Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/jsiwek/plist-and-event-cleanup'

Browse source 
* origin/topic/jsiwek/plist-and-event-cleanup:
  Add comments to QueueEvent() and ConnectionEvent()
  Add methods to queue events without handler existence check
  Cleanup/improve PList usage and Event API
This commit is contained in:
Johanna Amann 2019-05-01 08:28:14 -07:00
commit 29d9b5b554
109 changed files with 2080 additions and 1850 deletions
Download patch file Download diff file Expand all files Collapse all files

93
src/analyzer/protocol/tcp/TCP.cc
View file

@ -299,11 +299,11 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig,
if ( OS_val )
{ // found new OS version
val_list* vl = new val_list;
vl->append(tcp->BuildConnVal());
vl->append(src_addr_val->Ref());
vl->append(OS_val);
tcp->ConnectionEvent(OS_version_found, vl);
tcp->ConnectionEventFast(OS_version_found, {
tcp->BuildConnVal(),
src_addr_val->Ref(),
OS_val,
});
}
}
@ -965,20 +965,17 @@ void TCP_Analyzer::GeneratePacketEvent(
const u_char* data, int len, int caplen,
int is_orig, TCP_Flags flags)
{
val_list* vl = new val_list();
vl->append(BuildConnVal());
vl->append(val_mgr->GetBool(is_orig));
vl->append(new StringVal(flags.AsString()));
vl->append(val_mgr->GetCount(rel_seq));
vl->append(val_mgr->GetCount(flags.ACK() ? rel_ack : 0));
vl->append(val_mgr->GetCount(len));
// We need the min() here because Ethernet padding can lead to
// caplen > len.
vl->append(new StringVal(min(caplen, len), (const char*) data));
ConnectionEvent(tcp_packet, vl);
ConnectionEventFast(tcp_packet, {
BuildConnVal(),
val_mgr->GetBool(is_orig),
new StringVal(flags.AsString()),
val_mgr->GetCount(rel_seq),
val_mgr->GetCount(flags.ACK() ? rel_ack : 0),
val_mgr->GetCount(len),
// We need the min() here because Ethernet padding can lead to
// caplen > len.
new StringVal(min(caplen, len), (const char*) data),
});
}
int TCP_Analyzer::DeliverData(double t, const u_char* data, int len, int caplen,
@ -1283,10 +1280,10 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
if ( connection_SYN_packet )
{
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(SYN_vals->Ref());
ConnectionEvent(connection_SYN_packet, vl);
ConnectionEventFast(connection_SYN_packet, {
BuildConnVal(),
SYN_vals->Ref(),
});
}
passive_fingerprint(this, is_orig, ip, tp, tcp_hdr_len);
@ -1510,14 +1507,12 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt,
{
if ( tcp_option )
{
val_list* vl = new val_list();
vl->append(analyzer->BuildConnVal());
vl->append(val_mgr->GetBool(is_orig));
vl->append(val_mgr->GetCount(opt));
vl->append(val_mgr->GetCount(optlen));
analyzer->ConnectionEvent(tcp_option, vl);
analyzer->ConnectionEventFast(tcp_option, {
analyzer->BuildConnVal(),
val_mgr->GetBool(is_orig),
val_mgr->GetCount(opt),
val_mgr->GetCount(optlen),
});
}
return 0;
@ -1833,10 +1828,10 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp)
{
if ( connection_EOF )
{
val_list* vl = new val_list();
vl->append(BuildConnVal());
vl->append(val_mgr->GetBool(endp->IsOrig()));
ConnectionEvent(connection_EOF, vl);
ConnectionEventFast(connection_EOF, {
BuildConnVal(),
val_mgr->GetBool(endp->IsOrig()),
});
}
const analyzer_list& children(GetChildren());
@ -2115,15 +2110,14 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen,
if ( tcp_rexmit )
{
val_list* vl = new val_list();
vl->append(endp->TCP()->BuildConnVal());
vl->append(val_mgr->GetBool(endp->IsOrig()));
vl->append(val_mgr->GetCount(seq));
vl->append(val_mgr->GetCount(len));
vl->append(val_mgr->GetCount(data_in_flight));
vl->append(val_mgr->GetCount(endp->peer->window));
endp->TCP()->ConnectionEvent(tcp_rexmit, vl);
endp->TCP()->ConnectionEventFast(tcp_rexmit, {
endp->TCP()->BuildConnVal(),
val_mgr->GetBool(endp->IsOrig()),
val_mgr->GetCount(seq),
val_mgr->GetCount(len),
val_mgr->GetCount(data_in_flight),
val_mgr->GetCount(endp->peer->window),
});
}
}
else
@ -2171,11 +2165,12 @@ void TCPStats_Analyzer::Done()
{
TCP_ApplicationAnalyzer::Done();
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(orig_stats->BuildStats());
vl->append(resp_stats->BuildStats());
ConnectionEvent(conn_stats, vl);
if ( conn_stats )
ConnectionEventFast(conn_stats, {
BuildConnVal(),
orig_stats->BuildStats(),
resp_stats->BuildStats(),
});
}
void TCPStats_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen)