Merge remote-tracking branch 'origin/topic/vern/remove-teredo-gtpv1-script-opt-insts'

* origin/topic/vern/remove-teredo-gtpv1-script-opt-insts: removed specialized ZAM instructions for GTPv1 and Teredo cleanup BiFs
2025-10-02 06:38:20 +00:00 · 2024-10-09 15:36:41 -07:00 · 2024-10-09 15:36:41 -07:00 · 1208555ee3
commit 1208555ee3
parent 2651de64bf b4bfbcc8d2
7 changed files with 6 additions and 72 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
 7.1.0-dev.390 | 2024-10-09 15:36:41 -0700
  * removed specialized ZAM instructions for GTPv1 and Teredo cleanup BiFs (Vern Paxson, Corelight)
 7.1.0-dev.388 | 2024-10-09 15:36:09 -0700
  * -a zam baseline updates reflecting recent changes to main baselines (Vern Paxson, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-7.1.0-dev.388
+7.1.0-dev.390
--- a/src/script_opt/ZAM/BuiltIn.cc
+++ b/src/script_opt/ZAM/BuiltIn.cc
@ -456,23 +456,6 @@ OptAssignZBI bfl_ZBI{ "Broker::__flush_logs",
    0
 };
 OptAssignZBI rgc_ZBI{ "PacketAnalyzer::GTPV1::remove_gtpv1_connection",
    OP_REMOVE_GTPV1_VV, OP_REMOVE_GTPV1_V,
    1
 };
 OptAssignZBI rtc_ZBI{ "PacketAnalyzer::TEREDO::remove_teredo_connection",
    OP_REMOVE_TEREDO_VV, OP_REMOVE_TEREDO_V,
    1
 };
 MultiZBI faa_ZBI{ "Files::__add_analyzer",
    {{{VVV}, {OP_FILES_ADD_ANALYZER_VVV, OP_VVV}},
     {{VCV}, {OP_FILES_ADD_ANALYZER_VCV, OP_VVC}}},
    {{{VVV}, {OP_FILES_ADD_ANALYZER_VVVV, OP_VVVV}},
     {{VCV}, {OP_FILES_ADD_ANALYZER_VVCV, OP_VVVC}}},
    1
 };
 MultiZBI fra_ZBI{ "Files::__remove_analyzer",
    {{{VVV}, {OP_FILES_REMOVE_ANALYZER_VVV, OP_VVV}},
     {{VCV}, {OP_FILES_REMOVE_ANALYZER_VCV, OP_VVC}}},
--- a/src/script_opt/ZAM/OPs/ZBI.op
+++ b/src/script_opt/ZAM/OPs/ZBI.op
@ -1,31 +1,5 @@
 # Operations corresponding to ZAM BuiltIn Functions.
 internal-op Remove-Teredo
 op1-read
 class V
 op-types R
 eval	ZAM::packet_mgr_remove_teredo($1);
 internal-op Remove-Teredo
 side-effects OP_REMOVE_TEREDO_V OP_V
 class VV
 op-types I R
 eval	ZAM::packet_mgr_remove_teredo($1);
 	$$ = 1;
 internal-op Remove-GTPv1
 op1-read
 class V
 op-types R
 eval	ZAM::packet_mgr_remove_gtpv1($1);
 internal-op Remove-GTPv1
 side-effects OP_REMOVE_GTPV1_V OP_V
 class VV
 op-types I R
 eval	ZAM::packet_mgr_remove_gtpv1($1);
 	$$ = 1;
 internal-op Set-File-Handle
 op1-read
 class V
--- a/src/script_opt/ZAM/Support.cc
+++ b/src/script_opt/ZAM/Support.cc
@ -15,8 +15,6 @@
 #include "zeek/file_analysis/file_analysis.bif.h"
 #include "zeek/logging/Manager.h"
 #include "zeek/packet_analysis/Manager.h"
 #include "zeek/packet_analysis/protocol/gtpv1/GTPv1.h"
 #include "zeek/packet_analysis/protocol/teredo/Teredo.h"
 #include "zeek/script_opt/ProfileFunc.h"
 #include "zeek/session/Manager.h"
@ -34,26 +32,6 @@ size_t broker_mgr_flush_log_buffers() { return zeek::broker_mgr->FlushLogBuffers
 zeek::Connection* session_mgr_find_connection(zeek::Val* cid) { return zeek::session_mgr->FindConnection(cid); }
 bool packet_mgr_remove_teredo(zeek::Val* cid) {
    auto teredo = zeek::packet_mgr->GetAnalyzer("Teredo");
    if ( teredo ) {
        zeek::detail::ConnKey conn_key(cid);
        static_cast<zeek::packet_analysis::teredo::TeredoAnalyzer*>(teredo.get())->RemoveConnection(conn_key);
        return true;
    }
    return false;
 }
 bool packet_mgr_remove_gtpv1(zeek::Val* cid) {
    auto gtpv1 = zeek::packet_mgr->GetAnalyzer("GTPv1");
    if ( gtpv1 ) {
        zeek::detail::ConnKey conn_key(cid);
        static_cast<zeek::packet_analysis::gtpv1::GTPv1_Analyzer*>(gtpv1.get())->RemoveConnection(conn_key);
        return true;
    }
    return false;
 }
 zeek::StringVal* analyzer_name(zeek::EnumVal* val) {
    plugin::Component* component = zeek::analyzer_mgr->Lookup(val);
--- a/src/script_opt/ZAM/Support.h
+++ b/src/script_opt/ZAM/Support.h
@ -64,11 +64,6 @@ size_t broker_mgr_flush_log_buffers();
 // session_mgr->FindConnection()
 zeek::Connection* session_mgr_find_connection(Val* cid);
 // We've seen these two cause overhead even with normal script execution,
 // maybe we should fix them via conn removal hooks or some such.
 bool packet_mgr_remove_teredo(Val* cid);
 bool packet_mgr_remove_gtpv1(Val* cid);
 // Analyzer-Name op
 StringVal* analyzer_name(zeek::EnumVal* v);
--- a/testing/btest/Baseline.zam/opt.validate-ZAM/output
+++ b/testing/btest/Baseline.zam/opt.validate-ZAM/output
@ -1,2 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-1236 valid, 1859 tested, 425 skipped
+1232 valid, 1853 tested, 425 skipped
`@ -1,2 +1,2 @@`
	`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`	`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`
	`1236 valid, 1859 tested, 425 skipped`	`1232 valid, 1853 tested, 425 skipped`