mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 03:58:20 +00:00
Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog
This commit is contained in:
Bernhard Amann
commit
3e74cdc6e0
37 changed files with 475 additions and 344 deletions
|
|
@ -239,6 +239,11 @@ TableType* record_field_table;
|
|||
|
||||
StringVal* cmd_line_bpf_filter;
|
||||
|
||||
OpaqueType* md5_type;
|
||||
OpaqueType* sha1_type;
|
||||
OpaqueType* sha256_type;
|
||||
OpaqueType* entropy_type;
|
||||
|
||||
#include "const.bif.netvar_def"
|
||||
#include "types.bif.netvar_def"
|
||||
#include "event.bif.netvar_def"
|
||||
|
|
@ -298,6 +303,11 @@ void init_general_global_var()
|
|||
|
||||
cmd_line_bpf_filter =
|
||||
internal_val("cmd_line_bpf_filter")->AsStringVal();
|
||||
|
||||
md5_type = new OpaqueType("md5");
|
||||
sha1_type = new OpaqueType("sha1");
|
||||
sha256_type = new OpaqueType("sha256");
|
||||
entropy_type = new OpaqueType("entropy");
|
||||
}
|
||||
|
||||
void init_net_var()
|
||||
|
|
@ -346,7 +356,7 @@ void init_net_var()
|
|||
opt_internal_int("tcp_excessive_data_without_further_acks");
|
||||
|
||||
x509_type = internal_type("X509")->AsRecordType();
|
||||
|
||||
|
||||
socks_address = internal_type("SOCKS::Address")->AsRecordType();
|
||||
|
||||
non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime");
|
||||
|
|
|
|||
|
|
@ -243,6 +243,12 @@ extern TableType* record_field_table;
|
|||
|
||||
extern StringVal* cmd_line_bpf_filter;
|
||||
|
||||
class OpaqueType;
|
||||
extern OpaqueType* md5_type;
|
||||
extern OpaqueType* sha1_type;
|
||||
extern OpaqueType* sha256_type;
|
||||
extern OpaqueType* entropy_type;
|
||||
|
||||
// Initializes globals that don't pertain to network/event analysis.
|
||||
extern void init_general_global_var();
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
#include "OpaqueVal.h"
|
||||
#include "NetVar.h"
|
||||
#include "Reporter.h"
|
||||
#include "Serializer.h"
|
||||
#include "HyperLogLog.h"
|
||||
|
|
@ -144,6 +145,10 @@ bool HashVal::DoUnserialize(UnserialInfo* info)
|
|||
return UNSERIALIZE(&valid);
|
||||
}
|
||||
|
||||
MD5Val::MD5Val() : HashVal(md5_type)
|
||||
{
|
||||
}
|
||||
|
||||
void MD5Val::digest(val_list& vlist, u_char result[MD5_DIGEST_LENGTH])
|
||||
{
|
||||
MD5_CTX h;
|
||||
|
|
@ -261,6 +266,10 @@ bool MD5Val::DoUnserialize(UnserialInfo* info)
|
|||
return true;
|
||||
}
|
||||
|
||||
SHA1Val::SHA1Val() : HashVal(sha1_type)
|
||||
{
|
||||
}
|
||||
|
||||
void SHA1Val::digest(val_list& vlist, u_char result[SHA_DIGEST_LENGTH])
|
||||
{
|
||||
SHA_CTX h;
|
||||
|
|
@ -369,6 +378,10 @@ bool SHA1Val::DoUnserialize(UnserialInfo* info)
|
|||
return true;
|
||||
}
|
||||
|
||||
SHA256Val::SHA256Val() : HashVal(sha256_type)
|
||||
{
|
||||
}
|
||||
|
||||
void SHA256Val::digest(val_list& vlist, u_char result[SHA256_DIGEST_LENGTH])
|
||||
{
|
||||
SHA256_CTX h;
|
||||
|
|
@ -482,6 +495,9 @@ bool SHA256Val::DoUnserialize(UnserialInfo* info)
|
|||
return true;
|
||||
}
|
||||
|
||||
EntropyVal::EntropyVal() : OpaqueVal(entropy_type)
|
||||
{
|
||||
}
|
||||
|
||||
bool EntropyVal::Feed(const void* data, size_t size)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public:
|
|||
u_char key[MD5_DIGEST_LENGTH],
|
||||
u_char result[MD5_DIGEST_LENGTH]);
|
||||
|
||||
MD5Val() : HashVal(new OpaqueType("md5")) { }
|
||||
MD5Val();
|
||||
|
||||
protected:
|
||||
friend class Val;
|
||||
|
|
@ -73,7 +73,7 @@ class SHA1Val : public HashVal {
|
|||
public:
|
||||
static void digest(val_list& vlist, u_char result[SHA_DIGEST_LENGTH]);
|
||||
|
||||
SHA1Val() : HashVal(new OpaqueType("sha1")) { }
|
||||
SHA1Val();
|
||||
|
||||
protected:
|
||||
friend class Val;
|
||||
|
|
@ -92,7 +92,7 @@ class SHA256Val : public HashVal {
|
|||
public:
|
||||
static void digest(val_list& vlist, u_char result[SHA256_DIGEST_LENGTH]);
|
||||
|
||||
SHA256Val() : HashVal(new OpaqueType("sha256")) { }
|
||||
SHA256Val();
|
||||
|
||||
protected:
|
||||
friend class Val;
|
||||
|
|
@ -109,7 +109,7 @@ private:
|
|||
|
||||
class EntropyVal : public OpaqueVal {
|
||||
public:
|
||||
EntropyVal() : OpaqueVal(new OpaqueType("entropy")) { }
|
||||
EntropyVal();
|
||||
|
||||
bool Feed(const void* data, size_t size);
|
||||
bool Get(double *r_ent, double *r_chisq, double *r_mean,
|
||||
|
|
|
|||
21
src/TCP.cc
21
src/TCP.cc
|
|
@ -566,7 +566,7 @@ void TCP_Analyzer::UpdateInactiveState(double t,
|
|||
else
|
||||
endpoint->SetState(TCP_ENDPOINT_SYN_SENT);
|
||||
|
||||
if ( connection_attempt )
|
||||
if ( tcp_attempt_delay )
|
||||
ADD_ANALYZER_TIMER(&TCP_Analyzer::AttemptTimer,
|
||||
t + tcp_attempt_delay, 1,
|
||||
TIMER_TCP_ATTEMPT);
|
||||
|
|
@ -1497,24 +1497,7 @@ void TCP_Analyzer::ExpireTimer(double t)
|
|||
|
||||
if ( resp->state == TCP_ENDPOINT_INACTIVE )
|
||||
{
|
||||
if ( (orig->state == TCP_ENDPOINT_SYN_SENT ||
|
||||
orig->state == TCP_ENDPOINT_SYN_ACK_SENT) )
|
||||
{
|
||||
if ( ! connection_attempt )
|
||||
{
|
||||
// Time out the connection attempt,
|
||||
// since the AttemptTimer isn't going
|
||||
// to do it for us, and we don't want
|
||||
// to clog the data structures with
|
||||
// old, failed attempts.
|
||||
Event(connection_timeout);
|
||||
is_active = 0;
|
||||
sessions->Remove(Conn());
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
else if ( orig->state == TCP_ENDPOINT_INACTIVE )
|
||||
if ( orig->state == TCP_ENDPOINT_INACTIVE )
|
||||
{
|
||||
// Nothing ever happened on this connection.
|
||||
// This can occur when we see a trashed
|
||||
|
|
|
|||
|
|
@ -1749,7 +1749,7 @@ Val* TableVal::Default(Val* index)
|
|||
|
||||
if ( def_val->Type()->Tag() != TYPE_FUNC ||
|
||||
same_type(def_val->Type(), Type()->YieldType()) )
|
||||
return def_val->Ref();
|
||||
return def_attr->AttrExpr()->IsConst() ? def_val->Ref() : def_val->Clone();
|
||||
|
||||
const Func* f = def_val->AsFunc();
|
||||
val_list* vl = new val_list();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue