Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use bools instead of single-bit bitfields in Ident and TCP protocol analyzers

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-01-07 12:07:40 -07:00
parent 9d38419e8a
commit 0f8f53808e
8 changed files with 47 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/Conn.cc
View file

@ -18,7 +18,7 @@
#include "analyzer/Manager.h" #include "analyzer/Manager.h"
void ConnectionTimer::Init(Connection* arg_conn, timer_func arg_timer, void ConnectionTimer::Init(Connection* arg_conn, timer_func arg_timer,
int arg_do_expire) bool arg_do_expire)
{ {
conn = arg_conn; conn = arg_conn;
timer = arg_timer; timer = arg_timer;
@ -87,8 +87,8 @@ Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnI
vlan = pkt->vlan; vlan = pkt->vlan;
inner_vlan = pkt->inner_vlan; inner_vlan = pkt->inner_vlan;
conn_val = 0; conn_val = nullptr;
login_conn = 0; login_conn = nullptr;
is_active = 1; is_active = 1;
skip = 0; skip = 0;
@ -108,8 +108,8 @@ Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnI
hist_seen = 0; hist_seen = 0;
history = ""; history = "";
root_analyzer = 0; root_analyzer = nullptr;
primary_PIA = 0; primary_PIA = nullptr;
++current_connections; ++current_connections;
++total_connections; ++total_connections;
@ -172,7 +172,7 @@ void Connection::CheckEncapsulation(const EncapsulationStack* arg_encap)
EncapsulationStack empty; EncapsulationStack empty;
Event(tunnel_changed, 0, empty.GetVectorVal()); Event(tunnel_changed, 0, empty.GetVectorVal());
delete encapsulation; delete encapsulation;
encapsulation = 0; encapsulation = nullptr;
} }
else if ( arg_encap ) else if ( arg_encap )
@ -222,7 +222,7 @@ void Connection::NextPacket(double t, int is_orig,
last_time = t; last_time = t;
current_timestamp = 0; current_timestamp = 0;
current_pkt = 0; current_pkt = nullptr;
} }
void Connection::SetLifetime(double lifetime) void Connection::SetLifetime(double lifetime)
@ -533,7 +533,7 @@ void Connection::Weird(const char* name, const char* addl)
reporter->Weird(this, name, addl ? addl : ""); reporter->Weird(this, name, addl ? addl : "");
} }
void Connection::AddTimer(timer_func timer, double t, int do_expire, void Connection::AddTimer(timer_func timer, double t, bool do_expire,
TimerType type) TimerType type)
{ {
if ( timers_canceled ) if ( timers_canceled )
@ -609,7 +609,7 @@ void Connection::FlipRoles()
orig_flow_label = tmp_flow; orig_flow_label = tmp_flow;
Unref(conn_val); Unref(conn_val);
conn_val = 0; conn_val = nullptr;
if ( root_analyzer ) if ( root_analyzer )
root_analyzer->FlipRoles(); root_analyzer->FlipRoles();

8
src/Conn.h
View file

@ -303,7 +303,7 @@ protected:
// Add the given timer to expire at time t. If do_expire // Add the given timer to expire at time t. If do_expire
// is true, then the timer is also evaluated when Bro terminates, // is true, then the timer is also evaluated when Bro terminates,
// otherwise not. // otherwise not.
void AddTimer(timer_func timer, double t, int do_expire, void AddTimer(timer_func timer, double t, bool do_expire,
TimerType type); TimerType type);
void RemoveTimer(Timer* t); void RemoveTimer(Timer* t);
@ -367,7 +367,7 @@ protected:
class ConnectionTimer : public Timer { class ConnectionTimer : public Timer {
public: public:
ConnectionTimer(Connection* arg_conn, timer_func arg_timer, ConnectionTimer(Connection* arg_conn, timer_func arg_timer,
double arg_t, int arg_do_expire, TimerType arg_type) double arg_t, bool arg_do_expire, TimerType arg_type)
: Timer(arg_t, arg_type) : Timer(arg_t, arg_type)
{ Init(arg_conn, arg_timer, arg_do_expire); } { Init(arg_conn, arg_timer, arg_do_expire); }
~ConnectionTimer() override; ~ConnectionTimer() override;
@ -377,11 +377,11 @@ public:
protected: protected:
ConnectionTimer() {} ConnectionTimer() {}
void Init(Connection* conn, timer_func timer, int do_expire); void Init(Connection* conn, timer_func timer, bool do_expire);
Connection* conn; Connection* conn;
timer_func timer; timer_func timer;
int do_expire; bool do_expire;
}; };
#define ADD_TIMER(timer, t, do_expire, type) \ #define ADD_TIMER(timer, t, do_expire, type) \

6
src/analyzer/protocol/ident/Ident.cc
View file

@ -15,7 +15,7 @@ using namespace analyzer::ident;
Ident_Analyzer::Ident_Analyzer(Connection* conn) Ident_Analyzer::Ident_Analyzer(Connection* conn)
: tcp::TCP_ApplicationAnalyzer("IDENT", conn) : tcp::TCP_ApplicationAnalyzer("IDENT", conn)
{ {
did_bad_reply = did_deliver = 0; did_bad_reply = did_deliver = false;
orig_ident = new tcp::ContentLine_Analyzer(conn, true, 1000); orig_ident = new tcp::ContentLine_Analyzer(conn, true, 1000);
resp_ident = new tcp::ContentLine_Analyzer(conn, false, 1000); resp_ident = new tcp::ContentLine_Analyzer(conn, false, 1000);
@ -89,7 +89,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
val_mgr->GetPort(remote_port, TRANSPORT_TCP), val_mgr->GetPort(remote_port, TRANSPORT_TCP),
}); });
did_deliver = 1; did_deliver = true;
} }
else else
@ -251,6 +251,6 @@ void Ident_Analyzer::BadReply(int length, const char* line)
{ {
BroString s((const u_char*)line, length, true); BroString s((const u_char*)line, length, true);
Weird("bad_ident_reply", s.CheckString()); Weird("bad_ident_reply", s.CheckString());
did_bad_reply = 1; did_bad_reply = true;
} }
} }

4
src/analyzer/protocol/ident/Ident.h
View file

@ -29,8 +29,8 @@ protected:
tcp::ContentLine_Analyzer* orig_ident; tcp::ContentLine_Analyzer* orig_ident;
tcp::ContentLine_Analyzer* resp_ident; tcp::ContentLine_Analyzer* resp_ident;
unsigned int did_deliver:1; bool did_deliver;
unsigned int did_bad_reply:1; bool did_bad_reply;
}; };
} } // namespace analyzer::* } } // namespace analyzer::*

15
src/analyzer/protocol/tcp/ContentLine.cc
View file

@ -21,17 +21,17 @@ ContentLine_Analyzer::ContentLine_Analyzer(const char* name, Connection* conn, b
void ContentLine_Analyzer::InitState() void ContentLine_Analyzer::InitState()
{ {
flag_NULs = 0; flag_NULs = false;
CR_LF_as_EOL = (CR_as_EOL | LF_as_EOL); CR_LF_as_EOL = (CR_as_EOL | LF_as_EOL);
skip_deliveries = 0; skip_deliveries = false;
skip_partial = 0; skip_partial = false;
buf = 0; buf = 0;
seq_delivered_in_lines = 0; seq_delivered_in_lines = 0;
skip_pending = 0; skip_pending = 0;
seq = 0; seq = 0;
seq_to_skip = 0; seq_to_skip = 0;
plain_delivery_length = 0; plain_delivery_length = 0;
is_plain = 0; is_plain = false;
suppress_weirds = false; suppress_weirds = false;
InitBuffer(0); InitBuffer(0);
@ -70,7 +70,7 @@ ContentLine_Analyzer::~ContentLine_Analyzer()
delete [] buf; delete [] buf;
} }
int ContentLine_Analyzer::HasPartialLine() const bool ContentLine_Analyzer::HasPartialLine() const
{ {
return buf && offset > 0; return buf && offset > 0;
} }
@ -150,11 +150,11 @@ void ContentLine_Analyzer::DoDeliver(int len, const u_char* data)
last_char = 0; // clear last_char last_char = 0; // clear last_char
plain_delivery_length -= deliver_plain; plain_delivery_length -= deliver_plain;
is_plain = 1; is_plain = true;
ForwardStream(deliver_plain, data, IsOrig()); ForwardStream(deliver_plain, data, IsOrig());
is_plain = 0; is_plain = false;
data += deliver_plain; data += deliver_plain;
len -= deliver_plain; len -= deliver_plain;
@ -339,4 +339,3 @@ void ContentLine_Analyzer::SkipBytes(int64_t length)
skip_pending = 0; skip_pending = 0;
seq_to_skip = SeqDelivered() + length; seq_to_skip = SeqDelivered() + length;
} }

14
src/analyzer/protocol/tcp/ContentLine.h
View file

@ -35,12 +35,12 @@ public:
int CRLFAsEOL() int CRLFAsEOL()
{ return CR_LF_as_EOL ; } { return CR_LF_as_EOL ; }
int HasPartialLine() const; bool HasPartialLine() const;
bool SkipDeliveries() const bool SkipDeliveries() const
{ return skip_deliveries; } { return skip_deliveries; }
void SetSkipDeliveries(int should_skip) void SetSkipDeliveries(bool should_skip)
{ skip_deliveries = should_skip; } { skip_deliveries = should_skip; }
// We actually have two delivery modes: line delivery and plain // We actually have two delivery modes: line delivery and plain
@ -97,21 +97,21 @@ protected:
// Remaining bytes to deliver plain. // Remaining bytes to deliver plain.
int64_t plain_delivery_length; int64_t plain_delivery_length;
int is_plain; bool is_plain;
// Don't deliver further data. // Don't deliver further data.
int skip_deliveries; bool skip_deliveries;
bool suppress_weirds; bool suppress_weirds;
// If true, flag (first) line with embedded NUL. // If true, flag (first) line with embedded NUL.
unsigned int flag_NULs:1; bool flag_NULs;
// Whether single CR / LF are considered as EOL. // Whether single CR / LF are considered as EOL.
unsigned int CR_LF_as_EOL:2; uint8_t CR_LF_as_EOL:2;
// Whether to skip partial conns. // Whether to skip partial conns.
unsigned int skip_partial:1; bool skip_partial;
}; };
} } // namespace analyzer::* } } // namespace analyzer::*

16
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -28,9 +28,9 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
endp = arg_endp; endp = arg_endp;
had_gap = false; had_gap = false;
record_contents_file = 0; record_contents_file = 0;
deliver_tcp_contents = 0; deliver_tcp_contents = false;
skip_deliveries = 0; skip_deliveries = false;
did_EOF = 0; did_EOF = false;
seq_to_skip = 0; seq_to_skip = 0;
in_delivery = false; in_delivery = false;
@ -49,7 +49,7 @@ TCP_Reassembler::TCP_Reassembler(analyzer::Analyzer* arg_dst_analyzer,
if ( (IsOrig() && tcp_content_deliver_all_orig) || if ( (IsOrig() && tcp_content_deliver_all_orig) ||
(! IsOrig() && tcp_content_deliver_all_resp) || (! IsOrig() && tcp_content_deliver_all_resp) ||
(result && result->AsBool()) ) (result && result->AsBool()) )
deliver_tcp_contents = 1; deliver_tcp_contents = true;
Unref(dst_port_val); Unref(dst_port_val);
} }
@ -221,7 +221,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
// the SYN packet carries data. // the SYN packet carries data.
// //
// Skip the undelivered part without reporting to the endpoint. // Skip the undelivered part without reporting to the endpoint.
skip_deliveries = 1; skip_deliveries = true;
} }
else else
{ {
@ -517,7 +517,7 @@ int TCP_Reassembler::DataSent(double t, uint64_t seq, int len,
{ {
tcp_analyzer->Weird("above_hole_data_without_any_acks"); tcp_analyzer->Weird("above_hole_data_without_any_acks");
ClearBlocks(); ClearBlocks();
skip_deliveries = 1; skip_deliveries = true;
} }
if ( tcp_excessive_data_without_further_acks && if ( tcp_excessive_data_without_further_acks &&
@ -525,7 +525,7 @@ int TCP_Reassembler::DataSent(double t, uint64_t seq, int len,
{ {
tcp_analyzer->Weird("excessive_data_without_further_acks"); tcp_analyzer->Weird("excessive_data_without_further_acks");
ClearBlocks(); ClearBlocks();
skip_deliveries = 1; skip_deliveries = true;
} }
return 1; return 1;
@ -592,7 +592,7 @@ void TCP_Reassembler::CheckEOF()
network_time, endp->IsOrig()); network_time, endp->IsOrig());
} }
did_EOF = 1; did_EOF = true;
tcp_analyzer->EndpointEOF(this); tcp_analyzer->EndpointEOF(this);
} }
} }

8
src/analyzer/protocol/tcp/TCP_Reassembler.h
View file

@ -96,10 +96,10 @@ private:
TCP_Endpoint* endp; TCP_Endpoint* endp;
unsigned int deliver_tcp_contents:1; bool deliver_tcp_contents;
unsigned int had_gap:1; bool had_gap;
unsigned int did_EOF:1; bool did_EOF;
unsigned int skip_deliveries:1; bool skip_deliveries;
uint64_t seq_to_skip; uint64_t seq_to_skip;