From 25c0fc7ab2948c4cc198872c6fc802c19c4aaff1 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Thu, 16 Jul 2020 16:26:22 -0700 Subject: [PATCH] Move IP Addr/Prefix/Header classes into namespaces --- src/CompHash.cc | 2 +- src/Conn.cc | 14 ++--- src/Conn.h | 32 +++++----- src/DNS_Mgr.cc | 52 ++++++++-------- src/DNS_Mgr.h | 14 ++--- src/Desc.cc | 4 +- src/Desc.h | 9 +-- src/Discard.cc | 2 +- src/Discard.h | 5 +- src/Frag.cc | 14 ++--- src/Frag.h | 14 ++--- src/IP.cc | 4 ++ src/IP.h | 34 +++++++---- src/IPAddr.cc | 16 +++-- src/IPAddr.h | 25 ++++++-- src/PacketFilter.cc | 14 ++--- src/PacketFilter.h | 14 ++--- src/PrefixTable.cc | 18 +++--- src/PrefixTable.h | 14 ++--- src/Reporter.cc | 8 +-- src/Reporter.h | 13 ++-- src/RuleMatcher.cc | 40 ++++++------- src/RuleMatcher.h | 19 +++--- src/SerializationFormat.cc | 16 ++--- src/SerializationFormat.h | 23 +++---- src/Sessions.cc | 44 +++++++------- src/Sessions.h | 30 +++++----- src/TunnelEncapsulation.h | 6 +- src/Val.h | 4 +- src/analyzer/Analyzer.cc | 8 +-- src/analyzer/Analyzer.h | 12 ++-- src/analyzer/protocol/ayiya/AYIYA.cc | 2 +- src/analyzer/protocol/ayiya/AYIYA.h | 2 +- .../protocol/ayiya/ayiya-analyzer.pac | 2 +- src/analyzer/protocol/conn-size/ConnSize.cc | 2 +- src/analyzer/protocol/conn-size/ConnSize.h | 2 +- src/analyzer/protocol/dhcp/DHCP.cc | 2 +- src/analyzer/protocol/dhcp/DHCP.h | 2 +- src/analyzer/protocol/dnp3/DNP3.cc | 2 +- src/analyzer/protocol/dnp3/DNP3.h | 2 +- src/analyzer/protocol/dns/DNS.cc | 2 +- src/analyzer/protocol/dns/DNS.h | 2 +- src/analyzer/protocol/ftp/functions.bif | 4 +- src/analyzer/protocol/gtpv1/GTPv1.cc | 2 +- src/analyzer/protocol/gtpv1/GTPv1.h | 2 +- .../protocol/gtpv1/gtpv1-analyzer.pac | 14 ++--- src/analyzer/protocol/icmp/ICMP.cc | 60 +++++++++---------- src/analyzer/protocol/icmp/ICMP.h | 30 +++++----- src/analyzer/protocol/krb/KRB.cc | 2 +- src/analyzer/protocol/krb/KRB.h | 2 +- src/analyzer/protocol/krb/krb-types.pac | 4 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 2 +- src/analyzer/protocol/netbios/NetbiosSSN.h | 2 +- src/analyzer/protocol/ntp/NTP.cc | 2 +- src/analyzer/protocol/ntp/NTP.h | 2 +- src/analyzer/protocol/ntp/ntp-analyzer.pac | 2 +- src/analyzer/protocol/pia/PIA.cc | 14 ++--- src/analyzer/protocol/pia/PIA.h | 16 ++--- src/analyzer/protocol/radius/RADIUS.cc | 2 +- src/analyzer/protocol/radius/RADIUS.h | 2 +- src/analyzer/protocol/rdp/RDPEUDP.cc | 2 +- src/analyzer/protocol/rdp/RDPEUDP.h | 2 +- src/analyzer/protocol/rpc/RPC.cc | 2 +- src/analyzer/protocol/rpc/RPC.h | 2 +- src/analyzer/protocol/sip/SIP.cc | 2 +- src/analyzer/protocol/sip/SIP.h | 2 +- src/analyzer/protocol/snmp/SNMP.cc | 2 +- src/analyzer/protocol/snmp/SNMP.h | 2 +- src/analyzer/protocol/snmp/snmp-analyzer.pac | 2 +- .../protocol/socks/socks-analyzer.pac | 4 +- src/analyzer/protocol/ssl/DTLS.cc | 2 +- src/analyzer/protocol/ssl/DTLS.h | 2 +- .../protocol/stepping-stone/SteppingStone.cc | 4 +- .../protocol/stepping-stone/SteppingStone.h | 4 +- src/analyzer/protocol/syslog/Syslog.cc | 2 +- src/analyzer/protocol/syslog/Syslog.h | 2 +- src/analyzer/protocol/tcp/TCP.cc | 14 ++--- src/analyzer/protocol/tcp/TCP.h | 17 +++--- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 4 +- src/analyzer/protocol/tcp/TCP_Endpoint.h | 9 +-- src/analyzer/protocol/teredo/Teredo.cc | 6 +- src/analyzer/protocol/teredo/Teredo.h | 4 +- src/analyzer/protocol/udp/UDP.cc | 4 +- src/analyzer/protocol/udp/UDP.h | 4 +- src/analyzer/protocol/vxlan/VXLAN.cc | 4 +- src/analyzer/protocol/vxlan/VXLAN.h | 2 +- src/broker/Data.cc | 4 +- .../analyzer/unified2/unified2-analyzer.pac | 4 +- src/file_analysis/analyzer/x509/X509Common.h | 1 + src/input/Manager.cc | 12 ++-- src/iosource/Packet.cc | 10 ++-- src/iosource/Packet.h | 6 +- src/net_util.cc | 16 ++--- src/net_util.h | 16 ++--- src/rule-parse.y | 12 ++-- src/rule-scan.l | 4 +- src/scan.l | 4 +- src/threading/SerialTypes.cc | 12 ++-- src/threading/SerialTypes.h | 2 +- src/zeek.bif | 36 +++++------ 100 files changed, 495 insertions(+), 460 deletions(-) diff --git a/src/CompHash.cc b/src/CompHash.cc index d3b9f728c7..8857c77186 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -817,7 +817,7 @@ const char* CompositeHash::RecoverOneVal( const uint32_t* const kp = AlignType(kp0); kp1 = reinterpret_cast(kp+4); - IPAddr addr(IPv6, kp, IPAddr::Network); + zeek::IPAddr addr(IPv6, kp, zeek::IPAddr::Network); switch ( tag ) { case zeek::TYPE_ADDR: diff --git a/src/Conn.cc b/src/Conn.cc index 1db0898f2f..28d68f7abe 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -57,7 +57,7 @@ void ConnectionTimer::Dispatch(double t, bool is_expire) uint64_t Connection::total_connections = 0; uint64_t Connection::current_connections = 0; -Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id, +Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id, uint32_t flow, const Packet* pkt, const EncapsulationStack* arg_encap) { @@ -183,11 +183,11 @@ void Connection::Done() } void Connection::NextPacket(double t, bool is_orig, - const IP_Hdr* ip, int len, int caplen, - const u_char*& data, - int& record_packet, int& record_content, - // arguments for reproducing packets - const Packet *pkt) + const zeek::IP_Hdr* ip, int len, int caplen, + const u_char*& data, + int& record_packet, int& record_content, + // arguments for reproducing packets + const Packet *pkt) { current_timestamp = t; current_pkt = pkt; @@ -577,7 +577,7 @@ void Connection::CancelTimers() void Connection::FlipRoles() { - IPAddr tmp_addr = resp_addr; + zeek::IPAddr tmp_addr = resp_addr; resp_addr = orig_addr; orig_addr = tmp_addr; diff --git a/src/Conn.h b/src/Conn.h index 3fb7a02d1b..a7912b35f9 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -50,22 +50,22 @@ typedef enum { typedef void (Connection::*timer_func)(double t); struct ConnID { - IPAddr src_addr; - IPAddr dst_addr; + zeek::IPAddr src_addr; + zeek::IPAddr dst_addr; uint32_t src_port; uint32_t dst_port; bool is_one_way; // if true, don't canonicalize order }; -static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, - const IPAddr& addr2, uint32_t p2) +static inline int addr_port_canon_lt(const zeek::IPAddr& addr1, uint32_t p1, + const zeek::IPAddr& addr2, uint32_t p2) { return addr1 < addr2 || (addr1 == addr2 && p1 < p2); } class Connection final : public zeek::Obj { public: - Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id, + Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id, uint32_t flow, const Packet* pkt, const EncapsulationStack* arg_encap); ~Connection() override; @@ -92,16 +92,16 @@ public: // be recorded, otherwise just up through the transport header. // Both are assumed set to true when called. void NextPacket(double t, bool is_orig, - const IP_Hdr* ip, int len, int caplen, - const u_char*& data, - int& record_packet, int& record_content, - // arguments for reproducing packets - const Packet *pkt); + const zeek::IP_Hdr* ip, int len, int caplen, + const u_char*& data, + int& record_packet, int& record_content, + // arguments for reproducing packets + const Packet *pkt); // Keys are only considered valid for a connection when a // connection is in the session map. If it is removed, the key // should be marked invalid. - const ConnIDKey& Key() const { return key; } + const zeek::detail::ConnIDKey& Key() const { return key; } void ClearKey() { key_valid = false; } bool IsKeyValid() const { return key_valid; } @@ -110,8 +110,8 @@ public: double LastTime() const { return last_time; } void SetLastTime(double t) { last_time = t; } - const IPAddr& OrigAddr() const { return orig_addr; } - const IPAddr& RespAddr() const { return resp_addr; } + const zeek::IPAddr& OrigAddr() const { return orig_addr; } + const zeek::IPAddr& RespAddr() const { return resp_addr; } uint32_t OrigPort() const { return orig_port; } uint32_t RespPort() const { return resp_port; } @@ -344,13 +344,13 @@ protected: void RemoveConnectionTimer(double t); NetSessions* sessions; - ConnIDKey key; + zeek::detail::ConnIDKey key; bool key_valid; timer_list timers; - IPAddr orig_addr; - IPAddr resp_addr; + zeek::IPAddr orig_addr; + zeek::IPAddr resp_addr; uint32_t orig_port, resp_port; // in network order TransportProto proto; uint32_t orig_flow_label, resp_flow_label; // most recent IPv6 flow labels diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index be458ebe60..001d962c2b 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -60,7 +60,7 @@ public: request_pending() { } - DNS_Mgr_Request(const IPAddr& a) + DNS_Mgr_Request(const zeek::IPAddr& a) : host(), fam(), qtype(), addr(a), request_pending() { } @@ -68,7 +68,7 @@ public: // Returns nil if this was an address request. const char* ReqHost() const { return host; } - const IPAddr& ReqAddr() const { return addr; } + const zeek::IPAddr& ReqAddr() const { return addr; } bool ReqIsTxt() const { return qtype == 16; } int MakeRequest(nb_dns_info* nb_dns); @@ -80,7 +80,7 @@ protected: char* host; // if non-nil, this is a host request int fam; // address family query type for host requests int qtype; // Query type - IPAddr addr; + zeek::IPAddr addr; int request_pending; }; @@ -106,7 +106,7 @@ int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns) class DNS_Mapping { public: DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl); - DNS_Mapping(const IPAddr& addr, struct hostent* h, uint32_t ttl); + DNS_Mapping(const zeek::IPAddr& addr, struct hostent* h, uint32_t ttl); DNS_Mapping(FILE* f); bool NoMapping() const { return no_mapping; } @@ -116,7 +116,7 @@ public: // Returns nil if this was an address request. const char* ReqHost() const { return req_host; } - IPAddr ReqAddr() const { return req_addr; } + zeek::IPAddr ReqAddr() const { return req_addr; } string ReqStr() const { return req_host ? req_host : req_addr.AsString(); @@ -150,7 +150,7 @@ protected: void Clear(); char* req_host; - IPAddr req_addr; + zeek::IPAddr req_addr; uint32_t req_ttl; int num_names; @@ -158,7 +158,7 @@ protected: zeek::StringValPtr host_val; int num_addrs; - IPAddr* addrs; + zeek::IPAddr* addrs; zeek::ListValPtr addrs_val; double creation_time; @@ -192,7 +192,7 @@ DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl) names[0] = copy_string(host); } -DNS_Mapping::DNS_Mapping(const IPAddr& addr, struct hostent* h, uint32_t ttl) +DNS_Mapping::DNS_Mapping(const zeek::IPAddr& addr, struct hostent* h, uint32_t ttl) { Init(h); req_addr = addr; @@ -231,7 +231,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) if ( is_req_host ) req_host = copy_string(req_buf); else - req_addr = IPAddr(req_buf); + req_addr = zeek::IPAddr(req_buf); num_names = 1; names = new char*[num_names]; @@ -239,7 +239,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) if ( num_addrs > 0 ) { - addrs = new IPAddr[num_addrs]; + addrs = new zeek::IPAddr[num_addrs]; for ( int i = 0; i < num_addrs; ++i ) { @@ -253,7 +253,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) if ( newline ) *newline = '\0'; - addrs[i] = IPAddr(buf); + addrs[i] = zeek::IPAddr(buf); } } else @@ -336,14 +336,14 @@ void DNS_Mapping::Init(struct hostent* h) if ( num_addrs > 0 ) { - addrs = new IPAddr[num_addrs]; + addrs = new zeek::IPAddr[num_addrs]; for ( int i = 0; i < num_addrs; ++i ) if ( h->h_addrtype == AF_INET ) - addrs[i] = IPAddr(IPv4, (uint32_t*)h->h_addr_list[i], - IPAddr::Network); + addrs[i] = zeek::IPAddr(IPv4, (uint32_t*)h->h_addr_list[i], + zeek::IPAddr::Network); else if ( h->h_addrtype == AF_INET6 ) - addrs[i] = IPAddr(IPv6, (uint32_t*)h->h_addr_list[i], - IPAddr::Network); + addrs[i] = zeek::IPAddr(IPv6, (uint32_t*)h->h_addr_list[i], + zeek::IPAddr::Network); } else addrs = nullptr; @@ -410,10 +410,10 @@ void DNS_Mgr::InitSource() // configured to the user's desired address at the time when we need to to // the lookup. auto dns_resolver = zeekenv("ZEEK_DNS_RESOLVER"); - auto dns_resolver_addr = dns_resolver ? IPAddr(dns_resolver) : IPAddr(); + auto dns_resolver_addr = dns_resolver ? zeek::IPAddr(dns_resolver) : zeek::IPAddr(); char err[NB_DNS_ERRSIZE]; - if ( dns_resolver_addr == IPAddr() ) + if ( dns_resolver_addr == zeek::IPAddr() ) nb_dns = nb_dns_init(err); else { @@ -477,7 +477,7 @@ static const char* fake_text_lookup_result(const char* name) return tmp; } -static const char* fake_addr_lookup_result(const IPAddr& addr) +static const char* fake_addr_lookup_result(const zeek::IPAddr& addr) { static char tmp[128]; snprintf(tmp, sizeof(tmp), "fake_addr_lookup_result_%s", @@ -542,7 +542,7 @@ zeek::TableValPtr DNS_Mgr::LookupHost(const char* name) } } -zeek::ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr) +zeek::ValPtr DNS_Mgr::LookupAddr(const zeek::IPAddr& addr) { InitSource(); @@ -876,12 +876,12 @@ zeek::ListValPtr DNS_Mgr::AddrListDelta(zeek::ListVal* al1, zeek::ListVal* al2) for ( int i = 0; i < al1->Length(); ++i ) { - const IPAddr& al1_i = al1->Idx(i)->AsAddr(); + const zeek::IPAddr& al1_i = al1->Idx(i)->AsAddr(); int j; for ( j = 0; j < al2->Length(); ++j ) { - const IPAddr& al2_j = al2->Idx(j)->AsAddr(); + const zeek::IPAddr& al2_j = al2->Idx(j)->AsAddr(); if ( al1_i == al2_j ) break; } @@ -898,7 +898,7 @@ void DNS_Mgr::DumpAddrList(FILE* f, zeek::ListVal* al) { for ( int i = 0; i < al->Length(); ++i ) { - const IPAddr& al_i = al->Idx(i)->AsAddr(); + const zeek::IPAddr& al_i = al->Idx(i)->AsAddr(); fprintf(f, "%s%s", i > 0 ? "," : "", al_i.AsString().c_str()); } } @@ -959,7 +959,7 @@ void DNS_Mgr::Save(FILE* f, const HostMap& m) } } -const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr) +const char* DNS_Mgr::LookupAddrInCache(const zeek::IPAddr& addr) { AddrMap::iterator it = addr_mappings.find(addr); @@ -1043,7 +1043,7 @@ static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback, delete callback; } -void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback) +void DNS_Mgr::AsyncLookupAddr(const zeek::IPAddr& host, LookupCallback* callback) { InitSource(); @@ -1209,7 +1209,7 @@ void DNS_Mgr::IssueAsyncRequests() } } -void DNS_Mgr::CheckAsyncAddrRequest(const IPAddr& addr, bool timeout) +void DNS_Mgr::CheckAsyncAddrRequest(const zeek::IPAddr& addr, bool timeout) { // Note that this code is a mirror of that for CheckAsyncHostRequest. diff --git a/src/DNS_Mgr.h b/src/DNS_Mgr.h index e4f7d8dc01..2887ed1f99 100644 --- a/src/DNS_Mgr.h +++ b/src/DNS_Mgr.h @@ -57,7 +57,7 @@ public: // a set of addr. zeek::TableValPtr LookupHost(const char* host); - zeek::ValPtr LookupAddr(const IPAddr& addr); + zeek::ValPtr LookupAddr(const zeek::IPAddr& addr); // Define the directory where to store the data. void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); } @@ -66,7 +66,7 @@ public: void Resolve(); bool Save(); - const char* LookupAddrInCache(const IPAddr& addr); + const char* LookupAddrInCache(const zeek::IPAddr& addr); zeek::TableValPtr LookupNameInCache(const std::string& name); const char* LookupTextInCache(const std::string& name); @@ -81,7 +81,7 @@ public: virtual void Timeout() = 0; }; - void AsyncLookupAddr(const IPAddr& host, LookupCallback* callback); + void AsyncLookupAddr(const zeek::IPAddr& host, LookupCallback* callback); void AsyncLookupName(const std::string& name, LookupCallback* callback); void AsyncLookupNameText(const std::string& name, LookupCallback* callback); @@ -116,7 +116,7 @@ protected: void DumpAddrList(FILE* f, zeek::ListVal* al); typedef std::map > HostMap; - typedef std::map AddrMap; + typedef std::map AddrMap; typedef std::map TextMap; void LoadCache(FILE* f); void Save(FILE* f, const AddrMap& m); @@ -132,7 +132,7 @@ protected: // Finish the request if we have a result. If not, time it out if // requested. - void CheckAsyncAddrRequest(const IPAddr& addr, bool timeout); + void CheckAsyncAddrRequest(const zeek::IPAddr& addr, bool timeout); void CheckAsyncHostRequest(const char* host, bool timeout); void CheckAsyncTextRequest(const char* host, bool timeout); @@ -162,7 +162,7 @@ protected: struct AsyncRequest { double time; - IPAddr host; + zeek::IPAddr host; std::string name; CallbackList callbacks; bool is_txt; @@ -210,7 +210,7 @@ protected: }; - typedef std::map AsyncRequestAddrMap; + typedef std::map AsyncRequestAddrMap; AsyncRequestAddrMap asyncs_addrs; typedef std::map AsyncRequestNameMap; diff --git a/src/Desc.cc b/src/Desc.cc index 9d41ca8b27..8d1f746c5f 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -178,12 +178,12 @@ void ODesc::Add(double d, bool no_exp) } } -void ODesc::Add(const IPAddr& addr) +void ODesc::Add(const zeek::IPAddr& addr) { Add(addr.AsString()); } -void ODesc::Add(const IPPrefix& prefix) +void ODesc::Add(const zeek::IPPrefix& prefix) { Add(prefix.AsString()); } diff --git a/src/Desc.h b/src/Desc.h index fc02b1113d..10c09980a3 100644 --- a/src/Desc.h +++ b/src/Desc.h @@ -23,8 +23,9 @@ typedef enum { } desc_style; class BroFile; -class IPAddr; -class IPPrefix; + +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek); namespace zeek { class Type; } using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type; @@ -87,8 +88,8 @@ public: void Add(int64_t i); void Add(uint64_t u); void Add(double d, bool no_exp=false); - void Add(const IPAddr& addr); - void Add(const IPPrefix& prefix); + void Add(const zeek::IPAddr& addr); + void Add(const zeek::IPPrefix& prefix); // Add s as a counted string. void AddCS(const char* s); diff --git a/src/Discard.cc b/src/Discard.cc index 053bed4e78..e83d1b3f23 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -33,7 +33,7 @@ bool Discarder::IsActive() return check_ip || check_tcp || check_udp || check_icmp; } -bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) +bool Discarder::NextPacket(const zeek::IP_Hdr* ip, int len, int caplen) { bool discard_packet = false; diff --git a/src/Discard.h b/src/Discard.h index 97b469cbd8..e1a0151b1c 100644 --- a/src/Discard.h +++ b/src/Discard.h @@ -6,8 +6,7 @@ #include "IntrusivePtr.h" -class IP_Hdr; - +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); @@ -22,7 +21,7 @@ public: bool IsActive(); - bool NextPacket(const IP_Hdr* ip, int len, int caplen); + bool NextPacket(const zeek::IP_Hdr* ip, int len, int caplen); protected: zeek::Val* BuildData(const u_char* data, int hdrlen, int len, int caplen); diff --git a/src/Frag.cc b/src/Frag.cc index c155a91f51..d0c0d16b48 100644 --- a/src/Frag.cc +++ b/src/Frag.cc @@ -27,7 +27,7 @@ void FragTimer::Dispatch(double t, bool /* is_expire */) } FragReassembler::FragReassembler(NetSessions* arg_s, - const IP_Hdr* ip, const u_char* pkt, + const zeek::IP_Hdr* ip, const u_char* pkt, const FragReassemblerKey& k, double t) : Reassembler(0, REASSEM_FRAG) { @@ -71,7 +71,7 @@ FragReassembler::~FragReassembler() delete reassembled_pkt; } -void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt) +void FragReassembler::AddFragment(double t, const zeek::IP_Hdr* ip, const u_char* pkt) { const struct ip* ip4 = ip->IP4_Hdr(); @@ -161,13 +161,13 @@ void FragReassembler::Weird(const char* name) const if ( version == 4 ) { - IP_Hdr hdr((const ip*)proto_hdr, false); + zeek::IP_Hdr hdr((const ip*)proto_hdr, false); s->Weird(name, &hdr); } else if ( version == 6 ) { - IP_Hdr hdr((const ip6_hdr*)proto_hdr, false, proto_hdr_len); + zeek::IP_Hdr hdr((const ip6_hdr*)proto_hdr, false, proto_hdr_len); s->Weird(name, &hdr); } @@ -293,7 +293,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */) { struct ip* reassem4 = (struct ip*) pkt_start; reassem4->ip_len = htons(frag_size + proto_hdr_len); - reassembled_pkt = new IP_Hdr(reassem4, true); + reassembled_pkt = new zeek::IP_Hdr(reassem4, true); DeleteTimer(); } @@ -301,8 +301,8 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */) { struct ip6_hdr* reassem6 = (struct ip6_hdr*) pkt_start; reassem6->ip6_plen = htons(frag_size + proto_hdr_len - 40); - const IPv6_Hdr_Chain* chain = new IPv6_Hdr_Chain(reassem6, next_proto, n); - reassembled_pkt = new IP_Hdr(reassem6, true, n, chain); + const zeek::IPv6_Hdr_Chain* chain = new zeek::IPv6_Hdr_Chain(reassem6, next_proto, n); + reassembled_pkt = new zeek::IP_Hdr(reassem6, true, n, chain); DeleteTimer(); } diff --git a/src/Frag.h b/src/Frag.h index 4ad8b1b3a6..60e1b78e57 100644 --- a/src/Frag.h +++ b/src/Frag.h @@ -13,28 +13,28 @@ class HashKey; class NetSessions; -class IP_Hdr; +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); class FragReassembler; class FragTimer; typedef void (FragReassembler::*frag_timer_func)(double t); -using FragReassemblerKey = std::tuple; +using FragReassemblerKey = std::tuple; class FragReassembler : public Reassembler { public: - FragReassembler(NetSessions* s, const IP_Hdr* ip, const u_char* pkt, - const FragReassemblerKey& k, double t); + FragReassembler(NetSessions* s, const zeek::IP_Hdr* ip, const u_char* pkt, + const FragReassemblerKey& k, double t); ~FragReassembler() override; - void AddFragment(double t, const IP_Hdr* ip, const u_char* pkt); + void AddFragment(double t, const zeek::IP_Hdr* ip, const u_char* pkt); void Expire(double t); void DeleteTimer(); void ClearTimer() { expire_timer = nullptr; } - const IP_Hdr* ReassembledPkt() { return reassembled_pkt; } + const zeek::IP_Hdr* ReassembledPkt() { return reassembled_pkt; } const FragReassemblerKey& Key() const { return key; } protected: @@ -43,7 +43,7 @@ protected: void Weird(const char* name) const; u_char* proto_hdr; - IP_Hdr* reassembled_pkt; + zeek::IP_Hdr* reassembled_pkt; NetSessions* s; uint64_t frag_size; // size of fully reassembled fragment FragReassemblerKey key; diff --git a/src/IP.cc b/src/IP.cc index 3463d6aaeb..427254c75f 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -49,6 +49,8 @@ static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len) return vv; } +namespace zeek { + zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const { zeek::RecordValPtr rv; @@ -782,3 +784,5 @@ IPv6_Hdr_Chain* IPv6_Hdr_Chain::Copy(const ip6_hdr* new_hdr) const return rval; } + +} // namespace zeek diff --git a/src/IP.h b/src/IP.h index 717225f541..6bce8bbaf5 100644 --- a/src/IP.h +++ b/src/IP.h @@ -16,15 +16,15 @@ #include "IntrusivePtr.h" -class IPAddr; - +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek); +class FragReassembler; + namespace zeek { using RecordValPtr = zeek::IntrusivePtr; using VectorValPtr = zeek::IntrusivePtr; -} #ifdef ENABLE_MOBILE_IPV6 @@ -222,14 +222,14 @@ public: * option as defined by Mobile IPv6 (RFC 6275), then return it, else * return the source address in the main IPv6 header. */ - IPAddr SrcAddr() const; + zeek::IPAddr SrcAddr() const; /** * If the chain contains a Routing header with non-zero segments left, * then return the last address of the first such header, else return * the destination address of the main IPv6 header. */ - IPAddr DstAddr() const; + zeek::IPAddr DstAddr() const; /** * Returns a vector of ip6_ext_hdr RecordVals that includes script-layer @@ -243,7 +243,7 @@ public: protected: // for access to protected ctor that changes next header values that // point to a fragment - friend class FragReassembler; + friend class ::FragReassembler; IPv6_Hdr_Chain() = default; @@ -287,14 +287,14 @@ protected: /** * Home Address of the packet's source as defined by Mobile IPv6 (RFC 6275). */ - IPAddr* homeAddr = nullptr; + zeek::IPAddr* homeAddr = nullptr; #endif /** * The final destination address in chain's first Routing header that has * non-zero segments left. */ - IPAddr* finalDst = nullptr; + zeek::IPAddr* finalDst = nullptr; }; /** @@ -366,19 +366,19 @@ public: /** * Returns the source address held in the IP header. */ - IPAddr IPHeaderSrcAddr() const; + zeek::IPAddr IPHeaderSrcAddr() const; /** * Returns the destination address held in the IP header. */ - IPAddr IPHeaderDstAddr() const; + zeek::IPAddr IPHeaderDstAddr() const; /** * For IPv4 or IPv6 headers that don't contain a Home Address option * (Mobile IPv6, RFC 6275), return source address held in the IP header. * For IPv6 headers that contain a Home Address option, return that address. */ - IPAddr SrcAddr() const; + zeek::IPAddr SrcAddr() const; /** * For IPv4 or IPv6 headers that don't contain a Routing header with @@ -386,7 +386,7 @@ public: * For IPv6 headers with a Routing header that has non-zero segments left, * return the last address in the first such Routing header. */ - IPAddr DstAddr() const; + zeek::IPAddr DstAddr() const; /** * Returns a pointer to the payload of the IP packet, usually an @@ -561,3 +561,13 @@ private: const IPv6_Hdr_Chain* ip6_hdrs = nullptr; bool del; }; + +} // namespace zeek + +#ifdef ENABLE_MOBILE_IPV6 +using ip6_mobility [[deprecated("Remove in v4.1. Use zeek::ip6_mobility.")]] = zeek::ip6_mobility; +#endif + +using IPv6_Hdr [[deprecated("Remove in v4.1. Use zeek::IPv6_Hdr.")]] = zeek::IPv6_Hdr; +using IPv6_Hdr_Chain [[deprecated("Remove in v4.1. Use zeek::IPv6_Hdr_Chain.")]] = zeek::IPv6_Hdr_Chain; +using IP_Hdr [[deprecated("Remove in v4.1. Use zeek::IP_Hdr.")]] = zeek::IP_Hdr; diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 362d436ad1..ddea5d899c 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -12,15 +12,15 @@ #include "analyzer/Manager.h" -const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0, - 0, 0, 0, 0, - 0, 0, 0xff, 0xff }; +constexpr uint8_t zeek::IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0xff, 0xff }; -const IPAddr IPAddr::v4_unspecified = IPAddr(in4_addr{}); +const zeek::IPAddr zeek::IPAddr::v4_unspecified = zeek::IPAddr(in4_addr{}); -const IPAddr IPAddr::v6_unspecified = IPAddr(); +const zeek::IPAddr zeek::IPAddr::v6_unspecified = zeek::IPAddr(); -ConnIDKey BuildConnIDKey(const ConnID& id) +zeek::detail::ConnIDKey zeek::detail::BuildConnIDKey(const ConnID& id) { ConnIDKey key; @@ -47,6 +47,8 @@ ConnIDKey BuildConnIDKey(const ConnID& id) return key; } +namespace zeek { + IPAddr::IPAddr(const zeek::String& s) { Init(s.CheckString()); @@ -345,3 +347,5 @@ bool IPPrefix::ConvertString(const char* text, IPPrefix* result) *result = IPPrefix(ip, len); return true; } + +} // namespace zeek diff --git a/src/IPAddr.h b/src/IPAddr.h index 3a2b9d01ef..bfcac4aa01 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -19,6 +19,9 @@ namespace analyzer { class ExpectedConn; } typedef in_addr in4_addr; +namespace zeek { +namespace detail { + struct ConnIDKey { in6_addr ip1; in6_addr ip2; @@ -43,6 +46,13 @@ struct ConnIDKey { } }; +/** + * Returns a map key for a given ConnID. + */ +ConnIDKey BuildConnIDKey(const ConnID& id); + +} // namespace detail + /** * Class storing both IPv4 and IPv6 addresses. */ @@ -382,7 +392,7 @@ public: */ void ConvertToThreadingValue(threading::Value::addr_t* v) const; - friend ConnIDKey BuildConnIDKey(const ConnID& id); + friend detail::ConnIDKey detail::BuildConnIDKey(const ConnID& id); unsigned int MemoryAllocation() const { return padded_sizeof(*this); } @@ -514,11 +524,6 @@ inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const } } -/** - * Returns a map key for a given ConnID. - */ -ConnIDKey BuildConnIDKey(const ConnID& id); - /** * Class storing both IPv4 and IPv6 prefixes * (i.e., \c 192.168.1.1/16 and \c FD00::/8. @@ -721,3 +726,11 @@ private: IPAddr prefix; // We store it as an address with the non-prefix bits masked out via Mask(). uint8_t length = 0; // The bit length of the prefix relative to full IPv6 addr. }; + +} // namespace zeek + +using ConnIDKey [[deprecated("Remove in v4.1. Use zeek::detail::ConnIDKey.")]] = zeek::detail::ConnIDKey; +using IPAddr [[deprecated("Remove in v4.1. Use zeek::IPAddr.")]] = zeek::IPAddr; +using IPPrefix [[deprecated("Remove in v4.1. Use zeek::IPPrefix.")]] = zeek::IPPrefix; + +constexpr auto BuildConnIDKey [[deprecated("Remove in v4.1. Use zeek::detail::BuildConnIDKey.")]] = zeek::detail::BuildConnIDKey; diff --git a/src/PacketFilter.cc b/src/PacketFilter.cc index c1c496235d..205a0c4815 100644 --- a/src/PacketFilter.cc +++ b/src/PacketFilter.cc @@ -14,7 +14,7 @@ PacketFilter::PacketFilter(bool arg_default) dst_filter.SetDeleteFunction(PacketFilter::DeleteFilter); } -void PacketFilter::AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability) +void PacketFilter::AddSrc(const zeek::IPAddr& src, uint32_t tcp_flags, double probability) { Filter* f = new Filter; f->tcp_flags = tcp_flags; @@ -32,7 +32,7 @@ void PacketFilter::AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability delete prev; } -void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probability) +void PacketFilter::AddDst(const zeek::IPAddr& dst, uint32_t tcp_flags, double probability) { Filter* f = new Filter; f->tcp_flags = tcp_flags; @@ -50,7 +50,7 @@ void PacketFilter::AddDst(zeek::Val* dst, uint32_t tcp_flags, double probability delete prev; } -bool PacketFilter::RemoveSrc(const IPAddr& src) +bool PacketFilter::RemoveSrc(const zeek::IPAddr& src) { auto f = static_cast(src_filter.Remove(src, 128)); delete f; @@ -64,7 +64,7 @@ bool PacketFilter::RemoveSrc(zeek::Val* src) return f != nullptr; } -bool PacketFilter::RemoveDst(const IPAddr& dst) +bool PacketFilter::RemoveDst(const zeek::IPAddr& dst) { auto f = static_cast(dst_filter.Remove(dst, 128)); delete f; @@ -78,7 +78,7 @@ bool PacketFilter::RemoveDst(zeek::Val* dst) return f != nullptr; } -bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen) +bool PacketFilter::Match(const zeek::IP_Hdr* ip, int len, int caplen) { Filter* f = (Filter*) src_filter.Lookup(ip->SrcAddr(), 128); if ( f ) @@ -91,8 +91,8 @@ bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen) return default_match; } -bool PacketFilter::MatchFilter(const Filter& f, const IP_Hdr& ip, - int len, int caplen) +bool PacketFilter::MatchFilter(const Filter& f, const zeek::IP_Hdr& ip, + int len, int caplen) { if ( ip.NextProto() == IPPROTO_TCP && f.tcp_flags ) { diff --git a/src/PacketFilter.h b/src/PacketFilter.h index c450120ee4..3a9c6fed9a 100644 --- a/src/PacketFilter.h +++ b/src/PacketFilter.h @@ -5,7 +5,7 @@ #include "IPAddr.h" #include "PrefixTable.h" -class IP_Hdr; +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); class PacketFilter { @@ -16,20 +16,20 @@ public: // Drops all packets from a particular source (which may be given // as an AddrVal or a SubnetVal) which hasn't any of TCP flags set // (TH_*) with the given probability (from 0..MAX_PROB). - void AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability); + void AddSrc(const zeek::IPAddr& src, uint32_t tcp_flags, double probability); void AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability); - void AddDst(const IPAddr& src, uint32_t tcp_flags, double probability); + void AddDst(const zeek::IPAddr& src, uint32_t tcp_flags, double probability); void AddDst(zeek::Val* src, uint32_t tcp_flags, double probability); // Removes the filter entry for the given src/dst // Returns false if filter doesn not exist. - bool RemoveSrc(const IPAddr& src); + bool RemoveSrc(const zeek::IPAddr& src); bool RemoveSrc(zeek::Val* dst); - bool RemoveDst(const IPAddr& dst); + bool RemoveDst(const zeek::IPAddr& dst); bool RemoveDst(zeek::Val* dst); // Returns true if packet matches a drop filter - bool Match(const IP_Hdr* ip, int len, int caplen); + bool Match(const zeek::IP_Hdr* ip, int len, int caplen); private: struct Filter { @@ -39,7 +39,7 @@ private: static void DeleteFilter(void* data); - bool MatchFilter(const Filter& f, const IP_Hdr& ip, int len, int caplen); + bool MatchFilter(const Filter& f, const zeek::IP_Hdr& ip, int len, int caplen); bool default_match; PrefixTable src_filter; diff --git a/src/PrefixTable.cc b/src/PrefixTable.cc index d3a481352c..664824a465 100644 --- a/src/PrefixTable.cc +++ b/src/PrefixTable.cc @@ -2,7 +2,7 @@ #include "Reporter.h" #include "Val.h" -prefix_t* PrefixTable::MakePrefix(const IPAddr& addr, int width) +prefix_t* PrefixTable::MakePrefix(const zeek::IPAddr& addr, int width) { prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t)); @@ -14,12 +14,12 @@ prefix_t* PrefixTable::MakePrefix(const IPAddr& addr, int width) return prefix; } -IPPrefix PrefixTable::PrefixToIPPrefix(prefix_t* prefix) +zeek::IPPrefix PrefixTable::PrefixToIPPrefix(prefix_t* prefix) { - return IPPrefix(IPAddr(IPv6, reinterpret_cast(&prefix->add.sin6), IPAddr::Network), prefix->bitlen, true); + return zeek::IPPrefix(zeek::IPAddr(IPv6, reinterpret_cast(&prefix->add.sin6), zeek::IPAddr::Network), prefix->bitlen, true); } -void* PrefixTable::Insert(const IPAddr& addr, int width, void* data) +void* PrefixTable::Insert(const zeek::IPAddr& addr, int width, void* data) { prefix_t* prefix = MakePrefix(addr, width); patricia_node_t* node = patricia_lookup(tree, prefix); @@ -63,9 +63,9 @@ void* PrefixTable::Insert(const zeek::Val* value, void* data) } } -std::list> PrefixTable::FindAll(const IPAddr& addr, int width) const +std::list> PrefixTable::FindAll(const zeek::IPAddr& addr, int width) const { - std::list> out; + std::list> out; prefix_t* prefix = MakePrefix(addr, width); int elems = 0; @@ -81,12 +81,12 @@ std::list> PrefixTable::FindAll(const IPAddr& addr, i return out; } -std::list> PrefixTable::FindAll(const zeek::SubNetVal* value) const +std::list> PrefixTable::FindAll(const zeek::SubNetVal* value) const { return FindAll(value->AsSubNet().Prefix(), value->AsSubNet().LengthIPv6()); } -void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const +void* PrefixTable::Lookup(const zeek::IPAddr& addr, int width, bool exact) const { prefix_t* prefix = MakePrefix(addr, width); patricia_node_t* node = @@ -124,7 +124,7 @@ void* PrefixTable::Lookup(const zeek::Val* value, bool exact) const } } -void* PrefixTable::Remove(const IPAddr& addr, int width) +void* PrefixTable::Remove(const zeek::IPAddr& addr, int width) { prefix_t* prefix = MakePrefix(addr, width); patricia_node_t* node = patricia_search_exact(tree, prefix); diff --git a/src/PrefixTable.h b/src/PrefixTable.h index 51b75d5456..4df8a46dc5 100644 --- a/src/PrefixTable.h +++ b/src/PrefixTable.h @@ -27,7 +27,7 @@ public: // Addr in network byte order. If data is zero, acts like a set. // Returns ptr to old data if already existing. // For existing items without data, returns non-nil if found. - void* Insert(const IPAddr& addr, int width, void* data = nullptr); + void* Insert(const zeek::IPAddr& addr, int width, void* data = nullptr); // Value may be addr or subnet. void* Insert(const zeek::Val* value, void* data = nullptr); @@ -35,15 +35,15 @@ public: // Returns nil if not found, pointer to data otherwise. // For items without data, returns non-nil if found. // If exact is false, performs exact rather than longest-prefix match. - void* Lookup(const IPAddr& addr, int width, bool exact = false) const; + void* Lookup(const zeek::IPAddr& addr, int width, bool exact = false) const; void* Lookup(const zeek::Val* value, bool exact = false) const; // Returns list of all found matches or empty list otherwise. - std::list> FindAll(const IPAddr& addr, int width) const; - std::list> FindAll(const zeek::SubNetVal* value) const; + std::list> FindAll(const zeek::IPAddr& addr, int width) const; + std::list> FindAll(const zeek::SubNetVal* value) const; // Returns pointer to data or nil if not found. - void* Remove(const IPAddr& addr, int width); + void* Remove(const zeek::IPAddr& addr, int width); void* Remove(const zeek::Val* value); void Clear() { Clear_Patricia(tree, delete_function); } @@ -55,8 +55,8 @@ public: void* GetNext(iterator* i); private: - static prefix_t* MakePrefix(const IPAddr& addr, int width); - static IPPrefix PrefixToIPPrefix(prefix_t* p); + static prefix_t* MakePrefix(const zeek::IPAddr& addr, int width); + static zeek::IPPrefix PrefixToIPPrefix(prefix_t* p); patricia_tree_t* tree; data_fn_t delete_function; diff --git a/src/Reporter.cc b/src/Reporter.cc index 3d37243f84..f3a2bd6248 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -260,7 +260,7 @@ public: class FlowWeirdTimer final : public Timer { public: - using IPPair = std::pair; + using IPPair = std::pair; FlowWeirdTimer(double t, IPPair p, double timeout) : Timer(t + timeout, TIMER_FLOW_WEIRD_EXPIRE), endpoints(std::move(p)) @@ -292,7 +292,7 @@ void Reporter::ResetNetWeird(const std::string& name) net_weird_state.erase(name); } -void Reporter::ResetFlowWeird(const IPAddr& orig, const IPAddr& resp) +void Reporter::ResetFlowWeird(const zeek::IPAddr& orig, const zeek::IPAddr& resp) { flow_weird_state.erase(std::make_pair(orig, resp)); } @@ -322,7 +322,7 @@ bool Reporter::PermitNetWeird(const char* name) } bool Reporter::PermitFlowWeird(const char* name, - const IPAddr& orig, const IPAddr& resp) + const zeek::IPAddr& orig, const zeek::IPAddr& resp) { auto endpoints = std::make_pair(orig, resp); auto& map = flow_weird_state[endpoints]; @@ -432,7 +432,7 @@ void Reporter::Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid, "%s", name); } -void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl) +void Reporter::Weird(const zeek::IPAddr& orig, const zeek::IPAddr& resp, const char* name, const char* addl) { UpdateWeirdStats(name); diff --git a/src/Reporter.h b/src/Reporter.h index 9106619e6d..508b3e9efc 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -30,6 +30,7 @@ using StringValPtr = zeek::IntrusivePtr; } ZEEK_FORWARD_DECLARE_NAMESPACED(Location, zeek::detail); +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); // One cannot raise this exception directly, go through the // Reporter's methods instead. @@ -46,16 +47,14 @@ protected: InterpreterException() {} }; -class IPAddr; - ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); #define FMT_ATTR __attribute__((format(printf, 2, 3))) // sic! 1st is "this" I guess. class Reporter { public: - using IPPair = std::pair; - using ConnTuple = std::tuple; + using IPPair = std::pair; + using ConnTuple = std::tuple; using WeirdCountMap = std::unordered_map; using WeirdFlowMap = std::map; using WeirdConnTupleMap = std::map; @@ -104,7 +103,7 @@ public: void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird(). void Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid, const char* name, const char* addl = ""); // Raises expired_conn_weird(). - void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird(). + void Weird(const zeek::IPAddr& orig, const zeek::IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird(). // Syslog a message. This methods does nothing if we're running // offline from a trace. @@ -155,7 +154,7 @@ public: /** * Reset/cleanup state tracking for a "flow" weird. */ - void ResetFlowWeird(const IPAddr& orig, const IPAddr& resp); + void ResetFlowWeird(const zeek::IPAddr& orig, const zeek::IPAddr& resp); /** * Reset/cleanup state tracking for a "expired conn" weird. @@ -274,7 +273,7 @@ private: inline bool WeirdOnSamplingWhiteList(const char* name) { return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end(); } bool PermitNetWeird(const char* name); - bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r); + bool PermitFlowWeird(const char* name, const zeek::IPAddr& o, const zeek::IPAddr& r); bool PermitExpiredConnWeird(const char* name, const zeek::RecordVal& conn_id); bool EmitToStderr(bool flag) diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 13a75c141d..335cade4ca 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -61,7 +61,7 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, uint32_t arg_offset, uint32_t arg_size, level = 0; } -RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector arg_v) +RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector arg_v) { prot = arg_prot; offset = 0; @@ -503,12 +503,12 @@ static inline bool match_or(const maskedvalue_list& mvals, uint32_t v, FuncT com // Evaluate a prefix list (matches if at least one value matches). template -static inline bool match_or(const vector& prefixes, const IPAddr& a, +static inline bool match_or(const vector& prefixes, const zeek::IPAddr& a, FuncT comp) { for ( size_t i = 0; i < prefixes.size(); ++i ) { - IPAddr masked(a); + zeek::IPAddr masked(a); masked.Mask(prefixes[i].LengthIPv6()); if ( comp(masked, prefixes[i].Prefix()) ) return true; @@ -532,12 +532,12 @@ static inline bool match_not_and(const maskedvalue_list& mvals, uint32_t v, // Evaluate a prefix list (doesn't match if any value matches). template -static inline bool match_not_and(const vector& prefixes, - const IPAddr& a, FuncT comp) +static inline bool match_not_and(const vector& prefixes, + const zeek::IPAddr& a, FuncT comp) { for ( size_t i = 0; i < prefixes.size(); ++i ) { - IPAddr masked(a); + zeek::IPAddr masked(a); masked.Mask(prefixes[i].LengthIPv6()); if ( comp(masked, prefixes[i].Prefix()) ) return false; @@ -580,32 +580,32 @@ static inline bool compare(const maskedvalue_list& mvals, uint32_t v, return false; } -static inline bool compare(const vector& prefixes, const IPAddr& a, +static inline bool compare(const vector& prefixes, const zeek::IPAddr& a, RuleHdrTest::Comp comp) { switch ( comp ) { case RuleHdrTest::EQ: - return match_or(prefixes, a, std::equal_to()); + return match_or(prefixes, a, std::equal_to()); break; case RuleHdrTest::NE: - return match_not_and(prefixes, a, std::equal_to()); + return match_not_and(prefixes, a, std::equal_to()); break; case RuleHdrTest::LT: - return match_or(prefixes, a, std::less()); + return match_or(prefixes, a, std::less()); break; case RuleHdrTest::GT: - return match_or(prefixes, a, std::greater()); + return match_or(prefixes, a, std::greater()); break; case RuleHdrTest::LE: - return match_or(prefixes, a, std::less_equal()); + return match_or(prefixes, a, std::less_equal()); break; case RuleHdrTest::GE: - return match_or(prefixes, a, std::greater_equal()); + return match_or(prefixes, a, std::greater_equal()); break; default: @@ -737,9 +737,9 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, } RuleEndpointState* RuleMatcher::InitEndpoint(zeek::analyzer::Analyzer* analyzer, - const IP_Hdr* ip, int caplen, - RuleEndpointState* opposite, - bool from_orig, analyzer::pia::PIA* pia) + const zeek::IP_Hdr* ip, int caplen, + RuleEndpointState* opposite, + bool from_orig, analyzer::pia::PIA* pia) { RuleEndpointState* state = new RuleEndpointState(analyzer, from_orig, opposite, pia); @@ -1289,7 +1289,7 @@ static zeek::Val* get_bro_val(const char* label) // if the prefix_vector param isn't null, appending to that is preferred // over appending to the masked val list. static bool val_to_maskedval(zeek::Val* v, maskedvalue_list* append_to, - vector* prefix_vector) + vector* prefix_vector) { MaskedValue* mval = new MaskedValue; @@ -1356,7 +1356,7 @@ static bool val_to_maskedval(zeek::Val* v, maskedvalue_list* append_to, } void id_to_maskedvallist(const char* id, maskedvalue_list* append_to, - vector* prefix_vector) + vector* prefix_vector) { zeek::Val* v = get_bro_val(id); if ( ! v ) @@ -1417,8 +1417,8 @@ uint32_t id_to_uint(const char* id) return 0; } -void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, - int caplen, bool from_orig, analyzer::pia::PIA* pia) +void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, + int caplen, bool from_orig, analyzer::pia::PIA* pia) { if ( ! rule_matcher ) return; diff --git a/src/RuleMatcher.h b/src/RuleMatcher.h index 18d0f2c308..1325754482 100644 --- a/src/RuleMatcher.h +++ b/src/RuleMatcher.h @@ -29,13 +29,13 @@ extern const char* current_rule_file; class BroFile; class IntSet; -class IP_Hdr; -class IPPrefix; class RE_Match_State; class Specific_RE_Matcher; class RuleMatcher; extern RuleMatcher* rule_matcher; +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); @@ -63,7 +63,7 @@ using bstr_list = zeek::PList; // Get values from Bro's script-level variables. extern void id_to_maskedvallist(const char* id, maskedvalue_list* append_to, - std::vector* prefix_vector = nullptr); + std::vector* prefix_vector = nullptr); extern char* id_to_str(const char* id); extern uint32_t id_to_uint(const char* id); @@ -75,7 +75,7 @@ public: RuleHdrTest(Prot arg_prot, uint32_t arg_offset, uint32_t arg_size, Comp arg_comp, maskedvalue_list* arg_vals); - RuleHdrTest(Prot arg_prot, Comp arg_comp, std::vector arg_v); + RuleHdrTest(Prot arg_prot, Comp arg_comp, std::vector arg_v); ~RuleHdrTest(); void PrintDebug(); @@ -92,7 +92,7 @@ private: Prot prot; Comp comp; maskedvalue_list* vals; - std::vector prefix_vals; // for use with IPSrc/IPDst comparisons + std::vector prefix_vals; // for use with IPSrc/IPDst comparisons uint32_t offset; uint32_t size; @@ -263,8 +263,9 @@ public: // the given packet (which should be the first packet encountered for // this endpoint). If the matching is triggered by an PIA, a pointer to // it needs to be given. - RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, - int caplen, RuleEndpointState* opposite, bool is_orig, analyzer::pia::PIA* pia); + RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, + int caplen, RuleEndpointState* opposite, bool is_orig, + analyzer::pia::PIA* pia); // Finish matching for this stream. void FinishEndpoint(RuleEndpointState* state); @@ -372,8 +373,8 @@ public: { delete orig_match_state; delete resp_match_state; } // ip may be nil. - void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip, - int caplen, bool from_orig, analyzer::pia::PIA* pia = nullptr); + void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip, + int caplen, bool from_orig, analyzer::pia::PIA* pia = nullptr); // bol/eol should be set to false for type Rule::PAYLOAD; they're // deduced automatically. diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index ff0ff36155..e6611a0ef4 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -234,7 +234,7 @@ bool BinarySerializationFormat::Read(std::string* v, const char* tag) return true; } -bool BinarySerializationFormat::Read(IPAddr* addr, const char* tag) +bool BinarySerializationFormat::Read(zeek::IPAddr* addr, const char* tag) { int n = 0; if ( ! Read(&n, "addr-len") ) @@ -254,22 +254,22 @@ bool BinarySerializationFormat::Read(IPAddr* addr, const char* tag) } if ( n == 1 ) - *addr = IPAddr(IPv4, raw, IPAddr::Network); + *addr = zeek::IPAddr(IPv4, raw, zeek::IPAddr::Network); else - *addr = IPAddr(IPv6, raw, IPAddr::Network); + *addr = zeek::IPAddr(IPv6, raw, zeek::IPAddr::Network); return true; } -bool BinarySerializationFormat::Read(IPPrefix* prefix, const char* tag) +bool BinarySerializationFormat::Read(zeek::IPPrefix* prefix, const char* tag) { - IPAddr addr; + zeek::IPAddr addr; int len; if ( ! (Read(&addr, "prefix") && Read(&len, "width")) ) return false; - *prefix = IPPrefix(addr, len); + *prefix = zeek::IPPrefix(addr, len); return true; } @@ -368,7 +368,7 @@ bool BinarySerializationFormat::Write(const std::string& s, const char* tag) return Write(s.data(), s.size(), tag); } -bool BinarySerializationFormat::Write(const IPAddr& addr, const char* tag) +bool BinarySerializationFormat::Write(const zeek::IPAddr& addr, const char* tag) { const uint32_t* raw; int n = addr.GetBytes(&raw); @@ -387,7 +387,7 @@ bool BinarySerializationFormat::Write(const IPAddr& addr, const char* tag) return true; } -bool BinarySerializationFormat::Write(const IPPrefix& prefix, const char* tag) +bool BinarySerializationFormat::Write(const zeek::IPPrefix& prefix, const char* tag) { return Write(prefix.Prefix(), "prefix") && Write(prefix.Length(), "width"); } diff --git a/src/SerializationFormat.h b/src/SerializationFormat.h index 475755bf08..737b8a2ec4 100644 --- a/src/SerializationFormat.h +++ b/src/SerializationFormat.h @@ -2,12 +2,13 @@ #pragma once -#include +#include "zeek-config.h" +#include #include -class IPAddr; -class IPPrefix; +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek); // Abstract base class. class SerializationFormat { @@ -28,8 +29,8 @@ public: virtual bool Read(bool* v, const char* tag) = 0; virtual bool Read(double* d, const char* tag) = 0; virtual bool Read(std::string* s, const char* tag) = 0; - virtual bool Read(IPAddr* addr, const char* tag) = 0; - virtual bool Read(IPPrefix* prefix, const char* tag) = 0; + virtual bool Read(zeek::IPAddr* addr, const char* tag) = 0; + virtual bool Read(zeek::IPPrefix* prefix, const char* tag) = 0; virtual bool Read(struct in_addr* addr, const char* tag) = 0; virtual bool Read(struct in6_addr* addr, const char* tag) = 0; @@ -62,8 +63,8 @@ public: virtual bool Write(const char* s, const char* tag) = 0; virtual bool Write(const char* buf, int len, const char* tag) = 0; virtual bool Write(const std::string& s, const char* tag) = 0; - virtual bool Write(const IPAddr& addr, const char* tag) = 0; - virtual bool Write(const IPPrefix& prefix, const char* tag) = 0; + virtual bool Write(const zeek::IPAddr& addr, const char* tag) = 0; + virtual bool Write(const zeek::IPPrefix& prefix, const char* tag) = 0; virtual bool Write(const struct in_addr& addr, const char* tag) = 0; virtual bool Write(const struct in6_addr& addr, const char* tag) = 0; @@ -107,8 +108,8 @@ public: bool Read(double* d, const char* tag) override; bool Read(char** str, int* len, const char* tag) override; bool Read(std::string* s, const char* tag) override; - bool Read(IPAddr* addr, const char* tag) override; - bool Read(IPPrefix* prefix, const char* tag) override; + bool Read(zeek::IPAddr* addr, const char* tag) override; + bool Read(zeek::IPPrefix* prefix, const char* tag) override; bool Read(struct in_addr* addr, const char* tag) override; bool Read(struct in6_addr* addr, const char* tag) override; bool Write(int v, const char* tag) override; @@ -122,8 +123,8 @@ public: bool Write(const char* s, const char* tag) override; bool Write(const char* buf, int len, const char* tag) override; bool Write(const std::string& s, const char* tag) override; - bool Write(const IPAddr& addr, const char* tag) override; - bool Write(const IPPrefix& prefix, const char* tag) override; + bool Write(const zeek::IPAddr& addr, const char* tag) override; + bool Write(const zeek::IPPrefix& prefix, const char* tag) override; bool Write(const struct in_addr& addr, const char* tag) override; bool Write(const struct in6_addr& addr, const char* tag) override; bool WriteOpenTag(const char* tag) override; diff --git a/src/Sessions.cc b/src/Sessions.cc index 851fabc385..7cd83f2a29 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -153,7 +153,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) } const struct ip* ip = (const struct ip*) (pkt->data + pkt->hdr_size); - IP_Hdr ip_hdr(ip, false); + zeek::IP_Hdr ip_hdr(ip, false); DoNextPacket(t, pkt, &ip_hdr, nullptr); } @@ -165,7 +165,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) return; } - IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt->data + pkt->hdr_size), false, caplen); + zeek::IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt->data + pkt->hdr_size), false, caplen); DoNextPacket(t, pkt, &ip_hdr, nullptr); } @@ -211,8 +211,8 @@ static unsigned int gre_header_len(uint16_t flags) return len; } -void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr, - const EncapsulationStack* encapsulation) +void NetSessions::DoNextPacket(double t, const Packet* pkt, const zeek::IP_Hdr* ip_hdr, + const EncapsulationStack* encapsulation) { uint32_t caplen = pkt->cap_len - pkt->hdr_size; const struct ip* ip4 = ip_hdr->IP4_Hdr(); @@ -298,7 +298,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr else { f = NextFragment(t, ip_hdr, pkt->data + pkt->hdr_size); - const IP_Hdr* ih = f->ReassembledPkt(); + const zeek::IP_Hdr* ih = f->ReassembledPkt(); if ( ! ih ) // It didn't reassemble into anything yet. return; @@ -591,7 +591,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr return; } - IP_Hdr* inner = nullptr; + zeek::IP_Hdr* inner = nullptr; if ( gre_version != 0 ) { @@ -659,7 +659,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr return; } - ConnIDKey key = BuildConnIDKey(id); + zeek::detail::ConnIDKey key = zeek::detail::BuildConnIDKey(id); Connection* conn = nullptr; // FIXME: The following is getting pretty complex. Need to split up @@ -739,8 +739,8 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr } void NetSessions::DoNextInnerPacket(double t, const Packet* pkt, - const IP_Hdr* inner, const EncapsulationStack* prev, - const EncapsulatingConn& ec) + const zeek::IP_Hdr* inner, const EncapsulationStack* prev, + const EncapsulatingConn& ec) { uint32_t caplen, len; caplen = len = inner->TotalLen(); @@ -813,7 +813,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt, } int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto, - IP_Hdr*& inner) + zeek::IP_Hdr*& inner) { if ( proto == IPPROTO_IPV6 ) { @@ -821,7 +821,7 @@ int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto, return -1; const struct ip6_hdr* ip6 = (const struct ip6_hdr*) pkt; - inner = new IP_Hdr(ip6, false, caplen); + inner = new zeek::IP_Hdr(ip6, false, caplen); if ( ( ip6->ip6_ctlun.ip6_un2_vfc & 0xF0 ) != 0x60 ) return -2; } @@ -832,7 +832,7 @@ int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto, return -1; const struct ip* ip4 = (const struct ip*) pkt; - inner = new IP_Hdr(ip4, false); + inner = new zeek::IP_Hdr(ip4, false); if ( ip4->ip_v != 4 ) return -2; } @@ -895,8 +895,8 @@ bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen, return false; } -FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip, - const u_char* pkt) +FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip, + const u_char* pkt) { uint32_t frag_id = ip->ID(); @@ -955,8 +955,8 @@ Connection* NetSessions::FindConnection(zeek::Val* v) // types, too. } - const IPAddr& orig_addr = (*vl)[orig_h]->AsAddr(); - const IPAddr& resp_addr = (*vl)[resp_h]->AsAddr(); + const zeek::IPAddr& orig_addr = (*vl)[orig_h]->AsAddr(); + const zeek::IPAddr& resp_addr = (*vl)[resp_h]->AsAddr(); zeek::PortVal* orig_portv = (*vl)[orig_p]->AsPortVal(); zeek::PortVal* resp_portv = (*vl)[resp_p]->AsPortVal(); @@ -971,7 +971,7 @@ Connection* NetSessions::FindConnection(zeek::Val* v) id.is_one_way = false; // ### incorrect for ICMP connections - ConnIDKey key = BuildConnIDKey(id); + zeek::detail::ConnIDKey key = zeek::detail::BuildConnIDKey(id); ConnectionMap* d; if ( orig_portv->IsTCP() ) @@ -1000,7 +1000,7 @@ void NetSessions::Remove(Connection* c) { if ( c->IsKeyValid() ) { - const ConnIDKey& key = c->Key(); + const zeek::detail::ConnIDKey& key = c->Key(); c->CancelTimers(); if ( c->ConnTransport() == TRANSPORT_TCP ) @@ -1159,7 +1159,7 @@ void NetSessions::GetStats(SessionStats& s) const s.max_fragments = stats.max_fragments; } -Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id, +Connection* NetSessions::NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id, const u_char* data, int proto, uint32_t flow_label, const Packet* pkt, const EncapsulationStack* encapsulation) { @@ -1219,7 +1219,7 @@ Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id, return conn; } -Connection* NetSessions::LookupConn(const ConnectionMap& conns, const ConnIDKey& key) +Connection* NetSessions::LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key) { auto it = conns.find(key); if ( it != conns.end() ) @@ -1330,7 +1330,7 @@ void NetSessions::Weird(const char* name, const Packet* pkt, reporter->Weird(name, addl); } -void NetSessions::Weird(const char* name, const IP_Hdr* ip, +void NetSessions::Weird(const char* name, const zeek::IP_Hdr* ip, const EncapsulationStack* encap, const char* addl) { if ( encap && encap->LastType() != BifEnum::Tunnel::NONE ) @@ -1396,7 +1396,7 @@ unsigned int NetSessions::MemoryAllocation() ; } -void NetSessions::InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn) +void NetSessions::InsertConnection(ConnectionMap* m, const zeek::detail::ConnIDKey& key, Connection* conn) { (*m)[key] = conn; diff --git a/src/Sessions.h b/src/Sessions.h index e128a1719a..f6c75db57f 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -55,8 +55,8 @@ public: // Returns a reassembled packet, or nil if there are still // some missing fragments. - FragReassembler* NextFragment(double t, const IP_Hdr* ip, - const u_char* pkt); + FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip, + const u_char* pkt); // Looks up the connection referred to by the given Val, // which should be a conn_id record. Returns nil if there's @@ -78,9 +78,9 @@ public: void GetStats(SessionStats& s) const; void Weird(const char* name, const Packet* pkt, - const EncapsulationStack* encap = nullptr, const char* addl = ""); - void Weird(const char* name, const IP_Hdr* ip, - const EncapsulationStack* encap = nullptr, const char* addl = ""); + const EncapsulationStack* encap = nullptr, const char* addl = ""); + void Weird(const char* name, const zeek::IP_Hdr* ip, + const EncapsulationStack* encap = nullptr, const char* addl = ""); PacketFilter* GetPacketFilter() { @@ -96,8 +96,8 @@ public: return tcp_conns.size() + udp_conns.size() + icmp_conns.size(); } - void DoNextPacket(double t, const Packet *pkt, const IP_Hdr* ip_hdr, - const EncapsulationStack* encapsulation); + void DoNextPacket(double t, const Packet *pkt, const zeek::IP_Hdr* ip_hdr, + const EncapsulationStack* encapsulation); /** * Wrapper that recurses on DoNextPacket for encapsulated IP packets. @@ -114,8 +114,8 @@ public: * @param ec The most-recently found depth of encapsulation. */ void DoNextInnerPacket(double t, const Packet *pkt, - const IP_Hdr* inner, const EncapsulationStack* prev, - const EncapsulatingConn& ec); + const zeek::IP_Hdr* inner, const EncapsulationStack* prev, + const EncapsulatingConn& ec); /** * Recurses on DoNextPacket for encapsulated Ethernet/IP packets. @@ -161,7 +161,7 @@ public: * for other return values. */ int ParseIPPacket(int caplen, const u_char* const pkt, int proto, - IP_Hdr*& inner); + zeek::IP_Hdr*& inner); unsigned int ConnectionMemoryUsage(); unsigned int ConnectionMemoryUsageConnVals(); @@ -172,14 +172,14 @@ protected: friend class ConnCompressor; friend class IPTunnelTimer; - using ConnectionMap = std::map; + using ConnectionMap = std::map; using FragmentMap = std::map; - Connection* NewConn(const ConnIDKey& k, double t, const ConnID* id, + Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id, const u_char* data, int proto, uint32_t flow_label, const Packet* pkt, const EncapsulationStack* encapsulation); - Connection* LookupConn(const ConnectionMap& conns, const ConnIDKey& key); + Connection* LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key); // Returns true if the port corresonds to an application // for which there's a Bro analyzer (even if it might not @@ -215,7 +215,7 @@ protected: // the new one. Connection count stats get updated either way (so most // cases should likely check that the key is not already in the map to // avoid unnecessary incrementing of connecting counts). - void InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn); + void InsertConnection(ConnectionMap* m, const zeek::detail::ConnIDKey& key, Connection* conn); ConnectionMap tcp_conns; ConnectionMap udp_conns; @@ -224,7 +224,7 @@ protected: SessionStats stats; - using IPPair = std::pair; + using IPPair = std::pair; using TunnelActivity = std::pair; using IPTunnelMap = std::map; IPTunnelMap ip_tunnels; diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index 13f6da8ef4..b4fbf6501c 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -40,7 +40,7 @@ public: * @param d The tunnel destination address, likely taken from an IP header. * @param t The type of IP tunnel. */ - EncapsulatingConn(const IPAddr& s, const IPAddr& d, + EncapsulatingConn(const zeek::IPAddr& s, const zeek::IPAddr& d, BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP) : src_addr(s), dst_addr(d), src_port(0), dst_port(0), proto(TRANSPORT_UNKNOWN), type(t), @@ -119,8 +119,8 @@ public: } protected: - IPAddr src_addr; - IPAddr dst_addr; + zeek::IPAddr src_addr; + zeek::IPAddr dst_addr; uint16_t src_port; uint16_t dst_port; TransportProto proto; diff --git a/src/Val.h b/src/Val.h index 0a99526fbb..a62590377f 100644 --- a/src/Val.h +++ b/src/Val.h @@ -35,14 +35,14 @@ using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = ze ZEEK_FORWARD_DECLARE_NAMESPACED(IterCookie, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek); namespace zeek::detail { class ScriptFunc; } using BroFunc [[deprecated("Remove in v4.1. Use zeek::detail::ScriptFunc instead.")]] = zeek::detail::ScriptFunc; class BroFile; class PrefixTable; -class IPAddr; -class IPPrefix; class StateAccess; class RE_Matcher; diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index a5ab18891b..1ca9dc2d16 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -214,7 +214,7 @@ void Analyzer::Done() } void Analyzer::NextPacket(int len, const u_char* data, bool is_orig, uint64_t seq, - const IP_Hdr* ip, int caplen) + const zeek::IP_Hdr* ip, int caplen) { if ( skip ) return; @@ -297,7 +297,7 @@ void Analyzer::NextEndOfData(bool is_orig) } void Analyzer::ForwardPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { if ( output_handler ) output_handler->DeliverPacket(len, data, is_orig, seq, @@ -644,7 +644,7 @@ SupportAnalyzer* Analyzer::FirstSupportAnalyzer(bool orig) } void Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]", fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", seq, ip, caplen, @@ -858,7 +858,7 @@ SupportAnalyzer* SupportAnalyzer::Sibling(bool only_active) const } void SupportAnalyzer::ForwardPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { // We do not call parent's method, as we're replacing the functionality. diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 54fb880aa3..4154048238 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -21,7 +21,7 @@ using BroFilePtr = zeek::IntrusivePtr; class Rule; class Connection; -class IP_Hdr; +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); namespace zeek { using RecordValPtr = zeek::IntrusivePtr; @@ -59,7 +59,7 @@ public: */ virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, - const IP_Hdr* ip, int caplen) + const zeek::IP_Hdr* ip, int caplen) { } /** @@ -157,7 +157,7 @@ public: * @param caplen The packet's capture length, if available. */ void NextPacket(int len, const u_char* data, bool is_orig, - uint64_t seq = -1, const IP_Hdr* ip = nullptr, int caplen = 0); + uint64_t seq = -1, const zeek::IP_Hdr* ip = nullptr, int caplen = 0); /** * Passes stream input to the analyzer for processing. The analyzer @@ -210,7 +210,7 @@ public: */ virtual void ForwardPacket(int len, const u_char* data, bool orig, uint64_t seq, - const IP_Hdr* ip, int caplen); + const zeek::IP_Hdr* ip, int caplen); /** * Forwards stream input on to all child analyzers. If the analyzer @@ -241,7 +241,7 @@ public: * Parameters are the same. */ virtual void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen); + uint64_t seq, const zeek::IP_Hdr* ip, int caplen); /** * Hook for accessing stream input for parsing. This is called by @@ -839,7 +839,7 @@ public: * Parameters same as for Analyzer::ForwardPacket. */ void ForwardPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; /** * Passes stream input to the next sibling SupportAnalyzer if any, or diff --git a/src/analyzer/protocol/ayiya/AYIYA.cc b/src/analyzer/protocol/ayiya/AYIYA.cc index ee670bf1ad..240cd7cd8d 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.cc +++ b/src/analyzer/protocol/ayiya/AYIYA.cc @@ -21,7 +21,7 @@ void AYIYA_Analyzer::Done() Event(udp_session_done); } -void AYIYA_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void AYIYA_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/ayiya/AYIYA.h b/src/analyzer/protocol/ayiya/AYIYA.h index f83df7edf5..3904630313 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.h +++ b/src/analyzer/protocol/ayiya/AYIYA.h @@ -11,7 +11,7 @@ public: virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen); + uint64_t seq, const zeek::IP_Hdr* ip, int caplen); static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new AYIYA_Analyzer(conn); } diff --git a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac index 30a263d2bc..4984d3ec58 100644 --- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac +++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac @@ -56,7 +56,7 @@ flow AYIYA_Flow return false; } - IP_Hdr* inner = 0; + zeek::IP_Hdr* inner = 0; int result = sessions->ParseIPPacket(${pdu.packet}.length(), ${pdu.packet}.data(), ${pdu.next_header}, inner); diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index f71cfb4528..e49b599666 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -102,7 +102,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig) } } -void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/conn-size/ConnSize.h b/src/analyzer/protocol/conn-size/ConnSize.h index a2ab26b238..9aa5ab1565 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.h +++ b/src/analyzer/protocol/conn-size/ConnSize.h @@ -31,7 +31,7 @@ public: protected: void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void CheckThresholds(bool is_orig); void ThresholdEvent(EventHandlerPtr f, uint64_t threshold, bool is_orig); diff --git a/src/analyzer/protocol/dhcp/DHCP.cc b/src/analyzer/protocol/dhcp/DHCP.cc index caa8ddc4bf..ee5da50633 100644 --- a/src/analyzer/protocol/dhcp/DHCP.cc +++ b/src/analyzer/protocol/dhcp/DHCP.cc @@ -22,7 +22,7 @@ void DHCP_Analyzer::Done() } void DHCP_Analyzer::DeliverPacket(int len, const u_char* data, - bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) + bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/dhcp/DHCP.h b/src/analyzer/protocol/dhcp/DHCP.h index 405d12fb14..cefd4b9464 100644 --- a/src/analyzer/protocol/dhcp/DHCP.h +++ b/src/analyzer/protocol/dhcp/DHCP.h @@ -13,7 +13,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DHCP_Analyzer(conn); } diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc index cd106a3c94..df7dbf72ad 100644 --- a/src/analyzer/protocol/dnp3/DNP3.cc +++ b/src/analyzer/protocol/dnp3/DNP3.cc @@ -440,7 +440,7 @@ DNP3_UDP_Analyzer::~DNP3_UDP_Analyzer() { } -void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h index fe261540f6..ff57bcafbb 100644 --- a/src/analyzer/protocol/dnp3/DNP3.h +++ b/src/analyzer/protocol/dnp3/DNP3.h @@ -81,7 +81,7 @@ public: ~DNP3_UDP_Analyzer() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new DNP3_UDP_Analyzer(conn); } diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index f279e974de..8a1d2b719e 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1832,7 +1832,7 @@ void DNS_Analyzer::Done() } void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); interp->ParseMessage(data, len, orig ? 1 : 0); diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index 7b0fc4f239..28e4e293e3 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -385,7 +385,7 @@ public: ~DNS_Analyzer() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void Init() override; void Done() override; diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 7bf05a049b..42f830723b 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -52,7 +52,7 @@ static zeek::ValPtr parse_eftp(const char* line) auto r = zeek::make_intrusive(zeek::BifType::Record::ftp_port); int net_proto = 0; // currently not used - IPAddr addr; // unspecified IPv6 address (all 128 bits zero) + zeek::IPAddr addr; // unspecified IPv6 address (all 128 bits zero) int port = 0; int good = 0; @@ -87,7 +87,7 @@ static zeek::ValPtr parse_eftp(const char* line) } std::string s(line, nptr-line); // extract IP address - IPAddr tmp(s); + zeek::IPAddr tmp(s); // on error, "tmp" will have all 128 bits zero if ( tmp == addr ) good = 0; diff --git a/src/analyzer/protocol/gtpv1/GTPv1.cc b/src/analyzer/protocol/gtpv1/GTPv1.cc index 2040ef8383..62e63d1311 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.cc +++ b/src/analyzer/protocol/gtpv1/GTPv1.cc @@ -23,7 +23,7 @@ void GTPv1_Analyzer::Done() Event(udp_session_done); } -void GTPv1_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void GTPv1_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); try diff --git a/src/analyzer/protocol/gtpv1/GTPv1.h b/src/analyzer/protocol/gtpv1/GTPv1.h index 84202bd4b9..a7ca0ab09e 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.h +++ b/src/analyzer/protocol/gtpv1/GTPv1.h @@ -11,7 +11,7 @@ public: virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen); + uint64_t seq, const zeek::IP_Hdr* ip, int caplen); static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new GTPv1_Analyzer(conn); } diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index d49578ef2f..384cdd3a1b 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -98,11 +98,11 @@ zeek::ValPtr BuildEndUserAddr(const InformationElement* ie) switch ( ie->end_user_addr()->pdp_type_num() ) { case 0x21: ev->Assign(2, zeek::make_intrusive( - IPAddr(IPv4, (const uint32*) d, IPAddr::Network))); + zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network))); break; case 0x57: ev->Assign(2, zeek::make_intrusive( - IPAddr(IPv6, (const uint32*) d, IPAddr::Network))); + zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network))); break; default: ev->Assign(3, zeek::make_intrusive( @@ -137,10 +137,10 @@ zeek::ValPtr BuildGSN_Addr(const InformationElement* ie) if ( len == 4 ) ev->Assign(0, zeek::make_intrusive( - IPAddr(IPv4, (const uint32*) d, IPAddr::Network))); + zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network))); else if ( len == 16 ) ev->Assign(0, zeek::make_intrusive( - IPAddr(IPv6, (const uint32*) d, IPAddr::Network))); + zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network))); else ev->Assign(1, zeek::make_intrusive(new zeek::String((const u_char*) d, len, false))); @@ -221,9 +221,9 @@ zeek::ValPtr BuildChargingGatewayAddr(const InformationElement* ie) const uint8* d = ie->charging_gateway_addr()->value().data(); int len = ie->charging_gateway_addr()->value().length(); if ( len == 4 ) - return zeek::make_intrusive(IPAddr(IPv4, (const uint32*) d, IPAddr::Network)); + return zeek::make_intrusive(zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network)); else if ( len == 16 ) - return zeek::make_intrusive(IPAddr(IPv6, (const uint32*) d, IPAddr::Network)); + return zeek::make_intrusive(zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network)); else return nullptr; } @@ -729,7 +729,7 @@ flow GTPv1_Flow(is_orig: bool) return false; } - IP_Hdr* inner = 0; + zeek::IP_Hdr* inner = nullptr; int result = sessions->ParseIPPacket(${pdu.packet}.length(), ${pdu.packet}.data(), ip->ip_v == 6 ? IPPROTO_IPV6 : IPPROTO_IPV4, inner); diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 990262d7e1..1cc882fde0 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -35,7 +35,7 @@ void ICMP_Analyzer::Done() } void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, - bool is_orig, uint64_t seq, const IP_Hdr* ip, int caplen) + bool is_orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { assert(ip); @@ -119,7 +119,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data, } void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int caplen, - const u_char*& data, const IP_Hdr* ip_hdr ) + const u_char*& data, const zeek::IP_Hdr* ip_hdr ) { switch ( icmpp->icmp_type ) { @@ -140,7 +140,7 @@ void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int c } void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int caplen, - const u_char*& data, const IP_Hdr* ip_hdr ) + const u_char*& data, const zeek::IP_Hdr* ip_hdr ) { switch ( icmpp->icmp_type ) { @@ -199,7 +199,7 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, int icmpv6, const u_char* data, - const IP_Hdr* ip_hdr) + const zeek::IP_Hdr* ip_hdr) { if ( icmp_sent ) EnqueueConnEvent(icmp_sent, @@ -222,7 +222,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, } zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, - int icmpv6, const IP_Hdr* ip_hdr) + int icmpv6, const zeek::IP_Hdr* ip_hdr) { if ( ! icmp_conn_val ) { @@ -242,7 +242,7 @@ zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len } zeek::RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len, - bool icmpv6, const IP_Hdr* ip_hdr) + bool icmpv6, const zeek::IP_Hdr* ip_hdr) { static auto icmp_info = zeek::id::find_type("icmp_info"); auto rval = zeek::make_intrusive(icmp_info); @@ -254,7 +254,7 @@ zeek::RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len, return rval; } -TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port) +TransportProto ICMP_Analyzer::GetContextProtocol(const zeek::IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port) { const u_char* transport_hdr; uint32_t ip_hdr_len = ip_hdr->HdrLen(); @@ -321,15 +321,15 @@ TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data) { - const IP_Hdr ip_hdr_data((const struct ip*) data, false); - const IP_Hdr* ip_hdr = &ip_hdr_data; + const zeek::IP_Hdr ip_hdr_data((const struct ip*) data, false); + const zeek::IP_Hdr* ip_hdr = &ip_hdr_data; uint32_t ip_hdr_len = ip_hdr->HdrLen(); uint32_t ip_len, frag_offset; TransportProto proto = TRANSPORT_UNKNOWN; int DF, MF, bad_hdr_len, bad_checksum; - IPAddr src_addr, dst_addr; + zeek::IPAddr src_addr, dst_addr; uint32_t src_port, dst_port; if ( len < (int)sizeof(struct ip) || ip_hdr_len > uint32_t(len) ) @@ -391,8 +391,8 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& da int DF = 0, MF = 0, bad_hdr_len = 0; TransportProto proto = TRANSPORT_UNKNOWN; - IPAddr src_addr; - IPAddr dst_addr; + zeek::IPAddr src_addr; + zeek::IPAddr dst_addr; uint32_t ip_len, frag_offset = 0; uint32_t src_port, dst_port; @@ -404,8 +404,8 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& da } else { - const IP_Hdr ip_hdr_data((const struct ip6_hdr*) data, false, len); - const IP_Hdr* ip_hdr = &ip_hdr_data; + const zeek::IP_Hdr ip_hdr_data((const struct ip6_hdr*) data, false, len); + const zeek::IP_Hdr* ip_hdr = &ip_hdr_data; ip_len = ip_hdr->TotalLen(); src_addr = ip_hdr->SrcAddr(); @@ -512,7 +512,7 @@ unsigned int ICMP_Analyzer::MemoryAllocation() const void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { // For handling all Echo related ICMP messages EventHandlerPtr f = nullptr; @@ -544,7 +544,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_advertisement; @@ -581,17 +581,17 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_advertisement; if ( ! f ) return; - IPAddr tgtaddr; + zeek::IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) - tgtaddr = IPAddr(*((const in6_addr*)data)); + tgtaddr = zeek::IPAddr(*((const in6_addr*)data)); int opt_offset = sizeof(in6_addr); @@ -609,17 +609,17 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_solicitation; if ( ! f ) return; - IPAddr tgtaddr; + zeek::IPAddr tgtaddr; if ( caplen >= (int)sizeof(in6_addr) ) - tgtaddr = IPAddr(*((const in6_addr*)data)); + tgtaddr = zeek::IPAddr(*((const in6_addr*)data)); int opt_offset = sizeof(in6_addr); @@ -634,20 +634,20 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_redirect; if ( ! f ) return; - IPAddr tgtaddr, dstaddr; + zeek::IPAddr tgtaddr, dstaddr; if ( caplen >= (int)sizeof(in6_addr) ) - tgtaddr = IPAddr(*((const in6_addr*)data)); + tgtaddr = zeek::IPAddr(*((const in6_addr*)data)); if ( caplen >= 2 * (int)sizeof(in6_addr) ) - dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); + dstaddr = zeek::IPAddr(*((const in6_addr*)(data + sizeof(in6_addr)))); int opt_offset = 2 * sizeof(in6_addr); @@ -663,7 +663,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_solicitation; @@ -680,7 +680,7 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, - int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int len, int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = nullptr; @@ -707,7 +707,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, - int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr) + int len, int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr) { EventHandlerPtr f = nullptr; @@ -816,7 +816,7 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da info->Assign(2, zeek::val_mgr->Bool(A_flag)); info->Assign(3, zeek::make_intrusive((double)ntohl(valid_life), Seconds)); info->Assign(4, zeek::make_intrusive((double)ntohl(prefer_life), Seconds)); - info->Assign(5, zeek::make_intrusive(IPAddr(prefix))); + info->Assign(5, zeek::make_intrusive(zeek::IPAddr(prefix))); rv->Assign(3, std::move(info)); } diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index f52c8bd8ad..0553bfbaca 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -32,52 +32,52 @@ public: protected: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; bool IsReuse(double t, const u_char* pkt) override; unsigned int MemoryAllocation() const override; void ICMP_Sent(const struct icmp* icmpp, int len, int caplen, int icmpv6, - const u_char* data, const IP_Hdr* ip_hdr); + const u_char* data, const zeek::IP_Hdr* ip_hdr); void Echo(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr); void Redirect(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr); void RouterAdvert(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr); void NeighborAdvert(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr); void NeighborSolicit(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr); void RouterSolicit(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* ip_hdr); + int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr); void Describe(ODesc* d) const; zeek::RecordValPtr BuildICMPVal(const struct icmp* icmpp, int len, - int icmpv6, const IP_Hdr* ip_hdr); + int icmpv6, const zeek::IP_Hdr* ip_hdr); zeek::RecordValPtr BuildInfo(const struct icmp* icmpp, int len, - bool icmpv6, const IP_Hdr* ip_hdr); + bool icmpv6, const zeek::IP_Hdr* ip_hdr); void NextICMP4(double t, const struct icmp* icmpp, int len, int caplen, - const u_char*& data, const IP_Hdr* ip_hdr ); + const u_char*& data, const zeek::IP_Hdr* ip_hdr ); zeek::RecordValPtr ExtractICMP4Context(int len, const u_char*& data); void Context4(double t, const struct icmp* icmpp, int len, int caplen, - const u_char*& data, const IP_Hdr* ip_hdr); + const u_char*& data, const zeek::IP_Hdr* ip_hdr); - TransportProto GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* src_port, + TransportProto GetContextProtocol(const zeek::IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port); void NextICMP6(double t, const struct icmp* icmpp, int len, int caplen, - const u_char*& data, const IP_Hdr* ip_hdr ); + const u_char*& data, const zeek::IP_Hdr* ip_hdr ); zeek::RecordValPtr ExtractICMP6Context(int len, const u_char*& data); void Context6(double t, const struct icmp* icmpp, int len, int caplen, - const u_char*& data, const IP_Hdr* ip_hdr); + const u_char*& data, const zeek::IP_Hdr* ip_hdr); // RFC 4861 Neighbor Discover message options zeek::VectorValPtr BuildNDOptionsVal(int caplen, const u_char* data); diff --git a/src/analyzer/protocol/krb/KRB.cc b/src/analyzer/protocol/krb/KRB.cc index 7d57acb530..0357ca7157 100644 --- a/src/analyzer/protocol/krb/KRB.cc +++ b/src/analyzer/protocol/krb/KRB.cc @@ -73,7 +73,7 @@ void KRB_Analyzer::Done() } void KRB_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index c12a889adc..4c71a3448f 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -20,7 +20,7 @@ public: virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen); + uint64_t seq, const zeek::IP_Hdr* ip, int caplen); static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new KRB_Analyzer(conn); } diff --git a/src/analyzer/protocol/krb/krb-types.pac b/src/analyzer/protocol/krb/krb-types.pac index 1e2f44e259..2246f7a90c 100644 --- a/src/analyzer/protocol/krb/krb-types.pac +++ b/src/analyzer/protocol/krb/krb-types.pac @@ -61,7 +61,7 @@ zeek::RecordValPtr proc_host_address(const BroAnalyzer a, const KRB_Host_Address } auto bytes = reinterpret_cast(addr_bytes.data()); - rv->Assign(0, zeek::make_intrusive(IPAddr(IPv4, bytes, IPAddr::Network))); + rv->Assign(0, zeek::make_intrusive(zeek::IPAddr(IPv4, bytes, zeek::IPAddr::Network))); return rv; } case 24: @@ -73,7 +73,7 @@ zeek::RecordValPtr proc_host_address(const BroAnalyzer a, const KRB_Host_Address } auto bytes = reinterpret_cast(addr_bytes.data()); - rv->Assign(0, zeek::make_intrusive(IPAddr(IPv6, bytes, IPAddr::Network))); + rv->Assign(0, zeek::make_intrusive(zeek::IPAddr(IPv6, bytes, zeek::IPAddr::Network))); return rv; } case 20: diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 7d654ada20..0bb947a03f 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -511,7 +511,7 @@ void NetbiosSSN_Analyzer::ConnectionClosed(tcp::TCP_Endpoint* endpoint, } void NetbiosSSN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.h b/src/analyzer/protocol/netbios/NetbiosSSN.h index 6548bcf513..1b076ae067 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.h +++ b/src/analyzer/protocol/netbios/NetbiosSSN.h @@ -146,7 +146,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NetbiosSSN_Analyzer(conn); } diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index 3984f6429f..d4f2ff56f7 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -24,7 +24,7 @@ NTP_Analyzer::~NTP_Analyzer() } void NTP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/ntp/NTP.h b/src/analyzer/protocol/ntp/NTP.h index aea622340a..99cac3807c 100644 --- a/src/analyzer/protocol/ntp/NTP.h +++ b/src/analyzer/protocol/ntp/NTP.h @@ -17,7 +17,7 @@ public: // Overriden from Analyzer. void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new NTP_Analyzer(conn); } diff --git a/src/analyzer/protocol/ntp/ntp-analyzer.pac b/src/analyzer/protocol/ntp/ntp-analyzer.pac index f7a3b2dc90..955825a645 100644 --- a/src/analyzer/protocol/ntp/ntp-analyzer.pac +++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac @@ -54,7 +54,7 @@ default: { const uint8* d = ${nsm.reference_id}.data(); - rv->Assign(7, zeek::make_intrusive(IPAddr(IPv4, (const uint32*) d, IPAddr::Network))); + rv->Assign(7, zeek::make_intrusive(zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network))); } break; } diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 87be6e540f..45752f5176 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -36,7 +36,7 @@ void PIA::ClearBuffer(Buffer* buffer) } void PIA::AddToBuffer(Buffer* buffer, uint64_t seq, int len, const u_char* data, - bool is_orig, const IP_Hdr* ip) + bool is_orig, const zeek::IP_Hdr* ip) { u_char* tmp = nullptr; @@ -66,7 +66,7 @@ void PIA::AddToBuffer(Buffer* buffer, uint64_t seq, int len, const u_char* data, } void PIA::AddToBuffer(Buffer* buffer, int len, const u_char* data, bool is_orig, - const IP_Hdr* ip) + const zeek::IP_Hdr* ip) { AddToBuffer(buffer, -1, len, data, is_orig, ip); } @@ -85,7 +85,7 @@ void PIA::PIA_Done() } void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, - const IP_Hdr* ip, int caplen, bool clear_state) + const zeek::IP_Hdr* ip, int caplen, bool clear_state) { if ( pkt_buffer.state == SKIPPING ) return; @@ -130,7 +130,7 @@ void PIA::Match(Rule::PatternType type, const u_char* data, int len, } void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol, - bool clear_state, const IP_Hdr* ip) + bool clear_state, const zeek::IP_Hdr* ip) { if ( ! rule_matcher ) return; @@ -203,12 +203,12 @@ void PIA_TCP::Init() } } -void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip) +void PIA_TCP::FirstPacket(bool is_orig, const zeek::IP_Hdr* ip) { static char dummy_packet[sizeof(struct ip) + sizeof(struct tcphdr)]; static struct ip* ip4 = nullptr; static struct tcphdr* tcp4 = nullptr; - static IP_Hdr* ip4_hdr = nullptr; + static zeek::IP_Hdr* ip4_hdr = nullptr; DBG_LOG(DBG_ANALYZER, "PIA_TCP[%d] FirstPacket(%s)", GetID(), (is_orig ? "T" : "F")); @@ -226,7 +226,7 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip) ip4->ip_p = IPPROTO_TCP; // Cast to const so that it doesn't delete it. - ip4_hdr = new IP_Hdr(ip4, false); + ip4_hdr = new zeek::IP_Hdr(ip4, false); } if ( is_orig ) diff --git a/src/analyzer/protocol/pia/PIA.h b/src/analyzer/protocol/pia/PIA.h index b101513c69..fa8673715c 100644 --- a/src/analyzer/protocol/pia/PIA.h +++ b/src/analyzer/protocol/pia/PIA.h @@ -42,14 +42,14 @@ public: protected: void PIA_Done(); void PIA_DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen, bool clear_state); + uint64_t seq, const zeek::IP_Hdr* ip, int caplen, bool clear_state); enum State { INIT, BUFFERING, MATCHING_ONLY, SKIPPING } state; // Buffers one chunk of data. Used both for packet payload (incl. // sequence numbers for TCP) and chunks of a reassembled stream. struct DataBlock { - IP_Hdr* ip; + zeek::IP_Hdr* ip; const u_char* data; bool is_orig; int len; @@ -67,15 +67,15 @@ protected: }; void AddToBuffer(Buffer* buffer, uint64_t seq, int len, - const u_char* data, bool is_orig, const IP_Hdr* ip = nullptr); + const u_char* data, bool is_orig, const zeek::IP_Hdr* ip = nullptr); void AddToBuffer(Buffer* buffer, int len, - const u_char* data, bool is_orig, const IP_Hdr* ip = nullptr); + const u_char* data, bool is_orig, const zeek::IP_Hdr* ip = nullptr); void ClearBuffer(Buffer* buffer); DataBlock* CurrentPacket() { return ¤t_packet; } void DoMatch(const u_char* data, int len, bool is_orig, bool bol, - bool eol, bool clear_state, const IP_Hdr* ip = nullptr); + bool eol, bool clear_state, const zeek::IP_Hdr* ip = nullptr); void SetConn(Connection* c) { conn = c; } @@ -106,7 +106,7 @@ protected: } void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override { Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true); @@ -136,7 +136,7 @@ public: // matcher in the case that we already get reassembled input, // and making it part of the general analyzer interface seems // to be unnecessary overhead.) - void FirstPacket(bool is_orig, const IP_Hdr* ip); + void FirstPacket(bool is_orig, const zeek::IP_Hdr* ip); void ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer); @@ -151,7 +151,7 @@ protected: } void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override { Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, false); diff --git a/src/analyzer/protocol/radius/RADIUS.cc b/src/analyzer/protocol/radius/RADIUS.cc index 6f75e3094c..9ddf9318e7 100644 --- a/src/analyzer/protocol/radius/RADIUS.cc +++ b/src/analyzer/protocol/radius/RADIUS.cc @@ -25,7 +25,7 @@ void RADIUS_Analyzer::Done() } void RADIUS_Analyzer::DeliverPacket(int len, const u_char* data, - bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) + bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/radius/RADIUS.h b/src/analyzer/protocol/radius/RADIUS.h index bf3d57a39e..9ac473937d 100644 --- a/src/analyzer/protocol/radius/RADIUS.h +++ b/src/analyzer/protocol/radius/RADIUS.h @@ -19,7 +19,7 @@ public: // Overriden from Analyzer. void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new RADIUS_Analyzer(conn); } diff --git a/src/analyzer/protocol/rdp/RDPEUDP.cc b/src/analyzer/protocol/rdp/RDPEUDP.cc index 6c4d840a3b..457be271ba 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.cc +++ b/src/analyzer/protocol/rdp/RDPEUDP.cc @@ -22,7 +22,7 @@ void RDP_Analyzer::Done() } void RDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/rdp/RDPEUDP.h b/src/analyzer/protocol/rdp/RDPEUDP.h index a83ad6909c..c5409a7817 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.h +++ b/src/analyzer/protocol/rdp/RDPEUDP.h @@ -13,7 +13,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new RDP_Analyzer(conn); } diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 5f04b40b7c..8c27a1aec0 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -736,7 +736,7 @@ RPC_Analyzer::~RPC_Analyzer() } void RPC_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); len = std::min(len, caplen); diff --git a/src/analyzer/protocol/rpc/RPC.h b/src/analyzer/protocol/rpc/RPC.h index 924752c4f9..f7c1ba91d5 100644 --- a/src/analyzer/protocol/rpc/RPC.h +++ b/src/analyzer/protocol/rpc/RPC.h @@ -240,7 +240,7 @@ public: protected: void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void ExpireTimer(double t); diff --git a/src/analyzer/protocol/sip/SIP.cc b/src/analyzer/protocol/sip/SIP.cc index 6acd1126ac..3ea5acbeaf 100644 --- a/src/analyzer/protocol/sip/SIP.cc +++ b/src/analyzer/protocol/sip/SIP.cc @@ -21,7 +21,7 @@ void SIP_Analyzer::Done() } void SIP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { bool real_orig = true; if ( len > 6 && data[0] == 'S' && data[1] == 'I' && data[2] == 'P' && data[3] == '/' ) diff --git a/src/analyzer/protocol/sip/SIP.h b/src/analyzer/protocol/sip/SIP.h index f1a337563f..e3acec9f0f 100644 --- a/src/analyzer/protocol/sip/SIP.h +++ b/src/analyzer/protocol/sip/SIP.h @@ -16,7 +16,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new SIP_Analyzer(conn); } diff --git a/src/analyzer/protocol/snmp/SNMP.cc b/src/analyzer/protocol/snmp/SNMP.cc index 6e0988ae2b..c998c9fcde 100644 --- a/src/analyzer/protocol/snmp/SNMP.cc +++ b/src/analyzer/protocol/snmp/SNMP.cc @@ -26,7 +26,7 @@ void SNMP_Analyzer::Done() } void SNMP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/snmp/SNMP.h b/src/analyzer/protocol/snmp/SNMP.h index e1a695aa3f..4d6001933e 100644 --- a/src/analyzer/protocol/snmp/SNMP.h +++ b/src/analyzer/protocol/snmp/SNMP.h @@ -15,7 +15,7 @@ public: virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen); + uint64_t seq, const zeek::IP_Hdr* ip, int caplen); static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new SNMP_Analyzer(conn); } diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index 162b7d1942..738ca3f912 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -35,7 +35,7 @@ zeek::AddrValPtr network_address_to_val(const ASN1Encoding* na) // but standards don't seem to currently make any provisions for IPv6, // so ignore anything that can't be IPv4. if ( bs.length() != 4 ) - return zeek::make_intrusive(IPAddr()); + return zeek::make_intrusive(zeek::IPAddr()); const u_char* data = reinterpret_cast(bs.data()); uint32 network_order = extract_uint32(data); diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac index 24eca37f08..8f2ee90e74 100644 --- a/src/analyzer/protocol/socks/socks-analyzer.pac +++ b/src/analyzer/protocol/socks/socks-analyzer.pac @@ -98,7 +98,7 @@ refine connection SOCKS_Conn += { break; case 4: - sa->Assign(0, zeek::make_intrusive(IPAddr(IPv6, (const uint32_t*) ${request.remote_name.ipv6}, IPAddr::Network))); + sa->Assign(0, zeek::make_intrusive(zeek::IPAddr(IPv6, (const uint32_t*) ${request.remote_name.ipv6}, zeek::IPAddr::Network))); break; default: @@ -138,7 +138,7 @@ refine connection SOCKS_Conn += { break; case 4: - sa->Assign(0, zeek::make_intrusive(IPAddr(IPv6, (const uint32_t*) ${reply.bound.ipv6}, IPAddr::Network))); + sa->Assign(0, zeek::make_intrusive(zeek::IPAddr(IPv6, (const uint32_t*) ${reply.bound.ipv6}, zeek::IPAddr::Network))); break; default: diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc index 0f329bb857..e155f79a0a 100644 --- a/src/analyzer/protocol/ssl/DTLS.cc +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -32,7 +32,7 @@ void DTLS_Analyzer::Done() handshake_interp->FlowEOF(false); } -void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h index 9e7ce7dd40..ff059efa2d 100644 --- a/src/analyzer/protocol/ssl/DTLS.h +++ b/src/analyzer/protocol/ssl/DTLS.h @@ -18,7 +18,7 @@ public: // Overriden from Analyzer. void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void EndOfData(bool is_orig) override; void SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, uint32_t length, const u_char* begin, const u_char* end, bool orig); diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index f99540b4fd..d96dade4d6 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -61,7 +61,7 @@ void SteppingStoneEndpoint::Done() } bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen, - const u_char* data, const IP_Hdr* /* ip */, + const u_char* data, const zeek::IP_Hdr* /* ip */, const struct tcphdr* tp) { if ( caplen < len ) @@ -172,7 +172,7 @@ void SteppingStone_Analyzer::Init() void SteppingStone_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, - const IP_Hdr* ip, int caplen) + const zeek::IP_Hdr* ip, int caplen) { tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.h b/src/analyzer/protocol/stepping-stone/SteppingStone.h index ac9011dc82..c9a553af70 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.h +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.h @@ -19,7 +19,7 @@ public: void Done(); bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data, - const IP_Hdr* ip, const struct tcphdr* tp); + const zeek::IP_Hdr* ip, const struct tcphdr* tp); protected: void Event(EventHandlerPtr f, int id1, int id2 = -1); @@ -55,7 +55,7 @@ protected: // We support both packet and stream input and can be put in place even // if the TCP analyzer is not yet reassebmling. void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void DeliverStream(int len, const u_char* data, bool is_orig) override; int orig_stream_pos; diff --git a/src/analyzer/protocol/syslog/Syslog.cc b/src/analyzer/protocol/syslog/Syslog.cc index 225bd1957b..c0184b11ab 100644 --- a/src/analyzer/protocol/syslog/Syslog.cc +++ b/src/analyzer/protocol/syslog/Syslog.cc @@ -28,7 +28,7 @@ void Syslog_Analyzer::Done() Event(udp_session_done); } -void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); interp->NewData(orig, data, data + len); diff --git a/src/analyzer/protocol/syslog/Syslog.h b/src/analyzer/protocol/syslog/Syslog.h index 50bc8c0d83..9b68982c2e 100644 --- a/src/analyzer/protocol/syslog/Syslog.h +++ b/src/analyzer/protocol/syslog/Syslog.h @@ -15,7 +15,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Syslog_Analyzer(conn); } diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 6a93907c24..7e3091144a 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -42,7 +42,7 @@ namespace { // local namespace static const int ORIG = 1; static const int RESP = 2; -static zeek::RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip, +static zeek::RecordVal* build_syn_packet_val(bool is_orig, const zeek::IP_Hdr* ip, const struct tcphdr* tcp) { int winscale = -1; @@ -800,7 +800,7 @@ void TCP_Analyzer::GeneratePacketEvent( } bool TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen, - const IP_Hdr* ip, const struct tcphdr* tp, + const zeek::IP_Hdr* ip, const struct tcphdr* tp, TCP_Endpoint* endpoint, uint64_t rel_data_seq, bool is_orig, TCP_Flags flags) { @@ -818,7 +818,7 @@ void TCP_Analyzer::CheckRecording(bool need_contents, TCP_Flags flags) Conn()->SetRecordCurrentPacket(record_current_packet); } -void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip) +void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip) { if ( is_orig && ! (first_packet_seen & ORIG) ) { @@ -1045,7 +1045,7 @@ static int32_t update_last_seq(TCP_Endpoint* endpoint, uint32_t last_seq, } void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { TransportLayerAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen); @@ -1902,7 +1902,7 @@ void TCP_ApplicationAnalyzer::ProtocolViolation(const char* reason, void TCP_ApplicationAnalyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, - const IP_Hdr* ip, int caplen) + const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]", @@ -1984,7 +1984,7 @@ int endian_flip(int n) bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int caplen, const u_char* /* data */, - const IP_Hdr* ip, const struct tcphdr* /* tp */) + const zeek::IP_Hdr* ip, const struct tcphdr* /* tp */) { if ( ++num_pkts == 1 ) { // First packet. @@ -2124,7 +2124,7 @@ void TCPStats_Analyzer::Done() ); } -void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const IP_Hdr* ip, int caplen) +void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 39246e0a71..225da0c34e 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -79,7 +79,8 @@ protected: // Analyzer interface. void Init() override; void Done() override; - void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override; + void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, + const zeek::IP_Hdr* ip, int caplen) override; void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; void FlipRoles() override; @@ -134,12 +135,12 @@ protected: bool is_orig, TCP_Flags flags); bool DeliverData(double t, const u_char* data, int len, int caplen, - const IP_Hdr* ip, const struct tcphdr* tp, - TCP_Endpoint* endpoint, uint64_t rel_data_seq, - bool is_orig, TCP_Flags flags); + const zeek::IP_Hdr* ip, const struct tcphdr* tp, + TCP_Endpoint* endpoint, uint64_t rel_data_seq, + bool is_orig, TCP_Flags flags); void CheckRecording(bool need_contents, TCP_Flags flags); - void CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip); + void CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip); friend class ConnectionTimer; void AttemptTimer(double t); @@ -227,7 +228,7 @@ public: virtual void PacketWithRST(); void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; void Init() override; // This suppresses violations if the TCP connection wasn't @@ -265,7 +266,7 @@ public: explicit TCPStats_Endpoint(TCP_Endpoint* endp); bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data, - const IP_Hdr* ip, const struct tcphdr* tp); + const zeek::IP_Hdr* ip, const struct tcphdr* tp); zeek::RecordVal* BuildStats(); @@ -295,7 +296,7 @@ public: protected: void DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; TCPStats_Endpoint* orig_stats; TCPStats_Endpoint* resp_stats; diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 7e799271d8..2b0874bfdc 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -200,8 +200,8 @@ uint64_t TCP_Endpoint::Size() const } bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen, - const u_char* data, - const IP_Hdr* ip, const struct tcphdr* tp) + const u_char* data, + const zeek::IP_Hdr* ip, const struct tcphdr* tp) { bool status = false; diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index 960cee689c..a9883d8e2d 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -6,7 +6,8 @@ #include "File.h" class Connection; -class IP_Hdr; + +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); namespace analyzer { namespace tcp { @@ -183,7 +184,7 @@ public: // Returns true if the data was used (and hence should be recorded // in the save file), false otherwise. bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data, - const IP_Hdr* ip, const struct tcphdr* tp); + const zeek::IP_Hdr* ip, const struct tcphdr* tp); void AckReceived(uint64_t seq); @@ -215,8 +216,8 @@ public: uint32_t checksum_base; double start_time, last_time; - IPAddr src_addr; // the other endpoint - IPAddr dst_addr; // this endpoint + zeek::IPAddr src_addr; // the other endpoint + zeek::IPAddr dst_addr; // this endpoint uint32_t window; // current advertised window (*scaled*, not pre-scaling) int window_scale; // from the TCP option uint32_t window_ack_seq; // at which ack_seq number did we record 'window' diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index 319882cd96..7611e19325 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -96,7 +96,7 @@ bool TeredoEncapsulation::DoParse(const u_char* data, int& len, return false; } -zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const +zeek::RecordValPtr TeredoEncapsulation::BuildVal(const zeek::IP_Hdr* inner) const { static auto teredo_hdr_type = zeek::id::find_type("teredo_hdr"); static auto teredo_auth_type = zeek::id::find_type("teredo_auth"); @@ -135,7 +135,7 @@ zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const } void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); @@ -160,7 +160,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, return; } - IP_Hdr* inner = nullptr; + zeek::IP_Hdr* inner = nullptr; int rslt = sessions->ParseIPPacket(len, te.InnerIP(), IPPROTO_IPV6, inner); if ( rslt > 0 ) diff --git a/src/analyzer/protocol/teredo/Teredo.h b/src/analyzer/protocol/teredo/Teredo.h index 25c098378d..373d5b5b40 100644 --- a/src/analyzer/protocol/teredo/Teredo.h +++ b/src/analyzer/protocol/teredo/Teredo.h @@ -18,7 +18,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new Teredo_Analyzer(conn); } @@ -74,7 +74,7 @@ public: const u_char* Authentication() const { return auth; } - zeek::RecordValPtr BuildVal(const IP_Hdr* inner) const; + zeek::RecordValPtr BuildVal(const zeek::IP_Hdr* inner) const; protected: bool DoParse(const u_char* data, int& len, bool found_orig, bool found_au); diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 25a2efd766..b57b1de87d 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -42,7 +42,7 @@ void UDP_Analyzer::Done() } void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { assert(ip); @@ -258,7 +258,7 @@ void UDP_Analyzer::ChecksumEvent(bool is_orig, uint32_t threshold) is_orig, threshold); } -bool UDP_Analyzer::ValidateChecksum(const IP_Hdr* ip, const udphdr* up, int len) +bool UDP_Analyzer::ValidateChecksum(const zeek::IP_Hdr* ip, const udphdr* up, int len) { uint32_t sum; diff --git a/src/analyzer/protocol/udp/UDP.h b/src/analyzer/protocol/udp/UDP.h index 569471739d..5ba9f02377 100644 --- a/src/analyzer/protocol/udp/UDP.h +++ b/src/analyzer/protocol/udp/UDP.h @@ -26,14 +26,14 @@ public: protected: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; bool IsReuse(double t, const u_char* pkt) override; unsigned int MemoryAllocation() const override; void ChecksumEvent(bool is_orig, uint32_t threshold); // Returns true if the checksum is valid, false if not - static bool ValidateChecksum(const IP_Hdr* ip, const struct udphdr* up, + static bool ValidateChecksum(const zeek::IP_Hdr* ip, const struct udphdr* up, int len); bro_int_t request_len, reply_len; diff --git a/src/analyzer/protocol/vxlan/VXLAN.cc b/src/analyzer/protocol/vxlan/VXLAN.cc index 50f098080a..3cd7847448 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.cc +++ b/src/analyzer/protocol/vxlan/VXLAN.cc @@ -25,7 +25,7 @@ void VXLAN_Analyzer::Done() } void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); @@ -76,7 +76,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, len -= pkt.hdr_size; caplen -= pkt.hdr_size; - IP_Hdr* inner = nullptr; + zeek::IP_Hdr* inner = nullptr; int res = 0; switch ( pkt.l3_proto ) { diff --git a/src/analyzer/protocol/vxlan/VXLAN.h b/src/analyzer/protocol/vxlan/VXLAN.h index 3ec3e10a41..fbdbf7407d 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.h +++ b/src/analyzer/protocol/vxlan/VXLAN.h @@ -15,7 +15,7 @@ public: void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, - uint64_t seq, const IP_Hdr* ip, int caplen) override; + uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; static zeek::analyzer::Analyzer* Instantiate(Connection* conn) { return new VXLAN_Analyzer(conn); } diff --git a/src/broker/Data.cc b/src/broker/Data.cc index 260dec8eb6..09a97b9c94 100644 --- a/src/broker/Data.cc +++ b/src/broker/Data.cc @@ -136,7 +136,7 @@ struct val_converter { if ( type->Tag() == zeek::TYPE_ADDR ) { auto bits = reinterpret_cast(&a.bytes()); - return zeek::make_intrusive(IPAddr(*bits)); + return zeek::make_intrusive(zeek::IPAddr(*bits)); } return nullptr; @@ -147,7 +147,7 @@ struct val_converter { if ( type->Tag() == zeek::TYPE_SUBNET ) { auto bits = reinterpret_cast(&a.network().bytes()); - return zeek::make_intrusive(IPPrefix(IPAddr(*bits), a.length())); + return zeek::make_intrusive(zeek::IPPrefix(zeek::IPAddr(*bits), a.length())); } return nullptr; diff --git a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac index 81700f080c..a550408d92 100644 --- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac +++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac @@ -12,12 +12,12 @@ zeek::AddrValPtr binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vectorsize() == 1 ) { - return zeek::make_intrusive(IPAddr(IPv4, &(a->at(0)), IPAddr::Host)); + return zeek::make_intrusive(zeek::IPAddr(IPv4, &(a->at(0)), zeek::IPAddr::Host)); } else if ( a->size() == 4 ) { uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) }; - return zeek::make_intrusive(IPAddr(IPv6, tmp, IPAddr::Host)); + return zeek::make_intrusive(zeek::IPAddr(IPv6, tmp, zeek::IPAddr::Host)); } else { diff --git a/src/file_analysis/analyzer/x509/X509Common.h b/src/file_analysis/analyzer/x509/X509Common.h index 677d886363..dfe9a8100f 100644 --- a/src/file_analysis/analyzer/x509/X509Common.h +++ b/src/file_analysis/analyzer/x509/X509Common.h @@ -14,6 +14,7 @@ class EventHandlerPtr; class Reporter; ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek); + namespace zeek { template class IntrusivePtr; using StringValPtr = zeek::IntrusivePtr; diff --git a/src/input/Manager.cc b/src/input/Manager.cc index d26b51e104..8980b709bf 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -2227,14 +2227,14 @@ zeek::Val* Manager::ValueToVal(const Stream* i, const Value* val, zeek::Type* re case zeek::TYPE_ADDR: { - IPAddr* addr = nullptr; + zeek::IPAddr* addr = nullptr; switch ( val->val.addr_val.family ) { case IPv4: - addr = new IPAddr(val->val.addr_val.in.in4); + addr = new zeek::IPAddr(val->val.addr_val.in.in4); break; case IPv6: - addr = new IPAddr(val->val.addr_val.in.in6); + addr = new zeek::IPAddr(val->val.addr_val.in.in6); break; default: @@ -2248,14 +2248,14 @@ zeek::Val* Manager::ValueToVal(const Stream* i, const Value* val, zeek::Type* re case zeek::TYPE_SUBNET: { - IPAddr* addr = nullptr; + zeek::IPAddr* addr = nullptr; switch ( val->val.subnet_val.prefix.family ) { case IPv4: - addr = new IPAddr(val->val.subnet_val.prefix.in.in4); + addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in4); break; case IPv6: - addr = new IPAddr(val->val.subnet_val.prefix.in.in6); + addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in6); break; default: diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index b5af2e37b7..cfa14e1f61 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -66,9 +66,9 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen, ProcessLayer2(); } -const IP_Hdr Packet::IP() const +const zeek::IP_Hdr Packet::IP() const { - return IP_Hdr((struct ip *) (data + hdr_size), false); + return zeek::IP_Hdr((struct ip *) (data + hdr_size), false); } void Packet::Weird(const char* name) @@ -654,13 +654,13 @@ zeek::RecordValPtr Packet::ToRawPktHdrVal() const if ( l3_proto == L3_IPV4 ) { - IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false); + zeek::IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false); return ip_hdr.ToPktHdrVal(std::move(pkt_hdr), 1); } else if ( l3_proto == L3_IPV6 ) { - IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len); + zeek::IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len); return ip6_hdr.ToPktHdrVal(std::move(pkt_hdr), 1); } @@ -683,7 +683,7 @@ zeek::ValPtr Packet::FmtEUI48(const u_char* mac) const void Packet::Describe(ODesc* d) const { - const IP_Hdr ip = IP(); + const zeek::IP_Hdr ip = IP(); d->Add(ip.SrcAddr()); d->Add("->"); d->Add(ip.DstAddr()); diff --git a/src/iosource/Packet.h b/src/iosource/Packet.h index 5d2e927d99..1284973619 100644 --- a/src/iosource/Packet.h +++ b/src/iosource/Packet.h @@ -24,7 +24,7 @@ using RecordValPtr = zeek::IntrusivePtr; } class ODesc; -class IP_Hdr; +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); /** * The Layer 3 type of a packet, as determined by the parsing code in Packet. @@ -130,11 +130,11 @@ public: * Interprets the Layer 3 of the packet as IP and returns a * correspondign object. */ - const IP_Hdr IP() const; + const zeek::IP_Hdr IP() const; /** * Returns a \c raw_pkt_hdr RecordVal, which includes layer 2 and - * also everything in IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP). + * also everything in zeek::IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP). */ zeek::RecordValPtr ToRawPktHdrVal() const; diff --git a/src/net_util.cc b/src/net_util.cc index 4136031f13..0f0f89d63e 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -35,7 +35,7 @@ int ones_complement_checksum(const void* p, int b, uint32_t sum) return sum; } -int ones_complement_checksum(const IPAddr& a, uint32_t sum) +int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum) { const uint32_t* bytes; int len = a.GetBytes(&bytes); @@ -58,7 +58,7 @@ int icmp_checksum(const struct icmp* icmpp, int len) } #ifdef ENABLE_MOBILE_IPV6 -int mobility_header_checksum(const IP_Hdr* ip) +int mobility_header_checksum(const zeek::IP_Hdr* ip) { const ip6_mobility* mh = ip->MobilityHeader(); @@ -83,7 +83,7 @@ int mobility_header_checksum(const IP_Hdr* ip) } #endif -int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len) +int icmp6_checksum(const struct icmp* icmpp, const zeek::IP_Hdr* ip, int len) { // ICMP6 uses the same checksum function as ICMP4 but a different // pseudo-header over which it is computed. @@ -131,8 +131,8 @@ char addr_to_class(uint32_t addr) return 'A'; } -const char* fmt_conn_id(const IPAddr& src_addr, uint32_t src_port, - const IPAddr& dst_addr, uint32_t dst_port) +const char* fmt_conn_id(const zeek::IPAddr& src_addr, uint32_t src_port, + const zeek::IPAddr& dst_addr, uint32_t dst_port) { static char buffer[512]; @@ -144,10 +144,10 @@ const char* fmt_conn_id(const IPAddr& src_addr, uint32_t src_port, } const char* fmt_conn_id(const uint32_t* src_addr, uint32_t src_port, - const uint32_t* dst_addr, uint32_t dst_port) + const uint32_t* dst_addr, uint32_t dst_port) { - IPAddr src(IPv6, src_addr, IPAddr::Network); - IPAddr dst(IPv6, dst_addr, IPAddr::Network); + zeek::IPAddr src(IPv6, src_addr, zeek::IPAddr::Network); + zeek::IPAddr dst(IPv6, dst_addr, zeek::IPAddr::Network); return fmt_conn_id(src, src_port, dst, dst_port); } diff --git a/src/net_util.h b/src/net_util.h index f13c3aa740..6bd094e9e6 100644 --- a/src/net_util.h +++ b/src/net_util.h @@ -132,28 +132,28 @@ inline int32_t seq_delta(uint32_t a, uint32_t b) return a - b; } -class IPAddr; -class IP_Hdr; +ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); // Returns the ones-complement checksum of a chunk of b short-aligned bytes. extern int ones_complement_checksum(const void* p, int b, uint32_t sum); -extern int ones_complement_checksum(const IPAddr& a, uint32_t sum); +extern int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum); -extern int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len); +extern int icmp6_checksum(const struct icmp* icmpp, const zeek::IP_Hdr* ip, int len); extern int icmp_checksum(const struct icmp* icmpp, int len); #ifdef ENABLE_MOBILE_IPV6 -extern int mobility_header_checksum(const IP_Hdr* ip); +extern int mobility_header_checksum(const zeek::IP_Hdr* ip); #endif // Returns 'A', 'B', 'C' or 'D' extern char addr_to_class(uint32_t addr); -extern const char* fmt_conn_id(const IPAddr& src_addr, uint32_t src_port, - const IPAddr& dst_addr, uint32_t dst_port); +extern const char* fmt_conn_id(const zeek::IPAddr& src_addr, uint32_t src_port, + const zeek::IPAddr& dst_addr, uint32_t dst_port); extern const char* fmt_conn_id(const uint32_t* src_addr, uint32_t src_port, - const uint32_t* dst_addr, uint32_t dst_port); + const uint32_t* dst_addr, uint32_t dst_port); /** * Given a MAC address, formats it in hex as 00:de:ad:be:ef. diff --git a/src/rule-parse.y b/src/rule-parse.y index b15763614a..9a31501add 100644 --- a/src/rule-parse.y +++ b/src/rule-parse.y @@ -81,8 +81,8 @@ static uint8_t ip4_mask_to_len(uint32_t mask) Rule* rule; RuleHdrTest* hdr_test; maskedvalue_list* vallist; - std::vector* prefix_val_list; - IPPrefix* prefixval; + std::vector* prefix_val_list; + zeek::IPPrefix* prefixval; bool bl; int val; @@ -318,12 +318,12 @@ prefix_value_list: } | prefix_value { - $$ = new std::vector(); + $$ = new std::vector(); $$->push_back(*($1)); } | TOK_IDENT { - $$ = new std::vector(); + $$ = new std::vector(); id_to_maskedvallist($1, 0, $$); } ; @@ -331,8 +331,8 @@ prefix_value_list: prefix_value: TOK_IP { - $$ = new IPPrefix(IPAddr(IPv4, &($1.val), IPAddr::Host), - ip4_mask_to_len($1.mask)); + $$ = new zeek::IPPrefix(zeek::IPAddr(IPv4, &($1.val), zeek::IPAddr::Host), + ip4_mask_to_len($1.mask)); } | TOK_IP6 ; diff --git a/src/rule-scan.l b/src/rule-scan.l index bc64963161..f7e5d8c443 100644 --- a/src/rule-scan.l +++ b/src/rule-scan.l @@ -42,14 +42,14 @@ PID {PIDCOMPONENT}(::{PIDCOMPONENT})* } {IP6} { - rules_lval.prefixval = new IPPrefix(IPAddr(extract_ip(yytext)), 128, true); + rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(extract_ip(yytext)), 128, true); return TOK_IP6; } {IP6}{OWS}"/"{OWS}{D} { int len = 0; std::string ip = extract_ip_and_len(yytext, &len); - rules_lval.prefixval = new IPPrefix(IPAddr(ip), len, true); + rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(ip), len, true); return TOK_IP6; } diff --git a/src/scan.l b/src/scan.l index eae0ac58e8..513caa35a2 100644 --- a/src/scan.l +++ b/src/scan.l @@ -181,7 +181,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) {IP6}{OWS}"/"{OWS}{D} { int len = 0; std::string ip = extract_ip_and_len(yytext, &len); - RET_CONST(new zeek::SubNetVal(IPPrefix(IPAddr(ip), len, true))) + RET_CONST(new zeek::SubNetVal(zeek::IPPrefix(zeek::IPAddr(ip), len, true))) } /* IPv4 literal constant patterns */ @@ -190,7 +190,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) ({D}"."){3}{D}{OWS}"/"{OWS}{D} { int len = 0; std::string ip = extract_ip_and_len(yytext, &len); - RET_CONST(new zeek::SubNetVal(IPPrefix(IPAddr(ip), len))) + RET_CONST(new zeek::SubNetVal(zeek::IPPrefix(zeek::IPAddr(ip), len))) } [!%*/+\-,:;<=>?()\[\]{}~$|&^] return yytext[0]; diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index c15f672b25..0ce57dad6f 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -475,14 +475,14 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool& case zeek::TYPE_ADDR: { - IPAddr* addr = nullptr; + zeek::IPAddr* addr = nullptr; switch ( val->val.addr_val.family ) { case IPv4: - addr = new IPAddr(val->val.addr_val.in.in4); + addr = new zeek::IPAddr(val->val.addr_val.in.in4); break; case IPv6: - addr = new IPAddr(val->val.addr_val.in.in6); + addr = new zeek::IPAddr(val->val.addr_val.in.in6); break; default: @@ -496,14 +496,14 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool& case zeek::TYPE_SUBNET: { - IPAddr* addr = nullptr; + zeek::IPAddr* addr = nullptr; switch ( val->val.subnet_val.prefix.family ) { case IPv4: - addr = new IPAddr(val->val.subnet_val.prefix.in.in4); + addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in4); break; case IPv6: - addr = new IPAddr(val->val.subnet_val.prefix.in.in6); + addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in6); break; default: diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index 87d4f70505..11f6b27038 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -210,7 +210,7 @@ struct Value { static zeek::Val* ValueToVal(const std::string& source, const threading::Value* val, bool& have_error); private: - friend class ::IPAddr; + friend class IPAddr; Value(const Value& other) = delete; }; diff --git a/src/zeek.bif b/src/zeek.bif index 0de446fbbc..e8b56627d3 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -2046,7 +2046,7 @@ function is_local_interface%(ip: addr%) : bool if ( ip->AsAddr().IsLoopback() ) return zeek::val_mgr->True(); - list addrs; + list addrs; char host[MAXHOSTNAMELEN]; @@ -2059,8 +2059,8 @@ function is_local_interface%(ip: addr%) : bool if ( ent ) { for ( unsigned int len = 0; ent->h_addr_list[len]; ++len ) - addrs.push_back(IPAddr(IPv4, (uint32_t*)ent->h_addr_list[len], - IPAddr::Network)); + addrs.push_back(zeek::IPAddr(IPv4, (uint32_t*)ent->h_addr_list[len], + zeek::IPAddr::Network)); } ent = gethostbyname2(host, AF_INET6); @@ -2068,11 +2068,11 @@ function is_local_interface%(ip: addr%) : bool if ( ent ) { for ( unsigned int len = 0; ent->h_addr_list[len]; ++len ) - addrs.push_back(IPAddr(IPv6, (uint32_t*)ent->h_addr_list[len], - IPAddr::Network)); + addrs.push_back(zeek::IPAddr(IPv6, (uint32_t*)ent->h_addr_list[len], + zeek::IPAddr::Network)); } - list::const_iterator it; + list::const_iterator it; for ( it = addrs.begin(); it != addrs.end(); ++it ) { if ( *it == ip->AsAddr() ) @@ -2241,7 +2241,7 @@ function routing0_data_to_addrs%(s: string%): addr_vec while ( len > 0 ) { - IPAddr a(IPv6, (const uint32_t*) bytes, IPAddr::Network); + zeek::IPAddr a(IPv6, (const uint32_t*) bytes, zeek::IPAddr::Network); rval->Assign(rval->Size(), zeek::make_intrusive(a)); bytes += 16; len -= 16; @@ -2484,11 +2484,11 @@ function to_addr%(ip: string%): addr zeek::ValPtr ret; in6_addr tmp; - if ( IPAddr::ConvertString(s, &tmp) ) - ret = zeek::make_intrusive(IPAddr(tmp)); + if ( zeek::IPAddr::ConvertString(s, &tmp) ) + ret = zeek::make_intrusive(zeek::IPAddr(tmp)); else { - ret = zeek::make_intrusive(IPAddr()); + ret = zeek::make_intrusive(zeek::IPAddr()); zeek::emit_builtin_error("failed converting string to IP address", ip); } @@ -2504,7 +2504,7 @@ function to_addr%(ip: string%): addr function is_valid_ip%(ip: string%): bool %{ char* s = ip->AsString()->Render(); - auto rval = IPAddr::IsValid(s); + auto rval = zeek::IPAddr::IsValid(s); delete [] s; return zeek::val_mgr->Bool(rval); %} @@ -3206,9 +3206,9 @@ function mask_addr%(a: addr, top_bits_to_keep: count%): subnet ## .. zeek:see:: mask_addr function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr %{ - IPAddr addr1(a1->AsAddr()); + zeek::IPAddr addr1(a1->AsAddr()); addr1.Mask(top_bits_from_a1); - IPAddr addr2(a2->AsAddr()); + zeek::IPAddr addr2(a2->AsAddr()); addr2.ReverseMask(top_bits_from_a1); return zeek::make_intrusive(addr1|addr2); %} @@ -3375,9 +3375,9 @@ const char* conn_id_string(zeek::Val* c) const auto& id = (*(c->AsRecord()))[0]; auto vl = id->AsRecord(); - const IPAddr& orig_h = (*vl)[0]->AsAddr(); + const zeek::IPAddr& orig_h = (*vl)[0]->AsAddr(); uint32_t orig_p = (*vl)[1]->AsPortVal()->Port(); - const IPAddr& resp_h = (*vl)[2]->AsAddr(); + const zeek::IPAddr& resp_h = (*vl)[2]->AsAddr(); uint32_t resp_p = (*vl)[3]->AsPortVal()->Port(); return fmt("%s/%u -> %s/%u\n", orig_h.AsString().c_str(), orig_p, @@ -3859,7 +3859,7 @@ static void mmdb_check_asn() } } -static bool mmdb_lookup(const IPAddr& addr, MMDB_lookup_result_s& result, +static bool mmdb_lookup(const zeek::IPAddr& addr, MMDB_lookup_result_s& result, bool asn) { struct sockaddr_storage ss = {0}; @@ -3893,12 +3893,12 @@ static bool mmdb_lookup(const IPAddr& addr, MMDB_lookup_result_s& result, return result.found_entry; } -static bool mmdb_lookup_loc(const IPAddr& addr, MMDB_lookup_result_s& result) +static bool mmdb_lookup_loc(const zeek::IPAddr& addr, MMDB_lookup_result_s& result) { return mmdb_lookup(addr, result, false); } -static bool mmdb_lookup_asn(const IPAddr& addr, MMDB_lookup_result_s& result) +static bool mmdb_lookup_asn(const zeek::IPAddr& addr, MMDB_lookup_result_s& result) { return mmdb_lookup(addr, result, true); }