen { +namespace zeek::zeekygen::detail { class Info; @@ -60,4 +60,11 @@ private: TargetFactory target_factory; }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using Config [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::Config.")]] = zeek::zeekygen::detail::Config; +using Info [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::Info.")]] = zeek::zeekygen::detail::Info; + } // namespace zeekygen diff --git a/src/zeekygen/IdentifierInfo.cc b/src/zeekygen/IdentifierInfo.cc index 114068f8e8..5e7f8520ee 100644 --- a/src/zeekygen/IdentifierInfo.cc +++ b/src/zeekygen/IdentifierInfo.cc @@ -9,7 +9,8 @@ #include "Expr.h" using namespace std; -using namespace zeekygen; + +namespace zeek::zeekygen::detail { IdentifierInfo::IdentifierInfo(zeek::detail::IDPtr arg_id, ScriptInfo* script) : Info(), @@ -120,7 +121,7 @@ string IdentifierInfo::DoReStructuredText(bool roles_only) const { string s = comments[i]; - if ( zeekygen::prettify_params(s) ) + if ( prettify_params(s) ) d.NL(); d.Add(s.c_str()); @@ -156,3 +157,5 @@ IdentifierInfo::RecordField::~RecordField() { delete field; } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/IdentifierInfo.h b/src/zeekygen/IdentifierInfo.h index 9e5819b84e..79f4ee8596 100644 --- a/src/zeekygen/IdentifierInfo.h +++ b/src/zeekygen/IdentifierInfo.h @@ -15,7 +15,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(TypeDecl, zeek); -namespace zeekygen { +namespace zeek::zeekygen::detail { class ScriptInfo; @@ -182,4 +182,11 @@ private: ScriptInfo* declaring_script; }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using IdentifierInfo [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::IdentifierInfo.")]] = zeek::zeekygen::detail::IdentifierInfo; +using ScriptInfo [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ScriptInfo.")]] = zeek::zeekygen::detail::ScriptInfo; + } // namespace zeekygen diff --git a/src/zeekygen/Info.h b/src/zeekygen/Info.h index 0f300a7682..e7fda77784 100644 --- a/src/zeekygen/Info.h +++ b/src/zeekygen/Info.h @@ -5,7 +5,7 @@ #include #include -namespace zeekygen { +namespace zeek::zeekygen::detail{ /** * Abstract base class for any thing that Zeekygen can document. @@ -67,4 +67,10 @@ private: { } }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using Info [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::Info.")]] = zeek::zeekygen::detail::Info; + } // namespace zeekygen diff --git a/src/zeekygen/Manager.cc b/src/zeekygen/Manager.cc index d8fe9db12a..8971679725 100644 --- a/src/zeekygen/Manager.cc +++ b/src/zeekygen/Manager.cc @@ -1,6 +1,10 @@ // See the file "COPYING" in the main distribution directory for copyright. #include "Manager.h" + +#include +#include + #include "plugin/Manager.h" #include "util.h" #include "Info.h" @@ -9,12 +13,10 @@ #include "IdentifierInfo.h" #include "Expr.h" -#include -#include - -using namespace zeekygen; using namespace std; +namespace zeek::zeekygen::detail { + static void DbgAndWarn(const char* msg) { if ( zeek::reporter->Errors() ) @@ -33,9 +35,9 @@ static void WarnMissingScript(const char* type, const zeek::detail::ID* id, if ( script == "" ) return; - DbgAndWarn(fmt("Can't generate Zeekygen doumentation for %s %s, " - "lookup of %s failed", - type, id->Name(), script.c_str())); + DbgAndWarn(zeek::util::fmt("Can't generate Zeekygen doumentation for %s %s, " + "lookup of %s failed", + type, id->Name(), script.c_str())); } static string RemoveLeadingSpace(const string& s) @@ -56,12 +58,12 @@ static string NormalizeScriptPath(const string& path) { if ( auto p = zeek::plugin_mgr->LookupPluginByPath(path) ) { - auto rval = normalize_path(path); - auto prefix = SafeBasename(p->PluginDirectory()).result; + auto rval = zeek::util::detail::normalize_path(path); + auto prefix = zeek::util::SafeBasename(p->PluginDirectory()).result; return prefix + "/" + rval.substr(p->PluginDirectory().size() + 1); } - return without_bropath_component(path); + return zeek::util::detail::without_zeekpath_component(path); } Manager::Manager(const string& arg_config, const string& bro_command) @@ -69,7 +71,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) identifiers(), all_info(), last_identifier_seen(), incomplete_type(), enum_mappings(), config(arg_config), bro_mtime() { - if ( zeekenv("ZEEK_DISABLE_ZEEKYGEN") ) + if ( zeek::util::zeekenv("ZEEK_DISABLE_ZEEKYGEN") ) disabled = true; // If running bro without the "-X" option, then we don't need bro_mtime. @@ -81,7 +83,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) // bro_command is a relative path). const char* env_path = getenv("PATH"); string path = env_path ? string(env_path) + ":." : "."; - string path_to_bro = find_file(bro_command, path); + string path_to_bro = zeek::util::find_file(bro_command, path); struct stat s; // One way that find_file() could fail is when bro is located in @@ -137,8 +139,8 @@ void Manager::Script(const string& path) if ( scripts.