Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins

Browse source
This commit is contained in:
Robin Sommer 2014-07-31 10:10:39 -07:00
commit 2b505b07c1
37 changed files with 91122 additions and 79726 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/3rdparty

@ -1 +1 @@
Subproject commit 42a4c9694a2b2677b050fbb7cbae26bc5ec4605a
Subproject commit 7e15efe9d28d46bfa662fcdd1cbb15ce1db285c9

13
src/analyzer/protocol/modbus/modbus-analyzer.pac
View file

@ -17,6 +17,11 @@
VectorVal* bytestring_to_coils(bytestring coils, uint quantity)
{
VectorVal* modbus_coils = new VectorVal(BifType::Vector::ModbusCoils);
for ( uint i = 0; i < quantity; i++ )
{
char currentCoil = (coils[i/8] >> (i % 8)) % 2;
modbus_coils->Assign(i, new Val(currentCoil, TYPE_BOOL));
}
return modbus_coils;
}
@ -26,8 +31,9 @@
RecordVal* modbus_header = new RecordVal(BifType::Record::ModbusHeaders);
modbus_header->Assign(0, new Val(header->tid(), TYPE_COUNT));
modbus_header->Assign(1, new Val(header->pid(), TYPE_COUNT));
modbus_header->Assign(2, new Val(header->uid(), TYPE_COUNT));
modbus_header->Assign(3, new Val(header->fc(), TYPE_COUNT));
modbus_header->Assign(2, new Val(header->len(), TYPE_COUNT));
modbus_header->Assign(3, new Val(header->uid(), TYPE_COUNT));
modbus_header->Assign(4, new Val(header->fc(), TYPE_COUNT));
return modbus_header;
}
@ -614,6 +620,3 @@ refine flow ModbusTCP_Flow += {
return true;
%}
};

4
src/file_analysis/Analyzer.h
View file

@ -31,13 +31,13 @@ public:
* Initializes the analyzer before input processing starts.
*/
virtual void Init()
{ };
{ }
/**
* Finishes the analyzer's operation after all input has been parsed.
*/
virtual void Done()
{ };
{ }
/**
* Subclasses may override this metod to receive file data non-sequentially.

3
src/main.cc
View file

@ -933,9 +933,6 @@ int main(int argc, char** argv)
}
reporter->InitOptions();
init_general_global_var();
broxygen_mgr->GenerateDocs();
if ( user_pcap_filter )

2
src/plugin/Component.h
View file

@ -76,7 +76,7 @@ public:
protected:
/**
* Adds type specific information to the outout of Describe().
* Adds type specific information to the output of Describe().
*
* The default version does nothing.
*

2
src/plugin/ComponentManager.h
View file

@ -166,7 +166,7 @@ EnumType* ComponentManager<T, C>::GetTagEnumType() const
template <class T, class C>
const std::string& ComponentManager<T, C>::GetComponentName(T tag) const
{
static const std::string& error = "<error>";
static const std::string error = "<error>";
if ( ! tag )
return error;

2
src/plugin/Manager.cc
View file

@ -144,7 +144,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
reporter->Error("plugin %s is not available", name.c_str());
return false;
}
}
if ( m->second == "" )
// Already activated.

10
src/plugin/Manager.h
View file

@ -73,7 +73,7 @@ public:
void SearchDynamicPlugins(const std::string& dir);
/**
* Activates a plugin that SearchPlugins() has previously discovered.
* Activates a plugin that SearchDynamicPlugins() has previously discovered.
* Activating a plugin involves loading its dynamic module, making its
* bifs available, and adding its script paths to BROPATH.
*
@ -86,8 +86,8 @@ public:
bool ActivateDynamicPlugin(const std::string& name);
/**
* Activates plugins that SearchPlugins() has previously discovered. The
* effect is the same all calling \a ActivePlugin(name) for each plugin.
* Activates plugins that SearchDynamicPlugins() has previously discovered.
* The effect is the same all calling \a ActivePlugin(name) for each plugin.
*
* @param all If true, activates all plugins that are found. If false,
* activates only those that should always be activated unconditionally,
@ -218,7 +218,7 @@ public:
// Hook entry functions.
/**
* Hook that gives plugins a chance to take over loading an input input
* Hook that gives plugins a chance to take over loading an input
* file. This method must be called between InitPreScript() and
* InitPostScript() for each input file Bro is about to load, either
* given on the command line or via @load script directives. The hook can
@ -288,7 +288,7 @@ public:
* Internal method that registers a bif file's init function for a
* plugin.
*
* @param plugin The plugin to reguster the function for.
* @param plugin The plugin to register the function for.
*
* @param c The init function to register.
*/

94
src/plugin/Plugin.h
View file

@ -302,7 +302,7 @@ typedef std::list<HookArgument> HookArgumentList;
*
* A plugin needs to explicitly register all the functionality it provides.
* For components, it needs to call AddComponent(); for BiFs AddBifItem();
* and for hooks EnableHook() and then also implemennt the corresponding
* and for hooks EnableHook() and then also implement the corresponding
* virtual methods.
*
*/
@ -346,7 +346,7 @@ public:
/**
* For dynamic plugins, returns the base directory from which it was
* loaded. For static plugins, returns null.
* loaded. For static plugins, returns an empty string.
**/
const std::string& PluginDirectory() const;
@ -377,40 +377,6 @@ public:
*/
bif_item_list BifItems() const;
/**
* A function called when the plugin is instantiated to query basic
* configuration parameters.
*
* The plugin must override this method and return a suitably
* initialized configuration object.
*
* @return A configuration describing the plugin.
*/
virtual Configuration Configure() = 0;
/**
* First-stage initialization of the plugin called early during Bro's
* startup, before scripts are parsed. This can be overridden by
* derived classes; they must however call the parent's
* implementation.
*/
virtual void InitPreScript();
/**
* Second-stage initialization of the plugin called late during Bro's
* startup, after scripts are parsed. This can be overridden by
* derived classes; they must however call the parent's
* implementation.
*/
virtual void InitPostScript();
/**
* Finalizer method that derived classes can override for performing
* custom tasks at shutdown. This can be overridden by derived
* classes; they must however call the parent's implementation.
*/
virtual void Done();
/**
* Returns a textual description of the plugin.
*
@ -445,7 +411,7 @@ public:
* will normally be a Bro script, but it passes through the plugin
* system as well to load files with other extensions as supported by
* any of the current plugins. In other words, calling this method is
* similar to given a file on the command line. Note that the file
* similar to giving a file on the command line. Note that the file
* may be only queued for now, and actually loaded later.
*
* This method must not be called after InitPostScript().
@ -461,6 +427,29 @@ public:
protected:
friend class Manager;
/**
* First-stage initialization of the plugin called early during Bro's
* startup, before scripts are parsed. This can be overridden by
* derived classes; they must however call the parent's
* implementation.
*/
virtual void InitPreScript();
/**
* Second-stage initialization of the plugin called late during Bro's
* startup, after scripts are parsed. This can be overridden by
* derived classes; they must however call the parent's
* implementation.
*/
virtual void InitPostScript();
/**
* Finalizer method that derived classes can override for performing
* custom tasks at shutdown. This can be overridden by derived
* classes; they must however call the parent's implementation.
*/
virtual void Done();
/**
* Registers and activates a component.
*
@ -471,7 +460,7 @@ protected:
/**
* Enables a hook. The corresponding virtual method will now be
* called as Bro's processing proceeds. Note that enabling hooks can
* have performance impaxct as many trigger frequently inside Bro's
* have performance impact as many trigger frequently inside Bro's
* main processing path.
*
* Note that while hooks may be enabled/disabled dynamically at any
@ -557,16 +546,16 @@ protected:
* from executing it). In the latter case it must provide a matching
* return value.
*
* The default implementation does never handle the call in any way.
* The default implementation never handles the call in any way.
*
* @param func The function being called.
*
* @param args The function arguments. The method can modify the list
* in place long as it ensures matching types and correct reference
* in place as long as it ensures matching types and correct reference
* counting.
*
* @return If the plugin handled the call, a Val with +1 reference
* count containomg the result value to pass back to the interpreter
* count containixnmg the result value to pass back to the interpreter
* (for void functions and events any \a Val is fine; it will be
* ignored; best to use a \c TYPE_ANY). If the plugin did not handle
* the call, it must return null.
@ -581,15 +570,14 @@ protected:
* inspect the event, or take it over (i.e., prevent the interpreter
* from queuing it itself).
*
* The default implementation does never handle the queuing in any
* way.
* The default implementation never handles the queuing in any way.
*
* @param event The even to be queued. The method can modify it in in
* place long as it ensures matching types and correct reference
* @param event The event to be queued. The method can modify it in
* place as long as it ensures matching types and correct reference
* counting.
*
* @return True if the plugin took charge of the event; in that case
* it must have assumed ownership of the event and the intpreter will
* it must have assumed ownership of the event and the interpreter will
* not do anything further with it. False otherwise.
*/
virtual bool HookQueueEvent(Event* event);
@ -609,7 +597,7 @@ protected:
virtual void HookUpdateNetworkTime(double network_time);
/**
* Hook for destruction of objects registerd with
* Hook for destruction of objects registered with
* RequestBroObjDtor(). When Bro's reference counting triggers the
* objects destructor to run, this method will be run. It may also
* run for other objects that this plugin has not registered for.
@ -652,6 +640,18 @@ protected:
virtual void MetaHookPost(HookType hook, const HookArgumentList& args, HookArgument result);
private:
/**
* A function called when the plugin is instantiated to query basic
* configuration parameters.
*
* The plugin must override this method and return a suitably
* initialized configuration object.
*
* @return A configuration describing the plugin.
*/
virtual Configuration Configure() = 0;
/**
* Intializes the plugin's internal configuration. Called by the
* manager before anything else.

4
src/scan.l
View file

@ -319,7 +319,7 @@ when return TOK_WHEN;
@load-plugin{WS}{ID} {
const char* plugin = skip_whitespace(yytext + 12);
plugin_mgr->ActivateDynamicPlugin(plugin);
plugin_mgr->ActivateDynamicPlugin(plugin);
}
@unload{WS}{FILE} {
@ -715,7 +715,7 @@ void add_input_file_at_front(const char* file)
if ( ! filename )
(void) load_files(file);
else
input_files.insert(copy_string(file));
input_files.insert(copy_string(file));
}
void add_to_name_list(char* s, char delim, name_list& nl)

2
src/util.h
View file

@ -178,7 +178,7 @@ bool is_file(const std::string& path);
// Replaces all occurences of *o* in *s* with *n*.
extern std::string strreplace(const std::string& s, const std::string& o, const std::string& n);
// Remove all leading and trainling white space from string.
// Remove all leading and trailing white space from string.
extern std::string strstrip(std::string s);
extern uint8 shared_hmac_md5_key[16];