Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move IP Addr/Prefix/Header classes into namespaces

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-07-16 16:26:22 -07:00
parent 35c61697d9
commit 25c0fc7ab2
100 changed files with 495 additions and 460 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/CompHash.cc
View file

@ -817,7 +817,7 @@ const char* CompositeHash::RecoverOneVal(
const uint32_t* const kp = AlignType<uint32_t>(kp0);
kp1 = reinterpret_cast<const char*>(kp+4);
IPAddr addr(IPv6, kp, IPAddr::Network);
zeek::IPAddr addr(IPv6, kp, zeek::IPAddr::Network);
switch ( tag ) {
case zeek::TYPE_ADDR:

6
src/Conn.cc
View file

@ -57,7 +57,7 @@ void ConnectionTimer::Dispatch(double t, bool is_expire)
uint64_t Connection::total_connections = 0;
uint64_t Connection::current_connections = 0;
Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id,
Connection::Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
uint32_t flow, const Packet* pkt,
const EncapsulationStack* arg_encap)
{
@ -183,7 +183,7 @@ void Connection::Done()
}
void Connection::NextPacket(double t, bool is_orig,
const IP_Hdr* ip, int len, int caplen,
const zeek::IP_Hdr* ip, int len, int caplen,
const u_char*& data,
int& record_packet, int& record_content,
// arguments for reproducing packets
@ -577,7 +577,7 @@ void Connection::CancelTimers()
void Connection::FlipRoles()
{
IPAddr tmp_addr = resp_addr;
zeek::IPAddr tmp_addr = resp_addr;
resp_addr = orig_addr;
orig_addr = tmp_addr;

24
src/Conn.h
View file

@ -50,22 +50,22 @@ typedef enum {
typedef void (Connection::*timer_func)(double t);
struct ConnID {
IPAddr src_addr;
IPAddr dst_addr;
zeek::IPAddr src_addr;
zeek::IPAddr dst_addr;
uint32_t src_port;
uint32_t dst_port;
bool is_one_way; // if true, don't canonicalize order
};
static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1,
const IPAddr& addr2, uint32_t p2)
static inline int addr_port_canon_lt(const zeek::IPAddr& addr1, uint32_t p1,
const zeek::IPAddr& addr2, uint32_t p2)
{
return addr1 < addr2 || (addr1 == addr2 && p1 < p2);
}
class Connection final : public zeek::Obj {
public:
Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnID* id,
Connection(NetSessions* s, const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
uint32_t flow, const Packet* pkt, const EncapsulationStack* arg_encap);
~Connection() override;
@ -92,7 +92,7 @@ public:
// be recorded, otherwise just up through the transport header.
// Both are assumed set to true when called.
void NextPacket(double t, bool is_orig,
const IP_Hdr* ip, int len, int caplen,
const zeek::IP_Hdr* ip, int len, int caplen,
const u_char*& data,
int& record_packet, int& record_content,
// arguments for reproducing packets
@ -101,7 +101,7 @@ public:
// Keys are only considered valid for a connection when a
// connection is in the session map. If it is removed, the key
// should be marked invalid.
const ConnIDKey& Key() const { return key; }
const zeek::detail::ConnIDKey& Key() const { return key; }
void ClearKey() { key_valid = false; }
bool IsKeyValid() const { return key_valid; }
@ -110,8 +110,8 @@ public:
double LastTime() const { return last_time; }
void SetLastTime(double t) { last_time = t; }
const IPAddr& OrigAddr() const { return orig_addr; }
const IPAddr& RespAddr() const { return resp_addr; }
const zeek::IPAddr& OrigAddr() const { return orig_addr; }
const zeek::IPAddr& RespAddr() const { return resp_addr; }
uint32_t OrigPort() const { return orig_port; }
uint32_t RespPort() const { return resp_port; }
@ -344,13 +344,13 @@ protected:
void RemoveConnectionTimer(double t);
NetSessions* sessions;
ConnIDKey key;
zeek::detail::ConnIDKey key;
bool key_valid;
timer_list timers;
IPAddr orig_addr;
IPAddr resp_addr;
zeek::IPAddr orig_addr;
zeek::IPAddr resp_addr;
uint32_t orig_port, resp_port; // in network order
TransportProto proto;
uint32_t orig_flow_label, resp_flow_label; // most recent IPv6 flow labels

52
src/DNS_Mgr.cc
View file

@ -60,7 +60,7 @@ public:
request_pending()
{ }
DNS_Mgr_Request(const IPAddr& a)
DNS_Mgr_Request(const zeek::IPAddr& a)
: host(), fam(), qtype(), addr(a), request_pending()
{ }
@ -68,7 +68,7 @@ public:
// Returns nil if this was an address request.
const char* ReqHost() const { return host; }
const IPAddr& ReqAddr() const { return addr; }
const zeek::IPAddr& ReqAddr() const { return addr; }
bool ReqIsTxt() const { return qtype == 16; }
int MakeRequest(nb_dns_info* nb_dns);
@ -80,7 +80,7 @@ protected:
char* host; // if non-nil, this is a host request
int fam; // address family query type for host requests
int qtype; // Query type
IPAddr addr;
zeek::IPAddr addr;
int request_pending;
};
@ -106,7 +106,7 @@ int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns)
class DNS_Mapping {
public:
DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl);
DNS_Mapping(const IPAddr& addr, struct hostent* h, uint32_t ttl);
DNS_Mapping(const zeek::IPAddr& addr, struct hostent* h, uint32_t ttl);
DNS_Mapping(FILE* f);
bool NoMapping() const { return no_mapping; }
@ -116,7 +116,7 @@ public:
// Returns nil if this was an address request.
const char* ReqHost() const { return req_host; }
IPAddr ReqAddr() const { return req_addr; }
zeek::IPAddr ReqAddr() const { return req_addr; }
string ReqStr() const
{
return req_host ? req_host : req_addr.AsString();
@ -150,7 +150,7 @@ protected:
void Clear();
char* req_host;
IPAddr req_addr;
zeek::IPAddr req_addr;
uint32_t req_ttl;
int num_names;
@ -158,7 +158,7 @@ protected:
zeek::StringValPtr host_val;
int num_addrs;
IPAddr* addrs;
zeek::IPAddr* addrs;
zeek::ListValPtr addrs_val;
double creation_time;
@ -192,7 +192,7 @@ DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl)
names[0] = copy_string(host);
}
DNS_Mapping::DNS_Mapping(const IPAddr& addr, struct hostent* h, uint32_t ttl)
DNS_Mapping::DNS_Mapping(const zeek::IPAddr& addr, struct hostent* h, uint32_t ttl)
{
Init(h);
req_addr = addr;
@ -231,7 +231,7 @@ DNS_Mapping::DNS_Mapping(FILE* f)
if ( is_req_host )
req_host = copy_string(req_buf);
else
req_addr = IPAddr(req_buf);
req_addr = zeek::IPAddr(req_buf);
num_names = 1;
names = new char*[num_names];
@ -239,7 +239,7 @@ DNS_Mapping::DNS_Mapping(FILE* f)
if ( num_addrs > 0 )
{
addrs = new IPAddr[num_addrs];
addrs = new zeek::IPAddr[num_addrs];
for ( int i = 0; i < num_addrs; ++i )
{
@ -253,7 +253,7 @@ DNS_Mapping::DNS_Mapping(FILE* f)
if ( newline )
*newline = '\0';
addrs[i] = IPAddr(buf);
addrs[i] = zeek::IPAddr(buf);
}
}
else
@ -336,14 +336,14 @@ void DNS_Mapping::Init(struct hostent* h)
if ( num_addrs > 0 )
{
addrs = new IPAddr[num_addrs];
addrs = new zeek::IPAddr[num_addrs];
for ( int i = 0; i < num_addrs; ++i )
if ( h->h_addrtype == AF_INET )
addrs[i] = IPAddr(IPv4, (uint32_t*)h->h_addr_list[i],
IPAddr::Network);
addrs[i] = zeek::IPAddr(IPv4, (uint32_t*)h->h_addr_list[i],
zeek::IPAddr::Network);
else if ( h->h_addrtype == AF_INET6 )
addrs[i] = IPAddr(IPv6, (uint32_t*)h->h_addr_list[i],
IPAddr::Network);
addrs[i] = zeek::IPAddr(IPv6, (uint32_t*)h->h_addr_list[i],
zeek::IPAddr::Network);
}
else
addrs = nullptr;
@ -410,10 +410,10 @@ void DNS_Mgr::InitSource()
// configured to the user's desired address at the time when we need to to
// the lookup.
auto dns_resolver = zeekenv("ZEEK_DNS_RESOLVER");
auto dns_resolver_addr = dns_resolver ? IPAddr(dns_resolver) : IPAddr();
auto dns_resolver_addr = dns_resolver ? zeek::IPAddr(dns_resolver) : zeek::IPAddr();
char err[NB_DNS_ERRSIZE];
if ( dns_resolver_addr == IPAddr() )
if ( dns_resolver_addr == zeek::IPAddr() )
nb_dns = nb_dns_init(err);
else
{
@ -477,7 +477,7 @@ static const char* fake_text_lookup_result(const char* name)
return tmp;
}
static const char* fake_addr_lookup_result(const IPAddr& addr)
static const char* fake_addr_lookup_result(const zeek::IPAddr& addr)
{
static char tmp[128];
snprintf(tmp, sizeof(tmp), "fake_addr_lookup_result_%s",
@ -542,7 +542,7 @@ zeek::TableValPtr DNS_Mgr::LookupHost(const char* name)
}
}
zeek::ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
zeek::ValPtr DNS_Mgr::LookupAddr(const zeek::IPAddr& addr)
{
InitSource();
@ -876,12 +876,12 @@ zeek::ListValPtr DNS_Mgr::AddrListDelta(zeek::ListVal* al1, zeek::ListVal* al2)
for ( int i = 0; i < al1->Length(); ++i )
{
const IPAddr& al1_i = al1->Idx(i)->AsAddr();
const zeek::IPAddr& al1_i = al1->Idx(i)->AsAddr();
int j;
for ( j = 0; j < al2->Length(); ++j )
{
const IPAddr& al2_j = al2->Idx(j)->AsAddr();
const zeek::IPAddr& al2_j = al2->Idx(j)->AsAddr();
if ( al1_i == al2_j )
break;
}
@ -898,7 +898,7 @@ void DNS_Mgr::DumpAddrList(FILE* f, zeek::ListVal* al)
{
for ( int i = 0; i < al->Length(); ++i )
{
const IPAddr& al_i = al->Idx(i)->AsAddr();
const zeek::IPAddr& al_i = al->Idx(i)->AsAddr();
fprintf(f, "%s%s", i > 0 ? "," : "", al_i.AsString().c_str());
}
}
@ -959,7 +959,7 @@ void DNS_Mgr::Save(FILE* f, const HostMap& m)
}
}
const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr)
const char* DNS_Mgr::LookupAddrInCache(const zeek::IPAddr& addr)
{
AddrMap::iterator it = addr_mappings.find(addr);
@ -1043,7 +1043,7 @@ static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback,
delete callback;
}
void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback)
void DNS_Mgr::AsyncLookupAddr(const zeek::IPAddr& host, LookupCallback* callback)
{
InitSource();
@ -1209,7 +1209,7 @@ void DNS_Mgr::IssueAsyncRequests()
}
}
void DNS_Mgr::CheckAsyncAddrRequest(const IPAddr& addr, bool timeout)
void DNS_Mgr::CheckAsyncAddrRequest(const zeek::IPAddr& addr, bool timeout)
{
// Note that this code is a mirror of that for CheckAsyncHostRequest.

14
src/DNS_Mgr.h
View file

@ -57,7 +57,7 @@ public:
// a set of addr.
zeek::TableValPtr LookupHost(const char* host);
zeek::ValPtr LookupAddr(const IPAddr& addr);
zeek::ValPtr LookupAddr(const zeek::IPAddr& addr);
// Define the directory where to store the data.
void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); }
@ -66,7 +66,7 @@ public:
void Resolve();
bool Save();
const char* LookupAddrInCache(const IPAddr& addr);
const char* LookupAddrInCache(const zeek::IPAddr& addr);
zeek::TableValPtr LookupNameInCache(const std::string& name);
const char* LookupTextInCache(const std::string& name);
@ -81,7 +81,7 @@ public:
virtual void Timeout() = 0;
};
void AsyncLookupAddr(const IPAddr& host, LookupCallback* callback);
void AsyncLookupAddr(const zeek::IPAddr& host, LookupCallback* callback);
void AsyncLookupName(const std::string& name, LookupCallback* callback);
void AsyncLookupNameText(const std::string& name, LookupCallback* callback);
@ -116,7 +116,7 @@ protected:
void DumpAddrList(FILE* f, zeek::ListVal* al);
typedef std::map<std::string, std::pair<DNS_Mapping*, DNS_Mapping*> > HostMap;
typedef std::map<IPAddr, DNS_Mapping*> AddrMap;
typedef std::map<zeek::IPAddr, DNS_Mapping*> AddrMap;
typedef std::map<std::string, DNS_Mapping*> TextMap;
void LoadCache(FILE* f);
void Save(FILE* f, const AddrMap& m);
@ -132,7 +132,7 @@ protected:
// Finish the request if we have a result. If not, time it out if
// requested.
void CheckAsyncAddrRequest(const IPAddr& addr, bool timeout);
void CheckAsyncAddrRequest(const zeek::IPAddr& addr, bool timeout);
void CheckAsyncHostRequest(const char* host, bool timeout);
void CheckAsyncTextRequest(const char* host, bool timeout);
@ -162,7 +162,7 @@ protected:
struct AsyncRequest {
double time;
IPAddr host;
zeek::IPAddr host;
std::string name;
CallbackList callbacks;
bool is_txt;
@ -210,7 +210,7 @@ protected:
};
typedef std::map<IPAddr, AsyncRequest*> AsyncRequestAddrMap;
typedef std::map<zeek::IPAddr, AsyncRequest*> AsyncRequestAddrMap;
AsyncRequestAddrMap asyncs_addrs;
typedef std::map<std::string, AsyncRequest*> AsyncRequestNameMap;

4
src/Desc.cc
View file

@ -178,12 +178,12 @@ void ODesc::Add(double d, bool no_exp)
}
}
void ODesc::Add(const IPAddr& addr)
void ODesc::Add(const zeek::IPAddr& addr)
{
Add(addr.AsString());
}
void ODesc::Add(const IPPrefix& prefix)
void ODesc::Add(const zeek::IPPrefix& prefix)
{
Add(prefix.AsString());
}

9
src/Desc.h
View file

@ -23,8 +23,9 @@ typedef enum {
} desc_style;
class BroFile;
class IPAddr;
class IPPrefix;
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek);
namespace zeek { class Type; }
using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type;
@ -87,8 +88,8 @@ public:
void Add(int64_t i);
void Add(uint64_t u);
void Add(double d, bool no_exp=false);
void Add(const IPAddr& addr);
void Add(const IPPrefix& prefix);
void Add(const zeek::IPAddr& addr);
void Add(const zeek::IPPrefix& prefix);
// Add s as a counted string.
void AddCS(const char* s);

2
src/Discard.cc
View file

@ -33,7 +33,7 @@ bool Discarder::IsActive()
return check_ip || check_tcp || check_udp || check_icmp;
}
bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
bool Discarder::NextPacket(const zeek::IP_Hdr* ip, int len, int caplen)
{
bool discard_packet = false;

5
src/Discard.h
View file

@ -6,8 +6,7 @@
#include "IntrusivePtr.h"
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
@ -22,7 +21,7 @@ public:
bool IsActive();
bool NextPacket(const IP_Hdr* ip, int len, int caplen);
bool NextPacket(const zeek::IP_Hdr* ip, int len, int caplen);
protected:
zeek::Val* BuildData(const u_char* data, int hdrlen, int len, int caplen);

14
src/Frag.cc
View file

@ -27,7 +27,7 @@ void FragTimer::Dispatch(double t, bool /* is_expire */)
}
FragReassembler::FragReassembler(NetSessions* arg_s,
const IP_Hdr* ip, const u_char* pkt,
const zeek::IP_Hdr* ip, const u_char* pkt,
const FragReassemblerKey& k, double t)
: Reassembler(0, REASSEM_FRAG)
{
@ -71,7 +71,7 @@ FragReassembler::~FragReassembler()
delete reassembled_pkt;
}
void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt)
void FragReassembler::AddFragment(double t, const zeek::IP_Hdr* ip, const u_char* pkt)
{
const struct ip* ip4 = ip->IP4_Hdr();
@ -161,13 +161,13 @@ void FragReassembler::Weird(const char* name) const
if ( version == 4 )
{
IP_Hdr hdr((const ip*)proto_hdr, false);
zeek::IP_Hdr hdr((const ip*)proto_hdr, false);
s->Weird(name, &hdr);
}
else if ( version == 6 )
{
IP_Hdr hdr((const ip6_hdr*)proto_hdr, false, proto_hdr_len);
zeek::IP_Hdr hdr((const ip6_hdr*)proto_hdr, false, proto_hdr_len);
s->Weird(name, &hdr);
}
@ -293,7 +293,7 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
{
struct ip* reassem4 = (struct ip*) pkt_start;
reassem4->ip_len = htons(frag_size + proto_hdr_len);
reassembled_pkt = new IP_Hdr(reassem4, true);
reassembled_pkt = new zeek::IP_Hdr(reassem4, true);
DeleteTimer();
}
@ -301,8 +301,8 @@ void FragReassembler::BlockInserted(DataBlockMap::const_iterator /* it */)
{
struct ip6_hdr* reassem6 = (struct ip6_hdr*) pkt_start;
reassem6->ip6_plen = htons(frag_size + proto_hdr_len - 40);
const IPv6_Hdr_Chain* chain = new IPv6_Hdr_Chain(reassem6, next_proto, n);
reassembled_pkt = new IP_Hdr(reassem6, true, n, chain);
const zeek::IPv6_Hdr_Chain* chain = new zeek::IPv6_Hdr_Chain(reassem6, next_proto, n);
reassembled_pkt = new zeek::IP_Hdr(reassem6, true, n, chain);
DeleteTimer();
}

12
src/Frag.h
View file

@ -13,28 +13,28 @@
class HashKey;
class NetSessions;
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
class FragReassembler;
class FragTimer;
typedef void (FragReassembler::*frag_timer_func)(double t);
using FragReassemblerKey = std::tuple<IPAddr, IPAddr, bro_uint_t>;
using FragReassemblerKey = std::tuple<zeek::IPAddr, zeek::IPAddr, bro_uint_t>;
class FragReassembler : public Reassembler {
public:
FragReassembler(NetSessions* s, const IP_Hdr* ip, const u_char* pkt,
FragReassembler(NetSessions* s, const zeek::IP_Hdr* ip, const u_char* pkt,
const FragReassemblerKey& k, double t);
~FragReassembler() override;
void AddFragment(double t, const IP_Hdr* ip, const u_char* pkt);
void AddFragment(double t, const zeek::IP_Hdr* ip, const u_char* pkt);
void Expire(double t);
void DeleteTimer();
void ClearTimer() { expire_timer = nullptr; }
const IP_Hdr* ReassembledPkt() { return reassembled_pkt; }
const zeek::IP_Hdr* ReassembledPkt() { return reassembled_pkt; }
const FragReassemblerKey& Key() const { return key; }
protected:
@ -43,7 +43,7 @@ protected:
void Weird(const char* name) const;
u_char* proto_hdr;
IP_Hdr* reassembled_pkt;
zeek::IP_Hdr* reassembled_pkt;
NetSessions* s;
uint64_t frag_size; // size of fully reassembled fragment
FragReassemblerKey key;

4
src/IP.cc
View file

@ -49,6 +49,8 @@ static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len)
return vv;
}
namespace zeek {
zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
{
zeek::RecordValPtr rv;
@ -782,3 +784,5 @@ IPv6_Hdr_Chain* IPv6_Hdr_Chain::Copy(const ip6_hdr* new_hdr) const
return rval;
}
} // namespace zeek

34
src/IP.h
View file

@ -16,15 +16,15 @@
#include "IntrusivePtr.h"
class IPAddr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
class FragReassembler;
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
using VectorValPtr = zeek::IntrusivePtr<VectorVal>;
}
#ifdef ENABLE_MOBILE_IPV6
@ -222,14 +222,14 @@ public:
* option as defined by Mobile IPv6 (RFC 6275), then return it, else
* return the source address in the main IPv6 header.
*/
IPAddr SrcAddr() const;
zeek::IPAddr SrcAddr() const;
/**
* If the chain contains a Routing header with non-zero segments left,
* then return the last address of the first such header, else return
* the destination address of the main IPv6 header.
*/
IPAddr DstAddr() const;
zeek::IPAddr DstAddr() const;
/**
* Returns a vector of ip6_ext_hdr RecordVals that includes script-layer
@ -243,7 +243,7 @@ public:
protected:
// for access to protected ctor that changes next header values that
// point to a fragment
friend class FragReassembler;
friend class ::FragReassembler;
IPv6_Hdr_Chain() = default;
@ -287,14 +287,14 @@ protected:
/**
* Home Address of the packet's source as defined by Mobile IPv6 (RFC 6275).
*/
IPAddr* homeAddr = nullptr;
zeek::IPAddr* homeAddr = nullptr;
#endif
/**
* The final destination address in chain's first Routing header that has
* non-zero segments left.
*/
IPAddr* finalDst = nullptr;
zeek::IPAddr* finalDst = nullptr;
};
/**
@ -366,19 +366,19 @@ public:
/**
* Returns the source address held in the IP header.
*/
IPAddr IPHeaderSrcAddr() const;
zeek::IPAddr IPHeaderSrcAddr() const;
/**
* Returns the destination address held in the IP header.
*/
IPAddr IPHeaderDstAddr() const;
zeek::IPAddr IPHeaderDstAddr() const;
/**
* For IPv4 or IPv6 headers that don't contain a Home Address option
* (Mobile IPv6, RFC 6275), return source address held in the IP header.
* For IPv6 headers that contain a Home Address option, return that address.
*/
IPAddr SrcAddr() const;
zeek::IPAddr SrcAddr() const;
/**
* For IPv4 or IPv6 headers that don't contain a Routing header with
@ -386,7 +386,7 @@ public:
* For IPv6 headers with a Routing header that has non-zero segments left,
* return the last address in the first such Routing header.
*/
IPAddr DstAddr() const;
zeek::IPAddr DstAddr() const;
/**
* Returns a pointer to the payload of the IP packet, usually an
@ -561,3 +561,13 @@ private:
const IPv6_Hdr_Chain* ip6_hdrs = nullptr;
bool del;
};
} // namespace zeek
#ifdef ENABLE_MOBILE_IPV6
using ip6_mobility [[deprecated("Remove in v4.1. Use zeek::ip6_mobility.")]] = zeek::ip6_mobility;
#endif
using IPv6_Hdr [[deprecated("Remove in v4.1. Use zeek::IPv6_Hdr.")]] = zeek::IPv6_Hdr;
using IPv6_Hdr_Chain [[deprecated("Remove in v4.1. Use zeek::IPv6_Hdr_Chain.")]] = zeek::IPv6_Hdr_Chain;
using IP_Hdr [[deprecated("Remove in v4.1. Use zeek::IP_Hdr.")]] = zeek::IP_Hdr;

12
src/IPAddr.cc
View file

@ -12,15 +12,15 @@
#include "analyzer/Manager.h"
const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0,
constexpr uint8_t zeek::IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0xff, 0xff };
const IPAddr IPAddr::v4_unspecified = IPAddr(in4_addr{});
const zeek::IPAddr zeek::IPAddr::v4_unspecified = zeek::IPAddr(in4_addr{});
const IPAddr IPAddr::v6_unspecified = IPAddr();
const zeek::IPAddr zeek::IPAddr::v6_unspecified = zeek::IPAddr();
ConnIDKey BuildConnIDKey(const ConnID& id)
zeek::detail::ConnIDKey zeek::detail::BuildConnIDKey(const ConnID& id)
{
ConnIDKey key;
@ -47,6 +47,8 @@ ConnIDKey BuildConnIDKey(const ConnID& id)
return key;
}
namespace zeek {
IPAddr::IPAddr(const zeek::String& s)
{
Init(s.CheckString());
@ -345,3 +347,5 @@ bool IPPrefix::ConvertString(const char* text, IPPrefix* result)
*result = IPPrefix(ip, len);
return true;
}
} // namespace zeek

25
src/IPAddr.h
View file

@ -19,6 +19,9 @@ namespace analyzer { class ExpectedConn; }
typedef in_addr in4_addr;
namespace zeek {
namespace detail {
struct ConnIDKey {
in6_addr ip1;
in6_addr ip2;
@ -43,6 +46,13 @@ struct ConnIDKey {
}
};
/**
* Returns a map key for a given ConnID.
*/
ConnIDKey BuildConnIDKey(const ConnID& id);
} // namespace detail
/**
* Class storing both IPv4 and IPv6 addresses.
*/
@ -382,7 +392,7 @@ public:
*/
void ConvertToThreadingValue(threading::Value::addr_t* v) const;
friend ConnIDKey BuildConnIDKey(const ConnID& id);
friend detail::ConnIDKey detail::BuildConnIDKey(const ConnID& id);
unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
@ -514,11 +524,6 @@ inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const
}
}
/**
* Returns a map key for a given ConnID.
*/
ConnIDKey BuildConnIDKey(const ConnID& id);
/**
* Class storing both IPv4 and IPv6 prefixes
* (i.e., \c 192.168.1.1/16 and \c FD00::/8.
@ -721,3 +726,11 @@ private:
IPAddr prefix; // We store it as an address with the non-prefix bits masked out via Mask().
uint8_t length = 0; // The bit length of the prefix relative to full IPv6 addr.
};
} // namespace zeek
using ConnIDKey [[deprecated("Remove in v4.1. Use zeek::detail::ConnIDKey.")]] = zeek::detail::ConnIDKey;
using IPAddr [[deprecated("Remove in v4.1. Use zeek::IPAddr.")]] = zeek::IPAddr;
using IPPrefix [[deprecated("Remove in v4.1. Use zeek::IPPrefix.")]] = zeek::IPPrefix;
constexpr auto BuildConnIDKey [[deprecated("Remove in v4.1. Use zeek::detail::BuildConnIDKey.")]] = zeek::detail::BuildConnIDKey;

12
src/PacketFilter.cc
View file

@ -14,7 +14,7 @@ PacketFilter::PacketFilter(bool arg_default)
dst_filter.SetDeleteFunction(PacketFilter::DeleteFilter);
}
void PacketFilter::AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability)
void PacketFilter::AddSrc(const zeek::IPAddr& src, uint32_t tcp_flags, double probability)
{
Filter* f = new Filter;
f->tcp_flags = tcp_flags;
@ -32,7 +32,7 @@ void PacketFilter::AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability
delete prev;
}
void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probability)
void PacketFilter::AddDst(const zeek::IPAddr& dst, uint32_t tcp_flags, double probability)
{
Filter* f = new Filter;
f->tcp_flags = tcp_flags;
@ -50,7 +50,7 @@ void PacketFilter::AddDst(zeek::Val* dst, uint32_t tcp_flags, double probability
delete prev;
}
bool PacketFilter::RemoveSrc(const IPAddr& src)
bool PacketFilter::RemoveSrc(const zeek::IPAddr& src)
{
auto f = static_cast<Filter*>(src_filter.Remove(src, 128));
delete f;
@ -64,7 +64,7 @@ bool PacketFilter::RemoveSrc(zeek::Val* src)
return f != nullptr;
}
bool PacketFilter::RemoveDst(const IPAddr& dst)
bool PacketFilter::RemoveDst(const zeek::IPAddr& dst)
{
auto f = static_cast<Filter*>(dst_filter.Remove(dst, 128));
delete f;
@ -78,7 +78,7 @@ bool PacketFilter::RemoveDst(zeek::Val* dst)
return f != nullptr;
}
bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen)
bool PacketFilter::Match(const zeek::IP_Hdr* ip, int len, int caplen)
{
Filter* f = (Filter*) src_filter.Lookup(ip->SrcAddr(), 128);
if ( f )
@ -91,7 +91,7 @@ bool PacketFilter::Match(const IP_Hdr* ip, int len, int caplen)
return default_match;
}
bool PacketFilter::MatchFilter(const Filter& f, const IP_Hdr& ip,
bool PacketFilter::MatchFilter(const Filter& f, const zeek::IP_Hdr& ip,
int len, int caplen)
{
if ( ip.NextProto() == IPPROTO_TCP && f.tcp_flags )