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeekygen script documentation: %s", - name.c_str())); + DbgAndWarn(zeek::util::fmt("Duplicate Zeekygen script documentation: %s", + name.c_str())); return; } @@ -150,12 +152,12 @@ void Manager::Script(const string& path) if ( ! info->IsPkgLoader() ) return; - name = SafeDirname(name).result; + name = zeek::util::SafeDirname(name).result; if ( packages.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Zeekygen package documentation: %s", - name.c_str())); + DbgAndWarn(zeek::util::fmt("Duplicate Zeekygen package documentation: %s", + name.c_str())); return; } @@ -172,8 +174,8 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( dep.empty() ) { - DbgAndWarn(fmt("Empty Zeekygen script doc dependency: %s", - path.c_str())); + DbgAndWarn(zeek::util::fmt("Empty Zeekygen script doc dependency: %s", + path.c_str())); return; } @@ -183,8 +185,8 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeekygen script doc dependency %s " - "for %s", depname.c_str(), name.c_str())); + DbgAndWarn(zeek::util::fmt("Failed to add Zeekygen script doc dependency %s " + "for %s", depname.c_str(), name.c_str())); return; } @@ -193,8 +195,8 @@ void Manager::ScriptDependency(const string& path, const string& dep) depname.c_str(), name.c_str()); for ( size_t i = 0; i < comment_buffer.size(); ++i ) - DbgAndWarn(fmt("Discarded extraneous Zeekygen comment: %s", - comment_buffer[i].c_str())); + DbgAndWarn(zeek::util::fmt("Discarded extraneous Zeekygen comment: %s", + comment_buffer[i].c_str())); } void Manager::ModuleUsage(const string& path, const string& module) @@ -207,8 +209,8 @@ void Manager::ModuleUsage(const string& path, const string& module) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Zeekygen module usage %s in %s", - module.c_str(), name.c_str())); + DbgAndWarn(zeek::util::fmt("Failed to add Zeekygen module usage %s in %s", + module.c_str(), name.c_str())); return; } @@ -255,8 +257,8 @@ void Manager::StartType(zeek::detail::IDPtr id) if ( id->GetLocationInfo() == &zeek::detail::no_location ) { - DbgAndWarn(fmt("Can't generate zeekygen doumentation for %s, " - "no location available", id->Name())); + DbgAndWarn(zeek::util::fmt("Can't generate zeekygen doumentation for %s, " + "no location available", id->Name())); return; } @@ -310,7 +312,7 @@ void Manager::Identifier(zeek::detail::IDPtr id) return; } - DbgAndWarn(fmt("Duplicate identifier documentation: %s", id->Name())); + DbgAndWarn(zeek::util::fmt("Duplicate identifier documentation: %s", id->Name())); return; } @@ -348,9 +350,9 @@ void Manager::RecordField(const zeek::detail::ID* id, const zeek::TypeDecl* fiel if ( ! idd ) { - DbgAndWarn(fmt("Can't generate zeekygen doumentation for " - "record field %s, unknown record: %s", - field->id, id->Name())); + DbgAndWarn(zeek::util::fmt("Can't generate zeekygen doumentation for " + "record field %s, unknown record: %s", + field->id, id->Name())); return; } @@ -376,9 +378,9 @@ void Manager::Redef(const zeek::detail::ID* id, const string& path, if ( ! id_info ) { - DbgAndWarn(fmt("Can't generate zeekygen doumentation for " - "redef of %s, identifier lookup failed", - id->Name())); + DbgAndWarn(zeek::util::fmt("Can't generate zeekygen doumentation for " + "redef of %s, identifier lookup failed", + id->Name())); return; } @@ -416,8 +418,8 @@ void Manager::SummaryComment(const string& script, const string& comment) if ( info ) info->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Lookup of script %s failed for summary comment %s", - name.c_str(), comment.c_str())); + DbgAndWarn(zeek::util::fmt("Lookup of script %s failed for summary comment %s", + name.c_str(), comment.c_str())); } void Manager::PreComment(const string& comment) @@ -438,8 +440,8 @@ void Manager::PostComment(const string& comment, const string& id_hint) if ( last_identifier_seen ) last_identifier_seen->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Discarded unassociated Zeekygen comment %s", - comment.c_str())); + DbgAndWarn(zeek::util::fmt("Discarded unassociated Zeekygen comment %s", + comment.c_str())); return; } @@ -457,3 +459,5 @@ string Manager::GetEnumTypeName(const string& id) const map::const_iterator it = enum_mappings.find(id); return it == enum_mappings.end() ? "" : it->second; } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/Manager.h b/src/zeekygen/Manager.h index e026ffe529..3be276c318 100644 --- a/src/zeekygen/Manager.h +++ b/src/zeekygen/Manager.h @@ -16,11 +16,10 @@ #include "util.h" ZEEK_FORWARD_DECLARE_NAMESPACED(TypeDecl, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(PackageInfo, zeek, zeekygen, detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(ScriptInfoInfo, zeek, zeekygen, detail); -namespace zeekygen { - -class PackageInfo; -class ScriptInfo; +namespace zeek::zeekygen::detail { /** * Map of info objects. Just a wrapper around std::map to improve code @@ -262,6 +261,18 @@ bool Manager::IsUpToDate(const std::string& target_file, return true; } +} // namespace zeek::zeekygen::detail + +namespace zeek::detail { + +extern zeek::zeekygen::detail::Manager* zeekygen_mgr; + +} // namespace zeek::detail + +namespace zeekygen { + +using Manager [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::Manager.")]] = zeek::zeekygen::detail::Manager; + } // namespace zeekygen -extern zeekygen::Manager* zeekygen_mgr; +extern zeek::zeekygen::detail::Manager*& zeekygen_mgr [[deprecated("Remove in v4.1. Use zeek::detail::zeekygen_mgr.")]]; diff --git a/src/zeekygen/PackageInfo.cc b/src/zeekygen/PackageInfo.cc index c995c8e758..6fd43fb99b 100644 --- a/src/zeekygen/PackageInfo.cc +++ b/src/zeekygen/PackageInfo.cc @@ -9,13 +9,14 @@ #include using namespace std; -using namespace zeekygen; + +namespace zeek::zeekygen::detail { PackageInfo::PackageInfo(const string& arg_name) : Info(), pkg_name(arg_name), readme() { - string readme_file = find_file(pkg_name + "/README", bro_path()); + string readme_file = zeek::util::find_file(pkg_name + "/README", zeek::util::zeek_path()); if ( readme_file.empty() ) return; @@ -38,8 +39,8 @@ PackageInfo::PackageInfo(const string& arg_name) string PackageInfo::DoReStructuredText(bool roles_only) const { - string rval = fmt(":doc:`%s `\n\n", pkg_name.c_str(), - pkg_name.c_str()); + string rval = zeek::util::fmt(":doc:`%s `\n\n", pkg_name.c_str(), + pkg_name.c_str()); for ( size_t i = 0; i < readme.size(); ++i ) rval += " " + readme[i] + "\n"; @@ -49,10 +50,12 @@ string PackageInfo::DoReStructuredText(bool roles_only) const time_t PackageInfo::DoGetModificationTime() const { - string readme_file = find_file(pkg_name + "/README", bro_path()); + string readme_file = zeek::util::find_file(pkg_name + "/README", zeek::util::zeek_path()); if ( readme_file.empty() ) return 0; - return zeekygen::get_mtime(readme_file); + return get_mtime(readme_file); } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/PackageInfo.h b/src/zeekygen/PackageInfo.h index b9d2591a2e..ff198230d1 100644 --- a/src/zeekygen/PackageInfo.h +++ b/src/zeekygen/PackageInfo.h @@ -9,7 +9,7 @@ #include // for time_t -namespace zeekygen { +namespace zeek::zeekygen::detail { /** * Information about a Zeek script package. @@ -46,4 +46,10 @@ private: std::vector readme; }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using PackageInfo [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::PackageInfo.")]] = zeek::zeekygen::detail::PackageInfo; + } // namespace zeekygen diff --git a/src/zeekygen/ReStructuredTextTable.cc b/src/zeekygen/ReStructuredTextTable.cc index ad1cdfde9e..d78cad10a0 100644 --- a/src/zeekygen/ReStructuredTextTable.cc +++ b/src/zeekygen/ReStructuredTextTable.cc @@ -5,7 +5,8 @@ #include using namespace std; -using namespace zeekygen; + +namespace zeek::zeekygen::detail { ReStructuredTextTable::ReStructuredTextTable(size_t arg_num_cols) : num_cols(arg_num_cols), rows(), longest_row_in_column() @@ -66,3 +67,5 @@ string ReStructuredTextTable::AsString(char border) const rval += MakeBorder(longest_row_in_column, border); return rval; } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/ReStructuredTextTable.h b/src/zeekygen/ReStructuredTextTable.h index 30bd1c34a6..d5eca86556 100644 --- a/src/zeekygen/ReStructuredTextTable.h +++ b/src/zeekygen/ReStructuredTextTable.h @@ -5,7 +5,7 @@ #include #include -namespace zeekygen { +namespace zeek::zeekygen::detail { /** * A reST table with arbitrary number of columns. @@ -47,4 +47,10 @@ private: std::vector longest_row_in_column; }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using ReStructuredTextTable [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ReStructuredTextTable.")]] = zeek::zeekygen::detail::ReStructuredTextTable; + } // namespace zeekygen diff --git a/src/zeekygen/ScriptInfo.cc b/src/zeekygen/ScriptInfo.cc index b12f5b769a..c4a53b5582 100644 --- a/src/zeekygen/ScriptInfo.cc +++ b/src/zeekygen/ScriptInfo.cc @@ -13,7 +13,8 @@ #include "Type.h" using namespace std; -using namespace zeekygen; + +namespace zeek::zeekygen::detail { bool IdInfoComp::operator ()(const IdentifierInfo* lhs, const IdentifierInfo* rhs) const @@ -27,11 +28,11 @@ static vector summary_comment(const vector& cmnts) for ( size_t i = 0; i < cmnts.size(); ++i ) { - size_t end = zeekygen::end_of_first_sentence(cmnts[i]); + size_t end = end_of_first_sentence(cmnts[i]); if ( end == string::npos ) { - if ( zeekygen::is_all_whitespace(cmnts[i]) ) + if ( is_all_whitespace(cmnts[i]) ) break; rval.push_back(cmnts[i]); @@ -89,7 +90,7 @@ static string make_summary(const string& heading, char underline, char border, add_summary_rows(d, summary_comment((*it)->GetComments()), &table); } - return zeekygen::make_heading(heading, underline) + table.AsString(border) + return make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -118,7 +119,7 @@ static string make_redef_summary(const string& heading, char underline, add_summary_rows(d, summary_comment(iit->comments), &table); } - return zeekygen::make_heading(heading, underline) + table.AsString(border) + return make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -128,7 +129,7 @@ static string make_details(const string& heading, char underline, if ( id_list.empty() ) return ""; - string rval = zeekygen::make_heading(heading, underline); + string rval = make_heading(heading, underline); for ( id_info_list::const_iterator it = id_list.begin(); it != id_list.end(); ++it ) @@ -146,7 +147,7 @@ static string make_redef_details(const string& heading, char underline, if ( id_set.empty() ) return ""; - string rval = zeekygen::make_heading(heading, underline); + string rval = make_heading(heading, underline); for ( id_info_set::const_iterator it = id_set.begin(); it != id_set.end(); ++it ) @@ -161,7 +162,7 @@ static string make_redef_details(const string& heading, char underline, ScriptInfo::ScriptInfo(const string& arg_name, const string& arg_path) : Info(), name(arg_name), path(arg_path), - is_pkg_loader(is_package_loader(name)), + is_pkg_loader(zeek::util::detail::is_package_loader(name)), dependencies(), module_usages(), comments(), id_info(), redef_options(), constants(), state_vars(), types(), events(), hooks(), functions(), redefs() @@ -181,7 +182,7 @@ void ScriptInfo::DoInitPostScript() IdentifierInfo* info = it->second; auto* id = info->GetID(); - if ( ! zeekygen::is_public_api(id) ) + if ( ! is_public_api(id) ) continue; if ( id->IsType() ) @@ -278,7 +279,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const string rval; rval += ":tocdepth: 3\n\n"; - rval += zeekygen::make_heading(name, '='); + rval += make_heading(name, '='); for ( string_set::const_iterator it = module_usages.begin(); it != module_usages.end(); ++it ) @@ -317,22 +318,22 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const if ( it != dependencies.begin() ) rval += ", "; - string path = find_script_file(*it, bro_path()); + string path = zeek::util::find_script_file(*it, zeek::util::zeek_path()); string doc = *it; - if ( ! path.empty() && is_dir(path.c_str()) ) + if ( ! path.empty() && zeek::util::is_dir(path.c_str()) ) // Reference the package. doc += "/index"; - rval += fmt(":doc:`%s `", it->c_str(), doc.c_str()); + rval += zeek::util::fmt(":doc:`%s `", it->c_str(), doc.c_str()); } rval += "\n"; } - //rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); + //rval += zeek::util::fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); rval += "\n"; - rval += zeekygen::make_heading("Summary", '~'); + rval += make_heading("Summary", '~'); rval += make_summary("Runtime Options", '#', '=', options); rval += make_summary("Redefinable Options", '#', '=', redef_options); rval += make_summary("Constants", '#', '=', constants); @@ -343,7 +344,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const rval += make_summary("Hooks", '#', '=', hooks); rval += make_summary("Functions", '#', '=', functions); rval += "\n"; - rval += zeekygen::make_heading("Detailed Interface", '~'); + rval += make_heading("Detailed Interface", '~'); rval += make_details("Runtime Options", '#', options); rval += make_details("Redefinable Options", '#', redef_options); rval += make_details("Constants", '#', constants); @@ -359,19 +360,19 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const time_t ScriptInfo::DoGetModificationTime() const { - time_t most_recent = zeekygen::get_mtime(path); + time_t most_recent = get_mtime(path); for ( string_set::const_iterator it = dependencies.begin(); it != dependencies.end(); ++it ) { - Info* info = zeekygen_mgr->GetScriptInfo(*it); + Info* info = zeek::detail::zeekygen_mgr->GetScriptInfo(*it); if ( ! info ) { - for (const string& ext : script_extensions) + for (const string& ext : zeek::util::detail::script_extensions) { string pkg_name = *it + "/__load__" + ext; - info = zeekygen_mgr->GetScriptInfo(pkg_name); + info = zeek::detail::zeekygen_mgr->GetScriptInfo(pkg_name); if ( info ) break; } @@ -390,3 +391,5 @@ time_t ScriptInfo::DoGetModificationTime() const return most_recent; } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/ScriptInfo.h b/src/zeekygen/ScriptInfo.h index 2ebd9b3968..c2030d9489 100644 --- a/src/zeekygen/ScriptInfo.h +++ b/src/zeekygen/ScriptInfo.h @@ -2,6 +2,7 @@ #pragma once +#include "zeek-config.h" #include "Info.h" #include @@ -12,17 +13,17 @@ #include // for time_t -namespace zeekygen { +ZEEK_FORWARD_DECLARE_NAMESPACED(IdentifierInfo, zeek, zeekygen, detail); -class IdentifierInfo; +namespace zeek::zeekygen::detail { struct IdInfoComp { bool operator() (const IdentifierInfo* lhs, const IdentifierInfo* rhs) const; }; -typedef std::set id_info_set; -typedef std::list id_info_list; +using id_info_set = std::set; +using id_info_list = std::list; /** * Information about a Bro script. @@ -119,4 +120,13 @@ private: id_info_set redefs; }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using ScriptInfo [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ScriptInfo.")]] = zeek::zeekygen::detail::ScriptInfo; +using id_info_set [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::id_info_set.")]] = zeek::zeekygen::detail::id_info_set; +using id_info_list [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::id_info_list.")]] = zeek::zeekygen::detail::id_info_list; +using IdInfoComp [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::IdInfoComp.")]] = zeek::zeekygen::detail::IdInfoComp; + } // namespace zeekygen diff --git a/src/zeekygen/Target.cc b/src/zeekygen/Target.cc index 710c3ab281..d2393dfa11 100644 --- a/src/zeekygen/Target.cc +++ b/src/zeekygen/Target.cc @@ -19,7 +19,8 @@ #include using namespace std; -using namespace zeekygen; + +namespace zeek::zeekygen::detail { static void write_plugin_section_heading(FILE* f, const zeek::plugin::Plugin* p) { @@ -36,7 +37,7 @@ static void write_plugin_section_heading(FILE* f, const zeek::plugin::Plugin* p) static void write_analyzer_component(FILE* f, const zeek::analyzer::Component* c) { const auto& atag = zeek::analyzer_mgr->GetTagType(); - string tag = fmt("ANALYZER_%s", c->CanonicalName().c_str()); + string tag = zeek::util::fmt("ANALYZER_%s", c->CanonicalName().c_str()); if ( atag->Lookup("Analyzer", tag.c_str()) < 0 ) zeek::reporter->InternalError("missing analyzer tag for %s", tag.c_str()); @@ -44,10 +45,10 @@ static void write_analyzer_component(FILE* f, const zeek::analyzer::Component* c fprintf(f, ":zeek:enum:`Analyzer::%s`\n\n", tag.c_str()); } -static void write_analyzer_component(FILE* f, const file_analysis::Component* c) +static void write_analyzer_component(FILE* f, const zeek::file_analysis::Component* c) { - const auto& atag = file_mgr->GetTagType(); - string tag = fmt("ANALYZER_%s", c->CanonicalName().c_str()); + const auto& atag = zeek::file_mgr->GetTagType(); + string tag = zeek::util::fmt("ANALYZER_%s", c->CanonicalName().c_str()); if ( atag->Lookup("Files", tag.c_str()) < 0 ) zeek::reporter->InternalError("missing analyzer tag for %s", tag.c_str()); @@ -79,8 +80,8 @@ static void write_plugin_components(FILE* f, const zeek::plugin::Plugin* p) case zeek::plugin::component::FILE_ANALYZER: { - const file_analysis::Component* c = - dynamic_cast(component); + const auto* c = + dynamic_cast(component); if ( c ) write_analyzer_component(f, c); @@ -125,8 +126,8 @@ static void write_plugin_bif_items(FILE* f, const zeek::plugin::Plugin* p, for ( it = bifitems.begin(); it != bifitems.end(); ++it ) { - zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo( - it->GetID()); + IdentifierInfo* doc = zeek::detail::zeekygen_mgr->GetIdentifierInfo( + it->GetID()); if ( doc ) fprintf(f, "%s\n\n", doc->ReStructuredText().c_str()); @@ -140,7 +141,7 @@ static void WriteAnalyzerTagDefn(FILE* f, const string& module) { string tag_id = module + "::Tag"; - zeekygen::IdentifierInfo* doc = zeekygen_mgr->GetIdentifierInfo(tag_id); + IdentifierInfo* doc = zeek::detail::zeekygen_mgr->GetIdentifierInfo(tag_id); if ( ! doc ) zeek::reporter->InternalError("Zeekygen failed analyzer tag lookup: %s", @@ -193,9 +194,9 @@ TargetFile::TargetFile(const string& arg_name) { if ( name.find('/') != string::npos ) { - string dir = SafeDirname(name).result; + string dir = zeek::util::SafeDirname(name).result; - if ( ! ensure_intermediate_dirs(dir.c_str()) ) + if ( ! zeek::util::detail::ensure_intermediate_dirs(dir.c_str()) ) zeek::reporter->FatalError("Zeekygen failed to make dir %s", dir.c_str()); } @@ -247,7 +248,7 @@ void AnalyzerTarget::DoFindDependencies(const std::vector& infos) void AnalyzerTarget::DoGenerate() const { - if ( zeekygen_mgr->IsUpToDate(Name(), vector()) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), vector()) ) return; if ( Pattern() != "*" ) @@ -341,8 +342,8 @@ void PackageTarget::DoFindDependencies(const vector& infos) void PackageTarget::DoGenerate() const { - if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) && - zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), script_deps) && + zeek::detail::zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -352,7 +353,7 @@ void PackageTarget::DoGenerate() const for ( manifest_t::const_iterator it = pkg_manifest.begin(); it != pkg_manifest.end(); ++it ) { - string header = fmt("Package: %s", it->first->Name().c_str()); + string header = zeek::util::fmt("Package: %s", it->first->Name().c_str()); header += "\n" + string(header.size(), '='); fprintf(file.f, "%s\n\n", header.c_str()); @@ -390,7 +391,7 @@ void PackageIndexTarget::DoFindDependencies(const vector& infos) void PackageIndexTarget::DoGenerate() const { - if ( zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -412,9 +413,9 @@ void ScriptTarget::DoFindDependencies(const vector& infos) for ( size_t i = 0; i < script_deps.size(); ++i ) { - if ( is_package_loader(script_deps[i]->Name()) ) + if ( zeek::util::detail::is_package_loader(script_deps[i]->Name()) ) { - string pkg_dir = SafeDirname(script_deps[i]->Name()).result; + string pkg_dir = zeek::util::SafeDirname(script_deps[i]->Name()).result; string target_file = Name() + pkg_dir + "/index.rst"; Target* t = new PackageTarget(target_file, pkg_dir); t->FindDependencies(infos); @@ -434,7 +435,7 @@ vector dir_contents_recursive(string dir) while ( dir[dir.size() - 1] == '/' ) dir.erase(dir.size() - 1, 1); - char* dir_copy = copy_string(dir.c_str()); + char* dir_copy = zeek::util::copy_string(dir.c_str()); char** scan_path = new char*[2]; scan_path[0] = dir_copy; scan_path[1] = NULL; @@ -485,7 +486,7 @@ void ScriptTarget::DoGenerate() const vector dep; dep.push_back(script_deps[i]); - if ( zeekygen_mgr->IsUpToDate(target_filename, dep) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(target_filename, dep) ) continue; TargetFile file(target_filename); @@ -518,7 +519,7 @@ void ScriptTarget::DoGenerate() const // Target is a single file, all matching scripts get written there. - if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -529,7 +530,7 @@ void ScriptTarget::DoGenerate() const void ScriptSummaryTarget::DoGenerate() const { - if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -554,7 +555,7 @@ void ScriptSummaryTarget::DoGenerate() const void ScriptIndexTarget::DoGenerate() const { - if ( zeekygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -585,7 +586,7 @@ void IdentifierTarget::DoFindDependencies(const vector& infos) void IdentifierTarget::DoGenerate() const { - if ( zeekygen_mgr->IsUpToDate(Name(), id_deps) ) + if ( zeek::detail::zeekygen_mgr->IsUpToDate(Name(), id_deps) ) return; TargetFile file(Name()); @@ -593,3 +594,5 @@ void IdentifierTarget::DoGenerate() const for ( size_t i = 0; i < id_deps.size(); ++i ) fprintf(file.f, "%s\n\n", id_deps[i]->ReStructuredText().c_str()); } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/Target.h b/src/zeekygen/Target.h index 2b8ae22c6d..3c48a6976c 100644 --- a/src/zeekygen/Target.h +++ b/src/zeekygen/Target.h @@ -2,17 +2,19 @@ #pragma once +#include "zeek-config.h" + #include #include #include #include -namespace zeekygen { +ZEEK_FORWARD_DECLARE_NAMESPACED(Info, zeek, zeekygen, detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(PackageInfo, zeek, zeekygen, detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(ScriptInfo, zeek, zeekygen, detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(IdentifierInfo, zeek, zeekygen, detail); -class Info; -class PackageInfo; -class ScriptInfo; -class IdentifierInfo; +namespace zeek::zeekygen::detail { /** * Helper class to create files in arbitrary file paths and automatically @@ -383,4 +385,21 @@ private: std::vector id_deps; }; +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +using TargetFile [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::TargetFile.")]] = zeek::zeekygen::detail::TargetFile; +using Target [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::Target.")]] = zeek::zeekygen::detail::Target; +using TargetFactory [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::TargetFactory.")]] = zeek::zeekygen::detail::TargetFactory; +using AnalyzerTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::AnalyzerTarget.")]] = zeek::zeekygen::detail::AnalyzerTarget; +using ProtoAnalyzerTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ProtoAnalyzerTarget.")]] = zeek::zeekygen::detail::ProtoAnalyzerTarget; +using FileAnalyzerTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::FileAnalyzerTarget.")]] = zeek::zeekygen::detail::FileAnalyzerTarget; +using PackageTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::PackageTarget.")]] = zeek::zeekygen::detail::PackageTarget; +using PackageIndexTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::PackageIndexTarget.")]] = zeek::zeekygen::detail::PackageIndexTarget; +using ScriptTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ScriptTarget.")]] = zeek::zeekygen::detail::ScriptTarget; +using ScriptSummaryTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ScriptSummaryTarget.")]] = zeek::zeekygen::detail::ScriptSummaryTarget; +using ScriptIndexTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::ScriptIndexTarget.")]] = zeek::zeekygen::detail::ScriptIndexTarget; +using IdentifierTarget [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::IdentifierTarget.")]] = zeek::zeekygen::detail::IdentifierTarget; + } // namespace zeekygen diff --git a/src/zeekygen/utils.cc b/src/zeekygen/utils.cc index 88a6385f36..9e950d7d4e 100644 --- a/src/zeekygen/utils.cc +++ b/src/zeekygen/utils.cc @@ -9,10 +9,11 @@ #include #include -using namespace zeekygen; using namespace std; -bool zeekygen::prettify_params(string& s) +namespace zeek::zeekygen::detail { + +bool prettify_params(string& s) { size_t identifier_start_pos = 0; bool in_identifier = false; @@ -78,13 +79,13 @@ bool zeekygen::prettify_params(string& s) return false; } -bool zeekygen::is_public_api(const zeek::detail::ID* id) +bool is_public_api(const zeek::detail::ID* id) { return (id->Scope() == zeek::detail::SCOPE_GLOBAL) || (id->Scope() == zeek::detail::SCOPE_MODULE && id->IsExport()); } -time_t zeekygen::get_mtime(const string& filename) +time_t get_mtime(const string& filename) { struct stat s; @@ -95,12 +96,12 @@ time_t zeekygen::get_mtime(const string& filename) return s.st_mtime; } -string zeekygen::make_heading(const string& heading, char underline) +string make_heading(const string& heading, char underline) { return heading + "\n" + string(heading.size(), underline) + "\n"; } -size_t zeekygen::end_of_first_sentence(const string& s) +size_t end_of_first_sentence(const string& s) { size_t rval = 0; @@ -121,7 +122,7 @@ size_t zeekygen::end_of_first_sentence(const string& s) return rval; } -bool zeekygen::is_all_whitespace(const string& s) +bool is_all_whitespace(const string& s) { for ( size_t i = 0; i < s.size(); ++i ) if ( ! isspace(s[i]) ) @@ -130,8 +131,10 @@ bool zeekygen::is_all_whitespace(const string& s) return true; } -string zeekygen::redef_indication(const string& from_script) +string redef_indication(const string& from_script) { - return fmt("(present if :doc:`/scripts/%s` is loaded)", - from_script.c_str()); + return zeek::util::fmt("(present if :doc:`/scripts/%s` is loaded)", + from_script.c_str()); } + +} // namespace zeek::zeekygen::detail diff --git a/src/zeekygen/utils.h b/src/zeekygen/utils.h index 3bf79101b0..4bcf5719b1 100644 --- a/src/zeekygen/utils.h +++ b/src/zeekygen/utils.h @@ -2,14 +2,14 @@ #pragma once -#include +#include "zeek-config.h" #include // for time_t +#include -namespace zeek::detail { class ID; } -using ID [[deprecated("Remove in v4.1. Use zeek::detail::ID instead")]] = zeek::detail::ID; +ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail); -namespace zeekygen { +namespace zeek::zeekygen::detail { /** * Transform content of a Zeekygen comment which may contain function @@ -64,4 +64,16 @@ bool is_all_whitespace(const std::string& s); */ std::string redef_indication(const std::string& from_script); +} // namespace zeek::zeekygen::detail + +namespace zeekygen { + +constexpr auto prettify_params [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::prettify_params.")]] = zeek::zeekygen::detail::prettify_params; +constexpr auto is_public_api [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::is_public_api.")]] = zeek::zeekygen::detail::is_public_api; +constexpr auto get_mtime [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::get_mtime.")]] = zeek::zeekygen::detail::get_mtime; +constexpr auto make_heading [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::make_heading.")]] = zeek::zeekygen::detail::make_heading; +constexpr auto end_of_first_sentence [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::end_of_first_sentence.")]] = zeek::zeekygen::detail::end_of_first_sentence; +constexpr auto is_all_whitespace [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::is_all_whitespace.")]] = zeek::zeekygen::detail::is_all_whitespace; +constexpr auto redef_indication [[deprecated("Remove in v4.1. Use zeek::zeekygen::detail::redef_indication.")]] = zeek::zeekygen::detail::redef_indication; + } // namespace zeekygen diff --git a/src/zeekygen/zeekygen.bif b/src/zeekygen/zeekygen.bif index 1287905418..7da62e2203 100644 --- a/src/zeekygen/zeekygen.bif +++ b/src/zeekygen/zeekygen.bif @@ -11,7 +11,7 @@ static zeek::StringValPtr comments_to_val(const vector& comments) { - return zeek::make_intrusive(implode_string_vector(comments)); + return zeek::make_intrusive(zeek::util::implode_string_vector(comments)); } %%} @@ -25,7 +25,7 @@ static zeek::StringValPtr comments_to_val(const vector& comments) function get_identifier_comments%(name: string%): string %{ using namespace zeekygen; - IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(name->CheckString()); + zeek::zeekygen::detail::IdentifierInfo* d = zeek::detail::zeekygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) return zeek::val_mgr->EmptyString(); @@ -45,7 +45,7 @@ function get_identifier_comments%(name: string%): string function get_script_comments%(name: string%): string %{ using namespace zeekygen; - ScriptInfo* d = zeekygen_mgr->GetScriptInfo(name->CheckString()); + zeek::zeekygen::detail::ScriptInfo* d = zeek::detail::zeekygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) return zeek::val_mgr->EmptyString(); @@ -63,7 +63,7 @@ function get_script_comments%(name: string%): string function get_package_readme%(name: string%): string %{ using namespace zeekygen; - PackageInfo* d = zeekygen_mgr->GetPackageInfo(name->CheckString()); + zeek::zeekygen::detail::PackageInfo* d = zeek::detail::zeekygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) return zeek::val_mgr->EmptyString(); @@ -90,7 +90,7 @@ function get_record_field_comments%(name: string%): string string id = accessor.substr(0, i); - IdentifierInfo* d = zeekygen_mgr->GetIdentifierInfo(id); + zeek::zeekygen::detail::IdentifierInfo* d = zeek::detail::zeekygen_mgr->GetIdentifierInfo(id); if ( ! d ) return zeek::val_mgr->EmptyString(); diff --git a/zeek-config.h.in b/zeek-config.h.in index cc7f760f49..8d0db14f1f 100644 --- a/zeek-config.h.in +++ b/zeek-config.h.in @@ -278,8 +278,8 @@ extern const char* BRO_VERSION_FUNCTION(); // Note: macros for internal use only during deprecation/namespacing process. // This uses funny VA_ARGS tricks so that we can overload the name and have multiple macros for // varying namespace lengths. -#define GET_MACRO(_0, _1, _2, _3, NAME, ...) NAME -#define ZEEK_FORWARD_DECLARE_NAMESPACED( ... ) GET_MACRO(_0, ##__VA_ARGS__, ZEEK_FDN_3, ZEEK_FDN_2, ZEEK_FDN_1, ZEEK_FDN_0)(__VA_ARGS__) +#define GET_MACRO(_0, _1, _2, _3, _4, NAME, ...) NAME +#define ZEEK_FORWARD_DECLARE_NAMESPACED( ... ) GET_MACRO(_0, ##__VA_ARGS__, ZEEK_FDN_4, ZEEK_FDN_3, ZEEK_FDN_2, ZEEK_FDN_1, ZEEK_FDN_0)(__VA_ARGS__) #define ZEEK_FDN_0() #define ZEEK_FDN_1(cls) #define ZEEK_FDN_2(cls, ns) \ @@ -288,3 +288,6 @@ extern const char* BRO_VERSION_FUNCTION(); #define ZEEK_FDN_3(cls, ns1, ns2) \ namespace ns1::ns2 { class cls; } \ namespace ns2 { using cls [[deprecated("Remove in v4.1. Use " #ns1 "::" #ns2 "::" #cls " instead.")]] = ns1::ns2::cls; } +#define ZEEK_FDN_4(cls, ns1, ns2, ns3) \ + namespace ns1::ns2::ns3 { class cls; } \ + namespace ns2 { using cls [[deprecated("Remove in v4.1. Use " #ns1 "::" #ns2 "::" #ns3 "::" #cls " instead.")]] = ns1::ns2::ns3::cls; }