From b8ab0ebc22fec9e3ed132a1bbcba86ee1d88e940 Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Sat, 11 Dec 2010 10:51:37 -0800 Subject: [PATCH 01/19] Remvoing expire timer from http_sessions. The expire timeout for the http_sessions table is unnecessary and it actually breaks http session semantics for long-lived sessions. The connection_state_remove() event can take care of cleaning up unanswered sessions. If a HTTP transfer exceeds the expire timer, then once the expire timer fires we get an "unanswered" HTTP request in http.log and once the reply is done (http_reply_done event), it fails to locate the associated request (because it expired) and thus results in an "unsolicited" HTTP reply being logged (althoug they should be one http session). There was a comment in the expire_function mentioning that without the expire timer some requests don't show up with the test-suite. However, after checking back with Robin, I could not reproduce this behavior. (Actually there's one fewer request in the output without the expire-timer, but this can be explained by the above observation, so this is not an error but the way it should be). This patch results in changes to test-suite output: * Timestamps for unanswered HTTP replies differ for unanswered request in the "short" test. * Medium testcase (note: lines are sorted, they are not in the order):: -902189670.828700 (0 "" [40880 (interrupted)]) -902189670.828700 GET /1998/b142.ps -902189670.828700 start <>:<> <>:80 +902189670.828700 GET /1998/b142.ps (200 "OK" [40880 (interrupted)] <>) --- policy/heavy.http.bro | 3 --- policy/http.bro | 38 ++------------------------------------ 2 files changed, 2 insertions(+), 39 deletions(-) delete mode 100644 policy/heavy.http.bro diff --git a/policy/heavy.http.bro b/policy/heavy.http.bro deleted file mode 100644 index f3be0bf058..0000000000 --- a/policy/heavy.http.bro +++ /dev/null @@ -1,3 +0,0 @@ -# $Id: heavy.http.bro 4723 2007-08-07 18:14:35Z vern $ - -redef http_sessions &write_expire = 5 hrs; diff --git a/policy/http.bro b/policy/http.bro index 90b0aa2daa..a5b13d7637 100644 --- a/policy/http.bro +++ b/policy/http.bro @@ -79,18 +79,8 @@ type http_session_info: record { const http_log = open_log_file("http") &redef; -# Called when an HTTP session times out. -global expire_http_session: - function(t: table[conn_id] of http_session_info, id: conn_id) - : interval; - -export { - # Indexed by conn_id. - # (Exported so that we can define a timeout on it.) - global http_sessions: table[conn_id] of http_session_info - &expire_func = expire_http_session - &read_expire = 15 min; -} +# Indexed by conn_id. +global http_sessions: table[conn_id] of http_session_info; global http_session_id = 0; @@ -202,30 +192,6 @@ event connection_state_remove(c: connection) delete http_sessions[c$id]; } -function expire_http_session(t: table[conn_id] of http_session_info, - id: conn_id): interval - { - ### FIXME: not really clear that we need this function at all ... - # - # One would think that connection_state_remove() already takes care - # of everything. However, without this expire-handler, some requests - # don't show up with the test-suite (but haven't reproduced with - # smaller traces) - Robin. - - local s = http_sessions[id]; - finish_stream(id, s$id, s$request_stream); - return 0 sec; - } - -# event connection_timeout(c: connection) -# { -# if ( ! maintain_http_sessions ) -# { -# local id = c$id; -# if ( [id$orig_h, id$resp_h] in http_sessions ) -# delete http_sessions[id$orig_h, id$resp_h]; -# } -# } # event http_stats(c: connection, stats: http_stats_rec) # { From 763a446182934679f5e56146bee26b2e7cad1f3b Mon Sep 17 00:00:00 2001 From: Gregor Maier Date: Mon, 13 Dec 2010 19:11:05 -0800 Subject: [PATCH 02/19] Some small tweaks to the HTTP analyzer From ticket #339 http://tracker.icir.org/bro/ticket/339 : * Fixing a couple of minor issues in the HTTP analyzer, that made the analyzer raise a ProtocolViolation() on strange but seemingly legal HTTP traffic. Well, the traffic might not necessarily be adhering the RFC, but the server has understood it. * Also stops parsing when the message is interrupted to prevent further parsing and ProtocolViolation() generation. * skip_http_entity_data: check return value of FindAnalyzer, since it can be NULL In addition: * http-headers.bro now loads http.bro Testsuite changes: * Added a new weird (empty_http_request). This shows up once in the medium testsuite. * no change when running short testsuite --- policy/http-header.bro | 2 ++ src/HTTP.cc | 45 ++++++++++++++++++++++++++++++++++++++---- src/bro.bif | 13 ++++++++---- 3 files changed, 52 insertions(+), 8 deletions(-) diff --git a/policy/http-header.bro b/policy/http-header.bro index 3d676488ff..259031b024 100644 --- a/policy/http-header.bro +++ b/policy/http-header.bro @@ -2,6 +2,8 @@ # Prints out detailed HTTP headers. +@load http + module HTTP; export { diff --git a/src/HTTP.cc b/src/HTTP.cc index 0cccf75103..85872f7c79 100644 --- a/src/HTTP.cc +++ b/src/HTTP.cc @@ -16,16 +16,21 @@ const bool DEBUG_http = false; +/* The EXPECT_*_NOTHING states are used to prevent further parsing. Used + * if a message was interrupted. + */ enum { EXPECT_REQUEST_LINE, EXPECT_REQUEST_MESSAGE, EXPECT_REQUEST_TRAILER, + EXPECT_REQUEST_NOTHING, }; enum { EXPECT_REPLY_LINE, EXPECT_REPLY_MESSAGE, EXPECT_REPLY_TRAILER, + EXPECT_REPLY_NOTHING, }; HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, int arg_expect_body) @@ -851,7 +856,20 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) HTTP_Event("crud_trailing_HTTP_request", new_string_val(line, end_of_line)); else - ProtocolViolation("not a http request line"); + { + // We do see HTTP requests with a trailing EOL that's not + // not accounted for by the content-length. This will lead + // to a call to this method with len==0 while we are + // expecting a new request. Since HTTP servers handle + // such request gracefully, we should do so as well. + if (len==0) + Weird("empty_http_request"); + else + { + ProtocolViolation("not a http request line"); + request_state = EXPECT_REQUEST_NOTHING; + } + } } break; @@ -861,6 +879,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) case EXPECT_REQUEST_TRAILER: break; + + case EXPECT_REQUEST_NOTHING: + break; } } else @@ -873,6 +894,8 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) if ( unanswered_requests.empty() ) Weird("unmatched_HTTP_reply"); + else + ProtocolConfirmation(); reply_state = EXPECT_REPLY_MESSAGE; reply_ongoing = 1; @@ -885,7 +908,10 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) len); } else + { ProtocolViolation("not a http reply line"); + reply_state = EXPECT_REPLY_NOTHING; + } break; @@ -895,6 +921,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) case EXPECT_REPLY_TRAILER: break; + + case EXPECT_REPLY_NOTHING: + break; } } } @@ -1042,6 +1071,8 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) // HTTP methods for distributed authoring. "PROPFIND", "PROPPATCH", "MKCOL", "DELETE", "PUT", "COPY", "MOVE", "LOCK", "UNLOCK", + // More stuff + "POLL", "REPORT", "SUBSCRIBE", "BMOVE", "SEARCH", @@ -1055,7 +1086,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) if ( ! http_methods[i] ) { - // Weird("HTTP_unknown_method"); + //Weird("HTTP_unknown_method"); if ( RequestExpected() ) HTTP_Event("unknown_HTTP_method", new_string_val(line, end_of_line)); return 0; @@ -1256,7 +1287,10 @@ void HTTP_Analyzer::RequestMade(const int interrupted, const char* msg) num_request_lines = 0; - request_state = EXPECT_REQUEST_LINE; + if (interrupted) + request_state = EXPECT_REQUEST_NOTHING; + else + request_state = EXPECT_REQUEST_LINE; } void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) @@ -1285,7 +1319,10 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) reply_reason_phrase = 0; } - reply_state = EXPECT_REPLY_LINE; + if (interrupted) + reply_state = EXPECT_REPLY_NOTHING; + else + reply_state = EXPECT_REPLY_LINE; } void HTTP_Analyzer::RequestClash(Val* /* clash_val */) diff --git a/src/bro.bif b/src/bro.bif index 0de77bfc49..af841600c8 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1365,12 +1365,17 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any { Analyzer* ha = c->FindAnalyzer(id); - if ( ha->GetTag() == AnalyzerTag::HTTP ) - static_cast(ha)->SkipEntityData(is_orig); + if (ha) + { + if ( ha->GetTag() == AnalyzerTag::HTTP ) + static_cast(ha)->SkipEntityData(is_orig); + else + run_time("non-HTTP analyzer associated with connection record"); + } else - run_time("non-HTTP analyzer associated with connection record"); - } + run_time("could not find analyzer for skip_http_entity_data"); + } else run_time("no analyzer associated with connection record"); From dbca5be43c36b7dcd22a3c9c992bd5bfb6e2bddd Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 6 Jan 2011 17:16:10 -0800 Subject: [PATCH 03/19] Applying Seth's patch from #265 adding entropy BiFs. --- policy/bro.init | 8 ++ src/NetVar.cc | 4 + src/NetVar.h | 2 + src/RandTest.cc | 256 ++++++++++++++++++++++++++++++++++++++++++++++++ src/RandTest.h | 68 +++++++++++++ src/bro.bif | 89 ++++++++++++++++- 6 files changed, 423 insertions(+), 4 deletions(-) create mode 100644 src/RandTest.cc create mode 100644 src/RandTest.h diff --git a/policy/bro.init b/policy/bro.init index 1ba8f59b4d..f9742798c4 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -264,6 +264,14 @@ type geo_location: record { longitude: double; }; +type entropy_test_result: record { + entropy: double; + chi_square: double; + mean: double; + monte_carlo_pi: double; + serial_correlation: double; +}; + # Prototypes of Bro built-in functions. @load strings.bif.bro @load bro.bif.bro diff --git a/src/NetVar.cc b/src/NetVar.cc index 2c817fdc17..0af742ef3e 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -126,6 +126,8 @@ TableType* smb_negotiate; RecordType* geo_location; +RecordType* entropy_test_result; + TableType* dhcp_router_list; RecordType* dhcp_msg; @@ -460,6 +462,8 @@ void init_net_var() geo_location = internal_type("geo_location")->AsRecordType(); + entropy_test_result = internal_type("entropy_test_result")->AsRecordType(); + dhcp_router_list = internal_type("dhcp_router_list")->AsTableType(); dhcp_msg = internal_type("dhcp_msg")->AsRecordType(); diff --git a/src/NetVar.h b/src/NetVar.h index 904bccdb77..7461ec8be0 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -133,6 +133,8 @@ extern TableType* smb_negotiate; extern RecordType* geo_location; +extern RecordType* entropy_test_result; + extern TableType* dhcp_router_list; extern RecordType* dhcp_msg; diff --git a/src/RandTest.cc b/src/RandTest.cc new file mode 100644 index 0000000000..f779a23f94 --- /dev/null +++ b/src/RandTest.cc @@ -0,0 +1,256 @@ +/* + + Apply various randomness tests to a stream of bytes + + by John Walker -- September 1996 + http://www.fourmilab.ch/ + + Modified for Bro by Seth Hall - July 2010 +*/ + +#include + +RandTest::RandTest() + { + totalc = 0; + mp = 0; + sccfirst = 1; + inmont = mcount = 0; + cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0; + + for (int i = 0; i < 256; i++) + { + ccount[i] = 0; + } + } + +void RandTest::add(void *buf, int bufl) + { + unsigned char *bp = (unsigned char*)buf; + int oc; + + while (bufl-- > 0) + { + oc = *bp++; + ccount[oc]++; /* Update counter for this bin */ + totalc++; + + /* Update inside / outside circle counts for Monte Carlo + computation of PI */ + monte[mp++] = oc; /* Save character for Monte Carlo */ + if (mp >= RT_MONTEN) /* Calculate every RT_MONTEN character */ + { + mp = 0; + mcount++; + montex = 0; + montey = 0; + for (int mj=0; mj < RT_MONTEN/2; mj++) + { + montex = (montex * 256.0) + monte[mj]; + montey = (montey * 256.0) + monte[(RT_MONTEN / 2) + mj]; + } + if (montex*montex + montey*montey <= RT_INCIRC) + { + inmont++; + } + } + + /* Update calculation of serial correlation coefficient */ + if (sccfirst) + { + sccfirst = 0; + scclast = 0; + sccu0 = oc; + } + else + { + scct1 = scct1 + scclast * oc; + } + + scct2 = scct2 + oc; + scct3 = scct3 + (oc * oc); + scclast = oc; + oc <<= 1; + } + } + +void RandTest::end(double *r_ent, double *r_chisq, + double *r_mean, double *r_montepicalc, double *r_scc) + { + int i; + double ent, chisq, scc, datasum; + ent = 0.0; chisq = 0.0; scc = 0.0; datasum = 0.0; + double prob[256]; /* Probabilities per bin for entropy */ + + /* Complete calculation of serial correlation coefficient */ + scct1 = scct1 + scclast * sccu0; + scct2 = scct2 * scct2; + scc = totalc * scct3 - scct2; + if (scc == 0.0) + scc = -100000; + else + scc = (totalc * scct1 - scct2) / scc; + + /* Scan bins and calculate probability for each bin and + Chi-Square distribution. The probability will be reused + in the entropy calculation below. While we're at it, + we sum of all the data which will be used to compute the + mean. */ + cexp = totalc / 256.0; /* Expected count per bin */ + for (i = 0; i < 256; i++) + { + double a = ccount[i] - cexp; + + prob[i] = ((double) ccount[i]) / totalc; + chisq += (a * a) / cexp; + datasum += ((double) i) * ccount[i]; + } + + /* Calculate entropy */ + for (i = 0; i < 256; i++) + { + if (prob[i] > 0.0) + { + ent += prob[i] * rt_log2(1 / prob[i]); + } + } + + /* Calculate Monte Carlo value for PI from percentage of hits + within the circle */ + montepi = 4.0 * (((double) inmont) / mcount); + + /* Return results through arguments */ + *r_ent = ent; + *r_chisq = chisq; + *r_mean = datasum / totalc; + *r_montepicalc = montepi; + *r_scc = scc; + } +/* + + Apply various randomness tests to a stream of bytes + + by John Walker -- September 1996 + http://www.fourmilab.ch/ + + Modified for Bro by Seth Hall - July 2010 +*/ + +#include + +RandTest::RandTest() + { + totalc = 0; + mp = 0; + sccfirst = 1; + inmont = mcount = 0; + cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0; + + for (int i = 0; i < 256; i++) + { + ccount[i] = 0; + } + } + +void RandTest::add(void *buf, int bufl) + { + unsigned char *bp = (unsigned char*)buf; + int oc; + + while (bufl-- > 0) + { + oc = *bp++; + ccount[oc]++; /* Update counter for this bin */ + totalc++; + + /* Update inside / outside circle counts for Monte Carlo + computation of PI */ + monte[mp++] = oc; /* Save character for Monte Carlo */ + if (mp >= RT_MONTEN) /* Calculate every RT_MONTEN character */ + { + mp = 0; + mcount++; + montex = 0; + montey = 0; + for (int mj=0; mj < RT_MONTEN/2; mj++) + { + montex = (montex * 256.0) + monte[mj]; + montey = (montey * 256.0) + monte[(RT_MONTEN / 2) + mj]; + } + if (montex*montex + montey*montey <= RT_INCIRC) + { + inmont++; + } + } + + /* Update calculation of serial correlation coefficient */ + if (sccfirst) + { + sccfirst = 0; + scclast = 0; + sccu0 = oc; + } + else + { + scct1 = scct1 + scclast * oc; + } + + scct2 = scct2 + oc; + scct3 = scct3 + (oc * oc); + scclast = oc; + oc <<= 1; + } + } + +void RandTest::end(double *r_ent, double *r_chisq, + double *r_mean, double *r_montepicalc, double *r_scc) + { + int i; + double ent, chisq, scc, datasum; + ent = 0.0; chisq = 0.0; scc = 0.0; datasum = 0.0; + double prob[256]; /* Probabilities per bin for entropy */ + + /* Complete calculation of serial correlation coefficient */ + scct1 = scct1 + scclast * sccu0; + scct2 = scct2 * scct2; + scc = totalc * scct3 - scct2; + if (scc == 0.0) + scc = -100000; + else + scc = (totalc * scct1 - scct2) / scc; + + /* Scan bins and calculate probability for each bin and + Chi-Square distribution. The probability will be reused + in the entropy calculation below. While we're at it, + we sum of all the data which will be used to compute the + mean. */ + cexp = totalc / 256.0; /* Expected count per bin */ + for (i = 0; i < 256; i++) + { + double a = ccount[i] - cexp; + + prob[i] = ((double) ccount[i]) / totalc; + chisq += (a * a) / cexp; + datasum += ((double) i) * ccount[i]; + } + + /* Calculate entropy */ + for (i = 0; i < 256; i++) + { + if (prob[i] > 0.0) + { + ent += prob[i] * rt_log2(1 / prob[i]); + } + } + + /* Calculate Monte Carlo value for PI from percentage of hits + within the circle */ + montepi = 4.0 * (((double) inmont) / mcount); + + /* Return results through arguments */ + *r_ent = ent; + *r_chisq = chisq; + *r_mean = datasum / totalc; + *r_montepicalc = montepi; + *r_scc = scc; + } diff --git a/src/RandTest.h b/src/RandTest.h new file mode 100644 index 0000000000..bed4d93f00 --- /dev/null +++ b/src/RandTest.h @@ -0,0 +1,68 @@ +#include + +#define log2of10 3.32192809488736234787 +/* RT_LOG2 -- Calculate log to the base 2 */ +static double rt_log2(double x) +{ + return log2of10 * log10(x); +} + +#define RT_MONTEN 6 /* Bytes used as Monte Carlo + co-ordinates. This should be no more + bits than the mantissa of your "double" + floating point type. */ + +// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0); +#define RT_INCIRC 281474943156225.0 + +class RandTest { + public: + RandTest(); + void add(void *buf, int bufl); + void end(double *r_ent, double *r_chisq, double *r_mean, + double *r_montepicalc, double *r_scc); + + private: + long ccount[256]; /* Bins to count occurrences of values */ + long totalc; /* Total bytes counted */ + int mp; + int sccfirst; + unsigned int monte[RT_MONTEN]; + long inmont, mcount; + double cexp, montex, montey, montepi, + sccu0, scclast, scct1, scct2, scct3; + }; +#include + +#define log2of10 3.32192809488736234787 +/* RT_LOG2 -- Calculate log to the base 2 */ +static double rt_log2(double x) +{ + return log2of10 * log10(x); +} + +#define RT_MONTEN 6 /* Bytes used as Monte Carlo + co-ordinates. This should be no more + bits than the mantissa of your "double" + floating point type. */ + +// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0); +#define RT_INCIRC 281474943156225.0 + +class RandTest { + public: + RandTest(); + void add(void *buf, int bufl); + void end(double *r_ent, double *r_chisq, double *r_mean, + double *r_montepicalc, double *r_scc); + + private: + long ccount[256]; /* Bins to count occurrences of values */ + long totalc; /* Total bytes counted */ + int mp; + int sccfirst; + unsigned int monte[RT_MONTEN]; + long inmont, mcount; + double cexp, montex, montey, montepi, + sccu0, scclast, scct1, scct2, scct3; + }; \ No newline at end of file diff --git a/src/bro.bif b/src/bro.bif index 0de77bfc49..a9d76ba462 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1725,7 +1725,7 @@ function md5_hmac%(...%): string %%{ static map md5_states; -BroString* convert_md5_index_to_string(Val* index) +BroString* convert_index_to_string(Val* index) { ODesc d; index->Describe(&d); @@ -1735,7 +1735,7 @@ BroString* convert_md5_index_to_string(Val* index) function md5_hash_init%(index: any%): bool %{ - BroString* s = convert_md5_index_to_string(index); + BroString* s = convert_index_to_string(index); int status = 0; if ( md5_states.count(*s) < 1 ) @@ -1752,7 +1752,7 @@ function md5_hash_init%(index: any%): bool function md5_hash_update%(index: any, data: string%): bool %{ - BroString* s = convert_md5_index_to_string(index); + BroString* s = convert_index_to_string(index); int status = 0; if ( md5_states.count(*s) > 0 ) @@ -1767,7 +1767,7 @@ function md5_hash_update%(index: any, data: string%): bool function md5_hash_finish%(index: any%): string %{ - BroString* s = convert_md5_index_to_string(index); + BroString* s = convert_index_to_string(index); StringVal* printable_digest; if ( md5_states.count(*s) > 0 ) @@ -3196,3 +3196,84 @@ function disable_event_group%(group: string%) : any event_registry->EnableGroup(group->CheckString(), false); return 0; %} + + +%%{ +#include +static map entropy_states; +%%} + +function find_entropy%(data: string%): entropy_test_result + %{ + double montepi, scc, ent, mean, chisq; + montepi = scc = ent = mean = chisq = 0.0; + RecordVal* ent_result = new RecordVal(entropy_test_result); + RandTest *rt = new RandTest(); + + rt->add((char*) data->Bytes(), data->Len()); + rt->end(&ent, &chisq, &mean, &montepi, &scc); + delete rt; + + ent_result->Assign(0, new Val(ent, TYPE_DOUBLE)); + ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE)); + ent_result->Assign(2, new Val(mean, TYPE_DOUBLE)); + ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); + ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); + return ent_result; + %} + +function entropy_test_init%(index: any%): bool + %{ + BroString* s = convert_index_to_string(index); + int status = 0; + + if ( entropy_states.count(*s) < 1 ) + { + entropy_states[*s] = new RandTest(); + status = 1; + } + + delete s; + return new Val(status, TYPE_BOOL); + %} + +function entropy_test_add%(index: any, data: string%): bool + %{ + BroString* s = convert_index_to_string(index); + int status = 0; + + if ( entropy_states.count(*s) > 0 ) + { + entropy_states[*s]->add((char*) data->Bytes(), data->Len()); + status = 1; + } + + delete s; + return new Val(status, TYPE_BOOL); + %} + +function entropy_test_finish%(index: any%): entropy_test_result + %{ + BroString* s = convert_index_to_string(index); + double montepi, scc, ent, mean, chisq; + montepi = scc = ent = mean = chisq = 0.0; + RecordVal* ent_result = new RecordVal(entropy_test_result); + + if ( entropy_states.count(*s) > 0 ) + { + RandTest *rt; + rt = entropy_states[*s]; + rt->end(&ent, &chisq, &mean, &montepi, &scc); + entropy_states.erase(*s); + delete rt; + } + + ent_result->Assign(0, new Val(ent, TYPE_DOUBLE)); + ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE)); + ent_result->Assign(2, new Val(mean, TYPE_DOUBLE)); + ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); + ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); + + delete s; + return ent_result; + %} From 6345129eaf6a70519de0d7714cfcecd4e278139a Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 6 Jan 2011 19:17:44 -0800 Subject: [PATCH 04/19] A few smaller tweaks. --- src/CMakeLists.txt | 1 + src/RandTest.cc | 160 +++++---------------------------------------- src/RandTest.h | 38 +---------- src/bro.bif | 11 ++-- 4 files changed, 26 insertions(+), 184 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 81ed0d81af..0f67dc173e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -320,6 +320,7 @@ set(bro_SRCS PrefixTable.cc PriorityQueue.cc Queue.cc + RandTest.cc RE.cc RPC.cc Reassem.cc diff --git a/src/RandTest.cc b/src/RandTest.cc index f779a23f94..638cc6c765 100644 --- a/src/RandTest.cc +++ b/src/RandTest.cc @@ -1,9 +1,13 @@ /* + Apply various randomness tests to a stream of bytes - Apply various randomness tests to a stream of bytes + by John Walker -- September 1996 + http://www.fourmilab.ch/random - by John Walker -- September 1996 - http://www.fourmilab.ch/ + This software is in the public domain. Permission to use, copy, modify, + and distribute this software and its documentation for any purpose and + without fee is hereby granted, without any conditions or restrictions. + This software is provided “as is” without express or implied warranty. Modified for Bro by Seth Hall - July 2010 */ @@ -17,8 +21,8 @@ RandTest::RandTest() sccfirst = 1; inmont = mcount = 0; cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0; - - for (int i = 0; i < 256; i++) + + for (int i = 0; i < 256; i++) { ccount[i] = 0; } @@ -44,7 +48,7 @@ void RandTest::add(void *buf, int bufl) mcount++; montex = 0; montey = 0; - for (int mj=0; mj < RT_MONTEN/2; mj++) + for (int mj=0; mj < RT_MONTEN/2; mj++) { montex = (montex * 256.0) + monte[mj]; montey = (montey * 256.0) + monte[(RT_MONTEN / 2) + mj]; @@ -61,8 +65,8 @@ void RandTest::add(void *buf, int bufl) sccfirst = 0; scclast = 0; sccu0 = oc; - } - else + } + else { scct1 = scct1 + scclast * oc; } @@ -90,22 +94,22 @@ void RandTest::end(double *r_ent, double *r_chisq, scc = -100000; else scc = (totalc * scct1 - scct2) / scc; - + /* Scan bins and calculate probability for each bin and Chi-Square distribution. The probability will be reused in the entropy calculation below. While we're at it, we sum of all the data which will be used to compute the mean. */ cexp = totalc / 256.0; /* Expected count per bin */ - for (i = 0; i < 256; i++) + for (i = 0; i < 256; i++) { double a = ccount[i] - cexp; - + prob[i] = ((double) ccount[i]) / totalc; chisq += (a * a) / cexp; datasum += ((double) i) * ccount[i]; } - + /* Calculate entropy */ for (i = 0; i < 256; i++) { @@ -114,139 +118,11 @@ void RandTest::end(double *r_ent, double *r_chisq, ent += prob[i] * rt_log2(1 / prob[i]); } } - + /* Calculate Monte Carlo value for PI from percentage of hits within the circle */ montepi = 4.0 * (((double) inmont) / mcount); - - /* Return results through arguments */ - *r_ent = ent; - *r_chisq = chisq; - *r_mean = datasum / totalc; - *r_montepicalc = montepi; - *r_scc = scc; - } -/* - - Apply various randomness tests to a stream of bytes - - by John Walker -- September 1996 - http://www.fourmilab.ch/ - - Modified for Bro by Seth Hall - July 2010 -*/ - -#include - -RandTest::RandTest() - { - totalc = 0; - mp = 0; - sccfirst = 1; - inmont = mcount = 0; - cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0; - - for (int i = 0; i < 256; i++) - { - ccount[i] = 0; - } - } - -void RandTest::add(void *buf, int bufl) - { - unsigned char *bp = (unsigned char*)buf; - int oc; - - while (bufl-- > 0) - { - oc = *bp++; - ccount[oc]++; /* Update counter for this bin */ - totalc++; - - /* Update inside / outside circle counts for Monte Carlo - computation of PI */ - monte[mp++] = oc; /* Save character for Monte Carlo */ - if (mp >= RT_MONTEN) /* Calculate every RT_MONTEN character */ - { - mp = 0; - mcount++; - montex = 0; - montey = 0; - for (int mj=0; mj < RT_MONTEN/2; mj++) - { - montex = (montex * 256.0) + monte[mj]; - montey = (montey * 256.0) + monte[(RT_MONTEN / 2) + mj]; - } - if (montex*montex + montey*montey <= RT_INCIRC) - { - inmont++; - } - } - - /* Update calculation of serial correlation coefficient */ - if (sccfirst) - { - sccfirst = 0; - scclast = 0; - sccu0 = oc; - } - else - { - scct1 = scct1 + scclast * oc; - } - - scct2 = scct2 + oc; - scct3 = scct3 + (oc * oc); - scclast = oc; - oc <<= 1; - } - } - -void RandTest::end(double *r_ent, double *r_chisq, - double *r_mean, double *r_montepicalc, double *r_scc) - { - int i; - double ent, chisq, scc, datasum; - ent = 0.0; chisq = 0.0; scc = 0.0; datasum = 0.0; - double prob[256]; /* Probabilities per bin for entropy */ - - /* Complete calculation of serial correlation coefficient */ - scct1 = scct1 + scclast * sccu0; - scct2 = scct2 * scct2; - scc = totalc * scct3 - scct2; - if (scc == 0.0) - scc = -100000; - else - scc = (totalc * scct1 - scct2) / scc; - - /* Scan bins and calculate probability for each bin and - Chi-Square distribution. The probability will be reused - in the entropy calculation below. While we're at it, - we sum of all the data which will be used to compute the - mean. */ - cexp = totalc / 256.0; /* Expected count per bin */ - for (i = 0; i < 256; i++) - { - double a = ccount[i] - cexp; - - prob[i] = ((double) ccount[i]) / totalc; - chisq += (a * a) / cexp; - datasum += ((double) i) * ccount[i]; - } - - /* Calculate entropy */ - for (i = 0; i < 256; i++) - { - if (prob[i] > 0.0) - { - ent += prob[i] * rt_log2(1 / prob[i]); - } - } - - /* Calculate Monte Carlo value for PI from percentage of hits - within the circle */ - montepi = 4.0 * (((double) inmont) / mcount); - + /* Return results through arguments */ *r_ent = ent; *r_chisq = chisq; diff --git a/src/RandTest.h b/src/RandTest.h index bed4d93f00..a4f551b602 100644 --- a/src/RandTest.h +++ b/src/RandTest.h @@ -21,7 +21,7 @@ class RandTest { void add(void *buf, int bufl); void end(double *r_ent, double *r_chisq, double *r_mean, double *r_montepicalc, double *r_scc); - + private: long ccount[256]; /* Bins to count occurrences of values */ long totalc; /* Total bytes counted */ @@ -29,40 +29,6 @@ class RandTest { int sccfirst; unsigned int monte[RT_MONTEN]; long inmont, mcount; - double cexp, montex, montey, montepi, + double cexp, montex, montey, montepi, sccu0, scclast, scct1, scct2, scct3; }; -#include - -#define log2of10 3.32192809488736234787 -/* RT_LOG2 -- Calculate log to the base 2 */ -static double rt_log2(double x) -{ - return log2of10 * log10(x); -} - -#define RT_MONTEN 6 /* Bytes used as Monte Carlo - co-ordinates. This should be no more - bits than the mantissa of your "double" - floating point type. */ - -// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0); -#define RT_INCIRC 281474943156225.0 - -class RandTest { - public: - RandTest(); - void add(void *buf, int bufl); - void end(double *r_ent, double *r_chisq, double *r_mean, - double *r_montepicalc, double *r_scc); - - private: - long ccount[256]; /* Bins to count occurrences of values */ - long totalc; /* Total bytes counted */ - int mp; - int sccfirst; - unsigned int monte[RT_MONTEN]; - long inmont, mcount; - double cexp, montex, montey, montepi, - sccu0, scclast, scct1, scct2, scct3; - }; \ No newline at end of file diff --git a/src/bro.bif b/src/bro.bif index a9d76ba462..5acd958316 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -3201,7 +3201,7 @@ function disable_event_group%(group: string%) : any %%{ #include static map entropy_states; -%%} +%%} function find_entropy%(data: string%): entropy_test_result %{ @@ -3241,13 +3241,13 @@ function entropy_test_add%(index: any, data: string%): bool %{ BroString* s = convert_index_to_string(index); int status = 0; - + if ( entropy_states.count(*s) > 0 ) { entropy_states[*s]->add((char*) data->Bytes(), data->Len()); status = 1; } - + delete s; return new Val(status, TYPE_BOOL); %} @@ -3258,11 +3258,10 @@ function entropy_test_finish%(index: any%): entropy_test_result double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; RecordVal* ent_result = new RecordVal(entropy_test_result); - + if ( entropy_states.count(*s) > 0 ) { - RandTest *rt; - rt = entropy_states[*s]; + RandTest *rt = entropy_states[*s]; rt->end(&ent, &chisq, &mean, &montepi, &scc); entropy_states.erase(*s); delete rt; From f228e32679cb488e2f06d76e6f07d28dffd9b49f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 10 Jan 2011 11:59:12 -0800 Subject: [PATCH 05/19] Keep buffering state across file rotation (Justin Azoff) Closes #207. From there: When files are rotated they lose their buffered flag, this is because File::Open only does a SetBuf? when it opens the file itself, but Rotate calls rotate_file to open the file. --- src/File.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/File.cc b/src/File.cc index a57147d923..d2b9381ca0 100644 --- a/src/File.cc +++ b/src/File.cc @@ -195,10 +195,9 @@ bool BroFile::Open(FILE* file) InstallRotateTimer(); if ( ! f ) - { f = fopen(name, access); - SetBuf(buffered); - } + + SetBuf(buffered); if ( f ) { From 06bd8baef635939ed4df8ca5e5d2b9a7ca58b355 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 10 Jan 2011 12:19:13 -0800 Subject: [PATCH 06/19] Fix for portmapper analyzer segfaulting when parsing portmap dump replies. (Gregor Maier) Closes #332. --- src/portmap-analyzer.pac | 4 ++++ src/portmap-protocol.pac | 1 + 2 files changed, 5 insertions(+) diff --git a/src/portmap-analyzer.pac b/src/portmap-analyzer.pac index 546be2e9cc..1e7921a9ff 100644 --- a/src/portmap-analyzer.pac +++ b/src/portmap-analyzer.pac @@ -79,6 +79,10 @@ function PortmapBuildDumpVal(params: PortmapDumpResults): BroVal for ( int i = 0; i < params->size(); ++i ) { + // The last element has cont()!=1 and this element doesn't contain a + // mapping. + if ((*params)[i]->cont() != 1) + continue; Val* m = PortmapBuildMappingVal((*params)[i]->mapping()); Val* index = new Val(i + 1, TYPE_COUNT); mappings->Assign(index, m); diff --git a/src/portmap-protocol.pac b/src/portmap-protocol.pac index d9f3e5be97..65a478fb2d 100644 --- a/src/portmap-protocol.pac +++ b/src/portmap-protocol.pac @@ -68,6 +68,7 @@ type PortmapDumpEntry = record { }; }; +# The final element that has cont!=1 will be included in the array. type PortmapDumpResults = PortmapDumpEntry[] &until($element.cont != 1); type PortmapCallItResults = record { From 3d9461eca1e94f39fd483fb12a4aae353fd43cde Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 19 Jan 2011 10:35:27 -0500 Subject: [PATCH 07/19] Added a BRO_DNS_FAKE message to the help output. --- src/main.cc | 1 + src/util.cc | 9 +++++++++ src/util.h | 1 + 3 files changed, 11 insertions(+) diff --git a/src/main.cc b/src/main.cc index 5df9b1c65c..b31acdda58 100644 --- a/src/main.cc +++ b/src/main.cc @@ -184,6 +184,7 @@ void usage() fprintf(stderr, " $BROPATH | file search path (%s)\n", bro_path()); fprintf(stderr, " $BRO_PREFIXES | prefix list (%s)\n", bro_prefixes()); + fprintf(stderr, " $BRO_DNS_FAKE | enable faked DNS query responses (%s)\n", bro_dns_fake()); exit(1); } diff --git a/src/util.cc b/src/util.cc index d8390a866c..2244f74cb5 100644 --- a/src/util.cc +++ b/src/util.cc @@ -804,6 +804,15 @@ const char* bro_prefixes() return p; } + +const char* bro_dns_fake() + { + char* dns_fake = getenv("BRO_DNS_FAKE"); + if ( !dns_fake ) + return ""; + else + return dns_fake; + } FILE* open_file(const char* filename, const char** full_filename) { diff --git a/src/util.h b/src/util.h index f4f007a27d..4af2a27bd8 100644 --- a/src/util.h +++ b/src/util.h @@ -177,6 +177,7 @@ extern int int_list_cmp(const void* v1, const void* v2); extern const char* bro_path(); extern const char* bro_prefixes(); +extern const char* bro_dns_fake(); extern FILE* search_for_file(const char* filename, const char* ext, const char** full_filename); From ceb1bc8ee081e921c218044e6508ac185ca61db2 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 19 Jan 2011 12:10:34 -0500 Subject: [PATCH 08/19] Reworded BRO_DNS_FAKE message. --- src/main.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.cc b/src/main.cc index b31acdda58..e6def65167 100644 --- a/src/main.cc +++ b/src/main.cc @@ -184,7 +184,7 @@ void usage() fprintf(stderr, " $BROPATH | file search path (%s)\n", bro_path()); fprintf(stderr, " $BRO_PREFIXES | prefix list (%s)\n", bro_prefixes()); - fprintf(stderr, " $BRO_DNS_FAKE | enable faked DNS query responses (%s)\n", bro_dns_fake()); + fprintf(stderr, " $BRO_DNS_FAKE | disable DNS lookups (%s)\n", bro_dns_fake()); exit(1); } From ffaa20602cef18b24842ec28dd86fa9328db5026 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 10:08:42 -0800 Subject: [PATCH 09/19] IPv6 UDP checksum calculation was broken. (Matti Mantere) --- src/net_util.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/net_util.cc b/src/net_util.cc index e49d575fa0..2ec6f4f653 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -97,7 +97,9 @@ int udp6_checksum(const struct ip6_hdr* ip6, const struct udphdr* up, int len) sum = ones_complement_checksum((void*) ip6->ip6_src.s6_addr, 16, sum); sum = ones_complement_checksum((void*) ip6->ip6_dst.s6_addr, 16, sum); - sum = ones_complement_checksum((void*) &len, 4, sum); + uint32 l = htonl(len); + sum = ones_complement_checksum((void*) &l, 4, sum); + uint32 addl_pseudo = htons(IPPROTO_UDP); sum = ones_complement_checksum((void*) &addl_pseudo, 4, sum); sum = ones_complement_checksum((void*) up, len, sum); From bbbe32e443fe5e7399d3e81f77bc862fb5d3fed7 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 11:12:41 -0800 Subject: [PATCH 10/19] Working around not being able to do lookup_addr() for IPv6 addresses. Rather than crashing, we warn the user once and then always time out the call. This addresses #291, and a #355 is new ticket scheduling fixing the actual problem to later. --- src/Trigger.cc | 6 ++++++ src/bro.bif | 16 +++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/Trigger.cc b/src/Trigger.cc index c9e236f1fa..e71c19732b 100644 --- a/src/Trigger.cc +++ b/src/Trigger.cc @@ -130,11 +130,17 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts, Val* timeout = arg_timeout ? arg_timeout->ExprVal() : 0; + // Make sure we don't get deleted if somebody calls a method like + // Timeout() while evaluating the trigger. + Ref(this); + if ( ! Eval() && timeout ) { timer = new TriggerTimer(timeout->AsInterval(), this); timer_mgr->Add(timer); } + + Unref(this); } Trigger::~Trigger() diff --git a/src/bro.bif b/src/bro.bif index af841600c8..bdcd898bcf 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -2813,7 +2813,7 @@ private: # function result. Therefore, they can only be called inside a when-condition. function lookup_addr%(host: addr%) : string %{ - // FIXME: Is should be easy to adapt the function to synchronous + // FIXME: It should be easy to adapt the function to synchronous // lookups if we're reading a trace. Trigger* trigger = frame->GetTrigger(); @@ -2829,8 +2829,18 @@ function lookup_addr%(host: addr%) : string #ifdef BROv6 if ( ! is_v4_addr(host) ) { - builtin_run_time("lookup_addr() only supports IPv4 addresses"); - return new StringVal(""); + // FIXME: This is a temporary work-around until we get this + // fixed. We warn the user once, and always trigger a timeout. + // Ticket #355 records the problem. + static bool warned = false; + if ( ! warned ) + { + warn("lookup_addr() only supports IPv4 addresses currently"); + warned = true; + } + + trigger->Timeout(); + return 0; } dns_mgr->AsyncLookupAddr(to_v4_addr(host), From a7df00eca711a029e034315dd4a52547decaf7cc Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 11:28:27 -0800 Subject: [PATCH 11/19] Connection compressor fix from #338. This changes starting times of quite a few connections in the test-suite, but that all seems legitimate. --- src/ConnCompressor.cc | 31 ------------------------------- src/ConnCompressor.h | 4 ---- 2 files changed, 35 deletions(-) diff --git a/src/ConnCompressor.cc b/src/ConnCompressor.cc index f38c0dcb89..36ecbd6c9a 100644 --- a/src/ConnCompressor.cc +++ b/src/ConnCompressor.cc @@ -391,26 +391,6 @@ Connection* ConnCompressor::NextFromOrig(PendingConn* pending, double t, { if ( (tp->th_flags & TH_ACK) && ! pending->ACK ) Weird(pending, t, "repeated_SYN_with_ack"); - else - { - // We adjust the start-time. Unfortunately - // this means that we have to create a new - // PendingConn as all of them need to be - // monotonically increasing in time. This - // leads to some inconsistencies with TCP.cc, - // as by doing this we basically restart our - // attempt_timer. - - pending = MoveState(t, pending); - - // Removing is necessary because the key - // will be destroyed at some point. - conns.Remove(&pending->key, sizeof(pending->key), - pending->hash, true); - conns.Dictionary::Insert(&pending->key, - sizeof(pending->key), pending->hash, - MakeMapPtr(pending), 0); - } } else @@ -715,17 +695,6 @@ uint8 ConnCompressor::MakeFlags(const PendingConn* c) const return tcp_flags; } -ConnCompressor::PendingConn* ConnCompressor::MoveState(double time, - PendingConn* c) - { - PendingConn* nc = MakeNewState(time); - memcpy(nc, c, sizeof(PendingConn)); - c->invalid = 1; - nc->time = time; - ++sizes.pending_in_mem; - return nc; - } - ConnCompressor::PendingConn* ConnCompressor::MakeNewState(double t) { // See if there is enough space in the current block. diff --git a/src/ConnCompressor.h b/src/ConnCompressor.h index f0069024a2..a76a35134a 100644 --- a/src/ConnCompressor.h +++ b/src/ConnCompressor.h @@ -138,10 +138,6 @@ private: // Fakes a TCP packet based on the available information. const IP_Hdr* PendingConnToPacket(const PendingConn* c); - // For changing the timestamp of PendingConn - allocates a new one, - // sets the given time, and copies all other data from old. - PendingConn* MoveState(double time, PendingConn* old); - // Construct a TCP-flags byte. uint8 MakeFlags(const PendingConn* c) const; From b67e4e5765ab4bb781661ea58291456558bdbb0a Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 11:53:31 -0800 Subject: [PATCH 12/19] Loading scan.bro in portmappter.bro, per #330. --- policy/portmapper.bro | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/portmapper.bro b/policy/portmapper.bro index ecf952e9fc..99ce096ee0 100644 --- a/policy/portmapper.bro +++ b/policy/portmapper.bro @@ -4,6 +4,7 @@ @load hot @load conn @load weird +@load scan module Portmapper; From fc5a143bbe5c74841165ca153f862060252be391 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 12:27:15 -0800 Subject: [PATCH 13/19] Removing noisy output about doing incremental serialization. Addresses #292. --- src/PersistenceSerializer.cc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/PersistenceSerializer.cc b/src/PersistenceSerializer.cc index f31fdb4d88..96e1686e74 100644 --- a/src/PersistenceSerializer.cc +++ b/src/PersistenceSerializer.cc @@ -348,9 +348,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status) status->conn_cookie = status->conns->InitForIteration(); status->conns->MakeRobustCookie(status->conn_cookie); } - - if ( status->info.may_suspend ) - bro_logger->Log("Starting incremental serialization..."); } else if ( cont->ChildSuspended() ) @@ -480,9 +477,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status) } } - if ( status->info.may_suspend ) - bro_logger->Log("Finished incremental serialization."); - delete status; return ret; } From 6ea8def6f65fc52dcc4102f68377ca3c6d608bbd Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 19 Jan 2011 14:55:51 -0600 Subject: [PATCH 14/19] MacPorts & Fink paths now prepended to default search prefixes --- CMakeLists.txt | 1 + aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- cmake/MacDependencyPaths.cmake | 10 ++++++++++ 6 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 cmake/MacDependencyPaths.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index 783efd685a..005c5aec15 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -57,6 +57,7 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_COMPILE_FLAGS}") ######################################################################## ## Dependency Configuration +include(MacDependencyPaths) include(FindRequiredPackage) # Check cache value first to avoid displaying "Found sed" messages everytime diff --git a/aux/binpac b/aux/binpac index 7bbd3b14c0..898cfd5ddc 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 7bbd3b14c02321ff2a63d7267e9ae022bda4f5bc +Subproject commit 898cfd5ddc8cd356e4052c0bd699e51812a91e98 diff --git a/aux/bro-aux b/aux/bro-aux index 62b2f1bdd5..d741ee2ebd 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 62b2f1bdd52d355fb0384c3f0e8f1879c7c17724 +Subproject commit d741ee2ebd6576d9329218bfb53941b4de5375b6 diff --git a/aux/broccoli b/aux/broccoli index cd02839cf0..a5dbe7a0ea 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit cd02839cf07d4db34f30bbdbb41711bc8b06b1ac +Subproject commit a5dbe7a0eacd8628c1382707ae9596ad97c538aa diff --git a/aux/broctl b/aux/broctl index 798ea05965..0c96b764bf 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 798ea05965318333af4df8fe9f0296eb3a669f4f +Subproject commit 0c96b764bfef264a2f8b42363a5e090c4f65cca2 diff --git a/cmake/MacDependencyPaths.cmake b/cmake/MacDependencyPaths.cmake new file mode 100644 index 0000000000..9a8c6efc6a --- /dev/null +++ b/cmake/MacDependencyPaths.cmake @@ -0,0 +1,10 @@ +if (NOT _MAC_DEPENDENCY_PATHS) +set(_MAC_DEPENDENCY_PATHS) + # As of CMake 2.8.3, Fink and MacPorts search paths are appended to the + # default search prefix paths, but the nicer thing would be if they are + # prepended to the default, so that is fixed here. + if (APPLE) + list(INSERT CMAKE_SYSTEM_PREFIX_PATH 0 /opt/local) # MacPorts + list(INSERT CMAKE_SYSTEM_PREFIX_PATH 0 /sw) # Fink + endif () +endif () From 5247a64eaa0011f1bfc8fc8fcb290cff8a148471 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 19 Jan 2011 16:56:30 -0600 Subject: [PATCH 15/19] Changed behavior of how binary packaging installs config files. The pre/post install scripts for RPMs should not perform any logic to backup config files, instead relying on the standard logic that RPMs normally do. For Mac packages, when an existing config file differs from the package's version, the previous version is always kept and an alert is displayed to the user explaining the situation. --- aux/broccoli | 2 +- aux/broctl | 2 +- cmake/ConfigurePackaging.cmake | 20 ++++++++++++------- cmake/MAC_PACKAGE_INTRO | 6 +----- cmake/package_postupgrade.sh.in | 34 +++++++++++++++++++++++---------- 5 files changed, 40 insertions(+), 24 deletions(-) diff --git a/aux/broccoli b/aux/broccoli index c2769d9cd8..ab273570c2 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit c2769d9cd826ecaa08431d6af329db75a7d43583 +Subproject commit ab273570c22b04f977877a2eb707c982319fd9c7 diff --git a/aux/broctl b/aux/broctl index 13986eb507..1fe790706f 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 13986eb50729f45834eb050be4a6233c83f9295d +Subproject commit 1fe790706fcf3d9338b8fb073956c02a55686bb0 diff --git a/cmake/ConfigurePackaging.cmake b/cmake/ConfigurePackaging.cmake index 51f1c04d96..f77dcc0fae 100644 --- a/cmake/ConfigurePackaging.cmake +++ b/cmake/ConfigurePackaging.cmake @@ -140,14 +140,12 @@ macro(SetPackageMetadata) set(CPACK_RPM_PACKAGE_LICENSE "BSD") endmacro(SetPackageMetadata) -# Sets pre and post install scripts for PackageMaker and RPM packages. +# Sets pre and post install scripts for PackageMaker packages. # The main functionality that such scripts offer is a way to make backups # of "configuration" files that a user may have modified. -# A better way to prevent an RPM from not overwriting config files is -# with the %config(noreplace) .spec attribute, but CPack does not have any -# good hooks into using that yet, so we re-use the pre/post install scripts -# See also: http://public.kitware.com/Bug/view.php?id=10294 -macro(SetPackageInstallScripts) +# Note that RPMs already have a robust mechanism for dealing with +# user-modified files, so we do not need this additional functionality +macro(SetPackageInstallScripts VERSION) if (INSTALLED_CONFIG_FILES) # Remove duplicates from the list of installed config files @@ -160,6 +158,14 @@ macro(SetPackageInstallScripts) set(INSTALLED_CONFIG_FILES "${_tmp}" CACHE STRING "" FORCE) endif () + if (${CMAKE_SYSTEM_NAME} MATCHES "Linux") + # Leaving the set of installed config files empty will just + # bypass the logic in the pre/post install scripts and let + # the RPM do their own thing (regarding backups, etc.) + # when upgrading packages. + set (INSTALLED_CONFIG_FILES "") + endif () + if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in) configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in @@ -189,7 +195,7 @@ macro(ConfigurePackaging _version) SetPackageGenerators() SetPackageFileName(${_version}) SetPackageMetadata() - SetPackageInstallScripts() + SetPackageInstallScripts(${_version}) set(CPACK_SET_DESTDIR true) set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) diff --git a/cmake/MAC_PACKAGE_INTRO b/cmake/MAC_PACKAGE_INTRO index b1fc25891b..ef37e62a1a 100644 --- a/cmake/MAC_PACKAGE_INTRO +++ b/cmake/MAC_PACKAGE_INTRO @@ -15,10 +15,6 @@ destination as the one that contains the root filesystem. If you have existing configuration files that are modified or otherwise different from the version included in the package, -this installer will attempt to prevent clobbering them by -backing them up like: - - @CMAKE_INSTALL_PREFIX@/etc/. - +this installer will attempt to prevent overwirting them, but its also advisable to make your own backups of important files before proceeding. diff --git a/cmake/package_postupgrade.sh.in b/cmake/package_postupgrade.sh.in index 6cae58dc9f..7ae35185f6 100755 --- a/cmake/package_postupgrade.sh.in +++ b/cmake/package_postupgrade.sh.in @@ -3,8 +3,9 @@ # This script is meant to be used by binary packages post-installation. # Variables between @ symbols are replaced by CMake at configure time. -backupDesc="# Backup made by install of @CMAKE_PROJECT_NAME@ version @VERSION@" backupNamesFile=/tmp/bro_install_backups +version=@VERSION@ +newFiles="" # check whether it's safe to remove backup configuration files that # the most recent package install created @@ -13,22 +14,25 @@ if [ -e ${backupNamesFile} ]; then backupFileList=`cat ${backupNamesFile}` for backupFile in ${backupFileList}; do - origFile=`echo ${backupFile} | sed 's/\(.*\)\..*/\1/'` + origFileName=`echo ${backupFile} | sed 's/\(.*\)\..*/\1/'` - diff ${origFile} ${backupFile} > /dev/null 2>&1 + diff ${origFileName} ${backupFile} > /dev/null 2>&1 if [ $? -eq 0 ]; then # if the installed version and the backup version don't differ # then we can remove the backup version rm ${backupFile} else - # keep the backup, prepend text explaining what created it - tmpfile=/tmp/bro_install_tmp$$ - echo ${backupDesc} > ${tmpfile} - echo "" >> ${tmpfile} - cat ${backupFile} >> ${tmpfile} - cp ${tmpfile} ${backupFile} - rm ${tmpfile} + # The backup file differs from the newly installed version, + # since we can't tell if the backup version has been modified + # by the user, we should restore it to its original location + # and rename the new version appropriately. + + newFileName=${origFileName}.${version} + newFiles="${newFiles}\n${newFileName}" + + mv ${origFileName} ${newFileName} + mv ${backupFile} ${origFileName} fi done @@ -36,6 +40,16 @@ if [ -e ${backupNamesFile} ]; then rm ${backupNamesFile} fi +if [ -n "${newFiles}" ]; then +# Use some apple script to display a message to user +/usr/bin/osascript << EOF + tell application "System Events" + activate + display alert "Existing configuration files differ from the ones that would be installed by this package. To avoid overwriting configuration which you may have modified, the following new config files have been installed:\n${newFiles}\n\nIf you have previously modified configuration files, please make sure that they are still compatible, else you should update your config files to the new versions." + end tell +EOF +fi + # make sure that world-writeable dirs have the sticky bit set # so that unprivileged can't rename/remove files within From eb72ca77711e5b4e8214924aec00ef712ae5ee23 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 16:45:42 -0800 Subject: [PATCH 16/19] Revert "Some small tweaks to the HTTP analyzer". This reverts commit 763a446182934679f5e56146bee26b2e7cad1f3b. --- policy/http-header.bro | 2 -- src/HTTP.cc | 45 ++++-------------------------------------- src/bro.bif | 13 ++++-------- 3 files changed, 8 insertions(+), 52 deletions(-) diff --git a/policy/http-header.bro b/policy/http-header.bro index 259031b024..3d676488ff 100644 --- a/policy/http-header.bro +++ b/policy/http-header.bro @@ -2,8 +2,6 @@ # Prints out detailed HTTP headers. -@load http - module HTTP; export { diff --git a/src/HTTP.cc b/src/HTTP.cc index 85872f7c79..0cccf75103 100644 --- a/src/HTTP.cc +++ b/src/HTTP.cc @@ -16,21 +16,16 @@ const bool DEBUG_http = false; -/* The EXPECT_*_NOTHING states are used to prevent further parsing. Used - * if a message was interrupted. - */ enum { EXPECT_REQUEST_LINE, EXPECT_REQUEST_MESSAGE, EXPECT_REQUEST_TRAILER, - EXPECT_REQUEST_NOTHING, }; enum { EXPECT_REPLY_LINE, EXPECT_REPLY_MESSAGE, EXPECT_REPLY_TRAILER, - EXPECT_REPLY_NOTHING, }; HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, int arg_expect_body) @@ -856,20 +851,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) HTTP_Event("crud_trailing_HTTP_request", new_string_val(line, end_of_line)); else - { - // We do see HTTP requests with a trailing EOL that's not - // not accounted for by the content-length. This will lead - // to a call to this method with len==0 while we are - // expecting a new request. Since HTTP servers handle - // such request gracefully, we should do so as well. - if (len==0) - Weird("empty_http_request"); - else - { - ProtocolViolation("not a http request line"); - request_state = EXPECT_REQUEST_NOTHING; - } - } + ProtocolViolation("not a http request line"); } break; @@ -879,9 +861,6 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) case EXPECT_REQUEST_TRAILER: break; - - case EXPECT_REQUEST_NOTHING: - break; } } else @@ -894,8 +873,6 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) if ( unanswered_requests.empty() ) Weird("unmatched_HTTP_reply"); - else - ProtocolConfirmation(); reply_state = EXPECT_REPLY_MESSAGE; reply_ongoing = 1; @@ -908,10 +885,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) len); } else - { ProtocolViolation("not a http reply line"); - reply_state = EXPECT_REPLY_NOTHING; - } break; @@ -921,9 +895,6 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) case EXPECT_REPLY_TRAILER: break; - - case EXPECT_REPLY_NOTHING: - break; } } } @@ -1071,8 +1042,6 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) // HTTP methods for distributed authoring. "PROPFIND", "PROPPATCH", "MKCOL", "DELETE", "PUT", "COPY", "MOVE", "LOCK", "UNLOCK", - // More stuff - "POLL", "REPORT", "SUBSCRIBE", "BMOVE", "SEARCH", @@ -1086,7 +1055,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) if ( ! http_methods[i] ) { - //Weird("HTTP_unknown_method"); + // Weird("HTTP_unknown_method"); if ( RequestExpected() ) HTTP_Event("unknown_HTTP_method", new_string_val(line, end_of_line)); return 0; @@ -1287,10 +1256,7 @@ void HTTP_Analyzer::RequestMade(const int interrupted, const char* msg) num_request_lines = 0; - if (interrupted) - request_state = EXPECT_REQUEST_NOTHING; - else - request_state = EXPECT_REQUEST_LINE; + request_state = EXPECT_REQUEST_LINE; } void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) @@ -1319,10 +1285,7 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg) reply_reason_phrase = 0; } - if (interrupted) - reply_state = EXPECT_REPLY_NOTHING; - else - reply_state = EXPECT_REPLY_LINE; + reply_state = EXPECT_REPLY_LINE; } void HTTP_Analyzer::RequestClash(Val* /* clash_val */) diff --git a/src/bro.bif b/src/bro.bif index af841600c8..0de77bfc49 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1365,17 +1365,12 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any { Analyzer* ha = c->FindAnalyzer(id); - if (ha) - { - if ( ha->GetTag() == AnalyzerTag::HTTP ) - static_cast(ha)->SkipEntityData(is_orig); - else - run_time("non-HTTP analyzer associated with connection record"); - } + if ( ha->GetTag() == AnalyzerTag::HTTP ) + static_cast(ha)->SkipEntityData(is_orig); else - run_time("could not find analyzer for skip_http_entity_data"); - + run_time("non-HTTP analyzer associated with connection record"); } + else run_time("no analyzer associated with connection record"); From e1ab9b1c6911133384bfb25b621800829d9fea90 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 19 Jan 2011 10:09:22 -0500 Subject: [PATCH 17/19] Pattern construction BiFs will now work if no packets have been read. --- src/bro.bif | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/bro.bif b/src/bro.bif index e9f994204a..585c458184 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1848,15 +1848,15 @@ function uuid_to_string%(uuid: string%): string %} -# The following functions are attempts to convert strings into -# patterns at run-time. These attempts were later *abandoned* because -# NFA and DFA cannot be cleanly deallocated. +# The following functions convert strings into patterns at run-time. As the +# computed NFAs and DFAs cannot be cleanly deallocated (at least for now), +# they can only be used at initialization time. function merge_pattern%(p1: pattern, p2: pattern%): pattern %{ - if ( reading_live ) + if ( bro_start_network_time != 0.0 ) { - builtin_run_time("should not call merge_pattern while reading live traffic"); + builtin_run_time("merge_pattern can only be called at init time"); return 0; } @@ -1900,9 +1900,9 @@ function convert_for_pattern%(s: string%): string function string_to_pattern%(s: string, convert: bool%): pattern %{ - if ( reading_live ) + if ( bro_start_network_time != 0.0 ) { - builtin_run_time("should not call merge_pattern while reading live traffic"); + builtin_run_time("string_to_pattern can only be called at init time"); return 0; } From 75335b933e4f016b857a90bf746dffa17577bf8c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 6 Jan 2011 16:53:31 -0800 Subject: [PATCH 18/19] Removing global_attrs from parser, per #11, and also record attributes. Both aren't used anywhere. Along with these goes some more now unused code. Closes #11. --- src/Expr.cc | 50 +++++++++--------------------------- src/Expr.h | 2 +- src/Type.cc | 73 +++++++++++++---------------------------------------- src/Type.h | 18 +------------ src/Val.cc | 9 ------- src/Val.h | 7 ----- src/parse.y | 29 +++------------------ src/scan.l | 2 -- 8 files changed, 35 insertions(+), 155 deletions(-) diff --git a/src/Expr.cc b/src/Expr.cc index 77466f2a55..dbfca7c9cb 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2611,7 +2611,6 @@ Val* AssignExpr::Eval(Frame* f) const if ( v ) { op1->Assign(f, v); - //### op1->SetAttribs(); return val ? val->Ref() : v->Ref(); } else @@ -3062,13 +3061,6 @@ FieldExpr::FieldExpr(Expr* arg_op, const char* arg_field_name) if ( IsError() ) return; - if ( streq(arg_field_name, "attr") ) - { - field = -1; - SetType(op->Type()->AttributesType()->Ref()); - return; - } - if ( ! IsRecord(op->Type()->Tag()) ) ExprError("not a record"); else @@ -3106,12 +3098,7 @@ void FieldExpr::Assign(Frame* f, Val* v, Opcode opcode) return; if ( field < 0 ) - { - Val* lhs = op->Eval(f); - lhs->SetAttribs(v->AsRecordVal()); - Unref(lhs); - return; - } + ExprError("no such field in record"); Val* op_v = op->Eval(f); if ( op_v ) @@ -3124,9 +3111,6 @@ void FieldExpr::Assign(Frame* f, Val* v, Opcode opcode) Val* FieldExpr::Fold(Val* v) const { - if ( field < 0 ) - return v->GetAttribs(true)->Ref(); - Val* result = v->AsRecordVal()->Lookup(field); if ( result ) return result->Ref(); @@ -3179,24 +3163,20 @@ bool FieldExpr::DoUnserialize(UnserialInfo* info) return td != 0; } -HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name, - bool arg_is_attr) +HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name) : UnaryExpr(EXPR_HAS_FIELD, arg_op) { field_name = arg_field_name; - is_attr = arg_is_attr; field = 0; if ( IsError() ) return; - if ( ! is_attr && ! IsRecord(op->Type()->Tag()) ) + if ( ! IsRecord(op->Type()->Tag()) ) ExprError("not a record"); else { - RecordType* rt = is_attr ? - op->Type()->AttributesType() : - op->Type()->AsRecordType(); + RecordType* rt = op->Type()->AsRecordType(); field = rt->FieldOffset(field_name); if ( field < 0 ) @@ -3215,10 +3195,7 @@ Val* HasFieldExpr::Fold(Val* v) const { RecordVal* rec_to_look_at; - if ( is_attr ) - rec_to_look_at = v->GetAttribs(false); - else - rec_to_look_at = v->AsRecordVal(); + rec_to_look_at = v->AsRecordVal(); if ( ! rec_to_look_at ) return new Val(0, TYPE_BOOL); @@ -3235,12 +3212,7 @@ void HasFieldExpr::ExprDescribe(ODesc* d) const op->Describe(d); if ( d->IsReadable() ) - { - if ( is_attr ) - d->Add("?$$"); - else - d->Add("?$"); - } + d->Add("?$"); if ( IsError() ) d->Add(""); @@ -3255,13 +3227,17 @@ IMPLEMENT_SERIAL(HasFieldExpr, SER_HAS_FIELD_EXPR); bool HasFieldExpr::DoSerialize(SerialInfo* info) const { DO_SERIALIZE(SER_HAS_FIELD_EXPR, UnaryExpr); - return SERIALIZE(is_attr) && SERIALIZE(field_name) && SERIALIZE(field); + + // Serialize the former "bool is_attr" first for backwards compatibility. + return SERIALIZE(false) && SERIALIZE(field_name) && SERIALIZE(field); } bool HasFieldExpr::DoUnserialize(UnserialInfo* info) { DO_UNSERIALIZE(UnaryExpr); - return UNSERIALIZE(&is_attr) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field); + // Unserialize the former "bool is_attr" first for backwards compatibility. + bool not_used; + return UNSERIALIZE(¬_used) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field); } RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) @@ -3507,8 +3483,6 @@ Val* SetConstructorExpr::Eval(Frame* f) const aggr->Assign(element, 0); } - aggr->AsTableVal()->SetAttrs(attrs); - return aggr; } diff --git a/src/Expr.h b/src/Expr.h index c078d4651c..9c338a0f8a 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -709,7 +709,7 @@ protected: // "rec?$$attrname" is true if the attribute attrname is not nil. class HasFieldExpr : public UnaryExpr { public: - HasFieldExpr(Expr* op, const char* field_name, bool is_attr); + HasFieldExpr(Expr* op, const char* field_name); ~HasFieldExpr(); protected: diff --git a/src/Type.cc b/src/Type.cc index 1f5c22d58b..55794dfce5 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -10,20 +10,6 @@ #include "Scope.h" #include "Serializer.h" -RecordType* init_global_attrs(); - -bool in_global_attr_decl = false; -RecordType* global_attributes_type = init_global_attrs(); - -RecordType* init_global_attrs() - { - in_global_attr_decl = true; - RecordType* rt = new RecordType(new type_decl_list); - in_global_attr_decl = false; - rt->MakeGlobalAttributeType(); - return rt; - } - const char* type_name(TypeTag t) { static char errbuf[512]; @@ -58,7 +44,6 @@ BroType::BroType(TypeTag t, bool arg_base_type) tag = t; is_network_order = 0; base_type = arg_base_type; - is_global_attributes_type = false; switch ( tag ) { case TYPE_VOID: @@ -118,28 +103,6 @@ BroType::BroType(TypeTag t, bool arg_base_type) break; } - // Kind of hacky; we don't want an error while we're defining - // the global attrs! - if ( in_global_attr_decl ) - { - attributes_type = 0; - return; - } - - if ( ! global_attributes_type ) - SetError(); - else - attributes_type = global_attributes_type; - } - -bool BroType::SetAttributesType(type_decl_list* attr_types) - { - TypeList* global = new TypeList(); - global->Append(global_attributes_type); - - attributes_type = refine_type(global, attr_types)->AsRecordType(); - - return (attributes_type != 0); } int BroType::MatchesIndex(ListExpr*& /* index */) const @@ -241,16 +204,6 @@ BroType* BroType::Unserialize(UnserialInfo* info, TypeTag want) return t2; } - // For the global_attribute_type, we also return our current instance. - if ( t->is_global_attributes_type ) - { - BroType* t2 = global_attributes_type; - Unref(t); - t2->Ref(); - assert(t2); - return t2; - } - assert(t); return t; } @@ -267,10 +220,15 @@ bool BroType::DoSerialize(SerialInfo* info) const return false; if ( ! (SERIALIZE(is_network_order) && SERIALIZE(base_type) && - SERIALIZE(is_global_attributes_type)) ) + // Serialize the former "bool is_global_attributes_type" for + // backwards compatibility. + SERIALIZE(false)) ) return false; - SERIALIZE_OPTIONAL(attributes_type); + // Likewise, serialize the former optional "RecordType* attributes_type" + // for backwards compatibility. + void* null = NULL; + SERIALIZE(null); info->s->WriteCloseTag("Type"); @@ -288,13 +246,19 @@ bool BroType::DoUnserialize(UnserialInfo* info) tag = (TypeTag) c1; internal_tag = (InternalTypeTag) c2; + bool not_used; + if ( ! (UNSERIALIZE(&is_network_order) && UNSERIALIZE(&base_type) - && UNSERIALIZE(&is_global_attributes_type)) ) + // Unerialize the former "bool is_global_attributes_type" for + // backwards compatibility. + && UNSERIALIZE(¬_used)) ) return 0; - BroType* type; - UNSERIALIZE_OPTIONAL(type, BroType::Unserialize(info, TYPE_RECORD)); - attributes_type = (RecordType*) type; + BroType* not_used_either; + + // Likewise, unserialize the former optional "RecordType* + // attributes_type" for backwards compatibility. + UNSERIALIZE_OPTIONAL(not_used_either, BroType::Unserialize(info, TYPE_RECORD)); return true; } @@ -721,9 +685,6 @@ TypeDecl::TypeDecl(BroType* t, const char* i, attr_list* arg_attrs) type = t; attrs = arg_attrs ? new Attributes(arg_attrs, t) : 0; id = i; - - if ( in_global_attr_decl && ! attrs->FindAttr(ATTR_DEFAULT) ) - error("global attribute types must have default values"); } TypeDecl::~TypeDecl() diff --git a/src/Type.h b/src/Type.h index 7778fabc1e..ff4d3df9e6 100644 --- a/src/Type.h +++ b/src/Type.h @@ -60,9 +60,6 @@ class EnumType; class Serializer; class VectorType; -extern bool in_global_attr_decl; -extern RecordType* global_attributes_type; - const int DOES_NOT_MATCH_INDEX = 0; const int MATCHES_INDEX_SCALAR = 1; const int MATCHES_INDEX_VECTOR = 2; @@ -74,15 +71,6 @@ public: TypeTag Tag() const { return tag; } InternalTypeTag InternalType() const { return internal_tag; } - // Type for the attributes (metadata) on this type. - RecordType* AttributesType() - { - if ( ! attributes_type ) - attributes_type = global_attributes_type; - return attributes_type; - } - bool SetAttributesType(type_decl_list* attr_types); - // Whether it's stored in network order. int IsNetworkOrder() const { return is_network_order; } @@ -211,8 +199,6 @@ public: BroType* Ref() { ::Ref(this); return this; } - void MakeGlobalAttributeType() { is_global_attributes_type = true; } - virtual void Describe(ODesc* d) const; virtual unsigned MemoryAllocation() const; @@ -221,7 +207,7 @@ public: static BroType* Unserialize(UnserialInfo* info, TypeTag want = TYPE_ANY); protected: - BroType() { attributes_type = 0; } + BroType() { } void SetError(); @@ -232,8 +218,6 @@ private: InternalTypeTag internal_tag; bool is_network_order; bool base_type; - bool is_global_attributes_type; - RecordType* attributes_type; }; class TypeList : public BroType { diff --git a/src/Val.cc b/src/Val.cc index f43bafe4d7..4519d76f30 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -414,15 +414,6 @@ bool Val::DoUnserialize(UnserialInfo* info) return false; } -RecordVal* Val::GetAttribs(bool instantiate) - { - if ( ! instantiate || attribs ) - return attribs; - - attribs = new RecordVal(type->AttributesType()); - return attribs; - } - int Val::IsZero() const { switch ( type->InternalType() ) { diff --git a/src/Val.h b/src/Val.h index 5a2faee9d7..d21562c907 100644 --- a/src/Val.h +++ b/src/Val.h @@ -178,13 +178,6 @@ public: Val* Ref() { ::Ref(this); return this; } virtual Val* Clone() const; - RecordVal* GetAttribs(bool instantiate); - void SetAttribs(RecordVal* arg_attribs) - { - Unref((Val*) attribs); - attribs = arg_attribs; - } - int IsZero() const; int IsOne() const; diff --git a/src/parse.y b/src/parse.y index b0bb39f0ea..3cf2c07b18 100644 --- a/src/parse.y +++ b/src/parse.y @@ -8,7 +8,7 @@ %token TOK_BOOL TOK_BREAK TOK_CASE TOK_CONST %token TOK_CONSTANT TOK_COPY TOK_COUNT TOK_COUNTER TOK_DEFAULT TOK_DELETE %token TOK_DOUBLE TOK_ELSE TOK_ENUM TOK_EVENT TOK_EXPORT TOK_FILE TOK_FOR -%token TOK_FUNCTION TOK_GLOBAL TOK_GLOBAL_ATTR TOK_ID TOK_IF TOK_INT +%token TOK_FUNCTION TOK_GLOBAL TOK_ID TOK_IF TOK_INT %token TOK_INTERVAL TOK_LIST TOK_LOCAL TOK_MODULE TOK_MATCH TOK_NET %token TOK_NEXT TOK_OF TOK_PATTERN TOK_PATTERN_TEXT %token TOK_PORT TOK_PRINT TOK_RECORD TOK_REDEF @@ -53,7 +53,7 @@ %type func_hdr func_params %type type_list %type type_decl formal_args_decl -%type type_decl_list formal_args_decl_list opt_attr_attr +%type type_decl_list formal_args_decl_list %type formal_args %type expr_list opt_expr_list %type case @@ -417,13 +417,7 @@ expr: | expr TOK_HAS_FIELD TOK_ID { set_location(@1, @3); - $$ = new HasFieldExpr($1, $3, false); - } - - | expr TOK_HAS_ATTR TOK_ID - { - set_location(@1, @3); - $$ = new HasFieldExpr($1, $3, true); + $$ = new HasFieldExpr($1, $3); } | anonymous_function @@ -821,17 +815,9 @@ decl: } } - | TOK_TYPE global_id ':' refined_type opt_attr opt_attr_attr ';' + | TOK_TYPE global_id ':' refined_type opt_attr ';' { add_type($2, $4, $5, 0); - if ( $6 ) - $2->AsType()->SetAttributesType($6); - } - - | TOK_GLOBAL_ATTR ':' { in_global_attr_decl = true; } - '{' type_decl_list '}' ';' { in_global_attr_decl = false; } - { - global_attributes_type = new RecordType($5); } | TOK_EVENT event_id ':' refined_type opt_attr ';' @@ -856,13 +842,6 @@ conditional: { do_atelse(); } ; -opt_attr_attr: - TOK_ATTR_ATTR '=' '{' type_decl_list '}' - { $$ = $4; } - | - { $$ = 0; } - ; - func_hdr: TOK_FUNCTION global_id func_params { diff --git a/src/scan.l b/src/scan.l index 0d479dc44e..9dc4d828e0 100644 --- a/src/scan.l +++ b/src/scan.l @@ -151,9 +151,7 @@ file return TOK_FILE; for return TOK_FOR; function return TOK_FUNCTION; global return TOK_GLOBAL; -global_attr return TOK_GLOBAL_ATTR; "?$" return TOK_HAS_FIELD; -"?$$" return TOK_HAS_ATTR; if return TOK_IF; in return TOK_IN; "!"{OWS}in/[^A-Za-z0-9] return TOK_NOT_IN; /* don't confuse w "! infoo"! */ From 0a3f84681a48c5b644bed8a23a73aed93cc0fca2 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 19 Jan 2011 18:11:40 -0800 Subject: [PATCH 19/19] Updating submodules. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aux/binpac b/aux/binpac index 7bbd3b14c0..898cfd5ddc 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 7bbd3b14c02321ff2a63d7267e9ae022bda4f5bc +Subproject commit 898cfd5ddc8cd356e4052c0bd699e51812a91e98 diff --git a/aux/bro-aux b/aux/bro-aux index 62b2f1bdd5..d741ee2ebd 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 62b2f1bdd52d355fb0384c3f0e8f1879c7c17724 +Subproject commit d741ee2ebd6576d9329218bfb53941b4de5375b6 diff --git a/aux/broccoli b/aux/broccoli index 72fbaebc88..c745d747ec 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 72fbaebc886f5538b4a3c07f6e334c28bfb4138a +Subproject commit c745d747ec65f608bead605fc26f84ca44be21c9 diff --git a/aux/broctl b/aux/broctl index c41aa2131c..4133635936 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit c41aa2131ce5aa07ce675d9ccbd4d61455f623d7 +Subproject commit 41336359365238036fd63f8bf8d2624da71c200b