diff --git a/NEWS b/NEWS index b394d78d7f..0a35e5d69d 100644 --- a/NEWS +++ b/NEWS @@ -133,6 +133,10 @@ Deprecated Functionality - Returning ``Val*`` from BIFs is deprecated, return ``IntrusivePtr`` instead. +- Various methods of converting protocol structures, like IP or packet headers, + to associated ``Val`` type are now deprecated, the deprecation warning + message will advice what new method to use instead. + Zeek 3.1.0 ========== diff --git a/src/Discard.cc b/src/Discard.cc index 77e83620db..3e87ca0bc7 100644 --- a/src/Discard.cc +++ b/src/Discard.cc @@ -39,7 +39,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) if ( check_ip ) { - zeek::Args args{{AdoptRef{}, ip->BuildPktHdrVal()}}; + zeek::Args args{ip->ToPktHdrVal()}; try { @@ -92,7 +92,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) int th_len = tp->th_off * 4; zeek::Args args{ - {AdoptRef{}, ip->BuildPktHdrVal()}, + ip->ToPktHdrVal(), {AdoptRef{}, BuildData(data, th_len, len, caplen)}, }; @@ -116,7 +116,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) int uh_len = sizeof (struct udphdr); zeek::Args args{ - {AdoptRef{}, ip->BuildPktHdrVal()}, + ip->ToPktHdrVal(), {AdoptRef{}, BuildData(data, uh_len, len, caplen)}, }; @@ -138,7 +138,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen) { const struct icmp* ih = (const struct icmp*) data; - zeek::Args args{{AdoptRef{}, ip->BuildPktHdrVal()}}; + zeek::Args args{ip->ToPktHdrVal()}; try { diff --git a/src/IP.cc b/src/IP.cc index 58c0a9ef26..820570a2d6 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -77,14 +77,14 @@ static VectorVal* BuildOptionsVal(const u_char* data, int len) return vv; } -RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const +IntrusivePtr IPv6_Hdr::ToVal(IntrusivePtr chain) const { - RecordVal* rv = nullptr; + IntrusivePtr rv; switch ( type ) { case IPPROTO_IPV6: { - rv = new RecordVal(hdrType(ip6_hdr_type, "ip6_hdr")); + rv = make_intrusive(hdrType(ip6_hdr_type, "ip6_hdr")); const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data; rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20)); rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff)); @@ -94,15 +94,15 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const rv->Assign(5, make_intrusive(IPAddr(ip6->ip6_src))); rv->Assign(6, make_intrusive(IPAddr(ip6->ip6_dst))); if ( ! chain ) - chain = new VectorVal( + chain = make_intrusive( internal_type("ip6_ext_hdr_chain")->AsVectorType()); - rv->Assign(7, chain); + rv->Assign(7, std::move(chain)); } break; case IPPROTO_HOPOPTS: { - rv = new RecordVal(hdrType(ip6_hopopts_type, "ip6_hopopts")); + rv = make_intrusive(hdrType(ip6_hopopts_type, "ip6_hopopts")); const struct ip6_hbh* hbh = (const struct ip6_hbh*)data; rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt)); rv->Assign(1, val_mgr->Count(hbh->ip6h_len)); @@ -114,7 +114,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case IPPROTO_DSTOPTS: { - rv = new RecordVal(hdrType(ip6_dstopts_type, "ip6_dstopts")); + rv = make_intrusive(hdrType(ip6_dstopts_type, "ip6_dstopts")); const struct ip6_dest* dst = (const struct ip6_dest*)data; rv->Assign(0, val_mgr->Count(dst->ip6d_nxt)); rv->Assign(1, val_mgr->Count(dst->ip6d_len)); @@ -125,7 +125,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case IPPROTO_ROUTING: { - rv = new RecordVal(hdrType(ip6_routing_type, "ip6_routing")); + rv = make_intrusive(hdrType(ip6_routing_type, "ip6_routing")); const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data; rv->Assign(0, val_mgr->Count(rt->ip6r_nxt)); rv->Assign(1, val_mgr->Count(rt->ip6r_len)); @@ -138,7 +138,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case IPPROTO_FRAGMENT: { - rv = new RecordVal(hdrType(ip6_fragment_type, "ip6_fragment")); + rv = make_intrusive(hdrType(ip6_fragment_type, "ip6_fragment")); const struct ip6_frag* frag = (const struct ip6_frag*)data; rv->Assign(0, val_mgr->Count(frag->ip6f_nxt)); rv->Assign(1, val_mgr->Count(frag->ip6f_reserved)); @@ -151,7 +151,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case IPPROTO_AH: { - rv = new RecordVal(hdrType(ip6_ah_type, "ip6_ah")); + rv = make_intrusive(hdrType(ip6_ah_type, "ip6_ah")); rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt)); rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len)); rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1]))); @@ -170,7 +170,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const case IPPROTO_ESP: { - rv = new RecordVal(hdrType(ip6_esp_type, "ip6_esp")); + rv = make_intrusive(hdrType(ip6_esp_type, "ip6_esp")); const uint32_t* esp = (const uint32_t*)data; rv->Assign(0, val_mgr->Count(ntohl(esp[0]))); rv->Assign(1, val_mgr->Count(ntohl(esp[1]))); @@ -180,7 +180,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const #ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: { - rv = new RecordVal(hdrType(ip6_mob_type, "ip6_mobility_hdr")); + rv = make_intrusive(hdrType(ip6_mob_type, "ip6_mobility_hdr")); const struct ip6_mobility* mob = (const struct ip6_mobility*) data; rv->Assign(0, val_mgr->Count(mob->ip6mob_payload)); rv->Assign(1, val_mgr->Count(mob->ip6mob_len)); @@ -296,7 +296,7 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const break; } - rv->Assign(5, msg); + rv->Assign(5, std::move(msg)); } break; #endif //ENABLE_MOBILE_IPV6 @@ -308,6 +308,11 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const return rv; } +RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const + { + return ToVal({AdoptRef{}, chain}).release(); + } + IPAddr IP_Hdr::IPHeaderSrcAddr() const { return ip4 ? IPAddr(ip4->ip_src) : IPAddr(ip6->ip6_src); @@ -328,13 +333,13 @@ IPAddr IP_Hdr::DstAddr() const return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr(); } -RecordVal* IP_Hdr::BuildIPHdrVal() const +IntrusivePtr IP_Hdr::ToIPHdrVal() const { - RecordVal* rval = nullptr; + IntrusivePtr rval; if ( ip4 ) { - rval = new RecordVal(hdrType(ip4_hdr_type, "ip4_hdr")); + rval = make_intrusive(hdrType(ip4_hdr_type, "ip4_hdr")); rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4)); rval->Assign(1, val_mgr->Count(ip4->ip_tos)); rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len))); @@ -346,24 +351,33 @@ RecordVal* IP_Hdr::BuildIPHdrVal() const } else { - rval = ((*ip6_hdrs)[0])->BuildRecordVal(ip6_hdrs->BuildVal()); + rval = ((*ip6_hdrs)[0])->ToVal(ip6_hdrs->ToVal()); } return rval; } -RecordVal* IP_Hdr::BuildPktHdrVal() const +RecordVal* IP_Hdr::BuildIPHdrVal() const + { + return ToIPHdrVal().release(); + } + +IntrusivePtr IP_Hdr::ToPktHdrVal() const { static RecordType* pkt_hdr_type = nullptr; if ( ! pkt_hdr_type ) pkt_hdr_type = internal_type("pkt_hdr")->AsRecordType(); - RecordVal* pkt_hdr = new RecordVal(pkt_hdr_type); - return BuildPktHdrVal(pkt_hdr, 0); + return ToPktHdrVal(make_intrusive(pkt_hdr_type), 0); } -RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const +RecordVal* IP_Hdr::BuildPktHdrVal() const + { + return ToPktHdrVal().release(); + } + +IntrusivePtr IP_Hdr::ToPktHdrVal(IntrusivePtr pkt_hdr, int sindex) const { static RecordType* tcp_hdr_type = nullptr; static RecordType* udp_hdr_type = nullptr; @@ -377,9 +391,9 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const } if ( ip4 ) - pkt_hdr->Assign(sindex + 0, BuildIPHdrVal()); + pkt_hdr->Assign(sindex + 0, ToIPHdrVal()); else - pkt_hdr->Assign(sindex + 1, BuildIPHdrVal()); + pkt_hdr->Assign(sindex + 1, ToIPHdrVal()); // L4 header. const u_char* data = Payload(); @@ -453,6 +467,11 @@ RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const return pkt_hdr; } +RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const + { + return ToPktHdrVal({AdoptRef{}, pkt_hdr}, sindex).release(); + } + static inline bool isIPv6ExtHeader(uint8_t type) { switch (type) { @@ -674,7 +693,7 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len) } #endif -VectorVal* IPv6_Hdr_Chain::BuildVal() const +IntrusivePtr IPv6_Hdr_Chain::ToVal() const { if ( ! ip6_ext_hdr_type ) { @@ -688,38 +707,38 @@ VectorVal* IPv6_Hdr_Chain::BuildVal() const ip6_mob_type = internal_type("ip6_mobility_hdr")->AsRecordType(); } - VectorVal* rval = new VectorVal( + auto rval = make_intrusive( internal_type("ip6_ext_hdr_chain")->AsVectorType()); for ( size_t i = 1; i < chain.size(); ++i ) { - RecordVal* v = chain[i]->BuildRecordVal(); + auto v = chain[i]->ToVal(); RecordVal* ext_hdr = new RecordVal(ip6_ext_hdr_type); uint8_t type = chain[i]->Type(); ext_hdr->Assign(0, val_mgr->Count(type)); switch (type) { case IPPROTO_HOPOPTS: - ext_hdr->Assign(1, v); + ext_hdr->Assign(1, std::move(v)); break; case IPPROTO_DSTOPTS: - ext_hdr->Assign(2, v); + ext_hdr->Assign(2, std::move(v)); break; case IPPROTO_ROUTING: - ext_hdr->Assign(3, v); + ext_hdr->Assign(3, std::move(v)); break; case IPPROTO_FRAGMENT: - ext_hdr->Assign(4, v); + ext_hdr->Assign(4, std::move(v)); break; case IPPROTO_AH: - ext_hdr->Assign(5, v); + ext_hdr->Assign(5, std::move(v)); break; case IPPROTO_ESP: - ext_hdr->Assign(6, v); + ext_hdr->Assign(6, std::move(v)); break; #ifdef ENABLE_MOBILE_IPV6 case IPPROTO_MOBILITY: - ext_hdr->Assign(7, v); + ext_hdr->Assign(7, std::move(v)); break; #endif default: @@ -734,6 +753,11 @@ VectorVal* IPv6_Hdr_Chain::BuildVal() const return rval; } +VectorVal* IPv6_Hdr_Chain::BuildVal() const + { + return ToVal().release(); + } + IP_Hdr* IP_Hdr::Copy() const { char* new_hdr = new char[HdrLen()]; diff --git a/src/IP.h b/src/IP.h index bb62d30b04..2959a6dd1a 100644 --- a/src/IP.h +++ b/src/IP.h @@ -14,6 +14,8 @@ #include +#include "IntrusivePtr.h" + class IPAddr; class RecordVal; class VectorVal; @@ -134,6 +136,9 @@ public: /** * Returns the script-layer record representation of the header. */ + IntrusivePtr ToVal(IntrusivePtr chain = nullptr) const; + + [[deprecated("Remove in v4.1. Use ToVal() instead.")]] RecordVal* BuildRecordVal(VectorVal* chain = nullptr) const; protected: @@ -223,6 +228,9 @@ public: * Returns a vector of ip6_ext_hdr RecordVals that includes script-layer * representation of all extension headers in the chain. */ + IntrusivePtr ToVal() const; + + [[deprecated("Remove in v4.1. Use ToVal() instead.")]] VectorVal* BuildVal() const; protected: @@ -517,18 +525,27 @@ public: /** * Returns an ip_hdr or ip6_hdr_chain RecordVal. */ + IntrusivePtr ToIPHdrVal() const; + + [[deprecated("Remove in v4.1. Use ToIPHdrVal() instead.")]] RecordVal* BuildIPHdrVal() const; /** * Returns a pkt_hdr RecordVal, which includes not only the IP header, but * also upper-layer (tcp/udp/icmp) headers. */ + IntrusivePtr ToPktHdrVal() const; + + [[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]] RecordVal* BuildPktHdrVal() const; /** * Same as above, but simply add our values into the record at the * specified starting index. */ + IntrusivePtr ToPktHdrVal(IntrusivePtr pkt_hdr, int sindex) const; + + [[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]] RecordVal* BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const; private: diff --git a/src/Sessions.cc b/src/Sessions.cc index 251d8de3a8..a2dc0fe248 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -123,7 +123,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt) SegmentProfiler prof(segment_logger, "dispatching-packet"); if ( raw_packet ) - mgr.Enqueue(raw_packet, IntrusivePtr{AdoptRef{}, pkt->BuildPktHdrVal()}); + mgr.Enqueue(raw_packet, pkt->ToRawPktHdrVal()); if ( pkt_profiler ) pkt_profiler->ProfilePkt(t, pkt->cap_len); @@ -310,7 +310,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr { dump_this_packet = true; if ( esp_packet ) - mgr.Enqueue(esp_packet, IntrusivePtr{AdoptRef{}, ip_hdr->BuildPktHdrVal()}); + mgr.Enqueue(esp_packet, ip_hdr->ToPktHdrVal()); // Can't do more since upper-layer payloads are going to be encrypted. return; @@ -330,8 +330,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr } if ( mobile_ipv6_message ) - mgr.Enqueue(mobile_ipv6_message, - IntrusivePtr{AdoptRef{}, ip_hdr->BuildPktHdrVal()}); + mgr.Enqueue(mobile_ipv6_message, ip_hdr->ToPktHdrVal()); if ( ip_hdr->NextProto() != IPPROTO_NONE ) Weird("mobility_piggyback", pkt, encapsulation); @@ -686,19 +685,18 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel()); - Val* pkt_hdr_val = nullptr; + IntrusivePtr pkt_hdr_val; if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 ) { - pkt_hdr_val = ip_hdr->BuildPktHdrVal(); + pkt_hdr_val = ip_hdr->ToPktHdrVal(); conn->EnqueueEvent(ipv6_ext_headers, nullptr, conn->ConnVal(), - IntrusivePtr{AdoptRef{}, pkt_hdr_val}); + pkt_hdr_val); } if ( new_packet ) conn->EnqueueEvent(new_packet, nullptr, conn->ConnVal(), pkt_hdr_val ? - IntrusivePtr{NewRef{}, pkt_hdr_val} : - IntrusivePtr{AdoptRef{}, ip_hdr->BuildPktHdrVal()}); + std::move(pkt_hdr_val) : ip_hdr->ToPktHdrVal()); conn->NextPacket(t, is_orig, ip_hdr, len, caplen, data, record_packet, record_content, pkt); diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index a804dfbbcd..d7e9ca9010 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -760,7 +760,7 @@ flow GTPv1_Flow(is_orig: bool) if ( ::gtpv1_g_pdu_packet ) BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu), - {AdoptRef{}, inner->BuildPktHdrVal()}); + inner->ToPktHdrVal()); EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1); diff --git a/src/analyzer/protocol/teredo/Teredo.cc b/src/analyzer/protocol/teredo/Teredo.cc index 8fbb8eb4af..9501378a23 100644 --- a/src/analyzer/protocol/teredo/Teredo.cc +++ b/src/analyzer/protocol/teredo/Teredo.cc @@ -137,7 +137,7 @@ IntrusivePtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const teredo_hdr->Assign(1, teredo_origin); } - teredo_hdr->Assign(2, inner->BuildPktHdrVal()); + teredo_hdr->Assign(2, inner->ToPktHdrVal()); return teredo_hdr; } diff --git a/src/analyzer/protocol/vxlan/VXLAN.cc b/src/analyzer/protocol/vxlan/VXLAN.cc index 2af72887f7..eb4e0e5926 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.cc +++ b/src/analyzer/protocol/vxlan/VXLAN.cc @@ -102,8 +102,7 @@ void VXLAN_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, if ( vxlan_packet ) Conn()->EnqueueEvent(vxlan_packet, nullptr, ConnVal(), - IntrusivePtr{AdoptRef{}, inner->BuildPktHdrVal()}, - val_mgr->Count(vni)); + inner->ToPktHdrVal(), val_mgr->Count(vni)); EncapsulatingConn ec(Conn(), BifEnum::Tunnel::VXLAN); sessions->DoNextInnerPacket(network_time, &pkt, inner, estack, ec); diff --git a/src/iosource/Packet.cc b/src/iosource/Packet.cc index 09cc2f1fa6..52033ca5d0 100644 --- a/src/iosource/Packet.cc +++ b/src/iosource/Packet.cc @@ -2,6 +2,7 @@ #include "Sessions.h" #include "Desc.h" #include "IP.h" +#include "IntrusivePtr.h" #include "iosource/Manager.h" extern "C" { @@ -590,9 +591,9 @@ void Packet::ProcessLayer2() hdr_size = (pdata - data); } -RecordVal* Packet::BuildPktHdrVal() const +IntrusivePtr Packet::ToRawPktHdrVal() const { - RecordVal* pkt_hdr = new RecordVal(raw_pkt_hdr_type); + auto pkt_hdr = make_intrusive(raw_pkt_hdr_type); RecordVal* l2_hdr = new RecordVal(l2_hdr_type); bool is_ethernet = link_type == DLT_EN10MB; @@ -652,19 +653,24 @@ RecordVal* Packet::BuildPktHdrVal() const if ( l3_proto == L3_IPV4 ) { IP_Hdr ip_hdr((const struct ip*)(data + hdr_size), false); - return ip_hdr.BuildPktHdrVal(pkt_hdr, 1); + return ip_hdr.ToPktHdrVal(std::move(pkt_hdr), 1); } else if ( l3_proto == L3_IPV6 ) { IP_Hdr ip6_hdr((const struct ip6_hdr*)(data + hdr_size), false, cap_len); - return ip6_hdr.BuildPktHdrVal(pkt_hdr, 1); + return ip6_hdr.ToPktHdrVal(std::move(pkt_hdr), 1); } else return pkt_hdr; } +RecordVal* Packet::BuildPktHdrVal() const + { + return ToRawPktHdrVal().release(); + } + Val *Packet::FmtEUI48(const u_char *mac) const { char buf[20]; diff --git a/src/iosource/Packet.h b/src/iosource/Packet.h index 2da4836b7b..ce2e3b928a 100644 --- a/src/iosource/Packet.h +++ b/src/iosource/Packet.h @@ -16,6 +16,7 @@ class Val; class ODesc; class IP_Hdr; class RecordVal; +template class IntrusivePtr; /** * The Layer 3 type of a packet, as determined by the parsing code in Packet. @@ -127,6 +128,9 @@ public: * Returns a \c raw_pkt_hdr RecordVal, which includes layer 2 and * also everything in IP_Hdr (i.e., IP4/6 + TCP/UDP/ICMP). */ + IntrusivePtr ToRawPktHdrVal() const; + + [[deprecated("Remove in v4.1. Use ToRawPktHdrval() instead.")]] RecordVal* BuildPktHdrVal() const; /** diff --git a/src/zeek.bif b/src/zeek.bif index 77d3a11838..70674fe43b 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -3427,7 +3427,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr if ( current_pktsrc && current_pktsrc->GetCurrentPacket(&p) ) { - return IntrusivePtr{AdoptRef{}, p->BuildPktHdrVal()}; + return p->ToRawPktHdrVal(); } auto hdr = make_intrusive(raw_pkt_hdr_type);