mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Move BroString to zeek namespace
This commit is contained in:
Tim Wojtulewicz
parent
464efbe66a
commit
58c6e10b62
54 changed files with 317 additions and 303 deletions
|
|
@ -228,7 +228,7 @@ void Base64Converter::IllegalEncoding(const char* msg)
|
||||||
reporter->Error("%s", msg);
|
reporter->Error("%s", msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* decode_base64(const BroString* s, const BroString* a, Connection* conn)
|
zeek::BroString* decode_base64(const zeek::BroString* s, const zeek::BroString* a, Connection* conn)
|
||||||
{
|
{
|
||||||
if ( a && a->Len() != 0 && a->Len() != 64 )
|
if ( a && a->Len() != 0 && a->Len() != 64 )
|
||||||
{
|
{
|
||||||
|
|
@ -255,14 +255,14 @@ BroString* decode_base64(const BroString* s, const BroString* a, Connection* con
|
||||||
rlen += rlen2;
|
rlen += rlen2;
|
||||||
|
|
||||||
rbuf[rlen] = '\0';
|
rbuf[rlen] = '\0';
|
||||||
return new BroString(true, (u_char*) rbuf, rlen);
|
return new zeek::BroString(true, (u_char*) rbuf, rlen);
|
||||||
|
|
||||||
err:
|
err:
|
||||||
delete [] rbuf;
|
delete [] rbuf;
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* encode_base64(const BroString* s, const BroString* a, Connection* conn)
|
zeek::BroString* encode_base64(const zeek::BroString* s, const zeek::BroString* a, Connection* conn)
|
||||||
{
|
{
|
||||||
if ( a && a->Len() != 0 && a->Len() != 64 )
|
if ( a && a->Len() != 0 && a->Len() != 64 )
|
||||||
{
|
{
|
||||||
|
|
@ -276,5 +276,5 @@ BroString* encode_base64(const BroString* s, const BroString* a, Connection* con
|
||||||
Base64Converter enc(conn, a ? a->CheckString() : "");
|
Base64Converter enc(conn, a ? a->CheckString() : "");
|
||||||
enc.Encode(s->Len(), (const unsigned char*) s->Bytes(), &outlen, &outbuf);
|
enc.Encode(s->Len(), (const unsigned char*) s->Bytes(), &outlen, &outbuf);
|
||||||
|
|
||||||
return new BroString(true, (u_char*)outbuf, outlen);
|
return new zeek::BroString(true, (u_char*)outbuf, outlen);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
|
#include "zeek-config.h"
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
class BroString;
|
ZEEK_FORWARD_DECLARE_NAMESPACED(BroString, zeek);
|
||||||
class Connection;
|
class Connection;
|
||||||
|
|
||||||
// Maybe we should have a base class for generic decoders?
|
// Maybe we should have a base class for generic decoders?
|
||||||
|
|
@ -57,5 +58,5 @@ protected:
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
BroString* decode_base64(const BroString* s, const BroString* a = nullptr, Connection* conn = nullptr);
|
zeek::BroString* decode_base64(const zeek::BroString* s, const zeek::BroString* a = nullptr, Connection* conn = nullptr);
|
||||||
BroString* encode_base64(const BroString* s, const BroString* a = nullptr, Connection* conn = nullptr);
|
zeek::BroString* encode_base64(const zeek::BroString* s, const zeek::BroString* a = nullptr, Connection* conn = nullptr);
|
||||||
|
|
|
||||||
|
|
@ -18,8 +18,10 @@
|
||||||
#define DEBUG_STR(msg)
|
#define DEBUG_STR(msg)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
const int BroString::EXPANDED_STRING;
|
namespace zeek {
|
||||||
const int BroString::BRO_STRING_LITERAL;
|
|
||||||
|
constexpr int BroString::EXPANDED_STRING;
|
||||||
|
constexpr int BroString::BRO_STRING_LITERAL;
|
||||||
|
|
||||||
// This constructor forces the user to specify arg_final_NUL. When str
|
// This constructor forces the user to specify arg_final_NUL. When str
|
||||||
// is a *normal* NUL-terminated string, make arg_n == strlen(str) and
|
// is a *normal* NUL-terminated string, make arg_n == strlen(str) and
|
||||||
|
|
@ -484,3 +486,5 @@ void delete_strings(std::vector<const BroString*>& v)
|
||||||
delete v[i];
|
delete v[i];
|
||||||
v.clear();
|
v.clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
} // namespace zeek
|
||||||
|
|
|
||||||
|
|
@ -10,13 +10,15 @@
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
typedef u_char* byte_vec;
|
|
||||||
|
|
||||||
// Forward declaration, for helper functions that convert (sub)string vectors
|
// Forward declaration, for helper functions that convert (sub)string vectors
|
||||||
// to and from policy-level representations.
|
// to and from policy-level representations.
|
||||||
//
|
//
|
||||||
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
|
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
|
||||||
|
|
||||||
|
namespace zeek {
|
||||||
|
|
||||||
|
typedef u_char* byte_vec;
|
||||||
|
|
||||||
class BroString {
|
class BroString {
|
||||||
public:
|
public:
|
||||||
typedef std::vector<BroString*> Vec;
|
typedef std::vector<BroString*> Vec;
|
||||||
|
|
@ -82,10 +84,10 @@ public:
|
||||||
ESC_SER = (1 << 7),
|
ESC_SER = (1 << 7),
|
||||||
};
|
};
|
||||||
|
|
||||||
static const int EXPANDED_STRING = // the original style
|
static constexpr int EXPANDED_STRING = // the original style
|
||||||
ESC_HEX;
|
ESC_HEX;
|
||||||
|
|
||||||
static const int BRO_STRING_LITERAL = // as in a Bro string literal
|
static constexpr int BRO_STRING_LITERAL = // as in a Bro string literal
|
||||||
ESC_ESC | ESC_QUOT | ESC_HEX;
|
ESC_ESC | ESC_QUOT | ESC_HEX;
|
||||||
|
|
||||||
// Renders a string into a newly allocated character array that
|
// Renders a string into a newly allocated character array that
|
||||||
|
|
@ -184,3 +186,10 @@ extern BroString* concatenate(std::vector<data_chunk_t>& v);
|
||||||
extern BroString* concatenate(BroString::Vec& v);
|
extern BroString* concatenate(BroString::Vec& v);
|
||||||
extern BroString* concatenate(BroString::CVec& v);
|
extern BroString* concatenate(BroString::CVec& v);
|
||||||
extern void delete_strings(std::vector<const BroString*>& v);
|
extern void delete_strings(std::vector<const BroString*>& v);
|
||||||
|
|
||||||
|
} // namespace zeek
|
||||||
|
|
||||||
|
using BroString [[deprecated("Remove in v4.1. Use zeek::BroString instead.")]] = zeek::BroString;
|
||||||
|
using BroStringLenCmp [[deprecated("Remove in v4.1. Use zeek::BroStringLenCmp instead.")]] = zeek::BroStringLenCmp;
|
||||||
|
using byte_vec [[deprecated("Remove in v4.1. Use zeek::byte_vec instead.")]] = zeek::byte_vec;
|
||||||
|
using data_chunk_t [[deprecated("Remove in v4.1. Use zeek::data_chunk_t instead.")]] = zeek::data_chunk_t;
|
||||||
|
|
|
||||||
|
|
@ -317,7 +317,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
|
||||||
{
|
{
|
||||||
// Align to int for the length field.
|
// Align to int for the length field.
|
||||||
int* kp = AlignAndPadType<int>(kp0);
|
int* kp = AlignAndPadType<int>(kp0);
|
||||||
const BroString* sval = v->AsString();
|
const zeek::BroString* sval = v->AsString();
|
||||||
|
|
||||||
*kp = sval->Len(); // so we can recover the value
|
*kp = sval->Len(); // so we can recover the value
|
||||||
|
|
||||||
|
|
@ -1047,7 +1047,7 @@ const char* CompositeHash::RecoverOneVal(
|
||||||
kp1 = reinterpret_cast<const char*>(kp+1);
|
kp1 = reinterpret_cast<const char*>(kp+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
*pval = zeek::make_intrusive<zeek::StringVal>(new BroString((const byte_vec) kp1, n, true));
|
*pval = zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const zeek::byte_vec) kp1, n, true));
|
||||||
kp1 += n;
|
kp1 += n;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -197,7 +197,7 @@ void ODesc::AddCS(const char* s)
|
||||||
Add(s);
|
Add(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
void ODesc::AddBytes(const BroString* s)
|
void ODesc::AddBytes(const zeek::BroString* s)
|
||||||
{
|
{
|
||||||
if ( IsReadable() )
|
if ( IsReadable() )
|
||||||
{
|
{
|
||||||
|
|
@ -205,7 +205,7 @@ void ODesc::AddBytes(const BroString* s)
|
||||||
AddBytes(reinterpret_cast<const char*>(s->Bytes()), s->Len());
|
AddBytes(reinterpret_cast<const char*>(s->Bytes()), s->Len());
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
const char* str = s->Render(BroString::EXPANDED_STRING);
|
const char* str = s->Render(zeek::BroString::EXPANDED_STRING);
|
||||||
Add(str);
|
Add(str);
|
||||||
delete [] str;
|
delete [] str;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ public:
|
||||||
// Add s as a counted string.
|
// Add s as a counted string.
|
||||||
void AddCS(const char* s);
|
void AddCS(const char* s);
|
||||||
|
|
||||||
void AddBytes(const BroString* s);
|
void AddBytes(const zeek::BroString* s);
|
||||||
|
|
||||||
void Add(const char* s1, const char* s2)
|
void Add(const char* s1, const char* s2)
|
||||||
{ Add(s1); Add(s2); }
|
{ Add(s1); Add(s2); }
|
||||||
|
|
@ -130,7 +130,7 @@ public:
|
||||||
const char* Description() const { return (const char*) base; }
|
const char* Description() const { return (const char*) base; }
|
||||||
|
|
||||||
const u_char* Bytes() const { return (const u_char *) base; }
|
const u_char* Bytes() const { return (const u_char *) base; }
|
||||||
byte_vec TakeBytes()
|
zeek::byte_vec TakeBytes()
|
||||||
{
|
{
|
||||||
const void* t = base;
|
const void* t = base;
|
||||||
base = nullptr;
|
base = nullptr;
|
||||||
|
|
@ -139,7 +139,7 @@ public:
|
||||||
// Don't clear offset, as we want to still support
|
// Don't clear offset, as we want to still support
|
||||||
// subsequent calls to Len().
|
// subsequent calls to Len().
|
||||||
|
|
||||||
return byte_vec(t);
|
return zeek::byte_vec(t);
|
||||||
}
|
}
|
||||||
|
|
||||||
int Len() const { return offset; }
|
int Len() const { return offset; }
|
||||||
|
|
|
||||||
|
|
@ -163,5 +163,5 @@ zeek::Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int cap
|
||||||
|
|
||||||
len = std::max(std::min(std::min(len, caplen), discarder_maxlen), 0);
|
len = std::max(std::min(std::min(len, caplen), discarder_maxlen), 0);
|
||||||
|
|
||||||
return new zeek::StringVal(new BroString(data, len, true));
|
return new zeek::StringVal(new zeek::BroString(data, len, true));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -145,7 +145,7 @@ HashKey::HashKey(const char* s)
|
||||||
hash = HashBytes(key, size);
|
hash = HashBytes(key, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
HashKey::HashKey(const BroString* s)
|
HashKey::HashKey(const zeek::BroString* s)
|
||||||
{
|
{
|
||||||
size = s->Len();
|
size = s->Len();
|
||||||
key = (void*) s->Bytes();
|
key = (void*) s->Bytes();
|
||||||
|
|
|
||||||
|
|
@ -27,8 +27,8 @@
|
||||||
#include "ZeekArgs.h"
|
#include "ZeekArgs.h"
|
||||||
|
|
||||||
ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);
|
ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(BroString, zeek);
|
||||||
|
|
||||||
class BroString;
|
|
||||||
class BifReturnVal;
|
class BifReturnVal;
|
||||||
namespace zeek::BifFunc {
|
namespace zeek::BifFunc {
|
||||||
extern BifReturnVal md5_hmac_bif(zeek::detail::Frame* frame, const zeek::Args*);
|
extern BifReturnVal md5_hmac_bif(zeek::detail::Frame* frame, const zeek::Args*);
|
||||||
|
|
@ -215,7 +215,7 @@ public:
|
||||||
explicit HashKey(double d);
|
explicit HashKey(double d);
|
||||||
explicit HashKey(const void* p);
|
explicit HashKey(const void* p);
|
||||||
explicit HashKey(const char* s);
|
explicit HashKey(const char* s);
|
||||||
explicit HashKey(const BroString* s);
|
explicit HashKey(const zeek::BroString* s);
|
||||||
~HashKey()
|
~HashKey()
|
||||||
{
|
{
|
||||||
if ( is_our_dynamic )
|
if ( is_our_dynamic )
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@ static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len)
|
||||||
uint16_t off = 2 * sizeof(uint8_t);
|
uint16_t off = 2 * sizeof(uint8_t);
|
||||||
rv->Assign(1, val_mgr->Count(opt->ip6o_len));
|
rv->Assign(1, val_mgr->Count(opt->ip6o_len));
|
||||||
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(
|
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(
|
||||||
new BroString(data + off, opt->ip6o_len, true)));
|
new zeek::BroString(data + off, opt->ip6o_len, true)));
|
||||||
data += opt->ip6o_len + off;
|
data += opt->ip6o_len + off;
|
||||||
len -= opt->ip6o_len + off;
|
len -= opt->ip6o_len + off;
|
||||||
}
|
}
|
||||||
|
|
@ -108,7 +108,7 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
|
||||||
rv->Assign(2, val_mgr->Count(rt->ip6r_type));
|
rv->Assign(2, val_mgr->Count(rt->ip6r_type));
|
||||||
rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
|
rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
|
||||||
uint16_t off = 4 * sizeof(uint8_t);
|
uint16_t off = 4 * sizeof(uint8_t);
|
||||||
rv->Assign(4, zeek::make_intrusive<zeek::StringVal>(new BroString(data + off, Length() - off, true)));
|
rv->Assign(4, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data + off, Length() - off, true)));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
@ -141,7 +141,7 @@ zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
|
||||||
// Payload Len was non-zero for this header.
|
// Payload Len was non-zero for this header.
|
||||||
rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
|
rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
|
||||||
uint16_t off = 3 * sizeof(uint32_t);
|
uint16_t off = 3 * sizeof(uint32_t);
|
||||||
rv->Assign(5, zeek::make_intrusive<zeek::StringVal>(new BroString(data + off, Length() - off, true)));
|
rv->Assign(5, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data + off, Length() - off, true)));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ ConnIDKey BuildConnIDKey(const ConnID& id)
|
||||||
return key;
|
return key;
|
||||||
}
|
}
|
||||||
|
|
||||||
IPAddr::IPAddr(const BroString& s)
|
IPAddr::IPAddr(const zeek::BroString& s)
|
||||||
{
|
{
|
||||||
Init(s.CheckString());
|
Init(s.CheckString());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
13
src/IPAddr.h
13
src/IPAddr.h
|
|
@ -10,15 +10,15 @@
|
||||||
|
|
||||||
#include "threading/SerialTypes.h"
|
#include "threading/SerialTypes.h"
|
||||||
|
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(BroString, zeek);
|
||||||
|
|
||||||
struct ConnID;
|
struct ConnID;
|
||||||
class BroString;
|
|
||||||
class HashKey;
|
class HashKey;
|
||||||
namespace analyzer { class ExpectedConn; }
|
namespace analyzer { class ExpectedConn; }
|
||||||
|
|
||||||
typedef in_addr in4_addr;
|
typedef in_addr in4_addr;
|
||||||
|
|
||||||
struct ConnIDKey
|
struct ConnIDKey {
|
||||||
{
|
|
||||||
in6_addr ip1;
|
in6_addr ip1;
|
||||||
in6_addr ip2;
|
in6_addr ip2;
|
||||||
uint16_t port1;
|
uint16_t port1;
|
||||||
|
|
@ -40,13 +40,12 @@ struct ConnIDKey
|
||||||
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class storing both IPv4 and IPv6 addresses.
|
* Class storing both IPv4 and IPv6 addresses.
|
||||||
*/
|
*/
|
||||||
class IPAddr
|
class IPAddr {
|
||||||
{
|
|
||||||
public:
|
public:
|
||||||
/**
|
/**
|
||||||
* Address family.
|
* Address family.
|
||||||
|
|
@ -112,7 +111,7 @@ public:
|
||||||
* @param s String containing an IP address as either a dotted IPv4
|
* @param s String containing an IP address as either a dotted IPv4
|
||||||
* address or a hex IPv6 address.
|
* address or a hex IPv6 address.
|
||||||
*/
|
*/
|
||||||
explicit IPAddr(const BroString& s);
|
explicit IPAddr(const zeek::BroString& s);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructs an address instance from a raw byte representation.
|
* Constructs an address instance from a raw byte representation.
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,7 @@ bool Specific_RE_Matcher::MatchAll(const char* s)
|
||||||
return MatchAll((const u_char*)(s), strlen(s));
|
return MatchAll((const u_char*)(s), strlen(s));
|
||||||
}
|
}
|
||||||
|
|
||||||
bool Specific_RE_Matcher::MatchAll(const BroString* s)
|
bool Specific_RE_Matcher::MatchAll(const zeek::BroString* s)
|
||||||
{
|
{
|
||||||
// s->Len() does not include '\0'.
|
// s->Len() does not include '\0'.
|
||||||
return MatchAll(s->Bytes(), s->Len());
|
return MatchAll(s->Bytes(), s->Len());
|
||||||
|
|
@ -220,7 +220,7 @@ int Specific_RE_Matcher::Match(const char* s)
|
||||||
return Match((const u_char*)(s), strlen(s));
|
return Match((const u_char*)(s), strlen(s));
|
||||||
}
|
}
|
||||||
|
|
||||||
int Specific_RE_Matcher::Match(const BroString* s)
|
int Specific_RE_Matcher::Match(const zeek::BroString* s)
|
||||||
{
|
{
|
||||||
return Match(s->Bytes(), s->Len());
|
return Match(s->Bytes(), s->Len());
|
||||||
}
|
}
|
||||||
|
|
@ -230,7 +230,7 @@ int Specific_RE_Matcher::LongestMatch(const char* s)
|
||||||
return LongestMatch((const u_char*)(s), strlen(s));
|
return LongestMatch((const u_char*)(s), strlen(s));
|
||||||
}
|
}
|
||||||
|
|
||||||
int Specific_RE_Matcher::LongestMatch(const BroString* s)
|
int Specific_RE_Matcher::LongestMatch(const zeek::BroString* s)
|
||||||
{
|
{
|
||||||
return LongestMatch(s->Bytes(), s->Len());
|
return LongestMatch(s->Bytes(), s->Len());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
15
src/RE.h
15
src/RE.h
|
|
@ -14,13 +14,14 @@
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
typedef int (*cce_func)(int);
|
typedef int (*cce_func)(int);
|
||||||
|
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(BroString, zeek);
|
||||||
|
|
||||||
class CCL;
|
class CCL;
|
||||||
class NFA_Machine;
|
class NFA_Machine;
|
||||||
class DFA_Machine;
|
class DFA_Machine;
|
||||||
class Specific_RE_Matcher;
|
class Specific_RE_Matcher;
|
||||||
class RE_Matcher;
|
class RE_Matcher;
|
||||||
class DFA_State;
|
class DFA_State;
|
||||||
class BroString;
|
|
||||||
|
|
||||||
extern int case_insensitive;
|
extern int case_insensitive;
|
||||||
extern CCL* curr_ccl;
|
extern CCL* curr_ccl;
|
||||||
|
|
@ -81,7 +82,7 @@ public:
|
||||||
void ConvertCCLs();
|
void ConvertCCLs();
|
||||||
|
|
||||||
bool MatchAll(const char* s);
|
bool MatchAll(const char* s);
|
||||||
bool MatchAll(const BroString* s);
|
bool MatchAll(const zeek::BroString* s);
|
||||||
|
|
||||||
// Compiles a set of regular expressions simultaniously.
|
// Compiles a set of regular expressions simultaniously.
|
||||||
// 'idx' contains indizes associated with the expressions.
|
// 'idx' contains indizes associated with the expressions.
|
||||||
|
|
@ -94,10 +95,10 @@ public:
|
||||||
// if the pattern matches empty strings, matching continues
|
// if the pattern matches empty strings, matching continues
|
||||||
// in an attempt to match at least one character.
|
// in an attempt to match at least one character.
|
||||||
int Match(const char* s);
|
int Match(const char* s);
|
||||||
int Match(const BroString* s);
|
int Match(const zeek::BroString* s);
|
||||||
|
|
||||||
int LongestMatch(const char* s);
|
int LongestMatch(const char* s);
|
||||||
int LongestMatch(const BroString* s);
|
int LongestMatch(const zeek::BroString* s);
|
||||||
int LongestMatch(const u_char* bv, int n);
|
int LongestMatch(const u_char* bv, int n);
|
||||||
|
|
||||||
EquivClass* EC() { return &equiv_class; }
|
EquivClass* EC() { return &equiv_class; }
|
||||||
|
|
@ -191,7 +192,7 @@ public:
|
||||||
// Returns true if s exactly matches the pattern, false otherwise.
|
// Returns true if s exactly matches the pattern, false otherwise.
|
||||||
bool MatchExactly(const char* s)
|
bool MatchExactly(const char* s)
|
||||||
{ return re_exact->MatchAll(s); }
|
{ return re_exact->MatchAll(s); }
|
||||||
bool MatchExactly(const BroString* s)
|
bool MatchExactly(const zeek::BroString* s)
|
||||||
{ return re_exact->MatchAll(s); }
|
{ return re_exact->MatchAll(s); }
|
||||||
|
|
||||||
// Returns the position in s just beyond where the first match
|
// Returns the position in s just beyond where the first match
|
||||||
|
|
@ -200,14 +201,14 @@ public:
|
||||||
// in an attempt to match at least one character.
|
// in an attempt to match at least one character.
|
||||||
int MatchAnywhere(const char* s)
|
int MatchAnywhere(const char* s)
|
||||||
{ return re_anywhere->Match(s); }
|
{ return re_anywhere->Match(s); }
|
||||||
int MatchAnywhere(const BroString* s)
|
int MatchAnywhere(const zeek::BroString* s)
|
||||||
{ return re_anywhere->Match(s); }
|
{ return re_anywhere->Match(s); }
|
||||||
|
|
||||||
// Note: it matches the *longest* prefix and returns the
|
// Note: it matches the *longest* prefix and returns the
|
||||||
// length of matched prefix. It returns -1 on mismatch.
|
// length of matched prefix. It returns -1 on mismatch.
|
||||||
int MatchPrefix(const char* s)
|
int MatchPrefix(const char* s)
|
||||||
{ return re_exact->LongestMatch(s); }
|
{ return re_exact->LongestMatch(s); }
|
||||||
int MatchPrefix(const BroString* s)
|
int MatchPrefix(const zeek::BroString* s)
|
||||||
{ return re_exact->LongestMatch(s); }
|
{ return re_exact->LongestMatch(s); }
|
||||||
int MatchPrefix(const u_char* s, int n)
|
int MatchPrefix(const u_char* s, int n)
|
||||||
{ return re_exact->LongestMatch(s, n); }
|
{ return re_exact->LongestMatch(s, n); }
|
||||||
|
|
|
||||||
|
|
@ -958,7 +958,7 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type,
|
||||||
if ( ! state->matched_by_patterns.is_member(r) )
|
if ( ! state->matched_by_patterns.is_member(r) )
|
||||||
{
|
{
|
||||||
state->matched_by_patterns.push_back(r);
|
state->matched_by_patterns.push_back(r);
|
||||||
BroString* s = new BroString(data, data_len, false);
|
zeek::BroString* s = new zeek::BroString(data, data_len, false);
|
||||||
state->matched_text.push_back(s);
|
state->matched_text.push_back(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -998,7 +998,7 @@ void RuleMatcher::ExecPureRules(RuleEndpointState* state, bool eos)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool RuleMatcher::ExecRulePurely(Rule* r, BroString* s,
|
bool RuleMatcher::ExecRulePurely(Rule* r, zeek::BroString* s,
|
||||||
RuleEndpointState* state, bool eos)
|
RuleEndpointState* state, bool eos)
|
||||||
{
|
{
|
||||||
if ( is_member_of(state->matched_rules, r->Index()) )
|
if ( is_member_of(state->matched_rules, r->Index()) )
|
||||||
|
|
@ -1377,7 +1377,7 @@ void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
|
||||||
|
|
||||||
char* id_to_str(const char* id)
|
char* id_to_str(const char* id)
|
||||||
{
|
{
|
||||||
const BroString* src;
|
const zeek::BroString* src;
|
||||||
char* dst;
|
char* dst;
|
||||||
|
|
||||||
zeek::Val* v = get_bro_val(id);
|
zeek::Val* v = get_bro_val(id);
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ struct MaskedValue {
|
||||||
|
|
||||||
using maskedvalue_list = zeek::PList<MaskedValue>;
|
using maskedvalue_list = zeek::PList<MaskedValue>;
|
||||||
using string_list = zeek::PList<char>;
|
using string_list = zeek::PList<char>;
|
||||||
using bstr_list = zeek::PList<BroString>;
|
using bstr_list = zeek::PList<zeek::BroString>;
|
||||||
|
|
||||||
// Get values from Bro's script-level variables.
|
// Get values from Bro's script-level variables.
|
||||||
extern void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
|
extern void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
|
||||||
|
|
@ -338,7 +338,7 @@ private:
|
||||||
// Eval a rule under the assumption that all its patterns
|
// Eval a rule under the assumption that all its patterns
|
||||||
// have already matched. s holds the text the rule matched,
|
// have already matched. s holds the text the rule matched,
|
||||||
// or nil if N/A.
|
// or nil if N/A.
|
||||||
bool ExecRulePurely(Rule* r, BroString* s,
|
bool ExecRulePurely(Rule* r, zeek::BroString* s,
|
||||||
RuleEndpointState* state, bool eos);
|
RuleEndpointState* state, bool eos);
|
||||||
|
|
||||||
// Execute the actions associated with a rule.
|
// Execute the actions associated with a rule.
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
#include "Val.h"
|
#include "Val.h"
|
||||||
|
|
||||||
BroSubstring::BroSubstring(const BroSubstring& bst)
|
BroSubstring::BroSubstring(const BroSubstring& bst)
|
||||||
: BroString((const BroString&) bst), _num(), _new(bst._new)
|
: zeek::BroString((const zeek::BroString&) bst), _num(), _new(bst._new)
|
||||||
{
|
{
|
||||||
for ( BSSAlignVecCIt it = bst._aligns.begin(); it != bst._aligns.end(); ++it )
|
for ( BSSAlignVecCIt it = bst._aligns.begin(); it != bst._aligns.end(); ++it )
|
||||||
_aligns.push_back(*it);
|
_aligns.push_back(*it);
|
||||||
|
|
@ -20,7 +20,7 @@ BroSubstring::BroSubstring(const BroSubstring& bst)
|
||||||
|
|
||||||
const BroSubstring& BroSubstring::operator=(const BroSubstring& bst)
|
const BroSubstring& BroSubstring::operator=(const BroSubstring& bst)
|
||||||
{
|
{
|
||||||
BroString::operator=(bst);
|
zeek::BroString::operator=(bst);
|
||||||
|
|
||||||
_aligns.clear();
|
_aligns.clear();
|
||||||
|
|
||||||
|
|
@ -32,7 +32,7 @@ const BroSubstring& BroSubstring::operator=(const BroSubstring& bst)
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
void BroSubstring::AddAlignment(const BroString* str, int index)
|
void BroSubstring::AddAlignment(const zeek::BroString* str, int index)
|
||||||
{
|
{
|
||||||
_aligns.push_back(BSSAlign(str, index));
|
_aligns.push_back(BSSAlign(str, index));
|
||||||
}
|
}
|
||||||
|
|
@ -72,7 +72,7 @@ zeek::VectorVal* BroSubstring::VecToPolicy(Vec* vec)
|
||||||
BroSubstring* bst = (*vec)[i];
|
BroSubstring* bst = (*vec)[i];
|
||||||
|
|
||||||
auto st_val = zeek::make_intrusive<zeek::RecordVal>(sw_substring_type);
|
auto st_val = zeek::make_intrusive<zeek::RecordVal>(sw_substring_type);
|
||||||
st_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(*bst)));
|
st_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(*bst)));
|
||||||
|
|
||||||
auto aligns = zeek::make_intrusive<zeek::VectorVal>(sw_align_vec_type);
|
auto aligns = zeek::make_intrusive<zeek::VectorVal>(sw_align_vec_type);
|
||||||
|
|
||||||
|
|
@ -81,7 +81,7 @@ zeek::VectorVal* BroSubstring::VecToPolicy(Vec* vec)
|
||||||
const BSSAlign& align = (bst->GetAlignments())[j];
|
const BSSAlign& align = (bst->GetAlignments())[j];
|
||||||
|
|
||||||
auto align_val = zeek::make_intrusive<zeek::RecordVal>(sw_align_type);
|
auto align_val = zeek::make_intrusive<zeek::RecordVal>(sw_align_type);
|
||||||
align_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(*align.string)));
|
align_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(*align.string)));
|
||||||
align_val->Assign(1, val_mgr->Count(align.index));
|
align_val->Assign(1, val_mgr->Count(align.index));
|
||||||
|
|
||||||
aligns->Assign(j + 1, std::move(align_val));
|
aligns->Assign(j + 1, std::move(align_val));
|
||||||
|
|
@ -107,14 +107,14 @@ BroSubstring::Vec* BroSubstring::VecFromPolicy(zeek::VectorVal* vec)
|
||||||
if ( ! v )
|
if ( ! v )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
const BroString* str = v->AsRecordVal()->GetField(0)->AsString();
|
const zeek::BroString* str = v->AsRecordVal()->GetField(0)->AsString();
|
||||||
BroSubstring* substr = new BroSubstring(*str);
|
BroSubstring* substr = new BroSubstring(*str);
|
||||||
|
|
||||||
const zeek::VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal();
|
const zeek::VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal();
|
||||||
for ( unsigned int j = 1; j <= aligns->Size(); ++j )
|
for ( unsigned int j = 1; j <= aligns->Size(); ++j )
|
||||||
{
|
{
|
||||||
const zeek::RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal();
|
const zeek::RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal();
|
||||||
const BroString* str = align->GetField(0)->AsString();
|
const zeek::BroString* str = align->GetField(0)->AsString();
|
||||||
int index = align->GetField(1)->AsCount();
|
int index = align->GetField(1)->AsCount();
|
||||||
substr->AddAlignment(str, index);
|
substr->AddAlignment(str, index);
|
||||||
}
|
}
|
||||||
|
|
@ -142,9 +142,9 @@ char* BroSubstring::VecToString(Vec* vec)
|
||||||
return strdup(result.c_str());
|
return strdup(result.c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString::IdxVec* BroSubstring::GetOffsetsVec(const Vec* vec, unsigned int index)
|
zeek::BroString::IdxVec* BroSubstring::GetOffsetsVec(const Vec* vec, unsigned int index)
|
||||||
{
|
{
|
||||||
BroString::IdxVec* result = new BroString::IdxVec();
|
zeek::BroString::IdxVec* result = new zeek::BroString::IdxVec();
|
||||||
|
|
||||||
for ( VecCIt it = vec->begin(); it != vec->end(); ++it )
|
for ( VecCIt it = vec->begin(); it != vec->end(); ++it )
|
||||||
{
|
{
|
||||||
|
|
@ -209,7 +209,7 @@ struct SWNode {
|
||||||
//
|
//
|
||||||
class SWNodeMatrix {
|
class SWNodeMatrix {
|
||||||
public:
|
public:
|
||||||
SWNodeMatrix(const BroString* s1, const BroString* s2)
|
SWNodeMatrix(const zeek::BroString* s1, const zeek::BroString* s2)
|
||||||
: _s1(s1), _s2(s2), _rows(s1->Len() + 1), _cols(s2->Len() + 1)
|
: _s1(s1), _s2(s2), _rows(s1->Len() + 1), _cols(s2->Len() + 1)
|
||||||
{
|
{
|
||||||
_nodes = new SWNode[_cols * _rows];
|
_nodes = new SWNode[_cols * _rows];
|
||||||
|
|
@ -229,8 +229,8 @@ public:
|
||||||
return &(_nodes[row * _cols + col]);
|
return &(_nodes[row * _cols + col]);
|
||||||
}
|
}
|
||||||
|
|
||||||
const BroString* GetRowsString() const { return _s1; }
|
const zeek::BroString* GetRowsString() const { return _s1; }
|
||||||
const BroString* GetColsString() const { return _s2; }
|
const zeek::BroString* GetColsString() const { return _s2; }
|
||||||
|
|
||||||
int GetHeight() const { return _rows; }
|
int GetHeight() const { return _rows; }
|
||||||
int GetWidth() const { return _cols; }
|
int GetWidth() const { return _cols; }
|
||||||
|
|
@ -247,8 +247,8 @@ public:
|
||||||
}
|
}
|
||||||
|
|
||||||
private:
|
private:
|
||||||
const BroString* _s1;
|
const zeek::BroString* _s1;
|
||||||
const BroString* _s2;
|
const zeek::BroString* _s2;
|
||||||
|
|
||||||
int _rows, _cols;
|
int _rows, _cols;
|
||||||
SWNode* _nodes;
|
SWNode* _nodes;
|
||||||
|
|
@ -398,7 +398,7 @@ end_loop:
|
||||||
|
|
||||||
// The main Smith-Waterman algorithm.
|
// The main Smith-Waterman algorithm.
|
||||||
//
|
//
|
||||||
BroSubstring::Vec* smith_waterman(const BroString* s1, const BroString* s2,
|
BroSubstring::Vec* smith_waterman(const zeek::BroString* s1, const zeek::BroString* s2,
|
||||||
SWParams& params)
|
SWParams& params)
|
||||||
{
|
{
|
||||||
BroSubstring::Vec* result = new BroSubstring::Vec();
|
BroSubstring::Vec* result = new BroSubstring::Vec();
|
||||||
|
|
@ -415,8 +415,8 @@ BroSubstring::Vec* smith_waterman(const BroString* s1, const BroString* s2,
|
||||||
|
|
||||||
int row = 0, col = 0;
|
int row = 0, col = 0;
|
||||||
|
|
||||||
byte_vec string1 = s1->Bytes();
|
zeek::byte_vec string1 = s1->Bytes();
|
||||||
byte_vec string2 = s2->Bytes();
|
zeek::byte_vec string2 = s2->Bytes();
|
||||||
|
|
||||||
SWNodeMatrix matrix(s1, s2); // dynamic programming matrix.
|
SWNodeMatrix matrix(s1, s2); // dynamic programming matrix.
|
||||||
SWNode* node_max = nullptr; // pointer to the best score's node
|
SWNode* node_max = nullptr; // pointer to the best score's node
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@
|
||||||
// for each of which we store where the substring starts.
|
// for each of which we store where the substring starts.
|
||||||
//
|
//
|
||||||
//
|
//
|
||||||
class BroSubstring : public BroString {
|
class BroSubstring : public zeek::BroString {
|
||||||
|
|
||||||
public:
|
public:
|
||||||
typedef std::vector<BroSubstring*> Vec;
|
typedef std::vector<BroSubstring*> Vec;
|
||||||
|
|
@ -22,12 +22,12 @@ public:
|
||||||
//
|
//
|
||||||
struct BSSAlign {
|
struct BSSAlign {
|
||||||
|
|
||||||
BSSAlign(const BroString* string, int index)
|
BSSAlign(const zeek::BroString* string, int index)
|
||||||
{ this->string = string; this->index = index; }
|
{ this->string = string; this->index = index; }
|
||||||
|
|
||||||
// The other string
|
// The other string
|
||||||
//
|
//
|
||||||
const BroString* string;
|
const zeek::BroString* string;
|
||||||
|
|
||||||
// Offset in the string that substring
|
// Offset in the string that substring
|
||||||
// starts at, counting from 0.
|
// starts at, counting from 0.
|
||||||
|
|
@ -40,10 +40,10 @@ public:
|
||||||
typedef BSSAlignVec::const_iterator BSSAlignVecCIt;
|
typedef BSSAlignVec::const_iterator BSSAlignVecCIt;
|
||||||
|
|
||||||
explicit BroSubstring(const std::string& string)
|
explicit BroSubstring(const std::string& string)
|
||||||
: BroString(string), _num(), _new(false) { }
|
: zeek::BroString(string), _num(), _new(false) { }
|
||||||
|
|
||||||
explicit BroSubstring(const BroString& string)
|
explicit BroSubstring(const zeek::BroString& string)
|
||||||
: BroString(string), _num(), _new(false) { }
|
: zeek::BroString(string), _num(), _new(false) { }
|
||||||
|
|
||||||
BroSubstring(const BroSubstring& bst);
|
BroSubstring(const BroSubstring& bst);
|
||||||
|
|
||||||
|
|
@ -56,7 +56,7 @@ public:
|
||||||
//
|
//
|
||||||
bool DoesCover(const BroSubstring* bst) const;
|
bool DoesCover(const BroSubstring* bst) const;
|
||||||
|
|
||||||
void AddAlignment(const BroString* string, int index);
|
void AddAlignment(const zeek::BroString* string, int index);
|
||||||
const BSSAlignVec& GetAlignments() const { return _aligns; }
|
const BSSAlignVec& GetAlignments() const { return _aligns; }
|
||||||
unsigned int GetNumAlignments() const { return _aligns.size(); }
|
unsigned int GetNumAlignments() const { return _aligns.size(); }
|
||||||
|
|
||||||
|
|
@ -71,7 +71,7 @@ public:
|
||||||
static zeek::VectorVal* VecToPolicy(Vec* vec);
|
static zeek::VectorVal* VecToPolicy(Vec* vec);
|
||||||
static Vec* VecFromPolicy(zeek::VectorVal* vec);
|
static Vec* VecFromPolicy(zeek::VectorVal* vec);
|
||||||
static char* VecToString(Vec* vec);
|
static char* VecToString(Vec* vec);
|
||||||
static BroString::IdxVec* GetOffsetsVec(const Vec* vec,
|
static zeek::BroString::IdxVec* GetOffsetsVec(const Vec* vec,
|
||||||
unsigned int index);
|
unsigned int index);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
@ -148,6 +148,6 @@ struct SWParams {
|
||||||
// input strings where the string occurs. On error, or if no common
|
// input strings where the string occurs. On error, or if no common
|
||||||
// subsequence exists, an empty vector is returned.
|
// subsequence exists, an empty vector is returned.
|
||||||
//
|
//
|
||||||
extern BroSubstring::Vec* smith_waterman(const BroString* s1,
|
extern BroSubstring::Vec* smith_waterman(const zeek::BroString* s1,
|
||||||
const BroString* s2,
|
const zeek::BroString* s2,
|
||||||
SWParams& params);
|
SWParams& params);
|
||||||
|
|
|
||||||
|
|
@ -31,8 +31,11 @@ template<typename T> class PDict;
|
||||||
template<typename T> using PDict [[deprecated("Remove in v4.1. Use zeek::PDict instead.")]] = zeek::PDict<T>;
|
template<typename T> using PDict [[deprecated("Remove in v4.1. Use zeek::PDict instead.")]] = zeek::PDict<T>;
|
||||||
|
|
||||||
ZEEK_FORWARD_DECLARE_NAMESPACED(IterCookie, zeek);
|
ZEEK_FORWARD_DECLARE_NAMESPACED(IterCookie, zeek);
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(BroString, zeek);
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek::detail);
|
||||||
|
ZEEK_FORWARD_DECLARE_NAMESPACED(BroFunc, zeek::detail);
|
||||||
|
|
||||||
class BroString;
|
|
||||||
class BroFile;
|
class BroFile;
|
||||||
class PrefixTable;
|
class PrefixTable;
|
||||||
class IPAddr;
|
class IPAddr;
|
||||||
|
|
@ -43,10 +46,6 @@ class RE_Matcher;
|
||||||
class CompositeHash;
|
class CompositeHash;
|
||||||
class HashKey;
|
class HashKey;
|
||||||
|
|
||||||
ZEEK_FORWARD_DECLARE_NAMESPACED(Frame, zeek::detail);
|
|
||||||
ZEEK_FORWARD_DECLARE_NAMESPACED(Func, zeek::detail);
|
|
||||||
ZEEK_FORWARD_DECLARE_NAMESPACED(BroFunc, zeek::detail);
|
|
||||||
|
|
||||||
extern double bro_start_network_time;
|
extern double bro_start_network_time;
|
||||||
|
|
||||||
namespace zeek {
|
namespace zeek {
|
||||||
|
|
|
||||||
|
|
@ -941,7 +941,7 @@ void TransportLayerAnalyzer::PacketContents(const u_char* data, int len)
|
||||||
{
|
{
|
||||||
if ( packet_contents && len > 0 )
|
if ( packet_contents && len > 0 )
|
||||||
{
|
{
|
||||||
BroString* cbs = new BroString(data, len, true);
|
zeek::BroString* cbs = new zeek::BroString(data, len, true);
|
||||||
auto contents = zeek::make_intrusive<zeek::StringVal>(cbs);
|
auto contents = zeek::make_intrusive<zeek::StringVal>(cbs);
|
||||||
EnqueueConnEvent(packet_contents, ConnVal(), std::move(contents));
|
EnqueueConnEvent(packet_contents, ConnVal(), std::move(contents));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -196,14 +196,14 @@ bool DNS_Interpreter::ParseQuestion(DNS_MsgInfo* msg,
|
||||||
|
|
||||||
if ( dns_event && ! msg->skip_event )
|
if ( dns_event && ! msg->skip_event )
|
||||||
{
|
{
|
||||||
BroString* original_name = new BroString(name, name_end - name, true);
|
zeek::BroString* original_name = new zeek::BroString(name, name_end - name, true);
|
||||||
|
|
||||||
// Downcase the Name to normalize it
|
// Downcase the Name to normalize it
|
||||||
for ( u_char* np = name; np < name_end; ++np )
|
for ( u_char* np = name; np < name_end; ++np )
|
||||||
if ( isupper(*np) )
|
if ( isupper(*np) )
|
||||||
*np = tolower(*np);
|
*np = tolower(*np);
|
||||||
|
|
||||||
BroString* question_name = new BroString(name, name_end - name, true);
|
zeek::BroString* question_name = new zeek::BroString(name, name_end - name, true);
|
||||||
|
|
||||||
SendReplyOrRejectEvent(msg, dns_event, data, len, question_name, original_name);
|
SendReplyOrRejectEvent(msg, dns_event, data, len, question_name, original_name);
|
||||||
}
|
}
|
||||||
|
|
@ -238,7 +238,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
|
||||||
// Note that the exact meaning of some of these fields will be
|
// Note that the exact meaning of some of these fields will be
|
||||||
// re-interpreted by other, more adventurous RR types.
|
// re-interpreted by other, more adventurous RR types.
|
||||||
|
|
||||||
msg->query_name = zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true));
|
msg->query_name = zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true));
|
||||||
msg->atype = RR_Type(ExtractShort(data, len));
|
msg->atype = RR_Type(ExtractShort(data, len));
|
||||||
msg->aclass = ExtractShort(data, len);
|
msg->aclass = ExtractShort(data, len);
|
||||||
msg->ttl = ExtractLong(data, len);
|
msg->ttl = ExtractLong(data, len);
|
||||||
|
|
@ -562,7 +562,7 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
msg->BuildHdrVal(),
|
msg->BuildHdrVal(),
|
||||||
msg->BuildAnswerVal(),
|
msg->BuildAnswerVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true))
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true))
|
||||||
);
|
);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -604,8 +604,8 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
|
||||||
{
|
{
|
||||||
static auto dns_soa = zeek::id::find_type<zeek::RecordType>("dns_soa");
|
static auto dns_soa = zeek::id::find_type<zeek::RecordType>("dns_soa");
|
||||||
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_soa);
|
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_soa);
|
||||||
r->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(mname, mname_end - mname, true)));
|
r->Assign(0, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(mname, mname_end - mname, true)));
|
||||||
r->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString(rname, rname_end - rname, true)));
|
r->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(rname, rname_end - rname, true)));
|
||||||
r->Assign(2, val_mgr->Count(serial));
|
r->Assign(2, val_mgr->Count(serial));
|
||||||
r->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(refresh), Seconds));
|
r->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(refresh), Seconds));
|
||||||
r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(retry), Seconds));
|
r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(retry), Seconds));
|
||||||
|
|
@ -646,7 +646,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
msg->BuildHdrVal(),
|
msg->BuildHdrVal(),
|
||||||
msg->BuildAnswerVal(),
|
msg->BuildAnswerVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true)),
|
||||||
val_mgr->Count(preference)
|
val_mgr->Count(preference)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -687,7 +687,7 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
msg->BuildHdrVal(),
|
msg->BuildHdrVal(),
|
||||||
msg->BuildAnswerVal(),
|
msg->BuildAnswerVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true)),
|
||||||
val_mgr->Count(priority),
|
val_mgr->Count(priority),
|
||||||
val_mgr->Count(weight),
|
val_mgr->Count(weight),
|
||||||
val_mgr->Count(port)
|
val_mgr->Count(port)
|
||||||
|
|
@ -723,23 +723,23 @@ bool DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
|
||||||
}
|
}
|
||||||
|
|
||||||
void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len,
|
void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len,
|
||||||
BroString** p)
|
zeek::BroString** p)
|
||||||
{
|
{
|
||||||
uint16_t dlen = ExtractShort(data, len);
|
uint16_t dlen = ExtractShort(data, len);
|
||||||
dlen = min(len, static_cast<int>(dlen));
|
dlen = min(len, static_cast<int>(dlen));
|
||||||
|
|
||||||
if ( p )
|
if ( p )
|
||||||
*p = new BroString(data, dlen, false);
|
*p = new zeek::BroString(data, dlen, false);
|
||||||
|
|
||||||
data += dlen;
|
data += dlen;
|
||||||
len -= dlen;
|
len -= dlen;
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int l)
|
zeek::BroString* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int l)
|
||||||
{
|
{
|
||||||
l = max(l, 0);
|
l = max(l, 0);
|
||||||
int dlen = min(len, l); // Len in bytes of the algorithm use
|
int dlen = min(len, l); // Len in bytes of the algorithm use
|
||||||
auto rval = new BroString(data, dlen, false);
|
auto rval = new zeek::BroString(data, dlen, false);
|
||||||
|
|
||||||
data += dlen;
|
data += dlen;
|
||||||
len -= dlen;
|
len -= dlen;
|
||||||
|
|
@ -763,7 +763,7 @@ bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
|
||||||
uint32_t sign_time_sec = ExtractLong(data, len);
|
uint32_t sign_time_sec = ExtractLong(data, len);
|
||||||
unsigned int sign_time_msec = ExtractShort(data, len);
|
unsigned int sign_time_msec = ExtractShort(data, len);
|
||||||
unsigned int fudge = ExtractShort(data, len);
|
unsigned int fudge = ExtractShort(data, len);
|
||||||
BroString* request_MAC;
|
zeek::BroString* request_MAC;
|
||||||
ExtractOctets(data, len, dns_TSIG_addl ? &request_MAC : nullptr);
|
ExtractOctets(data, len, dns_TSIG_addl ? &request_MAC : nullptr);
|
||||||
unsigned int orig_id = ExtractShort(data, len);
|
unsigned int orig_id = ExtractShort(data, len);
|
||||||
unsigned int rr_error = ExtractShort(data, len);
|
unsigned int rr_error = ExtractShort(data, len);
|
||||||
|
|
@ -773,7 +773,7 @@ bool DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
|
||||||
{
|
{
|
||||||
TSIG_DATA tsig;
|
TSIG_DATA tsig;
|
||||||
tsig.alg_name =
|
tsig.alg_name =
|
||||||
new BroString(alg_name, alg_name_end - alg_name, true);
|
new zeek::BroString(alg_name, alg_name_end - alg_name, true);
|
||||||
tsig.sig = request_MAC;
|
tsig.sig = request_MAC;
|
||||||
tsig.time_s = sign_time_sec;
|
tsig.time_s = sign_time_sec;
|
||||||
tsig.time_ms = sign_time_msec;
|
tsig.time_ms = sign_time_msec;
|
||||||
|
|
@ -827,7 +827,7 @@ bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
|
||||||
|
|
||||||
int sig_len = rdlength - ((data - data_start) + 18);
|
int sig_len = rdlength - ((data - data_start) + 18);
|
||||||
DNSSEC_Algo dsa = DNSSEC_Algo(algo);
|
DNSSEC_Algo dsa = DNSSEC_Algo(algo);
|
||||||
BroString* sign = ExtractStream(data, len, sig_len);
|
zeek::BroString* sign = ExtractStream(data, len, sig_len);
|
||||||
|
|
||||||
switch ( dsa ) {
|
switch ( dsa ) {
|
||||||
case RSA_MD5:
|
case RSA_MD5:
|
||||||
|
|
@ -879,7 +879,7 @@ bool DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
|
||||||
rrsig.sig_exp = sign_exp;
|
rrsig.sig_exp = sign_exp;
|
||||||
rrsig.sig_incep = sign_incp;
|
rrsig.sig_incep = sign_incp;
|
||||||
rrsig.key_tag = key_tag;
|
rrsig.key_tag = key_tag;
|
||||||
rrsig.signer_name = new BroString(name, name_end - name, true);
|
rrsig.signer_name = new zeek::BroString(name, name_end - name, true);
|
||||||
rrsig.signature = sign;
|
rrsig.signature = sign;
|
||||||
|
|
||||||
analyzer->EnqueueConnEvent(dns_RRSIG,
|
analyzer->EnqueueConnEvent(dns_RRSIG,
|
||||||
|
|
@ -914,7 +914,7 @@ bool DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
|
||||||
unsigned int dalgorithm = proto_algo & 0xff;
|
unsigned int dalgorithm = proto_algo & 0xff;
|
||||||
DNSSEC_Algo dsa = DNSSEC_Algo(dalgorithm);
|
DNSSEC_Algo dsa = DNSSEC_Algo(dalgorithm);
|
||||||
//Evaluating the size of remaining bytes for Public Key
|
//Evaluating the size of remaining bytes for Public Key
|
||||||
BroString* key = ExtractStream(data, len, rdlength - 4);
|
zeek::BroString* key = ExtractStream(data, len, rdlength - 4);
|
||||||
|
|
||||||
// flags bit 7: zone key
|
// flags bit 7: zone key
|
||||||
// flags bit 8: revoked
|
// flags bit 8: revoked
|
||||||
|
|
@ -1023,7 +1023,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* bitmap = ExtractStream(data, len, bmlen);
|
zeek::BroString* bitmap = ExtractStream(data, len, bmlen);
|
||||||
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
|
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
|
||||||
typebitmaps_len = typebitmaps_len - (2 + bmlen);
|
typebitmaps_len = typebitmaps_len - (2 + bmlen);
|
||||||
}
|
}
|
||||||
|
|
@ -1033,7 +1033,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
msg->BuildHdrVal(),
|
msg->BuildHdrVal(),
|
||||||
msg->BuildAnswerVal(),
|
msg->BuildAnswerVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_end - name, true)),
|
||||||
std::move(char_strings)
|
std::move(char_strings)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -1098,7 +1098,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* bitmap = ExtractStream(data, len, bmlen);
|
zeek::BroString* bitmap = ExtractStream(data, len, bmlen);
|
||||||
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
|
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
|
||||||
typebitmaps_len = typebitmaps_len - (2 + bmlen);
|
typebitmaps_len = typebitmaps_len - (2 + bmlen);
|
||||||
}
|
}
|
||||||
|
|
@ -1146,7 +1146,7 @@ bool DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg,
|
||||||
unsigned int ds_algo = (ds_algo_dtype >> 8) & 0xff;
|
unsigned int ds_algo = (ds_algo_dtype >> 8) & 0xff;
|
||||||
unsigned int ds_dtype = ds_algo_dtype & 0xff;
|
unsigned int ds_dtype = ds_algo_dtype & 0xff;
|
||||||
DNSSEC_Digest ds_digest_type = DNSSEC_Digest(ds_dtype);
|
DNSSEC_Digest ds_digest_type = DNSSEC_Digest(ds_dtype);
|
||||||
BroString* ds_digest = ExtractStream(data, len, rdlength - 4);
|
zeek::BroString* ds_digest = ExtractStream(data, len, rdlength - 4);
|
||||||
|
|
||||||
switch ( ds_digest_type ) {
|
switch ( ds_digest_type ) {
|
||||||
case SHA1:
|
case SHA1:
|
||||||
|
|
@ -1364,11 +1364,11 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
|
||||||
analyzer->Weird("DNS_CAA_char_str_past_rdlen");
|
analyzer->Weird("DNS_CAA_char_str_past_rdlen");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
BroString* tag = new BroString(data, tagLen, true);
|
zeek::BroString* tag = new zeek::BroString(data, tagLen, true);
|
||||||
len -= tagLen;
|
len -= tagLen;
|
||||||
data += tagLen;
|
data += tagLen;
|
||||||
rdlength -= tagLen;
|
rdlength -= tagLen;
|
||||||
BroString* value = new BroString(data, rdlength, false);
|
zeek::BroString* value = new zeek::BroString(data, rdlength, false);
|
||||||
|
|
||||||
len -= value->Len();
|
len -= value->Len();
|
||||||
data += value->Len();
|
data += value->Len();
|
||||||
|
|
@ -1396,8 +1396,8 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
|
||||||
void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
|
void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
|
||||||
EventHandlerPtr event,
|
EventHandlerPtr event,
|
||||||
const u_char*& data, int& len,
|
const u_char*& data, int& len,
|
||||||
BroString* question_name,
|
zeek::BroString* question_name,
|
||||||
BroString* original_name)
|
zeek::BroString* original_name)
|
||||||
{
|
{
|
||||||
RR_Type qtype = RR_Type(ExtractShort(data, len));
|
RR_Type qtype = RR_Type(ExtractShort(data, len));
|
||||||
int qclass = ExtractShort(data, len);
|
int qclass = ExtractShort(data, len);
|
||||||
|
|
|
||||||
|
|
@ -129,10 +129,10 @@ struct EDNS_ADDITIONAL { // size
|
||||||
};
|
};
|
||||||
|
|
||||||
struct TSIG_DATA {
|
struct TSIG_DATA {
|
||||||
BroString* alg_name;
|
zeek::BroString* alg_name;
|
||||||
unsigned long time_s;
|
unsigned long time_s;
|
||||||
unsigned short time_ms;
|
unsigned short time_ms;
|
||||||
BroString* sig;
|
zeek::BroString* sig;
|
||||||
unsigned short fudge;
|
unsigned short fudge;
|
||||||
unsigned short orig_id;
|
unsigned short orig_id;
|
||||||
unsigned short rr_error;
|
unsigned short rr_error;
|
||||||
|
|
@ -146,15 +146,15 @@ struct RRSIG_DATA {
|
||||||
unsigned long sig_exp; // 32
|
unsigned long sig_exp; // 32
|
||||||
unsigned long sig_incep; // 32
|
unsigned long sig_incep; // 32
|
||||||
unsigned short key_tag; //16
|
unsigned short key_tag; //16
|
||||||
BroString* signer_name;
|
zeek::BroString* signer_name;
|
||||||
BroString* signature;
|
zeek::BroString* signature;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct DNSKEY_DATA {
|
struct DNSKEY_DATA {
|
||||||
unsigned short dflags; // 16 : ExtractShort(data, len)
|
unsigned short dflags; // 16 : ExtractShort(data, len)
|
||||||
unsigned short dalgorithm; // 8
|
unsigned short dalgorithm; // 8
|
||||||
unsigned short dprotocol; // 8
|
unsigned short dprotocol; // 8
|
||||||
BroString* public_key; // Variable lenght Public Key
|
zeek::BroString* public_key; // Variable lenght Public Key
|
||||||
};
|
};
|
||||||
|
|
||||||
struct NSEC3_DATA {
|
struct NSEC3_DATA {
|
||||||
|
|
@ -162,9 +162,9 @@ struct NSEC3_DATA {
|
||||||
unsigned short nsec_hash_algo;
|
unsigned short nsec_hash_algo;
|
||||||
unsigned short nsec_iter;
|
unsigned short nsec_iter;
|
||||||
unsigned short nsec_salt_len;
|
unsigned short nsec_salt_len;
|
||||||
BroString* nsec_salt;
|
zeek::BroString* nsec_salt;
|
||||||
unsigned short nsec_hlen;
|
unsigned short nsec_hlen;
|
||||||
BroString* nsec_hash;
|
zeek::BroString* nsec_hash;
|
||||||
zeek::VectorValPtr bitmaps;
|
zeek::VectorValPtr bitmaps;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -172,7 +172,7 @@ struct DS_DATA {
|
||||||
unsigned short key_tag; // 16 : ExtractShort(data, len)
|
unsigned short key_tag; // 16 : ExtractShort(data, len)
|
||||||
unsigned short algorithm; // 8
|
unsigned short algorithm; // 8
|
||||||
unsigned short digest_type; // 8
|
unsigned short digest_type; // 8
|
||||||
BroString* digest_val; // Variable lenght Digest of DNSKEY RR
|
zeek::BroString* digest_val; // Variable lenght Digest of DNSKEY RR
|
||||||
};
|
};
|
||||||
|
|
||||||
class DNS_MsgInfo {
|
class DNS_MsgInfo {
|
||||||
|
|
@ -249,9 +249,9 @@ protected:
|
||||||
|
|
||||||
uint16_t ExtractShort(const u_char*& data, int& len);
|
uint16_t ExtractShort(const u_char*& data, int& len);
|
||||||
uint32_t ExtractLong(const u_char*& data, int& len);
|
uint32_t ExtractLong(const u_char*& data, int& len);
|
||||||
void ExtractOctets(const u_char*& data, int& len, BroString** p);
|
void ExtractOctets(const u_char*& data, int& len, zeek::BroString** p);
|
||||||
|
|
||||||
BroString* ExtractStream(const u_char*& data, int& len, int sig_len);
|
zeek::BroString* ExtractStream(const u_char*& data, int& len, int sig_len);
|
||||||
|
|
||||||
bool ParseRR_Name(DNS_MsgInfo* msg,
|
bool ParseRR_Name(DNS_MsgInfo* msg,
|
||||||
const u_char*& data, int& len, int rdlength,
|
const u_char*& data, int& len, int rdlength,
|
||||||
|
|
@ -308,7 +308,8 @@ protected:
|
||||||
const u_char* msg_start);
|
const u_char* msg_start);
|
||||||
void SendReplyOrRejectEvent(DNS_MsgInfo* msg, EventHandlerPtr event,
|
void SendReplyOrRejectEvent(DNS_MsgInfo* msg, EventHandlerPtr event,
|
||||||
const u_char*& data, int& len,
|
const u_char*& data, int& len,
|
||||||
BroString* question_name, BroString* original_name);
|
zeek::BroString* question_name,
|
||||||
|
zeek::BroString* original_name);
|
||||||
|
|
||||||
analyzer::Analyzer* analyzer;
|
analyzer::Analyzer* analyzer;
|
||||||
bool first_message;
|
bool first_message;
|
||||||
|
|
|
||||||
|
|
@ -204,7 +204,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
|
||||||
const char* line = (const char*) data;
|
const char* line = (const char*) data;
|
||||||
const char* end_of_line = line + len;
|
const char* end_of_line = line + len;
|
||||||
|
|
||||||
BroString* decoded_adat = nullptr;
|
zeek::BroString* decoded_adat = nullptr;
|
||||||
|
|
||||||
if ( orig )
|
if ( orig )
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,7 @@ zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
ev->Assign(3, zeek::make_intrusive<zeek::StringVal>(
|
ev->Assign(3, zeek::make_intrusive<zeek::StringVal>(
|
||||||
new BroString((const u_char*) d, len, false)));
|
new zeek::BroString((const u_char*) d, len, false)));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -116,7 +116,7 @@ zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
|
||||||
|
|
||||||
zeek::ValPtr BuildAccessPointName(const InformationElement* ie)
|
zeek::ValPtr BuildAccessPointName(const InformationElement* ie)
|
||||||
{
|
{
|
||||||
BroString* bs = new BroString((const u_char*) ie->ap_name()->value().data(),
|
zeek::BroString* bs = new zeek::BroString((const u_char*) ie->ap_name()->value().data(),
|
||||||
ie->ap_name()->value().length(), false);
|
ie->ap_name()->value().length(), false);
|
||||||
return zeek::make_intrusive<zeek::StringVal>(bs);
|
return zeek::make_intrusive<zeek::StringVal>(bs);
|
||||||
}
|
}
|
||||||
|
|
@ -125,7 +125,7 @@ zeek::ValPtr BuildProtoConfigOptions(const InformationElement* ie)
|
||||||
{
|
{
|
||||||
const u_char* d = (const u_char*) ie->proto_config_opts()->value().data();
|
const u_char* d = (const u_char*) ie->proto_config_opts()->value().data();
|
||||||
int len = ie->proto_config_opts()->value().length();
|
int len = ie->proto_config_opts()->value().length();
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(d, len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
|
zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
|
||||||
|
|
@ -142,7 +142,7 @@ zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
|
||||||
ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
|
ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
|
||||||
IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
|
IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
|
||||||
else
|
else
|
||||||
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false)));
|
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const u_char*) d, len, false)));
|
||||||
|
|
||||||
return ev;
|
return ev;
|
||||||
}
|
}
|
||||||
|
|
@ -151,7 +151,7 @@ zeek::ValPtr BuildMSISDN(const InformationElement* ie)
|
||||||
{
|
{
|
||||||
const u_char* d = (const u_char*) ie->msisdn()->value().data();
|
const u_char* d = (const u_char*) ie->msisdn()->value().data();
|
||||||
int len = ie->msisdn()->value().length();
|
int len = ie->msisdn()->value().length();
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(d, len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
|
zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
|
||||||
|
|
@ -162,7 +162,7 @@ zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
|
||||||
int len = ie->qos_profile()->data().length();
|
int len = ie->qos_profile()->data().length();
|
||||||
|
|
||||||
ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
|
ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
|
||||||
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false)));
|
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(d, len, false)));
|
||||||
|
|
||||||
return ev;
|
return ev;
|
||||||
}
|
}
|
||||||
|
|
@ -171,21 +171,21 @@ zeek::ValPtr BuildTrafficFlowTemplate(const InformationElement* ie)
|
||||||
{
|
{
|
||||||
const uint8* d = ie->traffic_flow_template()->value().data();
|
const uint8* d = ie->traffic_flow_template()->value().data();
|
||||||
int len = ie->traffic_flow_template()->value().length();
|
int len = ie->traffic_flow_template()->value().length();
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const u_char*) d, len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::ValPtr BuildTriggerID(const InformationElement* ie)
|
zeek::ValPtr BuildTriggerID(const InformationElement* ie)
|
||||||
{
|
{
|
||||||
const uint8* d = ie->trigger_id()->value().data();
|
const uint8* d = ie->trigger_id()->value().data();
|
||||||
int len = ie->trigger_id()->value().length();
|
int len = ie->trigger_id()->value().length();
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const u_char*) d, len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::ValPtr BuildOMC_ID(const InformationElement* ie)
|
zeek::ValPtr BuildOMC_ID(const InformationElement* ie)
|
||||||
{
|
{
|
||||||
const uint8* d = ie->omc_id()->value().data();
|
const uint8* d = ie->omc_id()->value().data();
|
||||||
int len = ie->omc_id()->value().length();
|
int len = ie->omc_id()->value().length();
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const u_char*) d, len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
|
zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
|
||||||
|
|
@ -196,7 +196,7 @@ zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
|
||||||
int len = ie->private_ext()->value().length();
|
int len = ie->private_ext()->value().length();
|
||||||
|
|
||||||
ev->Assign(0, val_mgr->Count(ie->private_ext()->id()));
|
ev->Assign(0, val_mgr->Count(ie->private_ext()->id()));
|
||||||
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false)));
|
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::BroString((const u_char*) d, len, false)));
|
||||||
|
|
||||||
return ev;
|
return ev;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -361,7 +361,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
|
||||||
{
|
{
|
||||||
if ( mime::istrequal(h->get_name(), "content-length") )
|
if ( mime::istrequal(h->get_name(), "content-length") )
|
||||||
{
|
{
|
||||||
data_chunk_t vt = h->get_value_token();
|
zeek::data_chunk_t vt = h->get_value_token();
|
||||||
if ( ! mime::is_null_data_chunk(vt) )
|
if ( ! mime::is_null_data_chunk(vt) )
|
||||||
{
|
{
|
||||||
int64_t n;
|
int64_t n;
|
||||||
|
|
@ -388,7 +388,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
|
||||||
else if ( mime::istrequal(h->get_name(), "content-range") &&
|
else if ( mime::istrequal(h->get_name(), "content-range") &&
|
||||||
http_message->MyHTTP_Analyzer()->HTTP_ReplyCode() == 206 )
|
http_message->MyHTTP_Analyzer()->HTTP_ReplyCode() == 206 )
|
||||||
{
|
{
|
||||||
data_chunk_t vt = h->get_value_token();
|
zeek::data_chunk_t vt = h->get_value_token();
|
||||||
string byte_unit(vt.data, vt.length);
|
string byte_unit(vt.data, vt.length);
|
||||||
vt = h->get_value_after_token();
|
vt = h->get_value_after_token();
|
||||||
string byte_range(vt.data, vt.length);
|
string byte_range(vt.data, vt.length);
|
||||||
|
|
@ -479,7 +479,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
|
||||||
else // reply_ongoing
|
else // reply_ongoing
|
||||||
http_version = http_message->analyzer->GetReplyVersionNumber();
|
http_version = http_message->analyzer->GetReplyVersionNumber();
|
||||||
|
|
||||||
data_chunk_t vt = h->get_value_token();
|
zeek::data_chunk_t vt = h->get_value_token();
|
||||||
if ( mime::istrequal(vt, "chunked") &&
|
if ( mime::istrequal(vt, "chunked") &&
|
||||||
http_version == HTTP_Analyzer::HTTP_VersionNumber{1, 1} )
|
http_version == HTTP_Analyzer::HTTP_VersionNumber{1, 1} )
|
||||||
chunked_transfer_state = BEFORE_CHUNK;
|
chunked_transfer_state = BEFORE_CHUNK;
|
||||||
|
|
@ -487,7 +487,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
|
||||||
|
|
||||||
else if ( mime::istrequal(h->get_name(), "content-encoding") )
|
else if ( mime::istrequal(h->get_name(), "content-encoding") )
|
||||||
{
|
{
|
||||||
data_chunk_t vt = h->get_value_token();
|
zeek::data_chunk_t vt = h->get_value_token();
|
||||||
if ( mime::istrequal(vt, "gzip") || mime::istrequal(vt, "x-gzip") )
|
if ( mime::istrequal(vt, "gzip") || mime::istrequal(vt, "x-gzip") )
|
||||||
encoding = GZIP;
|
encoding = GZIP;
|
||||||
if ( mime::istrequal(vt, "deflate") )
|
if ( mime::istrequal(vt, "deflate") )
|
||||||
|
|
@ -762,7 +762,7 @@ void HTTP_Message::SubmitData(int len, const char* buf)
|
||||||
{
|
{
|
||||||
if ( http_entity_data )
|
if ( http_entity_data )
|
||||||
MyHTTP_Analyzer()->HTTP_EntityData(is_orig,
|
MyHTTP_Analyzer()->HTTP_EntityData(is_orig,
|
||||||
new BroString(reinterpret_cast<const u_char*>(buf), len, false));
|
new zeek::BroString(reinterpret_cast<const u_char*>(buf), len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
bool HTTP_Message::RequestBuffer(int* plen, char** pbuf)
|
bool HTTP_Message::RequestBuffer(int* plen, char** pbuf)
|
||||||
|
|
@ -1368,14 +1368,14 @@ void HTTP_Analyzer::HTTP_Event(const char* category, zeek::StringValPtr detail)
|
||||||
zeek::StringValPtr
|
zeek::StringValPtr
|
||||||
HTTP_Analyzer::TruncateURI(const zeek::StringValPtr& uri)
|
HTTP_Analyzer::TruncateURI(const zeek::StringValPtr& uri)
|
||||||
{
|
{
|
||||||
const BroString* str = uri->AsString();
|
const zeek::BroString* str = uri->AsString();
|
||||||
|
|
||||||
if ( truncate_http_URI >= 0 && str->Len() > truncate_http_URI )
|
if ( truncate_http_URI >= 0 && str->Len() > truncate_http_URI )
|
||||||
{
|
{
|
||||||
u_char* s = new u_char[truncate_http_URI + 4];
|
u_char* s = new u_char[truncate_http_URI + 4];
|
||||||
memcpy(s, str->Bytes(), truncate_http_URI);
|
memcpy(s, str->Bytes(), truncate_http_URI);
|
||||||
memcpy(s + truncate_http_URI, "...", 4);
|
memcpy(s + truncate_http_URI, "...", 4);
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(true, s, truncate_http_URI+3));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(true, s, truncate_http_URI+3));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
return uri;
|
return uri;
|
||||||
|
|
@ -1495,7 +1495,7 @@ void HTTP_Analyzer::RequestClash(zeek::Val* /* clash_val */)
|
||||||
RequestMade(true, "request clash");
|
RequestMade(true, "request clash");
|
||||||
}
|
}
|
||||||
|
|
||||||
const BroString* HTTP_Analyzer::UnansweredRequestMethod()
|
const zeek::BroString* HTTP_Analyzer::UnansweredRequestMethod()
|
||||||
{
|
{
|
||||||
return unanswered_requests.empty() ? nullptr : unanswered_requests.front()->AsString();
|
return unanswered_requests.empty() ? nullptr : unanswered_requests.front()->AsString();
|
||||||
}
|
}
|
||||||
|
|
@ -1579,7 +1579,7 @@ int HTTP_Analyzer::ExpectReplyMessageBody()
|
||||||
// MUST NOT include a message-body. All other responses do include a
|
// MUST NOT include a message-body. All other responses do include a
|
||||||
// message-body, although it MAY be of zero length.
|
// message-body, although it MAY be of zero length.
|
||||||
|
|
||||||
const BroString* method = UnansweredRequestMethod();
|
const zeek::BroString* method = UnansweredRequestMethod();
|
||||||
|
|
||||||
if ( method && strncasecmp((const char*) (method->Bytes()), "HEAD", method->Len()) == 0 )
|
if ( method && strncasecmp((const char*) (method->Bytes()), "HEAD", method->Len()) == 0 )
|
||||||
return HTTP_BODY_NOT_EXPECTED;
|
return HTTP_BODY_NOT_EXPECTED;
|
||||||
|
|
@ -1622,8 +1622,8 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h)
|
||||||
is_orig ? Rule::HTTP_REQUEST_HEADER :
|
is_orig ? Rule::HTTP_REQUEST_HEADER :
|
||||||
Rule::HTTP_REPLY_HEADER;
|
Rule::HTTP_REPLY_HEADER;
|
||||||
|
|
||||||
data_chunk_t hd_name = h->get_name();
|
zeek::data_chunk_t hd_name = h->get_name();
|
||||||
data_chunk_t hd_value = h->get_value();
|
zeek::data_chunk_t hd_value = h->get_value();
|
||||||
|
|
||||||
Conn()->Match(rule, (const u_char*) hd_name.data, hd_name.length,
|
Conn()->Match(rule, (const u_char*) hd_name.data, hd_name.length,
|
||||||
is_orig, true, false, true);
|
is_orig, true, false, true);
|
||||||
|
|
@ -1648,7 +1648,7 @@ void HTTP_Analyzer::HTTP_Header(bool is_orig, mime::MIME_Header* h)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void HTTP_Analyzer::HTTP_EntityData(bool is_orig, BroString* entity_data)
|
void HTTP_Analyzer::HTTP_EntityData(bool is_orig, zeek::BroString* entity_data)
|
||||||
{
|
{
|
||||||
if ( http_entity_data )
|
if ( http_entity_data )
|
||||||
EnqueueConnEvent(http_entity_data,
|
EnqueueConnEvent(http_entity_data,
|
||||||
|
|
@ -1711,11 +1711,11 @@ void analyzer::http::escape_URI_char(unsigned char ch, unsigned char*& p)
|
||||||
*p++ = encode_hex(ch & 0xf);
|
*p++ = encode_hex(ch & 0xf);
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* analyzer::http::unescape_URI(const u_char* line, const u_char* line_end,
|
zeek::BroString* analyzer::http::unescape_URI(const u_char* line, const u_char* line_end,
|
||||||
analyzer::Analyzer* analyzer)
|
analyzer::Analyzer* analyzer)
|
||||||
{
|
{
|
||||||
byte_vec decoded_URI = new u_char[line_end - line + 1];
|
zeek::byte_vec decoded_URI = new u_char[line_end - line + 1];
|
||||||
byte_vec URI_p = decoded_URI;
|
zeek::byte_vec URI_p = decoded_URI;
|
||||||
|
|
||||||
while ( line < line_end )
|
while ( line < line_end )
|
||||||
{
|
{
|
||||||
|
|
@ -1807,5 +1807,5 @@ BroString* analyzer::http::unescape_URI(const u_char* line, const u_char* line_e
|
||||||
|
|
||||||
URI_p[0] = 0;
|
URI_p[0] = 0;
|
||||||
|
|
||||||
return new BroString(true, decoded_URI, URI_p - decoded_URI);
|
return new zeek::BroString(true, decoded_URI, URI_p - decoded_URI);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -153,7 +153,7 @@ public:
|
||||||
HTTP_Analyzer(Connection* conn);
|
HTTP_Analyzer(Connection* conn);
|
||||||
|
|
||||||
void HTTP_Header(bool is_orig, mime::MIME_Header* h);
|
void HTTP_Header(bool is_orig, mime::MIME_Header* h);
|
||||||
void HTTP_EntityData(bool is_orig, BroString* entity_data);
|
void HTTP_EntityData(bool is_orig, zeek::BroString* entity_data);
|
||||||
void HTTP_MessageDone(bool is_orig, HTTP_Message* message);
|
void HTTP_MessageDone(bool is_orig, HTTP_Message* message);
|
||||||
void HTTP_Event(const char* category, const char* detail);
|
void HTTP_Event(const char* category, const char* detail);
|
||||||
void HTTP_Event(const char* category, zeek::StringValPtr detail);
|
void HTTP_Event(const char* category, zeek::StringValPtr detail);
|
||||||
|
|
@ -232,7 +232,7 @@ protected:
|
||||||
void ReplyMade(bool interrupted, const char* msg);
|
void ReplyMade(bool interrupted, const char* msg);
|
||||||
void RequestClash(zeek::Val* clash_val);
|
void RequestClash(zeek::Val* clash_val);
|
||||||
|
|
||||||
const BroString* UnansweredRequestMethod();
|
const zeek::BroString* UnansweredRequestMethod();
|
||||||
|
|
||||||
int HTTP_ReplyCode(const char* code_str);
|
int HTTP_ReplyCode(const char* code_str);
|
||||||
int ExpectReplyMessageBody();
|
int ExpectReplyMessageBody();
|
||||||
|
|
@ -281,7 +281,7 @@ protected:
|
||||||
extern bool is_reserved_URI_char(unsigned char ch);
|
extern bool is_reserved_URI_char(unsigned char ch);
|
||||||
extern bool is_unreserved_URI_char(unsigned char ch);
|
extern bool is_unreserved_URI_char(unsigned char ch);
|
||||||
extern void escape_URI_char(unsigned char ch, unsigned char*& p);
|
extern void escape_URI_char(unsigned char ch, unsigned char*& p);
|
||||||
extern BroString* unescape_URI(const u_char* line, const u_char* line_end,
|
extern zeek::BroString* unescape_URI(const u_char* line, const u_char* line_end,
|
||||||
analyzer::Analyzer* analyzer);
|
analyzer::Analyzer* analyzer);
|
||||||
|
|
||||||
} } // namespace analyzer::*
|
} } // namespace analyzer::*
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
|
||||||
|
|
||||||
if ( icmp_sent_payload )
|
if ( icmp_sent_payload )
|
||||||
{
|
{
|
||||||
BroString* payload = new BroString(data, std::min(len, caplen), false);
|
zeek::BroString* payload = new zeek::BroString(data, std::min(len, caplen), false);
|
||||||
|
|
||||||
EnqueueConnEvent(icmp_sent_payload,
|
EnqueueConnEvent(icmp_sent_payload,
|
||||||
ConnVal(),
|
ConnVal(),
|
||||||
|
|
@ -515,7 +515,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
|
||||||
int iid = ntohs(icmpp->icmp_hun.ih_idseq.icd_id);
|
int iid = ntohs(icmpp->icmp_hun.ih_idseq.icd_id);
|
||||||
int iseq = ntohs(icmpp->icmp_hun.ih_idseq.icd_seq);
|
int iseq = ntohs(icmpp->icmp_hun.ih_idseq.icd_seq);
|
||||||
|
|
||||||
BroString* payload = new BroString(data, caplen, false);
|
zeek::BroString* payload = new zeek::BroString(data, caplen, false);
|
||||||
|
|
||||||
EnqueueConnEvent(f,
|
EnqueueConnEvent(f,
|
||||||
ConnVal(),
|
ConnVal(),
|
||||||
|
|
@ -767,7 +767,7 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da
|
||||||
{
|
{
|
||||||
if ( caplen >= length )
|
if ( caplen >= length )
|
||||||
{
|
{
|
||||||
BroString* link_addr = new BroString(data, length, false);
|
zeek::BroString* link_addr = new zeek::BroString(data, length, false);
|
||||||
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(link_addr));
|
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(link_addr));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -837,7 +837,7 @@ zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* da
|
||||||
|
|
||||||
if ( set_payload_field )
|
if ( set_payload_field )
|
||||||
{
|
{
|
||||||
BroString* payload = new BroString(data, std::min((int)length, caplen), false);
|
zeek::BroString* payload = new zeek::BroString(data, std::min((int)length, caplen), false);
|
||||||
rv->Assign(6, zeek::make_intrusive<zeek::StringVal>(payload));
|
rv->Assign(6, zeek::make_intrusive<zeek::StringVal>(payload));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
|
||||||
|
|
||||||
if ( line != end_of_line )
|
if ( line != end_of_line )
|
||||||
{
|
{
|
||||||
BroString s((const u_char*)orig_line, length, true);
|
zeek::BroString s((const u_char*)orig_line, length, true);
|
||||||
Weird("ident_request_addendum", s.CheckString());
|
Weird("ident_request_addendum", s.CheckString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -172,8 +172,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
|
||||||
while ( --sys_end > sys_type && isspace(*sys_end) )
|
while ( --sys_end > sys_type && isspace(*sys_end) )
|
||||||
;
|
;
|
||||||
|
|
||||||
BroString* sys_type_s =
|
zeek::BroString* sys_type_s =
|
||||||
new BroString((const u_char*) sys_type,
|
new zeek::BroString((const u_char*) sys_type,
|
||||||
sys_end - sys_type + 1, true);
|
sys_end - sys_type + 1, true);
|
||||||
|
|
||||||
line = skip_whitespace(colon + 1, end_of_line);
|
line = skip_whitespace(colon + 1, end_of_line);
|
||||||
|
|
@ -242,7 +242,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line,
|
||||||
|
|
||||||
void Ident_Analyzer::BadRequest(int length, const char* line)
|
void Ident_Analyzer::BadRequest(int length, const char* line)
|
||||||
{
|
{
|
||||||
BroString s((const u_char*)line, length, true);
|
zeek::BroString s((const u_char*)line, length, true);
|
||||||
Weird("bad_ident_request", s.CheckString());
|
Weird("bad_ident_request", s.CheckString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -250,7 +250,7 @@ void Ident_Analyzer::BadReply(int length, const char* line)
|
||||||
{
|
{
|
||||||
if ( ! did_bad_reply )
|
if ( ! did_bad_reply )
|
||||||
{
|
{
|
||||||
BroString s((const u_char*)line, length, true);
|
zeek::BroString s((const u_char*)line, length, true);
|
||||||
Weird("bad_ident_reply", s.CheckString());
|
Weird("bad_ident_reply", s.CheckString());
|
||||||
did_bad_reply = true;
|
did_bad_reply = true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -87,23 +87,23 @@ void KRB_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::StringValPtr KRB_Analyzer::GetAuthenticationInfo(const BroString* principal,
|
zeek::StringValPtr KRB_Analyzer::GetAuthenticationInfo(const zeek::BroString* principal,
|
||||||
const BroString* ciphertext,
|
const zeek::BroString* ciphertext,
|
||||||
const bro_uint_t enctype)
|
const bro_uint_t enctype)
|
||||||
{
|
{
|
||||||
#ifdef USE_KRB5
|
#ifdef USE_KRB5
|
||||||
if ( !krb_available )
|
if ( !krb_available )
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
BroString delim("/");
|
zeek::BroString delim("/");
|
||||||
int pos = principal->FindSubstring(&delim);
|
int pos = principal->FindSubstring(&delim);
|
||||||
if ( pos == -1 )
|
if ( pos == -1 )
|
||||||
{
|
{
|
||||||
reporter->Warning("KRB: Couldn't parse principal (%s)", principal->CheckString());
|
reporter->Warning("KRB: Couldn't parse principal (%s)", principal->CheckString());
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
std::unique_ptr<BroString> service = unique_ptr<BroString>(principal->GetSubstring(0, pos));
|
std::unique_ptr<zeek::BroString> service = unique_ptr<zeek::BroString>(principal->GetSubstring(0, pos));
|
||||||
std::unique_ptr<BroString> hostname = unique_ptr<BroString>(principal->GetSubstring(pos + 1, -1));
|
std::unique_ptr<zeek::BroString> hostname = unique_ptr<zeek::BroString>(principal->GetSubstring(pos + 1, -1));
|
||||||
if ( !service || !hostname )
|
if ( !service || !hostname )
|
||||||
{
|
{
|
||||||
reporter->Warning("KRB: Couldn't parse principal (%s)", principal->CheckString());
|
reporter->Warning("KRB: Couldn't parse principal (%s)", principal->CheckString());
|
||||||
|
|
|
||||||
|
|
@ -25,8 +25,8 @@ public:
|
||||||
static analyzer::Analyzer* Instantiate(Connection* conn)
|
static analyzer::Analyzer* Instantiate(Connection* conn)
|
||||||
{ return new KRB_Analyzer(conn); }
|
{ return new KRB_Analyzer(conn); }
|
||||||
|
|
||||||
zeek::StringValPtr GetAuthenticationInfo(const BroString* principal,
|
zeek::StringValPtr GetAuthenticationInfo(const zeek::BroString* principal,
|
||||||
const BroString* ciphertext,
|
const zeek::BroString* ciphertext,
|
||||||
const bro_uint_t enctype);
|
const bro_uint_t enctype);
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
|
|
|
||||||
|
|
@ -21,8 +21,8 @@ public:
|
||||||
// Overriden from tcp::TCP_ApplicationAnalyzer.
|
// Overriden from tcp::TCP_ApplicationAnalyzer.
|
||||||
void EndpointEOF(bool is_orig) override;
|
void EndpointEOF(bool is_orig) override;
|
||||||
|
|
||||||
zeek::StringValPtr GetAuthenticationInfo(const BroString* principal,
|
zeek::StringValPtr GetAuthenticationInfo(const zeek::BroString* principal,
|
||||||
const BroString* ciphertext,
|
const zeek::BroString* ciphertext,
|
||||||
const bro_uint_t enctype)
|
const bro_uint_t enctype)
|
||||||
{ return val_mgr->EmptyString(); }
|
{ return val_mgr->EmptyString(); }
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -327,8 +327,8 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val)
|
||||||
{
|
{
|
||||||
if ( username )
|
if ( username )
|
||||||
{
|
{
|
||||||
const BroString* u = username->AsString();
|
const zeek::BroString* u = username->AsString();
|
||||||
const byte_vec ub = u->Bytes();
|
const zeek::byte_vec ub = u->Bytes();
|
||||||
const char* us = (const char*) ub;
|
const char* us = (const char*) ub;
|
||||||
if ( ! streq(val, us) )
|
if ( ! streq(val, us) )
|
||||||
Confused("multiple_USERs", val);
|
Confused("multiple_USERs", val);
|
||||||
|
|
@ -600,7 +600,7 @@ zeek::Val* Login_Analyzer::PopUserTextVal()
|
||||||
char* s = PopUserText();
|
char* s = PopUserText();
|
||||||
|
|
||||||
if ( s )
|
if ( s )
|
||||||
return new zeek::StringVal(new BroString(true, byte_vec(s), strlen(s)));
|
return new zeek::StringVal(new zeek::BroString(true, zeek::byte_vec(s), strlen(s)));
|
||||||
else
|
else
|
||||||
return val_mgr->EmptyString()->Ref();
|
return val_mgr->EmptyString()->Ref();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -461,7 +461,7 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len)
|
||||||
if ( login_terminal )
|
if ( login_terminal )
|
||||||
EnqueueConnEvent(login_terminal,
|
EnqueueConnEvent(login_terminal,
|
||||||
ConnVal(),
|
ConnVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(terminal, len, false))
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(terminal, len, false))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
namespace analyzer { namespace mime {
|
namespace analyzer { namespace mime {
|
||||||
|
|
||||||
static const data_chunk_t null_data_chunk = { 0, nullptr };
|
static const zeek::data_chunk_t null_data_chunk = { 0, nullptr };
|
||||||
|
|
||||||
int mime_header_only = 0;
|
int mime_header_only = 0;
|
||||||
int mime_decode_data = 1;
|
int mime_decode_data = 1;
|
||||||
|
|
@ -98,7 +98,7 @@ static const char* MIMEContentEncodingName[] = {
|
||||||
nullptr,
|
nullptr,
|
||||||
};
|
};
|
||||||
|
|
||||||
bool is_null_data_chunk(data_chunk_t b)
|
bool is_null_data_chunk(zeek::data_chunk_t b)
|
||||||
{
|
{
|
||||||
return b.data == nullptr;
|
return b.data == nullptr;
|
||||||
}
|
}
|
||||||
|
|
@ -114,7 +114,7 @@ zeek::StringVal* new_string_val(int length, const char* data)
|
||||||
zeek::StringVal* new_string_val(const char* data, const char* end_of_data)
|
zeek::StringVal* new_string_val(const char* data, const char* end_of_data)
|
||||||
{ return to_string_val(data, end_of_data).release(); }
|
{ return to_string_val(data, end_of_data).release(); }
|
||||||
|
|
||||||
zeek::StringVal* new_string_val(const data_chunk_t buf)
|
zeek::StringVal* new_string_val(const zeek::data_chunk_t buf)
|
||||||
{ return to_string_val(buf).release(); }
|
{ return to_string_val(buf).release(); }
|
||||||
|
|
||||||
zeek::StringValPtr to_string_val(int length, const char* data)
|
zeek::StringValPtr to_string_val(int length, const char* data)
|
||||||
|
|
@ -127,20 +127,20 @@ zeek::StringValPtr to_string_val(const char* data, const char* end_of_data)
|
||||||
return zeek::make_intrusive<zeek::StringVal>(end_of_data - data, data);
|
return zeek::make_intrusive<zeek::StringVal>(end_of_data - data, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::StringValPtr to_string_val(const data_chunk_t buf)
|
zeek::StringValPtr to_string_val(const zeek::data_chunk_t buf)
|
||||||
{
|
{
|
||||||
return to_string_val(buf.length, buf.data);
|
return to_string_val(buf.length, buf.data);
|
||||||
}
|
}
|
||||||
|
|
||||||
static data_chunk_t get_data_chunk(BroString* s)
|
static zeek::data_chunk_t get_data_chunk(zeek::BroString* s)
|
||||||
{
|
{
|
||||||
data_chunk_t b;
|
zeek::data_chunk_t b;
|
||||||
b.length = s->Len();
|
b.length = s->Len();
|
||||||
b.data = (const char*) s->Bytes();
|
b.data = (const char*) s->Bytes();
|
||||||
return b;
|
return b;
|
||||||
}
|
}
|
||||||
|
|
||||||
int fputs(data_chunk_t b, FILE* fp)
|
int fputs(zeek::data_chunk_t b, FILE* fp)
|
||||||
{
|
{
|
||||||
for ( int i = 0; i < b.length; ++i )
|
for ( int i = 0; i < b.length; ++i )
|
||||||
if ( fputc(b.data[i], fp) == EOF )
|
if ( fputc(b.data[i], fp) == EOF )
|
||||||
|
|
@ -155,7 +155,7 @@ void MIME_Mail::Undelivered(int len)
|
||||||
is_orig, cur_entity_id);
|
is_orig, cur_entity_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool istrequal(data_chunk_t s, const char* t)
|
bool istrequal(zeek::data_chunk_t s, const char* t)
|
||||||
{
|
{
|
||||||
int len = strlen(t);
|
int len = strlen(t);
|
||||||
|
|
||||||
|
|
@ -233,7 +233,7 @@ int MIME_skip_lws_comments(int len, const char* data)
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
int MIME_get_field_name(int len, const char* data, data_chunk_t* name)
|
int MIME_get_field_name(int len, const char* data, zeek::data_chunk_t* name)
|
||||||
{
|
{
|
||||||
int i = MIME_skip_lws_comments(len, data);
|
int i = MIME_skip_lws_comments(len, data);
|
||||||
while ( i < len )
|
while ( i < len )
|
||||||
|
|
@ -281,7 +281,7 @@ static bool MIME_is_token_char (char ch, bool is_boundary = false)
|
||||||
|
|
||||||
// See RFC 2045, page 12.
|
// See RFC 2045, page 12.
|
||||||
// A token is composed of characters that are not SPACE, CTLs or tspecials
|
// A token is composed of characters that are not SPACE, CTLs or tspecials
|
||||||
int MIME_get_token(int len, const char* data, data_chunk_t* token,
|
int MIME_get_token(int len, const char* data, zeek::data_chunk_t* token,
|
||||||
bool is_boundary)
|
bool is_boundary)
|
||||||
{
|
{
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
|
@ -313,7 +313,7 @@ int MIME_get_token(int len, const char* data, data_chunk_t* token,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int MIME_get_slash_token_pair(int len, const char* data, data_chunk_t* first, data_chunk_t* second)
|
int MIME_get_slash_token_pair(int len, const char* data, zeek::data_chunk_t* first, zeek::data_chunk_t* second)
|
||||||
{
|
{
|
||||||
int offset;
|
int offset;
|
||||||
const char* data_start = data;
|
const char* data_start = data;
|
||||||
|
|
@ -353,7 +353,7 @@ int MIME_get_slash_token_pair(int len, const char* data, data_chunk_t* first, da
|
||||||
}
|
}
|
||||||
|
|
||||||
// See RFC 2822, page 13.
|
// See RFC 2822, page 13.
|
||||||
int MIME_get_quoted_string(int len, const char* data, data_chunk_t* str)
|
int MIME_get_quoted_string(int len, const char* data, zeek::data_chunk_t* str)
|
||||||
{
|
{
|
||||||
int offset = MIME_skip_lws_comments(len, data);
|
int offset = MIME_skip_lws_comments(len, data);
|
||||||
|
|
||||||
|
|
@ -380,7 +380,7 @@ int MIME_get_quoted_string(int len, const char* data, data_chunk_t* str)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int MIME_get_value(int len, const char* data, BroString*& buf, bool is_boundary)
|
int MIME_get_value(int len, const char* data, zeek::BroString*& buf, bool is_boundary)
|
||||||
{
|
{
|
||||||
int offset = 0;
|
int offset = 0;
|
||||||
|
|
||||||
|
|
@ -392,7 +392,7 @@ int MIME_get_value(int len, const char* data, BroString*& buf, bool is_boundary)
|
||||||
|
|
||||||
if ( len > 0 && *data == '"' )
|
if ( len > 0 && *data == '"' )
|
||||||
{
|
{
|
||||||
data_chunk_t str;
|
zeek::data_chunk_t str;
|
||||||
int end = MIME_get_quoted_string(len, data, &str);
|
int end = MIME_get_quoted_string(len, data, &str);
|
||||||
if ( end < 0 )
|
if ( end < 0 )
|
||||||
return -1;
|
return -1;
|
||||||
|
|
@ -403,12 +403,12 @@ int MIME_get_value(int len, const char* data, BroString*& buf, bool is_boundary)
|
||||||
|
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
data_chunk_t str;
|
zeek::data_chunk_t str;
|
||||||
int end = MIME_get_token(len, data, &str, is_boundary);
|
int end = MIME_get_token(len, data, &str, is_boundary);
|
||||||
if ( end < 0 )
|
if ( end < 0 )
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
buf = new BroString((const u_char*)str.data, str.length, true);
|
buf = new zeek::BroString((const u_char*)str.data, str.length, true);
|
||||||
return offset + end;
|
return offset + end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -416,7 +416,7 @@ int MIME_get_value(int len, const char* data, BroString*& buf, bool is_boundary)
|
||||||
// Decode each quoted-pair: a '\' followed by a character by the
|
// Decode each quoted-pair: a '\' followed by a character by the
|
||||||
// quoted character. The decoded string is returned.
|
// quoted character. The decoded string is returned.
|
||||||
|
|
||||||
BroString* MIME_decode_quoted_pairs(data_chunk_t buf)
|
zeek::BroString* MIME_decode_quoted_pairs(zeek::data_chunk_t buf)
|
||||||
{
|
{
|
||||||
const char* data = buf.data;
|
const char* data = buf.data;
|
||||||
char* dest = new char[buf.length+1];
|
char* dest = new char[buf.length+1];
|
||||||
|
|
@ -436,7 +436,7 @@ BroString* MIME_decode_quoted_pairs(data_chunk_t buf)
|
||||||
dest[j++] = data[i];
|
dest[j++] = data[i];
|
||||||
dest[j] = 0;
|
dest[j] = 0;
|
||||||
|
|
||||||
return new BroString(true, (byte_vec) dest, j);
|
return new zeek::BroString(true, (zeek::byte_vec) dest, j);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -457,10 +457,10 @@ MIME_Multiline::~MIME_Multiline()
|
||||||
|
|
||||||
void MIME_Multiline::append(int len, const char* data)
|
void MIME_Multiline::append(int len, const char* data)
|
||||||
{
|
{
|
||||||
buffer.push_back(new BroString((const u_char*) data, len, true));
|
buffer.push_back(new zeek::BroString((const u_char*) data, len, true));
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* MIME_Multiline::get_concatenated_line()
|
zeek::BroString* MIME_Multiline::get_concatenated_line()
|
||||||
{
|
{
|
||||||
if ( buffer.empty() )
|
if ( buffer.empty() )
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
@ -477,7 +477,7 @@ MIME_Header::MIME_Header(MIME_Multiline* hl)
|
||||||
lines = hl;
|
lines = hl;
|
||||||
name = value = value_token = rest_value = null_data_chunk;
|
name = value = value_token = rest_value = null_data_chunk;
|
||||||
|
|
||||||
BroString* s = hl->get_concatenated_line();
|
zeek::BroString* s = hl->get_concatenated_line();
|
||||||
int len = s->Len();
|
int len = s->Len();
|
||||||
const char* data = (const char*) s->Bytes();
|
const char* data = (const char*) s->Bytes();
|
||||||
|
|
||||||
|
|
@ -523,7 +523,7 @@ int MIME_Header::get_first_token()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
data_chunk_t MIME_Header::get_value_token()
|
zeek::data_chunk_t MIME_Header::get_value_token()
|
||||||
{
|
{
|
||||||
if ( ! is_null_data_chunk(value_token) )
|
if ( ! is_null_data_chunk(value_token) )
|
||||||
return value_token;
|
return value_token;
|
||||||
|
|
@ -531,7 +531,7 @@ data_chunk_t MIME_Header::get_value_token()
|
||||||
return value_token;
|
return value_token;
|
||||||
}
|
}
|
||||||
|
|
||||||
data_chunk_t MIME_Header::get_value_after_token()
|
zeek::data_chunk_t MIME_Header::get_value_after_token()
|
||||||
{
|
{
|
||||||
if ( ! is_null_data_chunk(rest_value) )
|
if ( ! is_null_data_chunk(rest_value) )
|
||||||
return rest_value;
|
return rest_value;
|
||||||
|
|
@ -764,7 +764,7 @@ void MIME_Entity::FinishHeader()
|
||||||
delete h;
|
delete h;
|
||||||
}
|
}
|
||||||
|
|
||||||
int MIME_Entity::LookupMIMEHeaderName(data_chunk_t name)
|
int MIME_Entity::LookupMIMEHeaderName(zeek::data_chunk_t name)
|
||||||
{
|
{
|
||||||
// A linear lookup should be fine for now.
|
// A linear lookup should be fine for now.
|
||||||
// header names are case-insensitive (RFC 822, 2822, 2045).
|
// header names are case-insensitive (RFC 822, 2822, 2045).
|
||||||
|
|
@ -795,11 +795,11 @@ void MIME_Entity::ParseMIMEHeader(MIME_Header* h)
|
||||||
|
|
||||||
bool MIME_Entity::ParseContentTypeField(MIME_Header* h)
|
bool MIME_Entity::ParseContentTypeField(MIME_Header* h)
|
||||||
{
|
{
|
||||||
data_chunk_t val = h->get_value();
|
zeek::data_chunk_t val = h->get_value();
|
||||||
int len = val.length;
|
int len = val.length;
|
||||||
const char* data = val.data;
|
const char* data = val.data;
|
||||||
|
|
||||||
data_chunk_t ty, subty;
|
zeek::data_chunk_t ty, subty;
|
||||||
int offset;
|
int offset;
|
||||||
|
|
||||||
offset = MIME_get_slash_token_pair(len, data, &ty, &subty);
|
offset = MIME_get_slash_token_pair(len, data, &ty, &subty);
|
||||||
|
|
@ -834,7 +834,7 @@ bool MIME_Entity::ParseContentTypeField(MIME_Header* h)
|
||||||
|
|
||||||
bool MIME_Entity::ParseContentEncodingField(MIME_Header* h)
|
bool MIME_Entity::ParseContentEncodingField(MIME_Header* h)
|
||||||
{
|
{
|
||||||
data_chunk_t enc;
|
zeek::data_chunk_t enc;
|
||||||
|
|
||||||
enc = h->get_value_token();
|
enc = h->get_value_token();
|
||||||
if ( is_null_data_chunk(enc) )
|
if ( is_null_data_chunk(enc) )
|
||||||
|
|
@ -844,12 +844,12 @@ bool MIME_Entity::ParseContentEncodingField(MIME_Header* h)
|
||||||
}
|
}
|
||||||
|
|
||||||
delete content_encoding_str;
|
delete content_encoding_str;
|
||||||
content_encoding_str = new BroString((const u_char*)enc.data, enc.length, true);
|
content_encoding_str = new zeek::BroString((const u_char*)enc.data, enc.length, true);
|
||||||
ParseContentEncoding(enc);
|
ParseContentEncoding(enc);
|
||||||
|
|
||||||
if ( need_to_parse_parameters )
|
if ( need_to_parse_parameters )
|
||||||
{
|
{
|
||||||
data_chunk_t val = h->get_value_after_token();
|
zeek::data_chunk_t val = h->get_value_after_token();
|
||||||
if ( ! is_null_data_chunk(val) )
|
if ( ! is_null_data_chunk(val) )
|
||||||
ParseFieldParameters(val.length, val.data);
|
ParseFieldParameters(val.length, val.data);
|
||||||
}
|
}
|
||||||
|
|
@ -859,7 +859,7 @@ bool MIME_Entity::ParseContentEncodingField(MIME_Header* h)
|
||||||
|
|
||||||
bool MIME_Entity::ParseFieldParameters(int len, const char* data)
|
bool MIME_Entity::ParseFieldParameters(int len, const char* data)
|
||||||
{
|
{
|
||||||
data_chunk_t attr;
|
zeek::data_chunk_t attr;
|
||||||
|
|
||||||
while ( true )
|
while ( true )
|
||||||
{
|
{
|
||||||
|
|
@ -892,7 +892,7 @@ bool MIME_Entity::ParseFieldParameters(int len, const char* data)
|
||||||
data += offset;
|
data += offset;
|
||||||
len -= offset;
|
len -= offset;
|
||||||
|
|
||||||
BroString* val = nullptr;
|
zeek::BroString* val = nullptr;
|
||||||
|
|
||||||
if ( current_field_type == MIME_CONTENT_TYPE &&
|
if ( current_field_type == MIME_CONTENT_TYPE &&
|
||||||
content_type == CONTENT_TYPE_MULTIPART &&
|
content_type == CONTENT_TYPE_MULTIPART &&
|
||||||
|
|
@ -908,9 +908,9 @@ bool MIME_Entity::ParseFieldParameters(int len, const char* data)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
data_chunk_t vd = get_data_chunk(val);
|
zeek::data_chunk_t vd = get_data_chunk(val);
|
||||||
delete multipart_boundary;
|
delete multipart_boundary;
|
||||||
multipart_boundary = new BroString((const u_char*)vd.data,
|
multipart_boundary = new zeek::BroString((const u_char*)vd.data,
|
||||||
vd.length, true);
|
vd.length, true);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -932,7 +932,7 @@ bool MIME_Entity::ParseFieldParameters(int len, const char* data)
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void MIME_Entity::ParseContentType(data_chunk_t type, data_chunk_t sub_type)
|
void MIME_Entity::ParseContentType(zeek::data_chunk_t type, zeek::data_chunk_t sub_type)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
for ( i = 0; MIMEContentTypeName[i]; ++i )
|
for ( i = 0; MIMEContentTypeName[i]; ++i )
|
||||||
|
|
@ -959,7 +959,7 @@ void MIME_Entity::ParseContentType(data_chunk_t type, data_chunk_t sub_type)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void MIME_Entity::ParseContentEncoding(data_chunk_t encoding_mechanism)
|
void MIME_Entity::ParseContentEncoding(zeek::data_chunk_t encoding_mechanism)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
for ( i = 0; MIMEContentEncodingName[i]; ++i )
|
for ( i = 0; MIMEContentEncodingName[i]; ++i )
|
||||||
|
|
@ -983,7 +983,7 @@ int MIME_Entity::CheckBoundaryDelimiter(int len, const char* data)
|
||||||
{
|
{
|
||||||
len -= 2; data += 2;
|
len -= 2; data += 2;
|
||||||
|
|
||||||
data_chunk_t delim = get_data_chunk(multipart_boundary);
|
zeek::data_chunk_t delim = get_data_chunk(multipart_boundary);
|
||||||
|
|
||||||
int i;
|
int i;
|
||||||
for ( i = 0; i < len && i < delim.length; ++i )
|
for ( i = 0; i < len && i < delim.length; ++i )
|
||||||
|
|
@ -1352,7 +1352,7 @@ MIME_Mail::MIME_Mail(analyzer::Analyzer* mail_analyzer, bool orig, int buf_size)
|
||||||
length = max_chunk_length;
|
length = max_chunk_length;
|
||||||
|
|
||||||
buffer_start = data_start = 0;
|
buffer_start = data_start = 0;
|
||||||
data_buffer = new BroString(true, new u_char[length+1], length);
|
data_buffer = new zeek::BroString(true, new u_char[length+1], length);
|
||||||
|
|
||||||
if ( mime_content_hash )
|
if ( mime_content_hash )
|
||||||
{
|
{
|
||||||
|
|
@ -1383,7 +1383,7 @@ void MIME_Mail::Done()
|
||||||
analyzer->EnqueueConnEvent(mime_content_hash,
|
analyzer->EnqueueConnEvent(mime_content_hash,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
val_mgr->Count(content_hash_length),
|
val_mgr->Count(content_hash_length),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(true, digest, 16))
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(true, digest, 16))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1418,7 +1418,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
|
||||||
{
|
{
|
||||||
if ( mime_entity_data )
|
if ( mime_entity_data )
|
||||||
{
|
{
|
||||||
BroString* s = concatenate(entity_content);
|
zeek::BroString* s = concatenate(entity_content);
|
||||||
|
|
||||||
analyzer->EnqueueConnEvent(mime_entity_data,
|
analyzer->EnqueueConnEvent(mime_entity_data,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
|
|
@ -1474,7 +1474,7 @@ void MIME_Mail::SubmitData(int len, const char* buf)
|
||||||
|
|
||||||
if ( mime_entity_data || mime_all_data )
|
if ( mime_entity_data || mime_all_data )
|
||||||
{
|
{
|
||||||
BroString* s = new BroString((const u_char*) buf, len, false);
|
zeek::BroString* s = new zeek::BroString((const u_char*) buf, len, false);
|
||||||
|
|
||||||
if ( mime_entity_data )
|
if ( mime_entity_data )
|
||||||
entity_content.push_back(s);
|
entity_content.push_back(s);
|
||||||
|
|
@ -1531,7 +1531,7 @@ void MIME_Mail::SubmitAllData()
|
||||||
{
|
{
|
||||||
if ( mime_all_data )
|
if ( mime_all_data )
|
||||||
{
|
{
|
||||||
BroString* s = concatenate(all_content);
|
zeek::BroString* s = concatenate(all_content);
|
||||||
delete_strings(all_content);
|
delete_strings(all_content);
|
||||||
|
|
||||||
analyzer->EnqueueConnEvent(mime_all_data,
|
analyzer->EnqueueConnEvent(mime_all_data,
|
||||||
|
|
|
||||||
|
|
@ -63,11 +63,11 @@ public:
|
||||||
~MIME_Multiline();
|
~MIME_Multiline();
|
||||||
|
|
||||||
void append(int len, const char* data);
|
void append(int len, const char* data);
|
||||||
BroString* get_concatenated_line();
|
zeek::BroString* get_concatenated_line();
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
std::vector<const BroString*> buffer;
|
std::vector<const zeek::BroString*> buffer;
|
||||||
BroString* line;
|
zeek::BroString* line;
|
||||||
};
|
};
|
||||||
|
|
||||||
class MIME_Header {
|
class MIME_Header {
|
||||||
|
|
@ -75,19 +75,19 @@ public:
|
||||||
explicit MIME_Header(MIME_Multiline* hl);
|
explicit MIME_Header(MIME_Multiline* hl);
|
||||||
~MIME_Header();
|
~MIME_Header();
|
||||||
|
|
||||||
data_chunk_t get_name() const { return name; }
|
zeek::data_chunk_t get_name() const { return name; }
|
||||||
data_chunk_t get_value() const { return value; }
|
zeek::data_chunk_t get_value() const { return value; }
|
||||||
|
|
||||||
data_chunk_t get_value_token();
|
zeek::data_chunk_t get_value_token();
|
||||||
data_chunk_t get_value_after_token();
|
zeek::data_chunk_t get_value_after_token();
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
int get_first_token();
|
int get_first_token();
|
||||||
|
|
||||||
MIME_Multiline* lines;
|
MIME_Multiline* lines;
|
||||||
data_chunk_t name;
|
zeek::data_chunk_t name;
|
||||||
data_chunk_t value;
|
zeek::data_chunk_t value;
|
||||||
data_chunk_t value_token, rest_value;
|
zeek::data_chunk_t value_token, rest_value;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -120,13 +120,13 @@ protected:
|
||||||
void FinishHeader();
|
void FinishHeader();
|
||||||
|
|
||||||
void ParseMIMEHeader(MIME_Header* h);
|
void ParseMIMEHeader(MIME_Header* h);
|
||||||
int LookupMIMEHeaderName(data_chunk_t name);
|
int LookupMIMEHeaderName(zeek::data_chunk_t name);
|
||||||
bool ParseContentTypeField(MIME_Header* h);
|
bool ParseContentTypeField(MIME_Header* h);
|
||||||
bool ParseContentEncodingField(MIME_Header* h);
|
bool ParseContentEncodingField(MIME_Header* h);
|
||||||
bool ParseFieldParameters(int len, const char* data);
|
bool ParseFieldParameters(int len, const char* data);
|
||||||
|
|
||||||
void ParseContentType(data_chunk_t type, data_chunk_t sub_type);
|
void ParseContentType(zeek::data_chunk_t type, zeek::data_chunk_t sub_type);
|
||||||
void ParseContentEncoding(data_chunk_t encoding_mechanism);
|
void ParseContentEncoding(zeek::data_chunk_t encoding_mechanism);
|
||||||
|
|
||||||
void BeginBody();
|
void BeginBody();
|
||||||
void NewDataLine(int len, const char* data, bool trailing_CRLF);
|
void NewDataLine(int len, const char* data, bool trailing_CRLF);
|
||||||
|
|
@ -166,8 +166,8 @@ protected:
|
||||||
|
|
||||||
zeek::StringValPtr content_type_str;
|
zeek::StringValPtr content_type_str;
|
||||||
zeek::StringValPtr content_subtype_str;
|
zeek::StringValPtr content_subtype_str;
|
||||||
BroString* content_encoding_str;
|
zeek::BroString* content_encoding_str;
|
||||||
BroString* multipart_boundary;
|
zeek::BroString* multipart_boundary;
|
||||||
|
|
||||||
int content_type, content_subtype, content_encoding;
|
int content_type, content_subtype, content_encoding;
|
||||||
|
|
||||||
|
|
@ -269,39 +269,39 @@ protected:
|
||||||
int compute_content_hash;
|
int compute_content_hash;
|
||||||
int content_hash_length;
|
int content_hash_length;
|
||||||
EVP_MD_CTX* md5_hash;
|
EVP_MD_CTX* md5_hash;
|
||||||
std::vector<const BroString*> entity_content;
|
std::vector<const zeek::BroString*> entity_content;
|
||||||
std::vector<const BroString*> all_content;
|
std::vector<const zeek::BroString*> all_content;
|
||||||
|
|
||||||
BroString* data_buffer;
|
zeek::BroString* data_buffer;
|
||||||
|
|
||||||
uint64_t cur_entity_len;
|
uint64_t cur_entity_len;
|
||||||
std::string cur_entity_id;
|
std::string cur_entity_id;
|
||||||
};
|
};
|
||||||
|
|
||||||
extern bool is_null_data_chunk(data_chunk_t b);
|
extern bool is_null_data_chunk(zeek::data_chunk_t b);
|
||||||
[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]]
|
[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]]
|
||||||
extern zeek::StringVal* new_string_val(int length, const char* data);
|
extern zeek::StringVal* new_string_val(int length, const char* data);
|
||||||
[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]]
|
[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]]
|
||||||
extern zeek::StringVal* new_string_val(const char* data, const char* end_of_data);
|
extern zeek::StringVal* new_string_val(const char* data, const char* end_of_data);
|
||||||
[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]]
|
[[deprecated("Remove in v4.1. Use analyzer::mime::to_string_val().")]]
|
||||||
extern zeek::StringVal* new_string_val(const data_chunk_t buf);
|
extern zeek::StringVal* new_string_val(const zeek::data_chunk_t buf);
|
||||||
extern zeek::StringValPtr to_string_val(int length, const char* data);
|
extern zeek::StringValPtr to_string_val(int length, const char* data);
|
||||||
extern zeek::StringValPtr to_string_val(const char* data, const char* end_of_data);
|
extern zeek::StringValPtr to_string_val(const char* data, const char* end_of_data);
|
||||||
extern zeek::StringValPtr to_string_val(const data_chunk_t buf);
|
extern zeek::StringValPtr to_string_val(const zeek::data_chunk_t buf);
|
||||||
extern int fputs(data_chunk_t b, FILE* fp);
|
extern int fputs(zeek::data_chunk_t b, FILE* fp);
|
||||||
extern bool istrequal(data_chunk_t s, const char* t);
|
extern bool istrequal(zeek::data_chunk_t s, const char* t);
|
||||||
extern bool is_lws(char ch);
|
extern bool is_lws(char ch);
|
||||||
extern bool MIME_is_field_name_char(char ch);
|
extern bool MIME_is_field_name_char(char ch);
|
||||||
extern int MIME_count_leading_lws(int len, const char* data);
|
extern int MIME_count_leading_lws(int len, const char* data);
|
||||||
extern int MIME_count_trailing_lws(int len, const char* data);
|
extern int MIME_count_trailing_lws(int len, const char* data);
|
||||||
extern int MIME_skip_comments(int len, const char* data);
|
extern int MIME_skip_comments(int len, const char* data);
|
||||||
extern int MIME_skip_lws_comments(int len, const char* data);
|
extern int MIME_skip_lws_comments(int len, const char* data);
|
||||||
extern int MIME_get_token(int len, const char* data, data_chunk_t* token,
|
extern int MIME_get_token(int len, const char* data, zeek::data_chunk_t* token,
|
||||||
bool is_boundary = false);
|
bool is_boundary = false);
|
||||||
extern int MIME_get_slash_token_pair(int len, const char* data, data_chunk_t* first, data_chunk_t* second);
|
extern int MIME_get_slash_token_pair(int len, const char* data, zeek::data_chunk_t* first, zeek::data_chunk_t* second);
|
||||||
extern int MIME_get_value(int len, const char* data, BroString*& buf,
|
extern int MIME_get_value(int len, const char* data, zeek::BroString*& buf,
|
||||||
bool is_boundary = false);
|
bool is_boundary = false);
|
||||||
extern int MIME_get_field_name(int len, const char* data, data_chunk_t* name);
|
extern int MIME_get_field_name(int len, const char* data, zeek::data_chunk_t* name);
|
||||||
extern BroString* MIME_decode_quoted_pairs(data_chunk_t buf);
|
extern zeek::BroString* MIME_decode_quoted_pairs(zeek::data_chunk_t buf);
|
||||||
|
|
||||||
} } // namespace analyzer::*
|
} } // namespace analyzer::*
|
||||||
|
|
|
||||||
|
|
@ -125,11 +125,11 @@ void NetbiosSSN_Interpreter::ParseBroadcast(const u_char* data, int len,
|
||||||
// FIND THE NUL-TERMINATED NAME STRINGS HERE!
|
// FIND THE NUL-TERMINATED NAME STRINGS HERE!
|
||||||
// Not sure what's in them, so we don't keep them currently.
|
// Not sure what's in them, so we don't keep them currently.
|
||||||
|
|
||||||
BroString* srcname = new BroString((char*) data);
|
zeek::BroString* srcname = new zeek::BroString((char*) data);
|
||||||
data += srcname->Len()+1;
|
data += srcname->Len()+1;
|
||||||
len -= srcname->Len();
|
len -= srcname->Len();
|
||||||
|
|
||||||
BroString* dstname = new BroString((char*) data);
|
zeek::BroString* dstname = new zeek::BroString((char*) data);
|
||||||
data += dstname->Len()+1;
|
data += dstname->Len()+1;
|
||||||
len -= dstname->Len();
|
len -= dstname->Len();
|
||||||
|
|
||||||
|
|
@ -324,11 +324,11 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data,
|
||||||
analyzer->EnqueueConnEvent(event,
|
analyzer->EnqueueConnEvent(event,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
val_mgr->Bool(is_orig),
|
val_mgr->Bool(is_orig),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(data, len, false)));
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, len, false)));
|
||||||
else
|
else
|
||||||
analyzer->EnqueueConnEvent(event,
|
analyzer->EnqueueConnEvent(event,
|
||||||
analyzer->ConnVal(),
|
analyzer->ConnVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(data, len, false)));
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, len, false)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,7 @@ void POP3_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
|
||||||
if ( (TCP() && TCP()->IsPartial()) )
|
if ( (TCP() && TCP()->IsPartial()) )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
BroString terminated_string(data, len, true);
|
zeek::BroString terminated_string(data, len, true);
|
||||||
|
|
||||||
if ( orig )
|
if ( orig )
|
||||||
ProcessRequest(len, (char*) terminated_string.Bytes());
|
ProcessRequest(len, (char*) terminated_string.Bytes());
|
||||||
|
|
@ -135,8 +135,8 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line)
|
||||||
{
|
{
|
||||||
++authLines;
|
++authLines;
|
||||||
|
|
||||||
BroString encoded(line);
|
zeek::BroString encoded(line);
|
||||||
BroString* decoded = decode_base64(&encoded, nullptr, Conn());
|
zeek::BroString* decoded = decode_base64(&encoded, nullptr, Conn());
|
||||||
|
|
||||||
if ( ! decoded )
|
if ( ! decoded )
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -218,7 +218,7 @@ zeek::StringValPtr MOUNT_Interp::mount3_fh(const u_char*& buf, int& n)
|
||||||
if ( ! fh )
|
if ( ! fh )
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(fh, fh_n, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(fh, fh_n, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::StringValPtr MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
|
zeek::StringValPtr MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
|
||||||
|
|
@ -229,7 +229,7 @@ zeek::StringValPtr MOUNT_Interp::mount3_filename(const u_char*& buf, int& n)
|
||||||
if ( ! name )
|
if ( ! name )
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::RecordValPtr MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
|
zeek::RecordValPtr MOUNT_Interp::mount3_dirmntargs(const u_char*& buf, int& n)
|
||||||
|
|
|
||||||
|
|
@ -297,7 +297,7 @@ zeek::StringValPtr NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64
|
||||||
data_n = std::min(data_n, int(zeek::BifConst::NFS3::return_data_max));
|
data_n = std::min(data_n, int(zeek::BifConst::NFS3::return_data_max));
|
||||||
|
|
||||||
if ( data && data_n > 0 )
|
if ( data && data_n > 0 )
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(data, data_n, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, data_n, false));
|
||||||
|
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
@ -344,7 +344,7 @@ zeek::StringValPtr NFS_Interp::nfs3_fh(const u_char*& buf, int& n)
|
||||||
if ( ! fh )
|
if ( ! fh )
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(fh, fh_n, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(fh, fh_n, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -452,7 +452,7 @@ zeek::StringValPtr NFS_Interp::nfs3_filename(const u_char*& buf, int& n)
|
||||||
if ( ! name )
|
if ( ! name )
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_len, false));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(name, name_len, false));
|
||||||
}
|
}
|
||||||
|
|
||||||
zeek::RecordValPtr NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
|
zeek::RecordValPtr NFS_Interp::nfs3_diropargs(const u_char*& buf, int& n)
|
||||||
|
|
|
||||||
|
|
@ -183,7 +183,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
|
||||||
delete line_after_gap;
|
delete line_after_gap;
|
||||||
|
|
||||||
line_after_gap =
|
line_after_gap =
|
||||||
new BroString((const u_char *) line, length, true);
|
new zeek::BroString((const u_char *) line, length, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
else if ( state == SMTP_IN_DATA && line[0] == '.' && length == 1 )
|
else if ( state == SMTP_IN_DATA && line[0] == '.' && length == 1 )
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,7 @@ protected:
|
||||||
int pending_reply; // code assoc. w/ multi-line reply, or 0
|
int pending_reply; // code assoc. w/ multi-line reply, or 0
|
||||||
std::list<int> pending_cmd_q; // to support pipelining
|
std::list<int> pending_cmd_q; // to support pipelining
|
||||||
bool skip_data; // whether to skip message body
|
bool skip_data; // whether to skip message body
|
||||||
BroString* line_after_gap; // last line before the first reply
|
zeek::BroString* line_after_gap; // last line before the first reply
|
||||||
// after a gap
|
// after a gap
|
||||||
|
|
||||||
mime::MIME_Mail* mail;
|
mime::MIME_Mail* mail;
|
||||||
|
|
|
||||||
|
|
@ -448,8 +448,8 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64_t n)
|
||||||
// we've ever seen for the connection.
|
// we've ever seen for the connection.
|
||||||
(n > 1 || endp->peer->HasDoneSomething()) )
|
(n > 1 || endp->peer->HasDoneSomething()) )
|
||||||
{
|
{
|
||||||
BroString* b1_s = new BroString((const u_char*) b1, n, false);
|
zeek::BroString* b1_s = new zeek::BroString((const u_char*) b1, n, false);
|
||||||
BroString* b2_s = new BroString((const u_char*) b2, n, false);
|
zeek::BroString* b2_s = new zeek::BroString((const u_char*) b2, n, false);
|
||||||
|
|
||||||
tcp_analyzer->EnqueueConnEvent(rexmit_inconsistency,
|
tcp_analyzer->EnqueueConnEvent(rexmit_inconsistency,
|
||||||
tcp_analyzer->ConnVal(),
|
tcp_analyzer->ConnVal(),
|
||||||
|
|
|
||||||
|
|
@ -112,9 +112,9 @@ zeek::RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
|
||||||
uint64_t nonce = ntohll(*((uint64_t*)(auth + 4 + id_len + au_len)));
|
uint64_t nonce = ntohll(*((uint64_t*)(auth + 4 + id_len + au_len)));
|
||||||
uint8_t conf = *((uint8_t*)(auth + 4 + id_len + au_len + 8));
|
uint8_t conf = *((uint8_t*)(auth + 4 + id_len + au_len + 8));
|
||||||
teredo_auth->Assign(0, zeek::make_intrusive<zeek::StringVal>(
|
teredo_auth->Assign(0, zeek::make_intrusive<zeek::StringVal>(
|
||||||
new BroString(auth + 4, id_len, true)));
|
new zeek::BroString(auth + 4, id_len, true)));
|
||||||
teredo_auth->Assign(1, zeek::make_intrusive<zeek::StringVal>(
|
teredo_auth->Assign(1, zeek::make_intrusive<zeek::StringVal>(
|
||||||
new BroString(auth + 4 + id_len, au_len, true)));
|
new zeek::BroString(auth + 4 + id_len, au_len, true)));
|
||||||
teredo_auth->Assign(2, val_mgr->Count(nonce));
|
teredo_auth->Assign(2, val_mgr->Count(nonce));
|
||||||
teredo_auth->Assign(3, val_mgr->Count(conf));
|
teredo_auth->Assign(3, val_mgr->Count(conf));
|
||||||
teredo_hdr->Assign(0, std::move(teredo_auth));
|
teredo_hdr->Assign(0, std::move(teredo_auth));
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,7 @@ std::set<std::string> val_to_topic_set(zeek::Val* val)
|
||||||
return rval;
|
return rval;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool publish_event_args(val_list& args, const BroString* topic,
|
static bool publish_event_args(val_list& args, const zeek::BroString* topic,
|
||||||
zeek::detail::Frame* frame)
|
zeek::detail::Frame* frame)
|
||||||
{
|
{
|
||||||
bro_broker::Manager::ScriptScopeGuard ssg;
|
bro_broker::Manager::ScriptScopeGuard ssg;
|
||||||
|
|
|
||||||
|
|
@ -325,7 +325,7 @@ void File::InferMetadata()
|
||||||
if ( bof_buffer.size == 0 )
|
if ( bof_buffer.size == 0 )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
BroString* bs = concatenate(bof_buffer.chunks);
|
zeek::BroString* bs = concatenate(bof_buffer.chunks);
|
||||||
val->Assign<zeek::StringVal>(bof_buffer_idx, bs);
|
val->Assign<zeek::StringVal>(bof_buffer_idx, bs);
|
||||||
bof_buffer_val = val->GetField(bof_buffer_idx).get();
|
bof_buffer_val = val->GetField(bof_buffer_idx).get();
|
||||||
}
|
}
|
||||||
|
|
@ -359,7 +359,7 @@ bool File::BufferBOF(const u_char* data, uint64_t len)
|
||||||
|
|
||||||
uint64_t desired_size = LookupFieldDefaultCount(bof_buffer_size_idx);
|
uint64_t desired_size = LookupFieldDefaultCount(bof_buffer_size_idx);
|
||||||
|
|
||||||
bof_buffer.chunks.push_back(new BroString(data, len, false));
|
bof_buffer.chunks.push_back(new zeek::BroString(data, len, false));
|
||||||
bof_buffer.size += len;
|
bof_buffer.size += len;
|
||||||
|
|
||||||
if ( bof_buffer.size < desired_size )
|
if ( bof_buffer.size < desired_size )
|
||||||
|
|
@ -369,7 +369,7 @@ bool File::BufferBOF(const u_char* data, uint64_t len)
|
||||||
|
|
||||||
if ( bof_buffer.size > 0 )
|
if ( bof_buffer.size > 0 )
|
||||||
{
|
{
|
||||||
BroString* bs = concatenate(bof_buffer.chunks);
|
zeek::BroString* bs = concatenate(bof_buffer.chunks);
|
||||||
val->Assign(bof_buffer_idx, zeek::make_intrusive<zeek::StringVal>(bs));
|
val->Assign(bof_buffer_idx, zeek::make_intrusive<zeek::StringVal>(bs));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -370,7 +370,7 @@ protected:
|
||||||
|
|
||||||
bool full;
|
bool full;
|
||||||
uint64_t size;
|
uint64_t size;
|
||||||
BroString::CVec chunks;
|
zeek::BroString::CVec chunks;
|
||||||
} bof_buffer; /**< Beginning of file buffer. */
|
} bof_buffer; /**< Beginning of file buffer. */
|
||||||
|
|
||||||
WeirdStateMap weird_state;
|
WeirdStateMap weird_state;
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ void Manager::SetHandle(const string& handle)
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
if ( debug_logger.IsEnabled(DBG_FILE_ANALYSIS) )
|
if ( debug_logger.IsEnabled(DBG_FILE_ANALYSIS) )
|
||||||
{
|
{
|
||||||
BroString tmp{handle};
|
zeek::BroString tmp{handle};
|
||||||
auto rendered = tmp.Render();
|
auto rendered = tmp.Render();
|
||||||
DBG_LOG(DBG_FILE_ANALYSIS, "Set current handle to %s", rendered);
|
DBG_LOG(DBG_FILE_ANALYSIS, "Set current handle to %s", rendered);
|
||||||
delete [] rendered;
|
delete [] rendered;
|
||||||
|
|
|
||||||
|
|
@ -45,7 +45,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64_t len, uint64_t offset)
|
||||||
|
|
||||||
mgr.Enqueue(chunk_event,
|
mgr.Enqueue(chunk_event,
|
||||||
GetFile()->ToVal(),
|
GetFile()->ToVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(data, len, false)),
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, len, false)),
|
||||||
val_mgr->Count(offset)
|
val_mgr->Count(offset)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -58,7 +58,7 @@ bool DataEvent::DeliverStream(const u_char* data, uint64_t len)
|
||||||
|
|
||||||
mgr.Enqueue(stream_event,
|
mgr.Enqueue(stream_event,
|
||||||
GetFile()->ToVal(),
|
GetFile()->ToVal(),
|
||||||
zeek::make_intrusive<zeek::StringVal>(new BroString(data, len, false))
|
zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(data, len, false))
|
||||||
);
|
);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
||||||
|
|
@ -239,7 +239,7 @@ bool Manager::CreateStream(Stream* info, zeek::RecordVal* description)
|
||||||
|
|
||||||
// get the source ...
|
// get the source ...
|
||||||
auto source_val = description->GetFieldOrDefault("source");
|
auto source_val = description->GetFieldOrDefault("source");
|
||||||
const BroString* bsource = source_val->AsString();
|
const zeek::BroString* bsource = source_val->AsString();
|
||||||
string source((const char*) bsource->Bytes(), bsource->Len());
|
string source((const char*) bsource->Bytes(), bsource->Len());
|
||||||
|
|
||||||
ReaderBackend::ReaderInfo rinfo;
|
ReaderBackend::ReaderInfo rinfo;
|
||||||
|
|
@ -2195,7 +2195,7 @@ zeek::Val* Manager::ValueToVal(const Stream* i, const Value* val, zeek::Type* re
|
||||||
|
|
||||||
case zeek::TYPE_STRING:
|
case zeek::TYPE_STRING:
|
||||||
{
|
{
|
||||||
BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, true);
|
zeek::BroString *s = new zeek::BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, true);
|
||||||
return new zeek::StringVal(s);
|
return new zeek::StringVal(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -976,7 +976,7 @@ threading::Value* Manager::ValToLogVal(zeek::Val* val, zeek::Type* ty)
|
||||||
|
|
||||||
case zeek::TYPE_STRING:
|
case zeek::TYPE_STRING:
|
||||||
{
|
{
|
||||||
const BroString* s = val->AsString();
|
const zeek::BroString* s = val->AsString();
|
||||||
char* buf = new char[s->Len()];
|
char* buf = new char[s->Len()];
|
||||||
memcpy(buf, s->Bytes(), s->Len());
|
memcpy(buf, s->Bytes(), s->Len());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -560,7 +560,7 @@ F RET_CONST(val_mgr->False()->Ref())
|
||||||
|
|
||||||
s[i-1] = '\0';
|
s[i-1] = '\0';
|
||||||
|
|
||||||
RET_CONST(new zeek::StringVal(new BroString(1, (byte_vec) s, i-1)))
|
RET_CONST(new zeek::StringVal(new zeek::BroString(1, (zeek::byte_vec) s, i-1)))
|
||||||
}
|
}
|
||||||
|
|
||||||
<RE>([^/\\\n]|{ESCSEQ})+ {
|
<RE>([^/\\\n]|{ESCSEQ})+ {
|
||||||
|
|
|
||||||
|
|
@ -65,11 +65,11 @@ function string_cat%(...%): string
|
||||||
n += a->AsString()->Len();
|
n += a->AsString()->Len();
|
||||||
|
|
||||||
u_char* b = new u_char[n+1];
|
u_char* b = new u_char[n+1];
|
||||||
BroString* s = new BroString(1, b, n);
|
zeek::BroString* s = new zeek::BroString(1, b, n);
|
||||||
|
|
||||||
for ( const auto& a : @ARG@ )
|
for ( const auto& a : @ARG@ )
|
||||||
{
|
{
|
||||||
const BroString* s = a->AsString();
|
const zeek::BroString* s = a->AsString();
|
||||||
memcpy(b, s->Bytes(), s->Len());
|
memcpy(b, s->Bytes(), s->Len());
|
||||||
b += s->Len();
|
b += s->Len();
|
||||||
}
|
}
|
||||||
|
|
@ -111,7 +111,7 @@ function join_string_vec%(vec: string_vec, sep: string%): string
|
||||||
e->Describe(&d);
|
e->Describe(&d);
|
||||||
}
|
}
|
||||||
|
|
||||||
BroString* s = new BroString(1, d.TakeBytes(), d.Len());
|
zeek::BroString* s = new zeek::BroString(1, d.TakeBytes(), d.Len());
|
||||||
s->SetUseFreeToDelete(true);
|
s->SetUseFreeToDelete(true);
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(s);
|
return zeek::make_intrusive<zeek::StringVal>(s);
|
||||||
|
|
@ -162,7 +162,7 @@ function edit%(arg_s: string, arg_edit_char: string%): string
|
||||||
|
|
||||||
new_s[ind] = '\0';
|
new_s[ind] = '\0';
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, byte_vec(new_s), ind));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, byte_vec(new_s), ind));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Get a substring from a string, given a starting position and length.
|
## Get a substring from a string, given a starting position and length.
|
||||||
|
|
@ -180,10 +180,10 @@ function sub_bytes%(s: string, start: count, n: int%): string
|
||||||
if ( start > 0 )
|
if ( start > 0 )
|
||||||
--start; // make it 0-based
|
--start; // make it 0-based
|
||||||
|
|
||||||
BroString* ss = s->AsString()->GetSubstring(start, n);
|
zeek::BroString* ss = s->AsString()->GetSubstring(start, n);
|
||||||
|
|
||||||
if ( ! ss )
|
if ( ! ss )
|
||||||
ss = new BroString("");
|
ss = new zeek::BroString("");
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(ss);
|
return zeek::make_intrusive<zeek::StringVal>(ss);
|
||||||
%}
|
%}
|
||||||
|
|
@ -541,7 +541,7 @@ function to_lower%(str: string%): string
|
||||||
|
|
||||||
*ls++ = '\0';
|
*ls++ = '\0';
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, lower_s, n));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, lower_s, n));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Replaces all lowercase letters in a string with their uppercase counterpart.
|
## Replaces all lowercase letters in a string with their uppercase counterpart.
|
||||||
|
|
@ -570,7 +570,7 @@ function to_upper%(str: string%): string
|
||||||
|
|
||||||
*us++ = '\0';
|
*us++ = '\0';
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, upper_s, n));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, upper_s, n));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Replaces non-printable characters in a string with escaped sequences. The
|
## Replaces non-printable characters in a string with escaped sequences. The
|
||||||
|
|
@ -590,7 +590,7 @@ function to_upper%(str: string%): string
|
||||||
function clean%(str: string%): string
|
function clean%(str: string%): string
|
||||||
%{
|
%{
|
||||||
char* s = str->AsString()->Render();
|
char* s = str->AsString()->Render();
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, byte_vec(s), strlen(s)));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, byte_vec(s), strlen(s)));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Replaces non-printable characters in a string with escaped sequences. The
|
## Replaces non-printable characters in a string with escaped sequences. The
|
||||||
|
|
@ -607,8 +607,8 @@ function clean%(str: string%): string
|
||||||
## .. zeek:see:: clean escape_string
|
## .. zeek:see:: clean escape_string
|
||||||
function to_string_literal%(str: string%): string
|
function to_string_literal%(str: string%): string
|
||||||
%{
|
%{
|
||||||
char* s = str->AsString()->Render(BroString::BRO_STRING_LITERAL);
|
char* s = str->AsString()->Render(zeek::BroString::BRO_STRING_LITERAL);
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, byte_vec(s), strlen(s)));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, byte_vec(s), strlen(s)));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Determines whether a given string contains only ASCII characters.
|
## Determines whether a given string contains only ASCII characters.
|
||||||
|
|
@ -646,7 +646,7 @@ function is_ascii%(str: string%): bool
|
||||||
## .. zeek:see:: clean to_string_literal
|
## .. zeek:see:: clean to_string_literal
|
||||||
function escape_string%(s: string%): string
|
function escape_string%(s: string%): string
|
||||||
%{
|
%{
|
||||||
char* escstr = s->AsString()->Render(BroString::ESC_HEX | BroString::ESC_ESC);
|
char* escstr = s->AsString()->Render(zeek::BroString::ESC_HEX | zeek::BroString::ESC_ESC);
|
||||||
auto val = zeek::make_intrusive<zeek::StringVal>(escstr);
|
auto val = zeek::make_intrusive<zeek::StringVal>(escstr);
|
||||||
delete [] escstr;
|
delete [] escstr;
|
||||||
return val;
|
return val;
|
||||||
|
|
@ -666,7 +666,7 @@ function string_to_ascii_hex%(s: string%): string
|
||||||
for ( int i = 0; i < s->Len(); ++i )
|
for ( int i = 0; i < s->Len(); ++i )
|
||||||
sprintf(x + i * 2, "%02x", sp[i]);
|
sprintf(x + i * 2, "%02x", sp[i]);
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, (u_char*) x, s->Len() * 2));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, (u_char*) x, s->Len() * 2));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Uses the Smith-Waterman algorithm to find similar/overlapping substrings.
|
## Uses the Smith-Waterman algorithm to find similar/overlapping substrings.
|
||||||
|
|
@ -706,20 +706,20 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su
|
||||||
function str_split%(s: string, idx: index_vec%): string_vec
|
function str_split%(s: string, idx: index_vec%): string_vec
|
||||||
%{
|
%{
|
||||||
auto idx_v = idx->AsVector();
|
auto idx_v = idx->AsVector();
|
||||||
BroString::IdxVec indices(idx_v->size());
|
zeek::BroString::IdxVec indices(idx_v->size());
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
for ( i = 0; i < idx_v->size(); i++ )
|
for ( i = 0; i < idx_v->size(); i++ )
|
||||||
indices[i] = (*idx_v)[i]->AsCount();
|
indices[i] = (*idx_v)[i]->AsCount();
|
||||||
|
|
||||||
BroString::Vec* result = s->AsString()->Split(indices);
|
zeek::BroString::Vec* result = s->AsString()->Split(indices);
|
||||||
auto result_v = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
|
auto result_v = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
|
||||||
|
|
||||||
if ( result )
|
if ( result )
|
||||||
{
|
{
|
||||||
i = 1;
|
i = 1;
|
||||||
|
|
||||||
for ( BroString::VecIt it = result->begin();
|
for ( zeek::BroString::VecIt it = result->begin();
|
||||||
it != result->end(); ++it, ++i )
|
it != result->end(); ++it, ++i )
|
||||||
result_v->Assign(i, zeek::make_intrusive<zeek::StringVal>(*it));
|
result_v->Assign(i, zeek::make_intrusive<zeek::StringVal>(*it));
|
||||||
// StringVal now possesses string.
|
// StringVal now possesses string.
|
||||||
|
|
@ -744,7 +744,7 @@ function strip%(str: string%): string
|
||||||
|
|
||||||
if ( n == 0 )
|
if ( n == 0 )
|
||||||
// Empty string.
|
// Empty string.
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(s, n, 1));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(s, n, 1));
|
||||||
|
|
||||||
const u_char* sp = s;
|
const u_char* sp = s;
|
||||||
|
|
||||||
|
|
@ -757,11 +757,11 @@ function strip%(str: string%): string
|
||||||
while ( isspace(*sp) && sp <= e )
|
while ( isspace(*sp) && sp <= e )
|
||||||
++sp;
|
++sp;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(sp, (e - sp + 1), 1));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(sp, (e - sp + 1), 1));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
%%{
|
%%{
|
||||||
static bool should_strip(u_char c, const BroString* strip_chars)
|
static bool should_strip(u_char c, const zeek::BroString* strip_chars)
|
||||||
{
|
{
|
||||||
auto strip_bytes = strip_chars->Bytes();
|
auto strip_bytes = strip_chars->Bytes();
|
||||||
|
|
||||||
|
|
@ -792,7 +792,7 @@ function lstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string
|
||||||
|
|
||||||
// empty input string
|
// empty input string
|
||||||
if ( n == 0 )
|
if ( n == 0 )
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(s, n, 1));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(s, n, 1));
|
||||||
|
|
||||||
int i;
|
int i;
|
||||||
auto bs_chars = chars->AsString();
|
auto bs_chars = chars->AsString();
|
||||||
|
|
@ -801,7 +801,7 @@ function lstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string
|
||||||
if ( ! should_strip(s[i], bs_chars) )
|
if ( ! should_strip(s[i], bs_chars) )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(s + i, n - i, 1));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(s + i, n - i, 1));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Removes all combinations of characters in the *chars* argument
|
## Removes all combinations of characters in the *chars* argument
|
||||||
|
|
@ -823,7 +823,7 @@ function rstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string
|
||||||
|
|
||||||
// empty input string
|
// empty input string
|
||||||
if ( n == 0 )
|
if ( n == 0 )
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(s, n, 1));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(s, n, 1));
|
||||||
|
|
||||||
int n_to_remove;
|
int n_to_remove;
|
||||||
auto bs_chars = chars->AsString();
|
auto bs_chars = chars->AsString();
|
||||||
|
|
@ -832,7 +832,7 @@ function rstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string
|
||||||
if ( ! should_strip(s[n - n_to_remove - 1], bs_chars) )
|
if ( ! should_strip(s[n - n_to_remove - 1], bs_chars) )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(s, n - n_to_remove, 1));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(s, n - n_to_remove, 1));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Generates a string of a given size and fills it with repetitions of a source
|
## Generates a string of a given size and fills it with repetitions of a source
|
||||||
|
|
@ -854,7 +854,7 @@ function string_fill%(len: int, source: string%): string
|
||||||
|
|
||||||
dst[len - 1] = 0;
|
dst[len - 1] = 0;
|
||||||
|
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, byte_vec(dst), len));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, byte_vec(dst), len));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Takes a string and escapes characters that would allow execution of
|
## Takes a string and escapes characters that would allow execution of
|
||||||
|
|
@ -894,7 +894,7 @@ function safe_shell_quote%(source: string%): string
|
||||||
|
|
||||||
dst[j++] = '"';
|
dst[j++] = '"';
|
||||||
dst[j] = '\0';
|
dst[j] = '\0';
|
||||||
return zeek::make_intrusive<zeek::StringVal>(new BroString(1, dst, j));
|
return zeek::make_intrusive<zeek::StringVal>(new zeek::BroString(1, dst, j));
|
||||||
%}
|
%}
|
||||||
|
|
||||||
## Finds all occurrences of a pattern in a string.
|
## Finds all occurrences of a pattern in a string.
|
||||||
|
|
|
||||||
|
|
@ -466,7 +466,7 @@ zeek::Val* Value::ValueToVal(const std::string& source, const Value* val, bool&
|
||||||
|
|
||||||
case zeek::TYPE_STRING:
|
case zeek::TYPE_STRING:
|
||||||
{
|
{
|
||||||
auto* s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, true);
|
auto* s = new zeek::BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, true);
|
||||||
return new zeek::StringVal(s);
|
return new zeek::StringVal(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue