Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'master' into devel

Browse source
This commit is contained in:
Robin Sommer 2010-11-27 17:25:09 -08:00
commit 49cd330110
125 changed files with 2304 additions and 7592 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/ARP.h
View file

@ -13,9 +13,9 @@
#include <net/if_arp.h>
#ifdef HAVE_NET_ETHERNET_H
#include <net/ethernet.h>
#elif HAVE_SYS_ETHERNET_H
#elif defined(HAVE_SYS_ETHERNET_H)
#include <sys/ethernet.h>
#elif HAVE_NETINET_IF_ETHER_H
#elif defined(HAVE_NETINET_IF_ETHER_H)
#include <netinet/if_ether.h>
#endif

4
src/Analyzer.cc
View file

@ -113,10 +113,8 @@ const Analyzer::Config Analyzer::analyzer_configs[] = {
SMTP_Analyzer::Available, 0, false },
{ AnalyzerTag::SSH, "SSH", SSH_Analyzer::InstantiateAnalyzer,
SSH_Analyzer::Available, 0, false },
#ifdef USE_OPENSSL
{ AnalyzerTag::SSL, "SSL", SSLProxy_Analyzer::InstantiateAnalyzer,
SSLProxy_Analyzer::Available, 0, false },
#endif
{ AnalyzerTag::Telnet, "TELNET", Telnet_Analyzer::InstantiateAnalyzer,
Telnet_Analyzer::Available, 0, false },
@ -167,9 +165,7 @@ const Analyzer::Config Analyzer::analyzer_configs[] = {
{ AnalyzerTag::Contents_SMB, "CONTENTS_SMB", 0, 0, 0, false },
{ AnalyzerTag::Contents_RPC, "CONTENTS_RPC", 0, 0, 0, false },
{ AnalyzerTag::Contents_NFS, "CONTENTS_NFS", 0, 0, 0, false },
#ifdef USE_OPENSSL
{ AnalyzerTag::Contents_SSL, "CONTENTS_SSL", 0, 0, 0, false },
#endif
};
AnalyzerTimer::~AnalyzerTimer()

4
src/AnalyzerTags.h
View file

@ -29,9 +29,7 @@ namespace AnalyzerTag {
DCE_RPC, DNS, Finger, FTP, Gnutella, HTTP, Ident, IRC,
Login, NCP, NetbiosSSN, NFS, NTP, POP3, Portmapper, Rlogin,
RPC, Rsh, SMB, SMTP, SSH,
#ifdef USE_OPENSSL
SSL,
#endif
Telnet,
// Application-layer analyzers, binpac-generated.
@ -45,9 +43,7 @@ namespace AnalyzerTag {
Contents, ContentLine, NVT, Zip, Contents_DNS, Contents_NCP,
Contents_NetbiosSSN, Contents_Rlogin, Contents_Rsh,
Contents_DCE_RPC, Contents_SMB, Contents_RPC, Contents_NFS,
#ifdef USE_OPENSSL
Contents_SSL,
#endif
// End-marker.
LastAnalyzer
};

5
src/BitTorrentTracker.cc
View file

@ -8,13 +8,8 @@
#include <sys/types.h>
#include <regex.h>
#ifdef USE_INT64
# define FMT_INT "%lld"
# define FMT_UINT "%llu"
#else
# define FMT_INT "%d"
# define FMT_UINT "%u"
#endif
static TableType* bt_tracker_headers = 0;
static RecordType* bittorrent_peer;

399
src/CMakeLists.txt Normal file
View file

@ -0,0 +1,399 @@
include_directories(${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}
)
configure_file(version.c.in ${CMAKE_CURRENT_BINARY_DIR}/version.c)
# This creates a custom command to transform a bison output file (inFile)
# into outFile in order to avoid symbol conflicts:
# - replaces instances of 'yylex' in inFile with yylexPrefix
# - replaces instances of 'yy' in inFile with yyPrefix
# - deletes instances of 'extern char.*getenv' in inFile
# - writes results to outFile and adds it to list TRANSFORMED_BISON_OUTPUTS
macro(REPLACE_YY_PREFIX_TARGET inFile outFile yylexPrefix yyPrefix)
set(args "'/extern char.*getenv/d")
set(args "${args}\;s/yylex/${yylexPrefix}lex/")
set(args "${args}\;s/yy/${yyPrefix}/g'" < ${inFile} > ${outFile})
add_custom_command(OUTPUT ${outFile}
COMMAND ${SED_EXE}
ARGS ${args}
DEPENDS ${inFile}
COMMENT "[sed] replacing stuff in ${inFile}"
)
list(APPEND TRANSFORMED_BISON_OUTPUTS ${outFile})
endmacro(REPLACE_YY_PREFIX_TARGET)
########################################################################
## Create targets to generate parser and scanner code
set(BISON_FLAGS "--debug")
# BIF parser/scanner
bison_target(BIFParser builtin-func.y
${CMAKE_CURRENT_BINARY_DIR}/bif_parse.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/bif_parse.h
VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/bif_parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
flex_target(BIFScanner builtin-func.l ${CMAKE_CURRENT_BINARY_DIR}/bif_lex.cc)
add_flex_bison_dependency(BIFScanner BIFParser)
# Rule parser/scanner
bison_target(RuleParser rule-parse.y
${CMAKE_CURRENT_BINARY_DIR}/rup.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/rup.h
VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/rule_parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.cc
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.cc
rules_ rules_)
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rup.h
${CMAKE_CURRENT_BINARY_DIR}/rule-parse.h
rules_ rules_)
flex_target(RuleScanner rule-scan.l ${CMAKE_CURRENT_BINARY_DIR}/rule-scan.cc
COMPILE_FLAGS "-Prules_")
# RE parser/scanner
bison_target(REParser re-parse.y
${CMAKE_CURRENT_BINARY_DIR}/rep.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/re-parse.h
VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/re_parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/rep.cc
${CMAKE_CURRENT_BINARY_DIR}/re-parse.cc
re_ RE_)
flex_target(REScanner re-scan.l ${CMAKE_CURRENT_BINARY_DIR}/re-scan.cc
COMPILE_FLAGS "-Pre_")
add_flex_bison_dependency(REScanner REParser)
# Parser/Scanner
bison_target(Parser parse.y
${CMAKE_CURRENT_BINARY_DIR}/p.cc
HEADER ${CMAKE_CURRENT_BINARY_DIR}/broparse.h
VERBOSE ${CMAKE_CURRENT_BINARY_DIR}/parse.output
COMPILE_FLAGS "${BISON_FLAGS}")
replace_yy_prefix_target(${CMAKE_CURRENT_BINARY_DIR}/p.cc
${CMAKE_CURRENT_BINARY_DIR}/parse.cc
bro yy)
flex_target(Scanner scan.l ${CMAKE_CURRENT_BINARY_DIR}/scan.cc
COMPILE_FLAGS "-Pbro")
########################################################################
## bifcl (BIF compiler) target
set(bifcl_SRCS
${BISON_BIFParser_OUTPUTS}
${FLEX_BIFScanner_OUTPUTS}
bif_arg.cc
)
add_executable(bifcl ${bifcl_SRCS})
target_link_libraries(bifcl)
########################################################################
## bifcl-dependent targets
# A macro to define a command that uses the BIF compiler to produce
# C++ segments and Bro language declarations from .bif file
# The outputs are appended to list ALL_BIF_OUTPUTS
# Outputs that should be installed are appended to INSTALL_BIF_OUTPUTS
macro(BIF_TARGET bifInput)
get_bif_output_files(${bifInput} bifOutputs)
add_custom_command(OUTPUT ${bifOutputs}
COMMAND bifcl
ARGS ${CMAKE_CURRENT_SOURCE_DIR}/${bifInput}
DEPENDS ${bifInput}
COMMENT "[BIFCL] Processing ${bifInput}"
)
list(APPEND ALL_BIF_OUTPUTS ${bifOutputs})
list(APPEND INSTALL_BIF_OUTPUTS
${CMAKE_CURRENT_BINARY_DIR}/${bifInput}.bro)
endmacro(BIF_TARGET)
# returns a list of output files that bifcl will produce
# for given input file in ${outputFileVar}
macro(GET_BIF_OUTPUT_FILES inputFile outputFileVar)
set(${outputFileVar}
${inputFile}.bro
${inputFile}.func_def
${inputFile}.func_h
${inputFile}.func_init
${inputFile}.netvar_def
${inputFile}.netvar_h
${inputFile}.netvar_init
)
endmacro(GET_BIF_OUTPUT_FILES)
set(BIF_SRCS
bro.bif
event.bif
const.bif
common-rw.bif
finger-rw.bif
ident-rw.bif
dns-rw.bif
ftp-rw.bif
smtp-rw.bif
http-rw.bif
strings.bif
smb-rw.bif
)
foreach (bift ${BIF_SRCS})
bif_target(${bift})
endforeach ()
########################################################################
## BinPAC-dependent targets
set(BINPAC_AUXSRC
binpac.pac
bro.pac
binpac_bro.h
)
# A macro to define a command that uses the BinPac compiler to
# produce C++ code that implements a protocol parser/analyzer
# The outputs of the command are appended to list ALL_BINPAC_OUTPUTS
macro(BINPAC_TARGET pacFile)
get_filename_component(basename ${pacFile} NAME_WE)
add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h
${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc
COMMAND ${BinPAC_EXE}
ARGS -d ${CMAKE_CURRENT_BINARY_DIR}
-I ${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/${pacFile}
DEPENDS ${BinPAC_EXE} ${pacFile}
${BINPAC_AUXSRC} ${ARGN}
COMMENT "[BINPAC] Processing ${pacFile}"
)
list(APPEND ALL_BINPAC_OUTPUTS
${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h
${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc)
endmacro(BINPAC_TARGET)
binpac_target(binpac-lib.pac)
binpac_target(binpac_bro-lib.pac)
binpac_target(bittorrent.pac
bittorrent-protocol.pac bittorrent-analyzer.pac)
binpac_target(dce_rpc.pac
dce_rpc-protocol.pac dce_rpc-analyzer.pac)
binpac_target(dce_rpc_simple.pac
dce_rpc-protocol.pac)
binpac_target(dhcp.pac
dhcp-protocol.pac dhcp-analyzer.pac)
binpac_target(dns.pac
dns-protocol.pac dns-analyzer.pac)
binpac_target(dns_tcp.pac
dns.pac)
binpac_target(http.pac
http-protocol.pac http-analyzer.pac)
binpac_target(ncp.pac)
binpac_target(netflow.pac
netflow-protocol.pac netflow-analyzer.pac)
binpac_target(rpc.pac
rpc-analyzer.pac portmap-analyzer.pac)
binpac_target(smb.pac
smb-protocol.pac smb-pipe.pac smb-mailslot.pac)
binpac_target(ssl.pac
ssl-defs.pac ssl-protocol.pac ssl-analyzer.pac)
binpac_target(ssl-record-layer.pac
ssl-defs.pac ssl.pac)
########################################################################
## bro target
# define a command that's used to run the make_dbg_constants.pl script
# building the bro binary depends on the outputs of this script
add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
${CMAKE_CURRENT_BINARY_DIR}/DebugCmdInfoConstants.cc
COMMAND ${PERL_EXECUTABLE}
ARGS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.pl
${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/make_dbg_constants.pl
${CMAKE_CURRENT_SOURCE_DIR}/DebugCmdInfoConstants.in
COMMENT "[Perl] Processing debug commands"
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
)
set(dns_SRCS nb_dns.c nb_dns.h)
set(openssl_SRCS X509.cc SSLCiphers.cc SSLInterpreter.cc SSLProxy.cc
SSLv2.cc SSLv3.cc SSLv3Automaton.cc)
if (USE_NMALLOC)
set(malloc_SRCS malloc.c)
endif ()
set(bro_SRCS
${CMAKE_CURRENT_BINARY_DIR}/version.c
${ALL_BIF_OUTPUTS}
${ALL_BINPAC_OUTPUTS}
${TRANSFORMED_BISON_OUTPUTS}
${FLEX_RuleScanner_OUTPUTS}
${FLEX_REScanner_OUTPUTS}
${FLEX_Scanner_OUTPUTS}
${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
main.cc
net_util.cc
util.cc
Active.cc
Analyzer.cc
Anon.cc
ARP.cc
Attr.cc
BackDoor.cc
Base64.cc
BitTorrent.cc
BitTorrentTracker.cc
BPF_Program.cc
BroString.cc
CCL.cc
ChunkedIO.cc
CompHash.cc
Conn.cc
ConnCompressor.cc
ContentLine.cc
DCE_RPC.cc
DFA.cc
DHCP-binpac.cc
DNS.cc
DNS-binpac.cc
DNS_Mgr.cc
DbgBreakpoint.cc
DbgHelp.cc
DbgWatch.cc
Debug.cc
DebugCmds.cc
DebugLogger.cc
Desc.cc
Dict.cc
Discard.cc
DPM.cc
EquivClass.cc
Event.cc
EventHandler.cc
EventLauncher.cc
EventRegistry.cc
Expr.cc
FTP.cc
File.cc
FileAnalyzer.cc
Finger.cc
FlowSrc.cc
Frag.cc
Frame.cc
Func.cc
Gnutella.cc
HTTP.cc
HTTP-binpac.cc
Hash.cc
ICMP.cc
ID.cc
Ident.cc
IntSet.cc
InterConn.cc
IOSource.cc
IRC.cc
List.cc
Logger.cc
Login.cc
MIME.cc
NCP.cc
NFA.cc
NFS.cc
NTP.cc
NVT.cc
Net.cc
NetVar.cc
NetbiosSSN.cc
Obj.cc
OSFinger.cc
PacketFilter.cc
PacketSort.cc
PersistenceSerializer.cc
PktSrc.cc
PIA.cc
PolicyFile.cc
POP3.cc
Portmap.cc
PrefixTable.cc
PriorityQueue.cc
Queue.cc
RE.cc
RPC.cc
Reassem.cc
RemoteSerializer.cc
Rlogin.cc
RSH.cc
Rule.cc
RuleAction.cc
RuleCondition.cc
RuleMatcher.cc
ScriptAnaly.cc
SmithWaterman.cc
SMB.cc
SMTP.cc
SSH.cc
SSL-binpac.cc
Scope.cc
SerializationFormat.cc
SerialObj.cc
Serializer.cc
Sessions.cc
StateAccess.cc
Stats.cc
SteppingStone.cc
Stmt.cc
TCP.cc
TCP_Endpoint.cc
TCP_Reassembler.cc
TCP_Rewriter.cc
Telnet.cc
Timer.cc
Traverse.cc
Trigger.cc
TwoWise.cc
Type.cc
UDP.cc
Val.cc
Var.cc
XDR.cc
ZIP.cc
bsd-getopt-long.c
cq.c
md5.c
patricia.c
setsignal.c
UDP_Rewriter.cc
DNS_Rewriter.cc
PacketDumper.cc
Rewriter.cc
strsep.c
${dns_SRCS}
${malloc_SRCS}
${openssl_SRCS}
)
add_definitions(-DPOLICYDEST="${POLICYDIR}")
add_executable(bro ${bro_SRCS})
set(brolibs
${BinPAC_LIBRARY}
${PCAP_LIBRARY}
${OpenSSL_LIBRARIES}
${BIND_LIBRARY}
${OPTLIBS}
)
include(ChangeMacInstallNames)
ChangeMacInstallNames(brolibs)
target_link_libraries(bro ${brolibs})
install(TARGETS bro DESTINATION bin)
install(FILES ${INSTALL_BIF_OUTPUTS} DESTINATION ${POLICYDIR})
set(BRO_EXE bro
CACHE STRING "Bro executable binary" FORCE)

8
src/ChunkedIO.cc
View file

@ -7,6 +7,7 @@
#include <sys/time.h>
#include <netinet/in.h>
#include <assert.h>
#include <openssl/ssl.h>
#include "config.h"
#include "ChunkedIO.h"
@ -650,11 +651,6 @@ void ChunkedIOFd::Stats(char* buffer, int length)
ChunkedIO::Stats(buffer + i, length - i);
}
#ifdef USE_OPENSSL
#include <openssl/ssl.h>
SSL_CTX* ChunkedIOSSL::ctx;
ChunkedIOSSL::ChunkedIOSSL(int arg_socket, bool arg_server)
@ -1174,8 +1170,6 @@ void ChunkedIOSSL::Stats(char* buffer, int length)
ChunkedIO::Stats(buffer + i, length - i);
}
#endif /* USE_OPENSSL */
#ifdef HAVE_LIBZ
bool CompressedChunkedIO::Init()

19
src/ChunkedIO.h
View file

@ -11,6 +11,13 @@
#include <list>
#ifdef NEED_KRB5_H
# include <krb5.h>
#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
class CompressedChunkedIO;
// #define DEBUG_COMMUNICATION 10
@ -214,17 +221,7 @@ private:
pid_t pid;
};
#ifdef USE_OPENSSL
#ifdef NEED_KRB5_H
# include <krb5.h>
#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
// Chunked I/O using an SSL connection.
class ChunkedIOSSL : public ChunkedIO {
public:
// Argument is an open socket and a flag indicating whether we are the
@ -287,8 +284,6 @@ private:
static SSL_CTX* ctx;
};
#endif /* USE_OPENSSL */
#ifdef HAVE_LIBZ
#include <zlib.h>

29
src/DNS_Mgr.cc
View file

@ -6,11 +6,11 @@
#include <sys/types.h>
#include <sys/socket.h>
#if TIME_WITH_SYS_TIME
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
@ -53,9 +53,7 @@ public:
const char* ReqHost() const { return host; }
uint32 ReqAddr() const { return addr; }
#ifdef HAVE_NB_DNS
int MakeRequest(nb_dns_info* nb_dns);
#endif
int RequestPending() const { return request_pending; }
void RequestDone() { request_pending = 0; }
@ -66,7 +64,6 @@ protected:
int request_pending;
};
#ifdef HAVE_NB_DNS
int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns)
{
if ( ! nb_dns )
@ -80,7 +77,6 @@ int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns)
else
return nb_dns_addr_request(nb_dns, addr, (void*) this, err) >= 0;
}
#endif
class DNS_Mapping {
public:
@ -350,13 +346,11 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode)
host_mappings.SetDeleteFunc(DNS_Mgr_mapping_delete_func);
addr_mappings.SetDeleteFunc(DNS_Mgr_mapping_delete_func);
#ifdef HAVE_NB_DNS
char err[NB_DNS_ERRSIZE];
nb_dns = nb_dns_init(err);
if ( ! nb_dns )
warn(fmt("problem initializing NB-DNS: %s", err));
#endif
dns_mapping_valid = dns_mapping_unverified = dns_mapping_new_name =
dns_mapping_lost_name = dns_mapping_name_changed =
@ -372,10 +366,8 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode)
DNS_Mgr::~DNS_Mgr()
{
#ifdef HAVE_NB_DNS
if ( nb_dns )
nb_dns_finish(nb_dns);
#endif
delete [] cache_name;
delete [] dir;
@ -410,14 +402,12 @@ bool DNS_Mgr::Init()
did_init = 1;
#ifdef HAVE_NB_DNS
io_sources.Register(this, true);
// We never set idle to false, having the main loop only calling us from
// time to time. If we're issuing more DNS requests than we can handle
// in this way, we are having problems anyway ...
idle = true;
#endif
return true;
}
@ -531,7 +521,6 @@ void DNS_Mgr::Resolve()
int i;
#ifdef HAVE_NB_DNS
int first_req = 0;
int num_pending = min(requests.length(), MAX_PENDING_REQUESTS);
int last_req = num_pending - 1;
@ -597,7 +586,6 @@ void DNS_Mgr::Resolve()
--num_pending;
}
}
#endif
// All done with the list of requests.
for ( i = requests.length() - 1; i >= 0; --i )
@ -860,7 +848,6 @@ TableVal* DNS_Mgr::LookupNameInCache(string name)
return d->AddrsSet();
}
#ifdef HAVE_NB_DNS
void DNS_Mgr::AsyncLookupAddr(dns_mgr_addr_type host, LookupCallback* callback)
{
if ( ! did_init )
@ -956,13 +943,10 @@ void DNS_Mgr::IssueAsyncRequests()
++asyncs_pending;
}
}
#endif
void DNS_Mgr::GetFds(int* read, int* write, int* except)
{
#ifdef HAVE_NB_DNS
*read = nb_dns_fd(nb_dns);
#endif
}
double DNS_Mgr::NextTimestamp(double* network_time)
@ -971,7 +955,6 @@ double DNS_Mgr::NextTimestamp(double* network_time)
return asyncs_timeouts.size() ? timer_mgr->Time() : -1.0;
}
#ifdef HAVE_NB_DNS
void DNS_Mgr::CheckAsyncAddrRequest(dns_mgr_addr_type addr, bool timeout)
{
// Note that this code is a mirror of that for CheckAsyncHostRequest.
@ -1030,13 +1013,9 @@ void DNS_Mgr::CheckAsyncHostRequest(const char* host, bool timeout)
// eventually times out.
}
}
#endif
void DNS_Mgr::Process()
{
#ifndef HAVE_NB_DNS
internal_error("DNS_Mgr::Process(): should never be reached");
#else
while ( asyncs_timeouts.size() > 0 )
{
@ -1084,9 +1063,8 @@ void DNS_Mgr::Process()
IssueAsyncRequests();
}
#endif
}
#ifdef HAVE_NB_DNS
int DNS_Mgr::AnswerAvailable(int timeout)
{
int fd = nb_dns_fd(nb_dns);
@ -1116,4 +1094,3 @@ int DNS_Mgr::AnswerAvailable(int timeout)
return status;
}
#endif

5
src/DNS_Mgr.h
View file

@ -79,10 +79,8 @@ public:
virtual void Timeout() = 0;
};
#ifdef HAVE_NB_DNS
void AsyncLookupAddr(dns_mgr_addr_type host, LookupCallback* callback);
void AsyncLookupName(string name, LookupCallback* callback);
#endif
protected:
friend class LookupCallback;
@ -102,7 +100,6 @@ protected:
void LoadCache(FILE* f);
void Save(FILE* f, PDict(DNS_Mapping)& m);
#ifdef HAVE_NB_DNS
// Selects on the fd to see if there is an answer available (timeout is
// secs). Returns 0 on timeout, -1 on EINTR, and 1 if answer is ready.
int AnswerAvailable(int timeout);
@ -115,8 +112,6 @@ protected:
void CheckAsyncAddrRequest(dns_mgr_addr_type addr, bool timeout);
void CheckAsyncHostRequest(const char* host, bool timeout);
#endif
// IOSource interface.
virtual void GetFds(int* read, int* write, int* except);
virtual double NextTimestamp(double* network_time);

2
src/Desc.cc
View file

@ -105,7 +105,6 @@ void ODesc::Add(uint32 u)
}
}
#ifdef USE_INT64
void ODesc::Add(int64 i)
{
if ( IsBinary() )
@ -129,7 +128,6 @@ void ODesc::Add(uint64 u)
Add(tmp);
}
}
#endif
void ODesc::Add(double d)
{

2
src/Desc.h
View file

@ -57,10 +57,8 @@ public:
void AddN(const char* s, int len) { AddBytes(s, len); }
void Add(int i);
void Add(uint32 u);
#ifdef USE_INT64
void Add(int64 i);
void Add(uint64 u);
#endif
void Add(double d);
// Add s as a counted string.

30
src/File.cc
View file

@ -5,11 +5,11 @@
#include "config.h"
#include <sys/types.h>
#if TIME_WITH_SYS_TIME
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
@ -233,10 +233,7 @@ BroFile::~BroFile()
delete [] name;
delete [] access;
#ifdef USE_OPENSSL
delete [] cipher_buffer;
#endif
#ifdef USE_PERFTOOLS
heap_checker->UnIgnoreObject(this);
@ -257,12 +254,9 @@ void BroFile::Init()
print_hook = true;
raw_output = false;
t = 0;
#ifdef USE_OPENSSL
pub_key = 0;
cipher_ctx = 0;
cipher_buffer = 0;
#endif
#ifdef USE_PERFTOOLS
heap_checker->IgnoreObject(this);
@ -348,9 +342,7 @@ int BroFile::Close()
if ( ! is_open )
return 1;
#ifdef USE_OPENSSL
FinishEncrypt();
#endif
// Do not close stdout/stderr.
if ( f == stdout || f == stderr )
@ -640,19 +632,6 @@ void BroFile::CloseCachedFiles()
}
}
#ifndef USE_OPENSSL
void BroFile::InitEncrypt(const char* keyfile)
{
if ( keyfile )
{
error("file encryption requested, but OpenSSL support not compiled in.");
Close();
}
}
#else
void BroFile::InitEncrypt(const char* keyfile)
{
if ( ! (pub_key || keyfile) )
@ -716,14 +695,12 @@ void BroFile::InitEncrypt(const char* keyfile)
int buf_size = MIN_BUFFER_SIZE + EVP_CIPHER_block_size(cipher_type);
cipher_buffer = new unsigned char[buf_size];
}
#endif
void BroFile::FinishEncrypt()
{
if ( ! is_open )
return;
#ifdef USE_OPENSSL
if ( ! pub_key )
return;
@ -742,7 +719,6 @@ void BroFile::FinishEncrypt()
delete cipher_ctx;
cipher_ctx = 0;
}
#endif
}
@ -757,7 +733,6 @@ int BroFile::Write(const char* data, int len)
if ( ! len )
len = strlen(data);
#ifdef USE_OPENSSL
if ( cipher_ctx )
{
while ( len )
@ -789,7 +764,6 @@ int BroFile::Write(const char* data, int len)
return 1;
}
#endif
len = fwrite(data, 1, len, f);
if ( len <= 0 )

4
src/File.h
View file

@ -10,7 +10,6 @@
#include "Obj.h"
#include "Attr.h"
#ifdef USE_OPENSSL
# ifdef NEED_KRB5_H
# include <krb5.h>
# endif // NEED_KRB5_H
@ -19,7 +18,6 @@ extern "C" {
# include "openssl/pem.h"
# include "openssl/err.h"
}
#endif
class BroType;
class RotateTimer;
@ -149,13 +147,11 @@ protected:
static double default_rotation_interval;
static double default_rotation_size;
#ifdef USE_OPENSSL
EVP_PKEY* pub_key;
EVP_CIPHER_CTX* cipher_ctx;
static const int MIN_BUFFER_SIZE = 1024;
unsigned char* cipher_buffer;
#endif
};

46
src/FileAnalyzer.cc
View file

@ -7,10 +7,6 @@ magic_t File_Analyzer::magic = 0;
magic_t File_Analyzer::magic_mime = 0;
#endif
#ifdef HAVE_LIBCLAMAV
struct cl_node* File_Analyzer::clam_root = 0;
#endif
File_Analyzer::File_Analyzer(Connection* conn)
: TCP_ApplicationAnalyzer(AnalyzerTag::File, conn)
{
@ -23,11 +19,6 @@ File_Analyzer::File_Analyzer(Connection* conn)
InitMagic(&magic_mime, MAGIC_MIME);
}
#endif
#ifdef HAVE_LIBCLAMAV
if ( ! clam_root )
InitClamAV();
#endif
}
void File_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
@ -74,19 +65,6 @@ void File_Analyzer::Identify()
vl->append(new StringVal(descr ? descr : "<unknown>"));
vl->append(new StringVal(mime ? mime : "<unknown>"));
ConnectionEvent(file_transferred, vl);
#ifdef HAVE_LIBCLAMAV
const char* virname;
int ret = cl_scanbuff(buffer, buffer_len, &virname, clam_root);
if ( ret == CL_VIRUS )
{
val_list* vl = new val_list;
vl->append(BuildConnVal());
vl->append(new StringVal(virname));
ConnectionEvent(file_virus, vl);
}
#endif
}
#ifdef HAVE_LIBMAGIC
@ -105,27 +83,3 @@ void File_Analyzer::InitMagic(magic_t* magic, int flags)
}
}
#endif
#ifdef HAVE_LIBCLAMAV
void File_Analyzer::InitClamAV()
{
unsigned int sigs;
int ret = cl_loaddbdir(cl_retdbdir(), &clam_root, &sigs);
if ( ret )
{
error(fmt("can't load ClamAV database: %s", cl_perror(ret)));
clam_root = 0;
return;
}
ret = cl_build(clam_root);
if ( ret )
{
error(fmt("can't init ClamAV database: %s", cl_perror(ret)));
cl_free(clam_root);
clam_root = 0;
return;
}
}
#endif

9
src/FileAnalyzer.h
View file

@ -11,10 +11,6 @@
#include <magic.h>
#endif
#ifdef HAVE_LIBCLAMAV
#include <clamav.h>
#endif
class File_Analyzer : public TCP_ApplicationAnalyzer {
public:
File_Analyzer(Connection* conn);
@ -43,11 +39,6 @@ protected:
static magic_t magic;
static magic_t magic_mime;
#endif
#ifdef HAVE_LIBCLAMAV
static void InitClamAV();
static struct cl_node *clam_root;
#endif
};
#endif

3
src/FlowSrc.cc
View file

@ -12,6 +12,7 @@
#include "FlowSrc.h"
#include "Net.h"
#include "netflow_pac.h"
#include <errno.h>
FlowSrc::FlowSrc()
{ // TODO: v9.
@ -28,10 +29,8 @@ FlowSrc::~FlowSrc()
void FlowSrc::GetFds(int* read, int* write, int* except)
{
#ifdef USE_SELECT_LOOP
if ( selectable_fd >= 0 )
*read = selectable_fd;
#endif
}
double FlowSrc::NextTimestamp(double* network_time)

4
src/Func.cc
View file

@ -6,11 +6,11 @@
#include <sys/types.h>
#include <sys/stat.h>
#if TIME_WITH_SYS_TIME
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>

4
src/Hash.cc
View file

@ -237,8 +237,6 @@ HashKey::HashKey(bro_uint_t u)
is_our_dynamic = 0;
}
#ifdef USE_INT64
HashKey::HashKey(uint32 u)
{
key_u.u32 = u;
@ -248,8 +246,6 @@ HashKey::HashKey(uint32 u)
is_our_dynamic = 0;
}
#endif // USE_INT64
HashKey::HashKey(const uint32 u[], int n)
{
size = n * sizeof(u[0]);

4
src/Hash.h
View file

@ -24,9 +24,7 @@ class HashKey {
public:
HashKey(bro_int_t i);
HashKey(bro_uint_t u);
#ifdef USE_INT64
HashKey(uint32 u);
#endif
HashKey(const uint32 u[], int n);
HashKey(double d);
HashKey(const void* p);
@ -78,9 +76,7 @@ protected:
union {
bro_int_t i;
#ifdef USE_INT64
uint32 u32;
#endif
double d;
const void* p;
} key_u;

25
src/Net.cc
View file

@ -5,11 +5,11 @@
#include "config.h"
#include <sys/types.h>
#if TIME_WITH_SYS_TIME
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
@ -34,10 +34,6 @@
#include "Serializer.h"
#include "PacketDumper.h"
#ifdef USE_DAG
#include "PktDagSrc.h"
#endif
extern "C" {
#include "setsignal.h"
};
@ -243,12 +239,7 @@ void net_init(name_list& interfaces, name_list& readfiles,
for ( int i = 0; i < interfaces.length(); ++i )
{
PktSrc* ps;
#ifdef USE_DAG
if ( strncmp(interfaces[i], "dag", 3) == 0 )
ps = new PktDagSrc(interfaces[i], filter);
else
#endif
ps = new PktInterfaceSrc(interfaces[i], filter);
ps = new PktInterfaceSrc(interfaces[i], filter);
if ( ! ps->IsOpen() )
{
@ -265,14 +256,8 @@ void net_init(name_list& interfaces, name_list& readfiles,
if ( secondary_filter )
{
PktSrc* ps;
#ifdef USE_DAG
if ( strncmp(interfaces[i], "dag", 3) == 0 )
ps = new PktDagSrc(interfaces[i],
filter, TYPE_FILTER_SECONDARY);
else
#endif
ps = new PktInterfaceSrc(interfaces[i],
filter, TYPE_FILTER_SECONDARY);
ps = new PktInterfaceSrc(interfaces[i],
filter, TYPE_FILTER_SECONDARY);
if ( ! ps->IsOpen() )
{

294
src/PktDagSrc.cc
View file

@ -1,294 +0,0 @@
// $Id: PktDagSrc.cc 6909 2009-09-10 19:42:19Z vern $
//
// See the file "COPYING" in the main distribution directory for copyright.
#include "config.h"
#ifdef USE_DAG
extern "C" {
#include <dagapi.h>
#include <pcap.h>
}
#include <errno.h>
#include <set>
#include <string>
#include "PktDagSrc.h"
// Length of ERF Header before Ethernet header.
#define DAG_ETH_ERFLEN 18
static set<string> used_interfaces;
PktDagSrc::PktDagSrc(const char* arg_interface, const char* filter,
PktSrc_Filter_Type ft)
: PktSrc()
{
interface = copy_string(fmt("/dev/%s", arg_interface));
fd = -1;
closed = true;
if ( used_interfaces.find(interface) != used_interfaces.end() )
{
Error("DAG interface already in use, can't be used multiple times");
return;
}
// We only support Ethernet.
hdr_size = 14;
datalink = DLT_EN10MB;
filter_type = ft;
netmask = 0xffffff00; // XXX does this make sense?
current_filter = 0;
// We open a dummy pcap file to get access to pcap data structures.
// Ideally, Bro's PktSrc would be less dependent on pcap ...
pd = pcap_open_dead(datalink, snaplen);
if ( ! pd )
{
// Note: errno not trustworthy, for example it's sometimes
// set by malloc inside pcap_open_dead().
Error("pcap_open_dead");
return;
}
fd = dag_open(interface);
// XXX Currently, the DAG fd is not selectable :-(.
selectable_fd = -1;
if ( fd < 0 )
{
Error("dag_open");
return;
}
int dag_recordtype = dag_linktype(fd);
if ( dag_recordtype < TYPE_MIN || dag_recordtype > TYPE_MAX )
{
Error("dag_linktype");
return;
}
if ( dag_recordtype != TYPE_ETH )
{
sprintf(errbuf, "unsupported DAG link type 0x%x", dag_recordtype);
return;
}
// long= is needed to prevent the DAG card from truncating jumbo frames.
char* dag_configure_string =
copy_string(fmt("slen=%d varlen long=%d",
snaplen, snaplen > 1500 ? snaplen : 1500));
fprintf(stderr, "Configuring %s with options \"%s\"...\n",
interface, dag_configure_string);
if ( dag_configure(fd, dag_configure_string) < 0 )
{
Error("dag_configure");
delete [] dag_configure_string;
return;
}
delete [] dag_configure_string;
if ( dag_attach_stream(fd, stream_num, 0, EXTRA_WINDOW_SIZE) < 0 )
{
Error("dag_attach_stream");
return;
}
if ( dag_start_stream(fd, stream_num) < 0 )
{
Error("dag_start_stream");
return;
}
struct timeval maxwait, poll;
maxwait.tv_sec = 0; // arbitrary due to mindata == 0
maxwait.tv_usec = 0;
poll.tv_sec = 0; // don't wait until more data arrives.
poll.tv_usec = 0;
// mindata == 0 for non-blocking.
if ( dag_set_stream_poll(fd, stream_num, 0, &maxwait, &poll) < 0 )
{
Error("dag_set_stream_poll");
return;
}
closed = false;
if ( PrecompileFilter(0, filter) && SetFilter(0) )
fprintf(stderr, "listening on DAG card on %s\n", interface);
stats.link = stats.received = stats.dropped = 0;
}
PktDagSrc::~PktDagSrc()
{
}
void PktDagSrc::Close()
{
if ( fd >= 0 )
{
PktSrc::Close();
dag_stop_stream(fd, stream_num);
dag_detach_stream(fd, stream_num);
dag_close(fd);
fd = -1;
}
closed = true;
used_interfaces.erase(interface);
}
int PktDagSrc::ExtractNextPacket()
{
unsigned link_count = 0; // # packets on link for this call
// As we can't use select() on the fd, we always have to pretend
// we're busy (in fact this is probably even true; otherwise
// we shouldn't be using such expensive monitoring hardware!).
idle = false;
struct bpf_insn* fcode = current_filter->bf_insns;
if ( ! fcode )
{
run_time("filter code not valid when extracting DAG packet");
return 0;
}
dag_record_t* r = 0;
do
{
r = (dag_record_t*) dag_rx_stream_next_record(fd, 0);
if ( ! r )
{
data = last_data = 0; // make dataptr invalid
if ( errno != EAGAIN )
{
run_time(fmt("dag_rx_stream_next_record: %s",
strerror(errno)));
Close();
return 0;
}
else
{ // gone dry
idle = true;
return 0;
}
}
// Return after 20 unwanted packets on the link.
if ( ++link_count > 20 )
{
data = last_data = 0;
return 0;
}
hdr.len = ntohs(r->wlen);
hdr.caplen = ntohs(r->rlen) - DAG_ETH_ERFLEN;
// Locate start of the Ethernet header.
data = last_data = (const u_char*) r->rec.eth.dst;
++stats.link;
// lctr_sum += ntohs(r->lctr);
stats.dropped += ntohs(r->lctr);
}
while ( ! bpf_filter(fcode, (u_char*) data, hdr.len, hdr.caplen) );
++stats.received;
// Timestamp conversion taken from DAG programming manual.
unsigned long long lts = r->ts;
hdr.ts.tv_sec = lts >> 32;
lts = ((lts & 0xffffffffULL) * 1000 * 1000);
lts += (lts & 0x80000000ULL) << 1;
hdr.ts.tv_usec = lts >> 32;
if ( hdr.ts.tv_usec >= 1000000 )
{
hdr.ts.tv_usec -= 1000000;
hdr.ts.tv_sec += 1;
}
next_timestamp = hdr.ts.tv_sec + double(hdr.ts.tv_usec) / 1e6;
return 1;
}
void PktDagSrc::GetFds(int* read, int* write, int* except)
{
// We don't have a selectable fd, but we take the opportunity to
// reset our idle flag if we have data now.
if ( ! data )
ExtractNextPacket();
}
void PktDagSrc::Statistics(Stats* s)
{
s->received = stats.received;
s->dropped = stats.dropped;
s->link = stats.link + stats.dropped;
}
int PktDagSrc::SetFilter(int index)
{
// We don't want load-level filters for the secondary path.
if ( filter_type == TYPE_FILTER_SECONDARY && index > 0 )
return 1;
HashKey* hash = new HashKey(HashKey(bro_int_t(index)));
BPF_Program* code = filters.Lookup(hash);
delete hash;
if ( ! code )
{
sprintf(errbuf, "No precompiled pcap filter for index %d",
index);
return 0;
}
current_filter = code->GetProgram();
// Reset counters.
stats.received = stats.dropped = stats.link = 0;
return 1;
}
int PktDagSrc::SetNewFilter(const char* filter)
{
bpf_program* code = 0;
if ( pcap_compile(pd, code, (char*) filter, 1, netmask) < 0 )
{
snprintf(errbuf, sizeof(errbuf), "pcap_compile(%s): %s",
filter, pcap_geterr(pd));
errbuf[sizeof(errbuf) - 1] = '\0';
return 0;
}
current_filter = code;
return 1;
}
void PktDagSrc::Error(const char *s)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", s, strerror(errno));
Close();
}
#endif

54
src/PktDagSrc.h
View file

@ -1,54 +0,0 @@
// $Id: PktDagSrc.h 6219 2008-10-01 05:39:07Z vern $
//
// See the file "COPYING" in the main distribution directory for copyright.
//
// Support for Endace's DAG interface card.
//
// Caveats:
// - No support for hardware-side filtering yet.
// - No support for secondary filter path yet.
// - No support for other media than Ethernet.
// - Mutex should be per interface
// - No support for multiple rx streams
#ifndef PKTDAGSRC_H
#define PKTDAGSRC_H
#ifdef USE_DAG
extern int snaplen;
#include "PktSrc.h"
class PktDagSrc : public PktSrc {
public:
PktDagSrc(const char* interface, const char* filter,
PktSrc_Filter_Type ft = TYPE_FILTER_NORMAL);
virtual ~PktDagSrc();
// PktSrc interface:
virtual void Statistics(Stats* stats);
virtual int SetFilter(int index);
virtual int SetNewFilter(const char* filter);
protected:
virtual int ExtractNextPacket();
virtual void GetFds(int* read, int* write, int* except);
virtual void Close();
void Error(const char* str);
static const unsigned int EXTRA_WINDOW_SIZE = 4 * 1024 * 1024;
static const int stream_num = 0; // use receive stream 0
// Unfortunaly the DAG API has some problems with locking streams,
// so we do our own checks to ensure we don't use more than one
// stream. In particular, the secondary filter won't work.
static int mutex;
int fd;
bpf_program* current_filter;
};
#endif
#endif

15
src/PktSrc.cc
View file

@ -65,10 +65,8 @@ void PktSrc::GetFds(int* read, int* write, int* except)
return;
}
#ifdef USE_SELECT_LOOP
if ( selectable_fd >= 0 )
*read = selectable_fd;
#endif
}
int PktSrc::ExtractNextPacket()
@ -90,11 +88,7 @@ int PktSrc::ExtractNextPacket()
if ( ! first_timestamp )
first_timestamp = next_timestamp;
#ifdef USE_SELECT_LOOP
idle = (data == 0);
#else
idle = false;
#endif
if ( data )
++stats.received;
@ -370,16 +364,12 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter,
netmask = 0xffffff00;
}
#ifdef USE_SELECT_LOOP
// We use the smallest time-out possible to return almost immediately if
// no packets are available. (We can't use set_nonblocking() as it's
// broken on FreeBSD: even when select() indicates that we can read
// something, we may get nothing if the store buffer hasn't filled up
// yet.)
pd = pcap_open_live(interface, snaplen, 1, 1, tmp_errbuf);
#else
pd = pcap_open_live(interface, snaplen, 1, PCAP_TIMEOUT, tmp_errbuf);
#endif
if ( ! pd )
{
@ -394,8 +384,6 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter,
fprintf(stderr, "pcap bufsize = %d\n", ((struct pcap *) pd)->bufsize);
#endif
#ifdef USE_SELECT_LOOP
#ifdef HAVE_LINUX
if ( pcap_setnonblock(pd, 1, tmp_errbuf) < 0 )
{
@ -407,7 +395,6 @@ PktInterfaceSrc::PktInterfaceSrc(const char* arg_interface, const char* filter,
}
#endif
selectable_fd = pcap_fileno(pd);
#endif
if ( PrecompileFilter(0, filter) && SetFilter(0) )
{
@ -437,7 +424,6 @@ PktFileSrc::PktFileSrc(const char* arg_readfile, const char* filter,
// Unknown link layer type.
return;
#ifdef USE_SELECT_LOOP
// We don't put file sources into non-blocking mode as
// otherwise we would not be able to identify the EOF
// via next_packet().
@ -446,7 +432,6 @@ PktFileSrc::PktFileSrc(const char* arg_readfile, const char* filter,
if ( selectable_fd < 0 )
internal_error("OS does not support selectable pcap fd");
#endif
}
else
closed = true;

23
src/RemoteSerializer.cc
View file

@ -161,11 +161,11 @@
#include <stdarg.h>
#include "config.h"
#if TIME_WITH_SYS_TIME
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
@ -1170,14 +1170,6 @@ bool RemoteSerializer::Listen(addr_type ip, uint16 port, bool expect_ssl)
if ( ! using_communication )
return true;
#ifndef USE_OPENSSL
if ( expect_ssl )
{
Error("listening for SSL connections requested, but SSL support is not compiled in");
return false;
}
#endif
if ( ! initialized )
internal_error("remote serializer not initialized");
@ -3481,13 +3473,7 @@ bool SocketComm::Connect(Peer* peer)
{
if ( peer->ssl )
{
#ifdef USE_OPENSSL
peer->io = new ChunkedIOSSL(sockfd, false);
#else
run_time("SSL connection requested, but SSL support not compiled in");
CloseConnection(peer, false);
return 0;
#endif
}
else
peer->io = new ChunkedIOFd(sockfd, "child->peer");
@ -3621,15 +3607,10 @@ bool SocketComm::AcceptConnection(int fd)
peer->ssl = (fd == listen_fd_ssl);
peer->compressor = false;
#ifdef USE_OPENSSL
if ( peer->ssl )
peer->io = new ChunkedIOSSL(clientfd, true);
else
peer->io = new ChunkedIOFd(clientfd, "child->peer");
#else
assert(! peer->ssl);
peer->io = new ChunkedIOFd(clientfd, "child->peer");
#endif
if ( ! peer->io->Init() )
{

5
src/SSL-binpac.cc
View file

@ -71,10 +71,5 @@ void SSL_Analyzer_binpac::generate_warnings()
if ( ssl_store_key_material )
warn_("storage of key material (ssl_store_key_material) not supported");
#ifndef USE_OPENSSL
if ( ssl_verify_certificates )
warn_("verification of certificates (ssl_verify_certificates) not supported due to non-existing OpenSSL support");
#endif
warnings_generated = true;
}

7
src/SSLInterpreter.cc
View file

@ -3,9 +3,7 @@
#include "SSLInterpreter.h"
#include "SSLv2.h"
#ifdef USE_OPENSSL
#include "X509.h"
#endif
#include <sys/socket.h>
#include <netinet/in.h>
@ -173,17 +171,12 @@ void SSL_Interpreter::analyzeCertificate(SSL_InterpreterEndpoint* s,
int invalid = 0;
switch ( type ) {
case SSLv2_CT_X509_CERTIFICATE:
#ifdef USE_OPENSSL
if ( ! isChain )
invalid = X509_Cert::verify(s->GetProxyEndpoint(),
pCert, certLength);
else
invalid = X509_Cert::verifyChain(s->GetProxyEndpoint(),
data, length);
#else
proxy->Weak("SSL: Could not verify certificate (missing OpenSSL support)!");
invalid = 0;
#endif
break;
default:

22
src/TCP_Endpoint.cc
View file

@ -161,8 +161,6 @@ bro_int_t TCP_Endpoint::Size() const
{
bro_int_t size;
#ifdef USE_INT64
uint64 last_seq_64 = (uint64(last_seq_high) << 32) | last_seq;
uint64 ack_seq_64 = (uint64(ack_seq_high) << 32) | ack_seq;
if ( last_seq_64 > ack_seq_64 )
@ -170,26 +168,6 @@ bro_int_t TCP_Endpoint::Size() const
else
size = ack_seq_64 - start_seq;
#else
if ( seq_delta(last_seq, ack_seq) > 0 || ack_seq == start_seq + 1 )
// Either last_seq corresponds to more data sent than we've
// seen ack'd, or we haven't seen any data ack'd (in which
// case we should trust last_seq anyway). This last test
// matters for the case in which the connection has
// transferred > 2 GB of data, in which case we will find
// seq_delta(last_seq, ack_seq) < 0 even if ack_seq
// corresponds to no data transferred.
size = last_seq - start_seq;
else
// It could be that ack_seq > last_seq, if we've seen an
// ack for the connection (say in a FIN) without seeing
// the corresponding data.
size = ack_seq - start_seq;
#endif
// Don't include SYN octet in sequence space. For partial connections
// (no SYN seen), we're still careful to adjust start_seq as though
// there was an initial SYN octet, because if we don't then the

2
src/Val.cc
View file

@ -524,7 +524,7 @@ Val* Val::SizeVal() const
{
switch ( type->InternalType() ) {
case TYPE_INTERNAL_INT:
return new Val(abs(val.int_val), TYPE_COUNT);
return new Val(llabs(val.int_val), TYPE_COUNT);
case TYPE_INTERNAL_UNSIGNED:
return new Val(val.uint_val, TYPE_COUNT);

2
src/Val.h
View file

@ -127,7 +127,6 @@ public:
#endif
}
#ifdef USE_INT64
Val(int64 i, TypeTag t)
{
val.int_val = i;
@ -147,7 +146,6 @@ public:
bound_id = 0;
#endif
}
#endif // USE_INT64
Val(double d, TypeTag t)
{

20
src/bro.bif
View file

@ -222,25 +222,15 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d)
u = ntohl(uint32(u));
}
#ifdef USE_INT64
snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%s", num_fmt,
*fmt == 'd' ? "llu" : "llx");
#else
snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%c", num_fmt,
*fmt == 'd' ? 'u' : 'x');
#endif
snprintf(out_buf, sizeof(out_buf), fmt_buf, u);
}
else
{
#ifdef USE_INT64
snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%s", num_fmt,
*fmt == 'd' ? "lld" : "llx");
#else
snprintf(fmt_buf, sizeof(fmt_buf), "%%%s%c", num_fmt,
*fmt == 'd' ? 'd' : 'x');
#endif
snprintf(out_buf, sizeof(out_buf), fmt_buf,
v->CoerceToInt());
}
@ -2818,10 +2808,6 @@ private:
# function result. Therefore, they can only be called inside a when-condition.
function lookup_addr%(host: addr%) : string
%{
#ifndef HAVE_NB_DNS
run_time("lookup_addr(): not configured for asynchronous DNS lookups");
return new StringVal("<error>");
#else
// FIXME: Is should be easy to adapt the function to synchronous
// lookups if we're reading a trace.
Trigger* trigger = frame->GetTrigger();
@ -2849,15 +2835,10 @@ function lookup_addr%(host: addr%) : string
new LookupHostCallback(trigger, frame->GetCall(), true));
#endif
return 0;
#endif
%}
function lookup_hostname%(host: string%) : addr_set
%{
#ifndef HAVE_NB_DNS
run_time("lookup_hostname(): not configured for asynchronous DNS lookups");
return new StringVal("<error>");
#else
// FIXME: Is should be easy to adapt the function to synchronous
// lookups if we're reading a trace.
Trigger* trigger = frame->GetTrigger();
@ -2874,7 +2855,6 @@ function lookup_hostname%(host: string%) : addr_set
dns_mgr->AsyncLookupName(host->CheckString(),
new LookupHostCallback(trigger, frame->GetCall(), false));
return 0;
#endif
%}
# Stop Bro's packet processing.

8
src/main.cc
View file

@ -18,9 +18,7 @@ extern "C" {
}
#endif
#ifdef USE_OPENSSL
extern "C" void OPENSSL_add_all_algorithms_conf(void);
#endif
#include "bsd-getopt-long.h"
#include "input.h"
@ -408,11 +406,7 @@ int main(int argc, char** argv)
enum DNS_MgrMode dns_type = DNS_DEFAULT;
#ifdef HAVE_NB_DNS
dns_type = getenv("BRO_DNS_FAKE") ? DNS_FAKE : DNS_DEFAULT;
#else
dns_type = DNS_FAKE;
#endif
RETSIGTYPE (*oldhandler)(int);
@ -663,7 +657,6 @@ int main(int argc, char** argv)
// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
init_hash_function();
#ifdef USE_OPENSSL
ERR_load_crypto_strings();
OPENSSL_add_all_algorithms_conf();
SSL_library_init();
@ -672,7 +665,6 @@ int main(int argc, char** argv)
// FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
// seed the PRNG. We should do this here (but at least Linux, FreeBSD
// and Solaris provide /dev/urandom).
#endif
if ( (interfaces.length() > 0 || netflows.length() > 0) &&
(read_files.length() > 0 || flow_files.length() > 0 ))

44
src/make_parser.pl
View file

@ -1,44 +0,0 @@
#
# Generate the yacc/bison grammar file parse.y from parse.in
#
# Importantly, it will eliminate the dependence on the internal location stack
# if it is not supported.
#
use strict;
# figure out which yacc-like thing is used
# ### Kind of a hack since it uses the Makefile
my $srcdir = $ARGV[0];
my $builddir = $ARGV[1];
my $yacc = $ARGV[2];
my $is_bison = ($yacc =~ /bison/);
if ($is_bison)
{
system ("cp $srcdir/parse.in $builddir/parse.y") == 0 or die "Could not make parse.y: $!\n";
}
else
{
make_parser();
}
sub make_parser
{
open PARSE_OUT, ">$builddir/parse.y" or die "Could not open $builddir/parse.y: $!";
open PARSE_IN, "$srcdir/parse.in" or die "Could not open $srcdir/parse.in: $!";
while (<PARSE_IN>)
{
$_ =~ s/\@\d+/GetCurrentLocation\(\)/g;
print PARSE_OUT $_;
}
# yylloc needs to be non-extern for non-bison systems, so stick it here
print PARSE_OUT "\n/* Non-extern yylloc needed for non-bison system */\n",
"YYLTYPE yylloc;\n"
}

2
src/nb_dns.c
View file

@ -103,7 +103,7 @@ static int _nb_dns_cmpsockaddr(struct sockaddr *, struct sockaddr *, char *);
static char *
my_strerror(int errnum)
{
#if HAVE_STRERROR
#ifdef HAVE_STRERROR
extern char *strerror(int);
return strerror(errnum);
#else

0
src/parse.in → src/parse.y
View file

13
src/ssl-analyzer.pac
View file

@ -10,11 +10,9 @@
#include "util.h"
#ifdef USE_OPENSSL
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include "X509.h"
#endif
%}
@ -27,14 +25,11 @@
}
};
#ifdef USE_OPENSSL
void free_X509(void *);
X509* d2i_X509_binpac(X509** px, const uint8** in, int len);
#endif
%}
%code{
#ifdef USE_OPENSSL
void free_X509(void* cert)
{
X509_free((X509*) cert);
@ -48,8 +43,6 @@
return d2i_X509(px, (u_char**) in, len);
#endif
}
#endif
%}
@ -123,10 +116,8 @@ refine analyzer SSLAnalyzer += {
version_ = -1;
cipher_ = -1;
#ifdef USE_OPENSSL
if ( ! X509_Cert::bInited )
X509_Cert::init();
#endif
%}
%eof{
@ -172,12 +163,10 @@ refine analyzer SSLAnalyzer += {
function certificate_error(err_num : int) : void
%{
#ifdef USE_OPENSSL
StringVal* err_str =
new StringVal(X509_verify_cert_error_string(err_num));
bro_event_ssl_X509_error(bro_analyzer_, bro_analyzer_->Conn(),
err_num, err_str);
#endif
%}
function proc_change_cipher_spec(msg : ChangeCipherSpec) : bool
@ -331,7 +320,6 @@ refine analyzer SSLAnalyzer += {
bro_analyzer_->Conn(),
! current_record_is_orig_);
#ifdef USE_OPENSSL
const bytestring& cert = (*certificates)[0];
const uint8* data = cert.data();
@ -421,7 +409,6 @@ refine analyzer SSLAnalyzer += {
}
X509_free(pCert);
#endif
return true;
%}

4
src/util.cc
View file

@ -4,11 +4,11 @@
#include "config.h"
#if TIME_WITH_SYS_TIME
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>

11
src/util.h
View file

@ -44,15 +44,8 @@ typedef unsigned int uint32;
typedef unsigned short uint16;
typedef unsigned char uint8;
typedef long long int int64;
#ifdef USE_INT64
typedef int64 bro_int_t;
typedef uint64 bro_uint_t;
#else
typedef int bro_int_t;
typedef uint32 bro_uint_t;
// # error "USE_INT64 not defined!"
#endif
typedef int64 bro_int_t;
typedef uint64 bro_uint_t;
#if SIZEOF_LONG_LONG == 8
typedef unsigned long long uint64;

1
src/version.c.in Normal file
View file

@ -0,0 +1 @@
char version[] = "@VERSION@";