mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
Merge remote-tracking branch 'origin/master' into topic/seth/analyzer-framework
Conflicts: scripts/base/init-default.bro scripts/base/protocols/dns/main.bro scripts/base/protocols/ftp/main.bro scripts/base/protocols/http/main.bro scripts/base/protocols/irc/main.bro scripts/base/protocols/smtp/main.bro scripts/base/protocols/ssh/main.bro scripts/base/protocols/ssl/main.bro scripts/base/protocols/syslog/main.bro src/main.cc testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
This commit is contained in:
Seth Hall
commit
5f8ee93ef0
1249 changed files with 267087 additions and 176962 deletions
115
src/main.cc
115
src/main.cc
|
|
@ -23,6 +23,7 @@ extern "C" {
|
|||
#endif
|
||||
|
||||
#include <openssl/md5.h>
|
||||
#include <magic.h>
|
||||
|
||||
extern "C" void OPENSSL_add_all_algorithms_conf(void);
|
||||
|
||||
|
|
@ -49,7 +50,6 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
|
|||
#include "PersistenceSerializer.h"
|
||||
#include "EventRegistry.h"
|
||||
#include "Stats.h"
|
||||
#include "DPM.h"
|
||||
#include "BroDoc.h"
|
||||
#include "Brofiler.h"
|
||||
|
||||
|
|
@ -57,11 +57,21 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
|
|||
#include "input/Manager.h"
|
||||
#include "logging/Manager.h"
|
||||
#include "logging/writers/Ascii.h"
|
||||
#include "analyzer/Manager.h"
|
||||
#include "analyzer/Tag.h"
|
||||
#include "plugin/Manager.h"
|
||||
|
||||
#include "file_analysis/Manager.h"
|
||||
|
||||
#include "binpac_bro.h"
|
||||
|
||||
#include "3rdparty/sqlite3.h"
|
||||
|
||||
Brofiler brofiler;
|
||||
|
||||
magic_t magic_desc_cookie = 0;
|
||||
magic_t magic_mime_cookie = 0;
|
||||
|
||||
#ifndef HAVE_STRSEP
|
||||
extern "C" {
|
||||
char* strsep(char**, const char*);
|
||||
|
|
@ -86,6 +96,9 @@ TimerMgr* timer_mgr;
|
|||
logging::Manager* log_mgr = 0;
|
||||
threading::Manager* thread_mgr = 0;
|
||||
input::Manager* input_mgr = 0;
|
||||
plugin::Manager* plugin_mgr = 0;
|
||||
analyzer::Manager* analyzer_mgr = 0;
|
||||
file_analysis::Manager* file_mgr = 0;
|
||||
Stmt* stmts;
|
||||
EventHandlerPtr net_done = 0;
|
||||
RuleMatcher* rule_matcher = 0;
|
||||
|
|
@ -99,7 +112,6 @@ ProfileLogger* profiling_logger = 0;
|
|||
ProfileLogger* segment_logger = 0;
|
||||
SampleLogger* sample_logger = 0;
|
||||
int signal_val = 0;
|
||||
DPM* dpm = 0;
|
||||
int optimize = 0;
|
||||
int do_notice_analysis = 0;
|
||||
int rule_bench = 0;
|
||||
|
|
@ -111,8 +123,6 @@ vector<string> params;
|
|||
char* proc_status_file = 0;
|
||||
int snaplen = 0; // this gets set from the scripting-layer's value
|
||||
|
||||
int FLAGS_use_binpac = false;
|
||||
|
||||
extern std::list<BroDoc*> docs_generated;
|
||||
|
||||
// Keep copy of command line
|
||||
|
|
@ -176,6 +186,7 @@ void usage()
|
|||
fprintf(stderr, " -I|--print-id <ID name> | print out given ID\n");
|
||||
fprintf(stderr, " -K|--md5-hashkey <hashkey> | set key for MD5-keyed hashing\n");
|
||||
fprintf(stderr, " -L|--rule-benchmark | benchmark for rules\n");
|
||||
fprintf(stderr, " -N|--print-plugins | print available plugins and exit (-NN for verbose)\n");
|
||||
fprintf(stderr, " -O|--optimize | optimize policy script\n");
|
||||
fprintf(stderr, " -P|--prime-dns | prime DNS\n");
|
||||
fprintf(stderr, " -R|--replay <events.bst> | replay events\n");
|
||||
|
|
@ -200,9 +211,8 @@ void usage()
|
|||
fprintf(stderr, " -n|--idmef-dtd <idmef-msg.dtd> | specify path to IDMEF DTD file\n");
|
||||
#endif
|
||||
|
||||
fprintf(stderr, " --use-binpac | use new-style BinPAC parsers when available\n");
|
||||
|
||||
fprintf(stderr, " $BROPATH | file search path (%s)\n", bro_path());
|
||||
fprintf(stderr, " $BROMAGIC | libmagic mime magic database search path (%s)\n", bro_magic_path());
|
||||
fprintf(stderr, " $BRO_PREFIXES | prefix list (%s)\n", bro_prefixes());
|
||||
fprintf(stderr, " $BRO_DNS_FAKE | disable DNS lookups (%s)\n", bro_dns_fake());
|
||||
fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n");
|
||||
|
|
@ -233,6 +243,32 @@ void usage()
|
|||
exit(1);
|
||||
}
|
||||
|
||||
void show_plugins(int level)
|
||||
{
|
||||
plugin::Manager::plugin_list plugins = plugin_mgr->Plugins();
|
||||
|
||||
if ( ! plugins.size() )
|
||||
{
|
||||
printf("No plugins registered, not even any built-ins. This is probably a bug.\n");
|
||||
return;
|
||||
}
|
||||
|
||||
ODesc d;
|
||||
|
||||
if ( level == 1 )
|
||||
d.SetShort();
|
||||
|
||||
for ( plugin::Manager::plugin_list::const_iterator i = plugins.begin(); i != plugins.end(); i++ )
|
||||
{
|
||||
(*i)->Describe(&d);
|
||||
|
||||
if ( ! d.IsShort() )
|
||||
d.Add("\n");
|
||||
}
|
||||
|
||||
printf("%s", d.Description());
|
||||
}
|
||||
|
||||
void done_with_network()
|
||||
{
|
||||
set_processing_status("TERMINATING", "done_with_network");
|
||||
|
|
@ -262,7 +298,7 @@ void done_with_network()
|
|||
|
||||
terminating = true;
|
||||
|
||||
dpm->Done();
|
||||
analyzer_mgr->Done();
|
||||
timer_mgr->Expire();
|
||||
dns_mgr->Flush();
|
||||
mgr.Drain();
|
||||
|
|
@ -319,11 +355,15 @@ void terminate_bro()
|
|||
|
||||
mgr.Drain();
|
||||
|
||||
file_mgr->Terminate();
|
||||
log_mgr->Terminate();
|
||||
input_mgr->Terminate();
|
||||
thread_mgr->Terminate();
|
||||
|
||||
mgr.Drain();
|
||||
|
||||
plugin_mgr->FinishPlugins();
|
||||
|
||||
delete timer_mgr;
|
||||
delete dns_mgr;
|
||||
delete persistence_serializer;
|
||||
|
|
@ -333,9 +373,11 @@ void terminate_bro()
|
|||
delete event_registry;
|
||||
delete secondary_path;
|
||||
delete remote_serializer;
|
||||
delete dpm;
|
||||
delete analyzer_mgr;
|
||||
delete log_mgr;
|
||||
delete plugin_mgr;
|
||||
delete thread_mgr;
|
||||
delete file_mgr;
|
||||
delete reporter;
|
||||
|
||||
reporter = 0;
|
||||
|
|
@ -412,6 +454,7 @@ int main(int argc, char** argv)
|
|||
int override_ignore_checksums = 0;
|
||||
int rule_debug = 0;
|
||||
int RE_level = 4;
|
||||
int print_plugins = 0;
|
||||
|
||||
static struct option long_opts[] = {
|
||||
{"bare-mode", no_argument, 0, 'b'},
|
||||
|
|
@ -440,6 +483,7 @@ int main(int argc, char** argv)
|
|||
{"set-seed", required_argument, 0, 'J'},
|
||||
{"md5-hashkey", required_argument, 0, 'K'},
|
||||
{"rule-benchmark", no_argument, 0, 'L'},
|
||||
{"print-plugins", no_argument, 0, 'N'},
|
||||
{"optimize", no_argument, 0, 'O'},
|
||||
{"prime-dns", no_argument, 0, 'P'},
|
||||
{"replay", required_argument, 0, 'R'},
|
||||
|
|
@ -462,8 +506,6 @@ int main(int argc, char** argv)
|
|||
|
||||
{"pseudo-realtime", optional_argument, 0, 'E'},
|
||||
|
||||
{"use-binpac", no_argument, &FLAGS_use_binpac, 1},
|
||||
|
||||
{0, 0, 0, 0},
|
||||
};
|
||||
|
||||
|
|
@ -494,7 +536,7 @@ int main(int argc, char** argv)
|
|||
opterr = 0;
|
||||
|
||||
char opts[256];
|
||||
safe_strncpy(opts, "B:D:e:f:I:i:K:l:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGLOPSWbdghvZ",
|
||||
safe_strncpy(opts, "B:D:e:f:I:i:K:l:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGLNOPSWbdghvZ",
|
||||
sizeof(opts));
|
||||
|
||||
#ifdef USE_PERFTOOLS_DEBUG
|
||||
|
|
@ -609,6 +651,10 @@ int main(int argc, char** argv)
|
|||
++rule_bench;
|
||||
break;
|
||||
|
||||
case 'N':
|
||||
++print_plugins;
|
||||
break;
|
||||
|
||||
case 'O':
|
||||
optimize = 1;
|
||||
break;
|
||||
|
|
@ -724,6 +770,11 @@ int main(int argc, char** argv)
|
|||
curl_global_init(CURL_GLOBAL_ALL);
|
||||
#endif
|
||||
|
||||
bro_init_magic(&magic_desc_cookie, MAGIC_NONE);
|
||||
bro_init_magic(&magic_mime_cookie, MAGIC_MIME);
|
||||
|
||||
sqlite3_initialize();
|
||||
|
||||
// FIXME: On systems that don't provide /dev/urandom, OpenSSL doesn't
|
||||
// seed the PRNG. We should do this here (but at least Linux, FreeBSD
|
||||
// and Solaris provide /dev/urandom).
|
||||
|
|
@ -750,7 +801,7 @@ int main(int argc, char** argv)
|
|||
if ( optind == argc &&
|
||||
read_files.length() == 0 && flow_files.length() == 0 &&
|
||||
interfaces.length() == 0 &&
|
||||
! (id_name || bst_file) && ! command_line_policy )
|
||||
! (id_name || bst_file) && ! command_line_policy && ! print_plugins )
|
||||
add_input_file("-");
|
||||
|
||||
// Process remaining arguments. X=Y arguments indicate script
|
||||
|
|
@ -764,6 +815,8 @@ int main(int argc, char** argv)
|
|||
add_input_file(argv[optind++]);
|
||||
}
|
||||
|
||||
push_scope(0);
|
||||
|
||||
dns_mgr = new DNS_Mgr(dns_type);
|
||||
|
||||
// It would nice if this were configurable. This is similar to the
|
||||
|
|
@ -774,19 +827,21 @@ int main(int argc, char** argv)
|
|||
persistence_serializer = new PersistenceSerializer();
|
||||
remote_serializer = new RemoteSerializer();
|
||||
event_registry = new EventRegistry();
|
||||
analyzer_mgr = new analyzer::Manager();
|
||||
log_mgr = new logging::Manager();
|
||||
input_mgr = new input::Manager();
|
||||
input_mgr = new input::Manager();
|
||||
plugin_mgr = new plugin::Manager();
|
||||
file_mgr = new file_analysis::Manager();
|
||||
|
||||
plugin_mgr->InitPreScript();
|
||||
analyzer_mgr->InitPreScript();
|
||||
file_mgr->InitPreScript();
|
||||
|
||||
if ( events_file )
|
||||
event_player = new EventPlayer(events_file);
|
||||
|
||||
init_event_handlers();
|
||||
|
||||
push_scope(0);
|
||||
|
||||
dpm = new DPM;
|
||||
dpm->PreScriptInit();
|
||||
|
||||
// The leak-checker tends to produce some false
|
||||
// positives (memory which had already been
|
||||
// allocated before we start the checking is
|
||||
|
|
@ -800,12 +855,24 @@ int main(int argc, char** argv)
|
|||
|
||||
yyparse();
|
||||
|
||||
plugin_mgr->InitPostScript();
|
||||
analyzer_mgr->InitPostScript();
|
||||
file_mgr->InitPostScript();
|
||||
|
||||
if ( print_plugins )
|
||||
{
|
||||
show_plugins(print_plugins);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
#ifdef USE_PERFTOOLS_DEBUG
|
||||
}
|
||||
#endif
|
||||
|
||||
if ( generate_documentation )
|
||||
{
|
||||
CreateProtoAnalyzerDoc("proto-analyzers.rst");
|
||||
|
||||
std::list<BroDoc*>::iterator it;
|
||||
|
||||
for ( it = docs_generated.begin(); it != docs_generated.end(); ++it )
|
||||
|
|
@ -824,6 +891,8 @@ int main(int argc, char** argv)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
reporter->InitOptions();
|
||||
|
||||
init_general_global_var();
|
||||
|
||||
if ( user_pcap_filter )
|
||||
|
|
@ -1042,19 +1111,21 @@ int main(int argc, char** argv)
|
|||
vl->append(new Val(i->include_level, TYPE_COUNT));
|
||||
mgr.QueueEvent(bro_script_loaded, vl);
|
||||
}
|
||||
|
||||
|
||||
reporter->ReportViaEvents(true);
|
||||
|
||||
// Drain the event queue here to support the protocols framework configuring DPM
|
||||
mgr.Drain();
|
||||
|
||||
dpm->PostScriptInit();
|
||||
analyzer_mgr->DumpDebug();
|
||||
|
||||
have_pending_timers = ! reading_traces && timer_mgr->Size() > 0;
|
||||
|
||||
io_sources.Register(thread_mgr, true);
|
||||
|
||||
if ( io_sources.Size() > 0 || have_pending_timers )
|
||||
if ( io_sources.Size() > 0 ||
|
||||
have_pending_timers ||
|
||||
BifConst::exit_only_after_terminate )
|
||||
{
|
||||
if ( profiling_logger )
|
||||
profiling_logger->Log();
|
||||
|
|
@ -1079,6 +1150,8 @@ int main(int argc, char** argv)
|
|||
curl_global_cleanup();
|
||||
#endif
|
||||
|
||||
sqlite3_shutdown();
|
||||
|
||||
terminate_bro();
|
||||
|
||||
// Close files after net_delete(), because net_delete()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue