diff --git a/auxil/bifcl b/auxil/bifcl index 919416a0a3..0bb0ebe8e0 160000 --- a/auxil/bifcl +++ b/auxil/bifcl @@ -1 +1 @@ -Subproject commit 919416a0a3457c95f23b67b39ce8e4da0b84c00b +Subproject commit 0bb0ebe8e056871a03cf965351c2b56ed8507de1 diff --git a/src/Conn.cc b/src/Conn.cc index 3fd5e32f29..8d47402825 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -97,7 +97,7 @@ void Connection::CheckEncapsulation(const std::shared_ptr& a if ( *encapsulation != *arg_encap ) { if ( tunnel_changed ) - EnqueueEvent(tunnel_changed, nullptr, ConnVal(), + EnqueueEvent(tunnel_changed, nullptr, GetVal(), arg_encap->ToVal()); encapsulation = std::make_shared(*arg_encap); @@ -109,7 +109,7 @@ void Connection::CheckEncapsulation(const std::shared_ptr& a if ( tunnel_changed ) { EncapsulationStack empty; - EnqueueEvent(tunnel_changed, nullptr, ConnVal(), empty.ToVal()); + EnqueueEvent(tunnel_changed, nullptr, GetVal(), empty.ToVal()); } encapsulation = nullptr; @@ -118,7 +118,7 @@ void Connection::CheckEncapsulation(const std::shared_ptr& a else if ( arg_encap ) { if ( tunnel_changed ) - EnqueueEvent(tunnel_changed, nullptr, ConnVal(), arg_encap->ToVal()); + EnqueueEvent(tunnel_changed, nullptr, GetVal(), arg_encap->ToVal()); encapsulation = std::make_shared(*arg_encap); } @@ -215,13 +215,13 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, return; EnqueueEvent(e, nullptr, - ConnVal(), + GetVal(), val_mgr->Bool(is_orig), val_mgr->Count(threshold) ); } -const RecordValPtr& Connection::ConnVal() +const RecordValPtr& Connection::GetVal() { if ( ! conn_val ) { @@ -306,7 +306,7 @@ analyzer::Analyzer* Connection::FindAnalyzer(const char* name) void Connection::AppendAddl(const char* str) { - const auto& cv = ConnVal(); + const auto& cv = GetVal(); const char* old = cv->GetFieldAs(6)->CheckString(); const char* format = *old ? "%s %s" : "%s%s"; @@ -337,7 +337,7 @@ void Connection::Match(detail::Rule::PatternType type, const u_char* data, int l void Connection::RemovalEvent() { if ( connection_state_remove ) - EnqueueEvent(connection_state_remove, nullptr, ConnVal()); + EnqueueEvent(connection_state_remove, nullptr, GetVal()); } void Connection::Weird(const char* name, const char* addl, const char* source) @@ -390,7 +390,7 @@ unsigned int Connection::MemoryAllocation() const ; } -unsigned int Connection::MemoryAllocationConnVal() const +unsigned int Connection::MemoryAllocationVal() const { return conn_val ? conn_val->MemoryAllocation() : 0; } @@ -473,7 +473,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label) (is_orig ? saw_first_orig_packet : saw_first_resp_packet) ) { EnqueueEvent(connection_flow_label_changed, nullptr, - ConnVal(), + GetVal(), val_mgr->Bool(is_orig), val_mgr->Count(my_flow_label), val_mgr->Count(flow_label) diff --git a/src/Conn.h b/src/Conn.h index 6d3e422a81..cc66313d58 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -149,7 +149,7 @@ public: /** * Returns the associated "connection" record. */ - const RecordValPtr& ConnVal() override; + const RecordValPtr& GetVal() override; /** * Append additional entries to the history field in the connection record. @@ -186,7 +186,7 @@ public: // Just a lower bound. unsigned int MemoryAllocation() const override; - unsigned int MemoryAllocationConnVal() const override; + unsigned int MemoryAllocationVal() const override; static uint64_t TotalConnections() { return total_connections; } diff --git a/src/Reporter.cc b/src/Reporter.cc index 209bf243ca..28ea5103a3 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -439,7 +439,7 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl, const return; } - WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl), new StringVal(source)}, + WeirdHelper(conn_weird, {conn->GetVal()->Ref(), new StringVal(addl), new StringVal(source)}, "%s", name); } @@ -601,7 +601,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, vl.emplace_back(make_intrusive(loc_str.c_str())); if ( conn ) - vl.emplace_back(conn->ConnVal()); + vl.emplace_back(conn->GetVal()); if ( addl ) for ( auto v : *addl ) diff --git a/src/Session.cc b/src/Session.cc index bfdcbbb5a4..e0b84dbe71 100644 --- a/src/Session.cc +++ b/src/Session.cc @@ -137,9 +137,9 @@ void Session::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const char* return; if ( name ) - EnqueueEvent(f, analyzer, make_intrusive(name), ConnVal()); + EnqueueEvent(f, analyzer, make_intrusive(name), GetVal()); else - EnqueueEvent(f, analyzer, ConnVal()); + EnqueueEvent(f, analyzer, GetVal()); } void Session::EnqueueEvent(EventHandlerPtr f, analyzer::Analyzer* a, Args args) @@ -258,7 +258,7 @@ void Session::InactivityTimer(double t) void Session::StatusUpdateTimer(double t) { - EnqueueEvent(session_status_update_event, nullptr, ConnVal()); + EnqueueEvent(session_status_update_event, nullptr, GetVal()); ADD_TIMER(&Session::StatusUpdateTimer, run_state::network_time + session_status_update_interval, 0, detail::TIMER_CONN_STATUS_UPDATE); diff --git a/src/Session.h b/src/Session.h index dfb7b66f35..6cda3e2150 100644 --- a/src/Session.h +++ b/src/Session.h @@ -95,15 +95,20 @@ public: /** * Returns the associated "session" record. - * TODO: rename this to SessionVal(). This requires a swath of other changes. */ - virtual const RecordValPtr& ConnVal() = 0; + virtual const RecordValPtr& GetVal() = 0; + + [[deprecated("Remove in v5.1. Use GetVal().")]] + const RecordValPtr& ConnVal() { return GetVal(); } /** * Return the memory allocation required by the session record. This requires at - * least one call to ConnVal() first in order to setup the record object. + * least one call to Get() first in order to setup the record object. */ - virtual unsigned int MemoryAllocationConnVal() const = 0; + virtual unsigned int MemoryAllocationVal() const = 0; + + [[deprecated("Remove in v5.1. Use MemoryAllocationVal().")]] + unsigned int MemoryAllocationConnVal() const { return MemoryAllocationVal(); } /** * A lower-bound calculation of how much memory a session object is using. diff --git a/src/SessionManager.cc b/src/SessionManager.cc index e6a1b0ed5a..f6543ed5cd 100644 --- a/src/SessionManager.cc +++ b/src/SessionManager.cc @@ -183,12 +183,12 @@ void SessionManager::ProcessTransportLayer(double t, const Packet* pkt, size_t r if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 ) { pkt_hdr_val = ip_hdr->ToPktHdrVal(); - conn->EnqueueEvent(ipv6_ext_headers, nullptr, conn->ConnVal(), + conn->EnqueueEvent(ipv6_ext_headers, nullptr, conn->GetVal(), pkt_hdr_val); } if ( new_packet ) - conn->EnqueueEvent(new_packet, nullptr, conn->ConnVal(), pkt_hdr_val ? + conn->EnqueueEvent(new_packet, nullptr, conn->GetVal(), pkt_hdr_val ? std::move(pkt_hdr_val) : ip_hdr->ToPktHdrVal()); conn->NextPacket(t, is_orig, ip_hdr.get(), len, remaining, data, @@ -602,7 +602,7 @@ void SessionManager::Weird(const char* name, const IP_Hdr* ip, const char* addl) reporter->Weird(ip->SrcAddr(), ip->DstAddr(), name, addl); } -unsigned int SessionManager::ConnectionMemoryUsage() +unsigned int SessionManager::SessionMemoryUsage() { unsigned int mem = 0; @@ -616,7 +616,7 @@ unsigned int SessionManager::ConnectionMemoryUsage() return mem; } -unsigned int SessionManager::ConnectionMemoryUsageConnVals() +unsigned int SessionManager::SessionMemoryUsageVals() { unsigned int mem = 0; @@ -625,7 +625,7 @@ unsigned int SessionManager::ConnectionMemoryUsageConnVals() return 0; for ( const auto& entry : session_map ) - mem += entry.second->MemoryAllocationConnVal(); + mem += entry.second->MemoryAllocationVal(); return mem; } @@ -636,7 +636,7 @@ unsigned int SessionManager::MemoryAllocation() // Connections have been flushed already. return 0; - return ConnectionMemoryUsage() + return SessionMemoryUsage() + padded_sizeof(*this) + (session_map.size() * (sizeof(SessionMap::key_type) + sizeof(SessionMap::value_type))) + detail::fragment_mgr->MemoryAllocation(); diff --git a/src/SessionManager.h b/src/SessionManager.h index c53d1bdb5a..4d8591c863 100644 --- a/src/SessionManager.h +++ b/src/SessionManager.h @@ -81,11 +81,14 @@ public: [[deprecated("Remove in v5.1. Use packet_mgr->GetPacketFilter().")]] detail::PacketFilter* GetPacketFilter(bool init=true); - unsigned int CurrentConnections() + unsigned int CurrentSessions() { return session_map.size(); } + [[deprecated("Remove in v5.1. Use CurrentSessions().")]] + unsigned int CurrentConnections() { return CurrentSessions(); } + /** * Main entry point for processing packets destined for session analyzers. This * method is called by the packet analysis manager when after it has processed @@ -123,8 +126,14 @@ public: int ParseIPPacket(int caplen, const u_char* const pkt, int proto, IP_Hdr*& inner); - unsigned int ConnectionMemoryUsage(); - unsigned int ConnectionMemoryUsageConnVals(); + unsigned int SessionMemoryUsage(); + unsigned int SessionMemoryUsageVals(); + + [[deprecated("Remove in v5.1. Use SessionMemoryUsage().")]] + unsigned int ConnectionMemoryUsage() { return SessionMemoryUsage(); } + [[deprecated("Remove in v5.1. Use SessionMemoryUsageVals().")]] + unsigned int ConnectionMemoryUsageConnVals() { return SessionMemoryUsageVals(); } + unsigned int MemoryAllocation(); // TODO: should this move somewhere else? diff --git a/src/Stats.cc b/src/Stats.cc index 294164c526..fd2f022ec1 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -126,21 +126,23 @@ void ProfileLogger::Log() run_state::network_time, (utime + stime) - (first_utime + first_stime), utime - first_utime, stime - first_stime, rtime - first_rtime)); - int conn_mem_use = expensive ? session_mgr->ConnectionMemoryUsage() : 0; + int conn_mem_use = expensive ? session_mgr->SessionMemoryUsage() : 0; double avg_conn_mem_use = 0; - if ( expensive && session_mgr->CurrentConnections() != 0 ) - avg_conn_mem_use = conn_mem_use / static_cast(session_mgr->CurrentConnections()); + if ( expensive && session_mgr->CurrentSessions() != 0 ) + avg_conn_mem_use = conn_mem_use / static_cast(session_mgr->CurrentSessions()); + // TODO: This previously output the number of connections, but now that we're storing sessions + // as well as connections, this might need to be renamed. file->Write(util::fmt("%.06f Conns: total=%" PRIu64 " current=%" PRIu64 "/%" PRIi32 " mem=%" PRIi32 "K avg=%.1f table=%" PRIu32 "K connvals=%" PRIu32 "K\n", run_state::network_time, Connection::TotalConnections(), Connection::CurrentConnections(), - session_mgr->CurrentConnections(), + session_mgr->CurrentSessions(), conn_mem_use, avg_conn_mem_use, expensive ? session_mgr->MemoryAllocation() / 1024 : 0, - expensive ? session_mgr->ConnectionMemoryUsageConnVals() / 1024 : 0 + expensive ? session_mgr->SessionMemoryUsageVals() / 1024 : 0 )); SessionStats s; diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index efdc8a0670..2f3bb22fcc 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -787,7 +787,7 @@ void Analyzer::UpdateConnVal(RecordVal *conn_val) const RecordValPtr& Analyzer::ConnVal() { - return conn->ConnVal(); + return conn->GetVal(); } void Analyzer::Event(EventHandlerPtr f, const char* name) diff --git a/src/analyzer/Manager.cc b/src/analyzer/Manager.cc index 3d30d79868..7efb0ac3fe 100644 --- a/src/analyzer/Manager.cc +++ b/src/analyzer/Manager.cc @@ -628,7 +628,7 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLaye if ( scheduled_analyzer_applied ) conn->EnqueueEvent(scheduled_analyzer_applied, nullptr, - conn->ConnVal(), it->AsVal()); + conn->GetVal(), it->AsVal()); DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled", analyzer_mgr->GetComponentName(*it).c_str()); diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 09d56048a2..401014a968 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -227,7 +227,7 @@ bool TCP_Endpoint::DataSent(double t, uint64_t seq, int len, int caplen, if ( contents_file_write_failure ) tcp_analyzer->EnqueueConnEvent(contents_file_write_failure, - Conn()->ConnVal(), + Conn()->GetVal(), val_mgr->Bool(IsOrig()), make_intrusive(buf) ); diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 86070cf9fa..25547410bb 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -358,7 +358,7 @@ void TCP_Reassembler::RecordBlock(const DataBlock& b, const FilePtr& f) if ( contents_file_write_failure ) tcp_analyzer->EnqueueConnEvent(contents_file_write_failure, - Endpoint()->Conn()->ConnVal(), + Endpoint()->Conn()->GetVal(), val_mgr->Bool(IsOrig()), make_intrusive("TCP reassembler content write failure") ); @@ -373,7 +373,7 @@ void TCP_Reassembler::RecordGap(uint64_t start_seq, uint64_t upper_seq, const Fi if ( contents_file_write_failure ) tcp_analyzer->EnqueueConnEvent(contents_file_write_failure, - Endpoint()->Conn()->ConnVal(), + Endpoint()->Conn()->GetVal(), val_mgr->Bool(IsOrig()), make_intrusive("TCP reassembler gap write failure") ); diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index a879a16aa4..e8c58fd77a 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -142,7 +142,7 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig) if ( conns->AsTableVal()->FindOrDefault(idx) ) return false; - conns->AsTableVal()->Assign(std::move(idx), conn->ConnVal()); + conns->AsTableVal()->Assign(std::move(idx), conn->GetVal()); return true; } @@ -152,7 +152,7 @@ void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) { FileEvent(file_over_new_connection, { val, - conn->ConnVal(), + conn->GetVal(), val_mgr->Bool(is_orig), }); } diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 30b3a9fe27..35373a6de0 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -425,7 +425,7 @@ string Manager::GetFileID(const analyzer::Tag& tag, Connection* c, bool is_orig) const auto& tagval = tag.AsVal(); - event_mgr.Enqueue(get_file_handle, tagval, c->ConnVal(), val_mgr->Bool(is_orig)); + event_mgr.Enqueue(get_file_handle, tagval, c->GetVal(), val_mgr->Bool(is_orig)); event_mgr.Drain(); // need file handle immediately so we don't have to buffer data return current_file_id; } diff --git a/src/stats.bif b/src/stats.bif index 7fad9830b6..b0aa5616da 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -88,7 +88,7 @@ function get_conn_stats%(%): ConnStats r->Assign(n++, Connection::TotalConnections()); r->Assign(n++, Connection::CurrentConnections()); - r->Assign(n++, session_mgr->CurrentConnections()); + r->Assign(n++, session_mgr->CurrentSessions()); SessionStats s; if ( session_mgr ) diff --git a/src/zeek.bif b/src/zeek.bif index 5fc0dc4302..17c08f850e 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -3404,7 +3404,7 @@ function lookup_connection%(cid: conn_id%): connection %{ Connection* conn = session_mgr->FindConnection(cid); if ( conn ) - return conn->ConnVal(); + return conn->GetVal(); zeek::emit_builtin_error("connection ID not a known connection", cid);