Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

remove unnecessary casts, and change necessary ones to use static_cast<>

Browse source
This commit is contained in:
Vern Paxson 2021-03-18 13:24:25 -07:00
parent 2faaccf10a
commit 245108e86e
30 changed files with 253 additions and 253 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/IP.cc
View file

@ -122,7 +122,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
rv->Assign(1, frag->ip6f_reserved); rv->Assign(1, frag->ip6f_reserved);
rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8)>>3); rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8)>>3);
rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006)>>1); rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006)>>1);
rv->Assign(4, bool(ntohs(frag->ip6f_offlg) & 0x0001)); rv->Assign(4, static_cast<bool>(ntohs(frag->ip6f_offlg) & 0x0001));
rv->Assign(5, ntohl(frag->ip6f_ident)); rv->Assign(5, ntohl(frag->ip6f_ident));
} }
break; break;
@ -246,10 +246,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
{ {
auto m = make_intrusive<RecordVal>(ip6_mob_bu_type); auto m = make_intrusive<RecordVal>(ip6_mob_bu_type);
m->Assign(0, ntohs(*((uint16_t*)msg_data)))); m->Assign(0, ntohs(*((uint16_t*)msg_data))));
m->Assign(1, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000)); m->Assign(1, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000)); m->Assign(2, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
m->Assign(3, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000)); m->Assign(3, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
m->Assign(4, bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000)); m->Assign(4, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))); m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t); off += 3 * sizeof(uint16_t);
m->Assign(6, BuildOptionsVal(data + off, Length() - off)); m->Assign(6, BuildOptionsVal(data + off, Length() - off));
@ -261,7 +261,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
{ {
auto m = make_intrusive<RecordVal>(ip6_mob_back_type); auto m = make_intrusive<RecordVal>(ip6_mob_back_type);
m->Assign(0, *((uint8_t*)msg_data)); m->Assign(0, *((uint8_t*)msg_data));
m->Assign(1, bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80)); m->Assign(1, static_cast<bool>(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))); m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))));
m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))); m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t)))));
off += 3 * sizeof(uint16_t); off += 3 * sizeof(uint16_t);
@ -379,8 +379,8 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP)); tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP)); tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
tcp_hdr->Assign(2, uint32_t(ntohl(tp->th_seq))); tcp_hdr->Assign(2, ntohl(tp->th_seq));
tcp_hdr->Assign(3, uint32_t(ntohl(tp->th_ack))); tcp_hdr->Assign(3, ntohl(tp->th_ack));
tcp_hdr->Assign(4, tcp_hdr_len); tcp_hdr->Assign(4, tcp_hdr_len);
tcp_hdr->Assign(5, data_len); tcp_hdr->Assign(5, data_len);
tcp_hdr->Assign(6, tp->th_x2); tcp_hdr->Assign(6, tp->th_x2);

2
src/Val.h
View file

@ -1543,7 +1543,7 @@ public:
const RecordVal* RecordValAt(unsigned int index) const const RecordVal* RecordValAt(unsigned int index) const
{ return (*vector_val)[index].record_val; } { return (*vector_val)[index].record_val; }
bool BoolAt(unsigned int index) const bool BoolAt(unsigned int index) const
{ return bool((*vector_val)[index].uint_val); } { return static_cast<bool>((*vector_val)[index].uint_val); }
const StringVal* StringValAt(unsigned int index) const const StringVal* StringValAt(unsigned int index) const
{ return (*vector_val)[index].string_val; } { return (*vector_val)[index].string_val; }
const String* StringAt(unsigned int index) const const String* StringAt(unsigned int index) const

2
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -500,7 +500,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
auto benc_value = make_intrusive<RecordVal>(bittorrent_benc_value); auto benc_value = make_intrusive<RecordVal>(bittorrent_benc_value);
auto name_ = make_intrusive<StringVal>(name_len, name); auto name_ = make_intrusive<StringVal>(name_len, name);
benc_value->Assign(type, int(value)); benc_value->Assign(type, static_cast<int>(value));
res_val_benc->Assign(std::move(name_), std::move(benc_value)); res_val_benc->Assign(std::move(name_), std::move(benc_value));
} }

2
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -34,7 +34,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_time_offset_option(v: OptionValue): bool function process_time_offset_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(25, int(${v.time_offset})); ${context.flow}->options->Assign(25, ${v.time_offset});
return true; return true;
%} %}
}; };

40
src/analyzer/protocol/dns/DNS.cc
View file

@ -1852,11 +1852,11 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal()
r->Assign(0, id); r->Assign(0, id);
r->Assign(1, opcode); r->Assign(1, opcode);
r->Assign(2, rcode); r->Assign(2, rcode);
r->Assign(3, bool(QR)); r->Assign(3, static_cast<bool>(QR));
r->Assign(4, bool(AA)); r->Assign(4, static_cast<bool>(AA));
r->Assign(5, bool(TC)); r->Assign(5, static_cast<bool>(TC));
r->Assign(6, bool(RD)); r->Assign(6, static_cast<bool>(RD));
r->Assign(7, bool(RA)); r->Assign(7, static_cast<bool>(RA));
r->Assign(8, Z); r->Assign(8, Z);
r->Assign(9, qdcount); r->Assign(9, qdcount);
r->Assign(10, ancount); r->Assign(10, ancount);
@ -1871,7 +1871,7 @@ RecordValPtr DNS_MsgInfo::BuildAnswerVal()
static auto dns_answer = id::find_type<RecordType>("dns_answer"); static auto dns_answer = id::find_type<RecordType>("dns_answer");
auto r = make_intrusive<RecordVal>(dns_answer); auto r = make_intrusive<RecordVal>(dns_answer);
r->Assign(0, int(answer_type)); r->Assign(0, answer_type);
r->Assign(1, query_name); r->Assign(1, query_name);
r->Assign(2, atype); r->Assign(2, atype);
r->Assign(3, aclass); r->Assign(3, aclass);
@ -1887,7 +1887,7 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
static auto dns_edns_additional = id::find_type<RecordType>("dns_edns_additional"); static auto dns_edns_additional = id::find_type<RecordType>("dns_edns_additional");
auto r = make_intrusive<RecordVal>(dns_edns_additional); auto r = make_intrusive<RecordVal>(dns_edns_additional);
r->Assign(0, uint64_t(answer_type)); r->Assign(0, answer_type);
r->Assign(1, query_name); r->Assign(1, query_name);
// type = 0x29 or 41 = EDNS // type = 0x29 or 41 = EDNS
@ -1934,7 +1934,7 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_TCP_KA_Val(struct EDNS_TCP_KEEPALIVE* opt)
static auto dns_edns_tcp_keepalive = id::find_type<RecordType>("dns_edns_tcp_keepalive"); static auto dns_edns_tcp_keepalive = id::find_type<RecordType>("dns_edns_tcp_keepalive");
auto r = make_intrusive<RecordVal>(dns_edns_tcp_keepalive); auto r = make_intrusive<RecordVal>(dns_edns_tcp_keepalive);
r->Assign(0, bool(opt->keepalive_timeout_omitted)); r->Assign(0, opt->keepalive_timeout_omitted);
r->Assign(1, opt->keepalive_timeout); r->Assign(1, opt->keepalive_timeout);
return r; return r;
@ -1959,9 +1959,9 @@ RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
auto r = make_intrusive<RecordVal>(dns_tsig_additional); auto r = make_intrusive<RecordVal>(dns_tsig_additional);
double rtime = tsig->time_s + tsig->time_ms / 1000.0; double rtime = tsig->time_s + tsig->time_ms / 1000.0;
// r->Assign(0, uint64_t(answer_type)); // r->Assign(0, answer_type);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, tsig->alg_name); r->Assign(2, tsig->alg_name);
r->Assign(3, tsig->sig); r->Assign(3, tsig->sig);
r->AssignTime(4, rtime); r->AssignTime(4, rtime);
@ -1979,7 +1979,7 @@ RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
auto r = make_intrusive<RecordVal>(dns_rrsig_rr); auto r = make_intrusive<RecordVal>(dns_rrsig_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, rrsig->type_covered); r->Assign(2, rrsig->type_covered);
r->Assign(3, rrsig->algorithm); r->Assign(3, rrsig->algorithm);
r->Assign(4, rrsig->labels); r->Assign(4, rrsig->labels);
@ -2000,7 +2000,7 @@ RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
auto r = make_intrusive<RecordVal>(dns_dnskey_rr); auto r = make_intrusive<RecordVal>(dns_dnskey_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, dnskey->dflags); r->Assign(2, dnskey->dflags);
r->Assign(3, dnskey->dprotocol); r->Assign(3, dnskey->dprotocol);
r->Assign(4, dnskey->dalgorithm); r->Assign(4, dnskey->dalgorithm);
@ -2016,7 +2016,7 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
auto r = make_intrusive<RecordVal>(dns_nsec3_rr); auto r = make_intrusive<RecordVal>(dns_nsec3_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, nsec3->nsec_flags); r->Assign(2, nsec3->nsec_flags);
r->Assign(3, nsec3->nsec_hash_algo); r->Assign(3, nsec3->nsec_hash_algo);
r->Assign(4, nsec3->nsec_iter); r->Assign(4, nsec3->nsec_iter);
@ -2036,7 +2036,7 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3PARAM_Val(NSEC3PARAM_DATA* nsec3param)
auto r = make_intrusive<RecordVal>(dns_nsec3param_rr); auto r = make_intrusive<RecordVal>(dns_nsec3param_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, nsec3param->nsec_flags); r->Assign(2, nsec3param->nsec_flags);
r->Assign(3, nsec3param->nsec_hash_algo); r->Assign(3, nsec3param->nsec_hash_algo);
r->Assign(4, nsec3param->nsec_iter); r->Assign(4, nsec3param->nsec_iter);
@ -2053,7 +2053,7 @@ RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
auto r = make_intrusive<RecordVal>(dns_ds_rr); auto r = make_intrusive<RecordVal>(dns_ds_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, ds->key_tag); r->Assign(2, ds->key_tag);
r->Assign(3, ds->algorithm); r->Assign(3, ds->algorithm);
r->Assign(4, ds->digest_type); r->Assign(4, ds->digest_type);
@ -2069,7 +2069,7 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds)
auto r = make_intrusive<RecordVal>(dns_binds_rr); auto r = make_intrusive<RecordVal>(dns_binds_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, binds->algorithm); r->Assign(2, binds->algorithm);
r->Assign(3, binds->key_id); r->Assign(3, binds->key_id);
r->Assign(4, binds->removal_flag); r->Assign(4, binds->removal_flag);
@ -2085,14 +2085,14 @@ RecordValPtr DNS_MsgInfo::BuildLOC_Val(LOC_DATA* loc)
auto r = make_intrusive<RecordVal>(dns_loc_rr); auto r = make_intrusive<RecordVal>(dns_loc_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, uint64_t(answer_type)); r->Assign(1, answer_type);
r->Assign(2, loc->version); r->Assign(2, loc->version);
r->Assign(3, loc->size); r->Assign(3, loc->size);
r->Assign(4, loc->horiz_pre); r->Assign(4, loc->horiz_pre);
r->Assign(5, loc->vert_pre); r->Assign(5, loc->vert_pre);
r->Assign(6, uint64_t(loc->latitude)); r->Assign(6, static_cast<uint64_t>(loc->latitude));
r->Assign(7, uint64_t(loc->longitude)); r->Assign(7, static_cast<uint64_t>(loc->longitude));
r->Assign(8, uint64_t(loc->altitude)); r->Assign(8, static_cast<uint64_t>(loc->altitude));
r->Assign(9, is_query); r->Assign(9, is_query);
return r; return r;

10
src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -10,11 +10,11 @@ zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtpv1_hdr); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtpv1_hdr);
rv->Assign(0, pdu->version()); rv->Assign(0, pdu->version());
rv->Assign(1, bool(pdu->pt_flag())); rv->Assign(1, pdu->pt_flag());
rv->Assign(2, bool(pdu->rsv())); rv->Assign(2, pdu->rsv());
rv->Assign(3, bool(pdu->e_flag())); rv->Assign(3, pdu->e_flag());
rv->Assign(4, bool(pdu->s_flag())); rv->Assign(4, pdu->s_flag());
rv->Assign(5, bool(pdu->pn_flag())); rv->Assign(5, pdu->pn_flag());
rv->Assign(6, pdu->msg_type()); rv->Assign(6, pdu->msg_type());
rv->Assign(7, pdu->length()); rv->Assign(7, pdu->length());
rv->Assign(8, pdu->teid()); rv->Assign(8, pdu->teid());

8
src/analyzer/protocol/http/HTTP.cc
View file

@ -627,11 +627,11 @@ RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
auto stat = make_intrusive<RecordVal>(http_message_stat); auto stat = make_intrusive<RecordVal>(http_message_stat);
int field = 0; int field = 0;
stat->AssignTime(field++, start_time); stat->AssignTime(field++, start_time);
stat->Assign(field++, bool(interrupted)); stat->Assign(field++, interrupted);
stat->Assign(field++, msg); stat->Assign(field++, msg);
stat->Assign(field++, uint64_t(body_length)); stat->Assign(field++, static_cast<uint64_t>(body_length));
stat->Assign(field++, uint64_t(content_gap_length)); stat->Assign(field++, static_cast<uint64_t>(content_gap_length));
stat->Assign(field++, uint64_t(header_length)); stat->Assign(field++, static_cast<uint64_t>(header_length));
return stat; return stat;
} }

42
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -224,11 +224,11 @@ RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len,
{ {
static auto icmp_info = id::find_type<RecordType>("icmp_info"); static auto icmp_info = id::find_type<RecordType>("icmp_info");
auto rval = make_intrusive<RecordVal>(icmp_info); auto rval = make_intrusive<RecordVal>(icmp_info);
rval->Assign(0, bool(icmpv6)); rval->Assign(0, static_cast<bool>(icmpv6));
rval->Assign(1, uint32_t(icmpp->icmp_type)); rval->Assign(1, icmpp->icmp_type);
rval->Assign(2, uint32_t(icmpp->icmp_code)); rval->Assign(2, icmpp->icmp_code);
rval->Assign(3, uint32_t(len)); rval->Assign(3, len);
rval->Assign(4, uint32_t(ip_hdr->TTL())); rval->Assign(4, ip_hdr->TTL());
return rval; return rval;
} }
@ -355,13 +355,13 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
id_val->Assign(3, val_mgr->Port(dst_port, proto)); id_val->Assign(3, val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val)); iprec->Assign(0, std::move(id_val));
iprec->Assign(1, uint32_t(ip_len)); iprec->Assign(1, ip_len);
iprec->Assign(2, uint32_t(proto)); iprec->Assign(2, proto);
iprec->Assign(3, uint32_t(frag_offset)); iprec->Assign(3, frag_offset);
iprec->Assign(4, bool(bad_hdr_len)); iprec->Assign(4, static_cast<bool>(bad_hdr_len));
iprec->Assign(5, bool(bad_checksum)); iprec->Assign(5, static_cast<bool>(bad_checksum));
iprec->Assign(6, bool(MF)); iprec->Assign(6, static_cast<bool>(MF));
iprec->Assign(7, bool(DF)); iprec->Assign(7, static_cast<bool>(DF));
return iprec; return iprec;
} }
@ -415,14 +415,14 @@ RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
id_val->Assign(3, val_mgr->Port(dst_port, proto)); id_val->Assign(3, val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val)); iprec->Assign(0, std::move(id_val));
iprec->Assign(1, uint32_t(ip_len)); iprec->Assign(1, ip_len);
iprec->Assign(2, uint32_t(proto)); iprec->Assign(2, proto);
iprec->Assign(3, uint32_t(frag_offset)); iprec->Assign(3, frag_offset);
iprec->Assign(4, bool(bad_hdr_len)); iprec->Assign(4, static_cast<bool>(bad_hdr_len));
// bad_checksum is always false since IPv6 layer doesn't have a checksum. // bad_checksum is always false since IPv6 layer doesn't have a checksum.
iprec->Assign(5, false); iprec->Assign(5, false);
iprec->Assign(6, bool(MF)); iprec->Assign(6, static_cast<bool>(MF));
iprec->Assign(7, bool(DF)); iprec->Assign(7, static_cast<bool>(DF));
return iprec; return iprec;
} }
@ -473,13 +473,13 @@ void ICMP_Analyzer::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig)
if ( size < 0 ) if ( size < 0 )
{ {
endp->Assign(0, 0); endp->Assign(0, 0);
endp->Assign(1, int(ICMP_INACTIVE)); endp->Assign(1, ICMP_INACTIVE);
} }
else else
{ {
endp->Assign(0, size); endp->Assign(0, size);
endp->Assign(1, int(ICMP_ACTIVE)); endp->Assign(1, ICMP_ACTIVE);
} }
} }
@ -816,7 +816,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
// MTU option // MTU option
{ {
if ( caplen >= 6 ) if ( caplen >= 6 )
rv->Assign(5, uint32_t(ntohl(*((const uint32_t*)(data + 2))))); rv->Assign(5, ntohl(*((const uint32_t*)(data + 2))));
else else
set_payload_field = true; set_payload_field = true;

30
src/analyzer/protocol/krb/krb-analyzer.pac
View file

@ -10,19 +10,19 @@ zeek::RecordValPtr proc_krb_kdc_options(const KRB_KDC_Options* opts)
{ {
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::KDC_Options); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::KDC_Options);
rv->Assign(0, bool(opts->forwardable())); rv->Assign(0, opts->forwardable());
rv->Assign(1, bool(opts->forwarded())); rv->Assign(1, opts->forwarded());
rv->Assign(2, bool(opts->proxiable())); rv->Assign(2, opts->proxiable());
rv->Assign(3, bool(opts->proxy())); rv->Assign(3, opts->proxy());
rv->Assign(4, bool(opts->allow_postdate())); rv->Assign(4, opts->allow_postdate());
rv->Assign(5, bool(opts->postdated())); rv->Assign(5, opts->postdated());
rv->Assign(6, bool(opts->renewable())); rv->Assign(6, opts->renewable());
rv->Assign(7, bool(opts->opt_hardware_auth())); rv->Assign(7, opts->opt_hardware_auth());
rv->Assign(8, bool(opts->disable_transited_check())); rv->Assign(8, opts->disable_transited_check());
rv->Assign(9, bool(opts->renewable_ok())); rv->Assign(9, opts->renewable_ok());
rv->Assign(10, bool(opts->enc_tkt_in_skey())); rv->Assign(10, opts->enc_tkt_in_skey());
rv->Assign(11, bool(opts->renew())); rv->Assign(11, opts->renew());
rv->Assign(12, bool(opts->validate())); rv->Assign(12, opts->validate());
return rv; return rv;
} }
@ -259,8 +259,8 @@ refine connection KRB_Conn += {
if ( krb_ap_request ) if ( krb_ap_request )
{ {
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::AP_Options); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::AP_Options);
rv->Assign(0, bool(${msg.ap_options.use_session_key})); rv->Assign(0, ${msg.ap_options.use_session_key});
rv->Assign(1, bool(${msg.ap_options.mutual_required})); rv->Assign(1, ${msg.ap_options.mutual_required});
auto rvticket = proc_ticket(${msg.ticket}); auto rvticket = proc_ticket(${msg.ticket});
auto authenticationinfo = zeek_analyzer()->GetAuthenticationInfo( auto authenticationinfo = zeek_analyzer()->GetAuthenticationInfo(

10
src/analyzer/protocol/krb/krb-padata.pac
View file

@ -21,7 +21,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i) for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i)
{ {
KRB_PA_Data* element = (*data->data()->padata_elems())[i]; KRB_PA_Data* element = (*data->data()->padata_elems())[i];
int64 data_type = element->data_type(); uint64_t data_type = element->data_type();
if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) ) if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) )
data_type = 0; data_type = 0;
@ -37,7 +37,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
case PA_PW_SALT: case PA_PW_SALT:
{ {
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value); auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, uint64_t(data_type)); type_val->Assign(0, data_type);
type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content())); type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
vv->Assign(vv->Size(), std::move(type_val)); vv->Assign(vv->Size(), std::move(type_val));
break; break;
@ -45,7 +45,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
case PA_ENCTYPE_INFO: case PA_ENCTYPE_INFO:
{ {
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value); auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, uint64_t(data_type)); type_val->Assign(0, data_type);
type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt())); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt()));
vv->Assign(vv->Size(), std::move(type_val)); vv->Assign(vv->Size(), std::move(type_val));
break; break;
@ -53,7 +53,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
case PA_ENCTYPE_INFO2: case PA_ENCTYPE_INFO2:
{ {
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value); auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, uint64_t(data_type)); type_val->Assign(0, data_type);
type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt())); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt()));
vv->Assign(vv->Size(), std::move(type_val)); vv->Assign(vv->Size(), std::move(type_val));
break; break;
@ -113,7 +113,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 ) if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 )
{ {
auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value); auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
type_val->Assign(0, uint64_t(data_type)); type_val->Assign(0, data_type);
type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content())); type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content()));
vv->Assign(vv->Size(), std::move(type_val)); vv->Assign(vv->Size(), std::move(type_val));
} }

2
src/analyzer/protocol/mqtt/commands/connack.pac
View file

@ -17,7 +17,7 @@ refine flow MQTT_Flow += {
{ {
auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg); auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
m->Assign(0, ${msg.return_code}); m->Assign(0, ${msg.return_code});
m->Assign(1, bool(${msg.session_present})); m->Assign(1, ${msg.session_present});
zeek::BifEvent::enqueue_mqtt_connack(connection()->zeek_analyzer(), zeek::BifEvent::enqueue_mqtt_connack(connection()->zeek_analyzer(),
connection()->zeek_analyzer()->Conn(), connection()->zeek_analyzer()->Conn(),
std::move(m)); std::move(m));

4
src/analyzer/protocol/mqtt/commands/connect.pac
View file

@ -52,8 +52,8 @@ refine flow MQTT_Flow += {
reinterpret_cast<const char*>(${msg.client_id.str}.begin()))); reinterpret_cast<const char*>(${msg.client_id.str}.begin())));
m->AssignInterval(3, double(${msg.keep_alive})); m->AssignInterval(3, double(${msg.keep_alive}));
m->Assign(4, bool(${msg.clean_session})); m->Assign(4, ${msg.clean_session});
m->Assign(5, bool(${msg.will_retain})); m->Assign(5, ${msg.will_retain});
m->Assign(6, ${msg.will_qos}); m->Assign(6, ${msg.will_qos});
if ( ${msg.will_flag} ) if ( ${msg.will_flag} )

4
src/analyzer/protocol/mqtt/commands/publish.pac
View file

@ -24,9 +24,9 @@ refine flow MQTT_Flow += {
if ( mqtt_publish ) if ( mqtt_publish )
{ {
auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::PublishMsg); auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::PublishMsg);
m->Assign(0, bool(${msg.dup})); m->Assign(0, ${msg.dup});
m->Assign(1, ${msg.qos}); m->Assign(1, ${msg.qos});
m->Assign(2, bool(${msg.retain})); m->Assign(2, ${msg.retain});
m->Assign<zeek::StringVal>(3, ${msg.topic.str}.length(), m->Assign<zeek::StringVal>(3, ${msg.topic.str}.length(),
reinterpret_cast<const char*>(${msg.topic.str}.begin())); reinterpret_cast<const char*>(${msg.topic.str}.begin()));

46
src/analyzer/protocol/ntlm/ntlm-analyzer.pac
View file

@ -31,28 +31,28 @@
zeek::RecordValPtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val) zeek::RecordValPtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val)
{ {
auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTLM::NegotiateFlags); auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTLM::NegotiateFlags);
flags->Assign(0, bool(${val.negotiate_56})); flags->Assign(0, ${val.negotiate_56});
flags->Assign(1, bool(${val.negotiate_key_exch})); flags->Assign(1, ${val.negotiate_key_exch});
flags->Assign(2, bool(${val.negotiate_128})); flags->Assign(2, ${val.negotiate_128});
flags->Assign(3, bool(${val.negotiate_version})); flags->Assign(3, ${val.negotiate_version});
flags->Assign(4, bool(${val.negotiate_target_info})); flags->Assign(4, ${val.negotiate_target_info});
flags->Assign(5, bool(${val.request_non_nt_session_key})); flags->Assign(5, ${val.request_non_nt_session_key});
flags->Assign(6, bool(${val.negotiate_identify})); flags->Assign(6, ${val.negotiate_identify});
flags->Assign(7, bool(${val.negotiate_extended_sessionsecurity})); flags->Assign(7, ${val.negotiate_extended_sessionsecurity});
flags->Assign(8, bool(${val.target_type_server})); flags->Assign(8, ${val.target_type_server});
flags->Assign(9, bool(${val.target_type_domain})); flags->Assign(9, ${val.target_type_domain});
flags->Assign(10, bool(${val.negotiate_always_sign})); flags->Assign(10, ${val.negotiate_always_sign});
flags->Assign(11, bool(${val.negotiate_oem_workstation_supplied})); flags->Assign(11, ${val.negotiate_oem_workstation_supplied});
flags->Assign(12, bool(${val.negotiate_oem_domain_supplied})); flags->Assign(12, ${val.negotiate_oem_domain_supplied});
flags->Assign(13, bool(${val.negotiate_anonymous_connection})); flags->Assign(13, ${val.negotiate_anonymous_connection});
flags->Assign(14, bool(${val.negotiate_ntlm})); flags->Assign(14, ${val.negotiate_ntlm});
flags->Assign(15, bool(${val.negotiate_lm_key})); flags->Assign(15, ${val.negotiate_lm_key});
flags->Assign(16, bool(${val.negotiate_datagram})); flags->Assign(16, ${val.negotiate_datagram});
flags->Assign(17, bool(${val.negotiate_seal})); flags->Assign(17, ${val.negotiate_seal});
flags->Assign(18, bool(${val.negotiate_sign})); flags->Assign(18, ${val.negotiate_sign});
flags->Assign(19, bool(${val.request_target})); flags->Assign(19, ${val.request_target});
flags->Assign(20, bool(${val.negotiate_oem})); flags->Assign(20, ${val.negotiate_oem});
flags->Assign(21, bool(${val.negotiate_unicode})); flags->Assign(21, ${val.negotiate_unicode});
return flags; return flags;
} }
@ -96,7 +96,7 @@ refine connection NTLM_Conn += {
result->Assign(4, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data})); result->Assign(4, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data}));
break; break;
case 6: case 6:
result->Assign(5, bool(${val.pairs[i].constrained_auth})); result->Assign(5, ${val.pairs[i].constrained_auth});
break; break;
case 7: case 7:
result->Assign(6, filetime2zeektime(${val.pairs[i].timestamp})); result->Assign(6, filetime2zeektime(${val.pairs[i].timestamp}));

10
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -78,7 +78,7 @@
if ( ${nsm.has_exts} ) if ( ${nsm.has_exts} )
{ {
// TODO: add extension fields // TODO: add extension fields
rv->Assign(14, (uint32) ${nsm.exts}->size()); rv->Assign(14, static_cast<uint32>(${nsm.exts}->size()));
} }
return rv; return rv;
@ -90,9 +90,9 @@
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::ControlMessage); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::ControlMessage);
rv->Assign(0, ${ncm.OpCode}); rv->Assign(0, ${ncm.OpCode});
rv->Assign(1, bool(${ncm.R})); rv->Assign(1, ${ncm.R});
rv->Assign(2, bool(${ncm.E})); rv->Assign(2, ${ncm.E});
rv->Assign(3, bool(${ncm.M})); rv->Assign(3, ${ncm.M});
rv->Assign(4, ${ncm.sequence}); rv->Assign(4, ${ncm.sequence});
rv->Assign(5, ${ncm.status}); rv->Assign(5, ${ncm.status});
rv->Assign(6, ${ncm.association_id}); rv->Assign(6, ${ncm.association_id});
@ -115,7 +115,7 @@
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::Mode7Message); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::Mode7Message);
rv->Assign(0, ${m7.request_code}); rv->Assign(0, ${m7.request_code});
rv->Assign(1, bool(${m7.auth_bit})); rv->Assign(1, ${m7.auth_bit});
rv->Assign(2, ${m7.sequence}); rv->Assign(2, ${m7.sequence});
rv->Assign(3, ${m7.implementation}); rv->Assign(3, ${m7.implementation});
rv->Assign(4, ${m7.error_code}); rv->Assign(4, ${m7.error_code});

46
src/analyzer/protocol/rdp/rdp-analyzer.pac
View file

@ -66,15 +66,15 @@ refine flow RDP_Flow += {
if ( rdp_client_core_data ) if ( rdp_client_core_data )
{ {
auto ec_flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::EarlyCapabilityFlags); auto ec_flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::EarlyCapabilityFlags);
ec_flags->Assign(0, bool(${ccore.SUPPORT_ERRINFO_PDU})); ec_flags->Assign(0, ${ccore.SUPPORT_ERRINFO_PDU});
ec_flags->Assign(1, bool(${ccore.WANT_32BPP_SESSION})); ec_flags->Assign(1, ${ccore.WANT_32BPP_SESSION});
ec_flags->Assign(2, bool(${ccore.SUPPORT_STATUSINFO_PDU})); ec_flags->Assign(2, ${ccore.SUPPORT_STATUSINFO_PDU});
ec_flags->Assign(3, bool(${ccore.STRONG_ASYMMETRIC_KEYS})); ec_flags->Assign(3, ${ccore.STRONG_ASYMMETRIC_KEYS});
ec_flags->Assign(4, bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU})); ec_flags->Assign(4, ${ccore.SUPPORT_MONITOR_LAYOUT_PDU});
ec_flags->Assign(5, bool(${ccore.SUPPORT_NETCHAR_AUTODETECT})); ec_flags->Assign(5, ${ccore.SUPPORT_NETCHAR_AUTODETECT});
ec_flags->Assign(6, bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL})); ec_flags->Assign(6, ${ccore.SUPPORT_DYNVC_GFX_PROTOCOL});
ec_flags->Assign(7, bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE})); ec_flags->Assign(7, ${ccore.SUPPORT_DYNAMIC_TIME_ZONE});
ec_flags->Assign(8, bool(${ccore.SUPPORT_HEARTBEAT_PDU})); ec_flags->Assign(8, ${ccore.SUPPORT_HEARTBEAT_PDU});
auto ccd = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientCoreData); auto ccd = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientCoreData);
ccd->Assign(0, ${ccore.version_major}); ccd->Assign(0, ${ccore.version_major});
@ -137,17 +137,17 @@ refine flow RDP_Flow += {
channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name})); channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name}));
channel_def->Assign(1, ${cnetwork.channel_def_array[i].options}); channel_def->Assign(1, ${cnetwork.channel_def_array[i].options});
channel_def->Assign(2, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED})); channel_def->Assign(2, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED});
channel_def->Assign(3, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP})); channel_def->Assign(3, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP});
channel_def->Assign(4, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC})); channel_def->Assign(4, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC});
channel_def->Assign(5, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS})); channel_def->Assign(5, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS});
channel_def->Assign(6, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH})); channel_def->Assign(6, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH});
channel_def->Assign(7, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED})); channel_def->Assign(7, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED});
channel_def->Assign(8, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW})); channel_def->Assign(8, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW});
channel_def->Assign(9, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP})); channel_def->Assign(9, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP});
channel_def->Assign(10, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS})); channel_def->Assign(10, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS});
channel_def->Assign(11, bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL})); channel_def->Assign(11, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL});
channel_def->Assign(12, bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT})); channel_def->Assign(12, ${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT});
channels->Assign(channels->Size(), std::move(channel_def)); channels->Assign(channels->Size(), std::move(channel_def));
} }
@ -168,10 +168,10 @@ refine flow RDP_Flow += {
auto ccld = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientClusterData); auto ccld = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientClusterData);
ccld->Assign(0, ${ccluster.flags}); ccld->Assign(0, ${ccluster.flags});
ccld->Assign(1, ${ccluster.redir_session_id}); ccld->Assign(1, ${ccluster.redir_session_id});
ccld->Assign(2, bool(${ccluster.REDIRECTION_SUPPORTED})); ccld->Assign(2, ${ccluster.REDIRECTION_SUPPORTED});
ccld->Assign(3, ${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}); ccld->Assign(3, ${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK});
ccld->Assign(4, bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID})); ccld->Assign(4, ${ccluster.REDIRECTED_SESSIONID_FIELD_VALID});
ccld->Assign(5, bool(${ccluster.REDIRECTED_SMARTCARD})); ccld->Assign(5, ${ccluster.REDIRECTED_SMARTCARD});
zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->zeek_analyzer(), zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->zeek_analyzer(),
connection()->zeek_analyzer()->Conn(), connection()->zeek_analyzer()->Conn(),

2
src/analyzer/protocol/rpc/Portmap.cc
View file

@ -217,7 +217,7 @@ ValPtr PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
pr->Assign(1, extract_XDR_uint32(buf, len)); pr->Assign(1, extract_XDR_uint32(buf, len));
bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP; bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
pr->Assign(2, bool(is_tcp)); pr->Assign(2, is_tcp);
(void) extract_XDR_uint32(buf, len); // consume the bogus port (void) extract_XDR_uint32(buf, len); // consume the bogus port
if ( ! buf ) if ( ! buf )

52
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -51,12 +51,12 @@ refine connection SMB_Conn += {
case 0x0d: case 0x0d:
{ {
auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
security->Assign(0, bool(${val.lanman.security_user_level})); security->Assign(0, ${val.lanman.security_user_level});
security->Assign(1, bool(${val.lanman.security_challenge_response})); security->Assign(1, ${val.lanman.security_challenge_response});
auto raw = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateRawMode); auto raw = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateRawMode);
raw->Assign(0, bool(${val.lanman.raw_read_supported})); raw->Assign(0, ${val.lanman.raw_read_supported});
raw->Assign(1, bool(${val.lanman.raw_write_supported})); raw->Assign(1, ${val.lanman.raw_write_supported});
auto lanman = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN); auto lanman = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN);
lanman->Assign(0, ${val.word_count}); lanman->Assign(0, ${val.word_count});
@ -80,33 +80,33 @@ refine connection SMB_Conn += {
case 0x11: case 0x11:
{ {
auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity); auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
security->Assign(0, bool(${val.ntlm.security_user_level})); security->Assign(0, ${val.ntlm.security_user_level});
security->Assign(1, bool(${val.ntlm.security_challenge_response})); security->Assign(1, ${val.ntlm.security_challenge_response});
security->Assign(2, bool(${val.ntlm.security_signatures_enabled})); security->Assign(2, ${val.ntlm.security_signatures_enabled});
security->Assign(3, bool(${val.ntlm.security_signatures_required})); security->Assign(3, ${val.ntlm.security_signatures_required});
auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateCapabilities); auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateCapabilities);
capabilities->Assign(0, bool(${val.ntlm.capabilities_raw_mode})); capabilities->Assign(0, ${val.ntlm.capabilities_raw_mode});
capabilities->Assign(1, bool(${val.ntlm.capabilities_mpx_mode})); capabilities->Assign(1, ${val.ntlm.capabilities_mpx_mode});
capabilities->Assign(2, bool(${val.ntlm.capabilities_unicode})); capabilities->Assign(2, ${val.ntlm.capabilities_unicode});
capabilities->Assign(3, bool(${val.ntlm.capabilities_large_files})); capabilities->Assign(3, ${val.ntlm.capabilities_large_files});
capabilities->Assign(4, bool(${val.ntlm.capabilities_nt_smbs})); capabilities->Assign(4, ${val.ntlm.capabilities_nt_smbs});
capabilities->Assign(5, bool(${val.ntlm.capabilities_rpc_remote_apis})); capabilities->Assign(5, ${val.ntlm.capabilities_rpc_remote_apis});
capabilities->Assign(6, bool(${val.ntlm.capabilities_status32})); capabilities->Assign(6, ${val.ntlm.capabilities_status32});
capabilities->Assign(7, bool(${val.ntlm.capabilities_level_2_oplocks})); capabilities->Assign(7, ${val.ntlm.capabilities_level_2_oplocks});
capabilities->Assign(8, bool(${val.ntlm.capabilities_lock_and_read})); capabilities->Assign(8, ${val.ntlm.capabilities_lock_and_read});
capabilities->Assign(9, bool(${val.ntlm.capabilities_nt_find})); capabilities->Assign(9, ${val.ntlm.capabilities_nt_find});
capabilities->Assign(10, bool(${val.ntlm.capabilities_dfs})); capabilities->Assign(10, ${val.ntlm.capabilities_dfs});
capabilities->Assign(11, bool(${val.ntlm.capabilities_infolevel_passthru})); capabilities->Assign(11, ${val.ntlm.capabilities_infolevel_passthru});
capabilities->Assign(12, bool(${val.ntlm.capabilities_large_readx})); capabilities->Assign(12, ${val.ntlm.capabilities_large_readx});
capabilities->Assign(13, bool(${val.ntlm.capabilities_large_writex})); capabilities->Assign(13, ${val.ntlm.capabilities_large_writex});
capabilities->Assign(14, bool(${val.ntlm.capabilities_unix})); capabilities->Assign(14, ${val.ntlm.capabilities_unix});
capabilities->Assign(15, bool(${val.ntlm.capabilities_bulk_transfer})); capabilities->Assign(15, ${val.ntlm.capabilities_bulk_transfer});
capabilities->Assign(16, bool(${val.ntlm.capabilities_compressed_data})); capabilities->Assign(16, ${val.ntlm.capabilities_compressed_data});
capabilities->Assign(17, bool(${val.ntlm.capabilities_extended_security})); capabilities->Assign(17, ${val.ntlm.capabilities_extended_security});
auto ntlm = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseNTLM); auto ntlm = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseNTLM);
ntlm->Assign(0, ${val.word_count}); ntlm->Assign(0, ${val.word_count});

28
src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
View file

@ -32,12 +32,12 @@ refine connection SMB_Conn += {
case 12: // NT LM 0.12 with extended security case 12: // NT LM 0.12 with extended security
{ {
auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
capabilities->Assign(0, bool(${val.ntlm_extended_security.capabilities.unicode})); capabilities->Assign(0, ${val.ntlm_extended_security.capabilities.unicode});
capabilities->Assign(1, bool(${val.ntlm_extended_security.capabilities.large_files})); capabilities->Assign(1, ${val.ntlm_extended_security.capabilities.large_files});
capabilities->Assign(2, bool(${val.ntlm_extended_security.capabilities.nt_smbs})); capabilities->Assign(2, ${val.ntlm_extended_security.capabilities.nt_smbs});
capabilities->Assign(3, bool(${val.ntlm_extended_security.capabilities.status32})); capabilities->Assign(3, ${val.ntlm_extended_security.capabilities.status32});
capabilities->Assign(4, bool(${val.ntlm_extended_security.capabilities.level_2_oplocks})); capabilities->Assign(4, ${val.ntlm_extended_security.capabilities.level_2_oplocks});
capabilities->Assign(5, bool(${val.ntlm_extended_security.capabilities.nt_find})); capabilities->Assign(5, ${val.ntlm_extended_security.capabilities.nt_find});
request->Assign(1, ${val.ntlm_extended_security.max_buffer_size}); request->Assign(1, ${val.ntlm_extended_security.max_buffer_size});
request->Assign(2, ${val.ntlm_extended_security.max_mpx_count}); request->Assign(2, ${val.ntlm_extended_security.max_mpx_count});
@ -54,12 +54,12 @@ refine connection SMB_Conn += {
case 13: // NT LM 0.12 without extended security case 13: // NT LM 0.12 without extended security
{ {
auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities); auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
capabilities->Assign(0, bool(${val.ntlm_nonextended_security.capabilities.unicode})); capabilities->Assign(0, ${val.ntlm_nonextended_security.capabilities.unicode});
capabilities->Assign(1, bool(${val.ntlm_nonextended_security.capabilities.large_files})); capabilities->Assign(1, ${val.ntlm_nonextended_security.capabilities.large_files});
capabilities->Assign(2, bool(${val.ntlm_nonextended_security.capabilities.nt_smbs})); capabilities->Assign(2, ${val.ntlm_nonextended_security.capabilities.nt_smbs});
capabilities->Assign(3, bool(${val.ntlm_nonextended_security.capabilities.status32})); capabilities->Assign(3, ${val.ntlm_nonextended_security.capabilities.status32});
capabilities->Assign(4, bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks})); capabilities->Assign(4, ${val.ntlm_nonextended_security.capabilities.level_2_oplocks});
capabilities->Assign(5, bool(${val.ntlm_nonextended_security.capabilities.nt_find})); capabilities->Assign(5, ${val.ntlm_nonextended_security.capabilities.nt_find});
request->Assign(1, ${val.ntlm_nonextended_security.max_buffer_size}); request->Assign(1, ${val.ntlm_nonextended_security.max_buffer_size});
request->Assign(2, ${val.ntlm_nonextended_security.max_mpx_count}); request->Assign(2, ${val.ntlm_nonextended_security.max_mpx_count});
@ -96,13 +96,13 @@ refine connection SMB_Conn += {
switch ( ${val.word_count} ) switch ( ${val.word_count} )
{ {
case 3: // pre NT LM 0.12 case 3: // pre NT LM 0.12
response->Assign(1, bool(${val.lanman.is_guest})); response->Assign(1, ${val.lanman.is_guest});
response->Assign(2, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]})); response->Assign(2, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]}));
response->Assign(3, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]})); response->Assign(3, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]}));
response->Assign(4, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]})); response->Assign(4, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]}));
break; break;
case 4: // NT LM 0.12 case 4: // NT LM 0.12
response->Assign(1, bool(${val.ntlm.is_guest})); response->Assign(1, ${val.ntlm.is_guest});
response->Assign(2, smb_string2stringval(${val.ntlm.native_os})); response->Assign(2, smb_string2stringval(${val.ntlm.native_os}));
response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman})); response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman}));
//response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain})); //response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain}));

6
src/analyzer/protocol/smb/smb2-com-session-setup.pac
View file

@ -21,9 +21,9 @@ refine connection SMB_Conn += {
if ( smb2_session_setup_response ) if ( smb2_session_setup_response )
{ {
auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupFlags); auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupFlags);
flags->Assign(0, bool(${val.flag_guest})); flags->Assign(0, ${val.flag_guest});
flags->Assign(1, bool(${val.flag_anonymous})); flags->Assign(1, ${val.flag_anonymous});
flags->Assign(2, bool(${val.flag_encrypt})); flags->Assign(2, ${val.flag_encrypt});
auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse); auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
resp->Assign(0, std::move(flags)); resp->Assign(0, std::move(flags));

6
src/analyzer/protocol/smb/smb2-com-set-info.pac
View file

@ -193,9 +193,9 @@ refine connection SMB_Conn += {
if ( smb2_file_fscontrol ) if ( smb2_file_fscontrol )
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Fscontrol); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Fscontrol);
r->Assign(0, int(${val.free_space_start_filtering})); r->Assign(0, static_cast<int>(${val.free_space_start_filtering}));
r->Assign(1, int(${val.free_space_start_threshold})); r->Assign(1, static_cast<int>(${val.free_space_start_threshold}));
r->Assign(2, int(${val.free_space_stop_filtering})); r->Assign(2, static_cast<int>(${val.free_space_stop_filtering}));
r->Assign(3, ${val.default_quota_threshold}); r->Assign(3, ${val.default_quota_threshold});
r->Assign(4, ${val.default_quota_limit}); r->Assign(4, ${val.default_quota_limit});
r->Assign(5, ${val.file_system_control_flags}); r->Assign(5, ${val.file_system_control_flags});

30
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -36,21 +36,21 @@ zeek::RecordValPtr BuildSMB2GUID(SMB2_guid* file_id)
zeek::RecordValPtr smb2_file_attrs_to_zeek(SMB2_file_attributes* val) zeek::RecordValPtr smb2_file_attrs_to_zeek(SMB2_file_attributes* val)
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::FileAttrs); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::FileAttrs);
r->Assign(0, bool(${val.read_only})); r->Assign(0, ${val.read_only});
r->Assign(1, bool(${val.hidden})); r->Assign(1, ${val.hidden});
r->Assign(2, bool(${val.system})); r->Assign(2, ${val.system});
r->Assign(3, bool(${val.directory})); r->Assign(3, ${val.directory});
r->Assign(4, bool(${val.archive})); r->Assign(4, ${val.archive});
r->Assign(5, bool(${val.normal})); r->Assign(5, ${val.normal});
r->Assign(6, bool(${val.temporary})); r->Assign(6, ${val.temporary});
r->Assign(7, bool(${val.sparse_file})); r->Assign(7, ${val.sparse_file});
r->Assign(8, bool(${val.reparse_point})); r->Assign(8, ${val.reparse_point});
r->Assign(9, bool(${val.compressed})); r->Assign(9, ${val.compressed});
r->Assign(10, bool(${val.offline})); r->Assign(10, ${val.offline});
r->Assign(11, bool(${val.not_content_indexed})); r->Assign(11, ${val.not_content_indexed});
r->Assign(12, bool(${val.encrypted})); r->Assign(12, ${val.encrypted});
r->Assign(13, bool(${val.integrity_stream})); r->Assign(13, ${val.integrity_stream});
r->Assign(14, bool(${val.no_scrub_data})); r->Assign(14, ${val.no_scrub_data});
return r; return r;
} }

8
src/analyzer/protocol/snmp/snmp-analyzer.pac
View file

@ -93,7 +93,7 @@ zeek::ValPtr time_ticks_to_val(const TimeTicks* tt)
zeek::RecordValPtr build_hdr(const Header* header) zeek::RecordValPtr build_hdr(const Header* header)
{ {
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SNMP::Header); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SNMP::Header);
rv->Assign(0, uint64_t(header->version())); rv->Assign(0, static_cast<uint64_t>(header->version()));
switch ( header->version() ) { switch ( header->version() ) {
case SNMPV1_TAG: case SNMPV1_TAG:
@ -133,9 +133,9 @@ zeek::RecordValPtr build_hdrV3(const Header* header)
v3->Assign(0, asn1_integer_to_val(global_data->id(), zeek::TYPE_COUNT)); v3->Assign(0, asn1_integer_to_val(global_data->id(), zeek::TYPE_COUNT));
v3->Assign(1, asn1_integer_to_val(global_data->max_size(), zeek::TYPE_COUNT)); v3->Assign(1, asn1_integer_to_val(global_data->max_size(), zeek::TYPE_COUNT));
v3->Assign(2, flags_byte); v3->Assign(2, flags_byte);
v3->Assign(3, bool(flags_byte & 0x01)); v3->Assign(3, static_cast<bool>(flags_byte & 0x01));
v3->Assign(4, bool(flags_byte & 0x02)); v3->Assign(4, static_cast<bool>(flags_byte & 0x02));
v3->Assign(5, bool(flags_byte & 0x04)); v3->Assign(5, static_cast<bool>(flags_byte & 0x04));
v3->Assign(6, asn1_integer_to_val(global_data->security_model(), zeek::TYPE_COUNT)); v3->Assign(6, asn1_integer_to_val(global_data->security_model(), zeek::TYPE_COUNT));
v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters())); v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters()));

2
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -111,7 +111,7 @@ refine flow SSH_Flow += {
} }
result->Assign(6, bool(!${msg.is_orig})); result->Assign(6, !${msg.is_orig});
zeek::BifEvent::enqueue_ssh_capabilities(connection()->zeek_analyzer(), zeek::BifEvent::enqueue_ssh_capabilities(connection()->zeek_analyzer(),
connection()->zeek_analyzer()->Conn(), to_stringval(${msg.cookie}), connection()->zeek_analyzer()->Conn(), to_stringval(${msg.cookie}),

32
src/analyzer/protocol/tcp/TCP.cc
View file

@ -109,14 +109,14 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
static auto SYN_packet = id::find_type<RecordType>("SYN_packet"); static auto SYN_packet = id::find_type<RecordType>("SYN_packet");
auto* v = new RecordVal(SYN_packet); auto* v = new RecordVal(SYN_packet);
v->Assign(0, bool(is_orig)); v->Assign(0, is_orig);
v->Assign(1, bool(int(ip->DF()))); v->Assign(1, static_cast<bool>(ip->DF()));
v->Assign(2, uint32_t(ip->TTL())); v->Assign(2, ip->TTL());
v->Assign(3, uint32_t((ip->TotalLen()))); v->Assign(3, ip->TotalLen());
v->Assign(4, uint32_t(ntohs(tcp->th_win))); v->Assign(4, ntohs(tcp->th_win));
v->Assign(5, int(winscale)); v->Assign(5, winscale);
v->Assign(6, uint32_t(MSS)); v->Assign(6, MSS);
v->Assign(7, bool(SACK)); v->Assign(7, static_cast<bool>(SACK));
return v; return v;
} }
@ -1286,9 +1286,9 @@ void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val)
auto resp_endp_val = conn_val->GetFieldAs<RecordVal>("resp"); auto resp_endp_val = conn_val->GetFieldAs<RecordVal>("resp");
orig_endp_val->Assign(0, orig->Size()); orig_endp_val->Assign(0, orig->Size());
orig_endp_val->Assign(1, int(orig->state)); orig_endp_val->Assign(1, orig->state);
resp_endp_val->Assign(0, resp->Size()); resp_endp_val->Assign(0, resp->Size());
resp_endp_val->Assign(1, int(resp->state)); resp_endp_val->Assign(1, resp->state);
// Call children's UpdateConnVal // Call children's UpdateConnVal
Analyzer::UpdateConnVal(conn_val); Analyzer::UpdateConnVal(conn_val);
@ -1369,8 +1369,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
auto length = kind < 2 ? 1 : o[1]; auto length = kind < 2 ? 1 : o[1];
auto option_record = make_intrusive<RecordVal>(BifType::Record::TCP::Option); auto option_record = make_intrusive<RecordVal>(BifType::Record::TCP::Option);
option_list->Assign(option_list->Size(), option_record); option_list->Assign(option_list->Size(), option_record);
option_record->Assign(0, uint32_t(kind)); option_record->Assign(0, kind);
option_record->Assign(1, uint32_t(length)); option_record->Assign(1, length);
switch ( kind ) { switch ( kind ) {
case 2: case 2:
@ -1378,7 +1378,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
if ( length == 4 ) if ( length == 4 )
{ {
auto mss = ntohs(*reinterpret_cast<const uint16_t*>(o + 2)); auto mss = ntohs(*reinterpret_cast<const uint16_t*>(o + 2));
option_record->Assign(3, uint32_t(mss)); option_record->Assign(3, mss);
} }
else else
{ {
@ -1392,7 +1392,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
if ( length == 3 ) if ( length == 3 )
{ {
auto scale = o[2]; auto scale = o[2];
option_record->Assign(4, uint32_t(scale)); option_record->Assign(4, scale);
} }
else else
{ {
@ -1438,8 +1438,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
{ {
auto send = ntohl(*reinterpret_cast<const uint32_t*>(o + 2)); auto send = ntohl(*reinterpret_cast<const uint32_t*>(o + 2));
auto echo = ntohl(*reinterpret_cast<const uint32_t*>(o + 6)); auto echo = ntohl(*reinterpret_cast<const uint32_t*>(o + 6));
option_record->Assign(6, uint32_t(send)); option_record->Assign(6, send);
option_record->Assign(7, uint32_t(echo)); option_record->Assign(7, echo);
} }
else else
{ {

6
src/analyzer/protocol/udp/UDP.cc
View file

@ -236,13 +236,13 @@ void UDP_Analyzer::UpdateEndpointVal(RecordVal* endp, bool is_orig)
if ( size < 0 ) if ( size < 0 )
{ {
endp->Assign(0, 0); endp->Assign(0, 0);
endp->Assign(1, int(UDP_INACTIVE)); endp->Assign(1, UDP_INACTIVE);
} }
else else
{ {
endp->Assign(0, uint64_t(size)); endp->Assign(0, static_cast<uint64_t>(size));
endp->Assign(1, int(UDP_ACTIVE)); endp->Assign(1, UDP_ACTIVE);
} }
} }

4
src/file_analysis/analyzer/x509/X509.cc
View file

@ -124,7 +124,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate); auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate);
BIO *bio = BIO_new(BIO_s_mem()); BIO *bio = BIO_new(BIO_s_mem());
pX509Cert->Assign(0, uint64_t(X509_get_version(ssl_cert) + 1)); pX509Cert->Assign(0, static_cast<uint64_t>(X509_get_version(ssl_cert) + 1));
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert)); i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
int len = BIO_read(bio, buf, sizeof(buf)); int len = BIO_read(bio, buf, sizeof(buf));
pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf)); pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf));
@ -295,7 +295,7 @@ void X509::ParseBasicConstraints(X509_EXTENSION* ex)
pBasicConstraint->Assign(0, constr->ca); pBasicConstraint->Assign(0, constr->ca);
if ( constr->pathlen ) if ( constr->pathlen )
pBasicConstraint->Assign(1, int32_t(ASN1_INTEGER_get(constr->pathlen))); pBasicConstraint->Assign(1, static_cast<int32_t>(ASN1_INTEGER_get(constr->pathlen)));
event_mgr.Enqueue(x509_ext_basic_constraints, event_mgr.Enqueue(x509_ext_basic_constraints,
GetFile()->ToVal(), GetFile()->ToVal(),

6
src/iosource/pcap/pcap.bif
View file

@ -146,11 +146,11 @@ function findalldevs%(%): Pcap::Interfaces
} }
} }
r->Assign(2, addrs->ToSetVal()); r->Assign(2, addrs->ToSetVal());
r->Assign(3, bool(d->flags & PCAP_IF_LOOPBACK)); r->Assign(3, static_cast<bool>(d->flags & PCAP_IF_LOOPBACK));
#ifdef PCAP_IF_UP #ifdef PCAP_IF_UP
// These didn't become available until libpcap 1.6.1 // These didn't become available until libpcap 1.6.1
r->Assign(4, bool(d->flags & PCAP_IF_UP)); r->Assign(4, static_cast<bool>(d->flags & PCAP_IF_UP));
r->Assign(5, bool(d->flags & PCAP_IF_RUNNING)); r->Assign(5, static_cast<bool>(d->flags & PCAP_IF_RUNNING));
#endif #endif
pcap_interfaces->Assign(std::move(r), nullptr); pcap_interfaces->Assign(std::move(r), nullptr);

32
src/stats.bif
View file

@ -95,7 +95,7 @@ function get_conn_stats%(%): ConnStats
sessions->GetStats(s); sessions->GetStats(s);
#define ADD_STAT(x) \ #define ADD_STAT(x) \
r->Assign(n++, unsigned(sessions ? x : 0)); r->Assign(n++, static_cast<uint64_t>(sessions ? x : 0));
ADD_STAT(s.num_packets); ADD_STAT(s.num_packets);
ADD_STAT(s.num_fragments); ADD_STAT(s.num_fragments);
@ -160,14 +160,14 @@ function get_proc_stats%(%): ProcStats
uint64_t total_mem; uint64_t total_mem;
zeek::util::get_memory_usage(&total_mem, NULL); zeek::util::get_memory_usage(&total_mem, NULL);
r->Assign(n++, unsigned(total_mem)); r->Assign(n++, static_cast<uint64_t>(total_mem));
r->Assign(n++, unsigned(ru.ru_minflt)); r->Assign(n++, static_cast<uint64_t>(ru.ru_minflt));
r->Assign(n++, unsigned(ru.ru_majflt)); r->Assign(n++, static_cast<uint64_t>(ru.ru_majflt));
r->Assign(n++, unsigned(ru.ru_nswap)); r->Assign(n++, static_cast<uint64_t>(ru.ru_nswap));
r->Assign(n++, unsigned(ru.ru_inblock)); r->Assign(n++, static_cast<uint64_t>(ru.ru_inblock));
r->Assign(n++, unsigned(ru.ru_oublock)); r->Assign(n++, static_cast<uint64_t>(ru.ru_oublock));
r->Assign(n++, unsigned(ru.ru_nivcsw)); r->Assign(n++, static_cast<uint64_t>(ru.ru_nivcsw));
return r; return r;
%} %}
@ -252,12 +252,12 @@ function get_dns_stats%(%): DNSStats
zeek::detail::DNS_Mgr::Stats dstats; zeek::detail::DNS_Mgr::Stats dstats;
zeek::detail::dns_mgr->GetStats(&dstats); zeek::detail::dns_mgr->GetStats(&dstats);
r->Assign(n++, unsigned(dstats.requests)); r->Assign(n++, static_cast<uint64_t>(dstats.requests));
r->Assign(n++, unsigned(dstats.successful)); r->Assign(n++, static_cast<uint64_t>(dstats.successful));
r->Assign(n++, unsigned(dstats.failed)); r->Assign(n++, static_cast<uint64_t>(dstats.failed));
r->Assign(n++, unsigned(dstats.pending)); r->Assign(n++, static_cast<uint64_t>(dstats.pending));
r->Assign(n++, unsigned(dstats.cached_hosts)); r->Assign(n++, static_cast<uint64_t>(dstats.cached_hosts));
r->Assign(n++, unsigned(dstats.cached_addresses)); r->Assign(n++, static_cast<uint64_t>(dstats.cached_addresses));
return r; return r;
%} %}
@ -283,8 +283,8 @@ function get_timer_stats%(%): TimerStats
auto r = zeek::make_intrusive<zeek::RecordVal>(TimerStats); auto r = zeek::make_intrusive<zeek::RecordVal>(TimerStats);
int n = 0; int n = 0;
r->Assign(n++, unsigned(zeek::detail::timer_mgr->Size())); r->Assign(n++, static_cast<uint64_t>(zeek::detail::timer_mgr->Size()));
r->Assign(n++, unsigned(zeek::detail::timer_mgr->PeakSize())); r->Assign(n++, static_cast<uint64_t>(zeek::detail::timer_mgr->PeakSize()));
r->Assign(n++, zeek::detail::timer_mgr->CumulativeNum()); r->Assign(n++, zeek::detail::timer_mgr->CumulativeNum());
return r; return r;

18
src/zeek.bif
View file

@ -1926,7 +1926,7 @@ function packet_source%(%): PacketSource
if ( ps ) if ( ps )
{ {
r->Assign(0, bool(ps->IsLive())); r->Assign(0, ps->IsLive());
r->Assign(1, ps->Path()); r->Assign(1, ps->Path());
r->Assign(2, ps->LinkType()); r->Assign(2, ps->LinkType());
r->Assign(3, ps->Netmask()); r->Assign(3, ps->Netmask());
@ -1980,12 +1980,12 @@ function global_ids%(%): id_table
static auto script_id = zeek::id::find_type<zeek::RecordType>("script_id"); static auto script_id = zeek::id::find_type<zeek::RecordType>("script_id");
auto rec = zeek::make_intrusive<zeek::RecordVal>(script_id); auto rec = zeek::make_intrusive<zeek::RecordVal>(script_id);
rec->Assign(0, type_name(id->GetType()->Tag())); rec->Assign(0, type_name(id->GetType()->Tag()));
rec->Assign(1, bool(id->IsExport())); rec->Assign(1, id->IsExport());
rec->Assign(2, bool(id->IsConst())); rec->Assign(2, id->IsConst());
rec->Assign(3, bool(id->IsEnumConst())); rec->Assign(3, id->IsEnumConst());
rec->Assign(4, bool(id->IsOption())); rec->Assign(4, id->IsOption());
rec->Assign(5, bool(id->IsRedefinable())); rec->Assign(5, id->IsRedefinable());
rec->Assign(6, bool(id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil)); rec->Assign(6, id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil);
if ( id->HasVal() ) if ( id->HasVal() )
rec->Assign(7, id->GetVal()); rec->Assign(7, id->GetVal());
@ -3503,8 +3503,8 @@ function get_current_packet%(%) : pcap_packet
return pkt; return pkt;
} }
pkt->Assign(0, uint32_t(p->ts.tv_sec)); pkt->Assign(0, static_cast<uint32_t>(p->ts.tv_sec));
pkt->Assign(1, uint32_t(p->ts.tv_usec)); pkt->Assign(1, static_cast<uint32_t>(p->ts.tv_usec));
pkt->Assign(2, p->cap_len); pkt->Assign(2, p->cap_len);
pkt->Assign(3, p->len); pkt->Assign(3, p->len);
pkt->Assign(4, zeek::make_intrusive<zeek::StringVal>(p->cap_len, (const char*)p->data)); pkt->Assign(4, zeek::make_intrusive<zeek::StringVal>(p->cap_len, (const char*)p->data));