Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'jsoref/spelling-src'

Browse source 
* jsoref/spelling-src:
  Spelling src
This commit is contained in:
Tim Wojtulewicz 2022-11-11 12:48:20 -07:00
commit 2739275b88
190 changed files with 439 additions and 433 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGES
View file

@ -1,3 +1,9 @@
5.2.0-dev.234 | 2022-11-11 12:48:20 -0700
* Spelling src (Josh Soref)
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
5.2.0-dev.232 | 2022-11-09 18:23:11 -0700
* Script optimization maintenance and updates: (Vern Paxson, Corelight)

2
VERSION
View file

@ -1 +1 @@
5.2.0-dev.232
5.2.0-dev.234

2
src/Anon.cc
View file

@ -171,7 +171,7 @@ bool AnonymizeIPAddr_A50::PreservePrefix(ipaddr32_t input, int num_bits)
if ( ! before_anonymization )
{
reporter->Error("prefix perservation specified after anonymization begun");
reporter->Error("prefix preservation specified after anonymization begun");
return false;
}

4
src/Attr.cc
View file

@ -514,7 +514,7 @@ void Attributes::CheckAttr(Attr* a)
}
// Only support atomic types for the moment, unless
// explicitly overriden
// explicitly overridden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )
@ -549,7 +549,7 @@ void Attributes::CheckAttr(Attr* a)
}
// Only support atomic types for the moment, unless
// explicitly overriden
// explicitly overridden
if ( ! type->AsTableType()->IsSet() &&
! input::Manager::IsCompatibleType(type->AsTableType()->Yield().get(), true) &&
! Find(ATTR_BROKER_STORE_ALLOW_COMPLEX) )

2
src/CompHash.h
View file

@ -45,7 +45,7 @@ protected:
// Compute the size of the composite key. If v is non-nil then
// the value is computed for the particular list of values.
// Returns 0 if the key has an indeterminant size (if v not given),
// Returns 0 if the key has an indeterminate size (if v not given),
// or if v doesn't match the index type (if given).
bool ReserveKeySize(HashKey& hk, const Val* v, bool type_check, bool calc_static_size) const;

2
src/Conn.cc
View file

@ -400,7 +400,7 @@ void Connection::Describe(ODesc* d) const
case TRANSPORT_UNKNOWN:
d->Add("unknown");
reporter->InternalWarning("unknown transport in Connction::Describe()");
reporter->InternalWarning("unknown transport in Connection::Describe()");
break;

4
src/DNS_Mgr.cc
View file

@ -350,7 +350,7 @@ static int get_ttl(unsigned char* abuf, int alen, int* ttl)
/**
* Called in response to ares_getaddrinfo requests. Builds a hostent structure from
* the result data and sends it to the DNS manager via Addresult().
* the result data and sends it to the DNS manager via AddResult().
*/
static void addrinfo_cb(void* arg, int status, int timeouts, struct ares_addrinfo* result)
{
@ -536,7 +536,7 @@ static void query_cb(void* arg, int status, int timeouts, unsigned char* buf, in
}
/**
* Called when the c-ares socket changes state, whcih indicates that it's connected to
* Called when the c-ares socket changes state, which indicates that it's connected to
* some source of data (either a host file or a DNS server). This indicates that we're
* able to do lookups against c-ares now and should activate the IOSource.
*/

2
src/DebugCmdInfoConstants.in
View file

@ -25,7 +25,7 @@ cmd: dcStep
names: step s
resume: true
repeatable: true
help: Step to following statements, stepping in to function calls
help: Step to following statements, stepping into function calls
cmd: dcContinue
names: continue c

4
src/DebugLogger.h
View file

@ -46,7 +46,7 @@ enum DebugStream
DBG_ANALYZER, // Analyzer framework
DBG_PACKET_ANALYSIS, // Packet analysis
DBG_FILE_ANALYSIS, // File analysis
DBG_TM, // Time-machine packet input via Brocolli
DBG_TM, // Time-machine packet input via Broccoli
DBG_LOGGING, // Logging streams
DBG_INPUT, // Input streams
DBG_THREADING, // Threading system
@ -83,7 +83,7 @@ public:
void EnableStream(DebugStream stream) { streams[int(stream)].enabled = true; }
void DisableStream(DebugStream stream) { streams[int(stream)].enabled = false; }
// Takes comma-seperated list of stream prefixes.
// Takes comma-separated list of stream prefixes.
void EnableStreams(const char* streams);
// Check the enabled streams for invalid ones.

2
src/Desc.cc
View file

@ -363,7 +363,7 @@ void ODesc::AddBytesRaw(const void* bytes, unsigned int n)
// The following casting contortions are necessary because
// simply using &base[offset] generates complaints about
// using a void* for pointer arithemtic.
// using a void* for pointer arithmetic.
memcpy((void*)&((char*)base)[offset], bytes, n);
offset += n;

8
src/Dict.h
View file

@ -540,7 +540,7 @@ public:
{
if ( initial_size > 0 )
{
// If an initial size is speicified, init the table right away. Otherwise wait until the
// If an initial size is specified, init the table right away. Otherwise wait until the
// first insertion to init.
SetLog2Buckets(static_cast<uint16_t>(std::log2(initial_size)));
Init();
@ -660,7 +660,7 @@ public:
if ( order )
order->emplace_back(detail::HashKey{key, static_cast<size_t>(key_size), hash});
// Allocate memory for key if necesary. Key is updated to reflect internal key if
// Allocate memory for key if necessary. Key is updated to reflect internal key if
// necessary.
detail::DictEntry<T> entry(key, key_size, hash, val, insert_distance, copy_key);
InsertRelocateAndAdjust(entry, insert_position);
@ -1270,7 +1270,7 @@ private:
// not found
#ifdef ZEEK_DICT_DEBUG
if ( linear_position >= 0 )
{ // different. stop and try to see whats happending.
{ // different. stop and try to see whats happening.
ASSERT(false);
// rerun the function in debugger to track down the bug.
LookupIndex(key, key_size, hash);
@ -1674,7 +1674,7 @@ private:
void IncrIters() { ++num_iterators; }
void DecrIters() { --num_iterators; }
// alligned on 8-bytes with 4-leading bytes. 7*8=56 bytes a dictionary.
// aligned on 8-bytes with 4-leading bytes. 7*8=56 bytes a dictionary.
// when sizeup but the current mapping is in progress. the current mapping will be ignored
// as it will be remapped to new dict size anyway. however, the missed count is recorded

2
src/Event.cc
View file

@ -139,7 +139,7 @@ void EventMgr::Drain()
// a handler queued new events during its execution. This could lead
// to endless loops in case a handler kept triggering its own event.
// We now limit this to just a couple of rounds. We do more than
// just one round to make it less likley to break existing scripts
// just one round to make it less likely to break existing scripts
// that expect the old behavior to trigger something quickly.
for ( int round = 0; head && round < 2; round++ )

2
src/EventRegistry.cc
View file

@ -172,7 +172,7 @@ EventGroup::~EventGroup() noexcept { }
// Run through all ScriptFunc instances associated with this group and
// update their bodies after a group's enable/disable state has changed.
//
// EventGroup is private friend with Func, so fiddeling with the bodies
// EventGroup is private friend with Func, so fiddling with the bodies
// directly works and keeps the logic away from Func for now.
void EventGroup::UpdateFuncBodies()
{

2
src/EventRegistry.h
View file

@ -125,7 +125,7 @@ private:
* Different kinds of event groups exist. Currently, attribute and module
* event groups are implemented. The first relates to event handler tagged
* with the &group attribute. The second is based on grouping event and hook
* handlers by the module in which and these are implmented.
* handlers by the module in which and these are implemented.
*
* Different kinds of are separate: Disabling the "HTTP" module event group does
* not disable event handlers tagged with &group="HTTP", or vice versa.

4
src/EventTrace.cc
View file

@ -462,7 +462,7 @@ void ValTrace::ComputeTableDelta(const ValTrace* prev, DeltaVector& deltas) cons
// We can't compare pointers for the indices because they're
// new objects generated afresh by TableVal::ToMap. So we do
// explict full comparisons for equality, distinguishing values
// explicit full comparisons for equality, distinguishing values
// newly added, common to both, or (implicitly) removed. We'll
// then go through the common to check them further.
//
@ -561,7 +561,7 @@ void ValTrace::ComputeVectorDelta(const ValTrace* prev, DeltaVector& deltas) con
return;
}
// Look for existing entries that need reassigment.
// Look for existing entries that need reassignment.
auto i = 0U;
for ( ; i < prev_n; ++i )
{

2
src/Expr.cc
View file

@ -1143,7 +1143,7 @@ ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
case EXPR_GE:
case EXPR_GT:
// These should't happen due to canonicalization.
// These shouldn't happen due to canonicalization.
reporter->InternalError("confusion over canonicalization in set comparison");
break;

2
src/Expr.h
View file

@ -955,7 +955,7 @@ public:
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
// Reduce to simplifed LHS form, i.e., a reference to only a name.
// Reduce to simplified LHS form, i.e., a reference to only a name.
StmtPtr ReduceToLHS(Reducer* c);
};

2
src/File.h
View file

@ -44,7 +44,7 @@ public:
const char* Name() const;
// Returns false if an error occured.
// Returns false if an error occurred.
bool Write(const char* data, int len = 0);
void Flush() { fflush(f); }

4
src/Frame.h
View file

@ -86,7 +86,7 @@ public:
* Gets the value associated with *id* and returns it. Returns
* nullptr if no such element exists.
*
* @param id the id who's value to retreive
* @param id the id who's value to retrieve
* @return the value associated with *id*
*/
const ValPtr& GetElementByID(const IDPtr& id) const { return GetElementByID(id.get()); }
@ -248,7 +248,7 @@ private:
/** The arguments to the function that this Frame is associated with. */
const zeek::Args* func_args;
/** The next statement to be evaluted in the context of this frame. */
/** The next statement to be evaluated in the context of this frame. */
Stmt* next_stmt;
trigger::TriggerPtr trigger;

2
src/Hash.cc
View file

@ -592,7 +592,7 @@ bool HashKey::Equal(const void* other_key, size_t other_size, hash_t other_hash)
return true;
// If either key is nullptr, return false. If they were both nullptr, it
// would have fallen in to the above block already.
// would have fallen into the above block already.
if ( key == nullptr || other_key == nullptr )
return false;

2
src/Hash.h
View file

@ -360,7 +360,7 @@ public:
protected:
char* CopyKey(const char* key, size_t size) const;
// Payload setters for types stored directoly in the key_u union. These
// Payload setters for types stored directly in the key_u union. These
// adjust the size and write_size markers to indicate a full buffer, and
// use the key_u union for storage.
void Set(bool b);

8
src/Notifier.h
View file

@ -49,7 +49,7 @@ public:
* @param m object to track. Does not take ownership, but the object
* will automatically unregister itself on destruction.
*
* @param r receiver to notify on changes. Does not take ownershop,
* @param r receiver to notify on changes. Does not take ownership,
* the receiver must remain valid as long as the registration stays
* in place.
*/
@ -60,7 +60,7 @@ public:
* modification. The arguments to the method must match what was
* originally registered.
*
* @param m object to no loger track.
* @param m object to no longer track.
*
* @param r receiver to no longer notify.
*/
@ -68,9 +68,9 @@ public:
/**
* Cancels any active receiver requests to be informed about a
* partilar object's modifications.
* particular object's modifications.
*
* @param m object to no loger track.
* @param m object to no longer track.
*/
void Unregister(Modifiable* m);

4
src/OpaqueVal.h
View file

@ -42,7 +42,7 @@ using BloomFilterValPtr = IntrusivePtr<BloomFilterVal>;
/**
* Singleton that registers all available all available types of opaque
* values. This faciliates their serialization into Broker values.
* values. This facilitates their serialization into Broker values.
*/
class OpaqueMgr
{
@ -146,7 +146,7 @@ protected:
virtual broker::expected<broker::data> DoSerialize() const = 0;
/**
* Must be overridden to recreate the the derived class' state from a
* Must be overridden to recreate the derived class' state from a
* serialization.
*
* @return true if successful.

2
src/Pipe.h
View file

@ -66,7 +66,7 @@ private:
};
/**
* A pair of pipes that can be used for bi-directinoal IPC.
* A pair of pipes that can be used for bi-directional IPC.
*/
class PipePair
{

6
src/RE.h
View file

@ -99,9 +99,9 @@ public:
bool MatchAll(const char* s);
bool MatchAll(const String* s);
// Compiles a set of regular expressions simultaniously.
// 'idx' contains indizes associated with the expressions.
// On matching, the set of indizes is returned which correspond
// Compiles a set of regular expressions simultaneously.
// 'idx' contains indices associated with the expressions.
// On matching, the set of indices is returned which correspond
// to the matching expressions. (idx must not contain zeros).
bool CompileSet(const string_list& set, const int_list& idx);

4
src/Reporter.h
View file

@ -77,7 +77,7 @@ public:
Reporter(bool abort_on_scripting_errors);
~Reporter();
// Initialize reporter-sepcific options that are defined in script-layer.
// Initialize reporter-specific options that are defined in script-layer.
void InitOptions();
// Report an informational message, nothing that needs specific
@ -117,7 +117,7 @@ public:
[[noreturn]] void CPPRuntimeError(const char* fmt, ...) __attribute__((format(printf, 2, 3)));
// Report a traffic weirdness, i.e., an unexpected protocol situation
// that may lead to incorrectly processing a connnection.
// that may lead to incorrectly processing a connection.
void Weird(const char* name, const char* addl = "",
const char* source = ""); // Raises net_weird().
void Weird(file_analysis::File* f, const char* name, const char* addl = "",

2
src/RuleCondition.cc
View file

@ -13,7 +13,7 @@
static inline bool is_established(const zeek::analyzer::tcp::TCP_Endpoint* e)
{
// We more or less follow Snort here: an established session
// is one for which the initial handshake has succeded (but we
// is one for which the initial handshake has succeeded (but we
// add partial connections). The connection tear-down is part
// of the connection.
return e->state != zeek::analyzer::tcp::TCP_ENDPOINT_INACTIVE &&

2
src/RuleMatcher.cc
View file

@ -406,7 +406,7 @@ void RuleMatcher::BuildRulesTree()
void RuleMatcher::InsertRuleIntoTree(Rule* r, int testnr, RuleHdrTest* dest, int level)
{
// Initiliaze the preconditions
// Initialize the preconditions
for ( const auto& pc : r->preconds )
{
auto entry = rules_by_id.find(pc->id);

8
src/RuleMatcher.h
View file

@ -263,7 +263,7 @@ public:
bool ReadFiles(const std::vector<SignatureFile>& files);
/**
* Inititialize a state object for matching file magic signatures.
* Initialize a state object for matching file magic signatures.
* @return A state object that can be used for file magic mime type
* identification.
*/
@ -282,7 +282,7 @@ public:
* RuleMatcher::InitFileMagic()
* @param data Chunk of data to match signatures against.
* @param len Length of \a data in bytes.
* @param matches An optional pre-existing match result object to
* @param matches An optional preexisting match result object to
* modify with additional matches. If it's a null
* pointer, one will be instantiated and returned from
* this method.
@ -297,7 +297,7 @@ public:
*/
void ClearFileMagicState(RuleFileMagicState* state) const;
// Initialize the matching state for a endpoind of a connection based on
// Initialize the matching state for a endpoint of a connection based on
// the given packet (which should be the first packet encountered for
// this endpoint). If the matching is triggered by an PIA, a pointer to
// it needs to be given.
@ -361,7 +361,7 @@ private:
// Traverse tree building the combined regular expressions.
void BuildRegEx(RuleHdrTest* hdr_test, string_list* exprs, int_list* ids);
// Build groups of regular epxressions.
// Build groups of regular expressions.
void BuildPatternSets(RuleHdrTest::pattern_set_list* dst, const string_list& exprs,
const int_list& ids);

2
src/ScriptCoverageManager.h
View file

@ -54,7 +54,7 @@ private:
std::list<Stmt*> stmts;
/**
* Indicates whether new statments will not be considered as part of
* Indicates whether new statements will not be considered as part of
* coverage statistics because it was marked with the @no-test tag.
*/
uint32_t ignoring;

4
src/ScriptProfile.h
View file

@ -85,7 +85,7 @@ private:
uint64_t memory = 0;
};
// Manages all of the profile instances assocaited with a given script.
// Manages all of the profile instances associated with a given script.
class ScriptProfile : public ScriptProfileStats
{
@ -102,7 +102,7 @@ public:
loc = *body->GetLocationInfo();
}
// Constructor used for the special case of non-script acocunting.
// Constructor used for the special case of non-script accounting.
ScriptProfile() : ScriptProfileStats("non-scripts")
{
func = nullptr;

2
src/SmithWaterman.cc
View file

@ -486,7 +486,7 @@ Substring::Vec* smith_waterman(const String* s1, const String* s2, SWParams& par
if ( current->swn_score == score_tl && current->swn_byte_assigned )
{
// If we had matched bytes (*and* it's the
// best neighbor), marke the node accordingly
// best neighbor), mark the node accordingly
//
if ( i >= br_max_b && j >= br_max_r )
{

2
src/Stmt.cc
View file

@ -1964,7 +1964,7 @@ void WhenInfo::Build(StmtPtr ws)
// in that the condition needs to return a boolean, whereas the body
// and timeout *might* return a value (for "return when") constructs,
// or might not (for vanilla "when"). We address that issue by
// (1) making the return type be "any", and (2) introducing elsehwere
// (1) making the return type be "any", and (2) introducing elsewhere
// the notion of functions marked as being allowed to have bare
// returns (no associated expression) even though they have a return
// type (to deal with the vanilla "when" case).

