diff --git a/NEWS b/NEWS index ac489af4e8..2dd94ccc4b 100644 --- a/NEWS +++ b/NEWS @@ -190,10 +190,62 @@ Changed Functionality Removed Functionality --------------------- +- A number of functions that were deprecated in version 2.6 or below and completely + removed from this release. Most of the functions were used for the old communication + code. + + - ``find_ip_addresses`` + - ``cat_string_array`` + - ``cat_string_array_n`` + - ``complete_handshake`` + - ``connect`` + - ``decode_base64_custom`` + - ``disconnect`` + - ``enable_communication`` + - ``encode_base64_custom`` + - ``get_event_peer`` + - ``get_local_event_peer`` + - ``join_string_array`` + - ``listen`` + - ``merge_pattern`` + - ``request_remote_events`` + - ``request_remote_logs`` + - ``request_remote_sync`` + - ``resume_state_updates`` + - ``send_capture_filter`` + - ``send_current_packet`` + - ``send_id`` + - ``send_ping`` + - ``set_accept_state`` + - ``set_compression_level`` + - ``sort_string_array`` + - ``split1`` + - ``split_all`` + - ``split`` + - ``suspend_state_updates`` + - ``terminate_communication`` + - ``split`` + - ``send_state`` + - ``checkpoint_state`` + - ``rescan_state`` + +- The following events were deprecated in version 2.6 or below and are completely + removed from this release: + + - ``ssl_server_curve`` + - ``dhcp_ack`` + - ``dhcp_decline`` + - ``dhcp_discover`` + - ``dhcp_inform`` + - ``dhcp_nak`` + - ``dhcp_offer`` + - ``dhcp_release`` + - ``dhcp_request`` + Deprecated Functionality ------------------------ -- The ``str_shell_escape` function is now deprecated, use ``safe_shell_quote`` +- The ``str_shell_escape`` function is now deprecated, use ``safe_shell_quote`` instead. The later will automatically return a value that is enclosed in double-quotes. diff --git a/doc b/doc index 856db2bb40..5915e8d7e2 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e +Subproject commit 5915e8d7e24a77bb9bc2a7061790f8efbe871458 diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 7c4fe2e5b8..d8c3212533 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -783,14 +783,11 @@ type peer_id: count; ## A communication peer. ## -## .. zeek:see:: complete_handshake disconnect finished_send_state -## get_event_peer get_local_event_peer remote_capture_filter +## .. zeek:see:: finished_send_state remote_capture_filter ## remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log_peer remote_pong -## request_remote_events request_remote_logs request_remote_sync -## send_capture_filter send_current_packet send_id send_ping send_state -## set_accept_state set_compression_level +## send_state ## ## .. todo::The type's name is too narrow these days, should rename. type event_peer: record { diff --git a/scripts/base/utils/addrs.zeek b/scripts/base/utils/addrs.zeek index 9d165936ef..be4c0c94c1 100644 --- a/scripts/base/utils/addrs.zeek +++ b/scripts/base/utils/addrs.zeek @@ -87,24 +87,6 @@ function is_valid_ip(ip_str: string): bool return F; } -## Extracts all IP (v4 or v6) address strings from a given string. -## -## input: a string that may contain an IP address anywhere within it. -## -## Returns: an array containing all valid IP address strings found in *input*. -function find_ip_addresses(input: string): string_array &deprecated - { - local parts = split_string_all(input, ip_addr_regex); - local output: string_array; - - for ( i in parts ) - { - if ( i % 2 == 1 && is_valid_ip(parts[i]) ) - output[|output|] = parts[i]; - } - return output; - } - ## Extracts all IP (v4 or v6) address strings from a given string. ## ## input: a string that may contain an IP address anywhere within it. diff --git a/scripts/policy/protocols/dhcp/deprecated_events.zeek b/scripts/policy/protocols/dhcp/deprecated_events.zeek deleted file mode 100644 index 553d13bc05..0000000000 --- a/scripts/policy/protocols/dhcp/deprecated_events.zeek +++ /dev/null @@ -1,272 +0,0 @@ -##! Bro 2.6 removed certain DHCP events, but scripts in the Bro -##! ecosystem are still relying on those events. As a transition, this -##! script will handle the new event, and generate the old events, -##! which are marked as deprecated. Note: This script should be -##! removed in the next Bro version after 2.6. - -@load base/protocols/dhcp - -## A DHCP message. -## -## .. note:: This type is included to support the deprecated events dhcp_ack, -## dhcp_decline, dhcp_discover, dhcp_inform, dhcp_nak, dhcp_offer, -## dhcp_release and dhcp_request and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover -## dhcp_inform dhcp_nak dhcp_offer dhcp_release dhcp_request -type dhcp_msg: record { - op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY - m_type: count; ##< The type of DHCP message. - xid: count; ##< Transaction ID of a DHCP session. - h_addr: string; ##< Hardware address of the client. - ciaddr: addr; ##< Original IP address of the client. - yiaddr: addr; ##< IP address assigned to the client. -}; - -## A list of router addresses offered by a DHCP server. -## -## .. note:: This type is included to support the deprecated events dhcp_ack -## and dhcp_offer and is thus similarly deprecated -## itself. Use :zeek:see:`dhcp_message` instead. -## -## .. zeek:see:: dhcp_message dhcp_ack dhcp_offer -type dhcp_router_list: table[count] of addr; - -## Generated for DHCP messages of type *DHCPDISCOVER* (client broadcast to locate -## available servers). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The specific address requested by the client. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_discover: event(c: connection, msg: dhcp_msg, req_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPOFFER* (server to client in response -## to DHCPDISCOVER with offer of configuration parameters). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_offer: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPREQUEST* (Client message to servers either -## (a) requesting offered parameters from one server and implicitly declining offers -## from all others, (b) confirming correctness of previously allocated address after, -## e.g., system reboot, or (c) extending the lease on a particular network address.) -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## req_addr: The client address specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_request: event(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPDECLINE* (Client to server indicating -## network address is already in use). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_ack dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_decline: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPACK* (Server to client with configuration -## parameters, including committed network address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## mask: The subnet mask specified by the message. -## -## router: The list of routers specified by the message. -## -## lease: The least interval specified by the message. -## -## serv_addr: The server address specified by the message. -## -## host_name: Optional host name value. May differ from the host name requested -## from the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_nak dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_ack: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPNAK* (Server to client indicating client's -## notion of network address is incorrect (e.g., client has moved to new subnet) or -## client's lease has expired). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: Optional host name value. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_release dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_nak: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPRELEASE* (Client to server relinquishing -## network address and cancelling remaining lease). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_inform -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -global dhcp_release: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -## Generated for DHCP messages of type *DHCPINFORM* (Client to server, asking only for -## local configuration parameters; client already has externally configured network -## address). -## -## c: The connection record describing the underlying UDP flow. -## -## msg: The parsed type-independent part of the DHCP message. -## -## host_name: The value of the host name option, if specified by the client. -## -## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request -## dhcp_decline dhcp_ack dhcp_nak dhcp_release -## -## .. note:: This event has been deprecated, and will be removed in the next version. -## Use dhcp_message instead. -## -## .. note:: Bro does not support broadcast packets (as used by the DHCP -## protocol). It treats broadcast addresses just like any other and -## associates packets into transport-level flows in the same way as usual. -## -global dhcp_inform: event(c: connection, msg: dhcp_msg, host_name: string) &deprecated; - -event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) - { - local old_msg: dhcp_msg = [$op=msg$op, $m_type=msg$m_type, $xid=msg$xid, - $h_addr=msg$chaddr, $ciaddr=msg$ciaddr, $yiaddr=msg$yiaddr]; - - local routers = dhcp_router_list(); - - if ( options?$routers ) - for ( i in options$routers ) - routers[|routers|] = options$routers[i]; - - # These fields are technically optional, but aren't listed as such in the event. - # We give it some defaults in order to suppress errors. - local ar = ( options?$addr_request ) ? options$addr_request : 0.0.0.0; - local hn = ( options?$host_name ) ? options$host_name : ""; - local le = ( options?$lease ) ? options$lease : 0 secs; - local sm = ( options?$subnet_mask ) ? options$subnet_mask : 255.255.255.255; - local sa = ( options?$serv_addr ) ? options$serv_addr : 0.0.0.0; - - switch ( DHCP::message_types[msg$m_type] ) { - case "DISCOVER": - event dhcp_discover(c, old_msg, ar, hn); - break; - case "OFFER": - event dhcp_offer(c, old_msg, sm, routers, le, sa, hn); - break; - case "REQUEST": - event dhcp_request(c, old_msg, ar, sa, hn); - break; - case "DECLINE": - event dhcp_decline(c, old_msg, hn); - break; - case "ACK": - event dhcp_ack(c, old_msg, sm, routers, le, sa, hn); - break; - case "NAK": - event dhcp_nak(c, old_msg, hn); - break; - case "RELEASE": - event dhcp_release(c, old_msg, hn); - break; - case "INFORM": - event dhcp_inform(c, old_msg, hn); - break; - default: - # This isn't a weird, it's just a DHCP message type the old scripts don't handle - break; - } - } diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek index 26408b6d44..0968c038ee 100644 --- a/scripts/test-all-policy.zeek +++ b/scripts/test-all-policy.zeek @@ -63,7 +63,6 @@ @load protocols/conn/mac-logging.zeek @load protocols/conn/vlan-logging.zeek @load protocols/conn/weirds.zeek -#@load protocols/dhcp/deprecated_events.zeek @load protocols/dhcp/msg-orig.zeek @load protocols/dhcp/software.zeek @load protocols/dhcp/sub-opts.zeek diff --git a/scripts/zeexygen/__load__.zeek b/scripts/zeexygen/__load__.zeek index ac9d2c008b..d074fe3660 100644 --- a/scripts/zeexygen/__load__.zeek +++ b/scripts/zeexygen/__load__.zeek @@ -6,7 +6,6 @@ @load frameworks/control/controller.zeek @load frameworks/files/extract-all-files.zeek @load policy/misc/dump-events.zeek -@load policy/protocols/dhcp/deprecated_events.zeek @load policy/protocols/smb/__load__.zeek @load ./example.zeek diff --git a/src/Net.h b/src/Net.h index bdc84ec74f..caea61c436 100644 --- a/src/Net.h +++ b/src/Net.h @@ -83,8 +83,6 @@ extern iosource::PktDumper* pkt_dumper; // where to save packets extern char* writefile; -extern int old_comm_usage_count; - // Script file we have already scanned (or are in the process of scanning). // They are identified by inode number. struct ScannedFile { diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 03a2a93868..e00dd83cc6 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -73,7 +73,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## sent in TLSv1.3 or SSLv2. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_extension -## ssl_session_ticket_handshake x509_certificate ssl_server_curve +## ssl_session_ticket_handshake x509_certificate ## ssl_dh_server_params ssl_handshake_message ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms @@ -116,7 +116,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ssl_rsa_client_pms ssl_server_signature ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -136,7 +136,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm +## ssl_extension_server_name ssl_extension_signature_algorithm ## ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -157,7 +157,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve ssl_extension_key_share +## ssl_extension_server_name ssl_extension_key_share ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature @@ -176,32 +176,12 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_server_curve +## ssl_extension_server_name ## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms ssl_server_signature event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%); -## Generated if a named curve is chosen by the server for an SSL/TLS connection. -## The curve is sent by the server in the ServerKeyExchange message as defined -## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. -## -## c: The connection. -## -## curve: The curve. -## -## .. note:: This event is deprecated and superseded by the ssl_ecdh_server_params -## event. This event will be removed in a future version of Bro. -## -## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_extension -## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name ssl_extension_key_share -## ssl_extension_psk_key_exchange_modes ssl_extension_supported_versions -## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params -## ssl_rsa_client_pms ssl_server_signature -event ssl_server_curve%(c: connection, curve: count%) &deprecated; - ## Generated if a server uses an ECDH-anon or ECDHE cipher suite using a named curve ## This event contains the named curve name and the server ECDH parameters contained ## in the ServerKeyExchange message as defined in :rfc:`4492`. @@ -213,7 +193,7 @@ event ssl_server_curve%(c: connection, curve: count%) &deprecated; ## point: The server's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); @@ -230,7 +210,7 @@ event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); ## Ys: The server's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); @@ -253,7 +233,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## message is used for signing. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_rsa_client_pms +## ssl_session_ticket_handshake ssl_rsa_client_pms ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); @@ -266,7 +246,7 @@ event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::Sig ## point: The client's ECDH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_rsa_client_pms event ssl_ecdh_client_params%(c: connection, point: string%); @@ -279,7 +259,7 @@ event ssl_ecdh_client_params%(c: connection, point: string%); ## Yc: The client's DH public key. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_ecdh_server_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_dh_client_params%(c: connection, Yc: string%); @@ -292,7 +272,7 @@ event ssl_dh_client_params%(c: connection, Yc: string%); ## pms: The encrypted pre-master secret. ## ## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello -## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature +## ssl_session_ticket_handshake ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_rsa_client_pms%(c: connection, pms: string%); diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index ecaaf8c20d..e19f43241c 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -320,10 +320,6 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - if ( ssl_server_curve ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - if ( ssl_ecdh_server_params ) BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); @@ -355,10 +351,6 @@ refine connection Handshake_Conn += { if ( ${kex.curve_type} != NAMED_CURVE ) return true; - if ( ssl_server_curve ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), ${kex.params.curve}); - if ( ssl_ecdh_server_params ) BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(), bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); diff --git a/src/bro.bif b/src/bro.bif index 7493d5618b..d6a4fe3bc9 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -1512,7 +1512,7 @@ function cat%(...%): string ## Returns: A concatenation of all arguments with *sep* between each one and ## empty strings replaced with *def*. ## -## .. zeek:see:: cat string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat string_cat function cat_sep%(sep: string, def: string, ...%): string %{ ODesc d; @@ -1579,7 +1579,7 @@ function cat_sep%(sep: string, def: string, ...%): string ## number of additional arguments for the given format specifier, ## :zeek:id:`fmt` generates a run-time error. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat function fmt%(...%): string %{ if ( @ARGC@ == 0 ) @@ -2839,29 +2839,6 @@ function encode_base64%(s: string, a: string &default=""%): string } %} - -## Encodes a Base64-encoded string with a custom alphabet. -## -## s: The string to encode. -## -## a: The custom alphabet. The string must consist of 64 unique -## characters. The empty string indicates the default alphabet. -## -## Returns: The encoded version of *s*. -## -## .. zeek:see:: encode_base64 -function encode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = encode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in encoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - ## Decodes a Base64-encoded string. ## ## s: The Base64-encoded string. @@ -2917,28 +2894,6 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s } %} -## Decodes a Base64-encoded string with a custom alphabet. -## -## s: The Base64-encoded string. -## -## a: The custom alphabet. The string must consist of 64 unique characters. -## The empty string indicates the default alphabet. -## -## Returns: The decoded version of *s*. -## -## .. zeek:see:: decode_base64 decode_base64_conn -function decode_base64_custom%(s: string, a: string%): string &deprecated - %{ - BroString* t = decode_base64(s->AsString(), a->AsString()); - if ( t ) - return new StringVal(t); - else - { - reporter->Error("error in decoding string %s", s->CheckString()); - return val_mgr->GetEmptyString(); - } - %} - %%{ typedef struct { uint32 time_low; @@ -2982,29 +2937,6 @@ function uuid_to_string%(uuid: string%): string return new StringVal(s); %} -## Merges and compiles two regular expressions at initialization time. -## -## p1: The first pattern. -## -## p2: The second pattern. -## -## Returns: The compiled pattern of the concatenation of *p1* and *p2*. -## -## .. zeek:see:: convert_for_pattern string_to_pattern -## -## .. note:: -## -## This function must be called at Zeek startup time, e.g., in the event -## :zeek:id:`zeek_init`. -function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated - %{ - RE_Matcher* re = new RE_Matcher(); - re->AddPat(p1->PatternText()); - re->AddPat(p2->PatternText()); - re->Compile(); - return new PatternVal(re); - %} - %%{ char* to_pat_str(int sn, const char* ss) { @@ -3037,7 +2969,7 @@ char* to_pat_str(int sn, const char* ss) ## Returns: An escaped version of *s* that has the structure of a valid ## :zeek:type:`pattern`. ## -## .. zeek:see:: merge_pattern string_to_pattern +## .. zeek:see:: string_to_pattern ## function convert_for_pattern%(s: string%): string %{ @@ -3057,7 +2989,7 @@ function convert_for_pattern%(s: string%): string ## ## Returns: *s* as :zeek:type:`pattern`. ## -## .. zeek:see:: convert_for_pattern merge_pattern +## .. zeek:see:: convert_for_pattern ## ## .. note:: ## @@ -4940,56 +4872,6 @@ function uninstall_dst_net_filter%(snet: subnet%) : bool return val_mgr->GetBool(sessions->GetPacketFilter()->RemoveDst(snet)); %} -# =========================================================================== -# -# Communication -# -# =========================================================================== - -## Enables the communication system. By default, the communication is off until -## explicitly enabled, and all other calls to communication-related functions -## will be ignored until done so. -function enable_communication%(%): any &deprecated - %{ - if ( bro_start_network_time != 0.0 ) - { - builtin_error("communication must be enabled in zeek_init"); - return 0; - } - - if ( using_communication ) - // Ignore duplicate calls. - return 0; - - using_communication = 1; - remote_serializer->Enable(); - return 0; - %} - -## Flushes in-memory state tagged with the :zeek:attr:`&persistent` attribute -## to disk. The function writes the state to the file ``.state/state.bst`` in -## the directory where Bro was started. -## -## Returns: True on success. -## -## .. zeek:see:: rescan_state -function checkpoint_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->WriteState(true)); - %} - -## Reads persistent state and populates the in-memory data structures -## accordingly. Persistent state is read from the ``.state`` directory. -## This function is the dual to :zeek:id:`checkpoint_state`. -## -## Returns: True on success. -## -## .. zeek:see:: checkpoint_state -function rescan_state%(%) : bool - %{ - return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); - %} - ## Writes the binary event stream generated by the core to a given file. ## Use the ``-x `` command line switch to replay saved events. ## @@ -5028,165 +4910,6 @@ function capture_state_updates%(filename: string%) : bool (const char*) filename->CheckString())); %} -## Establishes a connection to a remote Bro or Broccoli instance. -## -## ip: The IP address of the remote peer. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## p: The port of the remote peer. -## -## our_class: If a non-empty string, then the remote (listening) peer checks it -## against its class name in its peer table and terminates the -## connection if they don't match. -## -## retry: If the connection fails, try to reconnect with the peer after this -## time interval. -## -## ssl: If true, use SSL to encrypt the session. -## -## Returns: A locally unique ID of the new peer. -## -## .. zeek:see:: disconnect -## listen -## request_remote_events -## request_remote_sync -## request_remote_logs -## request_remote_events -## set_accept_state -## set_compression_level -## send_state -## send_id -function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: interval, ssl: bool%) : count &deprecated - %{ - return val_mgr->GetCount(uint32(remote_serializer->Connect(ip->AsAddr(), - zone_id->CheckString(), p->Port(), our_class->CheckString(), - retry, ssl))); - %} - -## Terminate the connection with a peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: connect listen -function disconnect%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CloseConnection(id)); - %} - -## Subscribes to all events from a remote peer whose names match a given -## pattern. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## handlers: The pattern describing the events to request from peer *p*. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_sync -## request_remote_logs -## set_accept_state -function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestEvents(id, handlers)); - %} - -## Requests synchronization of IDs with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## auth: If true, the local instance considers its current state authoritative -## and sends it to *p* right after the handshake. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_logs -## set_accept_state -function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestSync(id, auth)); - %} - -## Requests logs from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -function request_remote_logs%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->RequestLogs(id)); - %} - -## Sets a boolean flag indicating whether Bro accepts state from a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## accept: True if Bro accepts state from peer *p*, or false otherwise. -## -## Returns: True on success. -## -## .. zeek:see:: request_remote_events -## request_remote_sync -## set_compression_level -function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetAcceptState(id, accept)); - %} - -## Sets the compression level of the session with a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## level: Allowed values are in the range *[0, 9]*, where 0 is the default and -## means no compression. -## -## Returns: True on success. -## -## .. zeek:see:: set_accept_state -function set_compression_level%(p: event_peer, level: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SetCompressionLevel(id, level)); - %} - -## Listens on a given IP address and port for remote connections. -## -## ip: The IP address to bind to. -## -## p: The TCP port to listen on. -## -## ssl: If true, Bro uses SSL to encrypt the session. -## -## ipv6: If true, enable listening on IPv6 addresses. -## -## zone_id: If *ip* is a non-global IPv6 address, a particular :rfc:`4007` -## ``zone_id`` can given here. An empty string, ``""``, means -## not to add any ``zone_id``. -## -## retry_interval: If address *ip* is found to be already in use, this is -## the interval at which to automatically retry binding. -## -## Returns: True on success. -## -## .. zeek:see:: connect disconnect -function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); - %} - ## Checks whether the last raised event came from a remote peer. ## ## Returns: True if the last raised event came from a remote peer. @@ -5195,179 +4918,11 @@ function is_remote_event%(%) : bool return val_mgr->GetBool(mgr.CurrentSource() != SOURCE_LOCAL); %} -## Sends all persistent state to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -## -## .. zeek:see:: send_id send_ping send_current_packet send_capture_filter -function send_state%(p: event_peer%) : bool - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(persistence_serializer->SendState(id, true)); - %} - -## Sends a global identifier to a remote peer, which then might install it -## locally. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## id: The identifier to send. -## -## Returns: True on success. -## -## .. zeek:see:: send_state send_ping send_current_packet send_capture_filter -function send_id%(p: event_peer, id: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID pid = p->AsRecordVal()->Lookup(0)->AsCount(); - - ID* i = global_scope()->Lookup(id->CheckString()); - if ( ! i ) - { - reporter->Error("send_id: no global id %s", id->CheckString()); - return val_mgr->GetBool(0); - } - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendID(&info, pid, *i)); - %} - -## Gracefully finishes communication by first making sure that all remaining -## data from parent and child has been sent out. -## -## Returns: True if the termination process has been started successfully. -function terminate_communication%(%) : bool &deprecated - %{ - return val_mgr->GetBool(remote_serializer->Terminate()); - %} - -## Signals a remote peer that the local Bro instance finished the initial -## handshake. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True on success. -function complete_handshake%(p: event_peer%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->CompleteHandshake(id)); - %} - -## Sends a ping event to a remote peer. In combination with an event handler -## for :zeek:id:`remote_pong`, this function can be used to measure latency -## between two peers. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## seq: A sequence number (also included by :zeek:id:`remote_pong`). -## -## Returns: True if sending the ping succeeds. -## -## .. zeek:see:: send_state send_id send_current_packet send_capture_filter -function send_ping%(p: event_peer, seq: count%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendPing(id, seq)); - %} - -## Sends the currently processed packet to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_capture_filter -## dump_packet dump_current_packet get_current_packet -function send_current_packet%(p: event_peer%) : bool &deprecated - %{ - const Packet* pkt; - - if ( ! current_pktsrc || - ! current_pktsrc->GetCurrentPacket(&pkt) ) - return val_mgr->GetBool(0); - - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - - SerialInfo info(remote_serializer); - return val_mgr->GetBool(remote_serializer->SendPacket(&info, id, *pkt)); - %} - -## Returns the peer who generated the last event. -## -## Note, this function is deprecated. It works correctly only for local events and -## events received through the legacy communication system. It does *not* work for -## events received through Broker and will report an error in that case. -## -## Returns: The ID of the peer who generated the last event. -## -## .. zeek:see:: get_local_event_peer -function get_event_peer%(%) : event_peer &deprecated - %{ - SourceID src = mgr.CurrentSource(); - - if ( src == SOURCE_LOCAL ) - { - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( src == SOURCE_BROKER ) - { - reporter->Error("get_event_peer() does not support Broker events"); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - if ( ! remote_serializer ) - reporter->InternalError("remote_serializer not initialized"); - - Val* v = remote_serializer->GetPeerVal(src); - if ( ! v ) - { - reporter->Error("peer %d does not exist anymore", int(src)); - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - } - - return v; - %} - -## Returns the local peer ID. -## -## Returns: The peer ID of the local Bro instance. -## -## .. zeek:see:: get_event_peer -function get_local_event_peer%(%) : event_peer &deprecated - %{ - RecordVal* p = mgr.GetLocalPeerVal(); - Ref(p); - return p; - %} - -## Sends a capture filter to a remote peer. -## -## p: The peer ID returned from :zeek:id:`connect`. -## -## s: The capture filter. -## -## Returns: True if sending the packet succeeds. -## -## .. zeek:see:: send_id send_state send_ping send_current_packet -function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated - %{ - RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); - return val_mgr->GetBool(remote_serializer->SendCaptureFilter(id, s->CheckString())); - %} - ## Stops Bro's packet processing. This function is used to synchronize ## distributed trace processing with communication enabled ## (*pseudo-realtime* mode). ## -## .. zeek:see:: continue_processing suspend_state_updates resume_state_updates +## .. zeek:see:: continue_processing function suspend_processing%(%) : any %{ net_suspend_processing(); @@ -5376,33 +4931,13 @@ function suspend_processing%(%) : any ## Resumes Bro's packet processing. ## -## .. zeek:see:: suspend_processing suspend_state_updates resume_state_updates +## .. zeek:see:: suspend_processing function continue_processing%(%) : any %{ net_continue_processing(); return 0; %} -## Stops propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing resume_state_updates -function suspend_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->SuspendStateUpdates(); - return 0; - %} - -## Resumes propagating :zeek:attr:`&synchronized` accesses. -## -## .. zeek:see:: suspend_processing continue_processing suspend_state_updates -function resume_state_updates%(%) : any &deprecated - %{ - if ( remote_serializer ) - remote_serializer->ResumeStateUpdates(); - return 0; - %} - # =========================================================================== # # Internal Functions diff --git a/src/main.cc b/src/main.cc index afd3106986..6ea1a74b99 100644 --- a/src/main.cc +++ b/src/main.cc @@ -116,7 +116,6 @@ char* command_line_policy = 0; vector params; set requested_plugins; char* proc_status_file = 0; -int old_comm_usage_count = 0; OpaqueType* md5_type = 0; OpaqueType* sha1_type = 0; @@ -427,70 +426,6 @@ static void bro_new_handler() out_of_memory("new"); } -static auto old_comm_ids = std::set{ - "connect", - "disconnect", - "request_remote_events", - "request_remote_sync", - "request_remote_logs", - "set_accept_state", - "set_compression_level", - "listen", - "send_id", - "terminate_communication", - "complete_handshake", - "send_ping", - "send_current_packet", - "get_event_peer", - "send_capture_filter", - "suspend_state_updates", - "resume_state_updates", -}; - -static bool is_old_comm_usage(const ID* id) - { - auto name = id->Name(); - - if ( old_comm_ids.find(name) == old_comm_ids.end() ) - return false; - - return true; - } - -class OldCommUsageTraversalCallback : public TraversalCallback { -public: - virtual TraversalCode PreExpr(const Expr* expr) override - { - switch ( expr->Tag() ) { - case EXPR_CALL: - { - const CallExpr* call = static_cast(expr); - auto func = call->Func(); - - if ( func->Tag() == EXPR_NAME ) - { - const NameExpr* ne = static_cast(func); - auto id = ne->Id(); - - if ( is_old_comm_usage(id) ) - ++old_comm_usage_count; - } - } - break; - default: - break; - } - - return TC_CONTINUE; - } -}; - -static void find_old_comm_usages() - { - OldCommUsageTraversalCallback cb; - traverse_all(&cb); - } - int main(int argc, char** argv) { std::set_new_handler(bro_new_handler); @@ -918,23 +853,6 @@ int main(int argc, char** argv) yyparse(); is_parsing = false; - find_old_comm_usages(); - - if ( old_comm_usage_count ) - { - auto old_comm_ack_id = global_scope()->Lookup("old_comm_usage_is_ok"); - - if ( ! old_comm_ack_id->ID_Val()->AsBool() ) - reporter->FatalError("Detected old, deprecated communication " - "system usages that will not work unless " - "you explicitly take action to initizialize " - "and set up the old comm. system. " - "Set the 'old_comm_usage_is_ok' flag " - "to bypass this error if you've taken such " - "actions, but the suggested solution is to " - "port scripts to use the new Broker API."); - } - RecordVal::ResizeParseTimeRecords(); init_general_global_var(); diff --git a/src/scan.l b/src/scan.l index 4da90394e7..fd54cfab40 100644 --- a/src/scan.l +++ b/src/scan.l @@ -326,7 +326,6 @@ when return TOK_WHEN; } &synchronized { - ++old_comm_usage_count; deprecated_attr(yytext); return TOK_ATTR_SYNCHRONIZED; } diff --git a/src/strings.bif b/src/strings.bif index ef584ee7af..110dbaea9e 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -55,9 +55,9 @@ function levenshtein_distance%(s1: string, s2: string%): count ## ## Returns: The concatenation of all (string) arguments. ## -## .. zeek:see:: cat cat_sep cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep ## fmt -## join_string_vec join_string_array +## join_string_vec function string_cat%(...%): string %{ int n = 0; @@ -112,85 +112,8 @@ int vs_to_string_array(vector& vs, TableVal* tbl, } return 1; } - -BroString* cat_string_array_n(TableVal* tbl, int start, int end) - { - vector vs; - string_array_to_vs(tbl, start, end, vs); - return concatenate(vs); - } %%} -## Concatenates all elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array_n -## fmt -## join_string_vec join_string_array -function cat_string_array%(a: string_array%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, 1, a->AsTable()->Length())); - %} - -## Concatenates a specific range of elements in an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## start: The array index of the first element of the range. -## -## end: The array index of the last element of the range. -## -## Returns: The concatenation of the range *[start, end]* in *a*. -## -## .. zeek:see:: cat string_cat cat_string_array -## fmt -## join_string_vec join_string_array -function cat_string_array_n%(a: string_array, start: count, end: count%): string &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - return new StringVal(cat_string_array_n(tbl, start, end)); - %} - -## Joins all values in the given array of strings with a separator placed -## between each element. -## -## sep: The separator to place between each element. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: The concatenation of all elements in *a*, with *sep* placed -## between each element. -## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n -## fmt -## join_string_vec -function join_string_array%(sep: string, a: string_array%): string &deprecated - %{ - vector vs; - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - for ( int i = 1; i <= n; ++i ) - { - Val* ind = val_mgr->GetCount(i); - Val* v = tbl->Lookup(ind); - if ( ! v ) - return 0; - - vs.push_back(v->AsString()); - Unref(ind); - - if ( i < n ) - vs.push_back(sep->AsString()); - } - - return new StringVal(concatenate(vs)); - %} - ## Joins all values in the given vector of strings with a separator placed ## between each element. ## @@ -201,9 +124,8 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated ## Returns: The concatenation of all elements in *vec*, with *sep* placed ## between each element. ## -## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat ## fmt -## join_string_array function join_string_vec%(vec: string_vec, sep: string%): string %{ ODesc d; @@ -231,39 +153,6 @@ function join_string_vec%(vec: string_vec, sep: string%): string return new StringVal(s); %} -## Sorts an array of strings. -## -## a: The :zeek:type:`string_array` (``table[count] of string``). -## -## Returns: A sorted copy of *a*. -## -## .. zeek:see:: sort -function sort_string_array%(a: string_array%): string_array &deprecated - %{ - TableVal* tbl = a->AsTableVal(); - int n = a->AsTable()->Length(); - - vector vs; - string_array_to_vs(tbl, 1, n, vs); - - unsigned int i, j; - for ( i = 0; i < vs.size(); ++i ) - { - const BroString* x = vs[i]; - for ( j = i; j > 0; --j ) - if ( Bstr_cmp(vs[j-1], x) <= 0 ) - break; - else - vs[j] = vs[j-1]; - vs[j] = x; - } - // sort(vs.begin(), vs.end(), Bstr_cmp); - - TableVal* b = new TableVal(string_array); - vs_to_string_array(vs, b, 1, n); - return b; - %} - ## Returns an edited version of a string that applies a special ## "backspace character" (usually ``\x08`` for backspace or ``\x7f`` for DEL). ## For example, ``edit("hello there", "e")`` returns ``"llo t"``. @@ -549,26 +438,6 @@ Val* do_sub(StringVal* str_val, RE_Matcher* re, StringVal* repl, int do_all) } %%} -## Splits a string into an array of strings according to a pattern. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each element corresponds to a substring -## in *str* separated by *re*. -## -## .. zeek:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split -## -## .. note:: The returned table starts at index 1. Note that conceptually the -## return value is meant to be a vector and this might change in the -## future. -## -function split%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 0); - %} - ## Splits a string into an array of strings according to a pattern. ## ## str: The string to split. @@ -585,26 +454,6 @@ function split_string%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 0); %} -## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :zeek:id:`split`, but *str* is only -## split once (if possible) at the earliest position and an array of two strings -## is returned. -## -## str: The string to split. -## -## re: The pattern describing the separator to split *str* in two pieces. -## -## Returns: An array of strings with two elements in which the first represents -## the substring in *str* up to the first occurence of *re*, and the -## second everything after *re*. An array of one string is returned -## when *s* cannot be split. -## -## .. zeek:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split -function split1%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 0, 1); - %} - ## Splits a string *once* into a two-element array of strings according to a ## pattern. This function is the same as :zeek:id:`split_string`, but *str* is ## only split once (if possible) at the earliest position and an array of two @@ -625,26 +474,6 @@ function split_string1%(str: string, re: pattern%): string_vec return do_split_string(str, re, 0, 1); %} -## Splits a string into an array of strings according to a pattern. This -## function is the same as :zeek:id:`split`, except that the separators are -## returned as well. For example, ``split_all("a-b--cd", /(\-)+/)`` returns -## ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do not match the -## pattern and even-indexed ones do. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## Returns: An array of strings where each two successive elements correspond -## to a substring in *str* of the part not matching *re* (odd-indexed) -## and the part that matches *re* (even-indexed). -## -## .. zeek:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split -function split_all%(str: string, re: pattern%): string_array &deprecated - %{ - return do_split(str, re, 1, 0); - %} - ## Splits a string into an array of strings according to a pattern. This ## function is the same as :zeek:id:`split_string`, except that the separators ## are returned as well. For example, ``split_string_all("a-b--cd", /(\-)+/)`` @@ -665,32 +494,6 @@ function split_string_all%(str: string, re: pattern%): string_vec return do_split_string(str, re, 1, 0); %} -## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :zeek:id:`split1` and -## :zeek:id:`split_all`, but with customizable behavior with respect to -## including separators in the result and the number of times to split. -## -## str: The string to split. -## -## re: The pattern describing the element separator in *str*. -## -## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :zeek:id:`split_all`). -## -## max_num_sep: The number of times to split *str*. -## -## Returns: An array of strings where, if *incl_sep* is true, each two -## successive elements correspond to a substring in *str* of the part -## not matching *re* (odd-indexed) and the part that matches *re* -## (even-indexed). -## -## .. zeek:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split -function split_n%(str: string, re: pattern, - incl_sep: bool, max_num_sep: count%): string_array &deprecated - %{ - return do_split(str, re, incl_sep, max_num_sep); - %} - ## Splits a string a given number of times into an array of strings according ## to a pattern. This function is similar to :zeek:id:`split_string1` and ## :zeek:id:`split_string_all`, but with customizable behavior with respect to @@ -1022,7 +825,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su ## ## Returns: A vector of strings. ## -## .. zeek:see:: split split1 split_all split_n +## .. zeek:see:: split_string split_string1 split_string_all split_string_n function str_split%(s: string, idx: index_vec%): string_vec %{ vector* idx_v = idx->AsVector(); diff --git a/testing/btest/Baseline/bifs.cat_string_array/out b/testing/btest/Baseline/bifs.cat_string_array/out deleted file mode 100644 index 963f826db9..0000000000 --- a/testing/btest/Baseline/bifs.cat_string_array/out +++ /dev/null @@ -1,3 +0,0 @@ -isatest -thisisatest -isa diff --git a/testing/btest/Baseline/bifs.decode_base64/out b/testing/btest/Baseline/bifs.decode_base64/out index aa265d2148..bb04766fd8 100644 --- a/testing/btest/Baseline/bifs.decode_base64/out +++ b/testing/btest/Baseline/bifs.decode_base64/out @@ -6,9 +6,3 @@ bro bro bro bro -bro -bro -bro -bro -bro -bro diff --git a/testing/btest/Baseline/bifs.encode_base64/out b/testing/btest/Baseline/bifs.encode_base64/out index 3008115853..cacea20cca 100644 --- a/testing/btest/Baseline/bifs.encode_base64/out +++ b/testing/btest/Baseline/bifs.encode_base64/out @@ -2,9 +2,6 @@ YnJv YnJv YnJv }n-v -YnJv -YnJv -}n-v cGFkZGluZw== cGFkZGluZzE= cGFkZGluZzEy diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out index e916fc304a..dbfa4c1e52 100644 --- a/testing/btest/Baseline/bifs.join_string/out +++ b/testing/btest/Baseline/bifs.join_string/out @@ -1,6 +1,3 @@ -this * is * a * test -thisisatest -mytest this__is__another__test thisisanothertest Test diff --git a/testing/btest/Baseline/bifs.merge_pattern/out b/testing/btest/Baseline/bifs.merge_pattern/out deleted file mode 100644 index fe8ebc3c01..0000000000 --- a/testing/btest/Baseline/bifs.merge_pattern/out +++ /dev/null @@ -1,2 +0,0 @@ -match -match diff --git a/testing/btest/Baseline/bifs.sort_string_array/out b/testing/btest/Baseline/bifs.sort_string_array/out deleted file mode 100644 index 533844768d..0000000000 --- a/testing/btest/Baseline/bifs.sort_string_array/out +++ /dev/null @@ -1,4 +0,0 @@ -a -is -test -this diff --git a/testing/btest/Baseline/bifs.split/out b/testing/btest/Baseline/bifs.split/out deleted file mode 100644 index 0ec2541f3d..0000000000 --- a/testing/btest/Baseline/bifs.split/out +++ /dev/null @@ -1,32 +0,0 @@ -t -s is a t -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a t -es -t ---------------------- -t -s is a test ---------------------- -t -hi -s is a test ---------------------- -[, thi, s i, s a tes, t] ---------------------- -X-Mailer -Testing Test (http://www.example.com) ---------------------- -A -= - B -= - C -= - D diff --git a/testing/btest/Baseline/core.old_comm_usage/out b/testing/btest/Baseline/core.old_comm_usage/out deleted file mode 100644 index cf4820d82e..0000000000 --- a/testing/btest/Baseline/core.old_comm_usage/out +++ /dev/null @@ -1,2 +0,0 @@ -warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.zeek, line 6: deprecated (terminate_communication) -fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions, but the suggested solution is to port scripts to use the new Broker API. diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 6595a63eb3..72de702972 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,2 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//zeexygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead" +warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" diff --git a/testing/btest/bifs/cat_string_array.zeek b/testing/btest/bifs/cat_string_array.zeek deleted file mode 100644 index f9aa3f266d..0000000000 --- a/testing/btest/bifs/cat_string_array.zeek +++ /dev/null @@ -1,14 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [0] = "this", [1] = "is", [2] = "a", [3] = "test" - }; - - print cat_string_array(a); - print cat_string_array_n(a, 0, |a|-1); - print cat_string_array_n(a, 1, 2); - } diff --git a/testing/btest/bifs/checkpoint_state.zeek b/testing/btest/bifs/checkpoint_state.zeek deleted file mode 100644 index e9eeeccb75..0000000000 --- a/testing/btest/bifs/checkpoint_state.zeek +++ /dev/null @@ -1,10 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT -# @TEST-EXEC: test -f .state/state.bst - -event zeek_init() - { - local a = checkpoint_state(); - if ( a != T ) - exit(1); - } diff --git a/testing/btest/bifs/decode_base64.zeek b/testing/btest/bifs/decode_base64.zeek index 2d552a2523..ee3e5bd066 100644 --- a/testing/btest/bifs/decode_base64.zeek +++ b/testing/btest/bifs/decode_base64.zeek @@ -9,14 +9,8 @@ print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); print decode_base64("YnJv"); print decode_base64("YnJv", default_alphabet); print decode_base64("YnJv", ""); # should use default alpabet print decode_base64("}n-v", my_alphabet); -print decode_base64_custom("YnJv", default_alphabet); -print decode_base64_custom("YnJv", ""); # should use default alpabet -print decode_base64_custom("}n-v", my_alphabet); diff --git a/testing/btest/bifs/encode_base64.zeek b/testing/btest/bifs/encode_base64.zeek index bbad715ecc..32d0c57e3c 100644 --- a/testing/btest/bifs/encode_base64.zeek +++ b/testing/btest/bifs/encode_base64.zeek @@ -10,10 +10,6 @@ print encode_base64("bro", default_alphabet); print encode_base64("bro", ""); # should use default alpabet print encode_base64("bro", my_alphabet); -print encode_base64_custom("bro", default_alphabet); -print encode_base64_custom("bro", ""); # should use default alpabet -print encode_base64_custom("bro", my_alphabet); - print encode_base64("padding"); print encode_base64("padding1"); print encode_base64("padding12"); diff --git a/testing/btest/bifs/join_string.zeek b/testing/btest/bifs/join_string.zeek index 1ea1afa5c2..c0d30d58f4 100644 --- a/testing/btest/bifs/join_string.zeek +++ b/testing/btest/bifs/join_string.zeek @@ -4,8 +4,8 @@ event zeek_init() { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" + local a: string_array = { + [1] = "this", [2] = "is", [3] = "a", [4] = "test" }; local b: string_array = { [1] = "mytest" }; local c: string_vec = vector( "this", "is", "another", "test" ); @@ -14,10 +14,6 @@ event zeek_init() e[3] = "hi"; e[5] = "there"; - print join_string_array(" * ", a); - print join_string_array("", a); - print join_string_array("x", b); - print join_string_vec(c, "__"); print join_string_vec(c, ""); print join_string_vec(d, "-"); diff --git a/testing/btest/bifs/merge_pattern.zeek b/testing/btest/bifs/merge_pattern.zeek deleted file mode 100644 index 2d99137b56..0000000000 --- a/testing/btest/bifs/merge_pattern.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = /foo/; - local b = /b[a-z]+/; - local c = merge_pattern(a, b); - - if ( "bar" == c ) - print "match"; - - if ( "foo" == c ) - print "match"; - - } diff --git a/testing/btest/bifs/sort_string_array.zeek b/testing/btest/bifs/sort_string_array.zeek deleted file mode 100644 index 3d3949d89b..0000000000 --- a/testing/btest/bifs/sort_string_array.zeek +++ /dev/null @@ -1,17 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a: string_array = { - [1] = "this", [2] = "is", [3] = "a", [4] = "test" - }; - - local b = sort_string_array(a); - - print b[1]; - print b[2]; - print b[3]; - print b[4]; - } diff --git a/testing/btest/bifs/split.zeek b/testing/btest/bifs/split.zeek deleted file mode 100644 index 2485c3af1f..0000000000 --- a/testing/btest/bifs/split.zeek +++ /dev/null @@ -1,58 +0,0 @@ -# -# @TEST-EXEC: bro -b %INPUT >out -# @TEST-EXEC: btest-diff out - -event zeek_init() - { - local a = "this is a test"; - local pat = /hi|es/; - local idx = vector( 3, 6, 13); - - local b = split(a, pat); - local c = split1(a, pat); - local d = split_all(a, pat); - local e1 = split_n(a, pat, F, 1); - local e2 = split_n(a, pat, T, 1); - - print b[1]; - print b[2]; - print b[3]; - print "---------------------"; - print c[1]; - print c[2]; - print "---------------------"; - print d[1]; - print d[2]; - print d[3]; - print d[4]; - print d[5]; - print "---------------------"; - print e1[1]; - print e1[2]; - print "---------------------"; - print e2[1]; - print e2[2]; - print e2[3]; - print "---------------------"; - print str_split(a, idx); - print "---------------------"; - - a = "X-Mailer: Testing Test (http://www.example.com)"; - pat = /:[[:blank:]]*/; - local f = split1(a, pat); - - print f[1]; - print f[2]; - print "---------------------"; - - a = "A = B = C = D"; - pat = /=/; - local g = split_all(a, pat); - print g[1]; - print g[2]; - print g[3]; - print g[4]; - print g[5]; - print g[6]; - print g[7]; - } diff --git a/testing/btest/core/old_comm_usage.zeek b/testing/btest/core/old_comm_usage.zeek deleted file mode 100644 index 8f4e3854aa..0000000000 --- a/testing/btest/core/old_comm_usage.zeek +++ /dev/null @@ -1,7 +0,0 @@ -# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out - -event zeek_init() - { - terminate_communication(); - } diff --git a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek index f3c1be6b14..70130cd0f9 100644 --- a/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek +++ b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek @@ -17,11 +17,7 @@ global print_lines: function(lines: string, prefix: string &default=""); ## And some more comments on the function implementation. function print_lines(lines: string, prefix: string) { - local v: vector of string; - local line_table = split(lines, /\n/); - - for ( i in line_table ) - v[i] = line_table[i]; + local v = split_string(lines, /\n/); for ( i in v ) print fmt("%s%s", prefix, v[i]);