Merge remote-tracking branch 'origin/topic/vern/remove-teredo-gtpv1-script-opt-insts'

* origin/topic/vern/remove-teredo-gtpv1-script-opt-insts: removed specialized ZAM instructions for GTPv1 and Teredo cleanup BiFs
2025-10-02 06:38:20 +00:00 · 2024-10-09 15:36:41 -07:00 · 2024-10-09 15:36:41 -07:00 · 1208555ee3
commit 1208555ee3
parent 2651de64bf b4bfbcc8d2
7 changed files with 6 additions and 72 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+7.1.0-dev.390 | 2024-10-09 15:36:41 -0700
+
+  * removed specialized ZAM instructions for GTPv1 and Teredo cleanup BiFs (Vern Paxson, Corelight)
+
 7.1.0-dev.388 | 2024-10-09 15:36:09 -0700

  * -a zam baseline updates reflecting recent changes to main baselines (Vern Paxson, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-7.1.0-dev.388
+7.1.0-dev.390
--- a/src/script_opt/ZAM/BuiltIn.cc
+++ b/src/script_opt/ZAM/BuiltIn.cc
@ -456,23 +456,6 @@ OptAssignZBI bfl_ZBI{ "Broker::__flush_logs",
    0
 };

-OptAssignZBI rgc_ZBI{ "PacketAnalyzer::GTPV1::remove_gtpv1_connection",
-    OP_REMOVE_GTPV1_VV, OP_REMOVE_GTPV1_V,
-    1
-};
-OptAssignZBI rtc_ZBI{ "PacketAnalyzer::TEREDO::remove_teredo_connection",
-    OP_REMOVE_TEREDO_VV, OP_REMOVE_TEREDO_V,
-    1
-};
-
-MultiZBI faa_ZBI{ "Files::__add_analyzer",
-    {{{VVV}, {OP_FILES_ADD_ANALYZER_VVV, OP_VVV}},
-     {{VCV}, {OP_FILES_ADD_ANALYZER_VCV, OP_VVC}}},
-    {{{VVV}, {OP_FILES_ADD_ANALYZER_VVVV, OP_VVVV}},
-     {{VCV}, {OP_FILES_ADD_ANALYZER_VVCV, OP_VVVC}}},
-    1
-};
-
 MultiZBI fra_ZBI{ "Files::__remove_analyzer",
    {{{VVV}, {OP_FILES_REMOVE_ANALYZER_VVV, OP_VVV}},
     {{VCV}, {OP_FILES_REMOVE_ANALYZER_VCV, OP_VVC}}},
--- a/src/script_opt/ZAM/OPs/ZBI.op
+++ b/src/script_opt/ZAM/OPs/ZBI.op
@ -1,31 +1,5 @@
 # Operations corresponding to ZAM BuiltIn Functions.

-internal-op Remove-Teredo
-op1-read
-class V
-op-types R
-eval	ZAM::packet_mgr_remove_teredo($1);
-
-internal-op Remove-Teredo
-side-effects OP_REMOVE_TEREDO_V OP_V
-class VV
-op-types I R
-eval	ZAM::packet_mgr_remove_teredo($1);
-	$$ = 1;
-
-internal-op Remove-GTPv1
-op1-read
-class V
-op-types R
-eval	ZAM::packet_mgr_remove_gtpv1($1);
-
-internal-op Remove-GTPv1
-side-effects OP_REMOVE_GTPV1_V OP_V
-class VV
-op-types I R
-eval	ZAM::packet_mgr_remove_gtpv1($1);
-	$$ = 1;
-
 internal-op Set-File-Handle
 op1-read
 class V
--- a/src/script_opt/ZAM/Support.cc
+++ b/src/script_opt/ZAM/Support.cc
@ -15,8 +15,6 @@
 #include "zeek/file_analysis/file_analysis.bif.h"
 #include "zeek/logging/Manager.h"
 #include "zeek/packet_analysis/Manager.h"
-#include "zeek/packet_analysis/protocol/gtpv1/GTPv1.h"
-#include "zeek/packet_analysis/protocol/teredo/Teredo.h"
 #include "zeek/script_opt/ProfileFunc.h"
 #include "zeek/session/Manager.h"

@ -34,26 +32,6 @@ size_t broker_mgr_flush_log_buffers() { return zeek::broker_mgr->FlushLogBuffers

 zeek::Connection* session_mgr_find_connection(zeek::Val* cid) { return zeek::session_mgr->FindConnection(cid); }

-bool packet_mgr_remove_teredo(zeek::Val* cid) {
-    auto teredo = zeek::packet_mgr->GetAnalyzer("Teredo");
-    if ( teredo ) {
-        zeek::detail::ConnKey conn_key(cid);
-        static_cast<zeek::packet_analysis::teredo::TeredoAnalyzer*>(teredo.get())->RemoveConnection(conn_key);
-        return true;
-    }
-    return false;
-}
-
-bool packet_mgr_remove_gtpv1(zeek::Val* cid) {
-    auto gtpv1 = zeek::packet_mgr->GetAnalyzer("GTPv1");
-    if ( gtpv1 ) {
-        zeek::detail::ConnKey conn_key(cid);
-        static_cast<zeek::packet_analysis::gtpv1::GTPv1_Analyzer*>(gtpv1.get())->RemoveConnection(conn_key);
-        return true;
-    }
-    return false;
-}
-
 zeek::StringVal* analyzer_name(zeek::EnumVal* val) {
    plugin::Component* component = zeek::analyzer_mgr->Lookup(val);

--- a/src/script_opt/ZAM/Support.h
+++ b/src/script_opt/ZAM/Support.h
@ -64,11 +64,6 @@ size_t broker_mgr_flush_log_buffers();
 // session_mgr->FindConnection()
 zeek::Connection* session_mgr_find_connection(Val* cid);

-// We've seen these two cause overhead even with normal script execution,
-// maybe we should fix them via conn removal hooks or some such.
-bool packet_mgr_remove_teredo(Val* cid);
-bool packet_mgr_remove_gtpv1(Val* cid);
-
 // Analyzer-Name op
 StringVal* analyzer_name(zeek::EnumVal* v);

--- a/testing/btest/Baseline.zam/opt.validate-ZAM/output
+++ b/testing/btest/Baseline.zam/opt.validate-ZAM/output
@ -1,2 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-1236 valid, 1859 tested, 425 skipped
+1232 valid, 1853 tested, 425 skipped