Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Clang format it all

Browse source
This commit is contained in:
Tomer Lev 2022-11-01 19:31:15 +02:00
parent 12494aac45
commit 5cdc6e150e
18 changed files with 323 additions and 313 deletions
Download patch file Download diff file Expand all files Collapse all files

41
src/Flare.cc
View file

@ -12,19 +12,18 @@
#include <winsock2.h> #include <winsock2.h>
#define fatalError(...) \ #define fatalError(...) \
do \ do \
{ \ { \
if ( reporter ) \ if ( reporter ) \
reporter->FatalError(__VA_ARGS__); \ reporter->FatalError(__VA_ARGS__); \
else \ else \
{ \ { \
fprintf(stderr, __VA_ARGS__); \ fprintf(stderr, __VA_ARGS__); \
fprintf(stderr, "\n"); \ fprintf(stderr, "\n"); \
_exit(1); \ _exit(1); \
} \ } \
} \ } while ( 0 )
while (0)
#endif #endif
@ -39,28 +38,28 @@ Flare::Flare()
#else #else
{ {
WSADATA wsaData; WSADATA wsaData;
if ( WSAStartup(MAKEWORD(2,2), &wsaData) != 0 ) if ( WSAStartup(MAKEWORD(2, 2), &wsaData) != 0 )
fatalError("WSAStartup failure: %d", WSAGetLastError()); fatalError("WSAStartup failure: %d", WSAGetLastError());
recvfd = WSASocket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, nullptr, 0, recvfd = WSASocket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, nullptr, 0,
WSA_FLAG_OVERLAPPED | WSA_FLAG_NO_HANDLE_INHERIT); WSA_FLAG_OVERLAPPED | WSA_FLAG_NO_HANDLE_INHERIT);
if ( recvfd == (int) INVALID_SOCKET ) if ( recvfd == (int)INVALID_SOCKET )
fatalError("WSASocket failure: %d", WSAGetLastError()); fatalError("WSASocket failure: %d", WSAGetLastError());
sendfd = WSASocket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, nullptr, 0, sendfd = WSASocket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, nullptr, 0,
WSA_FLAG_OVERLAPPED | WSA_FLAG_NO_HANDLE_INHERIT); WSA_FLAG_OVERLAPPED | WSA_FLAG_NO_HANDLE_INHERIT);
if ( sendfd == (int) INVALID_SOCKET ) if ( sendfd == (int)INVALID_SOCKET )
fatalError("WSASocket failure: %d", WSAGetLastError()); fatalError("WSASocket failure: %d", WSAGetLastError());
sockaddr_in sa; sockaddr_in sa;
memset(&sa, 0, sizeof(sa)); memset(&sa, 0, sizeof(sa));
sa.sin_family = AF_INET; sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr("127.0.0.1"); sa.sin_addr.s_addr = inet_addr("127.0.0.1");
if ( bind(recvfd, (sockaddr*) &sa, sizeof(sa)) == SOCKET_ERROR ) if ( bind(recvfd, (sockaddr*)&sa, sizeof(sa)) == SOCKET_ERROR )
fatalError("bind failure: %d", WSAGetLastError()); fatalError("bind failure: %d", WSAGetLastError());
int salen = sizeof(sa); int salen = sizeof(sa);
if ( getsockname(recvfd, (sockaddr*) &sa, &salen) == SOCKET_ERROR ) if ( getsockname(recvfd, (sockaddr*)&sa, &salen) == SOCKET_ERROR )
fatalError("getsockname failure: %d", WSAGetLastError()); fatalError("getsockname failure: %d", WSAGetLastError());
if ( connect(sendfd, (sockaddr*) &sa, sizeof(sa)) == SOCKET_ERROR ) if ( connect(sendfd, (sockaddr*)&sa, sizeof(sa)) == SOCKET_ERROR )
fatalError("connect failure: %d", WSAGetLastError()); fatalError("connect failure: %d", WSAGetLastError());
} }
#endif #endif

8
src/Flare.h
View file

@ -26,9 +26,13 @@ public:
*/ */
int FD() const int FD() const
#if ! defined(_MSC_VER) #if ! defined(_MSC_VER)
{ return pipe.ReadFD(); } {
return pipe.ReadFD();
}
#else #else
{ return recvfd; } {
return recvfd;
}
#endif #endif
/** /**

2
src/Hash.h
View file

@ -372,7 +372,7 @@ protected:
void Set(double d); void Set(double d);
void Set(const void* p); void Set(const void* p);
union { union {
bool b; bool b;
int i; int i;
zeek_int_t bi; zeek_int_t bi;

2
src/IP.cc
View file

@ -546,7 +546,7 @@ void IPv6_Hdr_Chain::Init(const struct ip6_hdr* ip6, int total_len, bool set_nex
total_len -= cur_len; total_len -= cur_len;
} while ( current_type != IPPROTO_FRAGMENT && current_type != IPPROTO_ESP && } while ( current_type != IPPROTO_FRAGMENT && current_type != IPPROTO_ESP &&
current_type != IPPROTO_MOBILITY && isIPv6ExtHeader(next_type) ); current_type != IPPROTO_MOBILITY && isIPv6ExtHeader(next_type) );
} }
bool IPv6_Hdr_Chain::IsFragment() const bool IPv6_Hdr_Chain::IsFragment() const

3
src/Val.cc
View file

@ -3962,7 +3962,6 @@ ValManager::ValManager()
for ( auto i = 0u; i < PREALLOCATED_INTS; ++i ) for ( auto i = 0u; i < PREALLOCATED_INTS; ++i )
ints[i] = Val::MakeInt(PREALLOCATED_INT_LOWEST + i); ints[i] = Val::MakeInt(PREALLOCATED_INT_LOWEST + i);
} }
const PortValPtr& ValManager::Port(uint32_t port_num, TransportProto port_type) const PortValPtr& ValManager::Port(uint32_t port_num, TransportProto port_type)
@ -3975,9 +3974,7 @@ const PortValPtr& ValManager::Port(uint32_t port_num, TransportProto port_type)
std::pair key{port_num, port_type}; std::pair key{port_num, port_type};
if ( ports.find(key) == ports.end() ) if ( ports.find(key) == ports.end() )
{
ports[key] = IntrusivePtr{AdoptRef{}, new PortVal(PortVal::Mask(port_num, port_type))}; ports[key] = IntrusivePtr{AdoptRef{}, new PortVal(PortVal::Mask(port_num, port_type))};
}
return ports[key]; return ports[key];
} }

2
src/logging/writers/sqlite/SQLite.cc
View file

@ -63,7 +63,7 @@ string SQLite::GetTableType(int arg_type, int arg_subtype)
case TYPE_INT: case TYPE_INT:
case TYPE_COUNT: case TYPE_COUNT:
case TYPE_PORT: // note that we do not save the protocol at the moment. Just like in the case TYPE_PORT: // note that we do not save the protocol at the moment. Just like in the
// case of the ascii-writer // case of the ascii-writer
type = "integer"; type = "integer";
break; break;

4
src/net_util.h
View file

@ -64,7 +64,7 @@ struct ip6_ext
struct ip6_hdr struct ip6_hdr
{ {
union { union {
struct ip6_hdrctl struct ip6_hdrctl
{ {
uint32_t ip6_un1_flow; /* 4 bits version, 8 bits TC, 20 bits uint32_t ip6_un1_flow; /* 4 bits version, 8 bits TC, 20 bits
@ -335,7 +335,7 @@ inline float htonf(float f)
inline uint64_t ntohll(uint64_t i) inline uint64_t ntohll(uint64_t i)
{ {
u_char c; u_char c;
union { union {
uint64_t i; uint64_t i;
u_char c[8]; u_char c[8];
} x; } x;

2
src/packet_analysis/protocol/arp/ARP.cc
View file

@ -94,7 +94,7 @@ bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
auto ah = (const struct arp_pkthdr*)data; auto ah = (const struct arp_pkthdr*)data;
// Check the size. // Check the size.
size_t min_length = (ar_tpa(ah) - (caddr_t) data) + ah->ar_pln; size_t min_length = (ar_tpa(ah) - (caddr_t)data) + ah->ar_pln;
if ( min_length > len ) if ( min_length > len )
{ {
Weird("truncated_ARP", packet); Weird("truncated_ARP", packet);

3
src/packet_analysis/protocol/ip/IP.cc
View file

@ -62,7 +62,8 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
return false; return false;
} }
ip_hdr = std::make_shared<IP_Hdr>((const struct ip6_hdr*)data, false, static_cast<int>(len)); packet->ip_hdr = std::make_shared<IP_Hdr>((const struct ip6_hdr*)data, false,
static_cast<int>(len));
packet->l3_proto = L3_IPV6; packet->l3_proto = L3_IPV6;
} }
else else

4
src/plugin/Manager.cc
View file

@ -3,7 +3,7 @@
#include "zeek/plugin/Manager.h" #include "zeek/plugin/Manager.h"
#include <dirent.h> #include <dirent.h>
#if !defined(_MSC_VER) #if ! defined(_MSC_VER)
#include <dlfcn.h> #include <dlfcn.h>
#include <glob.h> #include <glob.h>
#endif #endif
@ -355,7 +355,7 @@ void Manager::ActivateDynamicPlugins(bool all)
for ( const auto& x : requested_plugins ) for ( const auto& x : requested_plugins )
{ {
if ( ! x.empty() ) if ( ! x.empty() )
plugins_to_activate.emplace(x, false); plugins_to_activate.emplace(x, false);
} }
// Activate plugins that our environment tells us to. // Activate plugins that our environment tells us to.

2
src/plugin/Plugin.h
View file

@ -661,7 +661,7 @@ public:
private: private:
Type type; Type type;
union { union {
bool bool_; bool bool_;
double double_; double double_;
const Event* event; const Event* event;

71
src/statistics/Plugin.cc
View file

@ -1,54 +1,57 @@
#include <mutex>
#include "Plugin.h" #include "Plugin.h"
#include "zeek/Func.h" #include <mutex>
#include "zeek/Event.h"
#include "zeek/Conn.h" #include "zeek/Conn.h"
#include "zeek/Desc.h" #include "zeek/Desc.h"
#include "zeek/threading/Formatter.h" #include "zeek/Event.h"
#include "zeek/Func.h"
#include "zeek/RunState.h" #include "zeek/RunState.h"
#include "zeek/threading/Formatter.h"
#include "statistics.bif.h" #include "statistics.bif.h"
namespace zeek::plugin::statistics { Plugin plugin; } namespace zeek::plugin::statistics
{
Plugin plugin;
}
using namespace zeek::plugin::statistics; using namespace zeek::plugin::statistics;
zeek::plugin::Configuration Plugin::Configure() zeek::plugin::Configuration Plugin::Configure()
{ {
zeek::plugin::Configuration config; zeek::plugin::Configuration config;
config.name = "Statistics"; config.name = "Statistics";
config.description = "Statistics module"; config.description = "Statistics module";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0; config.version.patch = 0;
return config; return config;
} }
bool Plugin::HookQueueEvent(zeek::Event* event) bool Plugin::HookQueueEvent(zeek::Event* event)
{ {
const char* name = event->Handler()->Name(); const char* name = event->Handler()->Name();
std::lock_guard<std::mutex> scopedLock(m_lock); std::lock_guard<std::mutex> scopedLock(m_lock);
if (m_eventNameCounters.find(name) == m_eventNameCounters.end()) if ( m_eventNameCounters.find(name) == m_eventNameCounters.end() )
{ {
m_eventNameCounters[name] = 0; m_eventNameCounters[name] = 0;
} }
m_eventNameCounters[name]++; m_eventNameCounters[name]++;
return false; return false;
} }
std::unordered_map<const char*, int> Plugin::GetAndResetEventStatistics() std::unordered_map<const char*, int> Plugin::GetAndResetEventStatistics()
{ {
std::lock_guard<std::mutex> scopedLock(m_lock); std::lock_guard<std::mutex> scopedLock(m_lock);
std::unordered_map<const char*, int> result(m_eventNameCounters); std::unordered_map<const char*, int> result(m_eventNameCounters);
m_eventNameCounters.clear(); m_eventNameCounters.clear();
return result; return result;
} }
void Plugin::StartEventNamesStatisticsMonitor() void Plugin::StartEventNamesStatisticsMonitor()
{ {
EnableHook(zeek::plugin::HOOK_QUEUE_EVENT); EnableHook(zeek::plugin::HOOK_QUEUE_EVENT);
} }

15
src/statistics/Plugin.h
View file

@ -1,15 +1,17 @@
#pragma once #pragma once
#include <unordered_map>
#include <mutex> #include <mutex>
#include <string> #include <string>
#include <unordered_map>
#include "zeek/plugin/Plugin.h" #include "zeek/plugin/Plugin.h"
namespace zeek::plugin::statistics { namespace zeek::plugin::statistics
{
class Plugin : public zeek::plugin::Plugin class Plugin : public zeek::plugin::Plugin
{ {
protected: protected:
bool HookQueueEvent(zeek::Event* event) override; bool HookQueueEvent(zeek::Event* event) override;
@ -18,12 +20,11 @@ protected:
public: public:
std::unordered_map<const char*, int> GetAndResetEventStatistics(); std::unordered_map<const char*, int> GetAndResetEventStatistics();
void StartEventNamesStatisticsMonitor(); void StartEventNamesStatisticsMonitor();
private: private:
std::unordered_map<const char*, int> m_eventNameCounters; std::unordered_map<const char*, int> m_eventNameCounters;
std::mutex m_lock; std::mutex m_lock;
};
};
extern Plugin plugin; extern Plugin plugin;
} }

6
src/supervisor/Supervisor.cc
View file

@ -995,12 +995,14 @@ std::optional<SupervisedNode> Stem::Poll()
node_pollfd_indices[name] = pfd_idx; node_pollfd_indices[name] = pfd_idx;
if ( node.stdout_pipe.pipe ) if ( node.stdout_pipe.pipe )
pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(node.stdout_pipe.pipe->ReadFD()), POLLIN, 0}; pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(node.stdout_pipe.pipe->ReadFD()),
POLLIN, 0};
else else
pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(-1), POLLIN, 0}; pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(-1), POLLIN, 0};
if ( node.stderr_pipe.pipe ) if ( node.stderr_pipe.pipe )
pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(node.stderr_pipe.pipe->ReadFD()), POLLIN, 0}; pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(node.stderr_pipe.pipe->ReadFD()),
POLLIN, 0};
else else
pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(-1), POLLIN, 0}; pfds[pfd_idx++] = {static_cast<decltype(pollfd::fd)>(-1), POLLIN, 0};
} }

5
src/threading/BasicThread.cc
View file

@ -49,8 +49,9 @@ void BasicThread::SetName(const char* arg_name)
void BasicThread::SetOSName(const char* arg_name) void BasicThread::SetOSName(const char* arg_name)
{ {
// Do it only if libc++ supports pthread_t. // Do it only if libc++ supports pthread_t.
if constexpr(std::is_same<std::thread::native_handle_type, pthread_t>::value) if constexpr ( std::is_same<std::thread::native_handle_type, pthread_t>::value )
zeek::util::detail::set_thread_name(arg_name, reinterpret_cast<pthread_t>(thread.native_handle())); zeek::util::detail::set_thread_name(arg_name,
reinterpret_cast<pthread_t>(thread.native_handle()));
} }
const char* BasicThread::Fmt(const char* format, ...) const char* BasicThread::Fmt(const char* format, ...)

61
src/util.cc
View file

@ -40,9 +40,9 @@
#include <algorithm> #include <algorithm>
#include <array> #include <array>
#include <iostream> #include <iostream>
#include <random>
#include <string> #include <string>
#include <vector> #include <vector>
#include <random>
#include "zeek/3rdparty/ConvertUTF.h" #include "zeek/3rdparty/ConvertUTF.h"
#include "zeek/3rdparty/doctest.h" #include "zeek/3rdparty/doctest.h"
@ -662,15 +662,16 @@ TEST_CASE("util normalize_path")
string normalize_path(std::string_view path) string normalize_path(std::string_view path)
{ {
#ifdef _MSC_VER #ifdef _MSC_VER
if (0 == path.compare(zeek::detail::ScannedFile::canonical_stdin_path)) { if ( 0 == path.compare(zeek::detail::ScannedFile::canonical_stdin_path) )
{
return string(path); return string(path);
} }
// "//" interferes with std::weakly_canonical // "//" interferes with std::weakly_canonical
string stringPath = string(path); string stringPath = string(path);
if (stringPath._Starts_with("//")) if ( stringPath._Starts_with("//") )
{ {
stringPath.erase(0, 2); stringPath.erase(0, 2);
} }
return zeek::filesystem::path(stringPath).lexically_normal().string(); return zeek::filesystem::path(stringPath).lexically_normal().string();
#else #else
if ( path.find("/.") == std::string_view::npos && path.find("//") == std::string_view::npos ) if ( path.find("/.") == std::string_view::npos && path.find("//") == std::string_view::npos )
@ -1805,37 +1806,35 @@ FILE* open_file(const string& path, const string& mode)
return rval; return rval;
} }
TEST_CASE("util path ops") TEST_CASE("util path ops"){
{
#ifdef _MSC_VER #ifdef _MSC_VER
// TODO: adapt these tests to Windows paths // TODO: adapt these tests to Windows paths
#else #else
SUBCASE("SafeDirname") SUBCASE("SafeDirname"){SafeDirname d("/this/is/a/path", false);
{ CHECK(d.result == "/this/is/a");
SafeDirname d("/this/is/a/path", false);
CHECK(d.result == "/this/is/a");
SafeDirname d2("invalid", false); SafeDirname d2("invalid", false);
CHECK(d2.result == "."); CHECK(d2.result == ".");
SafeDirname d3("./filename", false); SafeDirname d3("./filename", false);
CHECK(d2.result == "."); CHECK(d2.result == ".");
}
SUBCASE("SafeBasename")
{
SafeBasename b("/this/is/a/path", false);
CHECK(b.result == "path");
CHECK(! b.error);
SafeBasename b2("justafile", false);
CHECK(b2.result == "justafile");
CHECK(! b2.error);
}
#endif
} }
SafeDirname::SafeDirname(const char* path, bool error_aborts) : SafePathOp() SUBCASE("SafeBasename")
{
SafeBasename b("/this/is/a/path", false);
CHECK(b.result == "path");
CHECK(! b.error);
SafeBasename b2("justafile", false);
CHECK(b2.result == "justafile");
CHECK(! b2.error);
}
#endif
}
SafeDirname::SafeDirname(const char* path, bool error_aborts)
: SafePathOp()
{ {
DoFunc(path ? path : "", error_aborts); DoFunc(path ? path : "", error_aborts);
} }

11
src/util.h
View file

@ -16,7 +16,6 @@
#include <libgen.h> #include <libgen.h>
#include <unistd.h> #include <unistd.h>
#include <array> #include <array>
#include <cinttypes> #include <cinttypes>
#include <cstdarg> #include <cstdarg>
@ -82,13 +81,19 @@ extern "C"
#ifdef _MSC_VER #ifdef _MSC_VER
#include <pthread.h> #include <pthread.h>
#include <filesystem> #include <filesystem>
namespace zeek { namespace filesystem = std::filesystem; } namespace zeek
{
namespace filesystem = std::filesystem;
}
inline constexpr std::string_view path_list_separator = ";"; inline constexpr std::string_view path_list_separator = ";";
#else #else
// Expose ghc::filesystem as zeek::filesystem until we can // Expose ghc::filesystem as zeek::filesystem until we can
// switch to std::filesystem on all platforms. // switch to std::filesystem on all platforms.
#include "zeek/3rdparty/ghc/filesystem.hpp" #include "zeek/3rdparty/ghc/filesystem.hpp"
namespace zeek { namespace filesystem = ghc::filesystem; } namespace zeek
{
namespace filesystem = ghc::filesystem;
}
inline constexpr std::string_view path_list_separator = ":"; inline constexpr std::string_view path_list_separator = ":";
#endif #endif

394
src/zeek-setup.cc
View file

@ -1,7 +1,5 @@
// See the file "COPYING" in the main distribution directory for copyright. // See the file "COPYING" in the main distribution directory for copyright.
#include <unistd.h>
#include "zeek/zeek-setup.h" #include "zeek/zeek-setup.h"
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
@ -10,6 +8,7 @@
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h>
#include <csignal> #include <csignal>
#include <cstdio> #include <cstdio>
#include <cstdlib> #include <cstdlib>
@ -888,229 +887,228 @@ SetupResult setup(int argc, char** argv, Options* zopts)
#ifdef USE_PERFTOOLS_DEBUG #ifdef USE_PERFTOOLS_DEBUG
} }
#endif #endif
set_signal_mask(false); set_signal_mask(false);
if ( reporter->Errors() > 0 ) if ( reporter->Errors() > 0 )
{
early_shutdown();
exit(1);
}
reporter->InitOptions();
KeyedHash::InitOptions();
zeekygen_mgr->GenerateDocs();
if ( options.pcap_filter )
{
const auto& id = global_scope()->Find("cmd_line_bpf_filter");
if ( ! id )
reporter->InternalError("global cmd_line_bpf_filter not defined");
id->SetVal(make_intrusive<StringVal>(*options.pcap_filter));
}
std::vector<SignatureFile> all_signature_files;
// Append signature files given on the command line
for ( const auto& sf : options.signature_files )
all_signature_files.emplace_back(sf);
// Append signature files defined in "signature_files" script option
for ( auto&& sf : get_script_signature_files() )
all_signature_files.emplace_back(std::move(sf));
// Append signature files defined in @load-sigs
for ( const auto& sf : zeek::detail::sig_files )
all_signature_files.emplace_back(sf);
if ( ! all_signature_files.empty() )
{
rule_matcher = new RuleMatcher(options.signature_re_level);
if ( ! rule_matcher->ReadFiles(all_signature_files) )
{ {
early_shutdown(); early_shutdown();
exit(1); exit(1);
} }
reporter->InitOptions(); if ( options.print_signature_debug_info )
KeyedHash::InitOptions(); rule_matcher->PrintDebug();
zeekygen_mgr->GenerateDocs();
if ( options.pcap_filter ) file_mgr->InitMagic();
}
if ( g_policy_debug )
// ### Add support for debug command file.
dbg_init_debugger(nullptr);
if ( ! options.pcap_file && ! options.interface )
{
const auto& interfaces_val = id::find_val("interfaces");
if ( interfaces_val )
{ {
const auto& id = global_scope()->Find("cmd_line_bpf_filter"); char* interfaces_str = interfaces_val->AsString()->Render();
if ( ! id ) if ( interfaces_str[0] != '\0' )
reporter->InternalError("global cmd_line_bpf_filter not defined"); options.interface = interfaces_str;
id->SetVal(make_intrusive<StringVal>(*options.pcap_filter)); delete[] interfaces_str;
} }
}
std::vector<SignatureFile> all_signature_files; if ( options.parse_only )
{
if ( analysis_options.usage_issues > 0 )
analyze_scripts(options.no_unused_warnings);
// Append signature files given on the command line early_shutdown();
for ( const auto& sf : options.signature_files ) exit(reporter->Errors() != 0);
all_signature_files.emplace_back(sf); }
// Append signature files defined in "signature_files" script option auto init_stmts = stmts ? analyze_global_stmts(stmts) : nullptr;
for ( auto&& sf : get_script_signature_files() )
all_signature_files.emplace_back(std::move(sf));
// Append signature files defined in @load-sigs analyze_scripts(options.no_unused_warnings);
for ( const auto& sf : zeek::detail::sig_files )
all_signature_files.emplace_back(sf);
if ( ! all_signature_files.empty() ) if ( analysis_options.report_recursive )
{ {
rule_matcher = new RuleMatcher(options.signature_re_level); // This option is report-and-exit.
if ( ! rule_matcher->ReadFiles(all_signature_files) ) early_shutdown();
{ exit(0);
early_shutdown(); }
exit(1);
}
if ( options.print_signature_debug_info ) if ( dns_type != DNS_PRIME )
rule_matcher->PrintDebug(); run_state::detail::init_run(options.interface, options.pcap_file, options.pcap_output_file,
options.use_watchdog);
file_mgr->InitMagic(); if ( ! g_policy_debug )
} {
(void)setsignal(SIGTERM, sig_handler);
(void)setsignal(SIGINT, sig_handler);
(void)setsignal(SIGPIPE, SIG_IGN);
}
if ( g_policy_debug ) // Cooperate with nohup(1).
// ### Add support for debug command file. if ( (oldhandler = setsignal(SIGHUP, sig_handler)) != SIG_DFL )
dbg_init_debugger(nullptr); (void)setsignal(SIGHUP, oldhandler);
if ( ! options.pcap_file && ! options.interface ) // If we were priming the DNS cache (i.e. -P was passed as an argument), flush anything
{ // remaining to be resolved and save the cache to disk. We can just exit now because
const auto& interfaces_val = id::find_val("interfaces"); // we've done everything we need to do. The run loop isn't started in this case, so
if ( interfaces_val ) // nothing else should be happening.
{ if ( dns_type == DNS_PRIME )
char* interfaces_str = interfaces_val->AsString()->Render(); {
dns_mgr->Resolve();
if ( interfaces_str[0] != '\0' ) if ( ! dns_mgr->Save() )
options.interface = interfaces_str; reporter->FatalError("can't update DNS cache");
delete[] interfaces_str;
}
}
if ( options.parse_only )
{
if ( analysis_options.usage_issues > 0 )
analyze_scripts(options.no_unused_warnings);
early_shutdown();
exit(reporter->Errors() != 0);
}
auto init_stmts = stmts ? analyze_global_stmts(stmts) : nullptr;
analyze_scripts(options.no_unused_warnings);
if ( analysis_options.report_recursive )
{
// This option is report-and-exit.
early_shutdown();
exit(0);
}
if ( dns_type != DNS_PRIME )
run_state::detail::init_run(options.interface, options.pcap_file,
options.pcap_output_file, options.use_watchdog);
if ( ! g_policy_debug )
{
(void)setsignal(SIGTERM, sig_handler);
(void)setsignal(SIGINT, sig_handler);
(void)setsignal(SIGPIPE, SIG_IGN);
}
// Cooperate with nohup(1).
if ( (oldhandler = setsignal(SIGHUP, sig_handler)) != SIG_DFL )
(void)setsignal(SIGHUP, oldhandler);
// If we were priming the DNS cache (i.e. -P was passed as an argument), flush anything
// remaining to be resolved and save the cache to disk. We can just exit now because
// we've done everything we need to do. The run loop isn't started in this case, so
// nothing else should be happening.
if ( dns_type == DNS_PRIME )
{
dns_mgr->Resolve();
if ( ! dns_mgr->Save() )
reporter->FatalError("can't update DNS cache");
event_mgr.Drain();
early_shutdown();
exit(0);
}
// Print the ID.
if ( options.identifier_to_print )
{
const auto& id = global_scope()->Find(*options.identifier_to_print);
if ( ! id )
reporter->FatalError("No such ID: %s\n", options.identifier_to_print->data());
ODesc desc;
desc.SetQuotes(true);
desc.SetIncludeStats(true);
id->DescribeExtended(&desc);
fprintf(stdout, "%s\n", desc.Description());
early_shutdown();
exit(0);
}
if ( profiling_interval > 0 )
{
const auto& profiling_file = id::find_val("profiling_file");
profiling_logger = std::make_shared<ProfileLogger>(profiling_file->AsFile(),
profiling_interval);
if ( segment_profiling )
segment_logger = profiling_logger;
}
if ( ! run_state::reading_live && ! run_state::reading_traces )
// Set up network_time to track real-time, since
// we don't have any other source for it.
run_state::detail::update_network_time(util::current_time());
if ( CPP_activation_hook )
(*CPP_activation_hook)();
if ( zeek_init )
event_mgr.Enqueue(zeek_init, Args{});
EventRegistry::string_list dead_handlers = event_registry->UnusedHandlers();
if ( ! dead_handlers.empty() && check_for_unused_event_handlers )
{
for ( const string& handler : dead_handlers )
reporter->Warning("event handler never invoked: %s", handler.c_str());
}
// Enable LeakSanitizer before zeek_init() and even before executing
// top-level statements. Even though it's not bad if a leak happens only
// once at initialization, we have to assume that script-layer code causing
// such a leak can be placed in any arbitrary event handler and potentially
// cause more severe problems.
ZEEK_LSAN_ENABLE();
if ( init_stmts )
{
StmtFlowType flow;
Frame f(init_stmts->Scope()->Length(), nullptr, nullptr);
g_frame_stack.push_back(&f);
try
{
init_stmts->Body()->Exec(&f, flow);
}
catch ( InterpreterException& )
{
reporter->FatalError("failed to execute script statements at top-level scope");
}
g_frame_stack.pop_back();
}
if ( options.ignore_checksums )
ignore_checksums = 1;
if ( zeek_script_loaded )
{
// Queue events reporting loaded scripts.
for ( const auto& file : zeek::detail::files_scanned )
{
if ( file.skipped )
continue;
event_mgr.Enqueue(zeek_script_loaded, make_intrusive<StringVal>(file.name.c_str()),
val_mgr->Count(file.include_level));
}
}
reporter->ReportViaEvents(true);
// Drain the event queue here to support the protocols framework configuring DPM
event_mgr.Drain(); event_mgr.Drain();
early_shutdown();
exit(0);
}
if ( reporter->Errors() > 0 && ! getenv("ZEEK_ALLOW_INIT_ERRORS") ) // Print the ID.
reporter->FatalError("errors occurred while initializing"); if ( options.identifier_to_print )
{
const auto& id = global_scope()->Find(*options.identifier_to_print);
if ( ! id )
reporter->FatalError("No such ID: %s\n", options.identifier_to_print->data());
run_state::detail::zeek_init_done = true; ODesc desc;
packet_mgr->DumpDebug(); desc.SetQuotes(true);
analyzer_mgr->DumpDebug(); desc.SetIncludeStats(true);
id->DescribeExtended(&desc);
run_state::detail::have_pending_timers = ! run_state::reading_traces && fprintf(stdout, "%s\n", desc.Description());
timer_mgr->Size() > 0; early_shutdown();
exit(0);
}
return {0, std::move(options)}; if ( profiling_interval > 0 )
{
const auto& profiling_file = id::find_val("profiling_file");
profiling_logger = std::make_shared<ProfileLogger>(profiling_file->AsFile(),
profiling_interval);
if ( segment_profiling )
segment_logger = profiling_logger;
}
if ( ! run_state::reading_live && ! run_state::reading_traces )
// Set up network_time to track real-time, since
// we don't have any other source for it.
run_state::detail::update_network_time(util::current_time());
if ( CPP_activation_hook )
(*CPP_activation_hook)();
if ( zeek_init )
event_mgr.Enqueue(zeek_init, Args{});
EventRegistry::string_list dead_handlers = event_registry->UnusedHandlers();
if ( ! dead_handlers.empty() && check_for_unused_event_handlers )
{
for ( const string& handler : dead_handlers )
reporter->Warning("event handler never invoked: %s", handler.c_str());
}
// Enable LeakSanitizer before zeek_init() and even before executing
// top-level statements. Even though it's not bad if a leak happens only
// once at initialization, we have to assume that script-layer code causing
// such a leak can be placed in any arbitrary event handler and potentially
// cause more severe problems.
ZEEK_LSAN_ENABLE();
if ( init_stmts )
{
StmtFlowType flow;
Frame f(init_stmts->Scope()->Length(), nullptr, nullptr);
g_frame_stack.push_back(&f);
try
{
init_stmts->Body()->Exec(&f, flow);
}
catch ( InterpreterException& )
{
reporter->FatalError("failed to execute script statements at top-level scope");
}
g_frame_stack.pop_back();
}
if ( options.ignore_checksums )
ignore_checksums = 1;
if ( zeek_script_loaded )
{
// Queue events reporting loaded scripts.
for ( const auto& file : zeek::detail::files_scanned )
{
if ( file.skipped )
continue;
event_mgr.Enqueue(zeek_script_loaded, make_intrusive<StringVal>(file.name.c_str()),
val_mgr->Count(file.include_level));
}
}
reporter->ReportViaEvents(true);
// Drain the event queue here to support the protocols framework configuring DPM
event_mgr.Drain();
if ( reporter->Errors() > 0 && ! getenv("ZEEK_ALLOW_INIT_ERRORS") )
reporter->FatalError("errors occurred while initializing");
run_state::detail::zeek_init_done = true;
packet_mgr->DumpDebug();
analyzer_mgr->DumpDebug();
run_state::detail::have_pending_timers = ! run_state::reading_traces && timer_mgr->Size() > 0;
return {0, std::move(options)};
} }
int cleanup(bool did_run_loop) int cleanup(bool did_run_loop)