Merge branch 'topic/jgras/packet-header' of https://github.com/J-Gras/bro

In the merge, I changed IP.cc to use icmp6_hdr for icmpv6 instead of the
icmp* that was used in the patch. While it does not make a difference
for this case, it seems cleaner.

BIT-1570 #merged

scripts/base/init-bare.bro

@@ -793,71 +793,6 @@ type entropy_test_result: record {
 	serial_correlation: double;	##< Serial correlation coefficient.
 };
 
-# Prototypes of Bro built-in functions.
-@load base/bif/strings.bif
-@load base/bif/bro.bif
-@load base/bif/reporter.bif
-
-## Deprecated. This is superseded by the new logging framework.
-global log_file_name: function(tag: string): string &redef;
-
-## Deprecated. This is superseded by the new logging framework.
-global open_log_file: function(tag: string): file &redef;
-
-## Specifies a directory for Bro to store its persistent state. All globals can
-## be declared persistent via the :bro:attr:`&persistent` attribute.
-const state_dir = ".state" &redef;
-
-## Length of the delays inserted when storing state incrementally. To avoid
-## dropping packets when serializing larger volumes of persistent state to
-## disk, Bro interleaves the operation with continued packet processing.
-const state_write_delay = 0.01 secs &redef;
-
-global done_with_network = F;
-event net_done(t: time) { done_with_network = T; }
-
-function log_file_name(tag: string): string
-	{
-	local suffix = getenv("BRO_LOG_SUFFIX") == "" ? "log" : getenv("BRO_LOG_SUFFIX");
-	return fmt("%s.%s", tag, suffix);
-	}
-
-function open_log_file(tag: string): file
-	{
-	return open(log_file_name(tag));
-	}
-
-## Internal function.
-function add_interface(iold: string, inew: string): string
-	{
-	if ( iold == "" )
-		return inew;
-	else
-		return fmt("%s %s", iold, inew);
-	}
-
-## Network interfaces to listen on. Use ``redef interfaces += "eth0"`` to
-## extend.
-global interfaces = "" &add_func = add_interface;
-
-## Internal function.
-function add_signature_file(sold: string, snew: string): string
-	{
-	if ( sold == "" )
-		return snew;
-	else
-		return cat(sold, " ", snew);
-	}
-
-## Signature files to read. Use ``redef signature_files  += "foo.sig"`` to
-## extend. Signature files added this way will be searched relative to
-## ``BROPATH``.  Using the ``@load-sigs`` directive instead is preferred
-## since that can search paths relative to the current script.
-global signature_files = "" &add_func = add_signature_file;
-
-## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``.
-const passive_fingerprint_file = "base/misc/p0f.fp" &redef;
-
 # TCP values for :bro:see:`endpoint` *state* field.
 # todo:: these should go into an enum to make them autodoc'able.
 const TCP_INACTIVE = 0;	##< Endpoint is still inactive.
@@ -1768,6 +1703,71 @@ type gtp_delete_pdp_ctx_response_elements: record {
 	ext:   gtp_private_extension &optional;
 };
 
+# Prototypes of Bro built-in functions.
+@load base/bif/strings.bif
+@load base/bif/bro.bif
+@load base/bif/reporter.bif
+
+## Deprecated. This is superseded by the new logging framework.
+global log_file_name: function(tag: string): string &redef;
+
+## Deprecated. This is superseded by the new logging framework.
+global open_log_file: function(tag: string): file &redef;
+
+## Specifies a directory for Bro to store its persistent state. All globals can
+## be declared persistent via the :bro:attr:`&persistent` attribute.
+const state_dir = ".state" &redef;
+
+## Length of the delays inserted when storing state incrementally. To avoid
+## dropping packets when serializing larger volumes of persistent state to
+## disk, Bro interleaves the operation with continued packet processing.
+const state_write_delay = 0.01 secs &redef;
+
+global done_with_network = F;
+event net_done(t: time) { done_with_network = T; }
+
+function log_file_name(tag: string): string
+	{
+	local suffix = getenv("BRO_LOG_SUFFIX") == "" ? "log" : getenv("BRO_LOG_SUFFIX");
+	return fmt("%s.%s", tag, suffix);
+	}
+
+function open_log_file(tag: string): file
+	{
+	return open(log_file_name(tag));
+	}
+
+## Internal function.
+function add_interface(iold: string, inew: string): string
+	{
+	if ( iold == "" )
+		return inew;
+	else
+		return fmt("%s %s", iold, inew);
+	}
+
+## Network interfaces to listen on. Use ``redef interfaces += "eth0"`` to
+## extend.
+global interfaces = "" &add_func = add_interface;
+
+## Internal function.
+function add_signature_file(sold: string, snew: string): string
+	{
+	if ( sold == "" )
+		return snew;
+	else
+		return cat(sold, " ", snew);
+	}
+
+## Signature files to read. Use ``redef signature_files  += "foo.sig"`` to
+## extend. Signature files added this way will be searched relative to
+## ``BROPATH``.  Using the ``@load-sigs`` directive instead is preferred
+## since that can search paths relative to the current script.
+global signature_files = "" &add_func = add_signature_file;
+
+## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``.
+const passive_fingerprint_file = "base/misc/p0f.fp" &redef;
+
 ## Definition of "secondary filters". A secondary filter is a BPF filter given
 ## as index in this table. For each such filter, the corresponding event is
 ## raised for all matching packets.

src/IP.cc

@@ -1,5 +1,9 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <netinet/icmp6.h>
+
 #include "IP.h"
 #include "Type.h"
 #include "Val.h"
@@ -403,6 +407,17 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
 		break;
 		}
 
+	case IPPROTO_ICMPV6:
+		{
+		const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data;
+		RecordVal* icmp_hdr = new RecordVal(icmp_hdr_type);
+
+		icmp_hdr->Assign(0, new Val(icmpp->icmp6_type, TYPE_COUNT));
+
+		pkt_hdr->Assign(sindex + 4, icmp_hdr);
+		break;
+		}
+
 	default:
 		{
 		// This is not a protocol we understand.

src/NetVar.cc

@@ -15,6 +15,8 @@ RecordType* icmp_conn;
 RecordType* icmp_context;
 RecordType* SYN_packet;
 RecordType* pcap_packet;
+RecordType* raw_pkt_hdr_type;
+RecordType* l2_hdr_type;
 RecordType* signature_state;
 EnumType* transport_proto;
 TableType* string_set;
@@ -324,6 +326,8 @@ void init_net_var()
 	signature_state = internal_type("signature_state")->AsRecordType();
 	SYN_packet = internal_type("SYN_packet")->AsRecordType();
 	pcap_packet = internal_type("pcap_packet")->AsRecordType();
+	raw_pkt_hdr_type = internal_type("raw_pkt_hdr")->AsRecordType();
+	l2_hdr_type = internal_type("l2_hdr")->AsRecordType();
 	transport_proto = internal_type("transport_proto")->AsEnumType();
 	string_set = internal_type("string_set")->AsTableType();
 	string_array = internal_type("string_array")->AsTableType();

src/NetVar.h

@@ -19,6 +19,8 @@ extern RecordType* icmp_context;
 extern RecordType* signature_state;
 extern RecordType* SYN_packet;
 extern RecordType* pcap_packet;
+extern RecordType* raw_pkt_hdr_type;
+extern RecordType* l2_hdr_type;
 extern EnumType* transport_proto;
 extern TableType* string_set;
 extern TableType* string_array;

src/bro.bif

@@ -3458,6 +3458,26 @@ function get_current_packet%(%) : pcap_packet
 	return pkt;
 	%}
 
+## Function to get the raw headers of the currently processed packet.
+##
+## Returns: The :bro:type:`connection` record containing the Layer 2, 3 and
+##          4 headers of the currently processed packet.
+##
+## .. bro:see:: raw_pkt_hdr get_current_packet
+function get_current_packet_header%(%) : raw_pkt_hdr
+	%{
+	const Packet* p;
+
+	if ( current_pktsrc &&
+	     current_pktsrc->GetCurrentPacket(&p) )
+		{
+		return p->BuildPktHdrVal();
+		}
+
+	RecordVal* hdr = new RecordVal(raw_pkt_hdr_type);
+	return hdr;
+	%}
+
 ## Writes a given packet to a file.
 ##
 ## pkt: The PCAP packet.

src/iosource/Packet.cc

@@ -428,15 +428,6 @@ void Packet::ProcessLayer2()
 
 RecordVal* Packet::BuildPktHdrVal() const
 	{
-	static RecordType* l2_hdr_type = 0;
-	static RecordType* raw_pkt_hdr_type = 0;
-
-	if ( ! raw_pkt_hdr_type )
-		{
-		raw_pkt_hdr_type = internal_type("raw_pkt_hdr")->AsRecordType();
-		l2_hdr_type = internal_type("l2_hdr")->AsRecordType();
-		}
-
 	RecordVal* pkt_hdr = new RecordVal(raw_pkt_hdr_type);
 	RecordVal* l2_hdr = new RecordVal(l2_hdr_type);
 

testing/btest/Baseline/bifs.get_current_packet_header/output

@@ -0,0 +1 @@
+[l2=[encap=LINK_ETHERNET, len=78, cap_len=78, src=00:00:00:00:00:00, dst=ff:ff:ff:ff:ff:ff, vlan=<uninitialized>, inner_vlan=<uninitialized>, eth_type=34525, proto=L3_IPV6], ip=<uninitialized>, ip6=[class=0, flow=0, len=24, nxt=58, hlim=255, src=fe80::dead, dst=fe80::beef, exts=[]], tcp=<uninitialized>, udp=<uninitialized>, icmp=[icmp_type=135]]

testing/btest/Baseline/core.ipv6_zero_len_ah/output

@@ -1,2 +1,2 @@
 [orig_h=2000:1300::1, orig_p=128/icmp, resp_h=2000:1300::2, resp_p=129/icmp]
-[ip=<uninitialized>, ip6=[class=0, flow=0, len=166, nxt=51, hlim=255, src=2000:1300::1, dst=2000:1300::2, exts=[[id=51, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=[nxt=58, len=0, rsv=0, spi=0, seq=<uninitialized>, data=<uninitialized>], esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=<uninitialized>]
+[ip=<uninitialized>, ip6=[class=0, flow=0, len=166, nxt=51, hlim=255, src=2000:1300::1, dst=2000:1300::2, exts=[[id=51, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=[nxt=58, len=0, rsv=0, spi=0, seq=<uninitialized>, data=<uninitialized>], esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=[icmp_type=128]]

testing/btest/bifs/get_current_packet_header.bro

@@ -0,0 +1,8 @@
+# @TEST-EXEC: bro -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output
+# @TEST-EXEC: btest-diff output
+
+event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options)
+	{
+	local hdr: raw_pkt_hdr = get_current_packet_header();
+	print fmt("%s", hdr);
+	}