Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/plist-and-event-cleanup'

Browse source 
* origin/topic/jsiwek/plist-and-event-cleanup:
  Add comments to QueueEvent() and ConnectionEvent()
  Add methods to queue events without handler existence check
  Cleanup/improve PList usage and Event API
This commit is contained in:
Johanna Amann 2019-05-01 08:28:14 -07:00
commit 29d9b5b554
109 changed files with 2080 additions and 1850 deletions
Download patch file Download diff file Expand all files Collapse all files

57
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -145,12 +145,12 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len)
if ( report_gap(endp, endp->peer) )
{
val_list* vl = new val_list;
vl->append(dst_analyzer->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(val_mgr->GetCount(seq));
vl->append(val_mgr->GetCount(len));
dst_analyzer->ConnectionEvent(content_gap, vl);
dst_analyzer->ConnectionEventFast(content_gap, {
dst_analyzer->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
val_mgr->GetCount(seq),
val_mgr->GetCount(len),
});
}
if ( type == Direct )
@ -344,11 +344,11 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f)
if ( contents_file_write_failure )
{
val_list* vl = new val_list();
vl->append(Endpoint()->Conn()->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(new StringVal("TCP reassembler content write failure"));
tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl);
tcp_analyzer->ConnectionEventFast(contents_file_write_failure, {
Endpoint()->Conn()->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
new StringVal("TCP reassembler content write failure"),
});
}
}
@ -361,11 +361,11 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f)
if ( contents_file_write_failure )
{
val_list* vl = new val_list();
vl->append(Endpoint()->Conn()->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(new StringVal("TCP reassembler gap write failure"));
tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl);
tcp_analyzer->ConnectionEventFast(contents_file_write_failure, {
Endpoint()->Conn()->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
new StringVal("TCP reassembler gap write failure"),
});
}
}
@ -434,12 +434,12 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n)
BroString* b1_s = new BroString((const u_char*) b1, n, 0);
BroString* b2_s = new BroString((const u_char*) b2, n, 0);
val_list* vl = new val_list(3);
vl->append(tcp_analyzer->BuildConnVal());
vl->append(new StringVal(b1_s));
vl->append(new StringVal(b2_s));
vl->append(new StringVal(flags.AsString()));
tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl);
tcp_analyzer->ConnectionEventFast(rexmit_inconsistency, {
tcp_analyzer->BuildConnVal(),
new StringVal(b1_s),
new StringVal(b2_s),
new StringVal(flags.AsString()),
});
}
}
@ -605,13 +605,12 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data)
if ( deliver_tcp_contents )
{
val_list* vl = new val_list();
vl->append(tcp_analyzer->BuildConnVal());
vl->append(val_mgr->GetBool(IsOrig()));
vl->append(val_mgr->GetCount(seq));
vl->append(new StringVal(len, (const char*) data));
tcp_analyzer->ConnectionEvent(tcp_contents, vl);
tcp_analyzer->ConnectionEventFast(tcp_contents, {
tcp_analyzer->BuildConnVal(),
val_mgr->GetBool(IsOrig()),
val_mgr->GetCount(seq),
new StringVal(len, (const char*) data),
});
}
// Q. Can we say this because it is already checked in DataSent()?