14
src/PacketFilter.h
View file

@ -5,7 +5,7 @@
#include "IPAddr.h"
#include "PrefixTable.h"
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class PacketFilter {
@ -16,20 +16,20 @@ public:
// Drops all packets from a particular source (which may be given
// as an AddrVal or a SubnetVal) which hasn't any of TCP flags set
// (TH_*) with the given probability (from 0..MAX_PROB).
void AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability);
void AddSrc(const zeek::IPAddr& src, uint32_t tcp_flags, double probability);
void AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability);
void AddDst(const IPAddr& src, uint32_t tcp_flags, double probability);
void AddDst(const zeek::IPAddr& src, uint32_t tcp_flags, double probability);
void AddDst(zeek::Val* src, uint32_t tcp_flags, double probability);
// Removes the filter entry for the given src/dst
// Returns false if filter doesn not exist.
bool RemoveSrc(const IPAddr& src);
bool RemoveSrc(const zeek::IPAddr& src);
bool RemoveSrc(zeek::Val* dst);
bool RemoveDst(const IPAddr& dst);
bool RemoveDst(const zeek::IPAddr& dst);
bool RemoveDst(zeek::Val* dst);
// Returns true if packet matches a drop filter
bool Match(const IP_Hdr* ip, int len, int caplen);
bool Match(const zeek::IP_Hdr* ip, int len, int caplen);
private:
struct Filter {
@ -39,7 +39,7 @@ private:
static void DeleteFilter(void* data);
bool MatchFilter(const Filter& f, const IP_Hdr& ip, int len, int caplen);
bool MatchFilter(const Filter& f, const zeek::IP_Hdr& ip, int len, int caplen);
bool default_match;
PrefixTable src_filter;

18
src/PrefixTable.cc
View file

@ -2,7 +2,7 @@
#include "Reporter.h"
#include "Val.h"
prefix_t* PrefixTable::MakePrefix(const IPAddr& addr, int width)
prefix_t* PrefixTable::MakePrefix(const zeek::IPAddr& addr, int width)
{
prefix_t* prefix = (prefix_t*) safe_malloc(sizeof(prefix_t));
@ -14,12 +14,12 @@ prefix_t* PrefixTable::MakePrefix(const IPAddr& addr, int width)
return prefix;
}
IPPrefix PrefixTable::PrefixToIPPrefix(prefix_t* prefix)
zeek::IPPrefix PrefixTable::PrefixToIPPrefix(prefix_t* prefix)
{
return IPPrefix(IPAddr(IPv6, reinterpret_cast<const uint32_t*>(&prefix->add.sin6), IPAddr::Network), prefix->bitlen, true);
return zeek::IPPrefix(zeek::IPAddr(IPv6, reinterpret_cast<const uint32_t*>(&prefix->add.sin6), zeek::IPAddr::Network), prefix->bitlen, true);
}
void* PrefixTable::Insert(const IPAddr& addr, int width, void* data)
void* PrefixTable::Insert(const zeek::IPAddr& addr, int width, void* data)
{
prefix_t* prefix = MakePrefix(addr, width);
patricia_node_t* node = patricia_lookup(tree, prefix);
@ -63,9 +63,9 @@ void* PrefixTable::Insert(const zeek::Val* value, void* data)
}
}
std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const IPAddr& addr, int width) const
std::list<std::tuple<zeek::IPPrefix,void*>> PrefixTable::FindAll(const zeek::IPAddr& addr, int width) const
{
std::list<std::tuple<IPPrefix,void*>> out;
std::list<std::tuple<zeek::IPPrefix,void*>> out;
prefix_t* prefix = MakePrefix(addr, width);
int elems = 0;
@ -81,12 +81,12 @@ std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const IPAddr& addr, i
return out;
}
std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const zeek::SubNetVal* value) const
std::list<std::tuple<zeek::IPPrefix,void*>> PrefixTable::FindAll(const zeek::SubNetVal* value) const
{
return FindAll(value->AsSubNet().Prefix(), value->AsSubNet().LengthIPv6());
}
void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const
void* PrefixTable::Lookup(const zeek::IPAddr& addr, int width, bool exact) const
{
prefix_t* prefix = MakePrefix(addr, width);
patricia_node_t* node =
@ -124,7 +124,7 @@ void* PrefixTable::Lookup(const zeek::Val* value, bool exact) const
}
}
void* PrefixTable::Remove(const IPAddr& addr, int width)
void* PrefixTable::Remove(const zeek::IPAddr& addr, int width)
{
prefix_t* prefix = MakePrefix(addr, width);
patricia_node_t* node = patricia_search_exact(tree, prefix);

14
src/PrefixTable.h
View file

@ -27,7 +27,7 @@ public:
// Addr in network byte order. If data is zero, acts like a set.
// Returns ptr to old data if already existing.
// For existing items without data, returns non-nil if found.
void* Insert(const IPAddr& addr, int width, void* data = nullptr);
void* Insert(const zeek::IPAddr& addr, int width, void* data = nullptr);
// Value may be addr or subnet.
void* Insert(const zeek::Val* value, void* data = nullptr);
@ -35,15 +35,15 @@ public:
// Returns nil if not found, pointer to data otherwise.
// For items without data, returns non-nil if found.
// If exact is false, performs exact rather than longest-prefix match.
void* Lookup(const IPAddr& addr, int width, bool exact = false) const;
void* Lookup(const zeek::IPAddr& addr, int width, bool exact = false) const;
void* Lookup(const zeek::Val* value, bool exact = false) const;
// Returns list of all found matches or empty list otherwise.
std::list<std::tuple<IPPrefix,void*>> FindAll(const IPAddr& addr, int width) const;
std::list<std::tuple<IPPrefix,void*>> FindAll(const zeek::SubNetVal* value) const;
std::list<std::tuple<zeek::IPPrefix, void*>> FindAll(const zeek::IPAddr& addr, int width) const;
std::list<std::tuple<zeek::IPPrefix, void*>> FindAll(const zeek::SubNetVal* value) const;
// Returns pointer to data or nil if not found.
void* Remove(const IPAddr& addr, int width);
void* Remove(const zeek::IPAddr& addr, int width);
void* Remove(const zeek::Val* value);
void Clear() { Clear_Patricia(tree, delete_function); }
@ -55,8 +55,8 @@ public:
void* GetNext(iterator* i);
private:
static prefix_t* MakePrefix(const IPAddr& addr, int width);
static IPPrefix PrefixToIPPrefix(prefix_t* p);
static prefix_t* MakePrefix(const zeek::IPAddr& addr, int width);
static zeek::IPPrefix PrefixToIPPrefix(prefix_t* p);
patricia_tree_t* tree;
data_fn_t delete_function;

8
src/Reporter.cc
View file

@ -260,7 +260,7 @@ public:
class FlowWeirdTimer final : public Timer {
public:
using IPPair = std::pair<IPAddr, IPAddr>;
using IPPair = std::pair<zeek::IPAddr, zeek::IPAddr>;
FlowWeirdTimer(double t, IPPair p, double timeout)
: Timer(t + timeout, TIMER_FLOW_WEIRD_EXPIRE), endpoints(std::move(p))
@ -292,7 +292,7 @@ void Reporter::ResetNetWeird(const std::string& name)
net_weird_state.erase(name);
}
void Reporter::ResetFlowWeird(const IPAddr& orig, const IPAddr& resp)
void Reporter::ResetFlowWeird(const zeek::IPAddr& orig, const zeek::IPAddr& resp)
{
flow_weird_state.erase(std::make_pair(orig, resp));
}
@ -322,7 +322,7 @@ bool Reporter::PermitNetWeird(const char* name)
}
bool Reporter::PermitFlowWeird(const char* name,
const IPAddr& orig, const IPAddr& resp)
const zeek::IPAddr& orig, const zeek::IPAddr& resp)
{
auto endpoints = std::make_pair(orig, resp);
auto& map = flow_weird_state[endpoints];
@ -432,7 +432,7 @@ void Reporter::Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid,
"%s", name);
}
void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl)
void Reporter::Weird(const zeek::IPAddr& orig, const zeek::IPAddr& resp, const char* name, const char* addl)
{
UpdateWeirdStats(name);

13
src/Reporter.h
View file

@ -30,6 +30,7 @@ using StringValPtr = zeek::IntrusivePtr<StringVal>;
}
ZEEK_FORWARD_DECLARE_NAMESPACED(Location, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
// One cannot raise this exception directly, go through the
// Reporter's methods instead.
@ -46,16 +47,14 @@ protected:
InterpreterException() {}
};
class IPAddr;
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
#define FMT_ATTR __attribute__((format(printf, 2, 3))) // sic! 1st is "this" I guess.
class Reporter {
public:
using IPPair = std::pair<IPAddr, IPAddr>;
using ConnTuple = std::tuple<IPAddr, IPAddr, uint32_t, uint32_t, TransportProto>;
using IPPair = std::pair<zeek::IPAddr, zeek::IPAddr>;
using ConnTuple = std::tuple<zeek::IPAddr, zeek::IPAddr, uint32_t, uint32_t, TransportProto>;
using WeirdCountMap = std::unordered_map<std::string, uint64_t>;
using WeirdFlowMap = std::map<IPPair, WeirdCountMap>;
using WeirdConnTupleMap = std::map<ConnTuple, WeirdCountMap>;
@ -104,7 +103,7 @@ public:
void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird().
void Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid,
const char* name, const char* addl = ""); // Raises expired_conn_weird().
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird().
void Weird(const zeek::IPAddr& orig, const zeek::IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird().
// Syslog a message. This methods does nothing if we're running
// offline from a trace.
@ -155,7 +154,7 @@ public:
/**
* Reset/cleanup state tracking for a "flow" weird.
*/
void ResetFlowWeird(const IPAddr& orig, const IPAddr& resp);
void ResetFlowWeird(const zeek::IPAddr& orig, const zeek::IPAddr& resp);
/**
* Reset/cleanup state tracking for a "expired conn" weird.
@ -274,7 +273,7 @@ private:
inline bool WeirdOnSamplingWhiteList(const char* name)
{ return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end(); }
bool PermitNetWeird(const char* name);
bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r);
bool PermitFlowWeird(const char* name, const zeek::IPAddr& o, const zeek::IPAddr& r);
bool PermitExpiredConnWeird(const char* name, const zeek::RecordVal& conn_id);
bool EmitToStderr(bool flag)

34
src/RuleMatcher.cc
View file

@ -61,7 +61,7 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, uint32_t arg_offset, uint32_t arg_size,
level = 0;
}
RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<IPPrefix> arg_v)
RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<zeek::IPPrefix> arg_v)
{
prot = arg_prot;
offset = 0;
@ -503,12 +503,12 @@ static inline bool match_or(const maskedvalue_list& mvals, uint32_t v, FuncT com
// Evaluate a prefix list (matches if at least one value matches).
template <typename FuncT>
static inline bool match_or(const vector<IPPrefix>& prefixes, const IPAddr& a,
static inline bool match_or(const vector<zeek::IPPrefix>& prefixes, const zeek::IPAddr& a,
FuncT comp)
{
for ( size_t i = 0; i < prefixes.size(); ++i )
{
IPAddr masked(a);
zeek::IPAddr masked(a);
masked.Mask(prefixes[i].LengthIPv6());
if ( comp(masked, prefixes[i].Prefix()) )
return true;
@ -532,12 +532,12 @@ static inline bool match_not_and(const maskedvalue_list& mvals, uint32_t v,
// Evaluate a prefix list (doesn't match if any value matches).
template <typename FuncT>
static inline bool match_not_and(const vector<IPPrefix>& prefixes,
const IPAddr& a, FuncT comp)
static inline bool match_not_and(const vector<zeek::IPPrefix>& prefixes,
const zeek::IPAddr& a, FuncT comp)
{
for ( size_t i = 0; i < prefixes.size(); ++i )
{
IPAddr masked(a);
zeek::IPAddr masked(a);
masked.Mask(prefixes[i].LengthIPv6());
if ( comp(masked, prefixes[i].Prefix()) )
return false;
@ -580,32 +580,32 @@ static inline bool compare(const maskedvalue_list& mvals, uint32_t v,
return false;
}
static inline bool compare(const vector<IPPrefix>& prefixes, const IPAddr& a,
static inline bool compare(const vector<zeek::IPPrefix>& prefixes, const zeek::IPAddr& a,
RuleHdrTest::Comp comp)
{
switch ( comp ) {
case RuleHdrTest::EQ:
return match_or(prefixes, a, std::equal_to<IPAddr>());
return match_or(prefixes, a, std::equal_to<zeek::IPAddr>());
break;
case RuleHdrTest::NE:
return match_not_and(prefixes, a, std::equal_to<IPAddr>());
return match_not_and(prefixes, a, std::equal_to<zeek::IPAddr>());
break;
case RuleHdrTest::LT:
return match_or(prefixes, a, std::less<IPAddr>());
return match_or(prefixes, a, std::less<zeek::IPAddr>());
break;
case RuleHdrTest::GT:
return match_or(prefixes, a, std::greater<IPAddr>());
return match_or(prefixes, a, std::greater<zeek::IPAddr>());
break;
case RuleHdrTest::LE:
return match_or(prefixes, a, std::less_equal<IPAddr>());
return match_or(prefixes, a, std::less_equal<zeek::IPAddr>());
break;
case RuleHdrTest::GE:
return match_or(prefixes, a, std::greater_equal<IPAddr>());
return match_or(prefixes, a, std::greater_equal<zeek::IPAddr>());
break;
default:
@ -737,7 +737,7 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state,
}
RuleEndpointState* RuleMatcher::InitEndpoint(zeek::analyzer::Analyzer* analyzer,
const IP_Hdr* ip, int caplen,
const zeek::IP_Hdr* ip, int caplen,
RuleEndpointState* opposite,
bool from_orig, analyzer::pia::PIA* pia)
{
@ -1289,7 +1289,7 @@ static zeek::Val* get_bro_val(const char* label)
// if the prefix_vector param isn't null, appending to that is preferred
// over appending to the masked val list.
static bool val_to_maskedval(zeek::Val* v, maskedvalue_list* append_to,
vector<IPPrefix>* prefix_vector)
vector<zeek::IPPrefix>* prefix_vector)
{
MaskedValue* mval = new MaskedValue;
@ -1356,7 +1356,7 @@ static bool val_to_maskedval(zeek::Val* v, maskedvalue_list* append_to,
}
void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
vector<IPPrefix>* prefix_vector)
vector<zeek::IPPrefix>* prefix_vector)
{
zeek::Val* v = get_bro_val(id);
if ( ! v )
@ -1417,7 +1417,7 @@ uint32_t id_to_uint(const char* id)
return 0;
}
void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip,
void RuleMatcherState::InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip,
int caplen, bool from_orig, analyzer::pia::PIA* pia)
{
if ( ! rule_matcher )

17
src/RuleMatcher.h
View file

@ -29,13 +29,13 @@ extern const char* current_rule_file;
class BroFile;
class IntSet;
class IP_Hdr;
class IPPrefix;
class RE_Match_State;
class Specific_RE_Matcher;
class RuleMatcher;
extern RuleMatcher* rule_matcher;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer);
@ -63,7 +63,7 @@ using bstr_list = zeek::PList<zeek::String>;
// Get values from Bro's script-level variables.
extern void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
std::vector<IPPrefix>* prefix_vector = nullptr);
std::vector<zeek::IPPrefix>* prefix_vector = nullptr);
extern char* id_to_str(const char* id);
extern uint32_t id_to_uint(const char* id);
@ -75,7 +75,7 @@ public:
RuleHdrTest(Prot arg_prot, uint32_t arg_offset, uint32_t arg_size,
Comp arg_comp, maskedvalue_list* arg_vals);
RuleHdrTest(Prot arg_prot, Comp arg_comp, std::vector<IPPrefix> arg_v);
RuleHdrTest(Prot arg_prot, Comp arg_comp, std::vector<zeek::IPPrefix> arg_v);
~RuleHdrTest();
void PrintDebug();
@ -92,7 +92,7 @@ private:
Prot prot;
Comp comp;
maskedvalue_list* vals;
std::vector<IPPrefix> prefix_vals; // for use with IPSrc/IPDst comparisons
std::vector<zeek::IPPrefix> prefix_vals; // for use with IPSrc/IPDst comparisons
uint32_t offset;
uint32_t size;
@ -263,8 +263,9 @@ public:
// the given packet (which should be the first packet encountered for
// this endpoint). If the matching is triggered by an PIA, a pointer to
// it needs to be given.
RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip,
int caplen, RuleEndpointState* opposite, bool is_orig, analyzer::pia::PIA* pia);
RuleEndpointState* InitEndpoint(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip,
int caplen, RuleEndpointState* opposite, bool is_orig,
analyzer::pia::PIA* pia);
// Finish matching for this stream.
void FinishEndpoint(RuleEndpointState* state);
@ -372,7 +373,7 @@ public:
{ delete orig_match_state; delete resp_match_state; }
// ip may be nil.
void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const IP_Hdr* ip,
void InitEndpointMatcher(zeek::analyzer::Analyzer* analyzer, const zeek::IP_Hdr* ip,
int caplen, bool from_orig, analyzer::pia::PIA* pia = nullptr);
// bol/eol should be set to false for type Rule::PAYLOAD; they're

16
src/SerializationFormat.cc
View file

@ -234,7 +234,7 @@ bool BinarySerializationFormat::Read(std::string* v, const char* tag)
return true;
}
bool BinarySerializationFormat::Read(IPAddr* addr, const char* tag)
bool BinarySerializationFormat::Read(zeek::IPAddr* addr, const char* tag)
{
int n = 0;
if ( ! Read(&n, "addr-len") )
@ -254,22 +254,22 @@ bool BinarySerializationFormat::Read(IPAddr* addr, const char* tag)
}
if ( n == 1 )
*addr = IPAddr(IPv4, raw, IPAddr::Network);
*addr = zeek::IPAddr(IPv4, raw, zeek::IPAddr::Network);
else
*addr = IPAddr(IPv6, raw, IPAddr::Network);
*addr = zeek::IPAddr(IPv6, raw, zeek::IPAddr::Network);
return true;
}
bool BinarySerializationFormat::Read(IPPrefix* prefix, const char* tag)
bool BinarySerializationFormat::Read(zeek::IPPrefix* prefix, const char* tag)
{
IPAddr addr;
zeek::IPAddr addr;
int len;
if ( ! (Read(&addr, "prefix") && Read(&len, "width")) )
return false;
*prefix = IPPrefix(addr, len);
*prefix = zeek::IPPrefix(addr, len);
return true;
}
@ -368,7 +368,7 @@ bool BinarySerializationFormat::Write(const std::string& s, const char* tag)
return Write(s.data(), s.size(), tag);
}
bool BinarySerializationFormat::Write(const IPAddr& addr, const char* tag)
bool BinarySerializationFormat::Write(const zeek::IPAddr& addr, const char* tag)
{
const uint32_t* raw;
int n = addr.GetBytes(&raw);
@ -387,7 +387,7 @@ bool BinarySerializationFormat::Write(const IPAddr& addr, const char* tag)
return true;
}
bool BinarySerializationFormat::Write(const IPPrefix& prefix, const char* tag)
bool BinarySerializationFormat::Write(const zeek::IPPrefix& prefix, const char* tag)
{
return Write(prefix.Prefix(), "prefix") && Write(prefix.Length(), "width");
}

23
src/SerializationFormat.h
View file

@ -2,12 +2,13 @@
#pragma once
#include <string>
#include "zeek-config.h"
#include <string>
#include <stdint.h>
class IPAddr;
class IPPrefix;
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek);
// Abstract base class.
class SerializationFormat {
@ -28,8 +29,8 @@ public:
virtual bool Read(bool* v, const char* tag) = 0;
virtual bool Read(double* d, const char* tag) = 0;
virtual bool Read(std::string* s, const char* tag) = 0;
virtual bool Read(IPAddr* addr, const char* tag) = 0;
virtual bool Read(IPPrefix* prefix, const char* tag) = 0;
virtual bool Read(zeek::IPAddr* addr, const char* tag) = 0;
virtual bool Read(zeek::IPPrefix* prefix, const char* tag) = 0;
virtual bool Read(struct in_addr* addr, const char* tag) = 0;
virtual bool Read(struct in6_addr* addr, const char* tag) = 0;
@ -62,8 +63,8 @@ public:
virtual bool Write(const char* s, const char* tag) = 0;
virtual bool Write(const char* buf, int len, const char* tag) = 0;
virtual bool Write(const std::string& s, const char* tag) = 0;
virtual bool Write(const IPAddr& addr, const char* tag) = 0;
virtual bool Write(const IPPrefix& prefix, const char* tag) = 0;
virtual bool Write(const zeek::IPAddr& addr, const char* tag) = 0;
virtual bool Write(const zeek::IPPrefix& prefix, const char* tag) = 0;
virtual bool Write(const struct in_addr& addr, const char* tag) = 0;
virtual bool Write(const struct in6_addr& addr, const char* tag) = 0;
@ -107,8 +108,8 @@ public:
bool Read(double* d, const char* tag) override;
bool Read(char** str, int* len, const char* tag) override;
bool Read(std::string* s, const char* tag) override;
bool Read(IPAddr* addr, const char* tag) override;
bool Read(IPPrefix* prefix, const char* tag) override;
bool Read(zeek::IPAddr* addr, const char* tag) override;
bool Read(zeek::IPPrefix* prefix, const char* tag) override;
bool Read(struct in_addr* addr, const char* tag) override;
bool Read(struct in6_addr* addr, const char* tag) override;
bool Write(int v, const char* tag) override;
@ -122,8 +123,8 @@ public:
bool Write(const char* s, const char* tag) override;
bool Write(const char* buf, int len, const char* tag) override;
bool Write(const std::string& s, const char* tag) override;
bool Write(const IPAddr& addr, const char* tag) override;
bool Write(const IPPrefix& prefix, const char* tag) override;
bool Write(const zeek::IPAddr& addr, const char* tag) override;
bool Write(const zeek::IPPrefix& prefix, const char* tag) override;
bool Write(const struct in_addr& addr, const char* tag) override;
bool Write(const struct in6_addr& addr, const char* tag) override;
bool WriteOpenTag(const char* tag) override;

38
src/Sessions.cc
View file

@ -153,7 +153,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
}
const struct ip* ip = (const struct ip*) (pkt->data + pkt->hdr_size);
IP_Hdr ip_hdr(ip, false);
zeek::IP_Hdr ip_hdr(ip, false);
DoNextPacket(t, pkt, &ip_hdr, nullptr);
}
@ -165,7 +165,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
return;
}
IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt->data + pkt->hdr_size), false, caplen);
zeek::IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt->data + pkt->hdr_size), false, caplen);
DoNextPacket(t, pkt, &ip_hdr, nullptr);
}
@ -211,7 +211,7 @@ static unsigned int gre_header_len(uint16_t flags)
return len;
}
void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr,
void NetSessions::DoNextPacket(double t, const Packet* pkt, const zeek::IP_Hdr* ip_hdr,
const EncapsulationStack* encapsulation)
{
uint32_t caplen = pkt->cap_len - pkt->hdr_size;
@ -298,7 +298,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
else
{
f = NextFragment(t, ip_hdr, pkt->data + pkt->hdr_size);
const IP_Hdr* ih = f->ReassembledPkt();
const zeek::IP_Hdr* ih = f->ReassembledPkt();
if ( ! ih )
// It didn't reassemble into anything yet.
return;
@ -591,7 +591,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
return;
}
IP_Hdr* inner = nullptr;
zeek::IP_Hdr* inner = nullptr;
if ( gre_version != 0 )
{
@ -659,7 +659,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
return;
}
ConnIDKey key = BuildConnIDKey(id);
zeek::detail::ConnIDKey key = zeek::detail::BuildConnIDKey(id);
Connection* conn = nullptr;
// FIXME: The following is getting pretty complex. Need to split up
@ -739,7 +739,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
}
void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
const IP_Hdr* inner, const EncapsulationStack* prev,
const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
const EncapsulatingConn& ec)
{
uint32_t caplen, len;
@ -813,7 +813,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
}
int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto,
IP_Hdr*& inner)
zeek::IP_Hdr*& inner)
{
if ( proto == IPPROTO_IPV6 )
{
@ -821,7 +821,7 @@ int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto,
return -1;
const struct ip6_hdr* ip6 = (const struct ip6_hdr*) pkt;
inner = new IP_Hdr(ip6, false, caplen);
inner = new zeek::IP_Hdr(ip6, false, caplen);
if ( ( ip6->ip6_ctlun.ip6_un2_vfc & 0xF0 ) != 0x60 )
return -2;
}
@ -832,7 +832,7 @@ int NetSessions::ParseIPPacket(int caplen, const u_char* const pkt, int proto,
return -1;
const struct ip* ip4 = (const struct ip*) pkt;
inner = new IP_Hdr(ip4, false);
inner = new zeek::IP_Hdr(ip4, false);
if ( ip4->ip_v != 4 )
return -2;
}
@ -895,7 +895,7 @@ bool NetSessions::CheckHeaderTrunc(int proto, uint32_t len, uint32_t caplen,
return false;
}
FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
FragReassembler* NetSessions::NextFragment(double t, const zeek::IP_Hdr* ip,
const u_char* pkt)
{
uint32_t frag_id = ip->ID();
@ -955,8 +955,8 @@ Connection* NetSessions::FindConnection(zeek::Val* v)
// types, too.
}
const IPAddr& orig_addr = (*vl)[orig_h]->AsAddr();
const IPAddr& resp_addr = (*vl)[resp_h]->AsAddr();
const zeek::IPAddr& orig_addr = (*vl)[orig_h]->AsAddr();
const zeek::IPAddr& resp_addr = (*vl)[resp_h]->AsAddr();
zeek::PortVal* orig_portv = (*vl)[orig_p]->AsPortVal();
zeek::PortVal* resp_portv = (*vl)[resp_p]->AsPortVal();
@ -971,7 +971,7 @@ Connection* NetSessions::FindConnection(zeek::Val* v)
id.is_one_way = false; // ### incorrect for ICMP connections
ConnIDKey key = BuildConnIDKey(id);
zeek::detail::ConnIDKey key = zeek::detail::BuildConnIDKey(id);
ConnectionMap* d;
if ( orig_portv->IsTCP() )
@ -1000,7 +1000,7 @@ void NetSessions::Remove(Connection* c)
{
if ( c->IsKeyValid() )
{
const ConnIDKey& key = c->Key();
const zeek::detail::ConnIDKey& key = c->Key();
c->CancelTimers();
if ( c->ConnTransport() == TRANSPORT_TCP )
@ -1159,7 +1159,7 @@ void NetSessions::GetStats(SessionStats& s) const
s.max_fragments = stats.max_fragments;
}
Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id,
Connection* NetSessions::NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
const u_char* data, int proto, uint32_t flow_label,
const Packet* pkt, const EncapsulationStack* encapsulation)
{
@ -1219,7 +1219,7 @@ Connection* NetSessions::NewConn(const ConnIDKey& k, double t, const ConnID* id,
return conn;
}
Connection* NetSessions::LookupConn(const ConnectionMap& conns, const ConnIDKey& key)
Connection* NetSessions::LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key)
{
auto it = conns.find(key);
if ( it != conns.end() )
@ -1330,7 +1330,7 @@ void NetSessions::Weird(const char* name, const Packet* pkt,
reporter->Weird(name, addl);
}
void NetSessions::Weird(const char* name, const IP_Hdr* ip,
void NetSessions::Weird(const char* name, const zeek::IP_Hdr* ip,
const EncapsulationStack* encap, const char* addl)
{
if ( encap && encap->LastType() != BifEnum::Tunnel::NONE )
@ -1396,7 +1396,7 @@ unsigned int NetSessions::MemoryAllocation()
;
}
void NetSessions::InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn)
void NetSessions::InsertConnection(ConnectionMap* m, const zeek::detail::ConnIDKey& key, Connection* conn)
{
(*m)[key] = conn;

20
src/Sessions.h
View file

@ -55,7 +55,7 @@ public:
// Returns a reassembled packet, or nil if there are still
// some missing fragments.
FragReassembler* NextFragment(double t, const IP_Hdr* ip,
FragReassembler* NextFragment(double t, const zeek::IP_Hdr* ip,
const u_char* pkt);
// Looks up the connection referred to by the given Val,
@ -79,7 +79,7 @@ public:
void Weird(const char* name, const Packet* pkt,
const EncapsulationStack* encap = nullptr, const char* addl = "");
void Weird(const char* name, const IP_Hdr* ip,
void Weird(const char* name, const zeek::IP_Hdr* ip,
const EncapsulationStack* encap = nullptr, const char* addl = "");
PacketFilter* GetPacketFilter()
@ -96,7 +96,7 @@ public:
return tcp_conns.size() + udp_conns.size() + icmp_conns.size();
}
void DoNextPacket(double t, const Packet *pkt, const IP_Hdr* ip_hdr,
void DoNextPacket(double t, const Packet *pkt, const zeek::IP_Hdr* ip_hdr,
const EncapsulationStack* encapsulation);
/**
@ -114,7 +114,7 @@ public:
* @param ec The most-recently found depth of encapsulation.
*/
void DoNextInnerPacket(double t, const Packet *pkt,
const IP_Hdr* inner, const EncapsulationStack* prev,
const zeek::IP_Hdr* inner, const EncapsulationStack* prev,
const EncapsulatingConn& ec);
/**
@ -161,7 +161,7 @@ public:
* for other return values.
*/
int ParseIPPacket(int caplen, const u_char* const pkt, int proto,
IP_Hdr*& inner);
zeek::IP_Hdr*& inner);
unsigned int ConnectionMemoryUsage();
unsigned int ConnectionMemoryUsageConnVals();
@ -172,14 +172,14 @@ protected:
friend class ConnCompressor;
friend class IPTunnelTimer;
using ConnectionMap = std::map<ConnIDKey, Connection*>;
using ConnectionMap = std::map<zeek::detail::ConnIDKey, Connection*>;
using FragmentMap = std::map<FragReassemblerKey, FragReassembler*>;
Connection* NewConn(const ConnIDKey& k, double t, const ConnID* id,
Connection* NewConn(const zeek::detail::ConnIDKey& k, double t, const ConnID* id,
const u_char* data, int proto, uint32_t flow_label,
const Packet* pkt, const EncapsulationStack* encapsulation);
Connection* LookupConn(const ConnectionMap& conns, const ConnIDKey& key);
Connection* LookupConn(const ConnectionMap& conns, const zeek::detail::ConnIDKey& key);
// Returns true if the port corresonds to an application
// for which there's a Bro analyzer (even if it might not
@ -215,7 +215,7 @@ protected:
// the new one. Connection count stats get updated either way (so most
// cases should likely check that the key is not already in the map to
// avoid unnecessary incrementing of connecting counts).
void InsertConnection(ConnectionMap* m, const ConnIDKey& key, Connection* conn);
void InsertConnection(ConnectionMap* m, const zeek::detail::ConnIDKey& key, Connection* conn);
ConnectionMap tcp_conns;
ConnectionMap udp_conns;
@ -224,7 +224,7 @@ protected:
SessionStats stats;
using IPPair = std::pair<IPAddr, IPAddr>;
using IPPair = std::pair<zeek::IPAddr, zeek::IPAddr>;
using TunnelActivity = std::pair<EncapsulatingConn, double>;
using IPTunnelMap = std::map<IPPair, TunnelActivity>;
IPTunnelMap ip_tunnels;

6
src/TunnelEncapsulation.h
View file

@ -40,7 +40,7 @@ public:
* @param d The tunnel destination address, likely taken from an IP header.
* @param t The type of IP tunnel.
*/
EncapsulatingConn(const IPAddr& s, const IPAddr& d,
EncapsulatingConn(const zeek::IPAddr& s, const zeek::IPAddr& d,
BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP)
: src_addr(s), dst_addr(d), src_port(0), dst_port(0),
proto(TRANSPORT_UNKNOWN), type(t),
@ -119,8 +119,8 @@ public:
}
protected:
IPAddr src_addr;
IPAddr dst_addr;
zeek::IPAddr src_addr;
zeek::IPAddr dst_addr;
uint16_t src_port;
uint16_t dst_port;
TransportProto proto;

4
src/Val.h
View file

@ -35,14 +35,14 @@ using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = ze
ZEEK_FORWARD_DECLARE_NAMESPACED(IterCookie, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IPPrefix, zeek);
namespace zeek::detail { class ScriptFunc; }
using BroFunc [[deprecated("Remove in v4.1. Use zeek::detail::ScriptFunc instead.")]] = zeek::detail::ScriptFunc;
class BroFile;
class PrefixTable;
class IPAddr;
class IPPrefix;
class StateAccess;
class RE_Matcher;

8
src/analyzer/Analyzer.cc
View file

@ -214,7 +214,7 @@ void Analyzer::Done()
}
void Analyzer::NextPacket(int len, const u_char* data, bool is_orig, uint64_t seq,
const IP_Hdr* ip, int caplen)
const zeek::IP_Hdr* ip, int caplen)
{
if ( skip )
return;
@ -297,7 +297,7 @@ void Analyzer::NextEndOfData(bool is_orig)
}
void Analyzer::ForwardPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
if ( output_handler )
output_handler->DeliverPacket(len, data, is_orig, seq,
@ -644,7 +644,7 @@ SupportAnalyzer* Analyzer::FirstSupportAnalyzer(bool orig)
}
void Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]",
fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", seq, ip, caplen,
@ -858,7 +858,7 @@ SupportAnalyzer* SupportAnalyzer::Sibling(bool only_active) const
}
void SupportAnalyzer::ForwardPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
// We do not call parent's method, as we're replacing the functionality.

12
src/analyzer/Analyzer.h
View file

@ -21,7 +21,7 @@ using BroFilePtr = zeek::IntrusivePtr<BroFile>;
class Rule;
class Connection;
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
@ -59,7 +59,7 @@ public:
*/
virtual void DeliverPacket(int len, const u_char* data,
bool orig, uint64_t seq,
const IP_Hdr* ip, int caplen)
const zeek::IP_Hdr* ip, int caplen)
{ }
/**
@ -157,7 +157,7 @@ public:
* @param caplen The packet's capture length, if available.
*/
void NextPacket(int len, const u_char* data, bool is_orig,
uint64_t seq = -1, const IP_Hdr* ip = nullptr, int caplen = 0);
uint64_t seq = -1, const zeek::IP_Hdr* ip = nullptr, int caplen = 0);
/**
* Passes stream input to the analyzer for processing. The analyzer
@ -210,7 +210,7 @@ public:
*/
virtual void ForwardPacket(int len, const u_char* data,
bool orig, uint64_t seq,
const IP_Hdr* ip, int caplen);
const zeek::IP_Hdr* ip, int caplen);
/**
* Forwards stream input on to all child analyzers. If the analyzer
@ -241,7 +241,7 @@ public:
* Parameters are the same.
*/
virtual void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen);
uint64_t seq, const zeek::IP_Hdr* ip, int caplen);
/**
* Hook for accessing stream input for parsing. This is called by
@ -839,7 +839,7 @@ public:
* Parameters same as for Analyzer::ForwardPacket.
*/
void ForwardPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
/**
* Passes stream input to the next sibling SupportAnalyzer if any, or

2
src/analyzer/protocol/ayiya/AYIYA.cc
View file

@ -21,7 +21,7 @@ void AYIYA_Analyzer::Done()
Event(udp_session_done);
}
void AYIYA_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void AYIYA_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/ayiya/AYIYA.h
View file

@ -11,7 +11,7 @@ public:
virtual void Done();
virtual void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen);
uint64_t seq, const zeek::IP_Hdr* ip, int caplen);
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new AYIYA_Analyzer(conn); }

2
src/analyzer/protocol/ayiya/ayiya-analyzer.pac
View file

@ -56,7 +56,7 @@ flow AYIYA_Flow
return false;
}
IP_Hdr* inner = 0;
zeek::IP_Hdr* inner = 0;
int result = sessions->ParseIPPacket(${pdu.packet}.length(),
${pdu.packet}.data(), ${pdu.next_header}, inner);

2
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -102,7 +102,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)
}
}
void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void ConnSize_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);

2
src/analyzer/protocol/conn-size/ConnSize.h
View file

@ -31,7 +31,7 @@ public:
protected:
void DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
void CheckThresholds(bool is_orig);
void ThresholdEvent(EventHandlerPtr f, uint64_t threshold, bool is_orig);

2
src/analyzer/protocol/dhcp/DHCP.cc
View file

@ -22,7 +22,7 @@ void DHCP_Analyzer::Done()
}
void DHCP_Analyzer::DeliverPacket(int len, const u_char* data,
bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/dhcp/DHCP.h
View file

@ -13,7 +13,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new DHCP_Analyzer(conn); }

2
src/analyzer/protocol/dnp3/DNP3.cc
View file

@ -440,7 +440,7 @@ DNP3_UDP_Analyzer::~DNP3_UDP_Analyzer()
{
}
void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void DNP3_UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/dnp3/DNP3.h
View file

@ -81,7 +81,7 @@ public:
~DNP3_UDP_Analyzer() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new DNP3_UDP_Analyzer(conn); }

2
src/analyzer/protocol/dns/DNS.cc
View file

@ -1832,7 +1832,7 @@ void DNS_Analyzer::Done()
}
void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
interp->ParseMessage(data, len, orig ? 1 : 0);

2
src/analyzer/protocol/dns/DNS.h
View file

@ -385,7 +385,7 @@ public:
~DNS_Analyzer() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
void Init() override;
void Done() override;

4
src/analyzer/protocol/ftp/functions.bif
View file

@ -52,7 +52,7 @@ static zeek::ValPtr parse_eftp(const char* line)
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ftp_port);
int net_proto = 0; // currently not used
IPAddr addr; // unspecified IPv6 address (all 128 bits zero)
zeek::IPAddr addr; // unspecified IPv6 address (all 128 bits zero)
int port = 0;
int good = 0;
@ -87,7 +87,7 @@ static zeek::ValPtr parse_eftp(const char* line)
}
std::string s(line, nptr-line); // extract IP address
IPAddr tmp(s);
zeek::IPAddr tmp(s);
// on error, "tmp" will have all 128 bits zero
if ( tmp == addr )
good = 0;

2
src/analyzer/protocol/gtpv1/GTPv1.cc
View file

@ -23,7 +23,7 @@ void GTPv1_Analyzer::Done()
Event(udp_session_done);
}
void GTPv1_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void GTPv1_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
try

2
src/analyzer/protocol/gtpv1/GTPv1.h
View file

@ -11,7 +11,7 @@ public:
virtual void Done();
virtual void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen);
uint64_t seq, const zeek::IP_Hdr* ip, int caplen);
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new GTPv1_Analyzer(conn); }

14
src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -98,11 +98,11 @@ zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
switch ( ie->end_user_addr()->pdp_type_num() ) {
case 0x21:
ev->Assign(2, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network)));
break;
case 0x57:
ev->Assign(2, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network)));
break;
default:
ev->Assign(3, zeek::make_intrusive<zeek::StringVal>(
@ -137,10 +137,10 @@ zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
if ( len == 4 )
ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network)));
else if ( len == 16 )
ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network)));
else
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::String((const u_char*) d, len, false)));
@ -221,9 +221,9 @@ zeek::ValPtr BuildChargingGatewayAddr(const InformationElement* ie)
const uint8* d = ie->charging_gateway_addr()->value().data();
int len = ie->charging_gateway_addr()->value().length();
if ( len == 4 )
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network));
return zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network));
else if ( len == 16 )
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, (const uint32*) d, IPAddr::Network));
return zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network));
else
return nullptr;
}
@ -729,7 +729,7 @@ flow GTPv1_Flow(is_orig: bool)
return false;
}
IP_Hdr* inner = 0;
zeek::IP_Hdr* inner = nullptr;
int result = sessions->ParseIPPacket(${pdu.packet}.length(),
${pdu.packet}.data(), ip->ip_v == 6 ? IPPROTO_IPV6 : IPPROTO_IPV4,
inner);

60
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -35,7 +35,7 @@ void ICMP_Analyzer::Done()
}
void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
bool is_orig, uint64_t seq, const IP_Hdr* ip, int caplen)
bool is_orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
assert(ip);
@ -119,7 +119,7 @@ void ICMP_Analyzer::DeliverPacket(int len, const u_char* data,
}
void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int caplen,
const u_char*& data, const IP_Hdr* ip_hdr )
const u_char*& data, const zeek::IP_Hdr* ip_hdr )
{
switch ( icmpp->icmp_type )
{
@ -140,7 +140,7 @@ void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int c
}
void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int caplen,
const u_char*& data, const IP_Hdr* ip_hdr )
const u_char*& data, const zeek::IP_Hdr* ip_hdr )
{
switch ( icmpp->icmp_type )
{
@ -199,7 +199,7 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c
void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
int icmpv6, const u_char* data,
const IP_Hdr* ip_hdr)
const zeek::IP_Hdr* ip_hdr)
{
if ( icmp_sent )
EnqueueConnEvent(icmp_sent,
@ -222,7 +222,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
}
zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
int icmpv6, const IP_Hdr* ip_hdr)
int icmpv6, const zeek::IP_Hdr* ip_hdr)
{
if ( ! icmp_conn_val )
{
@ -242,7 +242,7 @@ zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len
}
zeek::RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len,
bool icmpv6, const IP_Hdr* ip_hdr)
bool icmpv6, const zeek::IP_Hdr* ip_hdr)
{
static auto icmp_info = zeek::id::find_type<zeek::RecordType>("icmp_info");
auto rval = zeek::make_intrusive<zeek::RecordVal>(icmp_info);
@ -254,7 +254,7 @@ zeek::RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len,
return rval;
}
TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port)
TransportProto ICMP_Analyzer::GetContextProtocol(const zeek::IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port)
{
const u_char* transport_hdr;
uint32_t ip_hdr_len = ip_hdr->HdrLen();
@ -321,15 +321,15 @@ TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t*
zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
{
const IP_Hdr ip_hdr_data((const struct ip*) data, false);
const IP_Hdr* ip_hdr = &ip_hdr_data;
const zeek::IP_Hdr ip_hdr_data((const struct ip*) data, false);
const zeek::IP_Hdr* ip_hdr = &ip_hdr_data;
uint32_t ip_hdr_len = ip_hdr->HdrLen();
uint32_t ip_len, frag_offset;
TransportProto proto = TRANSPORT_UNKNOWN;
int DF, MF, bad_hdr_len, bad_checksum;
IPAddr src_addr, dst_addr;
zeek::IPAddr src_addr, dst_addr;
uint32_t src_port, dst_port;
if ( len < (int)sizeof(struct ip) || ip_hdr_len > uint32_t(len) )
@ -391,8 +391,8 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& da
int DF = 0, MF = 0, bad_hdr_len = 0;
TransportProto proto = TRANSPORT_UNKNOWN;
IPAddr src_addr;
IPAddr dst_addr;
zeek::IPAddr src_addr;
zeek::IPAddr dst_addr;
uint32_t ip_len, frag_offset = 0;
uint32_t src_port, dst_port;
@ -404,8 +404,8 @@ zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& da
}
else
{
const IP_Hdr ip_hdr_data((const struct ip6_hdr*) data, false, len);
const IP_Hdr* ip_hdr = &ip_hdr_data;
const zeek::IP_Hdr ip_hdr_data((const struct ip6_hdr*) data, false, len);
const zeek::IP_Hdr* ip_hdr = &ip_hdr_data;
ip_len = ip_hdr->TotalLen();
src_addr = ip_hdr->SrcAddr();
@ -512,7 +512,7 @@ unsigned int ICMP_Analyzer::MemoryAllocation() const
void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
// For handling all Echo related ICMP messages
EventHandlerPtr f = nullptr;
@ -544,7 +544,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = icmp_router_advertisement;
@ -581,17 +581,17 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = icmp_neighbor_advertisement;
if ( ! f )
return;
IPAddr tgtaddr;
zeek::IPAddr tgtaddr;
if ( caplen >= (int)sizeof(in6_addr) )
tgtaddr = IPAddr(*((const in6_addr*)data));
tgtaddr = zeek::IPAddr(*((const in6_addr*)data));
int opt_offset = sizeof(in6_addr);
@ -609,17 +609,17 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = icmp_neighbor_solicitation;
if ( ! f )
return;
IPAddr tgtaddr;
zeek::IPAddr tgtaddr;
if ( caplen >= (int)sizeof(in6_addr) )
tgtaddr = IPAddr(*((const in6_addr*)data));
tgtaddr = zeek::IPAddr(*((const in6_addr*)data));
int opt_offset = sizeof(in6_addr);
@ -634,20 +634,20 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = icmp_redirect;
if ( ! f )
return;
IPAddr tgtaddr, dstaddr;
zeek::IPAddr tgtaddr, dstaddr;
if ( caplen >= (int)sizeof(in6_addr) )
tgtaddr = IPAddr(*((const in6_addr*)data));
tgtaddr = zeek::IPAddr(*((const in6_addr*)data));
if ( caplen >= 2 * (int)sizeof(in6_addr) )
dstaddr = IPAddr(*((const in6_addr*)(data + sizeof(in6_addr))));
dstaddr = zeek::IPAddr(*((const in6_addr*)(data + sizeof(in6_addr))));
int opt_offset = 2 * sizeof(in6_addr);
@ -663,7 +663,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = icmp_router_solicitation;
@ -680,7 +680,7 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len,
void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp,
int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int len, int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = nullptr;
@ -707,7 +707,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp,
void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
int len, int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr)
{
EventHandlerPtr f = nullptr;
@ -816,7 +816,7 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da
info->Assign(2, zeek::val_mgr->Bool(A_flag));
info->Assign(3, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(valid_life), Seconds));
info->Assign(4, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(prefer_life), Seconds));
info->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(prefix)));
info->Assign(5, zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(prefix)));
rv->Assign(3, std::move(info));
}

30
src/analyzer/protocol/icmp/ICMP.h
View file

@ -32,52 +32,52 @@ public:
protected:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
bool IsReuse(double t, const u_char* pkt) override;
unsigned int MemoryAllocation() const override;
void ICMP_Sent(const struct icmp* icmpp, int len, int caplen, int icmpv6,
const u_char* data, const IP_Hdr* ip_hdr);
const u_char* data, const zeek::IP_Hdr* ip_hdr);
void Echo(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr);
void Redirect(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr);
void RouterAdvert(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr);
void NeighborAdvert(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr);
void NeighborSolicit(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr);
void RouterSolicit(double t, const struct icmp* icmpp, int len,
int caplen, const u_char*& data, const IP_Hdr* ip_hdr);
int caplen, const u_char*& data, const zeek::IP_Hdr* ip_hdr);
void Describe(ODesc* d) const;
zeek::RecordValPtr BuildICMPVal(const struct icmp* icmpp, int len,
int icmpv6, const IP_Hdr* ip_hdr);
int icmpv6, const zeek::IP_Hdr* ip_hdr);
zeek::RecordValPtr BuildInfo(const struct icmp* icmpp, int len,
bool icmpv6, const IP_Hdr* ip_hdr);
bool icmpv6, const zeek::IP_Hdr* ip_hdr);
void NextICMP4(double t, const struct icmp* icmpp, int len, int caplen,
const u_char*& data, const IP_Hdr* ip_hdr );
const u_char*& data, const zeek::IP_Hdr* ip_hdr );
zeek::RecordValPtr ExtractICMP4Context(int len, const u_char*& data);
void Context4(double t, const struct icmp* icmpp, int len, int caplen,
const u_char*& data, const IP_Hdr* ip_hdr);
const u_char*& data, const zeek::IP_Hdr* ip_hdr);
TransportProto GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* src_port,
TransportProto GetContextProtocol(const zeek::IP_Hdr* ip_hdr, uint32_t* src_port,
uint32_t* dst_port);
void NextICMP6(double t, const struct icmp* icmpp, int len, int caplen,
const u_char*& data, const IP_Hdr* ip_hdr );
const u_char*& data, const zeek::IP_Hdr* ip_hdr );
zeek::RecordValPtr ExtractICMP6Context(int len, const u_char*& data);
void Context6(double t, const struct icmp* icmpp, int len, int caplen,
const u_char*& data, const IP_Hdr* ip_hdr);
const u_char*& data, const zeek::IP_Hdr* ip_hdr);
// RFC 4861 Neighbor Discover message options
zeek::VectorValPtr BuildNDOptionsVal(int caplen, const u_char* data);

2
src/analyzer/protocol/krb/KRB.cc
View file

@ -73,7 +73,7 @@ void KRB_Analyzer::Done()
}
void KRB_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/krb/KRB.h
View file

@ -20,7 +20,7 @@ public:
virtual void Done();
virtual void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen);
uint64_t seq, const zeek::IP_Hdr* ip, int caplen);
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new KRB_Analyzer(conn); }

4
src/analyzer/protocol/krb/krb-types.pac
View file

@ -61,7 +61,7 @@ zeek::RecordValPtr proc_host_address(const BroAnalyzer a, const KRB_Host_Address
}
auto bytes = reinterpret_cast<const uint32_t*>(addr_bytes.data());
rv->Assign(0, zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv4, bytes, IPAddr::Network)));
rv->Assign(0, zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv4, bytes, zeek::IPAddr::Network)));
return rv;
}
case 24:
@ -73,7 +73,7 @@ zeek::RecordValPtr proc_host_address(const BroAnalyzer a, const KRB_Host_Address
}
auto bytes = reinterpret_cast<const uint32_t*>(addr_bytes.data());
rv->Assign(0, zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, bytes, IPAddr::Network)));
rv->Assign(0, zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv6, bytes, zeek::IPAddr::Network)));
return rv;
}
case 20:

2
src/analyzer/protocol/netbios/NetbiosSSN.cc
View file

@ -511,7 +511,7 @@ void NetbiosSSN_Analyzer::ConnectionClosed(tcp::TCP_Endpoint* endpoint,
}
void NetbiosSSN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/netbios/NetbiosSSN.h
View file

@ -146,7 +146,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new NetbiosSSN_Analyzer(conn); }

2
src/analyzer/protocol/ntp/NTP.cc
View file

@ -24,7 +24,7 @@ NTP_Analyzer::~NTP_Analyzer()
}
void NTP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/ntp/NTP.h
View file

@ -17,7 +17,7 @@ public:
// Overriden from Analyzer.
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new NTP_Analyzer(conn); }

2
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -54,7 +54,7 @@
default:
{
const uint8* d = ${nsm.reference_id}.data();
rv->Assign(7, zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
rv->Assign(7, zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv4, (const uint32*) d, zeek::IPAddr::Network)));
}
break;
}

14
src/analyzer/protocol/pia/PIA.cc
View file

@ -36,7 +36,7 @@ void PIA::ClearBuffer(Buffer* buffer)
}
void PIA::AddToBuffer(Buffer* buffer, uint64_t seq, int len, const u_char* data,
bool is_orig, const IP_Hdr* ip)
bool is_orig, const zeek::IP_Hdr* ip)
{
u_char* tmp = nullptr;
@ -66,7 +66,7 @@ void PIA::AddToBuffer(Buffer* buffer, uint64_t seq, int len, const u_char* data,
}
void PIA::AddToBuffer(Buffer* buffer, int len, const u_char* data, bool is_orig,
const IP_Hdr* ip)
const zeek::IP_Hdr* ip)
{
AddToBuffer(buffer, -1, len, data, is_orig, ip);
}
@ -85,7 +85,7 @@ void PIA::PIA_Done()
}
void PIA::PIA_DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq,
const IP_Hdr* ip, int caplen, bool clear_state)
const zeek::IP_Hdr* ip, int caplen, bool clear_state)
{
if ( pkt_buffer.state == SKIPPING )
return;
@ -130,7 +130,7 @@ void PIA::Match(Rule::PatternType type, const u_char* data, int len,
}
void PIA::DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol,
bool clear_state, const IP_Hdr* ip)
bool clear_state, const zeek::IP_Hdr* ip)
{
if ( ! rule_matcher )
return;
@ -203,12 +203,12 @@ void PIA_TCP::Init()
}
}
void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
void PIA_TCP::FirstPacket(bool is_orig, const zeek::IP_Hdr* ip)
{
static char dummy_packet[sizeof(struct ip) + sizeof(struct tcphdr)];
static struct ip* ip4 = nullptr;
static struct tcphdr* tcp4 = nullptr;
static IP_Hdr* ip4_hdr = nullptr;
static zeek::IP_Hdr* ip4_hdr = nullptr;
DBG_LOG(DBG_ANALYZER, "PIA_TCP[%d] FirstPacket(%s)", GetID(), (is_orig ? "T" : "F"));
@ -226,7 +226,7 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
ip4->ip_p = IPPROTO_TCP;
// Cast to const so that it doesn't delete it.
ip4_hdr = new IP_Hdr(ip4, false);
ip4_hdr = new zeek::IP_Hdr(ip4, false);
}
if ( is_orig )

16
src/analyzer/protocol/pia/PIA.h
View file

@ -42,14 +42,14 @@ public:
protected:
void PIA_Done();
void PIA_DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen, bool clear_state);
uint64_t seq, const zeek::IP_Hdr* ip, int caplen, bool clear_state);
enum State { INIT, BUFFERING, MATCHING_ONLY, SKIPPING } state;
// Buffers one chunk of data. Used both for packet payload (incl.
// sequence numbers for TCP) and chunks of a reassembled stream.
struct DataBlock {
IP_Hdr* ip;
zeek::IP_Hdr* ip;
const u_char* data;
bool is_orig;
int len;
@ -67,15 +67,15 @@ protected:
};
void AddToBuffer(Buffer* buffer, uint64_t seq, int len,
const u_char* data, bool is_orig, const IP_Hdr* ip = nullptr);
const u_char* data, bool is_orig, const zeek::IP_Hdr* ip = nullptr);
void AddToBuffer(Buffer* buffer, int len,
const u_char* data, bool is_orig, const IP_Hdr* ip = nullptr);
const u_char* data, bool is_orig, const zeek::IP_Hdr* ip = nullptr);
void ClearBuffer(Buffer* buffer);
DataBlock* CurrentPacket() { return &current_packet; }
void DoMatch(const u_char* data, int len, bool is_orig, bool bol,
bool eol, bool clear_state, const IP_Hdr* ip = nullptr);
bool eol, bool clear_state, const zeek::IP_Hdr* ip = nullptr);
void SetConn(Connection* c) { conn = c; }
@ -106,7 +106,7 @@ protected:
}
void DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override
{
Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, true);
@ -136,7 +136,7 @@ public:
// matcher in the case that we already get reassembled input,
// and making it part of the general analyzer interface seems
// to be unnecessary overhead.)
void FirstPacket(bool is_orig, const IP_Hdr* ip);
void FirstPacket(bool is_orig, const zeek::IP_Hdr* ip);
void ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer);
@ -151,7 +151,7 @@ protected:
}
void DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override
{
Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
PIA_DeliverPacket(len, data, is_orig, seq, ip, caplen, false);

2
src/analyzer/protocol/radius/RADIUS.cc
View file

@ -25,7 +25,7 @@ void RADIUS_Analyzer::Done()
}
void RADIUS_Analyzer::DeliverPacket(int len, const u_char* data,
bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/radius/RADIUS.h
View file

@ -19,7 +19,7 @@ public:
// Overriden from Analyzer.
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new RADIUS_Analyzer(conn); }

2
src/analyzer/protocol/rdp/RDPEUDP.cc
View file

@ -22,7 +22,7 @@ void RDP_Analyzer::Done()
}
void RDP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/rdp/RDPEUDP.h
View file

@ -13,7 +13,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
{ return new RDP_Analyzer(conn); }

2
src/analyzer/protocol/rpc/RPC.cc
View file

@ -736,7 +736,7 @@ RPC_Analyzer::~RPC_Analyzer()
}
void RPC_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
len = std::min(len, caplen);

2
src/analyzer/protocol/rpc/RPC.h
View file

@ -240,7 +240,7 @@ public:
protected:
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
void ExpireTimer(double t);

2
src/analyzer/protocol/sip/SIP.cc
View file

@ -21,7 +21,7 @@ void SIP_Analyzer::Done()
}
void SIP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
bool real_orig = true;
if ( len > 6 && data[0] == 'S' && data[1] == 'I' && data[2] == 'P' && data[3] == '/' )

2
src/analyzer/protocol/sip/SIP.h
View file

@ -16,7 +16,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new SIP_Analyzer(conn); }

2
src/analyzer/protocol/snmp/SNMP.cc
View file

@ -26,7 +26,7 @@ void SNMP_Analyzer::Done()
}
void SNMP_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/snmp/SNMP.h
View file

@ -15,7 +15,7 @@ public:
virtual void Done();
virtual void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen);
uint64_t seq, const zeek::IP_Hdr* ip, int caplen);
static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)
{ return new SNMP_Analyzer(conn); }

2
src/analyzer/protocol/snmp/snmp-analyzer.pac
View file

@ -35,7 +35,7 @@ zeek::AddrValPtr network_address_to_val(const ASN1Encoding* na)
// but standards don't seem to currently make any provisions for IPv6,
// so ignore anything that can't be IPv4.
if ( bs.length() != 4 )
return zeek::make_intrusive<zeek::AddrVal>(IPAddr());
return zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr());
const u_char* data = reinterpret_cast<const u_char*>(bs.data());
uint32 network_order = extract_uint32(data);

4
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -98,7 +98,7 @@ refine connection SOCKS_Conn += {
break;
case 4:
sa->Assign(0, zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, (const uint32_t*) ${request.remote_name.ipv6}, IPAddr::Network)));
sa->Assign(0, zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv6, (const uint32_t*) ${request.remote_name.ipv6}, zeek::IPAddr::Network)));
break;
default:
@ -138,7 +138,7 @@ refine connection SOCKS_Conn += {
break;
case 4:
sa->Assign(0, zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, (const uint32_t*) ${reply.bound.ipv6}, IPAddr::Network)));
sa->Assign(0, zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv6, (const uint32_t*) ${reply.bound.ipv6}, zeek::IPAddr::Network)));
break;
default:

2
src/analyzer/protocol/ssl/DTLS.cc
View file

@ -32,7 +32,7 @@ void DTLS_Analyzer::Done()
handshake_interp->FlowEOF(false);
}
void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);

2
src/analyzer/protocol/ssl/DTLS.h
View file

@ -18,7 +18,7 @@ public:
// Overriden from Analyzer.
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
void EndOfData(bool is_orig) override;
void SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, uint32_t length, const u_char* begin, const u_char* end, bool orig);

4
src/analyzer/protocol/stepping-stone/SteppingStone.cc
View file

@ -61,7 +61,7 @@ void SteppingStoneEndpoint::Done()
}
bool SteppingStoneEndpoint::DataSent(double t, uint64_t seq, int len, int caplen,
const u_char* data, const IP_Hdr* /* ip */,
const u_char* data, const zeek::IP_Hdr* /* ip */,
const struct tcphdr* tp)
{
if ( caplen < len )
@ -172,7 +172,7 @@ void SteppingStone_Analyzer::Init()
void SteppingStone_Analyzer::DeliverPacket(int len, const u_char* data,
bool is_orig, uint64_t seq,
const IP_Hdr* ip, int caplen)
const zeek::IP_Hdr* ip, int caplen)
{
tcp::TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq,
ip, caplen);

4
src/analyzer/protocol/stepping-stone/SteppingStone.h
View file

@ -19,7 +19,7 @@ public:
void Done();
bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data,
const IP_Hdr* ip, const struct tcphdr* tp);
const zeek::IP_Hdr* ip, const struct tcphdr* tp);
protected:
void Event(EventHandlerPtr f, int id1, int id2 = -1);
@ -55,7 +55,7 @@ protected:
// We support both packet and stream input and can be put in place even
// if the TCP analyzer is not yet reassebmling.
void DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
void DeliverStream(int len, const u_char* data, bool is_orig) override;
int orig_stream_pos;

2
src/analyzer/protocol/syslog/Syslog.cc
View file

@ -28,7 +28,7 @@ void Syslog_Analyzer::Done()
Event(udp_session_done);
}
void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
interp->NewData(orig, data, data + len);

2
src/analyzer/protocol/syslog/Syslog.h
View file

@ -15,7 +15,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new Syslog_Analyzer(conn); }

14
src/analyzer/protocol/tcp/TCP.cc
View file

@ -42,7 +42,7 @@ namespace { // local namespace
static const int ORIG = 1;
static const int RESP = 2;
static zeek::RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
static zeek::RecordVal* build_syn_packet_val(bool is_orig, const zeek::IP_Hdr* ip,
const struct tcphdr* tcp)
{
int winscale = -1;
@ -800,7 +800,7 @@ void TCP_Analyzer::GeneratePacketEvent(
}
bool TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen,
const IP_Hdr* ip, const struct tcphdr* tp,
const zeek::IP_Hdr* ip, const struct tcphdr* tp,
TCP_Endpoint* endpoint, uint64_t rel_data_seq,
bool is_orig, TCP_Flags flags)
{
@ -818,7 +818,7 @@ void TCP_Analyzer::CheckRecording(bool need_contents, TCP_Flags flags)
Conn()->SetRecordCurrentPacket(record_current_packet);
}
void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip)
void TCP_Analyzer::CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip)
{
if ( is_orig && ! (first_packet_seen & ORIG) )
{
@ -1045,7 +1045,7 @@ static int32_t update_last_seq(TCP_Endpoint* endpoint, uint32_t last_seq,
}
void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
TransportLayerAnalyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
@ -1902,7 +1902,7 @@ void TCP_ApplicationAnalyzer::ProtocolViolation(const char* reason,
void TCP_ApplicationAnalyzer::DeliverPacket(int len, const u_char* data,
bool is_orig, uint64_t seq,
const IP_Hdr* ip, int caplen)
const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]",
@ -1984,7 +1984,7 @@ int endian_flip(int n)
bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int caplen,
const u_char* /* data */,
const IP_Hdr* ip, const struct tcphdr* /* tp */)
const zeek::IP_Hdr* ip, const struct tcphdr* /* tp */)
{
if ( ++num_pkts == 1 )
{ // First packet.
@ -2124,7 +2124,7 @@ void TCPStats_Analyzer::Done()
);
}
void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const IP_Hdr* ip, int caplen)
void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
TCP_ApplicationAnalyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);

13
src/analyzer/protocol/tcp/TCP.h
View file

@ -79,7 +79,8 @@ protected:
// Analyzer interface.
void Init() override;
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip, int caplen) override;
void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq,
const zeek::IP_Hdr* ip, int caplen) override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
void FlipRoles() override;
@ -134,12 +135,12 @@ protected:
bool is_orig, TCP_Flags flags);
bool DeliverData(double t, const u_char* data, int len, int caplen,
const IP_Hdr* ip, const struct tcphdr* tp,
const zeek::IP_Hdr* ip, const struct tcphdr* tp,
TCP_Endpoint* endpoint, uint64_t rel_data_seq,
bool is_orig, TCP_Flags flags);
void CheckRecording(bool need_contents, TCP_Flags flags);
void CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip);
void CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip);
friend class ConnectionTimer;
void AttemptTimer(double t);
@ -227,7 +228,7 @@ public:
virtual void PacketWithRST();
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
void Init() override;
// This suppresses violations if the TCP connection wasn't
@ -265,7 +266,7 @@ public:
explicit TCPStats_Endpoint(TCP_Endpoint* endp);
bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data,
const IP_Hdr* ip, const struct tcphdr* tp);
const zeek::IP_Hdr* ip, const struct tcphdr* tp);
zeek::RecordVal* BuildStats();
@ -295,7 +296,7 @@ public:
protected:
void DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
TCPStats_Endpoint* orig_stats;
TCPStats_Endpoint* resp_stats;

2
src/analyzer/protocol/tcp/TCP_Endpoint.cc
View file

@ -201,7 +201,7 @@ uint64_t TCP_Endpoint::Size() const
bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen,
const u_char* data,
const IP_Hdr* ip, const struct tcphdr* tp)
const zeek::IP_Hdr* ip, const struct tcphdr* tp)
{
bool status = false;

9
src/analyzer/protocol/tcp/TCP_Endpoint.h
View file

@ -6,7 +6,8 @@
#include "File.h"
class Connection;
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
namespace analyzer { namespace tcp {
@ -183,7 +184,7 @@ public:
// Returns true if the data was used (and hence should be recorded
// in the save file), false otherwise.
bool DataSent(double t, uint64_t seq, int len, int caplen, const u_char* data,
const IP_Hdr* ip, const struct tcphdr* tp);
const zeek::IP_Hdr* ip, const struct tcphdr* tp);
void AckReceived(uint64_t seq);
@ -215,8 +216,8 @@ public:
uint32_t checksum_base;
double start_time, last_time;
IPAddr src_addr; // the other endpoint
IPAddr dst_addr; // this endpoint
zeek::IPAddr src_addr; // the other endpoint
zeek::IPAddr dst_addr; // this endpoint
uint32_t window; // current advertised window (*scaled*, not pre-scaling)
int window_scale; // from the TCP option
uint32_t window_ack_seq; // at which ack_seq number did we record 'window'

6
src/analyzer/protocol/teredo/Teredo.cc
View file

@ -96,7 +96,7 @@ bool TeredoEncapsulation::DoParse(const u_char* data, int& len,
return false;
}
zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
zeek::RecordValPtr TeredoEncapsulation::BuildVal(const zeek::IP_Hdr* inner) const
{
static auto teredo_hdr_type = zeek::id::find_type<zeek::RecordType>("teredo_hdr");
static auto teredo_auth_type = zeek::id::find_type<zeek::RecordType>("teredo_auth");
@ -135,7 +135,7 @@ zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
}
void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
@ -160,7 +160,7 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
return;
}
IP_Hdr* inner = nullptr;
zeek::IP_Hdr* inner = nullptr;
int rslt = sessions->ParseIPPacket(len, te.InnerIP(), IPPROTO_IPV6, inner);
if ( rslt > 0 )

4
src/analyzer/protocol/teredo/Teredo.h
View file

@ -18,7 +18,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new Teredo_Analyzer(conn); }
@ -74,7 +74,7 @@ public:
const u_char* Authentication() const
{ return auth; }
zeek::RecordValPtr BuildVal(const IP_Hdr* inner) const;
zeek::RecordValPtr BuildVal(const zeek::IP_Hdr* inner) const;
protected:
bool DoParse(const u_char* data, int& len, bool found_orig, bool found_au);

4
src/analyzer/protocol/udp/UDP.cc
View file

@ -42,7 +42,7 @@ void UDP_Analyzer::Done()
}
void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
assert(ip);
@ -258,7 +258,7 @@ void UDP_Analyzer::ChecksumEvent(bool is_orig, uint32_t threshold)
is_orig, threshold);
}
bool UDP_Analyzer::ValidateChecksum(const IP_Hdr* ip, const udphdr* up, int len)
bool UDP_Analyzer::ValidateChecksum(const zeek::IP_Hdr* ip, const udphdr* up, int len)
{
uint32_t sum;

4
src/analyzer/protocol/udp/UDP.h
View file

@ -26,14 +26,14 @@ public:
protected:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
bool IsReuse(double t, const u_char* pkt) override;
unsigned int MemoryAllocation() const override;
void ChecksumEvent(bool is_orig, uint32_t threshold);
// Returns true if the checksum is valid, false if not
static bool ValidateChecksum(const IP_Hdr* ip, const struct udphdr* up,
static bool ValidateChecksum(const zeek::IP_Hdr* ip, const struct udphdr* up,
int len);
bro_int_t request_len, reply_len;

4
src/analyzer/protocol/vxlan/VXLAN.cc
View file

@ -25,7 +25,7 @@ void VXLAN_Analyzer::Done()
}
void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen)
uint64_t seq, const zeek::IP_Hdr* ip, int caplen)
{
Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen);
@ -76,7 +76,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
len -= pkt.hdr_size;
caplen -= pkt.hdr_size;
IP_Hdr* inner = nullptr;
zeek::IP_Hdr* inner = nullptr;
int res = 0;
switch ( pkt.l3_proto ) {

2
src/analyzer/protocol/vxlan/VXLAN.h
View file

@ -15,7 +15,7 @@ public:
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig,
uint64_t seq, const IP_Hdr* ip, int caplen) override;
uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override;
static zeek::analyzer::Analyzer* Instantiate(Connection* conn)
{ return new VXLAN_Analyzer(conn); }

4
src/broker/Data.cc
View file

@ -136,7 +136,7 @@ struct val_converter {
if ( type->Tag() == zeek::TYPE_ADDR )
{
auto bits = reinterpret_cast<const in6_addr*>(&a.bytes());
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(*bits));
return zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(*bits));
}
return nullptr;
@ -147,7 +147,7 @@ struct val_converter {
if ( type->Tag() == zeek::TYPE_SUBNET )
{
auto bits = reinterpret_cast<const in6_addr*>(&a.network().bytes());
return zeek::make_intrusive<zeek::SubNetVal>(IPPrefix(IPAddr(*bits), a.length()));
return zeek::make_intrusive<zeek::SubNetVal>(zeek::IPPrefix(zeek::IPAddr(*bits), a.length()));
}
return nullptr;

4
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -12,12 +12,12 @@ zeek::AddrValPtr binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<u
{
if ( a->size() == 1 )
{
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
return zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv4, &(a->at(0)), zeek::IPAddr::Host));
}
else if ( a->size() == 4 )
{
uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) };
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, tmp, IPAddr::Host));
return zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(IPv6, tmp, zeek::IPAddr::Host));
}
else
{

1
src/file_analysis/analyzer/x509/X509Common.h
View file

@ -14,6 +14,7 @@ class EventHandlerPtr;
class Reporter;
ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
using StringValPtr = zeek::IntrusivePtr<StringVal>;

12
src/input/Manager.cc
View file

@ -2227,14 +2227,14 @@ zeek::Val* Manager::ValueToVal(const Stream* i, const Value* val, zeek::Type* re
case zeek::TYPE_ADDR:
{
IPAddr* addr = nullptr;
zeek::IPAddr* addr = nullptr;
switch ( val->val.addr_val.family ) {
case IPv4:
addr = new IPAddr(val->val.addr_val.in.in4);
addr = new zeek::IPAddr(val->val.addr_val.in.in4);
break;
case IPv6:
addr = new IPAddr(val->val.addr_val.in.in6);
addr = new zeek::IPAddr(val->val.addr_val.in.in6);
break;
default:
@ -2248,14 +2248,14 @@ zeek::Val* Manager::ValueToVal(const Stream* i, const Value* val, zeek::Type* re
case zeek::TYPE_SUBNET:
{
IPAddr* addr = nullptr;
zeek::IPAddr* addr = nullptr;
switch ( val->val.subnet_val.prefix.family ) {
case IPv4:
addr = new IPAddr(val->val.subnet_val.prefix.in.in4);
addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in4);
break;
case IPv6:
addr = new IPAddr(val->val.subnet_val.prefix.in.in6);
addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in6);
break;
default:

10
src/iosource/Packet.cc
View file

@ -66,9 +66,9 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
ProcessLayer2();
}
const IP_Hdr Packet::IP() const
const zeek::IP_Hdr Packet::IP() const
{
return IP_Hdr((struct ip *) (data + hdr_size), false);
return zeek::IP_Hdr((struct ip *) (data + hdr_size), false);
}
void Packet::Weird(const char* name)
@ -654,13 +654,13 @@ zeek::RecordValPtr Packet::ToRawPktHdrVal() const
if ( l3_proto == L3_IPV4 )
{
IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false);
zeek::IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false);
return ip_hdr.ToPktHdrVal(std::move(pkt_hdr), 1);
}
else if ( l3_proto == L3_IPV6 )
{
IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len);
zeek::IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len);
return ip6_hdr.ToPktHdrVal(std::move(pkt_hdr), 1);
}
@ -683,7 +683,7 @@ zeek::ValPtr Packet::FmtEUI48(const u_char* mac) const
void Packet::Describe(ODesc* d) const
{
const IP_Hdr ip = IP();
const zeek::IP_Hdr ip = IP();
d->Add(ip.SrcAddr());
d->Add("->");
d->Add(ip.DstAddr());

6
src/iosource/Packet.h
View file

@ -24,7 +24,7 @@ using RecordValPtr = zeek::IntrusivePtr<zeek::RecordVal>;
}
class ODesc;
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
/**
* The Layer 3 type of a packet, as determined by the parsing code in Packet.
@ -130,11 +130,11 @@ public:
* Interprets the Layer 3 of the packet as IP and returns a
* correspondign object.
*/
const IP_Hdr IP() const;
const zeek::IP_Hdr IP() const;
/**
* Returns a \c raw_pkt_hdr RecordVal, which includes layer 2 and
* also everything in IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP).
* also everything in zeek::IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP).
*/
zeek::RecordValPtr ToRawPktHdrVal() const;

14
src/net_util.cc
View file

@ -35,7 +35,7 @@ int ones_complement_checksum(const void* p, int b, uint32_t sum)
return sum;
}
int ones_complement_checksum(const IPAddr& a, uint32_t sum)
int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum)
{
const uint32_t* bytes;
int len = a.GetBytes(&bytes);
@ -58,7 +58,7 @@ int icmp_checksum(const struct icmp* icmpp, int len)
}
#ifdef ENABLE_MOBILE_IPV6
int mobility_header_checksum(const IP_Hdr* ip)
int mobility_header_checksum(const zeek::IP_Hdr* ip)
{
const ip6_mobility* mh = ip->MobilityHeader();
@ -83,7 +83,7 @@ int mobility_header_checksum(const IP_Hdr* ip)
}
#endif
int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len)
int icmp6_checksum(const struct icmp* icmpp, const zeek::IP_Hdr* ip, int len)
{
// ICMP6 uses the same checksum function as ICMP4 but a different
// pseudo-header over which it is computed.
@ -131,8 +131,8 @@ char addr_to_class(uint32_t addr)
return 'A';
}
const char* fmt_conn_id(const IPAddr& src_addr, uint32_t src_port,
const IPAddr& dst_addr, uint32_t dst_port)
const char* fmt_conn_id(const zeek::IPAddr& src_addr, uint32_t src_port,
const zeek::IPAddr& dst_addr, uint32_t dst_port)
{
static char buffer[512];
@ -146,8 +146,8 @@ const char* fmt_conn_id(const IPAddr& src_addr, uint32_t src_port,
const char* fmt_conn_id(const uint32_t* src_addr, uint32_t src_port,
const uint32_t* dst_addr, uint32_t dst_port)
{
IPAddr src(IPv6, src_addr, IPAddr::Network);
IPAddr dst(IPv6, dst_addr, IPAddr::Network);
zeek::IPAddr src(IPv6, src_addr, zeek::IPAddr::Network);
zeek::IPAddr dst(IPv6, dst_addr, zeek::IPAddr::Network);
return fmt_conn_id(src, src_port, dst, dst_port);
}

14
src/net_util.h
View file

@ -132,26 +132,26 @@ inline int32_t seq_delta(uint32_t a, uint32_t b)
return a - b;
}
class IPAddr;
class IP_Hdr;
ZEEK_FORWARD_DECLARE_NAMESPACED(IPAddr, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek);
// Returns the ones-complement checksum of a chunk of b short-aligned bytes.
extern int ones_complement_checksum(const void* p, int b, uint32_t sum);
extern int ones_complement_checksum(const IPAddr& a, uint32_t sum);
extern int ones_complement_checksum(const zeek::IPAddr& a, uint32_t sum);
extern int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len);
extern int icmp6_checksum(const struct icmp* icmpp, const zeek::IP_Hdr* ip, int len);
extern int icmp_checksum(const struct icmp* icmpp, int len);
#ifdef ENABLE_MOBILE_IPV6
extern int mobility_header_checksum(const IP_Hdr* ip);
extern int mobility_header_checksum(const zeek::IP_Hdr* ip);
#endif
// Returns 'A', 'B', 'C' or 'D'
extern char addr_to_class(uint32_t addr);
extern const char* fmt_conn_id(const IPAddr& src_addr, uint32_t src_port,
const IPAddr& dst_addr, uint32_t dst_port);
extern const char* fmt_conn_id(const zeek::IPAddr& src_addr, uint32_t src_port,
const zeek::IPAddr& dst_addr, uint32_t dst_port);
extern const char* fmt_conn_id(const uint32_t* src_addr, uint32_t src_port,
const uint32_t* dst_addr, uint32_t dst_port);

10
src/rule-parse.y
View file

@ -81,8 +81,8 @@ static uint8_t ip4_mask_to_len(uint32_t mask)
Rule* rule;
RuleHdrTest* hdr_test;
maskedvalue_list* vallist;
std::vector<IPPrefix>* prefix_val_list;
IPPrefix* prefixval;
std::vector<zeek::IPPrefix>* prefix_val_list;
zeek::IPPrefix* prefixval;
bool bl;
int val;
@ -318,12 +318,12 @@ prefix_value_list:
}
| prefix_value
{
$$ = new std::vector<IPPrefix>();
$$ = new std::vector<zeek::IPPrefix>();
$$->push_back(*($1));
}
| TOK_IDENT
{
$$ = new std::vector<IPPrefix>();
$$ = new std::vector<zeek::IPPrefix>();
id_to_maskedvallist($1, 0, $$);
}
;
@ -331,7 +331,7 @@ prefix_value_list:
prefix_value:
TOK_IP
{
$$ = new IPPrefix(IPAddr(IPv4, &($1.val), IPAddr::Host),
$$ = new zeek::IPPrefix(zeek::IPAddr(IPv4, &($1.val), zeek::IPAddr::Host),
ip4_mask_to_len($1.mask));
}
| TOK_IP6

4
src/rule-scan.l
View file

@ -42,14 +42,14 @@ PID {PIDCOMPONENT}(::{PIDCOMPONENT})*
}
{IP6} {
rules_lval.prefixval = new IPPrefix(IPAddr(extract_ip(yytext)), 128, true);
rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(extract_ip(yytext)), 128, true);
return TOK_IP6;
}
{IP6}{OWS}"/"{OWS}{D} {
int len = 0;
std::string ip = extract_ip_and_len(yytext, &len);
rules_lval.prefixval = new IPPrefix(IPAddr(ip), len, true);
rules_lval.prefixval = new zeek::IPPrefix(zeek::IPAddr(ip), len, true);
return TOK_IP6;
}

4
src/scan.l
View file

@ -181,7 +181,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+))
{IP6}{OWS}"/"{OWS}{D} {
int len = 0;
std::string ip = extract_ip_and_len(yytext, &len);
RET_CONST(new zeek::SubNetVal(IPPrefix(IPAddr(ip), len, true)))
RET_CONST(new zeek::SubNetVal(zeek::IPPrefix(zeek::IPAddr(ip), len, true)))
}
/* IPv4 literal constant patterns */
@ -190,7 +190,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+))
({D}"."){3}{D}{OWS}"/"{OWS}{D} {
int len = 0;
std::string ip = extract_ip_and_len(yytext, &len);
RET_CONST(new zeek::SubNetVal(IPPrefix(IPAddr(ip), len)))
RET_CONST(new zeek::SubNetVal(zeek::IPPrefix(zeek::IPAddr(ip), len)))
}
[!%*/+\-,:;<=>?()\[\]{}~$|&^] return yytext[0];

12
src/threading/SerialTypes.cc
View file

@ -475,14 +475,14 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool&
case zeek::TYPE_ADDR:
{
IPAddr* addr = nullptr;
zeek::IPAddr* addr = nullptr;
switch ( val->val.addr_val.family ) {
case IPv4:
addr = new IPAddr(val->val.addr_val.in.in4);
addr = new zeek::IPAddr(val->val.addr_val.in.in4);
break;
case IPv6:
addr = new IPAddr(val->val.addr_val.in.in6);
addr = new zeek::IPAddr(val->val.addr_val.in.in6);
break;
default:
@ -496,14 +496,14 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool&
case zeek::TYPE_SUBNET:
{
IPAddr* addr = nullptr;
zeek::IPAddr* addr = nullptr;
switch ( val->val.subnet_val.prefix.family ) {
case IPv4:
addr = new IPAddr(val->val.subnet_val.prefix.in.in4);
addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in4);
break;
case IPv6:
addr = new IPAddr(val->val.subnet_val.prefix.in.in6);
addr = new zeek::IPAddr(val->val.subnet_val.prefix.in.in6);
break;
default:

2
src/threading/SerialTypes.h
View file

@ -210,7 +210,7 @@ struct Value {
static zeek::Val* ValueToVal(const std::string& source, const threading::Value* val, bool& have_error);
private:
friend class ::IPAddr;
friend class IPAddr;
Value(const Value& other) = delete;
};

36
src/zeek.bif
View file

@ -2046,7 +2046,7 @@ function is_local_interface%(ip: addr%) : bool
if ( ip->AsAddr().IsLoopback() )
return zeek::val_mgr->True();
list<IPAddr> addrs;
list<zeek::IPAddr> addrs;
char host[MAXHOSTNAMELEN];
@ -2059,8 +2059,8 @@ function is_local_interface%(ip: addr%) : bool
if ( ent )
{
for ( unsigned int len = 0; ent->h_addr_list[len]; ++len )
addrs.push_back(IPAddr(IPv4, (uint32_t*)ent->h_addr_list[len],
IPAddr::Network));
addrs.push_back(zeek::IPAddr(IPv4, (uint32_t*)ent->h_addr_list[len],
zeek::IPAddr::Network));
}
ent = gethostbyname2(host, AF_INET6);
@ -2068,11 +2068,11 @@ function is_local_interface%(ip: addr%) : bool
if ( ent )
{
for ( unsigned int len = 0; ent->h_addr_list[len]; ++len )
addrs.push_back(IPAddr(IPv6, (uint32_t*)ent->h_addr_list[len],
IPAddr::Network));
addrs.push_back(zeek::IPAddr(IPv6, (uint32_t*)ent->h_addr_list[len],
zeek::IPAddr::Network));
}
list<IPAddr>::const_iterator it;
list<zeek::IPAddr>::const_iterator it;
for ( it = addrs.begin(); it != addrs.end(); ++it )
{
if ( *it == ip->AsAddr() )
@ -2241,7 +2241,7 @@ function routing0_data_to_addrs%(s: string%): addr_vec
while ( len > 0 )
{
IPAddr a(IPv6, (const uint32_t*) bytes, IPAddr::Network);
zeek::IPAddr a(IPv6, (const uint32_t*) bytes, zeek::IPAddr::Network);
rval->Assign(rval->Size(), zeek::make_intrusive<zeek::AddrVal>(a));
bytes += 16;
len -= 16;
@ -2484,11 +2484,11 @@ function to_addr%(ip: string%): addr
zeek::ValPtr ret;
in6_addr tmp;
if ( IPAddr::ConvertString(s, &tmp) )
ret = zeek::make_intrusive<zeek::AddrVal>(IPAddr(tmp));
if ( zeek::IPAddr::ConvertString(s, &tmp) )
ret = zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr(tmp));
else
{
ret = zeek::make_intrusive<zeek::AddrVal>(IPAddr());
ret = zeek::make_intrusive<zeek::AddrVal>(zeek::IPAddr());
zeek::emit_builtin_error("failed converting string to IP address", ip);
}
@ -2504,7 +2504,7 @@ function to_addr%(ip: string%): addr
function is_valid_ip%(ip: string%): bool
%{
char* s = ip->AsString()->Render();
auto rval = IPAddr::IsValid(s);
auto rval = zeek::IPAddr::IsValid(s);
delete [] s;
return zeek::val_mgr->Bool(rval);
%}
@ -3206,9 +3206,9 @@ function mask_addr%(a: addr, top_bits_to_keep: count%): subnet
## .. zeek:see:: mask_addr
function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr
%{
IPAddr addr1(a1->AsAddr());
zeek::IPAddr addr1(a1->AsAddr());
addr1.Mask(top_bits_from_a1);
IPAddr addr2(a2->AsAddr());
zeek::IPAddr addr2(a2->AsAddr());
addr2.ReverseMask(top_bits_from_a1);
return zeek::make_intrusive<zeek::AddrVal>(addr1|addr2);
%}
@ -3375,9 +3375,9 @@ const char* conn_id_string(zeek::Val* c)
const auto& id = (*(c->AsRecord()))[0];
auto vl = id->AsRecord();
const IPAddr& orig_h = (*vl)[0]->AsAddr();
const zeek::IPAddr& orig_h = (*vl)[0]->AsAddr();
uint32_t orig_p = (*vl)[1]->AsPortVal()->Port();
const IPAddr& resp_h = (*vl)[2]->AsAddr();
const zeek::IPAddr& resp_h = (*vl)[2]->AsAddr();
uint32_t resp_p = (*vl)[3]->AsPortVal()->Port();
return fmt("%s/%u -> %s/%u\n", orig_h.AsString().c_str(), orig_p,
@ -3859,7 +3859,7 @@ static void mmdb_check_asn()
}
}
static bool mmdb_lookup(const IPAddr& addr, MMDB_lookup_result_s& result,
static bool mmdb_lookup(const zeek::IPAddr& addr, MMDB_lookup_result_s& result,
bool asn)
{
struct sockaddr_storage ss = {0};
@ -3893,12 +3893,12 @@ static bool mmdb_lookup(const IPAddr& addr, MMDB_lookup_result_s& result,
return result.found_entry;
}
static bool mmdb_lookup_loc(const IPAddr& addr, MMDB_lookup_result_s& result)
static bool mmdb_lookup_loc(const zeek::IPAddr& addr, MMDB_lookup_result_s& result)
{
return mmdb_lookup(addr, result, false);
}
static bool mmdb_lookup_asn(const IPAddr& addr, MMDB_lookup_result_s& result)
static bool mmdb_lookup_asn(const zeek::IPAddr& addr, MMDB_lookup_result_s& result)
{
return mmdb_lookup(addr, result, true);
}