From 2a63e4a4a2fba823e07cb1317ca35c33a45e5359 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 8 Apr 2020 21:47:49 -0700 Subject: [PATCH] Deprecate BuildConnVal() methods and update usages to ConnVal() The later being a new method that returns IntrusivePtr --- NEWS | 4 ++ src/Conn.cc | 40 +++++------ src/Conn.h | 11 ++- src/Reporter.cc | 4 +- src/RuleMatcher.cc | 2 +- src/analyzer/Analyzer.cc | 11 ++- src/analyzer/Analyzer.h | 7 ++ .../protocol/bittorrent/BitTorrent.cc | 2 +- .../protocol/bittorrent/BitTorrentTracker.cc | 8 +-- src/analyzer/protocol/conn-size/ConnSize.cc | 4 +- src/analyzer/protocol/dns/DNS.cc | 40 +++++------ src/analyzer/protocol/file/File.cc | 2 +- src/analyzer/protocol/finger/Finger.cc | 4 +- src/analyzer/protocol/ftp/FTP.cc | 4 +- src/analyzer/protocol/gnutella/Gnutella.cc | 14 ++-- src/analyzer/protocol/http/HTTP.cc | 24 +++---- src/analyzer/protocol/icmp/ICMP.cc | 20 +++--- src/analyzer/protocol/ident/Ident.cc | 6 +- src/analyzer/protocol/irc/IRC.cc | 70 +++++++++---------- src/analyzer/protocol/login/Login.cc | 16 ++--- src/analyzer/protocol/login/NVT.cc | 2 +- src/analyzer/protocol/login/RSH.cc | 2 +- src/analyzer/protocol/login/Rlogin.cc | 2 +- src/analyzer/protocol/mime/MIME.cc | 18 ++--- src/analyzer/protocol/ncp/NCP.cc | 4 +- src/analyzer/protocol/netbios/NetbiosSSN.cc | 6 +- src/analyzer/protocol/pia/PIA.cc | 4 +- src/analyzer/protocol/pop3/POP3.cc | 4 +- src/analyzer/protocol/rpc/MOUNT.cc | 2 +- src/analyzer/protocol/rpc/NFS.cc | 2 +- src/analyzer/protocol/rpc/Portmap.cc | 4 +- src/analyzer/protocol/rpc/RPC.cc | 6 +- src/analyzer/protocol/smtp/SMTP.cc | 10 +-- .../protocol/stepping-stone/SteppingStone.cc | 2 +- src/analyzer/protocol/tcp/TCP.cc | 14 ++-- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 2 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 10 +-- src/analyzer/protocol/udp/UDP.cc | 2 +- src/file_analysis/File.cc | 4 +- src/file_analysis/Manager.cc | 2 +- src/zeek.bif | 2 +- 41 files changed, 208 insertions(+), 189 deletions(-) diff --git a/NEWS b/NEWS index c2d5289626..ab9f85d945 100644 --- a/NEWS +++ b/NEWS @@ -107,6 +107,10 @@ Deprecated Functionality - All ``val_mgr`` methods starting with "Get" are deprecated, use the new ``val_mgr`` methods that return ``IntrusivePtr``. +- ``Connection::BuildConnVal()`` is deprecated, use ``Connection::ConnVal()``. + +- ``Analyzer::BuildConnVal()`` is deprecated, use ``Analyzer::ConnVal()``. + Zeek 3.1.0 ========== diff --git a/src/Conn.cc b/src/Conn.cc index 6661f772fe..aad42b3e42 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -90,7 +90,6 @@ Connection::Connection(NetSessions* s, const ConnIDKey& k, double t, const ConnI vlan = pkt->vlan; inner_vlan = pkt->inner_vlan; - conn_val = nullptr; login_conn = nullptr; is_active = 1; @@ -131,10 +130,7 @@ Connection::~Connection() CancelTimers(); if ( conn_val ) - { conn_val->SetOrigin(nullptr); - Unref(conn_val); - } delete root_analyzer; delete encapsulation; @@ -203,7 +199,7 @@ void Connection::NextPacket(double t, bool is_orig, is_successful = true; if ( ! was_successful && is_successful && connection_successful ) - EnqueueEvent(connection_successful, nullptr, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueEvent(connection_successful, nullptr, ConnVal()); } else last_time = t; @@ -260,7 +256,7 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, return; EnqueueEvent(e, nullptr, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), val_mgr->Count(threshold) ); @@ -323,17 +319,22 @@ void Connection::EnableStatusUpdateTimer() void Connection::StatusUpdateTimer(double t) { - EnqueueEvent(connection_status_update, nullptr, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueEvent(connection_status_update, nullptr, ConnVal()); ADD_TIMER(&Connection::StatusUpdateTimer, network_time + connection_status_update_interval, 0, TIMER_CONN_STATUS_UPDATE); } RecordVal* Connection::BuildConnVal() + { + return ConnVal()->Ref()->AsRecordVal(); + } + +const IntrusivePtr& Connection::ConnVal() { if ( ! conn_val ) { - conn_val = new RecordVal(connection_type); + conn_val = make_intrusive(connection_type); TransportProto prot_type = ConnTransport(); @@ -386,7 +387,7 @@ RecordVal* Connection::BuildConnVal() } if ( root_analyzer ) - root_analyzer->UpdateConnVal(conn_val); + root_analyzer->UpdateConnVal(conn_val.get()); conn_val->Assign(3, make_intrusive(start_time, TYPE_TIME)); // ### conn_val->Assign(4, make_intrusive(last_time - start_time, TYPE_INTERVAL)); @@ -395,8 +396,6 @@ RecordVal* Connection::BuildConnVal() conn_val->SetOrigin(this); - Ref(conn_val); - return conn_val; } @@ -417,12 +416,12 @@ analyzer::Analyzer* Connection::FindAnalyzer(const char* name) void Connection::AppendAddl(const char* str) { - Unref(BuildConnVal()); + const auto& cv = ConnVal(); - const char* old = conn_val->Lookup(6)->AsString()->CheckString(); + const char* old = cv->Lookup(6)->AsString()->CheckString(); const char* format = *old ? "%s %s" : "%s%s"; - conn_val->Assign(6, make_intrusive(fmt(format, old, str))); + cv->Assign(6, make_intrusive(fmt(format, old, str))); } // Returns true if the character at s separates a version number. @@ -446,7 +445,7 @@ void Connection::Match(Rule::PatternType type, const u_char* data, int len, bool void Connection::RemovalEvent() { - auto cv = IntrusivePtr{AdoptRef{}, BuildConnVal()}; + auto cv = ConnVal(); if ( connection_state_remove ) EnqueueEvent(connection_state_remove, nullptr, cv); @@ -461,9 +460,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch return; if ( name ) - EnqueueEvent(f, analyzer, make_intrusive(name), IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueEvent(f, analyzer, make_intrusive(name), ConnVal()); else - EnqueueEvent(f, analyzer, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueEvent(f, analyzer, ConnVal()); } void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2) @@ -477,12 +476,12 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, if ( v2 ) EnqueueEvent(f, analyzer, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, v1}, IntrusivePtr{AdoptRef{}, v2}); else EnqueueEvent(f, analyzer, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, v1}); } @@ -590,7 +589,6 @@ void Connection::FlipRoles() resp_flow_label = orig_flow_label; orig_flow_label = tmp_flow; - Unref(conn_val); conn_val = nullptr; if ( root_analyzer ) @@ -697,7 +695,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label) (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { EnqueueEvent(connection_flow_label_changed, nullptr, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), val_mgr->Count(my_flow_label), val_mgr->Count(flow_label) diff --git a/src/Conn.h b/src/Conn.h index 90410be516..a439021f14 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -163,7 +163,14 @@ public: // Activate connection_status_update timer. void EnableStatusUpdateTimer(); + [[deprecated("Remove in v4.1. Use ConnVal() instead.")]] RecordVal* BuildConnVal(); + + /** + * Returns the associated "connection" record. + */ + const IntrusivePtr& ConnVal(); + void AppendAddl(const char* str); LoginConn* AsLoginConn() { return login_conn; } @@ -316,8 +323,6 @@ public: protected: - Connection() { } - // Add the given timer to expire at time t. If do_expire // is true, then the timer is also evaluated when Bro terminates, // otherwise not. @@ -349,7 +354,7 @@ protected: u_char resp_l2_addr[Packet::l2_addr_len]; // Link-layer responder address, if available double start_time, last_time; double inactivity_timeout; - RecordVal* conn_val; + IntrusivePtr conn_val; LoginConn* login_conn; // either nil, or this const EncapsulationStack* encapsulation; // tunnels int suppress_event; // suppress certain events to once per conn. diff --git a/src/Reporter.cc b/src/Reporter.cc index e49c9eca75..1363f2af31 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -355,7 +355,7 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl) return; } - WeirdHelper(conn_weird, {conn->BuildConnVal(), new StringVal(addl)}, + WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)}, "%s", name); } @@ -492,7 +492,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, vl.emplace_back(make_intrusive(loc_str.c_str())); if ( conn ) - vl.emplace_back(AdoptRef{}, conn->BuildConnVal()); + vl.emplace_back(conn->ConnVal()); if ( addl ) for ( auto v : *addl ) diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 78c7b450f8..c3d7a805f1 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -81,7 +81,7 @@ Val* RuleMatcher::BuildRuleStateValue(const Rule* rule, { RecordVal* val = new RecordVal(signature_state); val->Assign(0, make_intrusive(rule->ID())); - val->Assign(1, state->GetAnalyzer()->BuildConnVal()); + val->Assign(1, state->GetAnalyzer()->ConnVal()); val->Assign(2, val_mgr->Bool(state->is_orig)); val->Assign(3, val_mgr->Count(state->payload_size)); return val; diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index ac9da6565b..bf93486689 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -690,7 +690,7 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag) EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal(); mgr.Enqueue(protocol_confirmation, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, tval}, val_mgr->Count(id) ); @@ -717,7 +717,7 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len) EnumVal* tval = tag.AsEnumVal(); mgr.Enqueue(protocol_violation, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, tval}, val_mgr->Count(id), IntrusivePtr{AdoptRef{}, r} @@ -788,7 +788,12 @@ void Analyzer::UpdateConnVal(RecordVal *conn_val) RecordVal* Analyzer::BuildConnVal() { - return conn->BuildConnVal(); + return conn->ConnVal()->Ref()->AsRecordVal(); + } + +const IntrusivePtr& Analyzer::ConnVal() + { + return conn->ConnVal(); } void Analyzer::Event(EventHandlerPtr f, const char* name) diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 43ad21b004..ae80c75de1 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -549,8 +549,15 @@ public: * Convenience function that forwards directly to * Connection::BuildConnVal(). */ + [[deprecated("Remove in v4.1. Use ConnVal() instead.")]] RecordVal* BuildConnVal(); + /** + * Convenience function that forwards directly to + * Connection::ConnVal(). + */ + const IntrusivePtr& ConnVal(); + /** * Convenience function that forwards directly to the corresponding * Connection::Event(). diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index c1341ef2c0..bfc9e6be51 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -120,7 +120,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bittorrent_peer_weird ) EnqueueConnEvent(bittorrent_peer_weird, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(msg) ); diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index a578852c40..eac30667fa 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -247,7 +247,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig) { if ( bt_tracker_weird ) EnqueueConnEvent(bt_tracker_weird, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(msg) ); @@ -348,7 +348,7 @@ void BitTorrentTracker_Analyzer::EmitRequest(void) if ( bt_tracker_request ) EnqueueConnEvent(bt_tracker_request, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, req_val_uri}, IntrusivePtr{AdoptRef{}, req_val_headers} ); @@ -402,7 +402,7 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line) { if ( bt_tracker_response_not_ok ) EnqueueConnEvent(bt_tracker_response_not_ok, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Count(res_status), IntrusivePtr{AdoptRef{}, res_val_headers} ); @@ -789,7 +789,7 @@ void BitTorrentTracker_Analyzer::EmitResponse(void) if ( bt_tracker_response ) EnqueueConnEvent(bt_tracker_response, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Count(res_status), IntrusivePtr{AdoptRef{}, res_val_headers}, IntrusivePtr{AdoptRef{}, res_val_peers}, diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index 2091365ded..58c186a06a 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -51,7 +51,7 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64_t threshold, bo return; EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Count(threshold), val_mgr->Bool(is_orig) ); @@ -93,7 +93,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig) if ( ( network_time - start_time ) > duration_thresh && conn_duration_threshold_crossed ) { EnqueueConnEvent(conn_duration_threshold_crossed, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(duration_thresh, TYPE_INTERVAL), val_mgr->Bool(is_orig) ); diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 3bd6b8af53..19f40757c1 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -49,7 +49,7 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) if ( dns_message ) analyzer->EnqueueConnEvent(dns_message, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_query), IntrusivePtr{AdoptRef{}, msg.BuildHdrVal()}, val_mgr->Count(len) @@ -134,7 +134,7 @@ void DNS_Interpreter::EndMessage(DNS_MsgInfo* msg) { if ( dns_end ) analyzer->EnqueueConnEvent(dns_end, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()} ); } @@ -337,7 +337,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, if ( dns_unknown_reply && ! msg->skip_event ) analyzer->EnqueueConnEvent(dns_unknown_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()} ); @@ -550,7 +550,7 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg, if ( reply_event && ! msg->skip_event ) analyzer->EnqueueConnEvent(reply_event, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, make_intrusive(new BroString(name, name_end - name, true)) @@ -603,7 +603,7 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg, r->Assign(6, make_intrusive(double(minimum), Seconds)); analyzer->EnqueueConnEvent(dns_SOA_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, std::move(r) @@ -633,7 +633,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg, if ( dns_MX_reply && ! msg->skip_event ) analyzer->EnqueueConnEvent(dns_MX_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, make_intrusive(new BroString(name, name_end - name, true)), @@ -674,7 +674,7 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg, if ( dns_SRV_reply && ! msg->skip_event ) analyzer->EnqueueConnEvent(dns_SRV_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, make_intrusive(new BroString(name, name_end - name, true)), @@ -695,7 +695,7 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg, if ( dns_EDNS_addl && ! msg->skip_event ) analyzer->EnqueueConnEvent(dns_EDNS_addl, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildEDNS_Val()} ); @@ -772,7 +772,7 @@ bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, tsig.rr_error = rr_error; analyzer->EnqueueConnEvent(dns_TSIG_addl, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildTSIG_Val(&tsig)} ); @@ -873,7 +873,7 @@ bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg, rrsig.signature = sign; analyzer->EnqueueConnEvent(dns_RRSIG, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, IntrusivePtr{AdoptRef{}, msg->BuildRRSIG_Val(&rrsig)} @@ -968,7 +968,7 @@ bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg, dnskey.public_key = key; analyzer->EnqueueConnEvent(dns_DNSKEY, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, IntrusivePtr{AdoptRef{}, msg->BuildDNSKEY_Val(&dnskey)} @@ -1020,7 +1020,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg, if ( dns_NSEC ) analyzer->EnqueueConnEvent(dns_NSEC, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, make_intrusive(new BroString(name, name_end - name, true)), @@ -1106,7 +1106,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg, nsec3.bitmaps = char_strings; analyzer->EnqueueConnEvent(dns_NSEC3, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, IntrusivePtr{AdoptRef{}, msg->BuildNSEC3_Val(&nsec3)} @@ -1166,7 +1166,7 @@ bool DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg, ds.digest_val = ds_digest; analyzer->EnqueueConnEvent(dns_DS, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, IntrusivePtr{AdoptRef{}, msg->BuildDS_Val(&ds)} @@ -1189,7 +1189,7 @@ bool DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, if ( dns_A_reply && ! msg->skip_event ) analyzer->EnqueueConnEvent(dns_A_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, make_intrusive(htonl(addr)) @@ -1225,7 +1225,7 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg, if ( event && ! msg->skip_event ) analyzer->EnqueueConnEvent(event, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, make_intrusive(addr) @@ -1299,7 +1299,7 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg, if ( dns_TXT_reply ) analyzer->EnqueueConnEvent(dns_TXT_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, std::move(char_strings) @@ -1327,7 +1327,7 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg, if ( dns_SPF_reply ) analyzer->EnqueueConnEvent(dns_SPF_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, std::move(char_strings) @@ -1368,7 +1368,7 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg, if ( dns_CAA_reply ) analyzer->EnqueueConnEvent(dns_CAA_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, IntrusivePtr{AdoptRef{}, msg->BuildAnswerVal()}, val_mgr->Count(flags), @@ -1396,7 +1396,7 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg, assert(event); analyzer->EnqueueConnEvent(event, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, msg->BuildHdrVal()}, make_intrusive(question_name), val_mgr->Count(qtype), diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index 1889eca104..7bb91df028 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -80,7 +80,7 @@ void File_Analyzer::Identify() if ( file_transferred ) EnqueueConnEvent(file_transferred, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(buffer_len, buffer), make_intrusive(""), make_intrusive(match) diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 54f4ff02d3..2d96eabe1a 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -68,7 +68,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig if ( finger_request ) EnqueueConnEvent(finger_request, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(long_cnt), make_intrusive(at - line, line), make_intrusive(end_of_line - host, host) @@ -86,7 +86,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig return; EnqueueConnEvent(finger_reply, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(end_of_line - line, line) ); } diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index b238106db2..9fcaaf3d73 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -97,7 +97,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) cmd_str = (new StringVal(cmd_len, cmd))->ToUpper(); vl = { - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, cmd_str}, make_intrusive(end_of_line - line, line), }; @@ -176,7 +176,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig) } vl = { - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Count(reply_code), make_intrusive(end_of_line - line, line), val_mgr->Bool(cont_resp) diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index 4afe0dd20b..6b2d487c9a 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -59,9 +59,9 @@ void Gnutella_Analyzer::Done() if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) ) { if ( Established() && gnutella_establish ) - EnqueueConnEvent(gnutella_establish, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(gnutella_establish, ConnVal()); else if ( ! Established () && gnutella_not_establish ) - EnqueueConnEvent(gnutella_not_establish, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(gnutella_not_establish, ConnVal()); } if ( gnutella_partial_binary_msg ) @@ -72,7 +72,7 @@ void Gnutella_Analyzer::Done() { if ( ! p->msg_sent && p->msg_pos ) EnqueueConnEvent(gnutella_partial_binary_msg, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(p->msg), val_mgr->Bool((i == 0)), val_mgr->Count(p->msg_pos) @@ -118,7 +118,7 @@ bool Gnutella_Analyzer::IsHTTP(std::string header) return false; if ( gnutella_http_notify ) - EnqueueConnEvent(gnutella_http_notify, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(gnutella_http_notify, ConnVal()); analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn()); @@ -177,7 +177,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { if ( gnutella_text_msg ) EnqueueConnEvent(gnutella_text_msg, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(ms->headers.data()) ); @@ -189,7 +189,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig) { sent_establish = 1; - EnqueueConnEvent(gnutella_establish, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(gnutella_establish, ConnVal()); } } } @@ -215,7 +215,7 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig) if ( gnutella_binary_msg ) EnqueueConnEvent(gnutella_binary_msg, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), val_mgr->Count(p->msg_type), val_mgr->Count(p->msg_ttl), diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index b01cd385df..ce922efc5e 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -650,7 +650,7 @@ void HTTP_Message::Done(bool interrupted, const char* detail) if ( http_message_done ) GetAnalyzer()->EnqueueConnEvent(http_message_done, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_orig), IntrusivePtr{AdoptRef{}, BuildMessageStat(interrupted, detail)} ); @@ -681,7 +681,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity) if ( http_begin_entity ) analyzer->EnqueueConnEvent(http_begin_entity, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_orig) ); } @@ -696,7 +696,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity) if ( http_end_entity ) analyzer->EnqueueConnEvent(http_end_entity, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_orig) ); @@ -735,7 +735,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) { if ( http_all_headers ) analyzer->EnqueueConnEvent(http_all_headers, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_orig), IntrusivePtr{AdoptRef{}, BuildHeaderTable(hlist)} ); @@ -746,7 +746,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist) StringVal* subty = current_entity->ContentSubType(); analyzer->EnqueueConnEvent(http_content_type, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_orig), IntrusivePtr{NewRef{}, ty}, IntrusivePtr{NewRef{}, subty} @@ -1178,7 +1178,7 @@ void HTTP_Analyzer::GenStats() r->Assign(3, make_intrusive(reply_version.ToDouble(), TYPE_DOUBLE)); // DEBUG_MSG("%.6f http_stats\n", network_time); - EnqueueConnEvent(http_stats, IntrusivePtr{AdoptRef{}, BuildConnVal()}, std::move(r)); + EnqueueConnEvent(http_stats, ConnVal(), std::move(r)); } } @@ -1378,7 +1378,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail) if ( http_event ) // DEBUG_MSG("%.6f http_event\n", network_time); EnqueueConnEvent(http_event, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(category), IntrusivePtr{AdoptRef{}, detail} ); @@ -1417,7 +1417,7 @@ void HTTP_Analyzer::HTTP_Request() if ( http_request ) // DEBUG_MSG("%.6f http_request\n", network_time); EnqueueConnEvent(http_request, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, request_method}, IntrusivePtr{AdoptRef{}, TruncateURI(request_URI->AsStringVal())}, IntrusivePtr{AdoptRef{}, TruncateURI(unescaped_URI->AsStringVal())}, @@ -1429,7 +1429,7 @@ void HTTP_Analyzer::HTTP_Reply() { if ( http_reply ) EnqueueConnEvent(http_reply, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(fmt("%.1f", reply_version.ToDouble())), val_mgr->Count(reply_code), reply_reason_phrase ? @@ -1506,7 +1506,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg) if ( http_connection_upgrade ) EnqueueConnEvent(http_connection_upgrade, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(upgrade_protocol) ); } @@ -1670,7 +1670,7 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h) DEBUG_MSG("%.6f http_header\n", network_time); EnqueueConnEvent(http_header, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), IntrusivePtr{AdoptRef{}, mime::new_string_val(h->get_name())->ToUpper()}, IntrusivePtr{AdoptRef{}, mime::new_string_val(h->get_value())} @@ -1682,7 +1682,7 @@ void HTTP_Analyzer::HTTP_EntityData(bool is_orig, BroString* entity_data) { if ( http_entity_data ) EnqueueConnEvent(http_entity_data, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), val_mgr->Count(entity_data->Len()), make_intrusive(entity_data) diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 3d81472035..7363c3c429 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -203,7 +203,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, { if ( icmp_sent ) EnqueueConnEvent(icmp_sent, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, icmpv6, ip_hdr)} ); @@ -212,7 +212,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, BroString* payload = new BroString(data, std::min(len, caplen), false); EnqueueConnEvent(icmp_sent_payload, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, icmpv6, ip_hdr)}, make_intrusive(payload) ); @@ -515,7 +515,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, BroString* payload = new BroString(data, caplen, false); EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)}, val_mgr->Count(iid), val_mgr->Count(iseq), @@ -543,7 +543,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(reachable) + sizeof(retrans); EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)}, val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed @@ -576,7 +576,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(in6_addr); EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)}, val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited @@ -603,7 +603,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, int opt_offset = sizeof(in6_addr); EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)}, make_intrusive(tgtaddr), IntrusivePtr{AdoptRef{}, BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)} @@ -630,7 +630,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, int opt_offset = 2 * sizeof(in6_addr); EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)}, make_intrusive(tgtaddr), make_intrusive(dstaddr), @@ -648,7 +648,7 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, return; EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)}, IntrusivePtr{AdoptRef{}, BuildNDOptionsVal(caplen, data)} ); @@ -673,7 +673,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, if ( f ) EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 0, ip_hdr)}, val_mgr->Count(icmpp->icmp_code), IntrusivePtr{AdoptRef{}, ExtractICMP4Context(caplen, data)} @@ -711,7 +711,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, if ( f ) EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, BuildICMPVal(icmpp, len, 1, ip_hdr)}, val_mgr->Count(icmpp->icmp_code), IntrusivePtr{AdoptRef{}, ExtractICMP6Context(caplen, data)} diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index a56b41fa95..78c0708851 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -85,7 +85,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) } EnqueueConnEvent(ident_request, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Port(local_port, TRANSPORT_TCP), val_mgr->Port(remote_port, TRANSPORT_TCP) ); @@ -146,7 +146,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) { if ( ident_error ) EnqueueConnEvent(ident_error, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Port(local_port, TRANSPORT_TCP), val_mgr->Port(remote_port, TRANSPORT_TCP), make_intrusive(end_of_line - line, line) @@ -179,7 +179,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) line = skip_whitespace(colon + 1, end_of_line); EnqueueConnEvent(ident_reply, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Port(local_port, TRANSPORT_TCP), val_mgr->Port(remote_port, TRANSPORT_TCP), make_intrusive(end_of_line - line, line), diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index ab624b477a..e844e7e21b 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -235,7 +235,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_network_info, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), val_mgr->Int(users), val_mgr->Int(services), @@ -282,7 +282,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_names_info, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(type.c_str()), make_intrusive(channel.c_str()), @@ -316,7 +316,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_server_info, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), val_mgr->Int(users), val_mgr->Int(services), @@ -338,7 +338,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) channels = atoi(parts[i - 1].c_str()); EnqueueConnEvent(irc_channel_info, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), val_mgr->Int(channels) ); @@ -370,7 +370,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_global_users, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(eop - prefix, prefix), make_intrusive(++msg) @@ -396,7 +396,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) zeek::Args vl; vl.reserve(6); - vl.emplace_back(AdoptRef{}, BuildConnVal()); + vl.emplace_back(ConnVal()); vl.emplace_back(val_mgr->Bool(orig)); vl.emplace_back(make_intrusive(parts[0].c_str())); vl.emplace_back(make_intrusive(parts[1].c_str())); @@ -435,7 +435,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_whois_operator_line, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(parts[0].c_str()) ); @@ -473,7 +473,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_whois_channel_line, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(nick.c_str()), std::move(set) @@ -504,7 +504,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) ++t; EnqueueConnEvent(irc_channel_topic, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(parts[1].c_str()), make_intrusive(t) @@ -538,7 +538,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[7] = parts[7].substr(1); EnqueueConnEvent(irc_who_line, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(parts[0].c_str()), make_intrusive(parts[1].c_str()), @@ -560,7 +560,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 436: if ( irc_invalid_nick ) EnqueueConnEvent(irc_invalid_nick, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig) ); break; @@ -570,7 +570,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) case 491: // user is not operator if ( irc_oper_response ) EnqueueConnEvent(irc_oper_response, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), val_mgr->Bool(code == 381) ); @@ -585,7 +585,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) default: if ( irc_reply ) EnqueueConnEvent(irc_reply, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), val_mgr->Count(code), @@ -656,7 +656,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( irc_dcc_message ) EnqueueConnEvent(irc_dcc_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(target.c_str()), @@ -672,7 +672,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( irc_privmsg_message ) EnqueueConnEvent(irc_privmsg_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(target.c_str()), @@ -697,7 +697,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); EnqueueConnEvent(irc_notice_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(target.c_str()), @@ -721,7 +721,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) message = message.substr(1); EnqueueConnEvent(irc_squery_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(target.c_str()), @@ -735,7 +735,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); zeek::Args vl; vl.reserve(6); - vl.emplace_back(AdoptRef{}, BuildConnVal()); + vl.emplace_back(ConnVal()); vl.emplace_back(val_mgr->Bool(orig)); if ( parts.size() > 0 ) @@ -770,7 +770,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) vector parts = SplitWords(params, ' '); if ( parts.size() == 2 ) EnqueueConnEvent(irc_oper_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(parts[0].c_str()), make_intrusive(parts[1].c_str()) @@ -792,7 +792,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) zeek::Args vl; vl.reserve(6); - vl.emplace_back(AdoptRef{}, BuildConnVal()); + vl.emplace_back(ConnVal()); vl.emplace_back(val_mgr->Bool(orig)); vl.emplace_back(make_intrusive(prefix.c_str())); vl.emplace_back(make_intrusive(parts[0].c_str())); @@ -861,7 +861,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_join_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), std::move(list) ); @@ -921,7 +921,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_join_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), std::move(list) ); @@ -960,7 +960,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_part_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(nick.c_str()), std::move(set), @@ -983,7 +983,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_quit_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(nickname.c_str()), make_intrusive(message.c_str()) @@ -997,7 +997,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) nick = nick.substr(1); EnqueueConnEvent(irc_nick_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(nick.c_str()) @@ -1022,7 +1022,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[0] = parts[0].substr(1); EnqueueConnEvent(irc_who_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), parts.size() > 0 ? make_intrusive(parts[0].c_str()) : @@ -1052,7 +1052,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) users = parts[0]; EnqueueConnEvent(irc_whois_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(server.c_str()), make_intrusive(users.c_str()) @@ -1065,7 +1065,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) params = params.substr(1); EnqueueConnEvent(irc_error_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(params.c_str()) @@ -1081,7 +1081,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) parts[1] = parts[1].substr(1); EnqueueConnEvent(irc_invite_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(parts[0].c_str()), @@ -1096,7 +1096,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { if ( params.size() > 0 ) EnqueueConnEvent(irc_mode_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(params.c_str()) @@ -1109,7 +1109,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) else if ( irc_password_message && command == "PASS" ) { EnqueueConnEvent(irc_password_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(params.c_str()) ); @@ -1131,7 +1131,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } EnqueueConnEvent(irc_squit_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(server.c_str()), @@ -1145,7 +1145,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( irc_request ) { EnqueueConnEvent(irc_request, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(command.c_str()), @@ -1159,7 +1159,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) if ( irc_message ) { EnqueueConnEvent(irc_message, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(prefix.c_str()), make_intrusive(command.c_str()), @@ -1194,7 +1194,7 @@ void IRC_Analyzer::StartTLS() AddChildAnalyzer(ssl); if ( irc_starttls ) - EnqueueConnEvent(irc_starttls, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(irc_starttls, ConnVal()); } vector IRC_Analyzer::SplitWords(const string& input, char split) diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index b097919ece..a2bff4e67d 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -290,7 +290,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) else if ( IsSkipAuthentication(line) ) { if ( authentication_skipped ) - EnqueueConnEvent(authentication_skipped, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(authentication_skipped, ConnVal()); state = LOGIN_STATE_SKIP; SetSkip(true); @@ -332,19 +332,19 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val) else if ( login_terminal && streq(name, "TERM") ) EnqueueConnEvent(login_terminal, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(val) ); else if ( login_display && streq(name, "DISPLAY") ) EnqueueConnEvent(login_display, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(val) ); else if ( login_prompt && streq(name, "TTYPROMPT") ) EnqueueConnEvent(login_prompt, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(val) ); } @@ -420,7 +420,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line, PopUserTextVal() : new StringVal(""); EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, username}, client_name ? IntrusivePtr{NewRef{}, client_name} : val_mgr->EmptyString(), @@ -443,7 +443,7 @@ void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line) return; EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(line) ); } @@ -455,7 +455,7 @@ void Login_Analyzer::Confused(const char* msg, const char* line) if ( login_confused ) EnqueueConnEvent(login_confused, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(msg), make_intrusive(line) ); @@ -479,7 +479,7 @@ void Login_Analyzer::ConfusionText(const char* line) { if ( login_confused_text ) EnqueueConnEvent(login_confused_text, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(line) ); } diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 096adca591..7923eeabab 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -460,7 +460,7 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len) { if ( login_terminal ) EnqueueConnEvent(login_terminal, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(new BroString(terminal, len, false)) ); } diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index 0bafcd206c..3827cbd2f8 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -172,7 +172,7 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig) vl.reserve(4 + orig); const char* line = (const char*) data; line = skip_whitespace(line); - vl.emplace_back(AdoptRef{}, BuildConnVal()); + vl.emplace_back(ConnVal()); if ( client_name ) vl.emplace_back(NewRef{}, client_name); diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index 244deb9cba..f2dd23f2ab 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -245,7 +245,7 @@ void Rlogin_Analyzer::TerminalType(const char* s) { if ( login_terminal ) EnqueueConnEvent(login_terminal, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), make_intrusive(s) ); } diff --git a/src/analyzer/protocol/mime/MIME.cc b/src/analyzer/protocol/mime/MIME.cc index 26821c3642..2b457c0469 100644 --- a/src/analyzer/protocol/mime/MIME.cc +++ b/src/analyzer/protocol/mime/MIME.cc @@ -1364,7 +1364,7 @@ void MIME_Mail::Done() md5_hash = nullptr; analyzer->EnqueueConnEvent(mime_content_hash, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(content_hash_length), make_intrusive(new BroString(true, digest, 16)) ); @@ -1391,7 +1391,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */) cur_entity_id.clear(); if ( mime_begin_entity ) - analyzer->EnqueueConnEvent(mime_begin_entity, IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}); + analyzer->EnqueueConnEvent(mime_begin_entity, analyzer->ConnVal()); buffer_start = data_start = 0; ASSERT(entity_content.size() == 0); @@ -1404,7 +1404,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) BroString* s = concatenate(entity_content); analyzer->EnqueueConnEvent(mime_entity_data, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(s->Len()), make_intrusive(s) ); @@ -1416,7 +1416,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) } if ( mime_end_entity ) - analyzer->EnqueueConnEvent(mime_end_entity, IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}); + analyzer->EnqueueConnEvent(mime_end_entity, analyzer->ConnVal()); file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn()); cur_entity_id.clear(); @@ -1426,7 +1426,7 @@ void MIME_Mail::SubmitHeader(MIME_Header* h) { if ( mime_one_header ) analyzer->EnqueueConnEvent(mime_one_header, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, BuildHeaderVal(h)} ); } @@ -1435,7 +1435,7 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist) { if ( mime_all_headers ) analyzer->EnqueueConnEvent(mime_all_headers, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), IntrusivePtr{AdoptRef{}, BuildHeaderTable(hlist)} ); } @@ -1471,7 +1471,7 @@ void MIME_Mail::SubmitData(int len, const char* buf) int data_len = (buf + len) - data; analyzer->EnqueueConnEvent(mime_segment_data, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(data_len), make_intrusive(data_len, data) ); @@ -1518,7 +1518,7 @@ void MIME_Mail::SubmitAllData() delete_strings(all_content); analyzer->EnqueueConnEvent(mime_all_data, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(s->Len()), make_intrusive(s) ); @@ -1546,7 +1546,7 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail) if ( mime_event ) analyzer->EnqueueConnEvent(mime_event, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), make_intrusive(category), make_intrusive(detail) ); diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index fdd381fca5..31a39023e9 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -63,14 +63,14 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame) { if ( frame->is_orig() ) analyzer->EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(frame->frame_type()), val_mgr->Count(frame->body_length()), val_mgr->Count(req_func) ); else analyzer->EnqueueConnEvent(f, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(frame->frame_type()), val_mgr->Count(frame->body_length()), val_mgr->Count(req_frame_type), diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 712ab4e9e4..2fa240b752 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -60,7 +60,7 @@ void NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags, { if ( netbios_session_message ) analyzer->EnqueueConnEvent(netbios_session_message, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_query), val_mgr->Count(type), val_mgr->Count(len) @@ -322,13 +322,13 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data, if ( is_orig >= 0 ) analyzer->EnqueueConnEvent(event, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Bool(is_orig), make_intrusive(new BroString(data, len, false)) ); else analyzer->EnqueueConnEvent(event, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), make_intrusive(new BroString(data, len, false)) ); } diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 5845f7d540..fe5797d6d1 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -159,7 +159,7 @@ void PIA_UDP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) EnumVal *tval = tag ? tag.AsEnumVal() : GetAnalyzerTag().AsEnumVal(); mgr.Enqueue(protocol_late_match, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, tval} ); } @@ -307,7 +307,7 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) EnumVal *tval = tag ? tag.AsEnumVal() : GetAnalyzerTag().AsEnumVal(); mgr.Enqueue(protocol_late_match, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, tval} ); } diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index e39b725374..9c29dd844d 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -826,7 +826,7 @@ void POP3_Analyzer::StartTLS() AddChildAnalyzer(ssl); if ( pop3_starttls ) - EnqueueConnEvent(pop3_starttls, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(pop3_starttls, ConnVal()); } void POP3_Analyzer::AuthSuccessfull() @@ -919,7 +919,7 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig, zeek::Args vl; vl.reserve(2 + (bool)arg1 + (bool)arg2); - vl.emplace_back(AdoptRef{}, BuildConnVal()); + vl.emplace_back(ConnVal()); vl.emplace_back(val_mgr->Bool(is_orig)); if ( arg1 ) diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 227915fc24..cddb49c547 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -191,7 +191,7 @@ zeek::Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c, // These are the first parameters for each mount_* event ... zeek::Args vl; vl.reserve(2 + extra_elements); - vl.emplace_back(AdoptRef{}, analyzer->BuildConnVal()); + vl.emplace_back(analyzer->ConnVal()); auto auxgids = make_intrusive(internal_type("index_vec")->AsVectorType()); for (size_t i = 0; i < c->AuxGIDs().size(); ++i) diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 0cdfe5d002..d1d7ff4b0e 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -327,7 +327,7 @@ zeek::Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_ // These are the first parameters for each nfs_* event ... zeek::Args vl; vl.reserve(2 + extra_elements); - vl.emplace_back(IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}); + vl.emplace_back(analyzer->ConnVal()); auto auxgids = make_intrusive(internal_type("index_vec")->AsVectorType()); for ( size_t i = 0; i < c->AuxGIDs().size(); ++i ) diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index a8bea3547a..d3f878f8f0 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -259,7 +259,7 @@ uint32_t PortmapperInterp::CheckPort(uint32_t port) if ( pm_bad_port ) { analyzer->EnqueueConnEvent(pm_bad_port, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(port) ); } @@ -281,7 +281,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu zeek::Args vl; - vl.emplace_back(AdoptRef{}, analyzer->BuildConnVal()); + vl.emplace_back(analyzer->ConnVal()); if ( status == BifEnum::RPC_SUCCESS ) { diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 8fde95fae2..46240f8773 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -339,7 +339,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st { if ( rpc_dialogue ) analyzer->EnqueueConnEvent(rpc_dialogue, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(c->Program()), val_mgr->Count(c->Version()), val_mgr->Count(c->Proc()), @@ -354,7 +354,7 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c) { if ( rpc_call ) analyzer->EnqueueConnEvent(rpc_call, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(c->XID()), val_mgr->Count(c->Program()), val_mgr->Count(c->Version()), @@ -367,7 +367,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status, { if ( rpc_reply ) analyzer->EnqueueConnEvent(rpc_reply, - IntrusivePtr{AdoptRef{}, analyzer->BuildConnVal()}, + analyzer->ConnVal(), val_mgr->Count(xid), BifType::Enum::rpc_status->GetVal(status), val_mgr->Count(reply_len) diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index f1dc8765de..d3933f91c6 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -220,7 +220,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) if ( smtp_data && ! skip_data ) { EnqueueConnEvent(smtp_data, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), make_intrusive(data_len, line) ); @@ -350,7 +350,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig) } EnqueueConnEvent(smtp_reply, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig), val_mgr->Count(reply_code), make_intrusive(cmd), @@ -410,7 +410,7 @@ void SMTP_Analyzer::StartTLS() AddChildAnalyzer(ssl); if ( smtp_starttls ) - EnqueueConnEvent(smtp_starttls, IntrusivePtr{AdoptRef{}, BuildConnVal()}); + EnqueueConnEvent(smtp_starttls, ConnVal()); } @@ -859,7 +859,7 