Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove unnecessary #includes in analyzer/packet analyzer/file analyzer headers

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-04-08 14:57:34 -07:00
parent 896e41c794
commit 456c1fa42c
72 changed files with 41 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Discard.cc
View file

@ -22,6 +22,8 @@ Discarder::Discarder() {
discarder_maxlen = static_cast<int>(id::find_val("discarder_maxlen")->AsCount());
}
Discarder::~Discarder() {}
bool Discarder::IsActive() { return check_ip || check_tcp || check_udp || check_icmp; }
bool Discarder::NextPacket(const std::shared_ptr<IP_Hdr>& ip, int len, int caplen) {

2
src/Discard.h
View file

@ -19,7 +19,7 @@ namespace detail {
class Discarder final {
public:
Discarder();
~Discarder() = default;
~Discarder();
bool IsActive();

1
src/analyzer/Analyzer.h
View file

@ -10,7 +10,6 @@
#include "zeek/EventHandler.h"
#include "zeek/IntrusivePtr.h"
#include "zeek/Obj.h"
#include "zeek/Tag.h"
#include "zeek/Timer.h"

2
src/analyzer/Component.h
View file

@ -2,8 +2,6 @@
#pragma once
#include "zeek/zeek-config.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"
#include "zeek/util.h"

2
src/analyzer/Manager.h
View file

@ -24,10 +24,10 @@
#include <vector>
#include "zeek/IP.h"
#include "zeek/IPAddr.h"
#include "zeek/Tag.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/Component.h"
#include "zeek/analyzer/analyzer.bif.h"
#include "zeek/net_util.h"
#include "zeek/plugin/ComponentManager.h"

1
src/analyzer/protocol/conn-size/ConnSize.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/NetVar.h"
#include "zeek/analyzer/Analyzer.h"
namespace zeek::analyzer::conn_size {

4
src/analyzer/protocol/dce-rpc/DCE_RPC.h
View file

@ -2,10 +2,8 @@
#pragma once
#include "zeek/IPAddr.h"
#include "zeek/NetVar.h"
#include "zeek/Conn.h"
#include "zeek/analyzer/protocol/dce-rpc/dce_rpc_pac.h"
#include "zeek/analyzer/protocol/dce-rpc/events.bif.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
namespace zeek::analyzer::dce_rpc {

6
src/analyzer/protocol/dns/DNS.cc
View file

@ -792,7 +792,7 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len, String** p) {
uint16_t dlen = ExtractShort(data, len);
dlen = min(len, static_cast<int>(dlen));
dlen = std::min(len, static_cast<int>(dlen));
if ( p )
*p = new String(data, dlen, false);
@ -802,8 +802,8 @@ void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len, String** p) {
}
String* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int l) {
l = max(l, 0);
int dlen = min(len, l); // Len in bytes of the algorithm use
l = std::max(l, 0);
int dlen = std::min(len, l); // Len in bytes of the algorithm use
auto rval = new String(data, dlen, false);
data += dlen;

1
src/analyzer/protocol/dns/DNS.h
View file

@ -3,7 +3,6 @@
#pragma once
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/binpac_zeek.h"
namespace zeek::analyzer::dns {
namespace detail {

1
src/analyzer/protocol/gssapi/GSSAPI.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/gssapi/events.bif.h"
#include "zeek/analyzer/protocol/gssapi/gssapi_pac.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"

3
src/analyzer/protocol/imap/IMAP.h
View file

@ -2,9 +2,6 @@
#pragma once
// for std::transform
#include <algorithm>
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "analyzer/protocol/imap/imap_pac.h"

6
src/analyzer/protocol/krb/KRB.h
View file

@ -2,15 +2,15 @@
#pragma once
// This is needed for USE_KRB5 below.
#include "zeek/zeek-config.h"
#include <mutex>
#ifdef USE_KRB5
#include <krb5/krb5.h>
#endif
#include "analyzer/protocol/krb/krb_pac.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/protocol/krb/krb_pac.h"
namespace zeek::analyzer::krb {

1
src/analyzer/protocol/mime/MIME.h
View file

@ -4,7 +4,6 @@
#include <cassert>
#include <cstdio>
#include <queue>
#include <vector>
#include "zeek/Reporter.h"

1
src/analyzer/protocol/mqtt/MQTT.h
View file

@ -4,7 +4,6 @@
#pragma once
#include "zeek/ID.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
namespace binpac {

1
src/analyzer/protocol/mysql/MySQL.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/mysql/events.bif.h"
#include "zeek/analyzer/protocol/mysql/mysql_pac.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"

1
src/analyzer/protocol/ncp/NCP.h
View file

@ -17,7 +17,6 @@
//
// http://faydoc.tripod.com/structures/21/2149.htm
#include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "analyzer/protocol/ncp/ncp_pac.h"

1
src/analyzer/protocol/ntlm/NTLM.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/ntlm/events.bif.h"
#include "zeek/analyzer/protocol/ntlm/ntlm_pac.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"

2
src/analyzer/protocol/ntp/NTP.h
View file

@ -2,9 +2,7 @@
#pragma once
#include "zeek/analyzer/protocol/ntp/events.bif.h"
#include "zeek/analyzer/protocol/ntp/ntp_pac.h"
#include "zeek/analyzer/protocol/ntp/types.bif.h"
namespace zeek::analyzer::ntp {

1
src/analyzer/protocol/radius/RADIUS.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/radius/events.bif.h"
#include "zeek/analyzer/protocol/radius/radius_pac.h"
namespace zeek::analyzer::radius {

1
src/analyzer/protocol/rdp/RDP.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/rdp/events.bif.h"
#include "zeek/analyzer/protocol/rdp/rdp_pac.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"

1
src/analyzer/protocol/rdp/RDPEUDP.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/rdp/events.bif.h"
#include "zeek/analyzer/protocol/rdp/rdpeudp_pac.h"
namespace zeek::analyzer::rdpeudp {

1
src/analyzer/protocol/rfb/RFB.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/rfb/events.bif.h"
#include "zeek/analyzer/protocol/rfb/rfb_pac.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"

1
src/analyzer/protocol/rpc/NFS.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/rpc/RPC.h"
namespace zeek::analyzer::rpc {

1
src/analyzer/protocol/rpc/RPC.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
namespace zeek::analyzer::rpc {

2
src/analyzer/protocol/rpc/XDR.h
View file

@ -5,8 +5,6 @@
#include <netinet/in.h>
#include <sys/types.h>
#include "zeek/util.h"
namespace zeek::analyzer::rpc {
extern uint32_t extract_XDR_uint32(const u_char*& buf, int& len);

1
src/analyzer/protocol/sip/SIP.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/sip/events.bif.h"
#include "zeek/analyzer/protocol/sip/sip_pac.h"
namespace zeek::analyzer::sip {

3
src/analyzer/protocol/snmp/SNMP.h
View file

@ -2,7 +2,8 @@
#pragma once
#include "analyzer/protocol/snmp/snmp_pac.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/protocol/snmp/snmp_pac.h"
namespace zeek::analyzer::snmp {

1
src/analyzer/protocol/snmp/snmp.pac
View file

@ -2,7 +2,6 @@
%include zeek.pac
%extern{
#include "zeek/Reporter.h"
#include "zeek/analyzer/protocol/snmp/types.bif.h"
#include "zeek/analyzer/protocol/snmp/events.bif.h"
%}

1
src/analyzer/protocol/ssh/SSH.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/ssh/events.bif.h"
#include "zeek/analyzer/protocol/ssh/ssh_pac.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"

2
src/analyzer/protocol/ssl/DTLS.h
View file

@ -2,7 +2,7 @@
#pragma once
#include "zeek/analyzer/protocol/ssl/events.bif.h"
#include "zeek/analyzer/Analyzer.h"
namespace binpac {
namespace DTLS {

1
src/analyzer/protocol/ssl/SSL.h
View file

@ -3,7 +3,6 @@
#pragma once
#include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/analyzer/protocol/ssl/events.bif.h"
#include "zeek/analyzer/protocol/tcp/TCP.h"
namespace binpac {

2
src/analyzer/protocol/syslog/legacy/Syslog.h
View file

@ -2,7 +2,7 @@
#pragma once
#include "zeek/analyzer/protocol/tcp/TCP.h"
#include "zeek/analyzer/Analyzer.h"
#include "analyzer/protocol/syslog/legacy/syslog_pac.h"

2
src/analyzer/protocol/tcp/TCP.h
View file

@ -3,10 +3,8 @@
#pragma once
#include "zeek/Conn.h"
#include "zeek/IPAddr.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h"
#include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
namespace zeek::analyzer::pia {

2
src/analyzer/protocol/zip/ZIP.h
View file

@ -2,8 +2,6 @@
#pragma once
#include "zeek/zeek-config.h"
#include <zlib.h>
#include "zeek/analyzer/protocol/tcp/TCP.h"

2
src/file_analysis/Component.h
View file

@ -2,8 +2,6 @@
#pragma once
#include "zeek/zeek-config.h"
#include "zeek/Tag.h"
#include "zeek/plugin/Component.h"

4
src/file_analysis/File.cc
View file

@ -2,21 +2,21 @@
#include "zeek/file_analysis/File.h"
#include <limits>
#include <utility>
#include "zeek/Conn.h"
#include "zeek/Event.h"
#include "zeek/Reporter.h"
#include "zeek/RuleMatcher.h"
#include "zeek/Type.h"
#include "zeek/Val.h"
#include "zeek/analyzer/Analyzer.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/file_analysis/Analyzer.h"
#include "zeek/file_analysis/FileReassembler.h"
#include "zeek/file_analysis/FileTimer.h"
#include "zeek/file_analysis/Manager.h"
#include "zeek/file_analysis/analyzer/extract/Extract.h"
#include "zeek/file_analysis/analyzer/extract/events.bif.h"
namespace zeek::file_analysis {

2
src/file_analysis/File.h
View file

@ -4,12 +4,10 @@
#include <list>
#include <string>
#include <utility>
#include "zeek/Tag.h"
#include "zeek/WeirdState.h"
#include "zeek/ZeekArgs.h"
#include "zeek/ZeekList.h" // for ValPList
#include "zeek/ZeekString.h"
#include "zeek/file_analysis/AnalyzerSet.h"

1
src/file_analysis/FileReassembler.h
View file

@ -7,7 +7,6 @@
namespace zeek {
class Connection;
class File;
namespace file_analysis {

2
src/file_analysis/analyzer/data_event/DataEvent.h
View file

@ -2,8 +2,6 @@
#pragma once
#include <string>
#include "zeek/EventHandler.h"
#include "zeek/Val.h"
#include "zeek/file_analysis/Analyzer.h"

1
src/file_analysis/analyzer/entropy/Entropy.cc
View file

@ -6,6 +6,7 @@
#include "zeek/Event.h"
#include "zeek/file_analysis/Manager.h"
#include "zeek/file_analysis/analyzer/entropy/events.bif.h"
#include "zeek/util.h"
namespace zeek::file_analysis::detail {

3
src/file_analysis/analyzer/entropy/Entropy.h
View file

@ -2,13 +2,10 @@
#pragma once
#include <string>
#include "zeek/OpaqueVal.h"
#include "zeek/Val.h"
#include "zeek/file_analysis/Analyzer.h"
#include "zeek/file_analysis/File.h"
#include "zeek/file_analysis/analyzer/entropy/events.bif.h"
namespace zeek::file_analysis::detail {

2
src/file_analysis/analyzer/extract/Extract.cc
View file

@ -5,8 +5,8 @@
#include <fcntl.h>
#include <string>
#include "zeek/Event.h"
#include "zeek/file_analysis/Manager.h"
#include "zeek/file_analysis/analyzer/extract/events.bif.h"
#include "zeek/util.h"
namespace zeek::file_analysis::detail {

1
src/file_analysis/analyzer/extract/Extract.h
View file

@ -8,7 +8,6 @@
#include "zeek/Val.h"
#include "zeek/file_analysis/Analyzer.h"
#include "zeek/file_analysis/File.h"
#include "zeek/file_analysis/analyzer/extract/events.bif.h"
namespace zeek::file_analysis::detail {

2
src/file_analysis/analyzer/hash/Hash.h
View file

@ -2,8 +2,6 @@
#pragma once
#include <string>
#include "zeek/OpaqueVal.h"
#include "zeek/Val.h"
#include "zeek/file_analysis/Analyzer.h"

3
src/file_analysis/analyzer/pe/PE.h
View file

@ -2,9 +2,6 @@
#pragma once
#include <string>
#include "zeek/File.h"
#include "zeek/Val.h"
#include "file_analysis/analyzer/pe/pe_pac.h"

2
src/packet_analysis/Component.h
View file

@ -2,8 +2,6 @@
#pragma once
#include "zeek/zeek-config.h"
#include <functional>
#include "zeek/Tag.h"

1
src/packet_analysis/Dispatcher.h
View file

@ -3,7 +3,6 @@
#pragma once
#include <cstdint>
#include <map>
#include <memory>
#include <vector>

1
src/packet_analysis/Manager.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/Func.h"
#include "zeek/PacketFilter.h"
#include "zeek/Tag.h"
#include "zeek/iosource/Packet.h"

2
src/packet_analysis/protocol/ayiya/AYIYA.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::AYIYA {

2
src/packet_analysis/protocol/fddi/FDDI.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::FDDI {

3
src/packet_analysis/protocol/geneve/Geneve.h
View file

@ -2,11 +2,12 @@
#pragma once
#include <cstdint>
#include <functional>
#include "zeek/Span.h"
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::Geneve {

2
src/packet_analysis/protocol/gre/GRE.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::GRE {

1
src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
View file

@ -2,6 +2,7 @@
#include "zeek/packet_analysis/protocol/icmp/ICMPSessionAdapter.h"
#include "zeek/Conn.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/conn-size/ConnSize.h"

2
src/packet_analysis/protocol/ieee802_11/IEEE802_11.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::IEEE802_11 {

2
src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::IEEE802_11_Radio {

1
src/packet_analysis/protocol/ip/IP.cc
View file

@ -8,7 +8,6 @@
#include "zeek/Event.h"
#include "zeek/Frag.h"
#include "zeek/IP.h"
#include "zeek/IPAddr.h"
#include "zeek/NetVar.h"
#include "zeek/PacketFilter.h"
#include "zeek/RunState.h"

1
src/packet_analysis/protocol/ip/IPBasedAnalyzer.h
View file

@ -5,7 +5,6 @@
#include <map>
#include <set>
#include "zeek/ID.h"
#include "zeek/Tag.h"
#include "zeek/packet_analysis/Analyzer.h"

4
src/packet_analysis/protocol/linux_sll2/LinuxSLL2.h
View file

@ -2,8 +2,10 @@
#pragma once
#include <cstdint>
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::LinuxSLL2 {

2
src/packet_analysis/protocol/llc/LLC.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::LLC {

2
src/packet_analysis/protocol/mpls/MPLS.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::MPLS {

2
src/packet_analysis/protocol/nflog/NFLog.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::NFLog {

2
src/packet_analysis/protocol/novell_802_3/Novell_802_3.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::Novell_802_3 {

2
src/packet_analysis/protocol/ppp/PPP.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::PPP {

2
src/packet_analysis/protocol/ppp_serial/PPPSerial.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::PPPSerial {

2
src/packet_analysis/protocol/pppoe/PPPoE.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::PPPoE {

1
src/packet_analysis/protocol/tcp/TCP.h
View file

@ -2,7 +2,6 @@
#pragma once
#include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"

2
src/packet_analysis/protocol/tcp/TCPSessionAdapter.h
View file

@ -5,8 +5,6 @@
#include "zeek/Tag.h"
#include "zeek/analyzer/protocol/tcp/TCP_Endpoint.h"
#include "zeek/analyzer/protocol/tcp/TCP_Flags.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
#include "zeek/session/Manager.h"

1
src/packet_analysis/protocol/teredo/Teredo.h
View file

@ -5,7 +5,6 @@
#include <map>
#include "zeek/Conn.h"
#include "zeek/NetVar.h"
#include "zeek/RE.h"
#include "zeek/Reporter.h"
#include "zeek/packet_analysis/Analyzer.h"

2
src/packet_analysis/protocol/vntag/VNTag.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::VNTag {

2
src/packet_analysis/protocol/vxlan/VXLAN.h
View file

@ -2,8 +2,8 @@
#pragma once
#include "zeek/iosource/Packet.h"
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
namespace zeek::packet_analysis::VXLAN {

1
src/spicy/manager.cc
View file

@ -24,6 +24,7 @@
#include <hilti/autogen/config.h>
#include "zeek/Event.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/file_analysis/Manager.h"
#include "zeek/packet_analysis/Manager.h"

1
testing/btest/plugins/protocol-plugin/src/Foo.cc
View file

@ -2,6 +2,7 @@
#include "Foo.h"
#include "zeek/EventRegistry.h"
#include "zeek/Func.h"
#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
#include "events.bif.h"