Merge branch 'topic/amazingpp/irc-fuid-missing' of github.com:AmazingPP/zeek

* 'topic/amazingpp/irc-fuid-missing' of github.com:AmazingPP/zeek: Add irc_dcc_send_ack event and fix missing fields I've moved IRC_Data back into the zeek::analyzer::file namespace, but we did move the declaration from protocol/file/File.h to protocol/irc/IRC.h. But, if someone actually customized IRC_Data and didn't include protocol/irc/IRC.h for other reasons, I'll be surprised (and also just suggest to update the include).
2025-10-11 19:18:19 +00:00 · 2023-04-24 17:55:53 +02:00 · 2023-04-24 17:55:53 +02:00 · 1b69b4d26f
commit 1b69b4d26f
parent 9b1bfe63f4 161ffb4192
17 changed files with 209 additions and 107 deletions
--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -12,7 +12,10 @@

 using namespace std;

-namespace zeek::analyzer::irc
+namespace zeek::analyzer
+	{
+
+namespace irc
 	{

 IRC_Analyzer::IRC_Analyzer(Connection* conn) : analyzer::tcp::TCP_ApplicationAnalyzer("IRC", conn)
@ -1128,4 +1131,44 @@ vector<string> IRC_Analyzer::SplitWords(const string& input, char split)
 	return words;
 	}

-	} // namespace zeek::analyzer::irc
+	} // namespace irc
+
+namespace file
+	{
+
+void IRC_Data::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	// Bytes from originator are acknowledgements
+	if ( ! orig )
+		File_Analyzer::DeliverStream(len, data, orig);
+	else
+		{
+		constexpr auto ack_len = sizeof(uint32_t);
+
+		if ( len % ack_len != 0 )
+			{
+			Weird("irc_invalid_dcc_send_ack");
+			return;
+			}
+
+		if ( irc_dcc_send_ack )
+			{
+			for ( int i = 0; i < len; i += ack_len )
+				{
+				EnqueueConnEvent(
+					irc_dcc_send_ack, ConnVal(),
+					val_mgr->Count(ntohl(*reinterpret_cast<const uint32_t*>(data + i))));
+				}
+			}
+		}
+	}
+
+void IRC_Data::Undelivered(uint64_t seq, int len, bool orig)
+	{
+	if ( ! orig )
+		File_Analyzer::Undelivered(seq, len, orig);
+	}
+
+	} // namespace file
+
+	} // namespace zeek::analyzer