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd, cmd_arg->ToUpper(); EnqueueConnEvent(smtp_request, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(orig_is_sender), std::move(cmd_arg), make_intrusive(arg_len, arg) @@ -880,7 +880,7 @@ void SMTP_Analyzer::Unexpected(bool is_sender, const char* msg, is_orig = ! is_orig; EnqueueConnEvent(smtp_unexpected, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), make_intrusive(msg), make_intrusive(detail_len, detail) diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 3bf71d9c95..51c43fb5f0 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -146,7 +146,7 @@ void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig) return; endp->TCP()->EnqueueConnEvent(stp_create_endp, - IntrusivePtr{AdoptRef{}, endp->TCP()->BuildConnVal()}, + endp->TCP()->ConnVal(), val_mgr->Int(stp_id), val_mgr->Bool(is_orig) ); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 53729bb78b..d94f67e995 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -786,7 +786,7 @@ void TCP_Analyzer::GeneratePacketEvent( bool is_orig, TCP_Flags flags) { EnqueueConnEvent(tcp_packet, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), make_intrusive(flags.AsString()), val_mgr->Count(rel_seq), @@ -1102,7 +1102,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( connection_SYN_packet ) EnqueueConnEvent(connection_SYN_packet, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{NewRef{}, SYN_vals} ); @@ -1346,7 +1346,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) auto kind = o[0]; auto length = kind < 2 ? 1 : o[1]; EnqueueConnEvent(tcp_option, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), val_mgr->Count(kind), val_mgr->Count(length) @@ -1459,7 +1459,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig) } EnqueueConnEvent(tcp_options, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), std::move(option_list) ); @@ -1781,7 +1781,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp) { if ( connection_EOF ) EnqueueConnEvent(connection_EOF, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(endp->IsOrig()) ); @@ -2061,7 +2061,7 @@ bool TCPStats_Endpoint::DataSent(double /* t */, uint64_t seq, int len, int capl if ( tcp_rexmit ) endp->TCP()->EnqueueConnEvent(tcp_rexmit, - IntrusivePtr{AdoptRef{}, endp->TCP()->BuildConnVal()}, + endp->TCP()->ConnVal(), val_mgr->Bool(endp->IsOrig()), val_mgr->Count(seq), val_mgr->Count(len), @@ -2116,7 +2116,7 @@ void TCPStats_Analyzer::Done() if ( conn_stats ) EnqueueConnEvent(conn_stats, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), IntrusivePtr{AdoptRef{}, orig_stats->BuildStats()}, IntrusivePtr{AdoptRef{}, resp_stats->BuildStats()} ); diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index d0626ac37c..a798c28fb2 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -238,7 +238,7 @@ bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen, if ( contents_file_write_failure ) tcp_analyzer->EnqueueConnEvent(contents_file_write_failure, - IntrusivePtr{AdoptRef{}, Conn()->BuildConnVal()}, + Conn()->ConnVal(), val_mgr->Bool(IsOrig()), make_intrusive(buf) ); diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 33e484b7c8..f93647adb2 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -150,7 +150,7 @@ void TCP_Reassembler::Gap(uint64_t seq, uint64_t len) if ( report_gap(endp, endp->peer) ) dst_analyzer->EnqueueConnEvent(content_gap, - IntrusivePtr{AdoptRef{}, dst_analyzer->BuildConnVal()}, + dst_analyzer->ConnVal(), val_mgr->Bool(IsOrig()), val_mgr->Count(seq), val_mgr->Count(len) @@ -360,7 +360,7 @@ void TCP_Reassembler::RecordBlock(const DataBlock& b, BroFile* f) if ( contents_file_write_failure ) tcp_analyzer->EnqueueConnEvent(contents_file_write_failure, - IntrusivePtr{AdoptRef{}, Endpoint()->Conn()->BuildConnVal()}, + Endpoint()->Conn()->ConnVal(), val_mgr->Bool(IsOrig()), make_intrusive("TCP reassembler content write failure") ); @@ -375,7 +375,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, BroFile* if ( contents_file_write_failure ) tcp_analyzer->EnqueueConnEvent(contents_file_write_failure, - IntrusivePtr{AdoptRef{}, Endpoint()->Conn()->BuildConnVal()}, + Endpoint()->Conn()->ConnVal(), val_mgr->Bool(IsOrig()), make_intrusive("TCP reassembler gap write failure") ); @@ -455,7 +455,7 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n) BroString* b2_s = new BroString((const u_char*) b2, n, false); tcp_analyzer->EnqueueConnEvent(rexmit_inconsistency, - IntrusivePtr{AdoptRef{}, tcp_analyzer->BuildConnVal()}, + tcp_analyzer->ConnVal(), make_intrusive(b1_s), make_intrusive(b2_s), make_intrusive(flags.AsString()) @@ -611,7 +611,7 @@ void TCP_Reassembler::DeliverBlock(uint64_t seq, int len, const u_char* data) if ( deliver_tcp_contents ) tcp_analyzer->EnqueueConnEvent(tcp_contents, - IntrusivePtr{AdoptRef{}, tcp_analyzer->BuildConnVal()}, + tcp_analyzer->ConnVal(), val_mgr->Bool(IsOrig()), val_mgr->Count(seq), make_intrusive(len, (const char*) data) diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index 9d49b1cb4a..f04f29ddfe 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -165,7 +165,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, if ( do_udp_contents ) EnqueueConnEvent(udp_contents, - IntrusivePtr{AdoptRef{}, BuildConnVal()}, + ConnVal(), val_mgr->Bool(is_orig), make_intrusive(len, (const char*) data) ); diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 76822e857d..064d4bbe9b 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -145,7 +145,7 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig) return false; } - conns->AsTableVal()->Assign(idx, conn->BuildConnVal()); + conns->AsTableVal()->Assign(idx, conn->ConnVal()); Unref(idx); return true; } @@ -156,7 +156,7 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) { FileEvent(file_over_new_connection, { IntrusivePtr{NewRef{}, val}, - IntrusivePtr{AdoptRef{}, conn->BuildConnVal()}, + conn->ConnVal(), val_mgr->Bool(is_orig), }); } diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 14232d0668..c32ccbb7b4 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -436,7 +436,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) mgr.Enqueue(get_file_handle, IntrusivePtr{NewRef{}, tagval}, - IntrusivePtr{AdoptRef{}, c->BuildConnVal()}, + c->ConnVal(), val_mgr->Bool(is_orig) ); mgr.Drain(); // need file handle immediately so we don't have to buffer data diff --git a/src/zeek.bif b/src/zeek.bif index 4e76bec063..e7bfa7ed40 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -3300,7 +3300,7 @@ function lookup_connection%(cid: conn_id%): connection %{ Connection* conn = sessions->FindConnection(cid); if ( conn ) - return IntrusivePtr{AdoptRef{}, conn->BuildConnVal()}; + return conn->ConnVal(); builtin_error("connection ID not a known connection", cid);