2
src/Trigger.h
View file

@ -101,7 +101,7 @@ public:
// later to avoid race conditions.
void Modified(zeek::notifier::detail::Modifiable* m) override;
// Overridden from notifer::Receiver. If we're still waiting
// Overridden from notifier::Receiver. If we're still waiting
// on an ID/Val to be modified at termination time, we can't hope
// for any further progress to be made, so just Unref ourselves.
void Terminate() override;

2
src/Type.cc
View file

@ -1904,7 +1904,7 @@ const TypePtr& VectorType::Yield() const
// Work around the fact that we use void internally to mark a vector
// as being unspecified. When looking at its yield type, we need to
// return any as that's what other code historically expects for type
// comparisions.
// comparisons.
if ( IsUnspecifiedVector() )
return zeek::base_type(TYPE_ANY);

8
src/Type.h
View file

@ -450,7 +450,7 @@ public:
std::string deprecation_msg;
RecordTypePtr args;
// Maps from parameter index in canonical prototype to
// parameter index in this alternate prorotype.
// parameter index in this alternate prototype.
std::map<int, int> offsets;
};
@ -787,7 +787,7 @@ public:
// The value of this name is set to val. Once a value has been
// explicitly assigned using this method, no further names can be
// added that aren't likewise explicitly initalized.
// added that aren't likewise explicitly initialized.
void AddName(const std::string& module_name, const char* name, zeek_int_t val, bool is_export,
detail::Expr* deprecation = nullptr, bool from_redef = false);
@ -990,13 +990,13 @@ inline bool IsFunc(TypeTag t)
return (t == TYPE_FUNC);
}
// True if the given type type is a vector.
// True if the given type tag is a vector.
inline bool IsVector(TypeTag t)
{
return (t == TYPE_VECTOR);
}
// True if the given type type is a string.
// True if the given type tag is a string.
inline bool IsString(TypeTag t)
{
return (t == TYPE_STRING);

2
src/Val.cc
View file

@ -3005,7 +3005,7 @@ ValPtr RecordVal::DoClone(CloneState* state)
// We set origin to 0 here. Origin only seems to be used for exactly one
// purpose - to find the connection record that is associated with a
// record. As we cannot guarantee that it will ber zeroed out at the
// approproate time (as it seems to be guaranteed for the original record)
// appropriate time (as it seems to be guaranteed for the original record)
// we don't touch it.
auto rv = make_intrusive<RecordVal>(rt, false);
rv->origin = nullptr;

14
src/Val.h
View file

@ -139,7 +139,7 @@ public:
}
// Add this value to the given value (if appropriate).
// Returns true if succcessful. is_first_init is true only if
// Returns true if successful. is_first_init is true only if
// this is the *first* initialization of the value, not
// if it's a subsequent += initialization.
virtual bool AddTo(Val* v, bool is_first_init) const;
@ -846,7 +846,7 @@ public:
* @return The value associated with the index. If the index doesn't
* exist, this is a nullptr. For sets that don't really contain associated
* values, a placeholder value is returned to differentiate it from
* non-existent index (nullptr), but otherwise has no meaning in relation
* nonexistent index (nullptr), but otherwise has no meaning in relation
* to the set's contents.
*/
const ValPtr& Find(const ValPtr& index);
@ -857,7 +857,7 @@ public:
* @param index The index to lookup in the table.
* @return The value associated with the index. If the index doesn't
* exist, instead returns the &default value. If there's no &default
* attribute, then nullptr is still returned for non-existent index.
* attribute, then nullptr is still returned for nonexistent index.
*/
ValPtr FindOrDefault(const ValPtr& index);
@ -899,7 +899,7 @@ public:
* may have invalidated existing iterators.
* @return The value associated with the index if it exists, else nullptr.
* For a sets that don't really contain associated values, a placeholder
* value is returned to differentiate it from non-existent index (nullptr),
* value is returned to differentiate it from nonexistent index (nullptr),
* but otherwise has no meaning in relation to the set's contents.
*/
ValPtr Remove(const Val& index, bool broker_forward = true,
@ -993,7 +993,7 @@ public:
void DisableChangeNotifications() { in_change_func = true; }
/**
* Re-enables change notifcations after being disabled by DisableChangeNotifications.
* Re-enables change notifications after being disabled by DisableChangeNotifications.
*/
void EnableChangeNotifications() { in_change_func = false; }
@ -1521,7 +1521,7 @@ public:
bool AssignRepeat(unsigned int index, unsigned int how_many, ValPtr element);
// Add this value to the given value (if appropriate).
// Returns true if succcessful.
// Returns true if successful.
bool AddTo(Val* v, bool is_first_init) const override;
unsigned int Size() const { return vector_val->size(); }
@ -1737,7 +1737,7 @@ extern ValPtr cast_value_to_type(Val* v, Type* t);
// Returns true if v can be casted to type T. If so, check_and_cast() will
// succeed as well.
//
// Note: This implements the script-level type comparision operator.
// Note: This implements the script-level type comparison operator.
extern bool can_cast_value_to_type(const Val* v, Type* t);
// Returns true if values of type s may support casting to type t. This is

2
src/ZeekString.cc
View file

@ -190,7 +190,7 @@ const char* String::CheckString() const
char* String::Render(int format, int* len) const
{
// Maxmimum character expansion is as \xHH, so a factor of 4.
// Maximum character expansion is as \xHH, so a factor of 4.
char* s = new char[n * 4 + 1]; // +1 is for final '\0'
char* sp = s;
int tmp_len;

2
src/ZeekString.h
View file

@ -46,7 +46,7 @@ public:
String(std::string_view str);
String(const String& bs);
// Constructor that takes owernship of the vector passed in.
// Constructor that takes ownership of the vector passed in.
String(bool arg_final_NUL, byte_vec str, int arg_n);
String();

2
src/analyzer/Analyzer.cc
View file

@ -601,7 +601,7 @@ void Analyzer::RemoveSupportAnalyzer(SupportAnalyzer* analyzer)
// We mark the analyzer as being removed here, which will prevent it
// from being used further. However, we don't actually delete it
// before the parent gets destroyed. While we woulc do that, it's a
// before the parent gets destroyed. While we could do that, it's a
// bit tricky to do at the right time and it doesn't seem worth the
// trouble.
analyzer->removing = true;

26
src/analyzer/Analyzer.h
View file

@ -61,7 +61,7 @@ using ID = uint32_t;
using analyzer_timer_func = void (Analyzer::*)(double t);
/**
* Class to receive processed output from an anlyzer.
* Class to receive processed output from an analyzer.
*/
class OutputHandler
{
@ -101,7 +101,7 @@ public:
* SupportAnalyzer. All analyzer input first passes through this list of
* support analyzers, which can perform arbitrary preprocessing.
*
* When overiding any of the class' methods, always make sure to call the
* When overriding any of the class' methods, always make sure to call the
* base-class version first.
*/
class Analyzer
@ -293,7 +293,7 @@ public:
/**
* Returns the analyzer instance's internal ID. These IDs are unique
* across all analyzer instantiated and can thus be used to indentify
* across all analyzer instantiated and can thus be used to identify
* a specific instance.
*/
ID GetID() const { return id; }
@ -310,7 +310,7 @@ public:
OutputHandler* GetOutputHandler() const { return output_handler; }
/**
* Associates an OutputHandler with the connnection.
* Associates an OutputHandler with the connection.
*
* @param handler The handler.
*/
@ -330,7 +330,7 @@ public:
void SetSignature(const zeek::detail::Rule* sig) { signature = sig; }
/**
* Signals the analyzer to skip all further input processsing. The \a
* Signals the analyzer to skip all further input processing. The \a
* Next*() methods check this flag and discard the input if its set.
*
* @param do_skip If true, further processing will be skipped.
@ -373,7 +373,7 @@ public:
/**
* Returns a textual description of the analyzer's type. This is
* what's passed to the constructor and usally corresponds to the
* what's passed to the constructor and usually corresponds to the
* protocol name, e.g., "HTTP".
*/
const char* GetAnalyzerName() const;
@ -392,7 +392,7 @@ public:
* the same type already exists or is prevented, the one passed in is
* silently discarded.
*
* @param analyzer The ananlyzer to add. Takes ownership.
* @param analyzer The analyzer to add. Takes ownership.
* @return false if analyzer type was already a child or prevented, else true.
*/
bool AddChildAnalyzer(Analyzer* analyzer) { return AddChildAnalyzer(analyzer, true); }
@ -469,7 +469,7 @@ public:
* Recursively searches all (direct or indirect) childs of the
* analyzer for an analyzer of a given type.
*
* @param name The naem of the analyzer type to search (e.g.,
* @param name The name of the analyzer type to search (e.g.,
* "HTTP").
*
* @return The first analyzer of the given type found, or null if
@ -571,7 +571,7 @@ public:
* TODO: The above comment needs updating, there's no BuildConnVal()
* anymore -VP
*
* @param conn_val The connenction value being updated.
* @param conn_val The connection value being updated.
*/
virtual void UpdateConnVal(RecordVal* conn_val);
@ -617,7 +617,7 @@ protected:
friend class zeek::packet_analysis::IP::IPBasedAnalyzer;
/**
* Return a string represantation of an analyzer, containing its name
* Return a string representation of an analyzer, containing its name
* and ID.
*/
static std::string fmt_analyzer(const Analyzer* a)
@ -642,7 +642,7 @@ protected:
* @param t The absolute time when the timer will fire.
*
* @param do_expire If true, the timer will also fire when Zeek
* terminates even if \a t has not been reache yet.
* terminates even if \a t has not been reached yet.
*
* @param type The timer's type.
*/
@ -677,12 +677,12 @@ protected:
SupportAnalyzer* FirstSupportAnalyzer(bool orig);
/**
* Adds a a new child analyzer with the option whether to intialize
* Adds a a new child analyzer with the option whether to initialize
* it. This is an internal method.
*
* @param analyzer The analyzer to add. Takes ownership.
*
* @param init If true, Init() will be calle.d
* @param init If true, Init() will be called.
* @return false if analyzer type was already a child, else true.
*/
bool AddChildAnalyzer(Analyzer* analyzer, bool init);

4
src/analyzer/Component.h
View file

@ -39,7 +39,7 @@ public:
* @param factory A factory function to instantiate instances of the
* analyzer's class, which must be derived directly or indirectly
* from zeek::analyzer::Analyzer. This is typically a static \c
* Instatiate() method inside the class that just allocates and
* Instantiate() method inside the class that just allocates and
* returns a new instance.
*
* @param subtype A subtype associated with this component that
@ -104,7 +104,7 @@ public:
protected:
/**
* Overriden from plugin::Component.
* Overridden from plugin::Component.
*/
void DoDescribe(ODesc* d) const override;

2
src/analyzer/Manager.cc
View file

@ -243,7 +243,7 @@ bool Manager::RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto
else
{
// Cannot register these before PostScriptInit() has run because we
// depend on packet analyis having been set up. That also means we don't have
// depend on packet analysis having been set up. That also means we don't have
// a reliable return value, for now we just assume it's working.
pending_analyzers_for_ports.emplace(tag, proto, port);
return true;

18
src/analyzer/Manager.h
View file

@ -50,10 +50,10 @@ namespace analyzer
*
* The manager maintains a registry of all available protocol analyzers,
* including a mapping between their textual names and Tag. It
* instantantiates new analyzers on demand. For new connections, the manager
* instantiates new analyzers on demand. For new connections, the manager
* sets up their initial analyzer tree, including adding the right \c PIA,
* respecting well-known ports, and tracking any analyzers specifically
* scheduled for individidual connections.
* scheduled for individual connections.
*/
class Manager : public plugin::ComponentManager<Component>
{
@ -134,7 +134,7 @@ public:
void DisableAllAnalyzers();
/**
* Returns the tag associated with an analyer name, or the tag
* Returns the tag associated with an analyzer name, or the tag
* associated with an error if no such analyzer exists.
*
* @param name The canonical analyzer name to check.
@ -186,7 +186,7 @@ public:
bool RegisterAnalyzerForPort(const zeek::Tag& tag, TransportProto proto, uint32_t port);
/**
* Unregisters a well-known port for an anlyzers.
* Unregisters a well-known port for an analyzers.
*
* @param tag The analyzer's tag as an enum of script type \c
* Tag.
@ -200,7 +200,7 @@ public:
bool UnregisterAnalyzerForPort(EnumVal* tag, PortVal* port);
/**
* Unregisters a well-known port for an anlyzers.
* Unregisters a well-known port for an analyzers.
*
* @param tag The analyzer's tag.
*
@ -250,7 +250,7 @@ public:
* 0.0.0.0 can be used as a wildcard matching any originator.
*
* @param resp The connection's anticipated responder address (no
* wilcard).
* wildcard).
*
* @param resp_p The connection's anticipated responder port.
*
@ -272,8 +272,8 @@ public:
* @param orig The connection's anticipated originator address. 0 can
* be used as a wildcard matching any originator.
*
* @param resp The The connection's anticipated responder address (no
* wilcard).
* @param resp The connection's anticipated responder address (no
* wildcard).
*
* @param resp_p The connection's anticipated responder port.
*
@ -315,7 +315,7 @@ public:
* be used as a wildcard matching any originator.
*
* @param resp The connection's anticipated responder address (no
* wilcard).
* wildcard).
*
* @param resp_p The connection's anticipated responder port.
*

2
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -162,7 +162,7 @@ void ConnSize_Analyzer::SetDurationThreshold(double duration)
void ConnSize_Analyzer::UpdateConnVal(RecordVal* conn_val)
{
// RecordType *connection_type is decleared in NetVar.h
// RecordType *connection_type is declared in NetVar.h
RecordVal* orig_endp = conn_val->GetFieldAs<RecordVal>("orig");
RecordVal* resp_endp = conn_val->GetFieldAs<RecordVal>("resp");

10
src/analyzer/protocol/conn-size/functions.bif
View file

@ -26,7 +26,7 @@ static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
##
## threshold: Threshold in bytes.
##
## is_orig: If true, threshold is set for bytes from originator, otherwhise for bytes from responder.
## is_orig: If true, threshold is set for bytes from originator, otherwise for bytes from responder.
##
## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
## get_current_conn_bytes_threshold get_current_conn_packets_threshold
@ -42,7 +42,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
return zeek::val_mgr->True();
%}
## Sets a threshold for connection packets, overwtiting any potential old thresholds.
## Sets a threshold for connection packets, overwriting any potential old thresholds.
## Be aware that in nearly any case you will want to use the high level API
## instead (:zeek:see:`ConnThreshold::set_packets_threshold`).
##
@ -50,7 +50,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
##
## threshold: Threshold in packets.
##
## is_orig: If true, threshold is set for packets from originator, otherwhise for packets from responder.
## is_orig: If true, threshold is set for packets from originator, otherwise for packets from responder.
##
## .. zeek:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed
## get_current_conn_bytes_threshold get_current_conn_packets_threshold
@ -92,7 +92,7 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%
##
## cid: The connection id.
##
## is_orig: If true, threshold of originator, otherwhise threshold of responder.
## is_orig: If true, threshold of originator, otherwise threshold of responder.
##
## Returns: 0 if no threshold is set or the threshold in bytes
##
@ -112,7 +112,7 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
##
## cid: The connection id.
##
## is_orig: If true, threshold of originator, otherwhise threshold of responder.
## is_orig: If true, threshold of originator, otherwise threshold of responder.
##
## Returns: 0 if no threshold is set or the threshold in packets
##

6
src/analyzer/protocol/dce-rpc/events.bif
View file

@ -10,7 +10,7 @@
##
## ptype_id: Numeric representation of the procedure type of the message.
##
## ptype: Enum representation of the prodecure type of the message.
## ptype: Enum representation of the procedure type of the message.
##
## .. zeek:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response
event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count, ptype: DCE_RPC::PType%);
@ -27,7 +27,7 @@ event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count
##
## ctx_id: The context identifier of the data representation.
##
## uuid: The string interpretted uuid of the endpoint being requested.
## uuid: The string interpreted uuid of the endpoint being requested.
##
## ver_major: The major version of the endpoint being requested.
##
@ -48,7 +48,7 @@ event dce_rpc_bind%(c: connection, fid: count, ctx_id: count, uuid: string, ver_
##
## ctx_id: The context identifier of the data representation.
##
## uuid: The string interpretted uuid of the endpoint being requested.
## uuid: The string interpreted uuid of the endpoint being requested.
##
## ver_major: The major version of the endpoint being requested.
##

10
src/analyzer/protocol/dnp3/DNP3.cc
View file

@ -21,7 +21,7 @@
// Traditionally, the DNP3 Application Layer in serial links contains a
// "DNP3 Application Layer Fragment". The data that is parsed by the end
// device and then executed. As the "DNP3 Application Layer Fragment" can
// be long (>255 bytes), it may be trunkcated and carried in different
// be long (>255 bytes), it may be truncated and carried in different
// DNP3 Application Layer of more than one DNP3 packets.
//
// So we may find a long DNP3 Application Layer Fragment to be transmitted in the following
@ -44,7 +44,7 @@
// Layer used in serial link as Pseudo Link Layer, Pseudo Transport Layer and
// Pseudo Application Layer.
//
// For a long DNP3 application layer fragment, we may find it tramistted
// For a long DNP3 application layer fragment, we may find it transmitted
// over IP network in the following format:
//
// Network Packet #1 : TCP Header | DNP3 Pseudo Link Layer | DNP3 Pseudo Transport Layer | DNP3
@ -60,7 +60,7 @@
//
// 0x05 0x64 Len Ctrl Dest_LSB Dest_MSB Src_LSB Src_MSB CRC_LSB CRC_MSB
//
// Each field is a byte; LSB: least significant byte; MSB: most significatn byte.
// Each field is a byte; LSB: least significant byte; MSB: most significant byte.
//
// "Len" indicates the length of the byte stream right after this field
// (excluding CRC fields) in the current DNP3 packet.
@ -93,7 +93,7 @@
// DNP3 Packet : DNP3 Pseudo Data Link Layer : DNP3 Pseudo Transport Layer : DNP3 Pseudo
// Application Layer
// || ||
// || (length field) || (original paylad byte
// || (length field) || (original payload byte
// stream)
// \/ \/
// DNP3 Additional Header : Reassembled DNP3 Pseudo
@ -227,7 +227,7 @@ bool DNP3_Base::ProcessData(int len, const u_char* data, bool orig)
if ( res < 0 )
return false;
// Parse the the application layer data.
// Parse the application layer data.
if ( ! ParseAppLayer(endp) )
return false;

22
src/analyzer/protocol/dnp3/dnp3-objects.pac
View file

@ -207,14 +207,14 @@ type Request_Data_Object(function_code: uint8, qualifier_field: uint8, object_ty
0x2202 -> ai_dead_32: empty;
0x2203 -> ai_dead_sp: empty;
# analog ouput status g40
# analog output status g40
0x2800 -> aos_default: empty;
0x2801 -> aos_32: empty;
0x2802 -> aos_16: empty;
0x2803 -> aos_sp: empty;
0x2804 -> aos_dp: empty;
# analog ouput g41
# analog output g41
0x2901 -> ao_32: empty;
0x2902 -> ao_16: empty;
0x2903 -> ao_sp: empty;
@ -502,13 +502,13 @@ type Response_Data_Object(function_code: uint8, qualifier_field: uint8, object_t
0x2202 -> ai_dead_32: uint32;
0x2203 -> ai_dead_sp: uint32;
# analog ouput status g40
# analog output status g40
0x2801 -> aos_32: AnaOutStatus32;
0x2802 -> aos_16: AnaOutStatus16;
0x2803 -> aos_sp: AnaOutStatusSP;
0x2804 -> aos_dp: AnaOutStatusDP;
# analog ouput g41
# analog output g41
0x2901 -> ao_32: AnaOut32;
0x2902 -> ao_16: AnaOut16;
0x2903 -> ao_sp: AnaOutSP;
@ -611,7 +611,7 @@ type Response_Data_Object(function_code: uint8, qualifier_field: uint8, object_t
0x780E -> update_key_sig: UpdateKeySig(prefix.prefix_value);
0x780F -> update_key_con: UpdateKeyCon(prefix.prefix_value);
#default -> unkonwndata: Debug_Byte; # &check( T );
#default -> unknowndata: Debug_Byte; # &check( T );
default -> unmatched: Default_Wrap(object_type_field);
};
}
@ -861,7 +861,7 @@ type AnalogInput16woFlag = record {
value: int16;
} &byteorder = littleendian;
# group: 30; variation: 5; singple precision 32 bit
# group: 30; variation: 5; single precision 32 bit
type AnalogInputSPwFlag = record {
flag: uint8;
value: uint32;
@ -951,7 +951,7 @@ type AnalogInput16wTime = record {
time48: bytestring &length = 6;
} &byteorder = littleendian;
# group: 32; variation: 5; singple precision 32 bit
# group: 32; variation: 5; single precision 32 bit
type AnalogInputSPwoTime = record {
flag: uint8;
value: uint32;
@ -1144,7 +1144,7 @@ type AnaOutEveDPwTime = record {
time48: bytestring &length = 6;
} &byteorder = littleendian;
## g43 data format is exacatly same as g42 so use g42 directly
## g43 data format is exactly same as g42 so use g42 directly
# g50v1
type AbsTime = record {
@ -1353,11 +1353,11 @@ type DescEle = record {
# g86v1 is the same structure of DescEle
# g86v3 does not quite understant specification description
# g86v3 does not quite understand specification description
# g87 doest not quite understand specfication description
# g87 doest not quite understand specification description
# g88 doest not quite understand specfication description
# g88 doest not quite understand specification description
# g90v1
type App_Id(qualifier_field: uint8, object_size16: uint16) = record {

10
src/analyzer/protocol/dnp3/dnp3-protocol.pac
View file

@ -35,11 +35,11 @@ type DNP3_Request = record {
FREEZE_AT_TIME_NR -> freeze_time_nr_requests: Request_Objects(app_header.function_code)[];
COLD_RESTART -> cold_restart: empty;
WARM_RESTART -> warm_restart: empty;
INITIALIZE_DATA -> initilize_data: empty; # obsolete
INITIALIZE_APPL -> initilize_appl: Request_Objects(app_header.function_code)[];
INITIALIZE_DATA -> initialize_data: empty; # obsolete
INITIALIZE_APPL -> initialize_appl: Request_Objects(app_header.function_code)[];
START_APPL -> start_appl: Request_Objects(app_header.function_code)[];
STOP_APPL -> stop_appl: Request_Objects(app_header.function_code)[];
SAVE_CONFIG -> save_config: empty; # depracated
SAVE_CONFIG -> save_config: empty; # deprecated
ENABLE_UNSOLICITED -> enable_unsolicited: Request_Objects(app_header.function_code)[];
DISABLE_UNSOLICITED -> disable_unsolicited: Request_Objects(app_header.function_code)[];
ASSIGN_CLASS -> assign_class: Request_Objects(app_header.function_code)[];
@ -98,7 +98,7 @@ type Request_Objects(function_code: uint8) = record {
# time data interval data object g50
0x3201 -> g50v1_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
#0x3202 -> time_interval_ojbects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
#0x3202 -> time_interval_objects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
# &check( object_header.qualifier_field == 0x0f && object_header.number_of_item == 0x01);
0x3202 -> g50v2_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
0x3203 -> g50v3_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
@ -140,7 +140,7 @@ type Request_Objects(function_code: uint8) = record {
0x780E -> g120v14_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
0x780F -> g120v15_objs: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
# default -> ojbects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
# default -> objects: Request_Data_Object(function_code, object_header.qualifier_field, object_header.object_type_field )[ object_header.number_of_item];
default -> objects: empty;
};
# dump_data is always empty; I intend to use it for checking some conditions;

2
src/analyzer/protocol/dnp3/events.bif
View file

@ -226,7 +226,7 @@ event dnp3_analog_input_event_DPwoTime%(c: connection, is_orig: bool, flag: coun
event dnp3_analog_input_event_SPwTime%(c: connection, is_orig: bool, flag: count, value: count, time48: count%);
## Generated for DNP3 objects with the group number 32 and variation number 8
## analog input event double-precisiion float point with time
## analog input event double-precision float point with time
event dnp3_analog_input_event_DPwTime%(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: count%);
## Generated for DNP3 objects with the group number 33 and variation number 1

2
src/analyzer/protocol/dns/DNS.cc
View file

@ -1364,7 +1364,7 @@ bool DNS_Interpreter::ParseRR_DS(detail::DNS_MsgInfo* msg, const u_char*& data,
case detail::SHA384:
break;
case detail::reserved:
analyzer->Weird("DNSSEC_DS_ResrevedDigestType", util::fmt("%d", ds_dtype));
analyzer->Weird("DNSSEC_DS_ReservedDigestType", util::fmt("%d", ds_dtype));
break;
default:
analyzer->Weird("DNSSEC_DS_unknown_DigestType", util::fmt("%d", ds_dtype));

6
src/analyzer/protocol/dns/DNS.h
View file

@ -235,7 +235,7 @@ struct DNSKEY_DATA
unsigned short dflags; // 16 : ExtractShort(data, len)
unsigned short dalgorithm; // 8
unsigned short dprotocol; // 8
String* public_key; // Variable lenght Public Key
String* public_key; // Variable length Public Key
};
struct NSEC3_DATA
@ -264,7 +264,7 @@ struct DS_DATA
unsigned short key_tag; // 16 : ExtractShort(data, len)
unsigned short algorithm; // 8
unsigned short digest_type; // 8
String* digest_val; // Variable lenght Digest of DNSKEY RR
String* digest_val; // Variable length Digest of DNSKEY RR
};
struct BINDS_DATA
@ -317,7 +317,7 @@ public:
int opcode; ///< query type, see DNS_Opcode
int rcode; ///< return code, see DNS_Code
int QR; ///< query record flag
int AA; ///< authoritiave answer flag
int AA; ///< authoritative answer flag
int TC; ///< truncated - size > 512 bytes for udp
int RD; ///< recursion desired
int RA; ///< recursion available

4
src/analyzer/protocol/dns/events.bif
View file

@ -692,7 +692,7 @@ event dns_DS%(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr%);
##
## ans: The type-independent part of the parsed answer record.
##
## binds: The parsed RDATA of BIND-Signeing state record.
## binds: The parsed RDATA of BIND-Signing state record.
event dns_BINDS%(c: connection, msg: dns_msg, ans: dns_answer, binds: dns_binds_rr%);
## Generated for DNS replies of type *BINDS*. For replies with multiple answers,
@ -705,7 +705,7 @@ event dns_BINDS%(c: connection, msg: dns_msg, ans: dns_answer, binds: dns_binds_
##
## ans: The type-independent part of the parsed answer record.
##
## binds: The parsed RDATA of BIND-Signeing state record.
## binds: The parsed RDATA of BIND-Signing state record.
event dns_SSHFP%(c: connection, msg: dns_msg, ans: dns_answer, algo: count, fptype: count, fingerprint: string%);
## Generated for DNS replies of type *LOC*. For replies with multiple answers,

4
src/analyzer/protocol/gssapi/GSSAPI.h
View file

@ -16,13 +16,13 @@ public:
explicit GSSAPI_Analyzer(Connection* conn);
~GSSAPI_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
static analyzer::Analyzer* Instantiate(Connection* conn) { return new GSSAPI_Analyzer(conn); }

6
src/analyzer/protocol/http/HTTP.cc
View file

@ -246,7 +246,7 @@ bool HTTP_Entity::Undelivered(int64_t len)
expect_data_length);
}
// Don't propogate an entity (file) gap if we're still in the headers,
// Don't propagate an entity (file) gap if we're still in the headers,
// or the body length was declared to be zero.
if ( (end_of_data && in_header) || body_length == 0 )
return false;
@ -1687,7 +1687,7 @@ String* unescape_URI(const u_char* line, const u_char* line_end, analyzer::Analy
else if ( line + 1 == line_end )
{
// % + one character at end of line. Log weird
// and just add to unescpaped URI.
// and just add to unescaped URI.
*URI_p++ = '%';
*URI_p++ = *line;
if ( analyzer )
@ -1718,7 +1718,7 @@ String* unescape_URI(const u_char* line, const u_char* line_end, analyzer::Analy
// Decode escaping like this: %u00AE
// The W3C rejected escaping this way, and
// there is no RFC that specifies it.
// Appparently there is some software doing
// Apparently there is some software doing
// this sort of 4 byte unicode encoding anyway.
// Likely causing an increase in it's use is
// the third edition of the ECMAScript spec

4
src/analyzer/protocol/http/HTTP.h
View file

@ -180,12 +180,12 @@ public:
bool IsConnectionClose() { return connection_close; }
int HTTP_ReplyCode() const { return reply_code; };
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer
void EndpointEOF(bool is_orig) override;
void ConnectionFinished(bool half_finished) override;
void ConnectionReset() override;

2
src/analyzer/protocol/imap/IMAP.h
View file

@ -22,7 +22,7 @@ public:
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
void StartTLS();

2
src/analyzer/protocol/krb/KRB_TCP.h
View file

@ -20,7 +20,7 @@ public:
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
StringValPtr GetAuthenticationInfo(const String* principal, const String* ciphertext,

2
src/analyzer/protocol/login/NVT.cc
View file

@ -518,7 +518,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data)
if ( last_char == '\r' )
{
if ( CRLFAsEOL() & CR_as_EOL )
// we already emited, skip
// we already emitted, skip
;
else
{

2
src/analyzer/protocol/login/events.bif
View file

@ -146,7 +146,7 @@ event login_input_line%(c: connection, line: string%);
##
## c: The connection.
##
## line: The ouput line.
## line: The output line.
##
## .. zeek:see:: login_confused login_confused_text login_display login_failure
## login_input_line login_prompt login_success login_terminal rsh_reply

2
src/analyzer/protocol/modbus/modbus-protocol.pac
View file

@ -71,7 +71,7 @@ type ModbusTCP_PDU(is_orig: bool) = record {
type ModbusTCP_TransportHeader = record {
tid: uint16; # Transaction identifier
pid: uint16; # Protocol identifier
len: uint16; # Length of everyting after this field
len: uint16; # Length of everything after this field
uid: uint8; # Unit identifier (previously 'slave address')
fc: uint8; # MODBUS function code (see function_codes enum)
} &byteorder=bigendian, &let {

2
src/analyzer/protocol/mqtt/events.bif
View file

@ -105,7 +105,7 @@ event mqtt_pingreq%(c: connection%);
## c: The connection
event mqtt_pingresp%(c: connection%);
## Generated for MQTT disconnect messages sent by the client when it is diconnecting cleanly.
## Generated for MQTT disconnect messages sent by the client when it is disconnecting cleanly.
##
## c: The connection
event mqtt_disconnect%(c: connection%);

4
src/analyzer/protocol/mysql/MySQL.h
View file

@ -16,13 +16,13 @@ public:
explicit MySQL_Analyzer(Connection* conn);
~MySQL_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
static analyzer::Analyzer* Instantiate(Connection* conn) { return new MySQL_Analyzer(conn); }

2
src/analyzer/protocol/mysql/mysql.pac
View file

@ -29,7 +29,7 @@ flow MySQL_Flow(is_orig: bool) {
# There are two options here: flowunit or datagram.
# flowunit = MySQL_PDU(is_orig) withcontext(connection, this);
flowunit = MySQL_PDU(is_orig) withcontext(connection, this);
# Using flowunit will cause the anlayzer to buffer incremental input.
# Using flowunit will cause the analyzer to buffer incremental input.
# This is needed for &oneline and &length. If you don't need this, you'll
# get better performance with datagram.
};

2
src/analyzer/protocol/ncp/NCP.cc
View file

@ -195,7 +195,7 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig
{
// Assume NCP frames align with packet boundary.
if ( (IsOrig() && len < 22) || (! IsOrig() && len < 16) )
{ // ignore small fragmeents
{ // ignore small fragments
return;
}

4
src/analyzer/protocol/ntlm/NTLM.h
View file

@ -16,13 +16,13 @@ public:
explicit NTLM_Analyzer(Connection* conn);
~NTLM_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
static analyzer::Analyzer* Instantiate(Connection* conn) { return new NTLM_Analyzer(conn); }

2
src/analyzer/protocol/ntp/NTP.h
View file

@ -13,7 +13,7 @@ public:
explicit NTP_Analyzer(Connection* conn);
~NTP_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip,
int caplen) override;

2
src/analyzer/protocol/ntp/ntp-mode7.pac
View file

@ -48,7 +48,7 @@
#
# Implementation number: The number of the implementation this request code
# is defined by. An implementation number of zero is used
# for requst codes/data formats which all implementations
# for request codes/data formats which all implementations
# agree on. Implementation number 255 is reserved (for
# extensions, in case we run out).
#

2
src/analyzer/protocol/ntp/ntp-protocol.pac
View file

@ -26,7 +26,7 @@ type NTP_PDU(is_orig: bool) = record {
} &byteorder=bigendian &exportsourcedata;
# This is the most common type of message, corresponding to modes 1-5
# This kind of msg are used for normal operation of syncronization
# This kind of msg are used for normal operation of synchronization
# See RFC 5905 for details
type NTP_std_msg = record {
stratum: uint8;

2
src/analyzer/protocol/pia/PIA.cc
View file

@ -230,7 +230,7 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
ip4_hdr = new IP_Hdr(ip4, false);
}
// Locals used to avoid potentil alignment problems
// Locals used to avoid potential alignment problems
// with some archs/compilers when grabbing the address
// of the struct member directly in the following.
in_addr tmp_src;

2
src/analyzer/protocol/pia/PIA.h
View file

@ -28,7 +28,7 @@ public:
virtual ~PIA();
// Called when PIA wants to put an Analyzer in charge. rule is the
// signature that triggered the activitation, if any.
// signature that triggered the activation, if any.
virtual void ActivateAnalyzer(zeek::Tag tag, const zeek::detail::Rule* rule = nullptr) = 0;
// Called when PIA wants to remove an Analyzer.

2
src/analyzer/protocol/radius/RADIUS.h
View file

@ -12,7 +12,7 @@ public:
explicit RADIUS_Analyzer(Connection* conn);
~RADIUS_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip,
int caplen) override;

2
src/analyzer/protocol/rdp/RDP.h
View file

@ -15,7 +15,7 @@ public:
explicit RDP_Analyzer(Connection* conn);
~RDP_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;

4
src/analyzer/protocol/rfb/RFB.h
View file

@ -14,13 +14,13 @@ public:
explicit RFB_Analyzer(Connection* conn);
~RFB_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn)

2
src/analyzer/protocol/rpc/NFS.cc
View file

@ -663,7 +663,7 @@ RecordValPtr NFS_Interp::nfs3_write_reply(const u_char*& buf, int& n,
rep->Assign(3, nfs3_stable_how(buf, n));
// Writeverf. While the RFC says that this should be a fixed
// length opaque, it specifies the lenght as 8 bytes, so we
// length opaque, it specifies the length as 8 bytes, so we
// can also just as easily extract a uint64.
rep->Assign(4, ExtractUint64(buf, n));
}

12
src/analyzer/protocol/rpc/RPC.cc
View file

@ -181,7 +181,7 @@ int RPC_Interpreter::DeliverRPC(const u_char* buf, int n, int rpclen, bool is_or
// We now have a valid RPC_CallInfo (either the previous one
// in case of a rexmit or the current one).
// TODO: What to do in case of a rexmit_inconistency??
// TODO: What to do in case of a rexmit_inconsistency??
Event_RPC_Call(call);
if ( RPC_BuildCall(call, buf, n) )
@ -468,11 +468,11 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
// We try to look for the beginning of a RPC frame, assuming RPC
// frames begin at packet boundaries (though they may span over
// multiple packets) (note that the data* of DeliverStream() usually
// starts at a packet boundrary).
// starts at a packet boundary).
//
// If we see a frame start that makes sense (direction and frame
// lenght seem ok), we try to read (skip over) the next RPC message.
// If this is successfull and we the place we are seems like a valid
// length seem ok), we try to read (skip over) the next RPC message.
// If this is successful and we the place we are seems like a valid
// start of a RPC msg (direction and frame length seem ok). We assume
// that we have successfully resync'ed.
@ -509,7 +509,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
}
// Now lets see whether data points to the beginning of a RPC
// frame. If the resync processs is successful, we should be
// frame. If the resync processes is successful, we should be
// at the beginning of a frame.
if ( len < 12 )
@ -552,7 +552,7 @@ bool Contents_RPC::CheckResync(int& len, const u_char*& data, bool orig)
{
// Skip this chunk
if ( DEBUG_rpc_resync )
DEBUG_MSG("RPC resync: Need to resync. dicarding %d bytes.\n", len);
DEBUG_MSG("RPC resync: Need to resync. discarding %d bytes.\n", len);
NeedResync(); // let's try the resync again from the beginning
return false;

2
src/analyzer/protocol/rpc/XDR.cc
View file

@ -20,7 +20,7 @@ uint32_t zeek::analyzer::rpc::extract_XDR_uint32(const u_char*& buf, int& len)
return 0;
}
// Takes care of alignment and endianess differences.
// Takes care of alignment and endianness differences.
uint32_t buf_bits32;
memcpy(&buf_bits32, buf, 4);
uint32_t bits32 = ntohl(buf_bits32);

2
src/analyzer/protocol/sip/SIP_TCP.h
View file

@ -22,7 +22,7 @@ public:
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
static analyzer::Analyzer* Instantiate(Connection* conn) { return new SIP_Analyzer(conn); }

24
src/analyzer/protocol/smb/smb2_com_set_info.bif
View file

@ -36,7 +36,7 @@ event smb2_file_delete%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, d
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *file* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -55,7 +55,7 @@ event smb2_file_sattr%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, ti
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *allocation* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -71,7 +71,7 @@ event smb2_file_allocation%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUI
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *end_of_file* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -88,7 +88,7 @@ event smb2_file_endoffile%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *mode* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -105,7 +105,7 @@ event smb2_file_mode%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, mod
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *pipe* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -124,7 +124,7 @@ event smb2_file_pipe%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, rea
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *position* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -140,7 +140,7 @@ event smb2_file_position%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID,
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *short_name* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -156,7 +156,7 @@ event smb2_file_shortname%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *valid_data_length* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -172,7 +172,7 @@ event smb2_file_validdatalength%(c: connection, hdr: SMB2::Header, file_id: SMB2
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *full_EA* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -188,7 +188,7 @@ event smb2_file_fullea%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, f
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *link* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -206,7 +206,7 @@ event smb2_file_link%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, roo
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *fs_control* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##
@ -222,7 +222,7 @@ event smb2_file_fscontrol%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID
## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)`
## version 2 requests of type *set_info* of the *fs_object_id* subtype
##
## For more infomation, see MS-SMB2:2.2.39
## For more information, see MS-SMB2:2.2.39
##
## c: The connection.
##

2
src/analyzer/protocol/socks/SOCKS.cc
View file

@ -52,7 +52,7 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
if ( orig_done && resp_done )
{
// Finished decapsulating tunnel layer. Now do standard processing
// with the rest of the conneciton.
// with the rest of the connection.
//
// Note that we assume that no payload data arrives before both endpoints
// are done with their part of the SOCKS protocol.

4
src/analyzer/protocol/ssh/SSH.h
View file

@ -16,12 +16,12 @@ public:
explicit SSH_Analyzer(Connection* conn);
~SSH_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
static analyzer::Analyzer* Instantiate(Connection* conn) { return new SSH_Analyzer(conn); }

2
src/analyzer/protocol/ssh/events.bif
View file

@ -55,7 +55,7 @@ event ssh_auth_successful%(c: connection, auth_method_none: bool%);
## connection was determined to have had an authentication attempt.
## This determination is based on packet size analysis, and errs
## on the side of caution - that is, if there's any doubt about
## whether or not an authenication attempt occured, this event is
## whether or not an authentication attempt occurred, this event is
## *not* raised.
##
## At this point in the protocol, all we can determine is whether

2
src/analyzer/protocol/ssl/DTLS.h
View file

@ -26,7 +26,7 @@ public:
explicit DTLS_Analyzer(Connection* conn);
~DTLS_Analyzer() override;
// Overriden from Analyzer.
// Overridden from Analyzer.
void Done() override;
void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const IP_Hdr* ip,
int caplen) override;

14
src/analyzer/protocol/ssl/SSL.h
View file

@ -65,7 +65,7 @@ public:
* connection. (For TLS 1.2 this is the pre-master secret)
*
* Please note that these functions currently are hardcoded to only work with a single TLS 1.2
* cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
* ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
*
* @param len Length of the secret bytes
*
@ -78,7 +78,7 @@ public:
* TLS application data in the connection.
*
* Please note that these functions currently are hardcoded to only work with a single TLS 1.2
* cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
* ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
*
* @param keys The key buffer as derived via TLS PRF (for
* AES_GCM this should be 72 bytes in length)
@ -90,7 +90,7 @@ public:
* TLS application data in the connection.
*
* Please note that these functions currently are hardcoded to only work with a single TLS 1.2
* cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
* ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
*
* @param keys The key buffer as derived via TLS PRF (for
* AES_GCM this should be 72 bytes in length)
@ -110,7 +110,7 @@ protected:
* Try to decrypt TLS application data from a packet. Requires secret or keys to be set prior.
*
* Please note that these functions currently are hardcoded to only work with a single TLS 1.2
* cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
* ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
*
* @param len Length of the encrypted bytes to decrypt
*
@ -129,10 +129,10 @@ protected:
/**
* TLS 1.2 pseudo random function (PRF) used to expand the pre-master secret and derive keys.
* The seed is obtained by concatinating rnd1 and rnd2.
* The seed is obtained by concatenating rnd1 and rnd2.
*
* Please note that these functions currently are hardcoded to only work with a single TLS 1.2
* cuphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
* ciphersuite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
*
* @param secret Secret as defined in the TLS RFC
*
@ -168,7 +168,7 @@ protected:
// client and server sequence number, used for TLS 1.2 decryption
int c_seq;
int s_seq;
// secret, for decyption
// secret, for decryption
std::string secret;
// derived keys, for decryption
std::vector<u_char> keys;

4
src/analyzer/protocol/ssl/dtls-analyzer.pac
View file

@ -4,9 +4,9 @@ refine connection SSL_Conn += {
%member{
struct message_info {
uint64 message_first_sequence; // the minumum dtls sequence number for this handshake fragment
uint64 message_first_sequence; // the minimum dtls sequence number for this handshake fragment
bool first_sequence_seen; // did we actually see the fragment with the smallest number
uint64 message_last_sequence; // the mazimum dtls sequence number for this handshake fragment
uint64 message_last_sequence; // the maximum dtls sequence number for this handshake fragment
uint16 message_handshake_sequence; // the handshake sequence number of this handshake (to identify)
uint32 message_length; // data length of this handshake (data in buffer)
uint32 message_sequence_seen; // a bitfield that shows which sequence numbers we already saw, offset from first_seq.

2
src/analyzer/protocol/ssl/events.bif
View file

@ -421,7 +421,7 @@ event ssl_extension_signed_certificate_timestamp%(c: connection, is_client: bool
## Generated for an TLS Supported Versions extension. This TLS extension
## is defined in the TLS 1.3 rfc and sent by the client in the initial handshake.
## It contains the TLS versions that it supports. This informaion can be used by
## It contains the TLS versions that it supports. This information can be used by
## the server to choose the best TLS version o use.
##
## c: The connection.

2
src/analyzer/protocol/ssl/functions.bif
View file

@ -6,7 +6,7 @@
%%}
## Sets if the SSL analyzer should consider the connection established (handshake
## finished succesfully).
## finished successfully).
##
## c: The SSL connection.
##

4
src/analyzer/protocol/ssl/ssl-protocol.pac
View file

@ -171,7 +171,7 @@ refine connection SSL_Conn += {
// some sort of TLS1.3. So - let's do it this way round instead.
if ( negotiated_version != SSLv20 && negotiated_version != SSLv30 && negotiated_version != TLSv10 && negotiated_version != TLSv11 && negotiated_version != TLSv12 )
{
// well, it seems like this is a TLS 1.3 (or equivalent) applicatio data packet. Let's enable encryption
// well, it seems like this is a TLS 1.3 (or equivalent) application data packet. Let's enable encryption
// and handle it as encrypted.
startEncryption(is_orig);
return STATE_ENCRYPTED;
@ -183,7 +183,7 @@ refine connection SSL_Conn += {
function determine_ssl_record_layer(head0 : uint8, head1 : uint8,
head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int
%{
// stop processing if we already had a protocol violation or otherwhise
// stop processing if we already had a protocol violation or otherwise
// decided that we do not want to parse anymore. Just setting skip is not
// enough for the data that is already in the pipe.
if ( zeek_analyzer()->Skipping() )

2
src/analyzer/protocol/ssl/tls-handshake-protocol.pac
View file

@ -806,7 +806,7 @@ type SupportedVersions(rec: HandshakeRecord) = record {
versions: uint16[] &until($input.length() == 0);
} &length=length+1;
# If the server sends it, this is the authorative version. Set it.
# If the server sends it, this is the authoritative version. Set it.
type OneSupportedVersion(rec: HandshakeRecord) = record {
version: uint16;
} &let {

4
src/analyzer/protocol/tcp/TCP_Endpoint.h
View file

@ -99,7 +99,7 @@ public:
/**
* @param tcp_seq_num A 32-bit TCP sequence space number.
* @param wraparounds Number of times a 32-bit sequence space has wrapped.
* @return \a tcp_seq_num expanded out in to a 64-bit sequence space,
* @return \a tcp_seq_num expanded out into a 64-bit sequence space,
* accounting for the number of times the 32-bit space overflowed.
*/
static uint64_t ToFullSeqSpace(uint32_t tcp_seq_num, uint32_t wraparounds)
@ -110,7 +110,7 @@ public:
/**
* @param tcp_seq_num A 32-bit TCP sequence space number.
* @param wraparounds Number of times a 32-bit sequence space has wrapped.
* @return \a tcp_seq_num expanded out in to a 64-bit sequence space,
* @return \a tcp_seq_num expanded out into a 64-bit sequence space,
* accounting for the number of times the 32-bit space overflowed
* and relative to the starting sequence number for this endpoint.
*/

10
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -171,7 +171,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
// first packet we saw instantiating the partial connection
// was a keep-alive. So, in either case, just ignore it.
// TODO: Don't we need to update last_reassm_seq ????
// TODO: Don't we need to update last_reassem_seq ????
return;
}
@ -187,7 +187,7 @@ void TCP_Reassembler::Undelivered(uint64_t up_to_seq)
if ( DEBUG_tcp_contents )
{
DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64 ", last_reassm=%" PRIu64 ", "
DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64 ", last_reassem=%" PRIu64 ", "
"endp: FIN_cnt=%d, RST_cnt=%d, "
"peer: FIN_cnt=%d, RST_cnt=%d\n",
zeek::run_state::network_time, IsOrig(), up_to_seq, last_reassem_seq,
@ -286,7 +286,7 @@ void TCP_Reassembler::MatchUndelivered(uint64_t up_to_seq, bool use_last_upper)
// ### Note: the original code did not check whether blocks have
// already been delivered, but not ACK'ed, and therefore still
// must be kept in the reassember.
// must be kept in the reassembler.
// We are to match any undelivered data, from last_reassem_seq to
// min(last_block->upper, up_to_seq).
@ -546,10 +546,10 @@ void TCP_Reassembler::AckReceived(uint64_t seq)
void TCP_Reassembler::CheckEOF()
{
// It is important that the check on whether we have pending data here
// is consistent with the check in TCP_Connection::ConnnectionClosed().
// is consistent with the check in TCP_Connection::ConnectionClosed().
//
// If we choose to call EndpointEOF here because, for example, we
// are already skipping deliveries, ConnnectionClosed() might decide
// are already skipping deliveries, ConnectionClosed() might decide
// that there is still DataPending, because it does not check
// SkipDeliveries(), and the connection will not be closed until
// timeout, since the did_EOF flag makes sure that EndpointEOF will

2
src/analyzer/protocol/xmpp/XMPP.h
View file

@ -19,7 +19,7 @@ public:
void DeliverStream(int len, const u_char* data, bool orig) override;
void Undelivered(uint64_t seq, int len, bool orig) override;
// Overriden from analyzer::tcp::TCP_ApplicationAnalyzer.
// Overridden from analyzer::tcp::TCP_ApplicationAnalyzer.
void EndpointEOF(bool is_orig) override;
void StartTLS();

2
src/binpac_zeek-lib.pac
View file

@ -27,7 +27,7 @@ zeek::StringValPtr utf16_to_utf8_val(zeek::Connection* conn, const bytestring& u
// here, so make a copy.
auto utf16_copy_buf = std::make_unique<UTF16[]>(utf16.length()); // Twice as much memory than necessary.
auto utf16_copy = utf16_copy_buf.get();
memset(utf16_copy, 0, sizeof(UTF16) * utf16.length()); // needs to be set to 0, otherwhise we have uninitialized memory issues when utf16.length is odd.
memset(utf16_copy, 0, sizeof(UTF16) * utf16.length()); // needs to be set to 0, otherwise we have uninitialized memory issues when utf16.length is odd.
memcpy(utf16_copy, utf16.begin(), utf16.length());
const char* utf16_copy_end = reinterpret_cast<const char*>(utf16_copy) + utf16.length();

2
src/broker/Data.cc
View file

@ -1176,7 +1176,7 @@ broker::data& opaque_field_to_data(RecordVal* v, zeek::detail::Frame* f)
if ( ! d )
reporter->RuntimeError(f->GetCallLocation(), "Broker::Data's opaque field is not set");
// RuntimeError throws an exception which causes this line to never exceute.
// RuntimeError throws an exception which causes this line to never execute.
// NOLINTNEXTLINE(clang-analyzer-core.uninitialized.UndefReturn)
return static_cast<DataVal*>(d.get())->data;
}

6
src/broker/Data.h
View file

@ -166,7 +166,7 @@ struct type_name_getter
* @param v a Broker::Data value.
* @param f used to get location information on error.
* @return a reference to the wrapped Broker data value. A runtime interpreter
* exception is thrown if the the optional opaque value of \a v is not set.
* exception is thrown if the optional opaque value of \a v is not set.
*/
broker::data& opaque_field_to_data(zeek::RecordVal* v, zeek::detail::Frame* f);
@ -176,7 +176,7 @@ broker::data& opaque_field_to_data(zeek::RecordVal* v, zeek::detail::Frame* f);
* @param d a Broker data value to get variant data out of.
* @param tag a Zeek tag which corresponds to T (just used for error reporting).
* @param f used to get location information on error.
* @return a refrence to the requested type in the variant Broker data.
* @return a reference to the requested type in the variant Broker data.
* A runtime interpret exception is thrown if trying to access a type which
* is not currently stored in the Broker data.
*/
@ -200,7 +200,7 @@ inline T& require_data_type(zeek::RecordVal* v, zeek::TypeTag tag, zeek::detail:
return require_data_type<T>(opaque_field_to_data(v, f), tag, f);
}
// Copying data in to iterator vals is not the fastest approach, but safer...
// Copying data into iterator vals is not the fastest approach, but safer...
class SetIterator : public zeek::OpaqueVal
{

8
src/broker/Manager.cc
View file

@ -930,7 +930,7 @@ bool Manager::AutoPublishEvent(string topic, Val* event)
return false;
}
DBG_LOG(DBG_BROKER, "Enabling auto-publising of event %s to topic %s", handler->Name(),
DBG_LOG(DBG_BROKER, "Enabling auto-publishing of event %s to topic %s", handler->Name(),
topic.c_str());
handler->AutoPublish(move(topic));
@ -1075,7 +1075,7 @@ bool Manager::Unsubscribe(const string& topic_prefix)
for ( size_t i = 0; i < forwarded_prefixes.size(); ++i )
if ( forwarded_prefixes[i] == topic_prefix )
{
DBG_LOG(DBG_BROKER, "Unforwading topic prefix %s", topic_prefix.c_str());
DBG_LOG(DBG_BROKER, "Unforwarding topic prefix %s", topic_prefix.c_str());
forwarded_prefixes.erase(forwarded_prefixes.begin() + i);
break;
}
@ -1648,7 +1648,7 @@ bool Manager::ProcessIdentifierUpdate(broker::zeek::IdentifierUpdate iu)
if ( ! id )
{
reporter->Warning("Received id-update request for unkown id: %s", id_name.c_str());
reporter->Warning("Received id-update request for unknown id: %s", id_name.c_str());
return false;
}
@ -1758,7 +1758,7 @@ void Manager::ProcessError(broker::error_view err)
else
{
reporter->Warning("Unknown Broker error code %u: mapped to unspecificed enum value ",
reporter->Warning("Unknown Broker error code %u: mapped to unspecified enum value ",
static_cast<unsigned>(int_code));
ec = BifEnum::Broker::ErrorCode::UNSPECIFIED;
}

2
src/broker/Manager.h
View file

@ -110,7 +110,7 @@ public:
void Terminate();
/**
* Returns true if any Broker communincation is currently active.
* Returns true if any Broker communication is currently active.
*/
bool Active();

2
src/digest.h
View file

@ -74,7 +74,7 @@ unsigned char* internal_md5(const unsigned char* data, unsigned long len, unsign
* @param data Data to hash.
* @param len Length of data to hash.
* @param out Buffer to write data to. If set to nullptr, a static buffer will be used
* @return Buffer that the hash was written to. Length is deoendent on the chosen hash function.
* @return Buffer that the hash was written to. Length is dependent on the chosen hash function.
*/
unsigned char* calculate_digest(HashAlgorithm Alg, const unsigned char* data, uint64_t len,
unsigned char* out);

Some files were not shown because too many files have changed in this diff Show more