Move all of the rule matching code to zeek::detail

src/file_analysis/File.cc

@@ -333,7 +333,7 @@ void File::InferMetadata()
 	if ( ! FileEventAvailable(file_sniff) )
 		return;
 
-	RuleMatcher::MIME_Matches matches;
+	zeek::detail::RuleMatcher::MIME_Matches matches;
 	const u_char* data = bof_buffer_val->AsString()->Bytes();
 	uint64_t len = bof_buffer_val->AsString()->Len();
 	len = std::min(len, LookupFieldDefaultCount(bof_buffer_size_idx));

src/file_analysis/Manager.cc

@@ -47,7 +47,7 @@ void Manager::InitPostScript()
 void Manager::InitMagic()
 	{
 	delete magic_state;
-	magic_state = rule_matcher->InitFileMagic();
+	magic_state = zeek::detail::rule_matcher->InitFileMagic();
 	}
 
 void Manager::Terminate()
@@ -495,20 +495,21 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag,
 	return a;
 	}
 
-RuleMatcher::MIME_Matches* Manager::DetectMIME(const u_char* data, uint64_t len,
-        RuleMatcher::MIME_Matches* rval) const
+zeek::detail::RuleMatcher::MIME_Matches* Manager::DetectMIME(
+	const u_char* data, uint64_t len,
+	zeek::detail::RuleMatcher::MIME_Matches* rval) const
 	{
 	if ( ! magic_state )
 		reporter->InternalError("file magic signature state not initialized");
 
-	rval = rule_matcher->Match(magic_state, data, len, rval);
-	rule_matcher->ClearFileMagicState(magic_state);
+	rval = zeek::detail::rule_matcher->Match(magic_state, data, len, rval);
+	zeek::detail::rule_matcher->ClearFileMagicState(magic_state);
 	return rval;
 	}
 
 string Manager::DetectMIME(const u_char* data, uint64_t len) const
 	{
-	RuleMatcher::MIME_Matches matches;
+	zeek::detail::RuleMatcher::MIME_Matches matches;
 	DetectMIME(data, len, &matches);
 
 	if ( matches.empty() )
@@ -517,13 +518,13 @@ string Manager::DetectMIME(const u_char* data, uint64_t len) const
 	return *(matches.begin()->second.begin());
 	}
 
-zeek::VectorValPtr file_analysis::GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m)
+zeek::VectorValPtr file_analysis::GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m)
 	{
 	static auto mime_matches = zeek::id::find_type<zeek::VectorType>("mime_matches");
 	static auto mime_match = zeek::id::find_type<zeek::RecordType>("mime_match");
 	auto rval = zeek::make_intrusive<zeek::VectorVal>(mime_matches);
 
-	for ( RuleMatcher::MIME_Matches::const_iterator it = m.begin();
+	for ( zeek::detail::RuleMatcher::MIME_Matches::const_iterator it = m.begin();
 	      it != m.end(); ++it )
 		{
 		auto element = zeek::make_intrusive<zeek::RecordVal>(mime_match);

src/file_analysis/Manager.h

@@ -326,8 +326,9 @@ public:
 	 * @return Set of all matching file magic signatures, which may be
 	 *         an object allocated by the method if \a rval is a null pointer.
 	 */
-	RuleMatcher::MIME_Matches* DetectMIME(const u_char* data, uint64_t len,
-					      RuleMatcher::MIME_Matches* rval) const;
+	zeek::detail::RuleMatcher::MIME_Matches* DetectMIME(
+		const u_char* data, uint64_t len,
+		zeek::detail::RuleMatcher::MIME_Matches* rval) const;
 
 	/**
 	 * Returns the strongest MIME magic signature match for a given data chunk.
@@ -421,7 +422,7 @@ private:
 	std::map<std::string, File*> id_map;  /**< Map file ID to file_analysis::File records. */
 	std::set<std::string> ignored; /**< Ignored files.  Will be finally removed on EOF. */
 	std::string current_file_id;	/**< Hash of what get_file_handle event sets. */
-	RuleFileMagicState* magic_state;	/**< File magic signature match state. */
+	zeek::detail::RuleFileMagicState* magic_state;	/**< File magic signature match state. */
 	MIMEMap mime_types;/**< Mapping of MIME types to analyzers. */
 
 	inline static zeek::TableVal* disabled = nullptr;	/**< Table of disabled analyzers. */
@@ -435,7 +436,7 @@ private:
  * Returns a script-layer value corresponding to the \c mime_matches type.
  * @param m The MIME match information with which to populate the value.
  */
-zeek::VectorValPtr GenMIMEMatchesVal(const RuleMatcher::MIME_Matches& m);
+zeek::VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m);
 
 } // namespace file_analysis