Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move all Val classes to the zeek namespaces

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-06-24 16:55:28 -04:00
parent ec9eff0bd5
commit 64332ca22c
265 changed files with 3154 additions and 3086 deletions
Download patch file Download diff file Expand all files Collapse all files

2
auxil/bifcl

@ -1 +1 @@
Subproject commit 10a4c007351ab7d16e5cbef0006a5ad9002ea3de Subproject commit 6c07de13247f16490c25a2066c77db1678ccd128

2
auxil/binpac

@ -1 +1 @@
Subproject commit 9c3211ff121ddc677d0ed8bd3a85783f87921cce Subproject commit 4bf3508143994b49b72b77c29a47efc8efc7f1b7

16
src/Anon.cc
View file

@ -358,9 +358,9 @@ AnonymizeIPAddr_A50::Node* AnonymizeIPAddr_A50::find_node(ipaddr32_t a)
return nullptr; return nullptr;
} }
static TableValPtr anon_preserve_orig_addr; static zeek::TableValPtr anon_preserve_orig_addr;
static TableValPtr anon_preserve_resp_addr; static zeek::TableValPtr anon_preserve_resp_addr;
static TableValPtr anon_preserve_other_addr; static zeek::TableValPtr anon_preserve_other_addr;
void zeek::detail::init_ip_addr_anonymizers() void zeek::detail::init_ip_addr_anonymizers()
{ {
@ -373,23 +373,23 @@ void zeek::detail::init_ip_addr_anonymizers()
auto id = global_scope()->Find("preserve_orig_addr"); auto id = global_scope()->Find("preserve_orig_addr");
if ( id ) if ( id )
anon_preserve_orig_addr = zeek::cast_intrusive<TableVal>(id->GetVal()); anon_preserve_orig_addr = zeek::cast_intrusive<zeek::TableVal>(id->GetVal());
id = global_scope()->Find("preserve_resp_addr"); id = global_scope()->Find("preserve_resp_addr");
if ( id ) if ( id )
anon_preserve_resp_addr = zeek::cast_intrusive<TableVal>(id->GetVal()); anon_preserve_resp_addr = zeek::cast_intrusive<zeek::TableVal>(id->GetVal());
id = global_scope()->Find("preserve_other_addr"); id = global_scope()->Find("preserve_other_addr");
if ( id ) if ( id )
anon_preserve_other_addr = zeek::cast_intrusive<TableVal>(id->GetVal()); anon_preserve_other_addr = zeek::cast_intrusive<zeek::TableVal>(id->GetVal());
} }
ipaddr32_t zeek::detail::anonymize_ip(ipaddr32_t ip, enum ip_addr_anonymization_class_t cl) ipaddr32_t zeek::detail::anonymize_ip(ipaddr32_t ip, enum ip_addr_anonymization_class_t cl)
{ {
TableVal* preserve_addr = nullptr; TableVal* preserve_addr = nullptr;
auto addr = zeek::make_intrusive<AddrVal>(ip); auto addr = zeek::make_intrusive<zeek::AddrVal>(ip);
int method = -1; int method = -1;
@ -445,7 +445,7 @@ void zeek::detail::log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output
{ {
if ( anonymization_mapping ) if ( anonymization_mapping )
mgr.Enqueue(anonymization_mapping, mgr.Enqueue(anonymization_mapping,
zeek::make_intrusive<AddrVal>(input), zeek::make_intrusive<zeek::AddrVal>(input),
zeek::make_intrusive<AddrVal>(output) zeek::make_intrusive<AddrVal>(output)
); );
} }

2
src/BifReturnVal.cc
View file

@ -6,6 +6,6 @@
BifReturnVal::BifReturnVal(std::nullptr_t) noexcept BifReturnVal::BifReturnVal(std::nullptr_t) noexcept
{} {}
BifReturnVal::BifReturnVal(Val* v) noexcept BifReturnVal::BifReturnVal(zeek::Val* v) noexcept
: rval(zeek::AdoptRef{}, v) : rval(zeek::AdoptRef{}, v)
{} {}

11
src/BifReturnVal.h
View file

@ -2,10 +2,13 @@
#pragma once #pragma once
#include "zeek-config.h"
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
class Val; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
using ValPtr = zeek::IntrusivePtr<Val>; namespace zeek {
using ValPtr = zeek::IntrusivePtr<zeek::Val>;
}
/** /**
* A simple wrapper class to use for the return value of BIFs so that * A simple wrapper class to use for the return value of BIFs so that
@ -23,7 +26,7 @@ public:
BifReturnVal(std::nullptr_t) noexcept; BifReturnVal(std::nullptr_t) noexcept;
[[deprecated("Remove in v4.1. Return an IntrusivePtr instead.")]] [[deprecated("Remove in v4.1. Return an IntrusivePtr instead.")]]
BifReturnVal(Val* v) noexcept; BifReturnVal(zeek::Val* v) noexcept;
ValPtr rval; zeek::ValPtr rval;
}; };

4
src/BroList.h
View file

@ -4,8 +4,8 @@
#include "List.h" #include "List.h"
class Val; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
using val_list = PList<Val>; using val_list = PList<zeek::Val>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
using expr_list = PList<zeek::detail::Expr>; using expr_list = PList<zeek::detail::Expr>;

8
src/BroString.cc
View file

@ -338,14 +338,14 @@ BroString::Vec* BroString::Split(const BroString::IdxVec& indices) const
return result; return result;
} }
VectorVal* BroString:: VecToPolicy(Vec* vec) zeek::VectorVal* BroString:: VecToPolicy(Vec* vec)
{ {
auto result = zeek::make_intrusive<VectorVal>(zeek::id::string_vec); auto result = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
for ( unsigned int i = 0; i < vec->size(); ++i ) for ( unsigned int i = 0; i < vec->size(); ++i )
{ {
BroString* string = (*vec)[i]; BroString* string = (*vec)[i];
auto val = zeek::make_intrusive<StringVal>(string->Len(), auto val = zeek::make_intrusive<zeek::StringVal>(string->Len(),
(const char*) string->Bytes()); (const char*) string->Bytes());
result->Assign(i+1, std::move(val)); result->Assign(i+1, std::move(val));
} }
@ -353,7 +353,7 @@ VectorVal* BroString:: VecToPolicy(Vec* vec)
return result.release(); return result.release();
} }
BroString::Vec* BroString::VecFromPolicy(VectorVal* vec) BroString::Vec* BroString::VecFromPolicy(zeek::VectorVal* vec)
{ {
Vec* result = new Vec(); Vec* result = new Vec();

8
src/BroString.h
View file

@ -2,6 +2,8 @@
#pragma once #pragma once
#include "zeek-config.h"
#include <vector> #include <vector>
#include <string> #include <string>
#include <iosfwd> #include <iosfwd>
@ -13,7 +15,7 @@ typedef u_char* byte_vec;
// Forward declaration, for helper functions that convert (sub)string vectors // Forward declaration, for helper functions that convert (sub)string vectors
// to and from policy-level representations. // to and from policy-level representations.
// //
class VectorVal; ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
class BroString { class BroString {
public: public:
@ -134,8 +136,8 @@ public:
Vec* Split(const IdxVec& indices) const; Vec* Split(const IdxVec& indices) const;
// Helper functions for vectors: // Helper functions for vectors:
static VectorVal* VecToPolicy(Vec* vec); static zeek::VectorVal* VecToPolicy(Vec* vec);
static Vec* VecFromPolicy(VectorVal* vec); static Vec* VecFromPolicy(zeek::VectorVal* vec);
static char* VecToString(const Vec* vec); static char* VecToString(const Vec* vec);
protected: protected:

82
src/CompHash.cc
View file

@ -72,7 +72,7 @@ CompositeHash::~CompositeHash()
// Computes the piece of the hash for Val*, returning the new kp. // Computes the piece of the hash for Val*, returning the new kp.
char* CompositeHash::SingleValHash(bool type_check, char* kp0, char* CompositeHash::SingleValHash(bool type_check, char* kp0,
zeek::Type* bt, Val* v, bool optional) const zeek::Type* bt, zeek::Val* v, bool optional) const
{ {
char* kp1 = nullptr; char* kp1 = nullptr;
zeek::InternalTypeTag t = bt->InternalType(); zeek::InternalTypeTag t = bt->InternalType();
@ -176,7 +176,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_RECORD: case zeek::TYPE_RECORD:
{ {
char* kp = kp0; char* kp = kp0;
RecordVal* rv = v->AsRecordVal(); zeek::RecordVal* rv = v->AsRecordVal();
zeek::RecordType* rt = bt->AsRecordType(); zeek::RecordType* rt = bt->AsRecordType();
int num_fields = rt->NumFields(); int num_fields = rt->NumFields();
@ -203,13 +203,13 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_TABLE: case zeek::TYPE_TABLE:
{ {
int* kp = AlignAndPadType<int>(kp0); int* kp = AlignAndPadType<int>(kp0);
TableVal* tv = v->AsTableVal(); zeek::TableVal* tv = v->AsTableVal();
*kp = tv->Size(); *kp = tv->Size();
kp1 = reinterpret_cast<char*>(kp+1); kp1 = reinterpret_cast<char*>(kp+1);
auto tbl = tv->AsTable(); auto tbl = tv->AsTable();
auto it = tbl->InitForIteration(); auto it = tbl->InitForIteration();
auto lv = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY); auto lv = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
struct HashKeyComparer { struct HashKeyComparer {
bool operator()(const HashKey* a, const HashKey* b) const bool operator()(const HashKey* a, const HashKey* b) const
@ -262,7 +262,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_VECTOR: case zeek::TYPE_VECTOR:
{ {
unsigned int* kp = AlignAndPadType<unsigned int>(kp0); unsigned int* kp = AlignAndPadType<unsigned int>(kp0);
VectorVal* vv = v->AsVectorVal(); zeek::VectorVal* vv = v->AsVectorVal();
zeek::VectorType* vt = v->GetType()->AsVectorType(); zeek::VectorType* vt = v->GetType()->AsVectorType();
*kp = vv->Size(); *kp = vv->Size();
kp1 = reinterpret_cast<char*>(kp+1); kp1 = reinterpret_cast<char*>(kp+1);
@ -290,12 +290,12 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_LIST: case zeek::TYPE_LIST:
{ {
int* kp = AlignAndPadType<int>(kp0); int* kp = AlignAndPadType<int>(kp0);
ListVal* lv = v->AsListVal(); zeek::ListVal* lv = v->AsListVal();
*kp = lv->Length(); *kp = lv->Length();
kp1 = reinterpret_cast<char*>(kp+1); kp1 = reinterpret_cast<char*>(kp+1);
for ( int i = 0; i < lv->Length(); ++i ) for ( int i = 0; i < lv->Length(); ++i )
{ {
Val* v = lv->Idx(i).get(); zeek::Val* v = lv->Idx(i).get();
if ( ! (kp1 = SingleValHash(type_check, kp1, v->GetType().get(), v, if ( ! (kp1 = SingleValHash(type_check, kp1, v->GetType().get(), v,
false)) ) false)) )
return nullptr; return nullptr;
@ -336,7 +336,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
} }
std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const Val& argv, bool type_check) const std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const zeek::Val& argv, bool type_check) const
{ {
auto v = &argv; auto v = &argv;
@ -345,12 +345,12 @@ std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const Val& argv, bool type_c
if ( is_complex_type && v->GetType()->Tag() != zeek::TYPE_LIST ) if ( is_complex_type && v->GetType()->Tag() != zeek::TYPE_LIST )
{ {
ListVal lv(zeek::TYPE_ANY); zeek::ListVal lv(zeek::TYPE_ANY);
// Cast away const to use ListVal - but since we // Cast away const to use ListVal - but since we
// re-introduce const on the recursive call, it should // re-introduce const on the recursive call, it should
// be okay; the only thing is that the ListVal unref's it. // be okay; the only thing is that the ListVal unref's it.
Val* ncv = (Val*) v; zeek::Val* ncv = (zeek::Val*) v;
lv.Append({zeek::NewRef{}, ncv}); lv.Append({zeek::NewRef{}, ncv});
return MakeHashKey(lv, type_check); return MakeHashKey(lv, type_check);
} }
@ -388,7 +388,7 @@ std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const Val& argv, bool type_c
return std::make_unique<HashKey>((k == key), (void*) k, kp - k); return std::make_unique<HashKey>((k == key), (void*) k, kp - k);
} }
std::unique_ptr<HashKey> CompositeHash::ComputeSingletonHash(const Val* v, bool type_check) const std::unique_ptr<HashKey> CompositeHash::ComputeSingletonHash(const zeek::Val* v, bool type_check) const
{ {
if ( v->GetType()->Tag() == zeek::TYPE_LIST ) if ( v->GetType()->Tag() == zeek::TYPE_LIST )
{ {
@ -450,9 +450,9 @@ std::unique_ptr<HashKey> CompositeHash::ComputeSingletonHash(const Val* v, bool
} }
} }
int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v, int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const zeek::Val* v,
bool type_check, int sz, bool optional, bool type_check, int sz, bool optional,
bool calc_static_size) const bool calc_static_size) const
{ {
zeek::InternalTypeTag t = bt->InternalType(); zeek::InternalTypeTag t = bt->InternalType();
@ -509,7 +509,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
case zeek::TYPE_RECORD: case zeek::TYPE_RECORD:
{ {
const RecordVal* rv = v ? v->AsRecordVal() : nullptr; const zeek::RecordVal* rv = v ? v->AsRecordVal() : nullptr;
zeek::RecordType* rt = bt->AsRecordType(); zeek::RecordType* rt = bt->AsRecordType();
int num_fields = rt->NumFields(); int num_fields = rt->NumFields();
@ -535,7 +535,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return (optional && ! calc_static_size) ? sz : 0; return (optional && ! calc_static_size) ? sz : 0;
sz = SizeAlign(sz, sizeof(int)); sz = SizeAlign(sz, sizeof(int));
TableVal* tv = const_cast<TableVal*>(v->AsTableVal()); zeek::TableVal* tv = const_cast<zeek::TableVal*>(v->AsTableVal());
auto lv = tv->ToListVal(); auto lv = tv->ToListVal();
for ( int i = 0; i < tv->Size(); ++i ) for ( int i = 0; i < tv->Size(); ++i )
{ {
@ -564,7 +564,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return (optional && ! calc_static_size) ? sz : 0; return (optional && ! calc_static_size) ? sz : 0;
sz = SizeAlign(sz, sizeof(unsigned int)); sz = SizeAlign(sz, sizeof(unsigned int));
VectorVal* vv = const_cast<VectorVal*>(v->AsVectorVal()); zeek::VectorVal* vv = const_cast<zeek::VectorVal*>(v->AsVectorVal());
for ( unsigned int i = 0; i < vv->Size(); ++i ) for ( unsigned int i = 0; i < vv->Size(); ++i )
{ {
const auto& val = vv->At(i); const auto& val = vv->At(i);
@ -586,7 +586,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return (optional && ! calc_static_size) ? sz : 0; return (optional && ! calc_static_size) ? sz : 0;
sz = SizeAlign(sz, sizeof(int)); sz = SizeAlign(sz, sizeof(int));
ListVal* lv = const_cast<ListVal*>(v->AsListVal()); zeek::ListVal* lv = const_cast<zeek::ListVal*>(v->AsListVal());
for ( int i = 0; i < lv->Length(); ++i ) for ( int i = 0; i < lv->Length(); ++i )
{ {
sz = SingleTypeKeySize(lv->Idx(i)->GetType().get(), lv->Idx(i).get(), sz = SingleTypeKeySize(lv->Idx(i)->GetType().get(), lv->Idx(i).get(),
@ -623,7 +623,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return sz; return sz;
} }
int CompositeHash::ComputeKeySize(const Val* v, bool type_check, bool calc_static_size) const int CompositeHash::ComputeKeySize(const zeek::Val* v, bool type_check, bool calc_static_size) const
{ {
const auto& tl = type->GetTypes(); const auto& tl = type->GetTypes();
@ -709,16 +709,16 @@ int CompositeHash::SizeAlign(int offset, unsigned int size) const
return offset; return offset;
} }
ListValPtr CompositeHash::RecoverVals(const HashKey& k) const zeek::ListValPtr CompositeHash::RecoverVals(const HashKey& k) const
{ {
auto l = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY); auto l = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
const auto& tl = type->GetTypes(); const auto& tl = type->GetTypes();
const char* kp = (const char*) k.Key(); const char* kp = (const char*) k.Key();
const char* const k_end = kp + k.Size(); const char* const k_end = kp + k.Size();
for ( const auto& type : tl ) for ( const auto& type : tl )
{ {
ValPtr v; zeek::ValPtr v;
kp = RecoverOneVal(k, kp, k_end, type.get(), &v, false); kp = RecoverOneVal(k, kp, k_end, type.get(), &v, false);
ASSERT(v); ASSERT(v);
l->Append(std::move(v)); l->Append(std::move(v));
@ -733,7 +733,7 @@ ListValPtr CompositeHash::RecoverVals(const HashKey& k) const
const char* CompositeHash::RecoverOneVal( const char* CompositeHash::RecoverOneVal(
const HashKey& k, const char* kp0, const HashKey& k, const char* kp0,
const char* const k_end, zeek::Type* t, const char* const k_end, zeek::Type* t,
ValPtr* pval, bool optional) const zeek::ValPtr* pval, bool optional) const
{ {
// k->Size() == 0 for a single empty string. // k->Size() == 0 for a single empty string.
if ( kp0 >= k_end && k.Size() > 0 ) if ( kp0 >= k_end && k.Size() > 0 )
@ -804,11 +804,11 @@ const char* CompositeHash::RecoverOneVal(
kp1 = reinterpret_cast<const char*>(kp+1); kp1 = reinterpret_cast<const char*>(kp+1);
if ( tag == zeek::TYPE_INTERVAL ) if ( tag == zeek::TYPE_INTERVAL )
*pval = zeek::make_intrusive<IntervalVal>(*kp, 1.0); *pval = zeek::make_intrusive<zeek::IntervalVal>(*kp, 1.0);
else if ( tag == zeek::TYPE_TIME ) else if ( tag == zeek::TYPE_TIME )
*pval = zeek::make_intrusive<TimeVal>(*kp); *pval = zeek::make_intrusive<zeek::TimeVal>(*kp);
else else
*pval = zeek::make_intrusive<DoubleVal>(*kp); *pval = zeek::make_intrusive<zeek::DoubleVal>(*kp);
} }
break; break;
@ -821,7 +821,7 @@ const char* CompositeHash::RecoverOneVal(
switch ( tag ) { switch ( tag ) {
case zeek::TYPE_ADDR: case zeek::TYPE_ADDR:
*pval = zeek::make_intrusive<AddrVal>(addr); *pval = zeek::make_intrusive<zeek::AddrVal>(addr);
break; break;
default: default:
@ -836,7 +836,7 @@ const char* CompositeHash::RecoverOneVal(
{ {
const uint32_t* const kp = AlignType<uint32_t>(kp0); const uint32_t* const kp = AlignType<uint32_t>(kp0);
kp1 = reinterpret_cast<const char*>(kp+5); kp1 = reinterpret_cast<const char*>(kp+5);
*pval = zeek::make_intrusive<SubNetVal>(kp, kp[4]); *pval = zeek::make_intrusive<zeek::SubNetVal>(kp, kp[4]);
} }
break; break;
@ -854,7 +854,7 @@ const char* CompositeHash::RecoverOneVal(
if ( ! f ) if ( ! f )
reporter->InternalError("failed to look up unique function id %" PRIu32 " in CompositeHash::RecoverOneVal()", *kp); reporter->InternalError("failed to look up unique function id %" PRIu32 " in CompositeHash::RecoverOneVal()", *kp);
*pval = zeek::make_intrusive<Val>(f); *pval = zeek::make_intrusive<zeek::Val>(f);
const auto& pvt = (*pval)->GetType(); const auto& pvt = (*pval)->GetType();
if ( ! pvt ) if ( ! pvt )
@ -894,7 +894,7 @@ const char* CompositeHash::RecoverOneVal(
reporter->InternalError("failed compiling table/set key pattern: %s", reporter->InternalError("failed compiling table/set key pattern: %s",
re->PatternText()); re->PatternText());
*pval = zeek::make_intrusive<PatternVal>(re); *pval = zeek::make_intrusive<zeek::PatternVal>(re);
} }
break; break;
@ -904,11 +904,11 @@ const char* CompositeHash::RecoverOneVal(
zeek::RecordType* rt = t->AsRecordType(); zeek::RecordType* rt = t->AsRecordType();
int num_fields = rt->NumFields(); int num_fields = rt->NumFields();
std::vector<ValPtr> values; std::vector<zeek::ValPtr> values;
int i; int i;
for ( i = 0; i < num_fields; ++i ) for ( i = 0; i < num_fields; ++i )
{ {
ValPtr v; zeek::ValPtr v;
zeek::detail::Attributes* a = rt->FieldDecl(i)->attrs.get(); zeek::detail::Attributes* a = rt->FieldDecl(i)->attrs.get();
bool optional = (a && a->Find(zeek::detail::ATTR_OPTIONAL)); bool optional = (a && a->Find(zeek::detail::ATTR_OPTIONAL));
@ -931,7 +931,7 @@ const char* CompositeHash::RecoverOneVal(
ASSERT(int(values.size()) == num_fields); ASSERT(int(values.size()) == num_fields);
auto rv = zeek::make_intrusive<RecordVal>(zeek::IntrusivePtr{zeek::NewRef{}, rt}); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::IntrusivePtr{zeek::NewRef{}, rt});
for ( int i = 0; i < num_fields; ++i ) for ( int i = 0; i < num_fields; ++i )
rv->Assign(i, std::move(values[i])); rv->Assign(i, std::move(values[i]));
@ -948,18 +948,18 @@ const char* CompositeHash::RecoverOneVal(
n = *kp; n = *kp;
kp1 = reinterpret_cast<const char*>(kp+1); kp1 = reinterpret_cast<const char*>(kp+1);
zeek::TableType* tt = t->AsTableType(); zeek::TableType* tt = t->AsTableType();
auto tv = zeek::make_intrusive<TableVal>(zeek::IntrusivePtr{zeek::NewRef{}, tt}); auto tv = zeek::make_intrusive<zeek::TableVal>(zeek::IntrusivePtr{zeek::NewRef{}, tt});
for ( int i = 0; i < n; ++i ) for ( int i = 0; i < n; ++i )
{ {
ValPtr key; zeek::ValPtr key;
kp1 = RecoverOneVal(k, kp1, k_end, tt->GetIndices().get(), &key, false); kp1 = RecoverOneVal(k, kp1, k_end, tt->GetIndices().get(), &key, false);
if ( t->IsSet() ) if ( t->IsSet() )
tv->Assign(std::move(key), nullptr); tv->Assign(std::move(key), nullptr);
else else
{ {
ValPtr value; zeek::ValPtr value;
kp1 = RecoverOneVal(k, kp1, k_end, tt->Yield().get(), &value, kp1 = RecoverOneVal(k, kp1, k_end, tt->Yield().get(), &value,
false); false);
tv->Assign(std::move(key), std::move(value)); tv->Assign(std::move(key), std::move(value));
@ -977,7 +977,7 @@ const char* CompositeHash::RecoverOneVal(
n = *kp; n = *kp;
kp1 = reinterpret_cast<const char*>(kp+1); kp1 = reinterpret_cast<const char*>(kp+1);
zeek::VectorType* vt = t->AsVectorType(); zeek::VectorType* vt = t->AsVectorType();
auto vv = zeek::make_intrusive<VectorVal>(zeek::IntrusivePtr{zeek::NewRef{}, vt}); auto vv = zeek::make_intrusive<zeek::VectorVal>(zeek::IntrusivePtr{zeek::NewRef{}, vt});
for ( unsigned int i = 0; i < n; ++i ) for ( unsigned int i = 0; i < n; ++i )
{ {
@ -987,7 +987,7 @@ const char* CompositeHash::RecoverOneVal(
kp = AlignType<unsigned int>(kp1); kp = AlignType<unsigned int>(kp1);
unsigned int have_val = *kp; unsigned int have_val = *kp;
kp1 = reinterpret_cast<const char*>(kp+1); kp1 = reinterpret_cast<const char*>(kp+1);
ValPtr value; zeek::ValPtr value;
if ( have_val ) if ( have_val )
kp1 = RecoverOneVal(k, kp1, k_end, vt->Yield().get(), &value, kp1 = RecoverOneVal(k, kp1, k_end, vt->Yield().get(), &value,
@ -1007,11 +1007,11 @@ const char* CompositeHash::RecoverOneVal(
n = *kp; n = *kp;
kp1 = reinterpret_cast<const char*>(kp+1); kp1 = reinterpret_cast<const char*>(kp+1);
zeek::TypeList* tl = t->AsTypeList(); zeek::TypeList* tl = t->AsTypeList();
auto lv = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY); auto lv = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
for ( int i = 0; i < n; ++i ) for ( int i = 0; i < n; ++i )
{ {
ValPtr v; zeek::ValPtr v;
zeek::Type* it = tl->GetTypes()[i].get(); zeek::Type* it = tl->GetTypes()[i].get();
kp1 = RecoverOneVal(k, kp1, k_end, it, &v, false); kp1 = RecoverOneVal(k, kp1, k_end, it, &v, false);
lv->Append(std::move(v)); lv->Append(std::move(v));
@ -1047,7 +1047,7 @@ const char* CompositeHash::RecoverOneVal(
kp1 = reinterpret_cast<const char*>(kp+1); kp1 = reinterpret_cast<const char*>(kp+1);
} }
*pval = zeek::make_intrusive<StringVal>(new BroString((const byte_vec) kp1, n, true)); *pval = zeek::make_intrusive<zeek::StringVal>(new BroString((const byte_vec) kp1, n, true));
kp1 += n; kp1 += n;
} }
break; break;

28
src/CompHash.h
View file

@ -7,10 +7,12 @@
#include "Type.h" #include "Type.h"
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
class ListVal; ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek);
class HashKey; class HashKey;
namespace zeek {
using ListValPtr = zeek::IntrusivePtr<ListVal>; using ListValPtr = zeek::IntrusivePtr<ListVal>;
}
class CompositeHash { class CompositeHash {
public: public:
@ -19,27 +21,27 @@ public:
// Compute the hash corresponding to the given index val, // Compute the hash corresponding to the given index val,
// or nullptr if it fails to typecheck. // or nullptr if it fails to typecheck.
std::unique_ptr<HashKey> MakeHashKey(const Val& v, bool type_check) const; std::unique_ptr<HashKey> MakeHashKey(const zeek::Val& v, bool type_check) const;
[[deprecated("Remove in v4.1. Use MakeHashKey().")]] [[deprecated("Remove in v4.1. Use MakeHashKey().")]]
HashKey* ComputeHash(const Val* v, bool type_check) const HashKey* ComputeHash(const zeek::Val* v, bool type_check) const
{ return MakeHashKey(*v, type_check).release(); } { return MakeHashKey(*v, type_check).release(); }
// Given a hash key, recover the values used to create it. // Given a hash key, recover the values used to create it.
ListValPtr RecoverVals(const HashKey& k) const; zeek::ListValPtr RecoverVals(const HashKey& k) const;
[[deprecated("Remove in v4.1. Pass in HashKey& instead.")]] [[deprecated("Remove in v4.1. Pass in HashKey& instead.")]]
ListValPtr RecoverVals(const HashKey* k) const zeek::ListValPtr RecoverVals(const HashKey* k) const
{ return RecoverVals(*k); } { return RecoverVals(*k); }
unsigned int MemoryAllocation() const { return padded_sizeof(*this) + pad_size(size); } unsigned int MemoryAllocation() const { return padded_sizeof(*this) + pad_size(size); }
protected: protected:
std::unique_ptr<HashKey> ComputeSingletonHash(const Val* v, bool type_check) const; std::unique_ptr<HashKey> ComputeSingletonHash(const zeek::Val* v, bool type_check) const;
// Computes the piece of the hash for Val*, returning the new kp. // Computes the piece of the hash for Val*, returning the new kp.
// Used as a helper for ComputeHash in the non-singleton case. // Used as a helper for ComputeHash in the non-singleton case.
char* SingleValHash(bool type_check, char* kp, zeek::Type* bt, Val* v, char* SingleValHash(bool type_check, char* kp, zeek::Type* bt, zeek::Val* v,
bool optional) const; bool optional) const;
// Recovers just one Val of possibly many; called from RecoverVals. // Recovers just one Val of possibly many; called from RecoverVals.
@ -48,7 +50,7 @@ protected:
// upon errors, so there is no return value for invalid input. // upon errors, so there is no return value for invalid input.
const char* RecoverOneVal( const char* RecoverOneVal(
const HashKey& k, const char* kp, const char* const k_end, const HashKey& k, const char* kp, const char* const k_end,
zeek::Type* t, ValPtr* pval, bool optional) const; zeek::Type* t, zeek::ValPtr* pval, bool optional) const;
// Rounds the given pointer up to the nearest multiple of the // Rounds the given pointer up to the nearest multiple of the
// given size, if not already a multiple. // given size, if not already a multiple.
@ -84,12 +86,12 @@ protected:
// the value is computed for the particular list of values. // the value is computed for the particular list of values.
// Returns 0 if the key has an indeterminant size (if v not given), // Returns 0 if the key has an indeterminant size (if v not given),
// or if v doesn't match the index type (if given). // or if v doesn't match the index type (if given).
int ComputeKeySize(const Val* v, bool type_check, int ComputeKeySize(const zeek::Val* v, bool type_check,
bool calc_static_size) const; bool calc_static_size) const;
int SingleTypeKeySize(zeek::Type*, const Val*, int SingleTypeKeySize(zeek::Type*, const zeek::Val*,
bool type_check, int sz, bool optional, bool type_check, int sz, bool optional,
bool calc_static_size) const; bool calc_static_size) const;
zeek::TypeListPtr type; zeek::TypeListPtr type;
char* key; // space for composite key char* key; // space for composite key

38
src/Conn.cc
View file

@ -337,26 +337,26 @@ void Connection::StatusUpdateTimer(double t)
TIMER_CONN_STATUS_UPDATE); TIMER_CONN_STATUS_UPDATE);
} }
RecordVal* Connection::BuildConnVal() zeek::RecordVal* Connection::BuildConnVal()
{ {
return ConnVal()->Ref()->AsRecordVal(); return ConnVal()->Ref()->AsRecordVal();
} }
const RecordValPtr& Connection::ConnVal() const zeek::RecordValPtr& Connection::ConnVal()
{ {
if ( ! conn_val ) if ( ! conn_val )
{ {
conn_val = zeek::make_intrusive<RecordVal>(zeek::id::connection); conn_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::connection);
TransportProto prot_type = ConnTransport(); TransportProto prot_type = ConnTransport();
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id); auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(orig_addr)); id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(orig_addr));
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type)); id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(resp_addr)); id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type)); id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
auto orig_endp = zeek::make_intrusive<RecordVal>(zeek::id::endpoint); auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
orig_endp->Assign(0, val_mgr->Count(0)); orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(0)); orig_endp->Assign(1, val_mgr->Count(0));
orig_endp->Assign(4, val_mgr->Count(orig_flow_label)); orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
@ -365,27 +365,27 @@ const RecordValPtr& Connection::ConnVal()
char null[l2_len]{}; char null[l2_len]{};
if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 ) if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
orig_endp->Assign(5, zeek::make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len))); orig_endp->Assign(5, zeek::make_intrusive<zeek::StringVal>(fmt_mac(orig_l2_addr, l2_len)));
auto resp_endp = zeek::make_intrusive<RecordVal>(zeek::id::endpoint); auto resp_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
resp_endp->Assign(0, val_mgr->Count(0)); resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(0)); resp_endp->Assign(1, val_mgr->Count(0));
resp_endp->Assign(4, val_mgr->Count(resp_flow_label)); resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 ) if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 )
resp_endp->Assign(5, zeek::make_intrusive<StringVal>(fmt_mac(resp_l2_addr, l2_len))); resp_endp->Assign(5, zeek::make_intrusive<zeek::StringVal>(fmt_mac(resp_l2_addr, l2_len)));
conn_val->Assign(0, std::move(id_val)); conn_val->Assign(0, std::move(id_val));
conn_val->Assign(1, std::move(orig_endp)); conn_val->Assign(1, std::move(orig_endp));
conn_val->Assign(2, std::move(resp_endp)); conn_val->Assign(2, std::move(resp_endp));
// 3 and 4 are set below. // 3 and 4 are set below.
conn_val->Assign(5, zeek::make_intrusive<TableVal>(zeek::id::string_set)); // service conn_val->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set)); // service
conn_val->Assign(6, val_mgr->EmptyString()); // history conn_val->Assign(6, val_mgr->EmptyString()); // history
if ( ! uid ) if ( ! uid )
uid.Set(bits_per_uid); uid.Set(bits_per_uid);
conn_val->Assign(7, zeek::make_intrusive<StringVal>(uid.Base62("C").c_str())); conn_val->Assign(7, zeek::make_intrusive<zeek::StringVal>(uid.Base62("C").c_str()));
if ( encapsulation && encapsulation->Depth() > 0 ) if ( encapsulation && encapsulation->Depth() > 0 )
conn_val->Assign(8, encapsulation->ToVal()); conn_val->Assign(8, encapsulation->ToVal());
@ -401,9 +401,9 @@ const RecordValPtr& Connection::ConnVal()
if ( root_analyzer ) if ( root_analyzer )
root_analyzer->UpdateConnVal(conn_val.get()); root_analyzer->UpdateConnVal(conn_val.get());
conn_val->Assign(3, zeek::make_intrusive<TimeVal>(start_time)); // ### conn_val->Assign(3, zeek::make_intrusive<zeek::TimeVal>(start_time)); // ###
conn_val->Assign(4, zeek::make_intrusive<IntervalVal>(last_time - start_time)); conn_val->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(last_time - start_time));
conn_val->Assign(6, zeek::make_intrusive<StringVal>(history.c_str())); conn_val->Assign(6, zeek::make_intrusive<zeek::StringVal>(history.c_str()));
conn_val->Assign(11, val_mgr->Bool(is_successful)); conn_val->Assign(11, val_mgr->Bool(is_successful));
conn_val->SetOrigin(this); conn_val->SetOrigin(this);
@ -433,7 +433,7 @@ void Connection::AppendAddl(const char* str)
const char* old = cv->GetField(6)->AsString()->CheckString(); const char* old = cv->GetField(6)->AsString()->CheckString();
const char* format = *old ? "%s %s" : "%s%s"; const char* format = *old ? "%s %s" : "%s%s";
cv->Assign(6, zeek::make_intrusive<StringVal>(fmt(format, old, str))); cv->Assign(6, zeek::make_intrusive<zeek::StringVal>(fmt(format, old, str)));
} }
// Returns true if the character at s separates a version number. // Returns true if the character at s separates a version number.
@ -470,12 +470,12 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch
return; return;
if ( name ) if ( name )
EnqueueEvent(f, analyzer, zeek::make_intrusive<StringVal>(name), ConnVal()); EnqueueEvent(f, analyzer, zeek::make_intrusive<zeek::StringVal>(name), ConnVal());
else else
EnqueueEvent(f, analyzer, ConnVal()); EnqueueEvent(f, analyzer, ConnVal());
} }
void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2) void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2)
{ {
if ( ! f ) if ( ! f )
{ {
@ -697,7 +697,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
{ {
if ( conn_val ) if ( conn_val )
{ {
RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal(); zeek::RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal();
endp->Assign(4, val_mgr->Count(flow_label)); endp->Assign(4, val_mgr->Count(flow_label));
} }

19
src/Conn.h
View file

@ -29,11 +29,14 @@ class RuleHdrTest;
class Specific_RE_Matcher; class Specific_RE_Matcher;
class RuleEndpointState; class RuleEndpointState;
class EncapsulationStack; class EncapsulationStack;
class Val;
class RecordVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecorVal, zeek);
namespace zeek {
using ValPtr = zeek::IntrusivePtr<Val>; using ValPtr = zeek::IntrusivePtr<Val>;
using RecordValPtr = zeek::IntrusivePtr<RecordVal>; using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
}
namespace analyzer { class TransportLayerAnalyzer; } namespace analyzer { class TransportLayerAnalyzer; }
@ -167,12 +170,12 @@ public:
void EnableStatusUpdateTimer(); void EnableStatusUpdateTimer();
[[deprecated("Remove in v4.1. Use ConnVal() instead.")]] [[deprecated("Remove in v4.1. Use ConnVal() instead.")]]
RecordVal* BuildConnVal(); zeek::RecordVal* BuildConnVal();
/** /**
* Returns the associated "connection" record. * Returns the associated "connection" record.
*/ */
const RecordValPtr& ConnVal(); const zeek::RecordValPtr& ConnVal();
void AppendAddl(const char* str); void AppendAddl(const char* str);
@ -197,7 +200,7 @@ public:
// argument is the connection value, second argument is 'v1', and if 'v2' // argument is the connection value, second argument is 'v1', and if 'v2'
// is given that will be it's third argument. // is given that will be it's third argument.
[[deprecated("Remove in v4.1. Use EnqueueEvent() instead (note it doesn't automatically add the connection argument).")]] [[deprecated("Remove in v4.1. Use EnqueueEvent() instead (note it doesn't automatically add the connection argument).")]]
void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = nullptr); void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2 = nullptr);
// If a handler exists for 'f', an event will be generated. In any case, // If a handler exists for 'f', an event will be generated. In any case,
// reference count for each element in the 'vl' list are decremented. The // reference count for each element in the 'vl' list are decremented. The
@ -237,8 +240,8 @@ public:
*/ */
template <class... Args> template <class... Args>
std::enable_if_t< std::enable_if_t<
std::is_convertible_v< std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>> std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args) EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); } { return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
@ -358,7 +361,7 @@ protected:
u_char resp_l2_addr[Packet::l2_addr_len]; // Link-layer responder address, if available u_char resp_l2_addr[Packet::l2_addr_len]; // Link-layer responder address, if available
double start_time, last_time; double start_time, last_time;
double inactivity_timeout; double inactivity_timeout;
RecordValPtr conn_val; zeek::RecordValPtr conn_val;
LoginConn* login_conn; // either nil, or this LoginConn* login_conn; // either nil, or this
const EncapsulationStack* encapsulation; // tunnels const EncapsulationStack* encapsulation; // tunnels
int suppress_event; // suppress certain events to once per conn. int suppress_event; // suppress certain events to once per conn.

64
src/DNS_Mgr.cc
View file

@ -122,9 +122,9 @@ public:
return req_host ? req_host : req_addr.AsString(); return req_host ? req_host : req_addr.AsString();
} }
ListValPtr Addrs(); zeek::ListValPtr Addrs();
TableValPtr AddrsSet(); // addresses returned as a set zeek::TableValPtr AddrsSet(); // addresses returned as a set
StringValPtr Host(); zeek::StringValPtr Host();
double CreationTime() const { return creation_time; } double CreationTime() const { return creation_time; }
@ -155,11 +155,11 @@ protected:
int num_names; int num_names;
char** names; char** names;
StringValPtr host_val; zeek::StringValPtr host_val;
int num_addrs; int num_addrs;
IPAddr* addrs; IPAddr* addrs;
ListValPtr addrs_val; zeek::ListValPtr addrs_val;
double creation_time; double creation_time;
int map_type; int map_type;
@ -173,13 +173,13 @@ void DNS_Mgr_mapping_delete_func(void* v)
delete (DNS_Mapping*) v; delete (DNS_Mapping*) v;
} }
static TableValPtr empty_addr_set() static zeek::TableValPtr empty_addr_set()
{ {
auto addr_t = zeek::base_type(zeek::TYPE_ADDR); auto addr_t = zeek::base_type(zeek::TYPE_ADDR);
auto set_index = zeek::make_intrusive<zeek::TypeList>(addr_t); auto set_index = zeek::make_intrusive<zeek::TypeList>(addr_t);
set_index->Append(std::move(addr_t)); set_index->Append(std::move(addr_t));
auto s = zeek::make_intrusive<zeek::SetType>(std::move(set_index), nullptr); auto s = zeek::make_intrusive<zeek::SetType>(std::move(set_index), nullptr);
return zeek::make_intrusive<TableVal>(std::move(s)); return zeek::make_intrusive<zeek::TableVal>(std::move(s));
} }
DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl) DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl)
@ -276,23 +276,23 @@ DNS_Mapping::~DNS_Mapping()
delete [] addrs; delete [] addrs;
} }
ListValPtr DNS_Mapping::Addrs() zeek::ListValPtr DNS_Mapping::Addrs()
{ {
if ( failed ) if ( failed )
return nullptr; return nullptr;
if ( ! addrs_val ) if ( ! addrs_val )
{ {
addrs_val = zeek::make_intrusive<ListVal>(zeek::TYPE_ADDR); addrs_val = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ADDR);
for ( int i = 0; i < num_addrs; ++i ) for ( int i = 0; i < num_addrs; ++i )
addrs_val->Append(zeek::make_intrusive<AddrVal>(addrs[i])); addrs_val->Append(zeek::make_intrusive<zeek::AddrVal>(addrs[i]));
} }
return addrs_val; return addrs_val;
} }
TableValPtr DNS_Mapping::AddrsSet() { zeek::TableValPtr DNS_Mapping::AddrsSet() {
auto l = Addrs(); auto l = Addrs();
if ( ! l ) if ( ! l )
@ -301,13 +301,13 @@ TableValPtr DNS_Mapping::AddrsSet() {
return l->ToSetVal(); return l->ToSetVal();
} }
StringValPtr DNS_Mapping::Host() zeek::StringValPtr DNS_Mapping::Host()
{ {
if ( failed || num_names == 0 || ! names[0] ) if ( failed || num_names == 0 || ! names[0] )
return nullptr; return nullptr;
if ( ! host_val ) if ( ! host_val )
host_val = zeek::make_intrusive<StringVal>(names[0]); host_val = zeek::make_intrusive<zeek::StringVal>(names[0]);
return host_val; return host_val;
} }
@ -461,12 +461,12 @@ void DNS_Mgr::InitPostScript()
LoadCache(fopen(cache_name, "r")); LoadCache(fopen(cache_name, "r"));
} }
static TableValPtr fake_name_lookup_result(const char* name) static zeek::TableValPtr fake_name_lookup_result(const char* name)
{ {
hash128_t hash; hash128_t hash;
KeyedHash::StaticHash128(name, strlen(name), &hash); KeyedHash::StaticHash128(name, strlen(name), &hash);
auto hv = zeek::make_intrusive<ListVal>(zeek::TYPE_ADDR); auto hv = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ADDR);
hv->Append(zeek::make_intrusive<AddrVal>(reinterpret_cast<const uint32_t*>(&hash))); hv->Append(zeek::make_intrusive<zeek::AddrVal>(reinterpret_cast<const uint32_t*>(&hash)));
return hv->ToSetVal(); return hv->ToSetVal();
} }
@ -485,7 +485,7 @@ static const char* fake_addr_lookup_result(const IPAddr& addr)
return tmp; return tmp;
} }
TableValPtr DNS_Mgr::LookupHost(const char* name) zeek::TableValPtr DNS_Mgr::LookupHost(const char* name)
{ {
if ( mode == DNS_FAKE ) if ( mode == DNS_FAKE )
return fake_name_lookup_result(name); return fake_name_lookup_result(name);
@ -542,7 +542,7 @@ TableValPtr DNS_Mgr::LookupHost(const char* name)
} }
} }
ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr) zeek::ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
{ {
InitSource(); InitSource();
@ -559,7 +559,7 @@ ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
{ {
string s(addr); string s(addr);
reporter->Warning("can't resolve IP address: %s", s.c_str()); reporter->Warning("can't resolve IP address: %s", s.c_str());
return zeek::make_intrusive<StringVal>(s.c_str()); return zeek::make_intrusive<zeek::StringVal>(s.c_str());
} }
} }
} }
@ -568,7 +568,7 @@ ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
switch ( mode ) { switch ( mode ) {
case DNS_PRIME: case DNS_PRIME:
requests.push_back(new DNS_Mgr_Request(addr)); requests.push_back(new DNS_Mgr_Request(addr));
return zeek::make_intrusive<StringVal>("<none>"); return zeek::make_intrusive<zeek::StringVal>("<none>");
case DNS_FORCE: case DNS_FORCE:
reporter->FatalError("can't find DNS entry for %s in cache", reporter->FatalError("can't find DNS entry for %s in cache",
@ -698,7 +698,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm)
} }
void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm,
ListValPtr l1, ListValPtr l2) zeek::ListValPtr l1, zeek::ListValPtr l2)
{ {
if ( ! e ) if ( ! e )
return; return;
@ -714,17 +714,17 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm)
mgr.Enqueue(e, BuildMappingVal(old_dm), BuildMappingVal(new_dm)); mgr.Enqueue(e, BuildMappingVal(old_dm), BuildMappingVal(new_dm));
} }
ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) zeek::ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
{ {
auto r = zeek::make_intrusive<RecordVal>(dm_rec); auto r = zeek::make_intrusive<zeek::RecordVal>(dm_rec);
r->Assign(0, zeek::make_intrusive<TimeVal>(dm->CreationTime())); r->Assign(0, zeek::make_intrusive<zeek::TimeVal>(dm->CreationTime()));
r->Assign(1, zeek::make_intrusive<StringVal>(dm->ReqHost() ? dm->ReqHost() : "")); r->Assign(1, zeek::make_intrusive<zeek::StringVal>(dm->ReqHost() ? dm->ReqHost() : ""));
r->Assign(2, zeek::make_intrusive<AddrVal>(dm->ReqAddr())); r->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dm->ReqAddr()));
r->Assign(3, val_mgr->Bool(dm->Valid())); r->Assign(3, val_mgr->Bool(dm->Valid()));
auto h = dm->Host(); auto h = dm->Host();
r->Assign(4, h ? std::move(h) : zeek::make_intrusive<StringVal>("<none>")); r->Assign(4, h ? std::move(h) : zeek::make_intrusive<zeek::StringVal>("<none>"));
r->Assign(5, dm->AddrsSet()); r->Assign(5, dm->AddrsSet());
return r; return r;
@ -870,9 +870,9 @@ void DNS_Mgr::CompareMappings(DNS_Mapping* prev_dm, DNS_Mapping* new_dm)
Event(dns_mapping_altered, new_dm, std::move(prev_delta), std::move(new_delta)); Event(dns_mapping_altered, new_dm, std::move(prev_delta), std::move(new_delta));
} }
ListValPtr DNS_Mgr::AddrListDelta(ListVal* al1, ListVal* al2) zeek::ListValPtr DNS_Mgr::AddrListDelta(zeek::ListVal* al1, zeek::ListVal* al2)
{ {
auto delta = zeek::make_intrusive<ListVal>(zeek::TYPE_ADDR); auto delta = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ADDR);
for ( int i = 0; i < al1->Length(); ++i ) for ( int i = 0; i < al1->Length(); ++i )
{ {
@ -894,7 +894,7 @@ ListValPtr DNS_Mgr::AddrListDelta(ListVal* al1, ListVal* al2)
return delta; return delta;
} }
void DNS_Mgr::DumpAddrList(FILE* f, ListVal* al) void DNS_Mgr::DumpAddrList(FILE* f, zeek::ListVal* al)
{ {
for ( int i = 0; i < al->Length(); ++i ) for ( int i = 0; i < al->Length(); ++i )
{ {
@ -980,7 +980,7 @@ const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr)
return d->names ? d->names[0] : "<\?\?\?>"; return d->names ? d->names[0] : "<\?\?\?>";
} }
TableValPtr DNS_Mgr::LookupNameInCache(const string& name) zeek::TableValPtr DNS_Mgr::LookupNameInCache(const string& name)
{ {
HostMap::iterator it = host_mappings.find(name); HostMap::iterator it = host_mappings.find(name);
if ( it == host_mappings.end() ) if ( it == host_mappings.end() )
@ -1030,7 +1030,7 @@ const char* DNS_Mgr::LookupTextInCache(const string& name)
} }
static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback, static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback,
TableValPtr result) zeek::TableValPtr result)
{ {
callback->Resolved(result.get()); callback->Resolved(result.get());
delete callback; delete callback;

31
src/DNS_Mgr.h
View file

@ -13,19 +13,22 @@
#include "IPAddr.h" #include "IPAddr.h"
#include "util.h" #include "util.h"
template <class T> class IntrusivePtr;
class Val;
class ListVal;
class TableVal;
class Func; class Func;
class EventHandler; class EventHandler;
class DNS_Mgr_Request; class DNS_Mgr_Request;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
using ValPtr = zeek::IntrusivePtr<Val>; using ValPtr = zeek::IntrusivePtr<Val>;
using ListValPtr = zeek::IntrusivePtr<ListVal>; using ListValPtr = zeek::IntrusivePtr<ListVal>;
using TableValPtr = zeek::IntrusivePtr<TableVal>; using TableValPtr = zeek::IntrusivePtr<TableVal>;
}
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
typedef PList<DNS_Mgr_Request> DNS_mgr_request_list; typedef PList<DNS_Mgr_Request> DNS_mgr_request_list;
@ -54,9 +57,9 @@ public:
// Looks up the address or addresses of the given host, and returns // Looks up the address or addresses of the given host, and returns
// a set of addr. // a set of addr.
TableValPtr LookupHost(const char* host); zeek::TableValPtr LookupHost(const char* host);
ValPtr LookupAddr(const IPAddr& addr); zeek::ValPtr LookupAddr(const IPAddr& addr);
// Define the directory where to store the data. // Define the directory where to store the data.
void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); } void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); }
@ -66,7 +69,7 @@ public:
bool Save(); bool Save();
const char* LookupAddrInCache(const IPAddr& addr); const char* LookupAddrInCache(const IPAddr& addr);
TableValPtr LookupNameInCache(const std::string& name); zeek::TableValPtr LookupNameInCache(const std::string& name);
const char* LookupTextInCache(const std::string& name); const char* LookupTextInCache(const std::string& name);
// Support for async lookups. // Support for async lookups.
@ -76,7 +79,7 @@ public:
virtual ~LookupCallback() { } virtual ~LookupCallback() { }
virtual void Resolved(const char* name) { }; virtual void Resolved(const char* name) { };
virtual void Resolved(TableVal* addrs) { }; virtual void Resolved(zeek::TableVal* addrs) { };
virtual void Timeout() = 0; virtual void Timeout() = 0;
}; };
@ -104,15 +107,15 @@ protected:
void Event(EventHandlerPtr e, DNS_Mapping* dm); void Event(EventHandlerPtr e, DNS_Mapping* dm);
void Event(EventHandlerPtr e, DNS_Mapping* dm, void Event(EventHandlerPtr e, DNS_Mapping* dm,
ListValPtr l1, ListValPtr l2); zeek::ListValPtr l1, zeek::ListValPtr l2);
void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm); void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm);
ValPtr BuildMappingVal(DNS_Mapping* dm); zeek::ValPtr BuildMappingVal(DNS_Mapping* dm);
void AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r); void AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r);
void CompareMappings(DNS_Mapping* prev_dm, DNS_Mapping* new_dm); void CompareMappings(DNS_Mapping* prev_dm, DNS_Mapping* new_dm);
ListValPtr AddrListDelta(ListVal* al1, ListVal* al2); zeek::ListValPtr AddrListDelta(zeek::ListVal* al1, zeek::ListVal* al2);
void DumpAddrList(FILE* f, ListVal* al); void DumpAddrList(FILE* f, zeek::ListVal* al);
typedef std::map<std::string, std::pair<DNS_Mapping*, DNS_Mapping*> > HostMap; typedef std::map<std::string, std::pair<DNS_Mapping*, DNS_Mapping*> > HostMap;
typedef std::map<IPAddr, DNS_Mapping*> AddrMap; typedef std::map<IPAddr, DNS_Mapping*> AddrMap;
@ -183,7 +186,7 @@ protected:
processed = true; processed = true;
} }
void Resolved(TableVal* addrs) void Resolved(zeek::TableVal* addrs)
{ {
for ( CallbackList::iterator i = callbacks.begin(); for ( CallbackList::iterator i = callbacks.begin();
i != callbacks.end(); ++i ) i != callbacks.end(); ++i )

6
src/Debug.cc
View file

@ -905,7 +905,7 @@ bool pre_execute_stmt(zeek::detail::Stmt* stmt, Frame* f)
return true; return true;
} }
bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, Val* result, stmt_flow_type* flow) bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, zeek::Val* result, stmt_flow_type* flow)
{ {
// Handle the case where someone issues a "next" debugger command, // Handle the case where someone issues a "next" debugger command,
// but we're at a return statement, so the next statement is in // but we're at a return statement, so the next statement is in
@ -948,7 +948,7 @@ extern YYLTYPE yylloc; // holds start line and column of token
extern int line_number; extern int line_number;
extern const char* filename; extern const char* filename;
ValPtr dbg_eval_expr(const char* expr) zeek::ValPtr dbg_eval_expr(const char* expr)
{ {
// Push the current frame's associated scope. // Push the current frame's associated scope.
// Note: g_debugger_state.curr_frame_idx is the user-visible number, // Note: g_debugger_state.curr_frame_idx is the user-visible number,
@ -983,7 +983,7 @@ ValPtr dbg_eval_expr(const char* expr)
yylloc.first_line = yylloc.last_line = line_number = 1; yylloc.first_line = yylloc.last_line = line_number = 1;
// Parse the thing into an expr. // Parse the thing into an expr.
ValPtr result; zeek::ValPtr result;
if ( yyparse() ) if ( yyparse() )
{ {
if ( g_curr_debug_error ) if ( g_curr_debug_error )

12
src/Debug.h
View file

@ -11,14 +11,12 @@
#include <map> #include <map>
#include <string> #include <string>
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace zeek { namespace zeek {
template <class T> class IntrusivePtr; template <class T> class IntrusivePtr;
}
class Val;
using ValPtr = zeek::IntrusivePtr<Val>; using ValPtr = zeek::IntrusivePtr<Val>;
}
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
// This needs to be defined before we do the includes that come after it. // This needs to be defined before we do the includes that come after it.
enum ParseLocationRecType { plrUnknown, plrFileAndLine, plrFunction }; enum ParseLocationRecType { plrUnknown, plrFileAndLine, plrFunction };
@ -150,7 +148,7 @@ std::vector<ParseLocationRec> parse_location_string(const std::string& s);
// Return true to continue execution, false to abort. // Return true to continue execution, false to abort.
bool pre_execute_stmt(zeek::detail::Stmt* stmt, Frame* f); bool pre_execute_stmt(zeek::detail::Stmt* stmt, Frame* f);
bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, Val* result, stmt_flow_type* flow); bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, zeek::Val* result, stmt_flow_type* flow);
// Returns 1 if successful, 0 otherwise. // Returns 1 if successful, 0 otherwise.
// If cmdfile is non-nil, it contains the location of a file of commands // If cmdfile is non-nil, it contains the location of a file of commands
@ -166,7 +164,7 @@ int dbg_handle_debug_input(); // read a line and then have it executed
int dbg_execute_command(const char* cmd); int dbg_execute_command(const char* cmd);
// Interactive expression evaluation. // Interactive expression evaluation.
ValPtr dbg_eval_expr(const char* expr); zeek::ValPtr dbg_eval_expr(const char* expr);
// Extra debugging facilities. // Extra debugging facilities.
// TODO: current connections, memory allocated, other internal data structures. // TODO: current connections, memory allocated, other internal data structures.

4
src/Discard.cc
View file

@ -155,7 +155,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
return discard_packet; return discard_packet;
} }
Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen) zeek::Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
{ {
len -= hdrlen; len -= hdrlen;
caplen -= hdrlen; caplen -= hdrlen;
@ -163,5 +163,5 @@ Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
len = std::max(std::min(std::min(len, caplen), discarder_maxlen), 0); len = std::max(std::min(std::min(len, caplen), discarder_maxlen), 0);
return new StringVal(new BroString(data, len, true)); return new zeek::StringVal(new BroString(data, len, true));
} }

5
src/Discard.h
View file

@ -7,10 +7,11 @@
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
class IP_Hdr; class IP_Hdr;
class Val;
class Func; class Func;
using FuncPtr = zeek::IntrusivePtr<Func>; using FuncPtr = zeek::IntrusivePtr<Func>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class Discarder { class Discarder {
public: public:
Discarder(); Discarder();
@ -21,7 +22,7 @@ public:
bool NextPacket(const IP_Hdr* ip, int len, int caplen); bool NextPacket(const IP_Hdr* ip, int len, int caplen);
protected: protected:
Val* BuildData(const u_char* data, int hdrlen, int len, int caplen); zeek::Val* BuildData(const u_char* data, int hdrlen, int len, int caplen);
FuncPtr check_ip; FuncPtr check_ip;
FuncPtr check_tcp; FuncPtr check_tcp;

6
src/Event.h
View file

@ -107,8 +107,8 @@ public:
*/ */
template <class... Args> template <class... Args>
std::enable_if_t< std::enable_if_t<
std::is_convertible_v< std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>> std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
Enqueue(const EventHandlerPtr& h, Args&&... args) Enqueue(const EventHandlerPtr& h, Args&&... args)
{ return Enqueue(h, zeek::Args{std::forward<Args>(args)...}); } { return Enqueue(h, zeek::Args{std::forward<Args>(args)...}); }
@ -143,7 +143,7 @@ protected:
Event* tail; Event* tail;
SourceID current_src; SourceID current_src;
analyzer::ID current_aid; analyzer::ID current_aid;
RecordVal* src_val; zeek::RecordVal* src_val;
bool draining; bool draining;
zeek::detail::Flare queue_flare; zeek::detail::Flare queue_flare;
}; };

14
src/EventHandler.cc
View file

@ -118,7 +118,7 @@ void EventHandler::NewEvent(zeek::Args* vl)
const auto& args = GetType()->Params(); const auto& args = GetType()->Params();
static auto call_argument_vector = zeek::id::find_type<zeek::VectorType>("call_argument_vector"); static auto call_argument_vector = zeek::id::find_type<zeek::VectorType>("call_argument_vector");
auto vargs = zeek::make_intrusive<VectorVal>(call_argument_vector); auto vargs = zeek::make_intrusive<zeek::VectorVal>(call_argument_vector);
for ( int i = 0; i < args->NumFields(); i++ ) for ( int i = 0; i < args->NumFields(); i++ )
{ {
@ -127,13 +127,13 @@ void EventHandler::NewEvent(zeek::Args* vl)
auto fdefault = args->FieldDefault(i); auto fdefault = args->FieldDefault(i);
static auto call_argument = zeek::id::find_type<zeek::RecordType>("call_argument"); static auto call_argument = zeek::id::find_type<zeek::RecordType>("call_argument");
auto rec = zeek::make_intrusive<RecordVal>(call_argument); auto rec = zeek::make_intrusive<zeek::RecordVal>(call_argument);
rec->Assign(0, zeek::make_intrusive<StringVal>(fname)); rec->Assign(0, zeek::make_intrusive<zeek::StringVal>(fname));
ODesc d; ODesc d;
d.SetShort(); d.SetShort();
ftype->Describe(&d); ftype->Describe(&d);
rec->Assign(1, zeek::make_intrusive<StringVal>(d.Description())); rec->Assign(1, zeek::make_intrusive<zeek::StringVal>(d.Description()));
if ( fdefault ) if ( fdefault )
rec->Assign(2, std::move(fdefault)); rec->Assign(2, std::move(fdefault));
@ -145,8 +145,8 @@ void EventHandler::NewEvent(zeek::Args* vl)
} }
Event* ev = new Event(new_event, { Event* ev = new Event(new_event, {
zeek::make_intrusive<StringVal>(name), zeek::make_intrusive<zeek::StringVal>(name),
std::move(vargs), std::move(vargs),
}); });
mgr.Dispatch(ev); mgr.Dispatch(ev);
} }

76
src/Expr.cc
View file

@ -235,7 +235,7 @@ ValPtr NameExpr::Eval(Frame* f) const
ValPtr v; ValPtr v;
if ( id->IsType() ) if ( id->IsType() )
return zeek::make_intrusive<Val>(id->GetType(), true); return zeek::make_intrusive<zeek::Val>(id->GetType(), true);
if ( id->IsGlobal() ) if ( id->IsGlobal() )
v = id->GetVal(); v = id->GetVal();
@ -364,7 +364,7 @@ ValPtr UnaryExpr::Eval(Frame* f) const
else else
out_t = GetType<zeek::VectorType>(); out_t = GetType<zeek::VectorType>();
auto result = zeek::make_intrusive<VectorVal>(std::move(out_t)); auto result = zeek::make_intrusive<zeek::VectorVal>(std::move(out_t));
for ( unsigned int i = 0; i < v_op->Size(); ++i ) for ( unsigned int i = 0; i < v_op->Size(); ++i )
{ {
@ -455,7 +455,7 @@ ValPtr BinaryExpr::Eval(Frame* f) const
return nullptr; return nullptr;
} }
auto v_result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto v_result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
for ( unsigned int i = 0; i < v_op1->Size(); ++i ) for ( unsigned int i = 0; i < v_op1->Size(); ++i )
{ {
@ -472,7 +472,7 @@ ValPtr BinaryExpr::Eval(Frame* f) const
if ( IsVector(GetType()->Tag()) && (is_vec1 || is_vec2) ) if ( IsVector(GetType()->Tag()) && (is_vec1 || is_vec2) )
{ // fold vector against scalar { // fold vector against scalar
VectorVal* vv = (is_vec1 ? v1 : v2)->AsVectorVal(); VectorVal* vv = (is_vec1 ? v1 : v2)->AsVectorVal();
auto v_result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto v_result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
for ( unsigned int i = 0; i < vv->Size(); ++i ) for ( unsigned int i = 0; i < vv->Size(); ++i )
{ {
@ -677,11 +677,11 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const
const auto& ret_type = IsVector(GetType()->Tag()) ? GetType()->Yield() : GetType(); const auto& ret_type = IsVector(GetType()->Tag()) ? GetType()->Yield() : GetType();
if ( ret_type->Tag() == zeek::TYPE_INTERVAL ) if ( ret_type->Tag() == zeek::TYPE_INTERVAL )
return zeek::make_intrusive<IntervalVal>(d3); return zeek::make_intrusive<zeek::IntervalVal>(d3);
else if ( ret_type->Tag() == zeek::TYPE_TIME ) else if ( ret_type->Tag() == zeek::TYPE_TIME )
return zeek::make_intrusive<TimeVal>(d3); return zeek::make_intrusive<zeek::TimeVal>(d3);
else if ( ret_type->Tag() == zeek::TYPE_DOUBLE ) else if ( ret_type->Tag() == zeek::TYPE_DOUBLE )
return zeek::make_intrusive<DoubleVal>(d3); return zeek::make_intrusive<zeek::DoubleVal>(d3);
else if ( ret_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED ) else if ( ret_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED )
return val_mgr->Count(u3); return val_mgr->Count(u3);
else if ( ret_type->Tag() == zeek::TYPE_BOOL ) else if ( ret_type->Tag() == zeek::TYPE_BOOL )
@ -714,7 +714,7 @@ ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const
strings.push_back(s1); strings.push_back(s1);
strings.push_back(s2); strings.push_back(s2);
return zeek::make_intrusive<StringVal>(concatenate(strings)); return zeek::make_intrusive<zeek::StringVal>(concatenate(strings));
} }
default: default:
@ -737,7 +737,7 @@ ValPtr BinaryExpr::PatternFold(Val* v1, Val* v2) const
RE_Matcher_conjunction(re1, re2) : RE_Matcher_conjunction(re1, re2) :
RE_Matcher_disjunction(re1, re2); RE_Matcher_disjunction(re1, re2);
return zeek::make_intrusive<PatternVal>(res); return zeek::make_intrusive<zeek::PatternVal>(res);
} }
ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
@ -1101,9 +1101,9 @@ NegExpr::NegExpr(ExprPtr arg_op)
ValPtr NegExpr::Fold(Val* v) const ValPtr NegExpr::Fold(Val* v) const
{ {
if ( v->GetType()->Tag() == zeek::TYPE_DOUBLE ) if ( v->GetType()->Tag() == zeek::TYPE_DOUBLE )
return zeek::make_intrusive<DoubleVal>(- v->InternalDouble()); return zeek::make_intrusive<zeek::DoubleVal>(- v->InternalDouble());
else if ( v->GetType()->Tag() == zeek::TYPE_INTERVAL ) else if ( v->GetType()->Tag() == zeek::TYPE_INTERVAL )
return zeek::make_intrusive<IntervalVal>(- v->InternalDouble()); return zeek::make_intrusive<zeek::IntervalVal>(- v->InternalDouble());
else else
return val_mgr->Int(- v->CoerceToInt()); return val_mgr->Int(- v->CoerceToInt());
} }
@ -1447,7 +1447,7 @@ ValPtr DivideExpr::AddrFold(Val* v1, Val* v2) const
RuntimeError(fmt("bad IPv6 subnet prefix length: %" PRIu32, mask)); RuntimeError(fmt("bad IPv6 subnet prefix length: %" PRIu32, mask));
} }
return zeek::make_intrusive<SubNetVal>(a, mask); return zeek::make_intrusive<zeek::SubNetVal>(a, mask);
} }
ModExpr::ModExpr(ExprPtr arg_op1, ExprPtr arg_op2) ModExpr::ModExpr(ExprPtr arg_op1, ExprPtr arg_op2)
@ -1571,7 +1571,7 @@ ValPtr BoolExpr::Eval(Frame* f) const
if ( scalar_v->IsZero() == is_and ) if ( scalar_v->IsZero() == is_and )
{ {
result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
result->Resize(vector_v->Size()); result->Resize(vector_v->Size());
result->AssignRepeat(0, result->Size(), std::move(scalar_v)); result->AssignRepeat(0, result->Size(), std::move(scalar_v));
} }
@ -1596,7 +1596,7 @@ ValPtr BoolExpr::Eval(Frame* f) const
return nullptr; return nullptr;
} }
auto result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
result->Resize(vec_v1->Size()); result->Resize(vec_v1->Size());
for ( unsigned int i = 0; i < vec_v1->Size(); ++i ) for ( unsigned int i = 0; i < vec_v1->Size(); ++i )
@ -1924,7 +1924,7 @@ ValPtr CondExpr::Eval(Frame* f) const
return nullptr; return nullptr;
} }
auto result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
result->Resize(cond->Size()); result->Resize(cond->Size());
for ( unsigned int i = 0; i < cond->Size(); ++i ) for ( unsigned int i = 0; i < cond->Size(); ++i )
@ -2377,7 +2377,7 @@ ValPtr AssignExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
if ( aggr->GetType()->Tag() != zeek::TYPE_TABLE ) if ( aggr->GetType()->Tag() != zeek::TYPE_TABLE )
Internal("bad aggregate in AssignExpr::InitVal"); Internal("bad aggregate in AssignExpr::InitVal");
auto tv = zeek::cast_intrusive<TableVal>(std::move(aggr)); auto tv = zeek::cast_intrusive<zeek::TableVal>(std::move(aggr));
const TableType* tt = tv->GetType()->AsTableType(); const TableType* tt = tv->GetType()->AsTableType();
const auto& yt = tv->GetType()->Yield(); const auto& yt = tv->GetType()->Yield();
@ -2574,7 +2574,7 @@ ValPtr IndexExpr::Eval(Frame* f) const
{ {
VectorVal* v_v1 = v1->AsVectorVal(); VectorVal* v_v1 = v1->AsVectorVal();
VectorVal* v_v2 = indv->AsVectorVal(); VectorVal* v_v2 = indv->AsVectorVal();
auto v_result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto v_result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
// Booleans select each element (or not). // Booleans select each element (or not).
if ( IsBool(v_v2->GetType()->Yield()->Tag()) ) if ( IsBool(v_v2->GetType()->Yield()->Tag()) )
@ -2635,7 +2635,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
else else
{ {
size_t len = vect->Size(); size_t len = vect->Size();
auto result = zeek::make_intrusive<VectorVal>(vect->GetType<zeek::VectorType>()); auto result = zeek::make_intrusive<zeek::VectorVal>(vect->GetType<zeek::VectorType>());
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len); bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len); bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
@ -2687,7 +2687,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
substring = s->GetSubstring(first, substring_len); substring = s->GetSubstring(first, substring_len);
} }
return zeek::make_intrusive<StringVal>(substring ? substring : new BroString("")); return zeek::make_intrusive<zeek::StringVal>(substring ? substring : new BroString(""));
} }
default: default:
@ -3005,7 +3005,7 @@ ValPtr RecordConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
RecordVal* rv = v->AsRecordVal(); RecordVal* rv = v->AsRecordVal();
auto bt = const_cast<zeek::Type*>(t); auto bt = const_cast<zeek::Type*>(t);
RecordTypePtr rt{zeek::NewRef{}, bt->AsRecordType()}; RecordTypePtr rt{zeek::NewRef{}, bt->AsRecordType()};
auto aggr_rec = zeek::cast_intrusive<RecordVal>(std::move(aggr)); auto aggr_rec = zeek::cast_intrusive<zeek::RecordVal>(std::move(aggr));
auto ar = rv->CoerceTo(std::move(rt), std::move(aggr_rec)); auto ar = rv->CoerceTo(std::move(rt), std::move(aggr_rec));
if ( ar ) if ( ar )
@ -3024,7 +3024,7 @@ ValPtr RecordConstructorExpr::Fold(Val* v) const
if ( lv->Length() != rt->NumFields() ) if ( lv->Length() != rt->NumFields() )
RuntimeErrorWithCallStack("inconsistency evaluating record constructor"); RuntimeErrorWithCallStack("inconsistency evaluating record constructor");
auto rv = zeek::make_intrusive<RecordVal>(std::move(rt)); auto rv = zeek::make_intrusive<zeek::RecordVal>(std::move(rt));
for ( int i = 0; i < lv->Length(); ++i ) for ( int i = 0; i < lv->Length(); ++i )
rv->Assign(i, lv->Idx(i)); rv->Assign(i, lv->Idx(i));
@ -3124,7 +3124,7 @@ ValPtr TableConstructorExpr::Eval(Frame* f) const
if ( IsError() ) if ( IsError() )
return nullptr; return nullptr;
auto aggr = zeek::make_intrusive<TableVal>(GetType<TableType>(), attrs); auto aggr = zeek::make_intrusive<zeek::TableVal>(GetType<TableType>(), attrs);
const expr_list& exprs = op->AsListExpr()->Exprs(); const expr_list& exprs = op->AsListExpr()->Exprs();
for ( const auto& expr : exprs ) for ( const auto& expr : exprs )
@ -3144,7 +3144,7 @@ ValPtr TableConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
auto tval = aggr ? auto tval = aggr ?
TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} : TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} :
zeek::make_intrusive<TableVal>(std::move(tt), attrs); zeek::make_intrusive<zeek::TableVal>(std::move(tt), attrs);
const expr_list& exprs = op->AsListExpr()->Exprs(); const expr_list& exprs = op->AsListExpr()->Exprs();
for ( const auto& expr : exprs ) for ( const auto& expr : exprs )
@ -3233,7 +3233,7 @@ ValPtr SetConstructorExpr::Eval(Frame* f) const
if ( IsError() ) if ( IsError() )
return nullptr; return nullptr;
auto aggr = zeek::make_intrusive<TableVal>(IntrusivePtr{zeek::NewRef{}, type->AsTableType()}, auto aggr = zeek::make_intrusive<zeek::TableVal>(IntrusivePtr{zeek::NewRef{}, type->AsTableType()},
attrs); attrs);
const expr_list& exprs = op->AsListExpr()->Exprs(); const expr_list& exprs = op->AsListExpr()->Exprs();
@ -3255,7 +3255,7 @@ ValPtr SetConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
auto tt = GetType<TableType>(); auto tt = GetType<TableType>();
auto tval = aggr ? auto tval = aggr ?
TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} : TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} :
zeek::make_intrusive<TableVal>(std::move(tt), attrs); zeek::make_intrusive<zeek::TableVal>(std::move(tt), attrs);
const expr_list& exprs = op->AsListExpr()->Exprs(); const expr_list& exprs = op->AsListExpr()->Exprs();
for ( const auto& e : exprs ) for ( const auto& e : exprs )
@ -3327,7 +3327,7 @@ ValPtr VectorConstructorExpr::Eval(Frame* f) const
if ( IsError() ) if ( IsError() )
return nullptr; return nullptr;
auto vec = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto vec = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
const expr_list& exprs = op->AsListExpr()->Exprs(); const expr_list& exprs = op->AsListExpr()->Exprs();
loop_over_list(exprs, i) loop_over_list(exprs, i)
@ -3352,7 +3352,7 @@ ValPtr VectorConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
auto vt = GetType<zeek::VectorType>(); auto vt = GetType<zeek::VectorType>();
auto vec = aggr ? auto vec = aggr ?
VectorValPtr{zeek::AdoptRef{}, aggr.release()->AsVectorVal()} : VectorValPtr{zeek::AdoptRef{}, aggr.release()->AsVectorVal()} :
zeek::make_intrusive<VectorVal>(std::move(vt)); zeek::make_intrusive<zeek::VectorVal>(std::move(vt));
const expr_list& exprs = op->AsListExpr()->Exprs(); const expr_list& exprs = op->AsListExpr()->Exprs();
loop_over_list(exprs, i) loop_over_list(exprs, i)
@ -3456,7 +3456,7 @@ ValPtr ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) const
{ {
switch ( t ) { switch ( t ) {
case zeek::TYPE_INTERNAL_DOUBLE: case zeek::TYPE_INTERNAL_DOUBLE:
return zeek::make_intrusive<DoubleVal>(v->CoerceToDouble()); return zeek::make_intrusive<zeek::DoubleVal>(v->CoerceToDouble());
case zeek::TYPE_INTERNAL_INT: case zeek::TYPE_INTERNAL_INT:
return val_mgr->Int(v->CoerceToInt()); return val_mgr->Int(v->CoerceToInt());
@ -3488,7 +3488,7 @@ ValPtr ArithCoerceExpr::Fold(Val* v) const
t = GetType()->AsVectorType()->Yield()->InternalType(); t = GetType()->AsVectorType()->Yield()->InternalType();
VectorVal* vv = v->AsVectorVal(); VectorVal* vv = v->AsVectorVal();
auto result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); auto result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
for ( unsigned int i = 0; i < vv->Size(); ++i ) for ( unsigned int i = 0; i < vv->Size(); ++i )
{ {
@ -3620,7 +3620,7 @@ ValPtr RecordCoerceExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
RecordVal* rv = v->AsRecordVal(); RecordVal* rv = v->AsRecordVal();
auto bt = const_cast<zeek::Type*>(t); auto bt = const_cast<zeek::Type*>(t);
zeek::RecordTypePtr rt{zeek::NewRef{}, bt->AsRecordType()}; zeek::RecordTypePtr rt{zeek::NewRef{}, bt->AsRecordType()};
auto aggr_rec = zeek::cast_intrusive<RecordVal>(std::move(aggr)); auto aggr_rec = zeek::cast_intrusive<zeek::RecordVal>(std::move(aggr));
if ( auto ar = rv->CoerceTo(std::move(rt), std::move(aggr_rec)) ) if ( auto ar = rv->CoerceTo(std::move(rt), std::move(aggr_rec)) )
return ar; return ar;
@ -3632,7 +3632,7 @@ ValPtr RecordCoerceExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
ValPtr RecordCoerceExpr::Fold(Val* v) const ValPtr RecordCoerceExpr::Fold(Val* v) const
{ {
auto val = zeek::make_intrusive<RecordVal>(GetType<RecordType>()); auto val = zeek::make_intrusive<zeek::RecordVal>(GetType<RecordType>());
RecordType* val_type = val->GetType()->AsRecordType(); RecordType* val_type = val->GetType()->AsRecordType();
RecordVal* rv = v->AsRecordVal(); RecordVal* rv = v->AsRecordVal();
@ -3738,7 +3738,7 @@ ValPtr TableCoerceExpr::Fold(Val* v) const
if ( tv->Size() > 0 ) if ( tv->Size() > 0 )
RuntimeErrorWithCallStack("coercion of non-empty table/set"); RuntimeErrorWithCallStack("coercion of non-empty table/set");
return zeek::make_intrusive<TableVal>(GetType<TableType>(), tv->GetAttrs()); return zeek::make_intrusive<zeek::TableVal>(GetType<TableType>(), tv->GetAttrs());
} }
VectorCoerceExpr::VectorCoerceExpr(ExprPtr arg_op, zeek::VectorTypePtr v) VectorCoerceExpr::VectorCoerceExpr(ExprPtr arg_op, zeek::VectorTypePtr v)
@ -3768,7 +3768,7 @@ ValPtr VectorCoerceExpr::Fold(Val* v) const
if ( vv->Size() > 0 ) if ( vv->Size() > 0 )
RuntimeErrorWithCallStack("coercion of non-empty vector"); RuntimeErrorWithCallStack("coercion of non-empty vector");
return zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>()); return zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
} }
ScheduleTimer::ScheduleTimer(const EventHandlerPtr& arg_event, zeek::Args arg_args, ScheduleTimer::ScheduleTimer(const EventHandlerPtr& arg_event, zeek::Args arg_args,
@ -4206,7 +4206,7 @@ LambdaExpr::LambdaExpr(std::unique_ptr<function_ingredients> arg_ing,
// Update lamb's name // Update lamb's name
dummy_func->SetName(my_name.c_str()); dummy_func->SetName(my_name.c_str());
auto v = zeek::make_intrusive<Val>(std::move(dummy_func)); auto v = zeek::make_intrusive<zeek::Val>(std::move(dummy_func));
id->SetVal(std::move(v)); id->SetVal(std::move(v));
id->SetType(ingredients->id->GetType()); id->SetType(ingredients->id->GetType());
id->SetConst(); id->SetConst();
@ -4232,7 +4232,7 @@ ValPtr LambdaExpr::Eval(Frame* f) const
// Allows for lookups by the receiver. // Allows for lookups by the receiver.
lamb->SetName(my_name.c_str()); lamb->SetName(my_name.c_str());
return zeek::make_intrusive<Val>(std::move(lamb)); return zeek::make_intrusive<zeek::Val>(std::move(lamb));
} }
void LambdaExpr::ExprDescribe(ODesc* d) const void LambdaExpr::ExprDescribe(ODesc* d) const
@ -4367,7 +4367,7 @@ bool ListExpr::IsPure() const
ValPtr ListExpr::Eval(Frame* f) const ValPtr ListExpr::Eval(Frame* f) const
{ {
auto v = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY); auto v = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
for ( const auto& expr : exprs ) for ( const auto& expr : exprs )
{ {
@ -4456,7 +4456,7 @@ ValPtr ListExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
// in which case we should expand as a ListVal. // in which case we should expand as a ListVal.
if ( ! aggr && type->AsTypeList()->AllMatch(t, true) ) if ( ! aggr && type->AsTypeList()->AllMatch(t, true) )
{ {
auto v = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY); auto v = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
const auto& tl = type->AsTypeList()->GetTypes(); const auto& tl = type->AsTypeList()->GetTypes();
if ( exprs.length() != static_cast<int>(tl.size()) ) if ( exprs.length() != static_cast<int>(tl.size()) )
@ -4493,7 +4493,7 @@ ValPtr ListExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
return nullptr; return nullptr;
} }
auto v = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY); auto v = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
loop_over_list(exprs, i) loop_over_list(exprs, i)
{ {

5
src/Expr.h
View file

@ -17,11 +17,14 @@
#include "Val.h" #include "Val.h"
#include "ZeekArgs.h" #include "ZeekArgs.h"
template <class T> class IntrusivePtr;
class Frame; class Frame;
class Scope; class Scope;
struct function_ingredients; struct function_ingredients;
namespace zeek {
template <class T> class IntrusivePtr;
}
namespace zeek::detail { namespace zeek::detail {
using IDPtr = zeek::IntrusivePtr<ID>; using IDPtr = zeek::IntrusivePtr<ID>;

8
src/File.cc
View file

@ -269,7 +269,7 @@ void BroFile::SetAttrs(zeek::detail::Attributes* arg_attrs)
EnableRawOutput(); EnableRawOutput();
} }
RecordVal* BroFile::Rotate() zeek::RecordVal* BroFile::Rotate()
{ {
if ( ! is_open ) if ( ! is_open )
return nullptr; return nullptr;
@ -279,7 +279,7 @@ RecordVal* BroFile::Rotate()
return nullptr; return nullptr;
static auto rotate_info = zeek::id::find_type<zeek::RecordType>("rotate_info"); static auto rotate_info = zeek::id::find_type<zeek::RecordType>("rotate_info");
RecordVal* info = new RecordVal(rotate_info); auto* info = new zeek::RecordVal(rotate_info);
FILE* newf = rotate_file(name, info); FILE* newf = rotate_file(name, info);
if ( ! newf ) if ( ! newf )
@ -288,7 +288,7 @@ RecordVal* BroFile::Rotate()
return nullptr; return nullptr;
} }
info->Assign<TimeVal>(2, open_time); info->Assign<zeek::TimeVal>(2, open_time);
Unlink(); Unlink();
@ -329,7 +329,7 @@ void BroFile::RaiseOpenEvent()
return; return;
BroFilePtr bf{zeek::NewRef{}, this}; BroFilePtr bf{zeek::NewRef{}, this};
Event* event = new ::Event(::file_opened, {zeek::make_intrusive<Val>(std::move(bf))}); Event* event = new ::Event(::file_opened, {zeek::make_intrusive<zeek::Val>(std::move(bf))});
mgr.Dispatch(event, true); mgr.Dispatch(event, true);
} }

5
src/File.h
View file

@ -16,8 +16,6 @@
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
#include "util.h" #include "util.h"
class RecordVal;
namespace zeek { namespace zeek {
class Type; class Type;
using TypePtr = zeek::IntrusivePtr<zeek::Type>; using TypePtr = zeek::IntrusivePtr<zeek::Type>;
@ -26,6 +24,7 @@ using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::
ZEEK_FORWARD_DECLARE_NAMESPACED(PrintStmt, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(PrintStmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Attributes, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Attributes, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
class BroFile; class BroFile;
using BroFilePtr = zeek::IntrusivePtr<BroFile>; using BroFilePtr = zeek::IntrusivePtr<BroFile>;
@ -66,7 +65,7 @@ public:
void Describe(ODesc* d) const override; void Describe(ODesc* d) const override;
// Rotates the logfile. Returns rotate_info. // Rotates the logfile. Returns rotate_info.
RecordVal* Rotate(); zeek::RecordVal* Rotate();
// Set &raw_output attribute. // Set &raw_output attribute.
void SetAttrs(zeek::detail::Attributes* attrs); void SetAttrs(zeek::detail::Attributes* attrs);

12
src/Frame.cc
View file

@ -61,22 +61,22 @@ void Frame::AddFunctionWithClosureRef(BroFunc* func)
functions_with_closure_frame_reference->emplace_back(func); functions_with_closure_frame_reference->emplace_back(func);
} }
void Frame::SetElement(int n, Val* v) void Frame::SetElement(int n, zeek::Val* v)
{ SetElement(n, {zeek::AdoptRef{}, v}); } { SetElement(n, {zeek::AdoptRef{}, v}); }
void Frame::SetElement(int n, ValPtr v) void Frame::SetElement(int n, zeek::ValPtr v)
{ {
ClearElement(n); ClearElement(n);
frame[n] = {std::move(v), false}; frame[n] = {std::move(v), false};
} }
void Frame::SetElementWeak(int n, Val* v) void Frame::SetElementWeak(int n, zeek::Val* v)
{ {
ClearElement(n); ClearElement(n);
frame[n] = {{zeek::AdoptRef{}, v}, true}; frame[n] = {{zeek::AdoptRef{}, v}, true};
} }
void Frame::SetElement(const zeek::detail::ID* id, ValPtr v) void Frame::SetElement(const zeek::detail::ID* id, zeek::ValPtr v)
{ {
if ( closure ) if ( closure )
{ {
@ -105,7 +105,7 @@ void Frame::SetElement(const zeek::detail::ID* id, ValPtr v)
SetElement(id->Offset(), std::move(v)); SetElement(id->Offset(), std::move(v));
} }
const ValPtr& Frame::GetElementByID(const zeek::detail::ID* id) const const zeek::ValPtr& Frame::GetElementByID(const zeek::detail::ID* id) const
{ {
if ( closure ) if ( closure )
{ {
@ -172,7 +172,7 @@ Frame* Frame::Clone() const
return other; return other;
} }
static bool val_is_func(const ValPtr& v, BroFunc* func) static bool val_is_func(const zeek::ValPtr& v, BroFunc* func)
{ {
if ( v->GetType()->Tag() != zeek::TYPE_FUNC ) if ( v->GetType()->Tag() != zeek::TYPE_FUNC )
return false; return false;

24
src/Frame.h
View file

@ -29,7 +29,9 @@ namespace trigger {
} }
} }
namespace zeek {
using ValPtr = zeek::IntrusivePtr<Val>; using ValPtr = zeek::IntrusivePtr<Val>;
}
class Frame; class Frame;
using FramePtr = zeek::IntrusivePtr<Frame>; using FramePtr = zeek::IntrusivePtr<Frame>;
@ -56,21 +58,21 @@ public:
* @param n the index to get. * @param n the index to get.
* @return the value at index *n* of the underlying array. * @return the value at index *n* of the underlying array.
*/ */
const ValPtr& GetElement(int n) const const zeek::ValPtr& GetElement(int n) const
{ return frame[n].val; } { return frame[n].val; }
[[deprecated("Remove in v4.1. Use GetElement(int).")]] [[deprecated("Remove in v4.1. Use GetElement(int).")]]
Val* NthElement(int n) const { return frame[n].val.get(); } zeek::Val* NthElement(int n) const { return frame[n].val.get(); }
/** /**
* Sets the element at index *n* of the underlying array to *v*. * Sets the element at index *n* of the underlying array to *v*.
* @param n the index to set * @param n the index to set
* @param v the value to set it to * @param v the value to set it to
*/ */
void SetElement(int n, ValPtr v); void SetElement(int n, zeek::ValPtr v);
[[deprecated("Remove in v4.1. Pass IntrusivePtr instead.")]] [[deprecated("Remove in v4.1. Pass IntrusivePtr instead.")]]
void SetElement(int n, Val* v); void SetElement(int n, zeek::Val* v);
/** /**
* Associates *id* and *v* in the frame. Future lookups of * Associates *id* and *v* in the frame. Future lookups of
@ -79,8 +81,8 @@ public:
* @param id the ID to associate * @param id the ID to associate
* @param v the value to associate it with * @param v the value to associate it with
*/ */
void SetElement(const zeek::detail::ID* id, ValPtr v); void SetElement(const zeek::detail::ID* id, zeek::ValPtr v);
void SetElement(const zeek::detail::IDPtr& id, ValPtr v) void SetElement(const zeek::detail::IDPtr& id, zeek::ValPtr v)
{ SetElement(id.get(), std::move(v)); } { SetElement(id.get(), std::move(v)); }
/** /**
@ -90,11 +92,11 @@ public:
* @param id the id who's value to retreive * @param id the id who's value to retreive
* @return the value associated with *id* * @return the value associated with *id*
*/ */
const ValPtr& GetElementByID(const zeek::detail::IDPtr& id) const const zeek::ValPtr& GetElementByID(const zeek::detail::IDPtr& id) const
{ return GetElementByID(id.get()); } { return GetElementByID(id.get()); }
[[deprecated("Remove in v4.1. Use GetElementByID().")]] [[deprecated("Remove in v4.1. Use GetElementByID().")]]
Val* GetElement(const zeek::detail::ID* id) const zeek::Val* GetElement(const zeek::detail::ID* id) const
{ return GetElementByID(id).get(); } { return GetElementByID(id).get(); }
/** /**
@ -254,13 +256,13 @@ private:
using OffsetMap = std::unordered_map<std::string, int>; using OffsetMap = std::unordered_map<std::string, int>;
struct Element { struct Element {
ValPtr val; zeek::ValPtr val;
// Weak reference is used to prevent circular reference memory leaks // Weak reference is used to prevent circular reference memory leaks
// in lambdas/closures. // in lambdas/closures.
bool weak_ref; bool weak_ref;
}; };
const ValPtr& GetElementByID(const zeek::detail::ID* id) const; const zeek::ValPtr& GetElementByID(const zeek::detail::ID* id) const;
/** /**
* Sets the element at index *n* of the underlying array to *v*, but does * Sets the element at index *n* of the underlying array to *v*, but does
@ -270,7 +272,7 @@ private:
* @param v the value to set it to (caller has not Ref'd and Frame will * @param v the value to set it to (caller has not Ref'd and Frame will
* not Unref it) * not Unref it)
*/ */
void SetElementWeak(int n, Val* v); void SetElementWeak(int n, zeek::Val* v);
/** /**
* Clone an element at an offset into other frame if not equal to a given * Clone an element at an offset into other frame if not equal to a given

18
src/Func.cc
View file

@ -60,7 +60,7 @@ extern RETSIGTYPE sig_handler(int signo);
std::vector<CallInfo> call_stack; std::vector<CallInfo> call_stack;
bool did_builtin_init = false; bool did_builtin_init = false;
static const std::pair<bool, ValPtr> empty_hook_result(false, nullptr); static const std::pair<bool, zeek::ValPtr> empty_hook_result(false, nullptr);
std::string render_call_stack() std::string render_call_stack()
{ {
@ -216,7 +216,7 @@ void Func::CopyStateInto(Func* other) const
other->unique_id = unique_id; other->unique_id = unique_id;
} }
void Func::CheckPluginResult(bool handled, const ValPtr& hook_result, void Func::CheckPluginResult(bool handled, const zeek::ValPtr& hook_result,
zeek::FunctionFlavor flavor) const zeek::FunctionFlavor flavor) const
{ {
// Helper function factoring out this code from BroFunc:Call() for // Helper function factoring out this code from BroFunc:Call() for
@ -299,13 +299,13 @@ bool BroFunc::IsPure() const
[](const Body& b) { return b.stmts->IsPure(); }); [](const Body& b) { return b.stmts->IsPure(); });
} }
Val* Func::Call(val_list* args, Frame* parent) const zeek::Val* Func::Call(val_list* args, Frame* parent) const
{ {
auto zargs = zeek::val_list_to_args(*args); auto zargs = zeek::val_list_to_args(*args);
return Invoke(&zargs, parent).release(); return Invoke(&zargs, parent).release();
}; };
ValPtr BroFunc::Invoke(zeek::Args* args, Frame* parent) const zeek::ValPtr BroFunc::Invoke(zeek::Args* args, Frame* parent) const
{ {
#ifdef PROFILE_BRO_FUNCTIONS #ifdef PROFILE_BRO_FUNCTIONS
DEBUG_MSG("Function: %s\n", Name()); DEBUG_MSG("Function: %s\n", Name());
@ -357,7 +357,7 @@ ValPtr BroFunc::Invoke(zeek::Args* args, Frame* parent) const
} }
stmt_flow_type flow = FLOW_NEXT; stmt_flow_type flow = FLOW_NEXT;
ValPtr result; zeek::ValPtr result;
for ( const auto& body : bodies ) for ( const auto& body : bodies )
{ {
@ -604,7 +604,7 @@ BuiltinFunc::BuiltinFunc(built_in_func arg_func, const char* arg_name,
reporter->InternalError("built-in function %s multiply defined", Name()); reporter->InternalError("built-in function %s multiply defined", Name());
type = id->GetType<zeek::FuncType>(); type = id->GetType<zeek::FuncType>();
id->SetVal(zeek::make_intrusive<Val>(zeek::IntrusivePtr{zeek::NewRef{}, this})); id->SetVal(zeek::make_intrusive<zeek::Val>(zeek::IntrusivePtr{zeek::NewRef{}, this}));
} }
BuiltinFunc::~BuiltinFunc() BuiltinFunc::~BuiltinFunc()
@ -616,7 +616,7 @@ bool BuiltinFunc::IsPure() const
return is_pure; return is_pure;
} }
ValPtr BuiltinFunc::Invoke(zeek::Args* args, Frame* parent) const zeek::ValPtr BuiltinFunc::Invoke(zeek::Args* args, Frame* parent) const
{ {
#ifdef PROFILE_BRO_FUNCTIONS #ifdef PROFILE_BRO_FUNCTIONS
DEBUG_MSG("Function: %s\n", Name()); DEBUG_MSG("Function: %s\n", Name());
@ -667,10 +667,10 @@ void BuiltinFunc::Describe(ODesc* d) const
void builtin_error(const char* msg) void builtin_error(const char* msg)
{ {
builtin_error(msg, ValPtr{}); builtin_error(msg, zeek::ValPtr{});
} }
void builtin_error(const char* msg, ValPtr arg) void builtin_error(const char* msg, zeek::ValPtr arg)
{ {
builtin_error(msg, arg.get()); builtin_error(msg, arg.get());
} }

19
src/Func.h
View file

@ -17,11 +17,11 @@
#include "ZeekArgs.h" #include "ZeekArgs.h"
#include "BifReturnVal.h" #include "BifReturnVal.h"
class Val;
class Frame; class Frame;
class Scope; class Scope;
using ScopePtr = zeek::IntrusivePtr<Scope>; using ScopePtr = zeek::IntrusivePtr<Scope>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail);
@ -69,7 +69,7 @@ public:
bool HasBodies() const { return bodies.size(); } bool HasBodies() const { return bodies.size(); }
[[deprecated("Remove in v4.1. Use Invoke() instead.")]] [[deprecated("Remove in v4.1. Use Invoke() instead.")]]
Val* Call(val_list* args, Frame* parent = nullptr) const; zeek::Val* Call(val_list* args, Frame* parent = nullptr) const;
/** /**
* Calls a Zeek function. * Calls a Zeek function.
@ -77,7 +77,7 @@ public:
* @param parent the frame from which the function is being called. * @param parent the frame from which the function is being called.
* @return the return value of the function call. * @return the return value of the function call.
*/ */
virtual ValPtr Invoke( virtual zeek::ValPtr Invoke(
zeek::Args* args, Frame* parent = nullptr) const = 0; zeek::Args* args, Frame* parent = nullptr) const = 0;
/** /**
@ -85,9 +85,8 @@ public:
*/ */
template <class... Args> template <class... Args>
std::enable_if_t< std::enable_if_t<
std::is_convertible_v<std::tuple_element_t<0, std::tuple<Args...>>, std::is_convertible_v<std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>,
ValPtr>, zeek::ValPtr>
ValPtr>
Invoke(Args&&... args) const Invoke(Args&&... args) const
{ {
auto zargs = zeek::Args{std::forward<Args>(args)...}; auto zargs = zeek::Args{std::forward<Args>(args)...};
@ -131,7 +130,7 @@ protected:
void CopyStateInto(Func* other) const; void CopyStateInto(Func* other) const;
// Helper function for checking result of plugin hook. // Helper function for checking result of plugin hook.
void CheckPluginResult(bool handled, const ValPtr& hook_result, void CheckPluginResult(bool handled, const zeek::ValPtr& hook_result,
zeek::FunctionFlavor flavor) const; zeek::FunctionFlavor flavor) const;
std::vector<Body> bodies; std::vector<Body> bodies;
@ -153,7 +152,7 @@ public:
~BroFunc() override; ~BroFunc() override;
bool IsPure() const override; bool IsPure() const override;
ValPtr Invoke(zeek::Args* args, Frame* parent) const override; zeek::ValPtr Invoke(zeek::Args* args, Frame* parent) const override;
/** /**
* Adds adds a closure to the function. Closures are cloned and * Adds adds a closure to the function. Closures are cloned and
@ -231,7 +230,7 @@ public:
~BuiltinFunc() override; ~BuiltinFunc() override;
bool IsPure() const override; bool IsPure() const override;
ValPtr Invoke(zeek::Args* args, Frame* parent) const override; zeek::ValPtr Invoke(zeek::Args* args, Frame* parent) const override;
built_in_func TheFunc() const { return func; } built_in_func TheFunc() const { return func; }
void Describe(ODesc* d) const override; void Describe(ODesc* d) const override;
@ -245,7 +244,7 @@ protected:
extern void builtin_error(const char* msg); extern void builtin_error(const char* msg);
extern void builtin_error(const char* msg, ValPtr); extern void builtin_error(const char* msg, zeek::ValPtr);
extern void builtin_error(const char* msg, BroObj* arg); extern void builtin_error(const char* msg, BroObj* arg);
extern void init_builtin_funcs(); extern void init_builtin_funcs();
extern void init_builtin_funcs_subdirs(); extern void init_builtin_funcs_subdirs();

7
src/Hash.h
View file

@ -23,15 +23,16 @@
#include <stdlib.h> #include <stdlib.h>
class BroString;
// to allow bro_md5_hmac access to the hmac seed // to allow bro_md5_hmac access to the hmac seed
#include "ZeekArgs.h" #include "ZeekArgs.h"
class Val;
//ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class BroString;
class Frame; class Frame;
class BifReturnVal; class BifReturnVal;
namespace zeek::BifFunc { namespace zeek::BifFunc {
extern BifReturnVal md5_hmac_bif(Frame* frame, const zeek::Args*); extern BifReturnVal md5_hmac_bif(::Frame* frame, const zeek::Args*);
} }
typedef uint64_t hash_t; typedef uint64_t hash_t;

8
src/ID.cc
View file

@ -48,7 +48,7 @@ const zeek::TypePtr& zeek::id::find_type(std::string_view name)
return id->GetType(); return id->GetType();
} }
const ValPtr& zeek::id::find_val(std::string_view name) const zeek::ValPtr& zeek::id::find_val(std::string_view name)
{ {
auto id = global_scope()->Find(name); auto id = global_scope()->Find(name);
@ -59,7 +59,7 @@ const ValPtr& zeek::id::find_val(std::string_view name)
return id->GetVal(); return id->GetVal();
} }
const ValPtr& zeek::id::find_const(std::string_view name) const zeek::ValPtr& zeek::id::find_const(std::string_view name)
{ {
auto id = global_scope()->Find(name); auto id = global_scope()->Find(name);
@ -141,7 +141,7 @@ void ID::ClearVal()
val = nullptr; val = nullptr;
} }
void ID::SetVal(ValPtr v) void ID::SetVal(zeek::ValPtr v)
{ {
val = std::move(v); val = std::move(v);
Modified(); Modified();
@ -170,7 +170,7 @@ void ID::SetVal(ValPtr v)
} }
} }
void ID::SetVal(ValPtr v, InitClass c) void ID::SetVal(zeek::ValPtr v, InitClass c)
{ {
if ( c == INIT_NONE || c == INIT_FULL ) if ( c == INIT_NONE || c == INIT_FULL )
{ {

22
src/ID.h
View file

@ -13,25 +13,25 @@
#include <string_view> #include <string_view>
#include <vector> #include <vector>
class Val;
using ValPtr = zeek::IntrusivePtr<Val>;
class Func; class Func;
using FuncPtr = zeek::IntrusivePtr<Func>; using FuncPtr = zeek::IntrusivePtr<Func>;
namespace zeek { class Type; } ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableType, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(TableType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorType, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(VectorType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumType, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(EnumType, zeek);
using TypePtr = zeek::IntrusivePtr<zeek::Type>; namespace zeek {
using RecordTypePtr = zeek::IntrusivePtr<zeek::RecordType>; class Type;
using TableTypePtr = zeek::IntrusivePtr<zeek::TableType>; using TypePtr = zeek::IntrusivePtr<zeek::Type>;
using VectorTypePtr = zeek::IntrusivePtr<zeek::VectorType>; using RecordTypePtr = zeek::IntrusivePtr<zeek::RecordType>;
using EnumTypePtr = zeek::IntrusivePtr<zeek::EnumType>; using TableTypePtr = zeek::IntrusivePtr<zeek::TableType>;
using VectorTypePtr = zeek::IntrusivePtr<zeek::VectorType>;
using EnumTypePtr = zeek::IntrusivePtr<zeek::EnumType>;
using ValPtr = zeek::IntrusivePtr<zeek::Val>;
}
using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type;
namespace zeek::detail { namespace zeek::detail {

100
src/IP.cc
View file

@ -13,15 +13,15 @@
#include "BroString.h" #include "BroString.h"
#include "Reporter.h" #include "Reporter.h"
static VectorValPtr BuildOptionsVal(const u_char* data, int len) static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len)
{ {
auto vv = zeek::make_intrusive<VectorVal>(zeek::id::find_type<zeek::VectorType>("ip6_options")); auto vv = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("ip6_options"));
while ( len > 0 ) while ( len > 0 )
{ {
static auto ip6_option_type = zeek::id::find_type<zeek::RecordType>("ip6_option"); static auto ip6_option_type = zeek::id::find_type<zeek::RecordType>("ip6_option");
const struct ip6_opt* opt = (const struct ip6_opt*) data; const struct ip6_opt* opt = (const struct ip6_opt*) data;
auto rv = zeek::make_intrusive<RecordVal>(ip6_option_type); auto rv = zeek::make_intrusive<zeek::RecordVal>(ip6_option_type);
rv->Assign(0, val_mgr->Count(opt->ip6o_type)); rv->Assign(0, val_mgr->Count(opt->ip6o_type));
if ( opt->ip6o_type == 0 ) if ( opt->ip6o_type == 0 )
@ -37,7 +37,7 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len)
// PadN or other option // PadN or other option
uint16_t off = 2 * sizeof(uint8_t); uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(1, val_mgr->Count(opt->ip6o_len)); rv->Assign(1, val_mgr->Count(opt->ip6o_len));
rv->Assign(2, zeek::make_intrusive<StringVal>( rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(
new BroString(data + off, opt->ip6o_len, true))); new BroString(data + off, opt->ip6o_len, true)));
data += opt->ip6o_len + off; data += opt->ip6o_len + off;
len -= opt->ip6o_len + off; len -= opt->ip6o_len + off;
@ -49,25 +49,25 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len)
return vv; return vv;
} }
RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
{ {
RecordValPtr rv; zeek::RecordValPtr rv;
switch ( type ) { switch ( type ) {
case IPPROTO_IPV6: case IPPROTO_IPV6:
{ {
static auto ip6_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_hdr"); static auto ip6_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_hdr");
rv = zeek::make_intrusive<RecordVal>(ip6_hdr_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_hdr_type);
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data; const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20)); rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff)); rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen))); rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen)));
rv->Assign(3, val_mgr->Count(ip6->ip6_nxt)); rv->Assign(3, val_mgr->Count(ip6->ip6_nxt));
rv->Assign(4, val_mgr->Count(ip6->ip6_hlim)); rv->Assign(4, val_mgr->Count(ip6->ip6_hlim));
rv->Assign(5, zeek::make_intrusive<AddrVal>(IPAddr(ip6->ip6_src))); rv->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, zeek::make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst))); rv->Assign(6, zeek::make_intrusive<zeek::AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain ) if ( ! chain )
chain = zeek::make_intrusive<VectorVal>( chain = zeek::make_intrusive<zeek::VectorVal>(
zeek::id::find_type<zeek::VectorType>("ip6_ext_hdr_chain")); zeek::id::find_type<zeek::VectorType>("ip6_ext_hdr_chain"));
rv->Assign(7, std::move(chain)); rv->Assign(7, std::move(chain));
} }
@ -76,7 +76,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_HOPOPTS: case IPPROTO_HOPOPTS:
{ {
static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts"); static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts");
rv = zeek::make_intrusive<RecordVal>(ip6_hopopts_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_hopopts_type);
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data; const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt)); rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt));
rv->Assign(1, val_mgr->Count(hbh->ip6h_len)); rv->Assign(1, val_mgr->Count(hbh->ip6h_len));
@ -89,7 +89,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_DSTOPTS: case IPPROTO_DSTOPTS:
{ {
static auto ip6_dstopts_type = zeek::id::find_type<zeek::RecordType>("ip6_dstopts"); static auto ip6_dstopts_type = zeek::id::find_type<zeek::RecordType>("ip6_dstopts");
rv = zeek::make_intrusive<RecordVal>(ip6_dstopts_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_dstopts_type);
const struct ip6_dest* dst = (const struct ip6_dest*)data; const struct ip6_dest* dst = (const struct ip6_dest*)data;
rv->Assign(0, val_mgr->Count(dst->ip6d_nxt)); rv->Assign(0, val_mgr->Count(dst->ip6d_nxt));
rv->Assign(1, val_mgr->Count(dst->ip6d_len)); rv->Assign(1, val_mgr->Count(dst->ip6d_len));
@ -101,21 +101,21 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_ROUTING: case IPPROTO_ROUTING:
{ {
static auto ip6_routing_type = zeek::id::find_type<zeek::RecordType>("ip6_routing"); static auto ip6_routing_type = zeek::id::find_type<zeek::RecordType>("ip6_routing");
rv = zeek::make_intrusive<RecordVal>(ip6_routing_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_routing_type);
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data; const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
rv->Assign(0, val_mgr->Count(rt->ip6r_nxt)); rv->Assign(0, val_mgr->Count(rt->ip6r_nxt));
rv->Assign(1, val_mgr->Count(rt->ip6r_len)); rv->Assign(1, val_mgr->Count(rt->ip6r_len));
rv->Assign(2, val_mgr->Count(rt->ip6r_type)); rv->Assign(2, val_mgr->Count(rt->ip6r_type));
rv->Assign(3, val_mgr->Count(rt->ip6r_segleft)); rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
uint16_t off = 4 * sizeof(uint8_t); uint16_t off = 4 * sizeof(uint8_t);
rv->Assign(4, zeek::make_intrusive<StringVal>(new BroString(data + off, Length() - off, true))); rv->Assign(4, zeek::make_intrusive<zeek::StringVal>(new BroString(data + off, Length() - off, true)));
} }
break; break;
case IPPROTO_FRAGMENT: case IPPROTO_FRAGMENT:
{ {
static auto ip6_fragment_type = zeek::id::find_type<zeek::RecordType>("ip6_fragment"); static auto ip6_fragment_type = zeek::id::find_type<zeek::RecordType>("ip6_fragment");
rv = zeek::make_intrusive<RecordVal>(ip6_fragment_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_fragment_type);
const struct ip6_frag* frag = (const struct ip6_frag*)data; const struct ip6_frag* frag = (const struct ip6_frag*)data;
rv->Assign(0, val_mgr->Count(frag->ip6f_nxt)); rv->Assign(0, val_mgr->Count(frag->ip6f_nxt));
rv->Assign(1, val_mgr->Count(frag->ip6f_reserved)); rv->Assign(1, val_mgr->Count(frag->ip6f_reserved));
@ -129,7 +129,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_AH: case IPPROTO_AH:
{ {
static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah"); static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah");
rv = zeek::make_intrusive<RecordVal>(ip6_ah_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_ah_type);
rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt)); rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len)); rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len));
rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1]))); rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1])));
@ -141,7 +141,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
// Payload Len was non-zero for this header. // Payload Len was non-zero for this header.
rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2]))); rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
uint16_t off = 3 * sizeof(uint32_t); uint16_t off = 3 * sizeof(uint32_t);
rv->Assign(5, zeek::make_intrusive<StringVal>(new BroString(data + off, Length() - off, true))); rv->Assign(5, zeek::make_intrusive<zeek::StringVal>(new BroString(data + off, Length() - off, true)));
} }
} }
break; break;
@ -149,7 +149,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_ESP: case IPPROTO_ESP:
{ {
static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp"); static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp");
rv = zeek::make_intrusive<RecordVal>(ip6_esp_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_esp_type);
const uint32_t* esp = (const uint32_t*)data; const uint32_t* esp = (const uint32_t*)data;
rv->Assign(0, val_mgr->Count(ntohl(esp[0]))); rv->Assign(0, val_mgr->Count(ntohl(esp[0])));
rv->Assign(1, val_mgr->Count(ntohl(esp[1]))); rv->Assign(1, val_mgr->Count(ntohl(esp[1])));
@ -160,7 +160,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_MOBILITY: case IPPROTO_MOBILITY:
{ {
static auto ip6_mob_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_hdr"); static auto ip6_mob_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_hdr");
rv = zeek::make_intrusive<RecordVal>(ip6_mob_type); rv = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*) data; const struct ip6_mobility* mob = (const struct ip6_mobility*) data;
rv->Assign(0, val_mgr->Count(mob->ip6mob_payload)); rv->Assign(0, val_mgr->Count(mob->ip6mob_payload));
rv->Assign(1, val_mgr->Count(mob->ip6mob_len)); rv->Assign(1, val_mgr->Count(mob->ip6mob_len));
@ -169,7 +169,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum))); rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum)));
static auto ip6_mob_msg_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_msg"); static auto ip6_mob_msg_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_msg");
auto msg = zeek::make_intrusive<RecordVal>(ip6_mob_msg_type); auto msg = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_msg_type);
msg->Assign(0, val_mgr->Count(mob->ip6mob_type)); msg->Assign(0, val_mgr->Count(mob->ip6mob_type));
uint16_t off = sizeof(ip6_mobility); uint16_t off = sizeof(ip6_mobility);
@ -187,7 +187,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
switch ( mob->ip6mob_type ) { switch ( mob->ip6mob_type ) {
case 0: case 0:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mob_brr_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_brr_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
off += sizeof(uint16_t); off += sizeof(uint16_t);
m->Assign(1, BuildOptionsVal(data + off, Length() - off)); m->Assign(1, BuildOptionsVal(data + off, Length() - off));
@ -197,7 +197,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 1: case 1:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_hoti_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_hoti_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
off += sizeof(uint16_t) + sizeof(uint64_t); off += sizeof(uint16_t) + sizeof(uint64_t);
@ -208,7 +208,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 2: case 2:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_coti_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_coti_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
off += sizeof(uint16_t) + sizeof(uint64_t); off += sizeof(uint16_t) + sizeof(uint64_t);
@ -219,7 +219,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 3: case 3:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_hot_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_hot_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))))); m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
@ -231,7 +231,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 4: case 4:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_cot_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_cot_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))))); m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))))); m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
@ -243,7 +243,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 5: case 5:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_bu_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_bu_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data)))); m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000)); m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000)); m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
@ -258,7 +258,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 6: case 6:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_back_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_back_type);
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data))); m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80)); m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))))); m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
@ -271,10 +271,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 7: case 7:
{ {
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_be_type); auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_be_type);
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data))); m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t)); const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, zeek::make_intrusive<AddrVal>(IPAddr(*hoa))); m->Assign(1, zeek::make_intrusive<zeek::AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr); off += sizeof(uint16_t) + sizeof(in6_addr);
m->Assign(2, BuildOptionsVal(data + off, Length() - off)); m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(8, std::move(m)); msg->Assign(8, std::move(m));
@ -298,10 +298,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
return rv; return rv;
} }
RecordValPtr IPv6_Hdr::ToVal() const zeek::RecordValPtr IPv6_Hdr::ToVal() const
{ return ToVal(nullptr); } { return ToVal(nullptr); }
RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const zeek::RecordVal* IPv6_Hdr::BuildRecordVal(zeek::VectorVal* chain) const
{ {
return ToVal({zeek::AdoptRef{}, chain}).release(); return ToVal({zeek::AdoptRef{}, chain}).release();
} }
@ -326,22 +326,22 @@ IPAddr IP_Hdr::DstAddr() const
return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr(); return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr();
} }
RecordValPtr IP_Hdr::ToIPHdrVal() const zeek::RecordValPtr IP_Hdr::ToIPHdrVal() const
{ {
RecordValPtr rval; zeek::RecordValPtr rval;
if ( ip4 ) if ( ip4 )
{ {
static auto ip4_hdr_type = zeek::id::find_type<zeek::RecordType>("ip4_hdr"); static auto ip4_hdr_type = zeek::id::find_type<zeek::RecordType>("ip4_hdr");
rval = zeek::make_intrusive<RecordVal>(ip4_hdr_type); rval = zeek::make_intrusive<zeek::RecordVal>(ip4_hdr_type);
rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4)); rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4));
rval->Assign(1, val_mgr->Count(ip4->ip_tos)); rval->Assign(1, val_mgr->Count(ip4->ip_tos));
rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len))); rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len)));
rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id))); rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id)));
rval->Assign(4, val_mgr->Count(ip4->ip_ttl)); rval->Assign(4, val_mgr->Count(ip4->ip_ttl));
rval->Assign(5, val_mgr->Count(ip4->ip_p)); rval->Assign(5, val_mgr->Count(ip4->ip_p));
rval->Assign(6, zeek::make_intrusive<AddrVal>(ip4->ip_src.s_addr)); rval->Assign(6, zeek::make_intrusive<zeek::AddrVal>(ip4->ip_src.s_addr));
rval->Assign(7, zeek::make_intrusive<AddrVal>(ip4->ip_dst.s_addr)); rval->Assign(7, zeek::make_intrusive<zeek::AddrVal>(ip4->ip_dst.s_addr));
} }
else else
{ {
@ -351,23 +351,23 @@ RecordValPtr IP_Hdr::ToIPHdrVal() const
return rval; return rval;
} }
RecordVal* IP_Hdr::BuildIPHdrVal() const zeek::RecordVal* IP_Hdr::BuildIPHdrVal() const
{ {
return ToIPHdrVal().release(); return ToIPHdrVal().release();
} }
RecordValPtr IP_Hdr::ToPktHdrVal() const zeek::RecordValPtr IP_Hdr::ToPktHdrVal() const
{ {
static auto pkt_hdr_type = zeek::id::find_type<zeek::RecordType>("pkt_hdr"); static auto pkt_hdr_type = zeek::id::find_type<zeek::RecordType>("pkt_hdr");
return ToPktHdrVal(zeek::make_intrusive<RecordVal>(pkt_hdr_type), 0); return ToPktHdrVal(zeek::make_intrusive<zeek::RecordVal>(pkt_hdr_type), 0);
} }
RecordVal* IP_Hdr::BuildPktHdrVal() const zeek::RecordVal* IP_Hdr::BuildPktHdrVal() const
{ {
return ToPktHdrVal().release(); return ToPktHdrVal().release();
} }
RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const zeek::RecordValPtr IP_Hdr::ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) const
{ {
static auto tcp_hdr_type = zeek::id::find_type<zeek::RecordType>("tcp_hdr"); static auto tcp_hdr_type = zeek::id::find_type<zeek::RecordType>("tcp_hdr");
static auto udp_hdr_type = zeek::id::find_type<zeek::RecordType>("udp_hdr"); static auto udp_hdr_type = zeek::id::find_type<zeek::RecordType>("udp_hdr");
@ -386,7 +386,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_TCP: case IPPROTO_TCP:
{ {
const struct tcphdr* tp = (const struct tcphdr*) data; const struct tcphdr* tp = (const struct tcphdr*) data;
auto tcp_hdr = zeek::make_intrusive<RecordVal>(tcp_hdr_type); auto tcp_hdr = zeek::make_intrusive<zeek::RecordVal>(tcp_hdr_type);
int tcp_hdr_len = tp->th_off * 4; int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len; int data_len = PayloadLen() - tcp_hdr_len;
@ -408,7 +408,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_UDP: case IPPROTO_UDP:
{ {
const struct udphdr* up = (const struct udphdr*) data; const struct udphdr* up = (const struct udphdr*) data;
auto udp_hdr = zeek::make_intrusive<RecordVal>(udp_hdr_type); auto udp_hdr = zeek::make_intrusive<zeek::RecordVal>(udp_hdr_type);
udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP)); udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP)); udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
@ -421,7 +421,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_ICMP: case IPPROTO_ICMP:
{ {
const struct icmp* icmpp = (const struct icmp *) data; const struct icmp* icmpp = (const struct icmp *) data;
auto icmp_hdr = zeek::make_intrusive<RecordVal>(icmp_hdr_type); auto icmp_hdr = zeek::make_intrusive<zeek::RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type)); icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type));
@ -432,7 +432,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_ICMPV6: case IPPROTO_ICMPV6:
{ {
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data; const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data;
auto icmp_hdr = zeek::make_intrusive<RecordVal>(icmp_hdr_type); auto icmp_hdr = zeek::make_intrusive<zeek::RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type)); icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type));
@ -450,7 +450,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
return pkt_hdr; return pkt_hdr;
} }
RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const zeek::RecordVal* IP_Hdr::BuildPktHdrVal(zeek::RecordVal* pkt_hdr, int sindex) const
{ {
return ToPktHdrVal({zeek::AdoptRef{}, pkt_hdr}, sindex).release(); return ToPktHdrVal({zeek::AdoptRef{}, pkt_hdr}, sindex).release();
} }
@ -676,7 +676,7 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len)
} }
#endif #endif
VectorValPtr IPv6_Hdr_Chain::ToVal() const zeek::VectorValPtr IPv6_Hdr_Chain::ToVal() const
{ {
static auto ip6_ext_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_ext_hdr"); static auto ip6_ext_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_ext_hdr");
static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts"); static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts");
@ -686,12 +686,12 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const
static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah"); static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah");
static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp"); static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp");
static auto ip6_ext_hdr_chain_type = zeek::id::find_type<zeek::VectorType>("ip6_ext_hdr_chain"); static auto ip6_ext_hdr_chain_type = zeek::id::find_type<zeek::VectorType>("ip6_ext_hdr_chain");
auto rval = zeek::make_intrusive<VectorVal>(ip6_ext_hdr_chain_type); auto rval = zeek::make_intrusive<zeek::VectorVal>(ip6_ext_hdr_chain_type);
for ( size_t i = 1; i < chain.size(); ++i ) for ( size_t i = 1; i < chain.size(); ++i )
{ {
auto v = chain[i]->ToVal(); auto v = chain[i]->ToVal();
auto ext_hdr = zeek::make_intrusive<RecordVal>(ip6_ext_hdr_type); auto ext_hdr = zeek::make_intrusive<zeek::RecordVal>(ip6_ext_hdr_type);
uint8_t type = chain[i]->Type(); uint8_t type = chain[i]->Type();
ext_hdr->Assign(0, val_mgr->Count(type)); ext_hdr->Assign(0, val_mgr->Count(type));
@ -730,7 +730,7 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const
return rval; return rval;
} }
VectorVal* IPv6_Hdr_Chain::BuildVal() const zeek::VectorVal* IPv6_Hdr_Chain::BuildVal() const
{ {
return ToVal().release(); return ToVal().release();
} }

29
src/IP.h
View file

@ -17,11 +17,14 @@
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
class IPAddr; class IPAddr;
class RecordVal;
class VectorVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>; using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
using VectorValPtr = zeek::IntrusivePtr<VectorVal>; using VectorValPtr = zeek::IntrusivePtr<VectorVal>;
}
#ifdef ENABLE_MOBILE_IPV6 #ifdef ENABLE_MOBILE_IPV6
@ -139,11 +142,11 @@ public:
/** /**
* Returns the script-layer record representation of the header. * Returns the script-layer record representation of the header.
*/ */
RecordValPtr ToVal(VectorValPtr chain) const; zeek::RecordValPtr ToVal(zeek::VectorValPtr chain) const;
RecordValPtr ToVal() const; zeek::RecordValPtr ToVal() const;
[[deprecated("Remove in v4.1. Use ToVal() instead.")]] [[deprecated("Remove in v4.1. Use ToVal() instead.")]]
RecordVal* BuildRecordVal(VectorVal* chain = nullptr) const; zeek::RecordVal* BuildRecordVal(zeek::VectorVal* chain = nullptr) const;
protected: protected:
uint8_t type; uint8_t type;
@ -232,10 +235,10 @@ public:
* Returns a vector of ip6_ext_hdr RecordVals that includes script-layer * Returns a vector of ip6_ext_hdr RecordVals that includes script-layer
* representation of all extension headers in the chain. * representation of all extension headers in the chain.
*/ */
VectorValPtr ToVal() const; zeek::VectorValPtr ToVal() const;
[[deprecated("Remove in v4.1. Use ToVal() instead.")]] [[deprecated("Remove in v4.1. Use ToVal() instead.")]]
VectorVal* BuildVal() const; zeek::VectorVal* BuildVal() const;
protected: protected:
// for access to protected ctor that changes next header values that // for access to protected ctor that changes next header values that
@ -529,28 +532,28 @@ public:
/** /**
* Returns an ip_hdr or ip6_hdr_chain RecordVal. * Returns an ip_hdr or ip6_hdr_chain RecordVal.
*/ */
RecordValPtr ToIPHdrVal() const; zeek::RecordValPtr ToIPHdrVal() const;
[[deprecated("Remove in v4.1. Use ToIPHdrVal() instead.")]] [[deprecated("Remove in v4.1. Use ToIPHdrVal() instead.")]]
RecordVal* BuildIPHdrVal() const; zeek::RecordVal* BuildIPHdrVal() const;
/** /**
* Returns a pkt_hdr RecordVal, which includes not only the IP header, but * Returns a pkt_hdr RecordVal, which includes not only the IP header, but
* also upper-layer (tcp/udp/icmp) headers. * also upper-layer (tcp/udp/icmp) headers.
*/ */
RecordValPtr ToPktHdrVal() const; zeek::RecordValPtr ToPktHdrVal() const;
[[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]] [[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]]
RecordVal* BuildPktHdrVal() const; zeek::RecordVal* BuildPktHdrVal() const;
/** /**
* Same as above, but simply add our values into the record at the * Same as above, but simply add our values into the record at the
* specified starting index. * specified starting index.
*/ */
RecordValPtr ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const; zeek::RecordValPtr ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) const;
[[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]] [[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]]
RecordVal* BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const; zeek::RecordVal* BuildPktHdrVal(zeek::RecordVal* pkt_hdr, int sindex) const;
private: private:
const struct ip* ip4 = nullptr; const struct ip* ip4 = nullptr;

2
src/Net.cc
View file

@ -194,7 +194,7 @@ void net_init(const std::optional<std::string>& interface,
writefile, pkt_dumper->ErrorMsg()); writefile, pkt_dumper->ErrorMsg());
if ( const auto& id = global_scope()->Find("trace_output_file") ) if ( const auto& id = global_scope()->Find("trace_output_file") )
id->SetVal(zeek::make_intrusive<StringVal>(writefile)); id->SetVal(zeek::make_intrusive<zeek::StringVal>(writefile));
else else
reporter->Error("trace_output_file not defined in bro.init"); reporter->Error("trace_output_file not defined in bro.init");
} }

42
src/NetVar.cc
View file

@ -66,17 +66,17 @@ double icmp_inactivity_timeout;
int tcp_storm_thresh; int tcp_storm_thresh;
double tcp_storm_interarrival_thresh; double tcp_storm_interarrival_thresh;
TableVal* tcp_reassembler_ports_orig; zeek::TableVal* tcp_reassembler_ports_orig;
TableVal* tcp_reassembler_ports_resp; zeek::TableVal* tcp_reassembler_ports_resp;
TableVal* tcp_content_delivery_ports_orig; zeek::TableVal* tcp_content_delivery_ports_orig;
TableVal* tcp_content_delivery_ports_resp; zeek::TableVal* tcp_content_delivery_ports_resp;
bool tcp_content_deliver_all_orig; bool tcp_content_deliver_all_orig;
bool tcp_content_deliver_all_resp; bool tcp_content_deliver_all_resp;
TableVal* udp_content_delivery_ports_orig; zeek::TableVal* udp_content_delivery_ports_orig;
TableVal* udp_content_delivery_ports_resp; zeek::TableVal* udp_content_delivery_ports_resp;
TableVal* udp_content_ports; zeek::TableVal* udp_content_ports;
bool udp_content_deliver_all_orig; bool udp_content_deliver_all_orig;
bool udp_content_deliver_all_resp; bool udp_content_deliver_all_resp;
bool udp_content_delivery_ports_use_resp; bool udp_content_delivery_ports_use_resp;
@ -112,15 +112,15 @@ zeek::RecordType* dns_rrsig_rr;
zeek::RecordType* dns_dnskey_rr; zeek::RecordType* dns_dnskey_rr;
zeek::RecordType* dns_nsec3_rr; zeek::RecordType* dns_nsec3_rr;
zeek::RecordType* dns_ds_rr; zeek::RecordType* dns_ds_rr;
TableVal* dns_skip_auth; zeek::TableVal* dns_skip_auth;
TableVal* dns_skip_addl; zeek::TableVal* dns_skip_addl;
int dns_skip_all_auth; int dns_skip_all_auth;
int dns_skip_all_addl; int dns_skip_all_addl;
int dns_max_queries; int dns_max_queries;
double stp_delta; double stp_delta;
double stp_idle_min; double stp_idle_min;
TableVal* stp_skip_src; zeek::TableVal* stp_skip_src;
double table_expire_interval; double table_expire_interval;
double table_expire_delay; double table_expire_delay;
@ -130,22 +130,22 @@ double connection_status_update_interval;
int orig_addr_anonymization, resp_addr_anonymization; int orig_addr_anonymization, resp_addr_anonymization;
int other_addr_anonymization; int other_addr_anonymization;
TableVal* preserve_orig_addr; zeek::TableVal* preserve_orig_addr;
TableVal* preserve_resp_addr; zeek::TableVal* preserve_resp_addr;
TableVal* preserve_other_addr; zeek::TableVal* preserve_other_addr;
zeek::RecordType* rotate_info; zeek::RecordType* rotate_info;
StringVal* log_rotate_base_time; zeek::StringVal* log_rotate_base_time;
StringVal* peer_description; zeek::StringVal* peer_description;
Val* profiling_file; zeek::Val* profiling_file;
double profiling_interval; double profiling_interval;
int expensive_profiling_multiple; int expensive_profiling_multiple;
int segment_profiling; int segment_profiling;
int pkt_profile_mode; int pkt_profile_mode;
double pkt_profile_freq; double pkt_profile_freq;
Val* pkt_profile_file; zeek::Val* pkt_profile_file;
int load_sample_freq; int load_sample_freq;
@ -162,13 +162,13 @@ int dpd_match_only_beginning;
int dpd_late_match_stop; int dpd_late_match_stop;
int dpd_ignore_ports; int dpd_ignore_ports;
TableVal* likely_server_ports; zeek::TableVal* likely_server_ports;
int check_for_unused_event_handlers; int check_for_unused_event_handlers;
double timer_mgr_inactivity_timeout; double timer_mgr_inactivity_timeout;
StringVal* trace_output_file; zeek::StringVal* trace_output_file;
int record_all_packets; int record_all_packets;
@ -179,9 +179,9 @@ zeek::TableType* record_field_table;
zeek::RecordType* call_argument; zeek::RecordType* call_argument;
zeek::VectorType* call_argument_vector; zeek::VectorType* call_argument_vector;
StringVal* cmd_line_bpf_filter; zeek::StringVal* cmd_line_bpf_filter;
StringVal* global_hash_seed; zeek::StringVal* global_hash_seed;
bro_uint_t bits_per_uid; bro_uint_t bits_per_uid;

42
src/NetVar.h
View file

@ -87,23 +87,23 @@ extern int tcp_storm_thresh;
extern double tcp_storm_interarrival_thresh; extern double tcp_storm_interarrival_thresh;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_reassembler_ports_orig; extern zeek::TableVal* tcp_reassembler_ports_orig;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_reassembler_ports_resp; extern zeek::TableVal* tcp_reassembler_ports_resp;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_content_delivery_ports_orig; extern zeek::TableVal* tcp_content_delivery_ports_orig;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_content_delivery_ports_resp; extern zeek::TableVal* tcp_content_delivery_ports_resp;
extern bool tcp_content_deliver_all_orig; extern bool tcp_content_deliver_all_orig;
extern bool tcp_content_deliver_all_resp; extern bool tcp_content_deliver_all_resp;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* udp_content_delivery_ports_orig; extern zeek::TableVal* udp_content_delivery_ports_orig;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* udp_content_delivery_ports_resp; extern zeek::TableVal* udp_content_delivery_ports_resp;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* udp_content_ports; extern zeek::TableVal* udp_content_ports;
extern bool udp_content_deliver_all_orig; extern bool udp_content_deliver_all_orig;
extern bool udp_content_deliver_all_resp; extern bool udp_content_deliver_all_resp;
extern bool udp_content_delivery_ports_use_resp; extern bool udp_content_delivery_ports_use_resp;
@ -159,9 +159,9 @@ extern zeek::RecordType* dns_nsec3_rr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern zeek::RecordType* dns_ds_rr; extern zeek::RecordType* dns_ds_rr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* dns_skip_auth; extern zeek::TableVal* dns_skip_auth;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* dns_skip_addl; extern zeek::TableVal* dns_skip_addl;
extern int dns_skip_all_auth; extern int dns_skip_all_auth;
extern int dns_skip_all_addl; extern int dns_skip_all_addl;
extern int dns_max_queries; extern int dns_max_queries;
@ -169,7 +169,7 @@ extern int dns_max_queries;
extern double stp_delta; extern double stp_delta;
extern double stp_idle_min; extern double stp_idle_min;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* stp_skip_src; extern zeek::TableVal* stp_skip_src;
extern double table_expire_interval; extern double table_expire_interval;
extern double table_expire_delay; extern double table_expire_delay;
@ -178,24 +178,24 @@ extern int table_incremental_step;
extern int orig_addr_anonymization, resp_addr_anonymization; extern int orig_addr_anonymization, resp_addr_anonymization;
extern int other_addr_anonymization; extern int other_addr_anonymization;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* preserve_orig_addr; extern zeek::TableVal* preserve_orig_addr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* preserve_resp_addr; extern zeek::TableVal* preserve_resp_addr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* preserve_other_addr; extern zeek::TableVal* preserve_other_addr;
extern double connection_status_update_interval; extern double connection_status_update_interval;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern zeek::RecordType* rotate_info; extern zeek::RecordType* rotate_info;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* log_rotate_base_time; extern zeek::StringVal* log_rotate_base_time;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* peer_description; extern zeek::StringVal* peer_description;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern Val* profiling_file; extern zeek::Val* profiling_file;
extern double profiling_interval; extern double profiling_interval;
extern int expensive_profiling_multiple; extern int expensive_profiling_multiple;
@ -203,7 +203,7 @@ extern int segment_profiling;
extern int pkt_profile_mode; extern int pkt_profile_mode;
extern double pkt_profile_freq; extern double pkt_profile_freq;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern Val* pkt_profile_file; extern zeek::Val* pkt_profile_file;
extern int load_sample_freq; extern int load_sample_freq;
@ -223,14 +223,14 @@ extern int dpd_late_match_stop;
extern int dpd_ignore_ports; extern int dpd_ignore_ports;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* likely_server_ports; extern zeek::TableVal* likely_server_ports;
extern int check_for_unused_event_handlers; extern int check_for_unused_event_handlers;
extern double timer_mgr_inactivity_timeout; extern double timer_mgr_inactivity_timeout;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* trace_output_file; extern zeek::StringVal* trace_output_file;
extern int record_all_packets; extern int record_all_packets;
@ -248,10 +248,10 @@ extern zeek::RecordType* call_argument;
extern zeek::VectorType* call_argument_vector; extern zeek::VectorType* call_argument_vector;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* cmd_line_bpf_filter; extern zeek::StringVal* cmd_line_bpf_filter;
[[deprecated("Remove in v4.1. Perform your own lookup.")]] [[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* global_hash_seed; extern zeek::StringVal* global_hash_seed;
extern bro_uint_t bits_per_uid; extern bro_uint_t bits_per_uid;

4
src/OpaqueVal.cc
View file

@ -15,6 +15,8 @@
#include <broker/data.hh> #include <broker/data.hh>
#include <broker/error.hh> #include <broker/error.hh>
namespace zeek {
// Helper to retrieve a broker value out of a broker::vector at a specified // Helper to retrieve a broker value out of a broker::vector at a specified
// index, and casted to the expected destination type. // index, and casted to the expected destination type.
template<typename S, typename V, typename D> template<typename S, typename V, typename D>
@ -1035,3 +1037,5 @@ ValPtr ParaglobVal::DoClone(CloneState* state)
return nullptr; return nullptr;
} }
} }
}

33
src/OpaqueVal.h
View file

@ -14,6 +14,13 @@
namespace broker { class data; } namespace broker { class data; }
namespace probabilistic {
class BloomFilter;
class CardinalityCounter;
}
namespace zeek {
class OpaqueVal; class OpaqueVal;
using OpaqueValPtr = zeek::IntrusivePtr<OpaqueVal>; using OpaqueValPtr = zeek::IntrusivePtr<OpaqueVal>;
@ -72,18 +79,18 @@ private:
/** Macro to insert into an OpaqueVal-derived class's declaration. */ /** Macro to insert into an OpaqueVal-derived class's declaration. */
#define DECLARE_OPAQUE_VALUE(T) \ #define DECLARE_OPAQUE_VALUE(T) \
friend class OpaqueMgr::Register<T>; \ friend class zeek::OpaqueMgr::Register<T>; \
friend zeek::IntrusivePtr<T> zeek::make_intrusive<T>(); \ friend zeek::IntrusivePtr<T> zeek::make_intrusive<T>(); \
broker::expected<broker::data> DoSerialize() const override; \ broker::expected<broker::data> DoSerialize() const override; \
bool DoUnserialize(const broker::data& data) override; \ bool DoUnserialize(const broker::data& data) override; \
const char* OpaqueName() const override { return #T; } \ const char* OpaqueName() const override { return #T; } \
static OpaqueValPtr OpaqueInstantiate() { return zeek::make_intrusive<T>(); } static zeek::OpaqueValPtr OpaqueInstantiate() { return zeek::make_intrusive<T>(); }
#define __OPAQUE_MERGE(a, b) a ## b #define __OPAQUE_MERGE(a, b) a ## b
#define __OPAQUE_ID(x) __OPAQUE_MERGE(_opaque, x) #define __OPAQUE_ID(x) __OPAQUE_MERGE(_opaque, x)
/** Macro to insert into an OpaqueVal-derived class's implementation file. */ /** Macro to insert into an OpaqueVal-derived class's implementation file. */
#define IMPLEMENT_OPAQUE_VALUE(T) static OpaqueMgr::Register<T> __OPAQUE_ID(__LINE__)(#T); #define IMPLEMENT_OPAQUE_VALUE(T) static zeek::OpaqueMgr::Register<T> __OPAQUE_ID(__LINE__)(#T);
/** /**
* Base class for all opaque values. Opaque values are types that are managed * Base class for all opaque values. Opaque values are types that are managed
@ -162,11 +169,6 @@ protected:
static zeek::TypePtr UnserializeType(const broker::data& data); static zeek::TypePtr UnserializeType(const broker::data& data);
}; };
namespace probabilistic {
class BloomFilter;
class CardinalityCounter;
}
class HashVal : public OpaqueVal { class HashVal : public OpaqueVal {
public: public:
template <class T> template <class T>
@ -339,7 +341,7 @@ private:
}; };
class CardinalityVal: public OpaqueVal { class CardinalityVal : public OpaqueVal {
public: public:
explicit CardinalityVal(probabilistic::CardinalityCounter*); explicit CardinalityVal(probabilistic::CardinalityCounter*);
~CardinalityVal() override; ~CardinalityVal() override;
@ -380,3 +382,16 @@ protected:
private: private:
std::unique_ptr<paraglob::Paraglob> internal_paraglob; std::unique_ptr<paraglob::Paraglob> internal_paraglob;
}; };
}
using OpaqueMgr [[deprecated("Remove in v4.1. Use zeek::OpaqueMgr instead.")]] = zeek::OpaqueMgr;
using OpaqueVal [[deprecated("Remove in v4.1. Use zeek::OpaqueVal instead.")]] = zeek::OpaqueVal;
using HashVal [[deprecated("Remove in v4.1. Use zeek::HashVal instead.")]] = zeek::HashVal;
using MD5Val [[deprecated("Remove in v4.1. Use zeek::MD5Val instead.")]] = zeek::MD5Val;
using SHA1Val [[deprecated("Remove in v4.1. Use zeek::SHA1Val instead.")]] = zeek::SHA1Val;
using SHA256Val [[deprecated("Remove in v4.1. Use zeek::SHA256Val instead.")]] = zeek::SHA256Val;
using EntropyVal [[deprecated("Remove in v4.1. Use zeek::EntropyVal instead.")]] = zeek::EntropyVal;
using BloomFilterVal [[deprecated("Remove in v4.1. Use zeek::BloomFilterVal instead.")]] = zeek::BloomFilterVal;
using CardinalityVal [[deprecated("Remove in v4.1. Use zeek::CardinalityVal instead.")]] = zeek::CardinalityVal;
using ParaglobVal [[deprecated("Remove in v4.1. Use zeek::ParaglobVal instead.")]] = zeek::ParaglobVal;

8
src/PacketFilter.cc
View file

@ -23,7 +23,7 @@ void PacketFilter::AddSrc(const IPAddr& src, uint32_t tcp_flags, double probabil
delete prev; delete prev;
} }
void PacketFilter::AddSrc(Val* src, uint32_t tcp_flags, double probability) void PacketFilter::AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability)
{ {
Filter* f = new Filter; Filter* f = new Filter;
f->tcp_flags = tcp_flags; f->tcp_flags = tcp_flags;
@ -41,7 +41,7 @@ void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probabil
delete prev; delete prev;
} }
void PacketFilter::AddDst(Val* dst, uint32_t tcp_flags, double probability) void PacketFilter::AddDst(zeek::Val* dst, uint32_t tcp_flags, double probability)
{ {
Filter* f = new Filter; Filter* f = new Filter;
f->tcp_flags = tcp_flags; f->tcp_flags = tcp_flags;
@ -57,7 +57,7 @@ bool PacketFilter::RemoveSrc(const IPAddr& src)
return f != nullptr; return f != nullptr;
} }
bool PacketFilter::RemoveSrc(Val* src) bool PacketFilter::RemoveSrc(zeek::Val* src)
{ {
auto f = static_cast<Filter*>(src_filter.Remove(src)); auto f = static_cast<Filter*>(src_filter.Remove(src));
delete f; delete f;
@ -71,7 +71,7 @@ bool PacketFilter::RemoveDst(const IPAddr& dst)
return f != nullptr; return f != nullptr;
} }
bool PacketFilter::RemoveDst(Val* dst) bool PacketFilter::RemoveDst(zeek::Val* dst)
{ {
auto f = static_cast<Filter*>(dst_filter.Remove(dst)); auto f = static_cast<Filter*>(dst_filter.Remove(dst));
delete f; delete f;

10
src/PacketFilter.h
View file

@ -6,7 +6,7 @@
#include "PrefixTable.h" #include "PrefixTable.h"
class IP_Hdr; class IP_Hdr;
class Val; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class PacketFilter { class PacketFilter {
public: public:
@ -17,16 +17,16 @@ public:
// as an AddrVal or a SubnetVal) which hasn't any of TCP flags set // as an AddrVal or a SubnetVal) which hasn't any of TCP flags set
// (TH_*) with the given probability (from 0..MAX_PROB). // (TH_*) with the given probability (from 0..MAX_PROB).
void AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability); void AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability);
void AddSrc(Val* src, uint32_t tcp_flags, double probability); void AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability);
void AddDst(const IPAddr& src, uint32_t tcp_flags, double probability); void AddDst(const IPAddr& src, uint32_t tcp_flags, double probability);
void AddDst(Val* src, uint32_t tcp_flags, double probability); void AddDst(zeek::Val* src, uint32_t tcp_flags, double probability);
// Removes the filter entry for the given src/dst // Removes the filter entry for the given src/dst
// Returns false if filter doesn not exist. // Returns false if filter doesn not exist.
bool RemoveSrc(const IPAddr& src); bool RemoveSrc(const IPAddr& src);
bool RemoveSrc(Val* dst); bool RemoveSrc(zeek::Val* dst);
bool RemoveDst(const IPAddr& dst); bool RemoveDst(const IPAddr& dst);
bool RemoveDst(Val* dst); bool RemoveDst(zeek::Val* dst);
// Returns true if packet matches a drop filter // Returns true if packet matches a drop filter
bool Match(const IP_Hdr* ip, int len, int caplen); bool Match(const IP_Hdr* ip, int len, int caplen);

8
src/PrefixTable.cc
View file

@ -40,7 +40,7 @@ void* PrefixTable::Insert(const IPAddr& addr, int width, void* data)
return old; return old;
} }
void* PrefixTable::Insert(const Val* value, void* data) void* PrefixTable::Insert(const zeek::Val* value, void* data)
{ {
// [elem] -> elem // [elem] -> elem
if ( value->GetType()->Tag() == zeek::TYPE_LIST && if ( value->GetType()->Tag() == zeek::TYPE_LIST &&
@ -81,7 +81,7 @@ std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const IPAddr& addr, i
return out; return out;
} }
std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const SubNetVal* value) const std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const zeek::SubNetVal* value) const
{ {
return FindAll(value->AsSubNet().Prefix(), value->AsSubNet().LengthIPv6()); return FindAll(value->AsSubNet().Prefix(), value->AsSubNet().LengthIPv6());
} }
@ -100,7 +100,7 @@ void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const
return node ? node->data : nullptr; return node ? node->data : nullptr;
} }
void* PrefixTable::Lookup(const Val* value, bool exact) const void* PrefixTable::Lookup(const zeek::Val* value, bool exact) const
{ {
// [elem] -> elem // [elem] -> elem
if ( value->GetType()->Tag() == zeek::TYPE_LIST && if ( value->GetType()->Tag() == zeek::TYPE_LIST &&
@ -139,7 +139,7 @@ void* PrefixTable::Remove(const IPAddr& addr, int width)
return old; return old;
} }
void* PrefixTable::Remove(const Val* value) void* PrefixTable::Remove(const zeek::Val* value)
{ {
// [elem] -> elem // [elem] -> elem
if ( value->GetType()->Tag() == zeek::TYPE_LIST && if ( value->GetType()->Tag() == zeek::TYPE_LIST &&

12
src/PrefixTable.h
View file

@ -8,8 +8,8 @@ extern "C" {
#include "IPAddr.h" #include "IPAddr.h"
class Val; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class SubNetVal; ZEEK_FORWARD_DECLARE_NAMESPACED(SubNetVal, zeek);
class PrefixTable { class PrefixTable {
private: private:
@ -30,21 +30,21 @@ public:
void* Insert(const IPAddr& addr, int width, void* data = nullptr); void* Insert(const IPAddr& addr, int width, void* data = nullptr);
// Value may be addr or subnet. // Value may be addr or subnet.
void* Insert(const Val* value, void* data = nullptr); void* Insert(const zeek::Val* value, void* data = nullptr);
// Returns nil if not found, pointer to data otherwise. // Returns nil if not found, pointer to data otherwise.
// For items without data, returns non-nil if found. // For items without data, returns non-nil if found.
// If exact is false, performs exact rather than longest-prefix match. // If exact is false, performs exact rather than longest-prefix match.
void* Lookup(const IPAddr& addr, int width, bool exact = false) const; void* Lookup(const IPAddr& addr, int width, bool exact = false) const;
void* Lookup(const Val* value, bool exact = false) const; void* Lookup(const zeek::Val* value, bool exact = false) const;
// Returns list of all found matches or empty list otherwise. // Returns list of all found matches or empty list otherwise.
std::list<std::tuple<IPPrefix,void*>> FindAll(const IPAddr& addr, int width) const; std::list<std::tuple<IPPrefix,void*>> FindAll(const IPAddr& addr, int width) const;
std::list<std::tuple<IPPrefix,void*>> FindAll(const SubNetVal* value) const; std::list<std::tuple<IPPrefix,void*>> FindAll(const zeek::SubNetVal* value) const;
// Returns pointer to data or nil if not found. // Returns pointer to data or nil if not found.
void* Remove(const IPAddr& addr, int width); void* Remove(const IPAddr& addr, int width);
void* Remove(const Val* value); void* Remove(const zeek::Val* value);
void Clear() { Clear_Patricia(tree, delete_function); } void Clear() { Clear_Patricia(tree, delete_function); }

33
src/RandTest.h
View file

@ -1,30 +1,31 @@
#pragma once #pragma once
#include "zeek-config.h"
#include <stdint.h> #include <stdint.h>
#define RT_MONTEN 6 /* Bytes used as Monte Carlo #define RT_MONTEN 6 /* Bytes used as Monte Carlo
co-ordinates. This should be no more co-ordinates. This should be no more
bits than the mantissa of your "double" bits than the mantissa of your "double"
floating point type. */ floating point type. */
class EntropyVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(EntropyVal, zeek);
class RandTest { class RandTest {
public: public:
RandTest(); RandTest();
void add(const void* buf, int bufl); void add(const void* buf, int bufl);
void end(double* r_ent, double* r_chisq, double* r_mean, void end(double* r_ent, double* r_chisq, double* r_mean,
double* r_montepicalc, double* r_scc); double* r_montepicalc, double* r_scc);
private: private:
friend class EntropyVal; friend class zeek::EntropyVal;
int64_t ccount[256]; /* Bins to count occurrences of values */ int64_t ccount[256]; /* Bins to count occurrences of values */
int64_t totalc; /* Total bytes counted */ int64_t totalc; /* Total bytes counted */
int mp; int mp;
int sccfirst; int sccfirst;
unsigned int monte[RT_MONTEN]; unsigned int monte[RT_MONTEN];
int64_t inmont, mcount; int64_t inmont, mcount;
double cexp, montex, montey, montepi, double cexp, montex, montey, montepi,
sccu0, scclast, scct1, scct2, scct3; sccu0, scclast, scct1, scct2, scct3;
}; };

22
src/Reporter.cc
View file

@ -74,7 +74,7 @@ void Reporter::InitOptions()
HashKey* k; HashKey* k;
IterCookie* c = wl_table->InitForIteration(); IterCookie* c = wl_table->InitForIteration();
TableEntryVal* v; zeek::TableEntryVal* v;
while ( (v = wl_table->NextEntry(k, c)) ) while ( (v = wl_table->NextEntry(k, c)) )
{ {
@ -345,7 +345,7 @@ bool Reporter::PermitFlowWeird(const char* name,
return false; return false;
} }
bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id) bool Reporter::PermitExpiredConnWeird(const char* name, const zeek::RecordVal& conn_id)
{ {
auto conn_tuple = std::make_tuple(conn_id.GetField("orig_h")->AsAddr(), auto conn_tuple = std::make_tuple(conn_id.GetField("orig_h")->AsAddr(),
conn_id.GetField("resp_h")->AsAddr(), conn_id.GetField("resp_h")->AsAddr(),
@ -384,7 +384,7 @@ void Reporter::Weird(const char* name, const char* addl)
return; return;
} }
WeirdHelper(net_weird, {new StringVal(addl)}, "%s", name); WeirdHelper(net_weird, {new zeek::StringVal(addl)}, "%s", name);
} }
void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl) void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
@ -398,7 +398,7 @@ void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
return; return;
} }
WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl)}, WeirdHelper(file_weird, {f->ToVal()->Ref(), new zeek::StringVal(addl)},
"%s", name); "%s", name);
} }
@ -413,11 +413,11 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl)
return; return;
} }
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)}, WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new zeek::StringVal(addl)},
"%s", name); "%s", name);
} }
void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid, void Reporter::Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid,
const char* name, const char* addl) const char* name, const char* addl)
{ {
UpdateWeirdStats(name); UpdateWeirdStats(name);
@ -429,7 +429,7 @@ void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
} }
WeirdHelper(expired_conn_weird, WeirdHelper(expired_conn_weird,
{conn_id.release(), uid.release(), new StringVal(addl)}, {conn_id.release(), uid.release(), new zeek::StringVal(addl)},
"%s", name); "%s", name);
} }
@ -444,7 +444,7 @@ void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, c
} }
WeirdHelper(flow_weird, WeirdHelper(flow_weird,
{new AddrVal(orig), new AddrVal(resp), new StringVal(addl)}, {new zeek::AddrVal(orig), new zeek::AddrVal(resp), new zeek::StringVal(addl)},
"%s", name); "%s", name);
} }
@ -558,12 +558,12 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,
vl.reserve(vl_size); vl.reserve(vl_size);
if ( time ) if ( time )
vl.emplace_back(zeek::make_intrusive<TimeVal>(network_time ? network_time : current_time())); vl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(network_time ? network_time : current_time()));
vl.emplace_back(zeek::make_intrusive<StringVal>(buffer)); vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(buffer));
if ( location ) if ( location )
vl.emplace_back(zeek::make_intrusive<StringVal>(loc_str.c_str())); vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(loc_str.c_str()));
if ( conn ) if ( conn )
vl.emplace_back(conn->ConnVal()); vl.emplace_back(conn->ConnVal());

11
src/Reporter.h
View file

@ -21,15 +21,14 @@ class Connection;
class Location; class Location;
class Reporter; class Reporter;
class EventHandlerPtr; class EventHandlerPtr;
class RecordVal; ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
class StringVal; ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
namespace zeek { namespace zeek {
template <class T> class IntrusivePtr; template <class T> class IntrusivePtr;
}
using RecordValPtr = zeek::IntrusivePtr<RecordVal>; using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
using StringValPtr = zeek::IntrusivePtr<StringVal>; using StringValPtr = zeek::IntrusivePtr<StringVal>;
}
// One cannot raise this exception directly, go through the // One cannot raise this exception directly, go through the
// Reporter's methods instead. // Reporter's methods instead.
@ -102,7 +101,7 @@ public:
void Weird(const char* name, const char* addl = ""); // Raises net_weird(). void Weird(const char* name, const char* addl = ""); // Raises net_weird().
void Weird(file_analysis::File* f, const char* name, const char* addl = ""); // Raises file_weird(). void Weird(file_analysis::File* f, const char* name, const char* addl = ""); // Raises file_weird().
void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird(). void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird().
void Weird(RecordValPtr conn_id, StringValPtr uid, void Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid,
const char* name, const char* addl = ""); // Raises expired_conn_weird(). const char* name, const char* addl = ""); // Raises expired_conn_weird().
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird(). void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird().
@ -275,7 +274,7 @@ private:
{ return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end(); } { return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end(); }
bool PermitNetWeird(const char* name); bool PermitNetWeird(const char* name);
bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r); bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r);
bool PermitExpiredConnWeird(const char* name, const RecordVal& conn_id); bool PermitExpiredConnWeird(const char* name, const zeek::RecordVal& conn_id);
bool EmitToStderr(bool flag) bool EmitToStderr(bool flag)
{ return flag || ! after_zeek_init; } { return flag || ! after_zeek_init; }

4
src/RuleAction.cc
View file

@ -23,8 +23,8 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state,
if ( signature_match ) if ( signature_match )
mgr.Enqueue(signature_match, mgr.Enqueue(signature_match,
zeek::IntrusivePtr{zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(parent, state)}, zeek::IntrusivePtr{zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(parent, state)},
zeek::make_intrusive<StringVal>(msg), zeek::make_intrusive<zeek::StringVal>(msg),
data ? zeek::make_intrusive<StringVal>(len, (const char*)data) : val_mgr->EmptyString() data ? zeek::make_intrusive<zeek::StringVal>(len, (const char*)data) : val_mgr->EmptyString()
); );
} }

2
src/RuleCondition.cc
View file

@ -173,7 +173,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state,
args.emplace_back(zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(rule, state)); args.emplace_back(zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(rule, state));
if ( data ) if ( data )
args.emplace_back(zeek::make_intrusive<StringVal>(len, (const char*) data)); args.emplace_back(zeek::make_intrusive<zeek::StringVal>(len, (const char*) data));
else else
args.emplace_back(val_mgr->EmptyString()); args.emplace_back(val_mgr->EmptyString());

18
src/RuleMatcher.cc
View file

@ -78,12 +78,12 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<IPPrefix> arg_v)
level = 0; level = 0;
} }
Val* RuleMatcher::BuildRuleStateValue(const Rule* rule, zeek::Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
const RuleEndpointState* state) const const RuleEndpointState* state) const
{ {
static auto signature_state = zeek::id::find_type<zeek::RecordType>("signature_state"); static auto signature_state = zeek::id::find_type<zeek::RecordType>("signature_state");
RecordVal* val = new RecordVal(signature_state); auto* val = new zeek::RecordVal(signature_state);
val->Assign(0, zeek::make_intrusive<StringVal>(rule->ID())); val->Assign(0, zeek::make_intrusive<zeek::StringVal>(rule->ID()));
val->Assign(1, state->GetAnalyzer()->ConnVal()); val->Assign(1, state->GetAnalyzer()->ConnVal());
val->Assign(2, val_mgr->Bool(state->is_orig)); val->Assign(2, val_mgr->Bool(state->is_orig));
val->Assign(3, val_mgr->Count(state->payload_size)); val->Assign(3, val_mgr->Count(state->payload_size));
@ -1272,7 +1272,7 @@ void RuleMatcher::DumpStateStats(BroFile* f, RuleHdrTest* hdr_test)
DumpStateStats(f, h); DumpStateStats(f, h);
} }
static Val* get_bro_val(const char* label) static zeek::Val* get_bro_val(const char* label)
{ {
auto id = lookup_ID(label, GLOBAL_MODULE_NAME, false); auto id = lookup_ID(label, GLOBAL_MODULE_NAME, false);
if ( ! id ) if ( ! id )
@ -1288,7 +1288,7 @@ static Val* get_bro_val(const char* label)
// Converts an atomic Val and appends it to the list. For subnet types, // Converts an atomic Val and appends it to the list. For subnet types,
// if the prefix_vector param isn't null, appending to that is preferred // if the prefix_vector param isn't null, appending to that is preferred
// over appending to the masked val list. // over appending to the masked val list.
static bool val_to_maskedval(Val* v, maskedvalue_list* append_to, static bool val_to_maskedval(zeek::Val* v, maskedvalue_list* append_to,
vector<IPPrefix>* prefix_vector) vector<IPPrefix>* prefix_vector)
{ {
MaskedValue* mval = new MaskedValue; MaskedValue* mval = new MaskedValue;
@ -1358,7 +1358,7 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to,
void id_to_maskedvallist(const char* id, maskedvalue_list* append_to, void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
vector<IPPrefix>* prefix_vector) vector<IPPrefix>* prefix_vector)
{ {
Val* v = get_bro_val(id); zeek::Val* v = get_bro_val(id);
if ( ! v ) if ( ! v )
return; return;
@ -1380,7 +1380,7 @@ char* id_to_str(const char* id)
const BroString* src; const BroString* src;
char* dst; char* dst;
Val* v = get_bro_val(id); zeek::Val* v = get_bro_val(id);
if ( ! v ) if ( ! v )
goto error; goto error;
@ -1403,7 +1403,7 @@ error:
uint32_t id_to_uint(const char* id) uint32_t id_to_uint(const char* id)
{ {
Val* v = get_bro_val(id); zeek::Val* v = get_bro_val(id);
if ( ! v ) if ( ! v )
return 0; return 0;

7
src/RuleMatcher.h
View file

@ -27,7 +27,6 @@ extern FILE* rules_in;
extern int rules_line_number; extern int rules_line_number;
extern const char* current_rule_file; extern const char* current_rule_file;
class Val;
class BroFile; class BroFile;
class IntSet; class IntSet;
class IP_Hdr; class IP_Hdr;
@ -37,6 +36,8 @@ class Specific_RE_Matcher;
class RuleMatcher; class RuleMatcher;
extern RuleMatcher* rule_matcher; extern RuleMatcher* rule_matcher;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace analyzer { namespace analyzer {
namespace pia { class PIA; } namespace pia { class PIA; }
class Analyzer; class Analyzer;
@ -304,8 +305,8 @@ public:
unsigned int misses; // # cache misses unsigned int misses; // # cache misses
}; };
Val* BuildRuleStateValue(const Rule* rule, zeek::Val* BuildRuleStateValue(const Rule* rule,
const RuleEndpointState* state) const; const RuleEndpointState* state) const;
void GetStats(Stats* stats, RuleHdrTest* hdr_test = nullptr); void GetStats(Stats* stats, RuleHdrTest* hdr_test = nullptr);
void DumpStats(BroFile* f); void DumpStats(BroFile* f);

3
src/Scope.h
View file

@ -12,9 +12,10 @@
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
#include "TraverseTypes.h" #include "TraverseTypes.h"
template <class T> class IntrusivePtr;
namespace zeek { namespace zeek {
template <class T> class IntrusivePtr;
class Type; class Type;
using TypePtr = zeek::IntrusivePtr<zeek::Type>; using TypePtr = zeek::IntrusivePtr<zeek::Type>;
} }

10
src/Sessions.cc
View file

@ -703,7 +703,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel()); conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel());
ValPtr pkt_hdr_val; zeek::ValPtr pkt_hdr_val;
if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 ) if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 )
{ {
@ -920,7 +920,7 @@ FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
return f; return f;
} }
Connection* NetSessions::FindConnection(Val* v) Connection* NetSessions::FindConnection(zeek::Val* v)
{ {
const auto& vt = v->GetType(); const auto& vt = v->GetType();
if ( ! zeek::IsRecord(vt->Tag()) ) if ( ! zeek::IsRecord(vt->Tag()) )
@ -958,8 +958,8 @@ Connection* NetSessions::FindConnection(Val* v)
const IPAddr& orig_addr = (*vl)[orig_h]->AsAddr(); const IPAddr& orig_addr = (*vl)[orig_h]->AsAddr();
const IPAddr& resp_addr = (*vl)[resp_h]->AsAddr(); const IPAddr& resp_addr = (*vl)[resp_h]->AsAddr();
PortVal* orig_portv = (*vl)[orig_p]->AsPortVal(); zeek::PortVal* orig_portv = (*vl)[orig_p]->AsPortVal();
PortVal* resp_portv = (*vl)[resp_p]->AsPortVal(); zeek::PortVal* resp_portv = (*vl)[resp_p]->AsPortVal();
ConnID id; ConnID id;
@ -1236,7 +1236,7 @@ bool NetSessions::IsLikelyServerPort(uint32_t port, TransportProto proto) const
if ( ! have_cache ) if ( ! have_cache )
{ {
auto likely_server_ports = zeek::id::find_val<TableVal>("likely_server_ports"); auto likely_server_ports = zeek::id::find_val<zeek::TableVal>("likely_server_ports");
auto lv = likely_server_ports->ToPureListVal(); auto lv = likely_server_ports->ToPureListVal();
for ( int i = 0; i < lv->Length(); i++ ) for ( int i = 0; i < lv->Length(); i++ )
port_cache.insert(lv->Idx(i)->InternalUnsigned()); port_cache.insert(lv->Idx(i)->InternalUnsigned());

2
src/Sessions.h
View file

@ -61,7 +61,7 @@ public:
// Looks up the connection referred to by the given Val, // Looks up the connection referred to by the given Val,
// which should be a conn_id record. Returns nil if there's // which should be a conn_id record. Returns nil if there's
// no such connection or the Val is ill-formed. // no such connection or the Val is ill-formed.
Connection* FindConnection(Val* v); Connection* FindConnection(zeek::Val* v);
void Remove(Connection* c); void Remove(Connection* c);
void Remove(FragReassembler* f); void Remove(FragReassembler* f);

20
src/SmithWaterman.cc
View file

@ -56,14 +56,14 @@ bool BroSubstring::DoesCover(const BroSubstring* bst) const
return true; return true;
} }
VectorVal* BroSubstring::VecToPolicy(Vec* vec) zeek::VectorVal* BroSubstring::VecToPolicy(Vec* vec)
{ {
static auto sw_substring_type = zeek::id::find_type<zeek::RecordType>("sw_substring"); static auto sw_substring_type = zeek::id::find_type<zeek::RecordType>("sw_substring");
static auto sw_align_type = zeek::id::find_type<zeek::RecordType>("sw_align"); static auto sw_align_type = zeek::id::find_type<zeek::RecordType>("sw_align");
static auto sw_align_vec_type = zeek::id::find_type<zeek::VectorType>("sw_align_vec"); static auto sw_align_vec_type = zeek::id::find_type<zeek::VectorType>("sw_align_vec");
static auto sw_substring_vec_type = zeek::id::find_type<zeek::VectorType>("sw_substring_vec"); static auto sw_substring_vec_type = zeek::id::find_type<zeek::VectorType>("sw_substring_vec");
auto result = zeek::make_intrusive<VectorVal>(sw_substring_vec_type); auto result = zeek::make_intrusive<zeek::VectorVal>(sw_substring_vec_type);
if ( vec ) if ( vec )
{ {
@ -71,17 +71,17 @@ VectorVal* BroSubstring::VecToPolicy(Vec* vec)
{ {
BroSubstring* bst = (*vec)[i]; BroSubstring* bst = (*vec)[i];
auto st_val = zeek::make_intrusive<RecordVal>(sw_substring_type); auto st_val = zeek::make_intrusive<zeek::RecordVal>(sw_substring_type);
st_val->Assign(0, zeek::make_intrusive<StringVal>(new BroString(*bst))); st_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(*bst)));
auto aligns = zeek::make_intrusive<VectorVal>(sw_align_vec_type); auto aligns = zeek::make_intrusive<zeek::VectorVal>(sw_align_vec_type);
for ( unsigned int j = 0; j < bst->GetNumAlignments(); ++j ) for ( unsigned int j = 0; j < bst->GetNumAlignments(); ++j )
{ {
const BSSAlign& align = (bst->GetAlignments())[j]; const BSSAlign& align = (bst->GetAlignments())[j];
auto align_val = zeek::make_intrusive<RecordVal>(sw_align_type); auto align_val = zeek::make_intrusive<zeek::RecordVal>(sw_align_type);
align_val->Assign(0, zeek::make_intrusive<StringVal>(new BroString(*align.string))); align_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(*align.string)));
align_val->Assign(1, val_mgr->Count(align.index)); align_val->Assign(1, val_mgr->Count(align.index));
aligns->Assign(j + 1, std::move(align_val)); aligns->Assign(j + 1, std::move(align_val));
@ -96,7 +96,7 @@ VectorVal* BroSubstring::VecToPolicy(Vec* vec)
return result.release(); return result.release();
} }
BroSubstring::Vec* BroSubstring::VecFromPolicy(VectorVal* vec) BroSubstring::Vec* BroSubstring::VecFromPolicy(zeek::VectorVal* vec)
{ {
Vec* result = new Vec(); Vec* result = new Vec();
@ -110,10 +110,10 @@ BroSubstring::Vec* BroSubstring::VecFromPolicy(VectorVal* vec)
const BroString* str = v->AsRecordVal()->GetField(0)->AsString(); const BroString* str = v->AsRecordVal()->GetField(0)->AsString();
BroSubstring* substr = new BroSubstring(*str); BroSubstring* substr = new BroSubstring(*str);
const VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal(); const zeek::VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal();
for ( unsigned int j = 1; j <= aligns->Size(); ++j ) for ( unsigned int j = 1; j <= aligns->Size(); ++j )
{ {
const RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal(); const zeek::RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal();
const BroString* str = align->GetField(0)->AsString(); const BroString* str = align->GetField(0)->AsString();
int index = align->GetField(1)->AsCount(); int index = align->GetField(1)->AsCount();
substr->AddAlignment(str, index); substr->AddAlignment(str, index);

6
src/SmithWaterman.h
View file

@ -68,11 +68,11 @@ public:
// Helper methods for vectors: // Helper methods for vectors:
// //
static VectorVal* VecToPolicy(Vec* vec); static zeek::VectorVal* VecToPolicy(Vec* vec);
static Vec* VecFromPolicy(VectorVal* vec); static Vec* VecFromPolicy(zeek::VectorVal* vec);
static char* VecToString(Vec* vec); static char* VecToString(Vec* vec);
static BroString::IdxVec* GetOffsetsVec(const Vec* vec, static BroString::IdxVec* GetOffsetsVec(const Vec* vec,
unsigned int index); unsigned int index);
private: private:
typedef std::map<std::string, void*> DataMap; typedef std::map<std::string, void*> DataMap;

10
src/Stats.cc
View file

@ -313,7 +313,7 @@ void ProfileLogger::Log()
if ( profiling_update ) if ( profiling_update )
{ {
mgr.Dispatch(new Event(profiling_update, { mgr.Dispatch(new Event(profiling_update, {
zeek::make_intrusive<Val>(zeek::IntrusivePtr{zeek::NewRef{}, file}), zeek::make_intrusive<zeek::Val>(zeek::IntrusivePtr{zeek::NewRef{}, file}),
val_mgr->Bool(expensive), val_mgr->Bool(expensive),
})); }));
} }
@ -344,7 +344,7 @@ SampleLogger::SampleLogger()
if ( ! load_sample_info ) if ( ! load_sample_info )
load_sample_info = zeek::id::find_type("load_sample_info")->AsTableType(); load_sample_info = zeek::id::find_type("load_sample_info")->AsTableType();
load_samples = new TableVal({zeek::NewRef{}, load_sample_info}); load_samples = new zeek::TableVal({zeek::NewRef{}, load_sample_info});
} }
SampleLogger::~SampleLogger() SampleLogger::~SampleLogger()
@ -354,13 +354,13 @@ SampleLogger::~SampleLogger()
void SampleLogger::FunctionSeen(const Func* func) void SampleLogger::FunctionSeen(const Func* func)
{ {
auto idx = zeek::make_intrusive<StringVal>(func->Name()); auto idx = zeek::make_intrusive<zeek::StringVal>(func->Name());
load_samples->Assign(std::move(idx), nullptr); load_samples->Assign(std::move(idx), nullptr);
} }
void SampleLogger::LocationSeen(const Location* loc) void SampleLogger::LocationSeen(const Location* loc)
{ {
auto idx = zeek::make_intrusive<StringVal>(loc->filename); auto idx = zeek::make_intrusive<zeek::StringVal>(loc->filename);
load_samples->Assign(std::move(idx), nullptr); load_samples->Assign(std::move(idx), nullptr);
} }
@ -371,7 +371,7 @@ void SampleLogger::SegmentProfile(const char* /* name */,
if ( load_sample ) if ( load_sample )
mgr.Enqueue(load_sample, mgr.Enqueue(load_sample,
zeek::IntrusivePtr{zeek::NewRef{}, load_samples}, zeek::IntrusivePtr{zeek::NewRef{}, load_samples},
zeek::make_intrusive<IntervalVal>(dtime, Seconds), zeek::make_intrusive<zeek::IntervalVal>(dtime, Seconds),
val_mgr->Int(dmem) val_mgr->Int(dmem)
); );
} }

7
src/Stats.h
View file

@ -2,16 +2,19 @@
#pragma once #pragma once
#include "zeek-config.h"
#include <sys/types.h> #include <sys/types.h>
#include <sys/time.h> #include <sys/time.h>
#include <sys/resource.h> #include <sys/resource.h>
#include <stdint.h> #include <stdint.h>
class Func; class Func;
class TableVal;
class Location; class Location;
class BroFile; class BroFile;
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
// Object called by SegmentProfiler when it is done and reports its // Object called by SegmentProfiler when it is done and reports its
// cumulative CPU/memory statistics. // cumulative CPU/memory statistics.
class SegmentStatsReporter { class SegmentStatsReporter {
@ -98,7 +101,7 @@ protected:
void SegmentProfile(const char* name, const Location* loc, void SegmentProfile(const char* name, const Location* loc,
double dtime, int dmem) override; double dtime, int dmem) override;
TableVal* load_samples; zeek::TableVal* load_samples;
}; };

20
src/Stmt.cc
View file

@ -205,17 +205,17 @@ static void print_log(const std::vector<ValPtr>& vals)
{ {
static auto plval = lookup_enum_val("Log", "PRINTLOG"); static auto plval = lookup_enum_val("Log", "PRINTLOG");
static auto lpli = zeek::id::find_type<RecordType>("Log::PrintLogInfo"); static auto lpli = zeek::id::find_type<RecordType>("Log::PrintLogInfo");
auto record = zeek::make_intrusive<RecordVal>(lpli); auto record = zeek::make_intrusive<zeek::RecordVal>(lpli);
auto vec = zeek::make_intrusive<VectorVal>(zeek::id::string_vec); auto vec = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
for ( const auto& val : vals ) for ( const auto& val : vals )
{ {
ODesc d(DESC_READABLE); ODesc d(DESC_READABLE);
val->Describe(&d); val->Describe(&d);
vec->Assign(vec->Size(), zeek::make_intrusive<StringVal>(d.Description())); vec->Assign(vec->Size(), zeek::make_intrusive<zeek::StringVal>(d.Description()));
} }
record->Assign(0, zeek::make_intrusive<TimeVal>(network_time)); record->Assign(0, zeek::make_intrusive<zeek::TimeVal>(network_time));
record->Assign(1, std::move(vec)); record->Assign(1, std::move(vec));
log_mgr->Write(plval.get(), record.get()); log_mgr->Write(plval.get(), record.get());
} }
@ -1181,7 +1181,7 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
if ( v->GetType()->Tag() == TYPE_TABLE ) if ( v->GetType()->Tag() == TYPE_TABLE )
{ {
TableVal* tv = v->AsTableVal(); TableVal* tv = v->AsTableVal();
const PDict<TableEntryVal>* loop_vals = tv->AsTable(); const PDict<zeek::TableEntryVal>* loop_vals = tv->AsTable();
if ( ! loop_vals->Length() ) if ( ! loop_vals->Length() )
return nullptr; return nullptr;
@ -1248,7 +1248,7 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
for ( int i = 0; i < sval->Len(); ++i ) for ( int i = 0; i < sval->Len(); ++i )
{ {
auto sv = zeek::make_intrusive<StringVal>(1, (const char*) sval->Bytes() + i); auto sv = zeek::make_intrusive<zeek::StringVal>(1, (const char*) sval->Bytes() + i);
f->SetElement((*loop_vars)[0], std::move(sv)); f->SetElement((*loop_vars)[0], std::move(sv));
flow = FLOW_NEXT; flow = FLOW_NEXT;
ret = body->Exec(f, flow); ret = body->Exec(f, flow);
@ -1654,14 +1654,14 @@ ValPtr InitStmt::Exec(Frame* f, stmt_flow_type& flow) const
switch ( t->Tag() ) { switch ( t->Tag() ) {
case TYPE_RECORD: case TYPE_RECORD:
v = zeek::make_intrusive<RecordVal>(zeek::cast_intrusive<RecordType>(t)); v = zeek::make_intrusive<zeek::RecordVal>(zeek::cast_intrusive<RecordType>(t));
break; break;
case TYPE_VECTOR: case TYPE_VECTOR:
v = zeek::make_intrusive<VectorVal>(zeek::cast_intrusive<VectorType>(t)); v = zeek::make_intrusive<zeek::VectorVal>(zeek::cast_intrusive<VectorType>(t));
break; break;
case TYPE_TABLE: case TYPE_TABLE:
v = zeek::make_intrusive<TableVal>(zeek::cast_intrusive<TableType>(t), v = zeek::make_intrusive<zeek::TableVal>(zeek::cast_intrusive<TableType>(t),
aggr->GetAttrs()); aggr->GetAttrs());
break; break;
default: default:
break; break;

8
src/Tag.cc
View file

@ -17,7 +17,7 @@ Tag::Tag(zeek::EnumType* etype, type_t arg_type, subtype_t arg_subtype)
: Tag({zeek::NewRef{}, etype}, arg_type, arg_subtype) : Tag({zeek::NewRef{}, etype}, arg_type, arg_subtype)
{ } { }
Tag::Tag(EnumValPtr arg_val) Tag::Tag(zeek::EnumValPtr arg_val)
{ {
assert(arg_val); assert(arg_val);
@ -28,7 +28,7 @@ Tag::Tag(EnumValPtr arg_val)
subtype = (i >> 31) & 0xffffffff; subtype = (i >> 31) & 0xffffffff;
} }
Tag::Tag(EnumVal* arg_val) Tag::Tag(zeek::EnumVal* arg_val)
: Tag({zeek::NewRef{}, arg_val}) : Tag({zeek::NewRef{}, arg_val})
{ } { }
@ -72,7 +72,7 @@ Tag& Tag::operator=(const Tag&& other) noexcept
return *this; return *this;
} }
const EnumValPtr& Tag::AsVal(const zeek::EnumTypePtr& etype) const const zeek::EnumValPtr& Tag::AsVal(const zeek::EnumTypePtr& etype) const
{ {
if ( ! val ) if ( ! val )
{ {
@ -83,7 +83,7 @@ const EnumValPtr& Tag::AsVal(const zeek::EnumTypePtr& etype) const
return val; return val;
} }
EnumVal* Tag::AsEnumVal(zeek::EnumType* etype) const zeek::EnumVal* Tag::AsEnumVal(zeek::EnumType* etype) const
{ {
return AsVal({zeek::NewRef{}, etype}).get(); return AsVal({zeek::NewRef{}, etype}).get();
} }

16
src/Tag.h
View file

@ -10,12 +10,12 @@
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
#include "util.h" #include "util.h"
class EnumVal; ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek);
using EnumValPtr = zeek::IntrusivePtr<EnumVal>;
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumType, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(EnumType, zeek);
namespace zeek { namespace zeek {
using EnumTypePtr = zeek::IntrusivePtr<zeek::EnumType>; using EnumTypePtr = zeek::IntrusivePtr<zeek::EnumType>;
using EnumValPtr = zeek::IntrusivePtr<zeek::EnumVal>;
} }
/** /**
@ -121,10 +121,10 @@ protected:
* *
* @param etype the script-layer enum type associated with the tag. * @param etype the script-layer enum type associated with the tag.
*/ */
const EnumValPtr& AsVal(const zeek::EnumTypePtr& etype) const; const zeek::EnumValPtr& AsVal(const zeek::EnumTypePtr& etype) const;
[[deprecated("Remove in v4.1. Use AsVal() instead.")]] [[deprecated("Remove in v4.1. Use AsVal() instead.")]]
EnumVal* AsEnumVal(zeek::EnumType* etype) const; zeek::EnumVal* AsEnumVal(zeek::EnumType* etype) const;
/** /**
* Constructor. * Constructor.
@ -147,13 +147,13 @@ protected:
* *
* @param val An enum value of script type \c Analyzer::Tag. * @param val An enum value of script type \c Analyzer::Tag.
*/ */
explicit Tag(EnumValPtr val); explicit Tag(zeek::EnumValPtr val);
[[deprecated("Remove in v4.1. Construct from zeek::IntrusivePtr instead.")]] [[deprecated("Remove in v4.1. Construct from zeek::IntrusivePtr instead.")]]
explicit Tag(EnumVal* val); explicit Tag(zeek::EnumVal* val);
private: private:
type_t type; // Main type. type_t type; // Main type.
subtype_t subtype; // Subtype. subtype_t subtype; // Subtype.
mutable EnumValPtr val; // Script-layer value. mutable zeek::EnumValPtr val; // Script-layer value.
}; };

2
src/Trigger.h
View file

@ -11,9 +11,9 @@
#include "IntrusivePtr.h" #include "IntrusivePtr.h"
class Frame; class Frame;
class Val;
class ODesc; class ODesc;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail);

12
src/TunnelEncapsulation.cc
View file

@ -16,19 +16,19 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
} }
} }
RecordValPtr EncapsulatingConn::ToVal() const zeek::RecordValPtr EncapsulatingConn::ToVal() const
{ {
auto rv = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::Tunnel::EncapsulatingConn); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Tunnel::EncapsulatingConn);
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id); auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(src_addr)); id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto)); id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(dst_addr)); id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto)); id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
rv->Assign(0, std::move(id_val)); rv->Assign(0, std::move(id_val));
rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type)); rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type));
rv->Assign(2, zeek::make_intrusive<StringVal>(uid.Base62("C").c_str())); rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(uid.Base62("C").c_str()));
return rv; return rv;
} }

10
src/TunnelEncapsulation.h
View file

@ -80,10 +80,10 @@ public:
/** /**
* Returns record value of type "EncapsulatingConn" representing the tunnel. * Returns record value of type "EncapsulatingConn" representing the tunnel.
*/ */
RecordValPtr ToVal() const; zeek::RecordValPtr ToVal() const;
[[deprecated("Remove in v4.1. Use ToVal() instead.")]] [[deprecated("Remove in v4.1. Use ToVal() instead.")]]
RecordVal* GetRecordVal() const zeek::RecordVal* GetRecordVal() const
{ return ToVal().release(); } { return ToVal().release(); }
friend bool operator==(const EncapsulatingConn& ec1, friend bool operator==(const EncapsulatingConn& ec1,
@ -195,9 +195,9 @@ public:
* Get the value of type "EncapsulatingConnVector" represented by the * Get the value of type "EncapsulatingConnVector" represented by the
* entire encapsulation chain. * entire encapsulation chain.
*/ */
VectorValPtr ToVal() const zeek::VectorValPtr ToVal() const
{ {
auto vv = zeek::make_intrusive<VectorVal>( auto vv = zeek::make_intrusive<zeek::VectorVal>(
zeek::id::find_type<zeek::VectorType>("EncapsulatingConnVector")); zeek::id::find_type<zeek::VectorType>("EncapsulatingConnVector"));
if ( conns ) if ( conns )
@ -210,7 +210,7 @@ public:
} }
[[deprecated("Remove in v4.1. Use ToVal() instead.")]] [[deprecated("Remove in v4.1. Use ToVal() instead.")]]
VectorVal* GetVectorVal() const zeek::VectorVal* GetVectorVal() const
{ return ToVal().release(); } { return ToVal().release(); }
friend bool operator==(const EncapsulationStack& e1, friend bool operator==(const EncapsulationStack& e1,

12
src/Type.cc
View file

@ -797,7 +797,7 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const
{ {
static auto record_field = zeek::id::find_type<RecordType>("record_field"); static auto record_field = zeek::id::find_type<RecordType>("record_field");
static auto record_field_table = zeek::id::find_type<TableType>("record_field_table"); static auto record_field_table = zeek::id::find_type<TableType>("record_field_table");
auto rval = zeek::make_intrusive<TableVal>(record_field_table); auto rval = zeek::make_intrusive<zeek::TableVal>(record_field_table);
for ( int i = 0; i < NumFields(); ++i ) for ( int i = 0; i < NumFields(); ++i )
{ {
@ -810,14 +810,14 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const
bool logged = (fd->attrs && fd->GetAttr(zeek::detail::ATTR_LOG) != nullptr); bool logged = (fd->attrs && fd->GetAttr(zeek::detail::ATTR_LOG) != nullptr);
auto nr = zeek::make_intrusive<RecordVal>(record_field); auto nr = zeek::make_intrusive<zeek::RecordVal>(record_field);
string s = container_type_name(ft.get()); string s = container_type_name(ft.get());
nr->Assign(0, zeek::make_intrusive<StringVal>(s)); nr->Assign(0, zeek::make_intrusive<zeek::StringVal>(s));
nr->Assign(1, val_mgr->Bool(logged)); nr->Assign(1, val_mgr->Bool(logged));
nr->Assign(2, std::move(fv)); nr->Assign(2, std::move(fv));
nr->Assign(3, FieldDefault(i)); nr->Assign(3, FieldDefault(i));
auto field_name = zeek::make_intrusive<StringVal>(FieldName(i)); auto field_name = zeek::make_intrusive<zeek::StringVal>(FieldName(i));
rval->Assign(std::move(field_name), std::move(nr)); rval->Assign(std::move(field_name), std::move(nr));
} }
@ -1163,7 +1163,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name,
AddNameInternal(module_name, name, val, is_export); AddNameInternal(module_name, name, val, is_export);
if ( vals.find(val) == vals.end() ) if ( vals.find(val) == vals.end() )
vals[val] = zeek::make_intrusive<EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, val); vals[val] = zeek::make_intrusive<zeek::EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, val);
set<Type*> types = Type::GetAliases(GetName()); set<Type*> types = Type::GetAliases(GetName());
set<Type*>::const_iterator it; set<Type*>::const_iterator it;
@ -1218,7 +1218,7 @@ const EnumValPtr& EnumType::GetVal(bro_int_t i)
if ( it == vals.end() ) if ( it == vals.end() )
{ {
auto ev = zeek::make_intrusive<EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, i); auto ev = zeek::make_intrusive<zeek::EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, i);
return vals.emplace(i, std::move(ev)).first->second; return vals.emplace(i, std::move(ev)).first->second;
} }

27
src/Type.h
View file

@ -14,21 +14,22 @@
#include <list> #include <list>
#include <optional> #include <optional>
class Val; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class EnumVal; ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek);
class TableVal; ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
using ValPtr = zeek::IntrusivePtr<Val>;
using EnumValPtr = zeek::IntrusivePtr<EnumVal>;
using TableValPtr = zeek::IntrusivePtr<TableVal>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(ListExpr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(ListExpr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Attributes, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Attributes, zeek::detail);
namespace zeek::detail { namespace zeek {
using ValPtr = zeek::IntrusivePtr<Val>;
using EnumValPtr = zeek::IntrusivePtr<EnumVal>;
using TableValPtr = zeek::IntrusivePtr<TableVal>;
namespace detail {
using ListExprPtr = zeek::IntrusivePtr<ListExpr>; using ListExprPtr = zeek::IntrusivePtr<ListExpr>;
} }
}
namespace zeek { namespace zeek {
@ -671,7 +672,7 @@ public:
zeek::IntrusivePtr<T> GetFieldType(int field_index) const zeek::IntrusivePtr<T> GetFieldType(int field_index) const
{ return zeek::cast_intrusive<T>((*types)[field_index]->type); } { return zeek::cast_intrusive<T>((*types)[field_index]->type); }
ValPtr FieldDefault(int field) const; zeek::ValPtr FieldDefault(int field) const;
// A field's offset is its position in the type_decl_list, // A field's offset is its position in the type_decl_list,
// starting at 0. Returns negative if the field doesn't exist. // starting at 0. Returns negative if the field doesn't exist.
@ -693,7 +694,7 @@ public:
* @param rv an optional record value, if given the values of * @param rv an optional record value, if given the values of
* all fields will be provided in the returned table. * all fields will be provided in the returned table.
*/ */
TableValPtr GetRecordFieldsVal(const RecordVal* rv = nullptr) const; zeek::TableValPtr GetRecordFieldsVal(const zeek::RecordVal* rv = nullptr) const;
// Returns null if all is ok, otherwise a pointer to an error message. // Returns null if all is ok, otherwise a pointer to an error message.
const char* AddFields(const type_decl_list& types, const char* AddFields(const type_decl_list& types,
@ -791,7 +792,7 @@ public:
void DescribeReST(ODesc* d, bool roles_only = false) const override; void DescribeReST(ODesc* d, bool roles_only = false) const override;
const EnumValPtr& GetVal(bro_int_t i); const zeek::EnumValPtr& GetVal(bro_int_t i);
protected: protected:
void AddNameInternal(const std::string& module_name, void AddNameInternal(const std::string& module_name,
@ -804,7 +805,7 @@ protected:
typedef std::map<std::string, bro_int_t> NameMap; typedef std::map<std::string, bro_int_t> NameMap;
NameMap names; NameMap names;
using ValMap = std::unordered_map<bro_int_t, EnumValPtr>; using ValMap = std::unordered_map<bro_int_t, zeek::EnumValPtr>;
ValMap vals; ValMap vals;
// The counter is initialized to 0 and incremented on every implicit // The counter is initialized to 0 and incremented on every implicit

608
src/Val.cc
View file

File diff suppressed because it is too large Load diff

49
src/Val.h
View file

@ -26,6 +26,7 @@
#define ICMP_PORT_MASK 0x30000 #define ICMP_PORT_MASK 0x30000
template<typename T> class PDict; template<typename T> class PDict;
class IterCookie; class IterCookie;
class BroString; class BroString;
@ -33,6 +34,18 @@ class BroFunc;
class Func; class Func;
class BroFile; class BroFile;
class PrefixTable; class PrefixTable;
class IPAddr;
class IPPrefix;
class StateAccess;
class RE_Matcher;
class CompositeHash;
class HashKey;
class Frame;
extern double bro_start_network_time;
namespace zeek {
using BroFilePtr = zeek::IntrusivePtr<BroFile>; using BroFilePtr = zeek::IntrusivePtr<BroFile>;
using FuncPtr = zeek::IntrusivePtr<Func>; using FuncPtr = zeek::IntrusivePtr<Func>;
@ -62,13 +75,6 @@ using TableValPtr = zeek::IntrusivePtr<TableVal>;
using ValPtr = zeek::IntrusivePtr<Val>; using ValPtr = zeek::IntrusivePtr<Val>;
using VectorValPtr = zeek::IntrusivePtr<VectorVal>; using VectorValPtr = zeek::IntrusivePtr<VectorVal>;
class IPAddr;
class IPPrefix;
class StateAccess;
class RE_Matcher;
union BroValUnion { union BroValUnion {
// Used for bool, int, enum. // Used for bool, int, enum.
bro_int_t int_val; bro_int_t int_val;
@ -712,8 +718,6 @@ protected:
zeek::TypeTag tag; zeek::TypeTag tag;
}; };
extern double bro_start_network_time;
class TableEntryVal { class TableEntryVal {
public: public:
explicit TableEntryVal(ValPtr v) explicit TableEntryVal(ValPtr v)
@ -761,10 +765,6 @@ protected:
TableVal* table; TableVal* table;
}; };
class CompositeHash;
class HashKey;
class Frame;
class TableVal final : public Val, public notifier::Modifiable { class TableVal final : public Val, public notifier::Modifiable {
public: public:
explicit TableVal(zeek::TableTypePtr t, zeek::detail::AttributesPtr attrs = nullptr); explicit TableVal(zeek::TableTypePtr t, zeek::detail::AttributesPtr attrs = nullptr);
@ -1400,3 +1400,26 @@ extern bool can_cast_value_to_type(const Val* v, zeek::Type* t);
// However, even this function returns true, casting may still fail for a // However, even this function returns true, casting may still fail for a
// specific instance later. // specific instance later.
extern bool can_cast_value_to_type(const zeek::Type* s, zeek::Type* t); extern bool can_cast_value_to_type(const zeek::Type* s, zeek::Type* t);
}
using Val [[deprecated("Remove in v4.1. Use zeek::Val instead.")]] = zeek::Val;
using PortVal [[deprecated("Remove in v4.1. Use zeek::PortVal instead.")]] = zeek::PortVal;
using AddrVal [[deprecated("Remove in v4.1. Use zeek::AddrVal instead.")]] = zeek::AddrVal;
using SubNetVal [[deprecated("Remove in v4.1. Use zeek::SubNetVal instead.")]] = zeek::SubNetVal;
using PatternVal [[deprecated("Remove in v4.1. Use zeek::PatternVal instead.")]] = zeek::PatternVal;
using TableVal [[deprecated("Remove in v4.1. Use zeek::TableVal instead.")]] = zeek::TableVal;
using TableValTimer [[deprecated("Remove in v4.1. Use zeek::TableVal instead.")]] = zeek::TableValTimer;
using RecordVal [[deprecated("Remove in v4.1. Use zeek::RecordVal instead.")]] = zeek::RecordVal;
using ListVal [[deprecated("Remove in v4.1. Use zeek::ListVal instead.")]] = zeek::ListVal;
using StringVal [[deprecated("Remove in v4.1. Use zeek::StringVal instead.")]] = zeek::StringVal;
using EnumVal [[deprecated("Remove in v4.1. Use zeek::EnumVal instead.")]] = zeek::EnumVal;
using VectorVal [[deprecated("Remove in v4.1. Use zeek::VectorVal instead.")]] = zeek::VectorVal;
using TableEntryVal [[deprecated("Remove in v4.1. Use zeek::TableEntryVal instead.")]] = zeek::TableEntryVal;
using TimeVal [[deprecated("Remove in v4.1. Use zeek::TimeVal instead.")]] = zeek::TimeVal;
using DoubleVal [[deprecated("Remove in v4.1. Use zeek::DoubleVal instead.")]] = zeek::DoubleVal;
using IntervalVal [[deprecated("Remove in v4.1. Use zeek::IntervalVal instead.")]] = zeek::IntervalVal;
using ValManager [[deprecated("Remove in v4.1. Use zeek::ValManager instead.")]] = zeek::ValManager;
// Alias for zeek::val_mgr.
extern zeek::ValManager*& val_mgr;

40
src/Var.cc
View file

@ -19,9 +19,9 @@
using namespace zeek::detail; using namespace zeek::detail;
static ValPtr init_val(zeek::detail::Expr* init, static zeek::ValPtr init_val(zeek::detail::Expr* init,
const zeek::Type* t, const zeek::Type* t,
ValPtr aggr) zeek::ValPtr aggr)
{ {
try try
{ {
@ -244,11 +244,11 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t,
else if ( dt != VAR_REDEF || init || ! attr ) else if ( dt != VAR_REDEF || init || ! attr )
{ {
ValPtr aggr; zeek::ValPtr aggr;
if ( t->Tag() == zeek::TYPE_RECORD ) if ( t->Tag() == zeek::TYPE_RECORD )
{ {
aggr = zeek::make_intrusive<RecordVal>(zeek::cast_intrusive<zeek::RecordType>(t)); aggr = zeek::make_intrusive<zeek::RecordVal>(zeek::cast_intrusive<zeek::RecordType>(t));
if ( init && t ) if ( init && t )
// Have an initialization and type is not deduced. // Have an initialization and type is not deduced.
@ -258,13 +258,13 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t,
} }
else if ( t->Tag() == zeek::TYPE_TABLE ) else if ( t->Tag() == zeek::TYPE_TABLE )
aggr = zeek::make_intrusive<TableVal>(zeek::cast_intrusive<zeek::TableType>(t), aggr = zeek::make_intrusive<zeek::TableVal>(zeek::cast_intrusive<zeek::TableType>(t),
id->GetAttrs()); id->GetAttrs());
else if ( t->Tag() == zeek::TYPE_VECTOR ) else if ( t->Tag() == zeek::TYPE_VECTOR )
aggr = zeek::make_intrusive<VectorVal>(zeek::cast_intrusive<zeek::VectorType>(t)); aggr = zeek::make_intrusive<zeek::VectorVal>(zeek::cast_intrusive<zeek::VectorType>(t));
ValPtr v; zeek::ValPtr v;
if ( init ) if ( init )
{ {
@ -308,7 +308,7 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t,
// defined. // defined.
std::vector<zeek::detail::IDPtr> inits; std::vector<zeek::detail::IDPtr> inits;
auto f = zeek::make_intrusive<BroFunc>(id, nullptr, inits, 0, 0); auto f = zeek::make_intrusive<BroFunc>(id, nullptr, inits, 0, 0);
id->SetVal(zeek::make_intrusive<Val>(std::move(f))); id->SetVal(zeek::make_intrusive<zeek::Val>(std::move(f)));
} }
} }
@ -358,7 +358,7 @@ zeek::detail::StmtPtr add_local(
extern zeek::detail::ExprPtr add_and_assign_local( extern zeek::detail::ExprPtr add_and_assign_local(
zeek::detail::IDPtr id, zeek::detail::IDPtr id,
zeek::detail::ExprPtr init, zeek::detail::ExprPtr init,
ValPtr val) zeek::ValPtr val)
{ {
make_var(id, nullptr, zeek::detail::INIT_FULL, init, nullptr, VAR_REGULAR, false); make_var(id, nullptr, zeek::detail::INIT_FULL, init, nullptr, VAR_REGULAR, false);
auto name_expr = zeek::make_intrusive<zeek::detail::NameExpr>(std::move(id)); auto name_expr = zeek::make_intrusive<zeek::detail::NameExpr>(std::move(id));
@ -661,7 +661,7 @@ void end_func(zeek::detail::StmtPtr body)
ingredients->frame_size, ingredients->frame_size,
ingredients->priority); ingredients->priority);
ingredients->id->SetVal(zeek::make_intrusive<Val>(std::move(f))); ingredients->id->SetVal(zeek::make_intrusive<zeek::Val>(std::move(f)));
ingredients->id->SetConst(); ingredients->id->SetConst();
} }
@ -672,7 +672,7 @@ void end_func(zeek::detail::StmtPtr body)
ingredients.release(); ingredients.release();
} }
Val* internal_val(const char* name) zeek::Val* internal_val(const char* name)
{ {
return zeek::id::find_val(name).get(); return zeek::id::find_val(name).get();
} }
@ -697,12 +697,12 @@ id_list gather_outer_ids(Scope* scope, zeek::detail::Stmt* body)
return idl; return idl;
} }
Val* internal_const_val(const char* name) zeek::Val* internal_const_val(const char* name)
{ {
return zeek::id::find_const(name).get(); return zeek::id::find_const(name).get();
} }
Val* opt_internal_val(const char* name) zeek::Val* opt_internal_val(const char* name)
{ {
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME); const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
return id ? id->GetVal().get() : nullptr; return id ? id->GetVal().get() : nullptr;
@ -732,7 +732,7 @@ bro_uint_t opt_internal_unsigned(const char* name)
return v ? v->InternalUnsigned() : 0; return v ? v->InternalUnsigned() : 0;
} }
StringVal* opt_internal_string(const char* name) zeek::StringVal* opt_internal_string(const char* name)
{ {
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME); const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id ) return nullptr; if ( ! id ) return nullptr;
@ -740,7 +740,7 @@ StringVal* opt_internal_string(const char* name)
return v ? v->AsStringVal() : nullptr; return v ? v->AsStringVal() : nullptr;
} }
TableVal* opt_internal_table(const char* name) zeek::TableVal* opt_internal_table(const char* name)
{ {
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME); const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id ) return nullptr; if ( ! id ) return nullptr;
@ -748,22 +748,22 @@ TableVal* opt_internal_table(const char* name)
return v ? v->AsTableVal() : nullptr; return v ? v->AsTableVal() : nullptr;
} }
ListVal* internal_list_val(const char* name) zeek::ListVal* internal_list_val(const char* name)
{ {
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME); const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id ) if ( ! id )
return nullptr; return nullptr;
Val* v = id->GetVal().get(); zeek::Val* v = id->GetVal().get();
if ( v ) if ( v )
{ {
if ( v->GetType()->Tag() == zeek::TYPE_LIST ) if ( v->GetType()->Tag() == zeek::TYPE_LIST )
return (ListVal*) v; return (zeek::ListVal*) v;
else if ( v->GetType()->IsSet() ) else if ( v->GetType()->IsSet() )
{ {
TableVal* tv = v->AsTableVal(); zeek::TableVal* tv = v->AsTableVal();
auto lv = tv->ToPureListVal(); auto lv = tv->ToPureListVal();
return lv.release(); return lv.release();
} }

20
src/Var.h
View file

@ -8,10 +8,10 @@
class Scope; class Scope;
class EventHandlerPtr; class EventHandlerPtr;
class StringVal;
class TableVal;
class ListVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(FuncType, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(FuncType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
@ -40,7 +40,7 @@ extern zeek::detail::StmtPtr add_local(
extern zeek::detail::ExprPtr add_and_assign_local( extern zeek::detail::ExprPtr add_and_assign_local(
zeek::detail::IDPtr id, zeek::detail::IDPtr id,
zeek::detail::ExprPtr init, zeek::detail::ExprPtr init,
ValPtr val = nullptr); zeek::ValPtr val = nullptr);
extern void add_type(zeek::detail::ID* id, zeek::TypePtr t, extern void add_type(zeek::detail::ID* id, zeek::TypePtr t,
std::unique_ptr<std::vector<zeek::detail::AttrPtr>> attr); std::unique_ptr<std::vector<zeek::detail::AttrPtr>> attr);
@ -56,13 +56,13 @@ extern void end_func(zeek::detail::StmtPtr body);
extern id_list gather_outer_ids(Scope* scope, zeek::detail::Stmt* body); extern id_list gather_outer_ids(Scope* scope, zeek::detail::Stmt* body);
[[deprecated("Remove in v4.1. Use zeek::id::find_val().")]] [[deprecated("Remove in v4.1. Use zeek::id::find_val().")]]
extern Val* internal_val(const char* name); extern zeek::Val* internal_val(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find_const().")]] [[deprecated("Remove in v4.1. Use zeek::id::find_const().")]]
extern Val* internal_const_val(const char* name); // internal error if not const extern zeek::Val* internal_const_val(const char* name); // internal error if not const
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]] [[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern Val* opt_internal_val(const char* name); // returns nil if not defined extern zeek::Val* opt_internal_val(const char* name); // returns nil if not defined
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]] [[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern double opt_internal_double(const char* name); extern double opt_internal_double(const char* name);
@ -74,13 +74,13 @@ extern bro_int_t opt_internal_int(const char* name);
extern bro_uint_t opt_internal_unsigned(const char* name); extern bro_uint_t opt_internal_unsigned(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]] [[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern StringVal* opt_internal_string(const char* name); extern zeek::StringVal* opt_internal_string(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]] [[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern TableVal* opt_internal_table(const char* name); // nil if not defined extern zeek::TableVal* opt_internal_table(const char* name); // nil if not defined
[[deprecated("Remove in v4.1. Use zeek::id::find(), zeek::id::find_val(), and/or TableVal::ToPureListVal().")]] [[deprecated("Remove in v4.1. Use zeek::id::find(), zeek::id::find_val(), and/or TableVal::ToPureListVal().")]]
extern ListVal* internal_list_val(const char* name); extern zeek::ListVal* internal_list_val(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find_type().")]] [[deprecated("Remove in v4.1. Use zeek::id::find_type().")]]
extern zeek::Type* internal_type(const char* name); extern zeek::Type* internal_type(const char* name);

4
src/ZeekArgs.h
View file

@ -5,12 +5,12 @@
#include <vector> #include <vector>
#include "BroList.h" #include "BroList.h"
class Val; ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace zeek { namespace zeek {
template <class T> class IntrusivePtr; template <class T> class IntrusivePtr;
using Args = std::vector<zeek::IntrusivePtr<Val>>; using Args = std::vector<zeek::IntrusivePtr<zeek::Val>>;
/** /**
* Converts a legacy-style argument list for use in modern Zeek function * Converts a legacy-style argument list for use in modern Zeek function

20
src/analyzer/Analyzer.cc
View file

@ -710,18 +710,18 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
if ( ! protocol_violation ) if ( ! protocol_violation )
return; return;
StringValPtr r; zeek::StringValPtr r;
if ( data && len ) if ( data && len )
{ {
const char *tmp = copy_string(reason); const char *tmp = copy_string(reason);
r = zeek::make_intrusive<StringVal>(fmt("%s [%s%s]", tmp, r = zeek::make_intrusive<zeek::StringVal>(fmt("%s [%s%s]", tmp,
fmt_bytes(data, min(40, len)), fmt_bytes(data, min(40, len)),
len > 40 ? "..." : "")); len > 40 ? "..." : ""));
delete [] tmp; delete [] tmp;
} }
else else
r = zeek::make_intrusive<StringVal>(reason); r = zeek::make_intrusive<zeek::StringVal>(reason);
const auto& tval = tag.AsVal(); const auto& tval = tag.AsVal();
mgr.Enqueue(protocol_violation, ConnVal(), tval, val_mgr->Count(id), std::move(r)); mgr.Enqueue(protocol_violation, ConnVal(), tval, val_mgr->Count(id), std::move(r));
@ -783,18 +783,18 @@ unsigned int Analyzer::MemoryAllocation() const
return mem; return mem;
} }
void Analyzer::UpdateConnVal(RecordVal *conn_val) void Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
{ {
LOOP_OVER_CHILDREN(i) LOOP_OVER_CHILDREN(i)
(*i)->UpdateConnVal(conn_val); (*i)->UpdateConnVal(conn_val);
} }
RecordVal* Analyzer::BuildConnVal() zeek::RecordVal* Analyzer::BuildConnVal()
{ {
return conn->ConnVal()->Ref()->AsRecordVal(); return conn->ConnVal()->Ref()->AsRecordVal();
} }
const RecordValPtr& Analyzer::ConnVal() const zeek::RecordValPtr& Analyzer::ConnVal()
{ {
return conn->ConnVal(); return conn->ConnVal();
} }
@ -804,7 +804,7 @@ void Analyzer::Event(EventHandlerPtr f, const char* name)
conn->Event(f, this, name); conn->Event(f, this, name);
} }
void Analyzer::Event(EventHandlerPtr f, Val* v1, Val* v2) void Analyzer::Event(EventHandlerPtr f, zeek::Val* v1, zeek::Val* v2)
{ {
zeek::IntrusivePtr val1{zeek::AdoptRef{}, v1}; zeek::IntrusivePtr val1{zeek::AdoptRef{}, v1};
zeek::IntrusivePtr val2{zeek::AdoptRef{}, v2}; zeek::IntrusivePtr val2{zeek::AdoptRef{}, v2};
@ -942,7 +942,7 @@ void TransportLayerAnalyzer::PacketContents(const u_char* data, int len)
if ( packet_contents && len > 0 ) if ( packet_contents && len > 0 )
{ {
BroString* cbs = new BroString(data, len, true); BroString* cbs = new BroString(data, len, true);
auto contents = zeek::make_intrusive<StringVal>(cbs); auto contents = zeek::make_intrusive<zeek::StringVal>(cbs);
EnqueueConnEvent(packet_contents, ConnVal(), std::move(contents)); EnqueueConnEvent(packet_contents, ConnVal(), std::move(contents));
} }
} }

18
src/analyzer/Analyzer.h
View file

@ -23,6 +23,10 @@ class Rule;
class Connection; class Connection;
class IP_Hdr; class IP_Hdr;
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
}
namespace analyzer { namespace analyzer {
namespace tcp { class TCP_ApplicationAnalyzer; } namespace tcp { class TCP_ApplicationAnalyzer; }
@ -37,8 +41,6 @@ using analyzer_list = std::list<Analyzer*>;
typedef uint32_t ID; typedef uint32_t ID;
typedef void (Analyzer::*analyzer_timer_func)(double t); typedef void (Analyzer::*analyzer_timer_func)(double t);
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
/** /**
* Class to receive processed output from an anlyzer. * Class to receive processed output from an anlyzer.
*/ */
@ -547,20 +549,20 @@ public:
* *
* @param conn_val The connenction value being updated. * @param conn_val The connenction value being updated.
*/ */
virtual void UpdateConnVal(RecordVal *conn_val); virtual void UpdateConnVal(zeek::RecordVal *conn_val);
/** /**
* Convenience function that forwards directly to * Convenience function that forwards directly to
* Connection::BuildConnVal(). * Connection::BuildConnVal().
*/ */
[[deprecated("Remove in v4.1. Use ConnVal() instead.")]] [[deprecated("Remove in v4.1. Use ConnVal() instead.")]]
RecordVal* BuildConnVal(); zeek::RecordVal* BuildConnVal();
/** /**
* Convenience function that forwards directly to * Convenience function that forwards directly to
* Connection::ConnVal(). * Connection::ConnVal().
*/ */
const RecordValPtr& ConnVal(); const zeek::RecordValPtr& ConnVal();
/** /**
* Convenience function that forwards directly to the corresponding * Convenience function that forwards directly to the corresponding
@ -573,7 +575,7 @@ public:
* Connection::Event(). * Connection::Event().
*/ */
[[deprecated("Remove in v4.1. Use EnqueueConnEvent() instead (note it doesn't automatically ad the connection argument).")]] [[deprecated("Remove in v4.1. Use EnqueueConnEvent() instead (note it doesn't automatically ad the connection argument).")]]
void Event(EventHandlerPtr f, Val* v1, Val* v2 = nullptr); void Event(EventHandlerPtr f, zeek::Val* v1, zeek::Val* v2 = nullptr);
/** /**
* Convenience function that forwards directly to * Convenience function that forwards directly to
@ -607,8 +609,8 @@ public:
*/ */
template <class... Args> template <class... Args>
std::enable_if_t< std::enable_if_t<
std::is_convertible_v< std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>> std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
EnqueueConnEvent(EventHandlerPtr h, Args&&... args) EnqueueConnEvent(EventHandlerPtr h, Args&&... args)
{ return EnqueueConnEvent(h, zeek::Args{std::forward<Args>(args)...}); } { return EnqueueConnEvent(h, zeek::Args{std::forward<Args>(args)...}); }

26
src/analyzer/Manager.cc
View file

@ -154,7 +154,7 @@ bool Manager::EnableAnalyzer(const Tag& tag)
return true; return true;
} }
bool Manager::EnableAnalyzer(EnumVal* val) bool Manager::EnableAnalyzer(zeek::EnumVal* val)
{ {
Component* p = Lookup(val); Component* p = Lookup(val);
@ -180,7 +180,7 @@ bool Manager::DisableAnalyzer(const Tag& tag)
return true; return true;
} }
bool Manager::DisableAnalyzer(EnumVal* val) bool Manager::DisableAnalyzer(zeek::EnumVal* val)
{ {
Component* p = Lookup(val); Component* p = Lookup(val);
@ -220,7 +220,7 @@ bool Manager::IsEnabled(const Tag& tag)
return p->Enabled(); return p->Enabled();
} }
bool Manager::IsEnabled(EnumVal* val) bool Manager::IsEnabled(zeek::EnumVal* val)
{ {
Component* p = Lookup(val); Component* p = Lookup(val);
@ -231,7 +231,7 @@ bool Manager::IsEnabled(EnumVal* val)
} }
bool Manager::RegisterAnalyzerForPort(EnumVal* val, PortVal* port) bool Manager::RegisterAnalyzerForPort(zeek::EnumVal* val, zeek::PortVal* port)
{ {
Component* p = Lookup(val); Component* p = Lookup(val);
@ -241,7 +241,7 @@ bool Manager::RegisterAnalyzerForPort(EnumVal* val, PortVal* port)
return RegisterAnalyzerForPort(p->Tag(), port->PortType(), port->Port()); return RegisterAnalyzerForPort(p->Tag(), port->PortType(), port->Port());
} }
bool Manager::UnregisterAnalyzerForPort(EnumVal* val, PortVal* port) bool Manager::UnregisterAnalyzerForPort(zeek::EnumVal* val, zeek::PortVal* port)
{ {
Component* p = Lookup(val); Component* p = Lookup(val);
@ -353,7 +353,7 @@ Manager::tag_set* Manager::LookupPort(TransportProto proto, uint32_t port, bool
return l; return l;
} }
Manager::tag_set* Manager::LookupPort(PortVal* val, bool add_if_not_found) Manager::tag_set* Manager::LookupPort(zeek::PortVal* val, bool add_if_not_found)
{ {
return LookupPort(val->PortType(), val->Port(), add_if_not_found); return LookupPort(val->PortType(), val->Port(), add_if_not_found);
} }
@ -438,8 +438,8 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
if ( tcp_contents && ! reass ) if ( tcp_contents && ! reass )
{ {
static auto tcp_content_delivery_ports_orig = zeek::id::find_val<TableVal>("tcp_content_delivery_ports_orig"); static auto tcp_content_delivery_ports_orig = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::find_val<TableVal>("tcp_content_delivery_ports_resp"); static auto tcp_content_delivery_ports_resp = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_resp");
const auto& dport = val_mgr->Port(ntohs(conn->RespPort()), TRANSPORT_TCP); const auto& dport = val_mgr->Port(ntohs(conn->RespPort()), TRANSPORT_TCP);
if ( ! reass ) if ( ! reass )
@ -462,8 +462,8 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
uint16_t resp_port = ntohs(conn->RespPort()); uint16_t resp_port = ntohs(conn->RespPort());
if ( resp_port == 22 || resp_port == 23 || resp_port == 513 ) if ( resp_port == 22 || resp_port == 23 || resp_port == 513 )
{ {
static auto stp_skip_src = zeek::id::find_val<TableVal>("stp_skip_src"); static auto stp_skip_src = zeek::id::find_val<zeek::TableVal>("stp_skip_src");
auto src = zeek::make_intrusive<AddrVal>(conn->OrigAddr()); auto src = zeek::make_intrusive<zeek::AddrVal>(conn->OrigAddr());
if ( ! stp_skip_src->FindOrDefault(src) ) if ( ! stp_skip_src->FindOrDefault(src) )
tcp->AddChildAnalyzer(new stepping_stone::SteppingStone_Analyzer(conn), false); tcp->AddChildAnalyzer(new stepping_stone::SteppingStone_Analyzer(conn), false);
@ -573,10 +573,10 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp,
ScheduleAnalyzer(orig, resp, resp_p, proto, tag, timeout); ScheduleAnalyzer(orig, resp, resp_p, proto, tag, timeout);
} }
void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal* resp_p, void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, zeek::PortVal* resp_p,
Val* analyzer, double timeout) zeek::Val* analyzer, double timeout)
{ {
EnumValPtr ev{zeek::NewRef{}, analyzer->AsEnumVal()}; zeek::EnumValPtr ev{zeek::NewRef{}, analyzer->AsEnumVal()};
return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(), return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(),
Tag(std::move(ev)), timeout); Tag(std::move(ev)), timeout);
} }

25
src/analyzer/Manager.h
View file

@ -101,7 +101,7 @@ public:
* *
* @return True if successful. * @return True if successful.
*/ */
bool EnableAnalyzer(EnumVal* tag); bool EnableAnalyzer(zeek::EnumVal* tag);
/** /**
* Enables an analyzer type. Disabled analyzers will not be * Enables an analyzer type. Disabled analyzers will not be
@ -122,7 +122,7 @@ public:
* *
* @return True if successful. * @return True if successful.
*/ */
bool DisableAnalyzer(EnumVal* tag); bool DisableAnalyzer(zeek::EnumVal* tag);
/** /**
* Disables all currently registered analyzers. * Disables all currently registered analyzers.
@ -150,7 +150,7 @@ public:
* @param tag The analyzer's tag as an enum of script type \c * @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag. * Analyzer::Tag.
*/ */
bool IsEnabled(EnumVal* tag); bool IsEnabled(zeek::EnumVal* tag);
/** /**
* Registers a well-known port for an analyzer. Once registered, * Registers a well-known port for an analyzer. Once registered,
@ -164,7 +164,7 @@ public:
* *
* @return True if successful. * @return True if successful.
*/ */
bool RegisterAnalyzerForPort(EnumVal* tag, PortVal* port); bool RegisterAnalyzerForPort(zeek::EnumVal* tag, zeek::PortVal* port);
/** /**
* Registers a well-known port for an analyzer. Once registered, * Registers a well-known port for an analyzer. Once registered,
@ -193,7 +193,7 @@ public:
* registered for the analyzer). * registered for the analyzer).
* *
*/ */
bool UnregisterAnalyzerForPort(EnumVal* tag, PortVal* port); bool UnregisterAnalyzerForPort(zeek::EnumVal* tag, zeek::PortVal* port);
/** /**
* Unregisters a well-known port for an anlyzers. * Unregisters a well-known port for an anlyzers.
@ -269,7 +269,7 @@ public:
* schedule this analyzer. Must be non-zero. * schedule this analyzer. Must be non-zero.
*/ */
void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p, void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
TransportProto proto, const Tag& analyzer, double timeout); TransportProto proto, const Tag& analyzer, double timeout);
/** /**
* Schedules a particular analyzer for an upcoming connection. Once * Schedules a particular analyzer for an upcoming connection. Once
@ -293,8 +293,8 @@ public:
* schedule this analyzer. Must be non-zero. * schedule this analyzer. Must be non-zero.
*/ */
void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p, void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, uint16_t resp_p,
TransportProto proto, const char* analyzer, TransportProto proto, const char* analyzer,
double timeout); double timeout);
/** /**
* Searched for analyzers scheduled to be attached to a given connection * Searched for analyzers scheduled to be attached to a given connection
@ -311,7 +311,8 @@ public:
* *
* @return True if at least one scheduled analyzer was found. * @return True if at least one scheduled analyzer was found.
*/ */
bool ApplyScheduledAnalyzers(Connection* conn, bool init_and_event = true, TransportLayerAnalyzer* parent = nullptr); bool ApplyScheduledAnalyzers(Connection* conn, bool init_and_event = true,
TransportLayerAnalyzer* parent = nullptr);
/** /**
* Schedules a particular analyzer for an upcoming connection. Once * Schedules a particular analyzer for an upcoming connection. Once
@ -332,8 +333,8 @@ public:
* @param timeout An interval after which to timeout the request to * @param timeout An interval after which to timeout the request to
* schedule this analyzer. Must be non-zero. * schedule this analyzer. Must be non-zero.
*/ */
void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal* resp_p, void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, zeek::PortVal* resp_p,
Val* analyzer, double timeout); zeek::Val* analyzer, double timeout);
/** /**
* @return the UDP port numbers to be associated with VXLAN traffic. * @return the UDP port numbers to be associated with VXLAN traffic.
@ -346,7 +347,7 @@ private:
using tag_set = std::set<Tag>; using tag_set = std::set<Tag>;
using analyzer_map_by_port = std::map<uint32_t, tag_set*>; using analyzer_map_by_port = std::map<uint32_t, tag_set*>;
tag_set* LookupPort(PortVal* val, bool add_if_not_found); tag_set* LookupPort(zeek::PortVal* val, bool add_if_not_found);
tag_set* LookupPort(TransportProto proto, uint32_t port, bool add_if_not_found); tag_set* LookupPort(TransportProto proto, uint32_t port, bool add_if_not_found);
tag_set GetScheduled(const Connection* conn); tag_set GetScheduled(const Connection* conn);

8
src/analyzer/Tag.cc
View file

@ -16,20 +16,20 @@ analyzer::Tag& analyzer::Tag::operator=(const analyzer::Tag& other)
return *this; return *this;
} }
const EnumValPtr& analyzer::Tag::AsVal() const const zeek::EnumValPtr& analyzer::Tag::AsVal() const
{ {
return ::Tag::AsVal(analyzer_mgr->GetTagType()); return ::Tag::AsVal(analyzer_mgr->GetTagType());
} }
EnumVal* analyzer::Tag::AsEnumVal() const zeek::EnumVal* analyzer::Tag::AsEnumVal() const
{ {
return AsVal().get(); return AsVal().get();
} }
analyzer::Tag::Tag(EnumValPtr val) analyzer::Tag::Tag(zeek::EnumValPtr val)
: ::Tag(std::move(val)) : ::Tag(std::move(val))
{ } { }
analyzer::Tag::Tag(EnumVal* val) analyzer::Tag::Tag(zeek::EnumVal* val)
: ::Tag({zeek::NewRef{}, val}) : ::Tag({zeek::NewRef{}, val})
{ } { }

11
src/analyzer/Tag.h
View file

@ -1,3 +1,4 @@
// See the file "COPYING" in the main distribution directory for copyright. // See the file "COPYING" in the main distribution directory for copyright.
#pragma once #pragma once
@ -5,7 +6,7 @@
#include "zeek-config.h" #include "zeek-config.h"
#include "../Tag.h" #include "../Tag.h"
class EnumVal; ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek);
namespace zeek::plugin { namespace zeek::plugin {
template <class T> class TaggedComponent; template <class T> class TaggedComponent;
@ -89,10 +90,10 @@ public:
* *
* @param etype the script-layer enum type associated with the tag. * @param etype the script-layer enum type associated with the tag.
*/ */
const EnumValPtr& AsVal() const; const zeek::EnumValPtr& AsVal() const;
[[deprecated("Remove in v4.1. Use AsVal() instead.")]] [[deprecated("Remove in v4.1. Use AsVal() instead.")]]
EnumVal* AsEnumVal() const; zeek::EnumVal* AsEnumVal() const;
static const Tag Error; static const Tag Error;
@ -118,10 +119,10 @@ protected:
* *
* @param val An enum value of script type \c Analyzer::Tag. * @param val An enum value of script type \c Analyzer::Tag.
*/ */
explicit Tag(EnumValPtr val); explicit Tag(zeek::EnumValPtr val);
[[deprecated("Remove in v4.1. Construct from IntrusivePtr instead")]] [[deprecated("Remove in v4.1. Construct from IntrusivePtr instead")]]
explicit Tag(EnumVal* val); explicit Tag(zeek::EnumVal* val);
}; };
} }

2
src/analyzer/analyzer.bif
View file

@ -42,7 +42,7 @@ function Analyzer::__schedule_analyzer%(orig: addr, resp: addr, resp_p: port,
function __name%(atype: Analyzer::Tag%) : string function __name%(atype: Analyzer::Tag%) : string
%{ %{
const auto& n = analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()}); const auto& n = analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()});
return zeek::make_intrusive<StringVal>(n); return zeek::make_intrusive<zeek::StringVal>(n);
%} %}
function __tag%(name: string%) : Analyzer::Tag function __tag%(name: string%) : Analyzer::Tag

14
src/analyzer/protocol/arp/ARP.cc
View file

@ -196,7 +196,7 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg)
ToEthAddrStr((const u_char*) ar_sha(hdr)), ToEthAddrStr((const u_char*) ar_sha(hdr)),
ToAddrVal(ar_tpa(hdr)), ToAddrVal(ar_tpa(hdr)),
ToEthAddrStr((const u_char*) ar_tha(hdr)), ToEthAddrStr((const u_char*) ar_tha(hdr)),
zeek::make_intrusive<StringVal>(msg) zeek::make_intrusive<zeek::StringVal>(msg)
); );
} }
@ -223,22 +223,22 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e,
); );
} }
AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr) zeek::AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr)
{ return ToAddrVal(addr).release(); } { return ToAddrVal(addr).release(); }
AddrValPtr ARP_Analyzer::ToAddrVal(const void* addr) zeek::AddrValPtr ARP_Analyzer::ToAddrVal(const void* addr)
{ {
// ### For now, we only handle IPv4 addresses. // ### For now, we only handle IPv4 addresses.
return zeek::make_intrusive<AddrVal>(*(const uint32_t*) addr); return zeek::make_intrusive<zeek::AddrVal>(*(const uint32_t*) addr);
} }
StringVal* ARP_Analyzer::EthAddrToStr(const u_char* addr) zeek::StringVal* ARP_Analyzer::EthAddrToStr(const u_char* addr)
{ return ToEthAddrStr(addr).release(); } { return ToEthAddrStr(addr).release(); }
StringValPtr ARP_Analyzer::ToEthAddrStr(const u_char* addr) zeek::StringValPtr ARP_Analyzer::ToEthAddrStr(const u_char* addr)
{ {
char buf[1024]; char buf[1024];
snprintf(buf, sizeof(buf), "%02x:%02x:%02x:%02x:%02x:%02x", snprintf(buf, sizeof(buf), "%02x:%02x:%02x:%02x:%02x:%02x",
addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]); addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
return zeek::make_intrusive<StringVal>(buf); return zeek::make_intrusive<zeek::StringVal>(buf);
} }

8
src/analyzer/protocol/arp/ARP.h
View file

@ -47,12 +47,12 @@ public:
protected: protected:
[[deprecated("Remove in v4.1. Use ToAddrVal().")]] [[deprecated("Remove in v4.1. Use ToAddrVal().")]]
AddrVal* ConstructAddrVal(const void* addr); zeek::AddrVal* ConstructAddrVal(const void* addr);
[[deprecated("Remove in v4.1. Use ToEthAddrStr().")]] [[deprecated("Remove in v4.1. Use ToEthAddrStr().")]]
StringVal* EthAddrToStr(const u_char* addr); zeek::StringVal* EthAddrToStr(const u_char* addr);
AddrValPtr ToAddrVal(const void* addr); zeek::AddrValPtr ToAddrVal(const void* addr);
StringValPtr ToEthAddrStr(const u_char* addr); zeek::StringValPtr ToEthAddrStr(const u_char* addr);
void BadARP(const struct arp_pkthdr* hdr, const char* string); void BadARP(const struct arp_pkthdr* hdr, const char* string);
void Corrupted(const char* string); void Corrupted(const char* string);
}; };

28
src/analyzer/protocol/asn1/asn1.pac
View file

@ -3,12 +3,12 @@
%} %}
%header{ %header{
ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t); zeek::ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t);
ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t); zeek::ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t);
StringValPtr asn1_oid_to_val(const ASN1Encoding* oid); zeek::StringValPtr asn1_oid_to_val(const ASN1Encoding* oid);
StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid); zeek::StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid);
StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s); zeek::StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s);
StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s); zeek::StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s);
%} %}
############################## ASN.1 Encodings ############################## ASN.1 Encodings
@ -102,12 +102,12 @@ function binary_to_int64(bs: bytestring): int64
%code{ %code{
ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t) zeek::ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t)
{ {
return asn1_integer_to_val(i->encoding(), t); return asn1_integer_to_val(i->encoding(), t);
} }
ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t) zeek::ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t)
{ {
auto v = binary_to_int64(i->content()); auto v = binary_to_int64(i->content());
@ -125,12 +125,12 @@ ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t)
} }
} }
StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid) zeek::StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid)
{ {
return asn1_oid_to_val(oid->encoding()); return asn1_oid_to_val(oid->encoding());
} }
StringValPtr asn1_oid_to_val(const ASN1Encoding* oid) zeek::StringValPtr asn1_oid_to_val(const ASN1Encoding* oid)
{ {
vector<uint64> oid_components; vector<uint64> oid_components;
vector<vector<uint8> > subidentifiers; vector<vector<uint8> > subidentifiers;
@ -191,17 +191,17 @@ StringValPtr asn1_oid_to_val(const ASN1Encoding* oid)
} }
} }
return zeek::make_intrusive<StringVal>(rval); return zeek::make_intrusive<zeek::StringVal>(rval);
} }
StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s) zeek::StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s)
{ {
return asn1_octet_string_to_val(s->encoding()); return asn1_octet_string_to_val(s->encoding());
} }
StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s) zeek::StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s)
{ {
bytestring const& bs = s->content(); bytestring const& bs = s->content();
return zeek::make_intrusive<StringVal>(bs.length(), reinterpret_cast<const char*>(bs.data())); return zeek::make_intrusive<zeek::StringVal>(bs.length(), reinterpret_cast<const char*>(bs.data()));
} }
%} %}

7
src/analyzer/protocol/bittorrent/BitTorrent.cc
View file

@ -120,8 +120,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
{ {
if ( bittorrent_peer_weird ) if ( bittorrent_peer_weird )
EnqueueConnEvent(bittorrent_peer_weird, EnqueueConnEvent(bittorrent_peer_weird,
ConnVal(), ConnVal(),
val_mgr->Bool(orig), val_mgr->Bool(orig),
zeek::make_intrusive<StringVal>(msg) zeek::make_intrusive<zeek::StringVal>(msg));
);
} }

38
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -45,7 +45,7 @@ BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c)
req_buf_pos = req_buf; req_buf_pos = req_buf;
req_buf_len = 0; req_buf_len = 0;
req_val_uri = nullptr; req_val_uri = nullptr;
req_val_headers = new TableVal(bt_tracker_headers); req_val_headers = new zeek::TableVal(bt_tracker_headers);
res_state = BTT_RES_STATUS; res_state = BTT_RES_STATUS;
res_allow_blank_line = false; res_allow_blank_line = false;
@ -53,9 +53,9 @@ BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c)
res_buf_pos = res_buf; res_buf_pos = res_buf;
res_buf_len = 0; res_buf_len = 0;
res_status = 0; res_status = 0;
res_val_headers = new TableVal(bt_tracker_headers); res_val_headers = new zeek::TableVal(bt_tracker_headers);
res_val_peers = new TableVal(bittorrent_peer_set); res_val_peers = new zeek::TableVal(bittorrent_peer_set);
res_val_benc = new TableVal(bittorrent_benc_dir); res_val_benc = new zeek::TableVal(bittorrent_benc_dir);
InitBencParser(); InitBencParser();
@ -136,7 +136,7 @@ void BitTorrentTracker_Analyzer::ClientRequest(int len, const u_char* data)
req_buf_len -= (req_buf_pos - req_buf); req_buf_len -= (req_buf_pos - req_buf);
memmove(req_buf, req_buf_pos, req_buf_len); memmove(req_buf, req_buf_pos, req_buf_len);
req_buf_pos = req_buf; req_buf_pos = req_buf;
req_val_headers = new TableVal(bt_tracker_headers); req_val_headers = new zeek::TableVal(bt_tracker_headers);
} }
} }
} }
@ -198,9 +198,9 @@ void BitTorrentTracker_Analyzer::ServerReply(int len, const u_char* data)
res_buf_pos = res_buf; res_buf_pos = res_buf;
res_status = 0; res_status = 0;
res_val_headers = new TableVal(bt_tracker_headers); res_val_headers = new zeek::TableVal(bt_tracker_headers);
res_val_peers = new TableVal(bittorrent_peer_set); res_val_peers = new zeek::TableVal(bittorrent_peer_set);
res_val_benc = new TableVal(bittorrent_benc_dir); res_val_benc = new zeek::TableVal(bittorrent_benc_dir);
InitBencParser(); InitBencParser();
} }
@ -248,7 +248,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig)
EnqueueConnEvent(bt_tracker_weird, EnqueueConnEvent(bt_tracker_weird,
ConnVal(), ConnVal(),
val_mgr->Bool(orig), val_mgr->Bool(orig),
zeek::make_intrusive<StringVal>(msg) zeek::make_intrusive<zeek::StringVal>(msg)
); );
} }
@ -338,7 +338,7 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line)
void BitTorrentTracker_Analyzer::RequestGet(char* uri) void BitTorrentTracker_Analyzer::RequestGet(char* uri)
{ {
req_val_uri = new StringVal(uri); req_val_uri = new zeek::StringVal(uri);
} }
void BitTorrentTracker_Analyzer::EmitRequest(void) void BitTorrentTracker_Analyzer::EmitRequest(void)
@ -456,8 +456,8 @@ void BitTorrentTracker_Analyzer::ParseHeader(char* name, char* value,
} }
#ifdef BTTRACKER_STORE_HEADERS #ifdef BTTRACKER_STORE_HEADERS
StringVal* name_ = new StringVal(name); zeek::StringVal* name_ = new zeek::StringVal(name);
StringVal* value_ = new StringVal(value); zeek::StringVal* value_ = new zeek::StringVal(value);
(is_request ? req_val_headers : res_val_headers)->Assign(name_, value_); (is_request ? req_val_headers : res_val_headers)->Assign(name_, value_);
Unref(name_); Unref(name_);
@ -478,17 +478,17 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
uint32_t ad = extract_uint32((u_char*) value); uint32_t ad = extract_uint32((u_char*) value);
uint16_t pt = ntohs((value[4] << 8) | value[5]); uint16_t pt = ntohs((value[4] << 8) | value[5]);
auto peer = zeek::make_intrusive<RecordVal>(bittorrent_peer); auto peer = zeek::make_intrusive<zeek::RecordVal>(bittorrent_peer);
peer->Assign(0, zeek::make_intrusive<AddrVal>(ad)); peer->Assign(0, zeek::make_intrusive<zeek::AddrVal>(ad));
peer->Assign(1, val_mgr->Port(pt, TRANSPORT_TCP)); peer->Assign(1, val_mgr->Port(pt, TRANSPORT_TCP));
res_val_peers->Assign(std::move(peer), nullptr); res_val_peers->Assign(std::move(peer), nullptr);
} }
} }
else else
{ {
auto name_ = zeek::make_intrusive<StringVal>(name_len, name); auto name_ = zeek::make_intrusive<zeek::StringVal>(name_len, name);
auto benc_value = zeek::make_intrusive<RecordVal>(bittorrent_benc_value); auto benc_value = zeek::make_intrusive<zeek::RecordVal>(bittorrent_benc_value);
benc_value->Assign(type, zeek::make_intrusive<StringVal>(value_len, value)); benc_value->Assign(type, zeek::make_intrusive<zeek::StringVal>(value_len, value));
res_val_benc->Assign(std::move(name_), std::move(benc_value)); res_val_benc->Assign(std::move(name_), std::move(benc_value));
} }
} }
@ -496,8 +496,8 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
enum btt_benc_types type, bro_int_t value) enum btt_benc_types type, bro_int_t value)
{ {
auto benc_value = zeek::make_intrusive<RecordVal>(bittorrent_benc_value); auto benc_value = zeek::make_intrusive<zeek::RecordVal>(bittorrent_benc_value);
auto name_ = zeek::make_intrusive<StringVal>(name_len, name); auto name_ = zeek::make_intrusive<zeek::StringVal>(name_len, name);
benc_value->Assign(type, val_mgr->Int(value)); benc_value->Assign(type, val_mgr->Int(value));
res_val_benc->Assign(std::move(name_), std::move(benc_value)); res_val_benc->Assign(std::move(name_), std::move(benc_value));

12
src/analyzer/protocol/bittorrent/BitTorrentTracker.h
View file

@ -6,7 +6,7 @@
#define BTTRACKER_BUF 2048 #define BTTRACKER_BUF 2048
class StringVal; ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
namespace analyzer { namespace bittorrent { namespace analyzer { namespace bittorrent {
@ -92,8 +92,8 @@ protected:
char req_buf[BTTRACKER_BUF]; char req_buf[BTTRACKER_BUF];
char* req_buf_pos; char* req_buf_pos;
unsigned int req_buf_len; unsigned int req_buf_len;
StringVal* req_val_uri; zeek::StringVal* req_val_uri;
TableVal* req_val_headers; zeek::TableVal* req_val_headers;
// Response. // Response.
enum btt_states res_state; enum btt_states res_state;
@ -102,9 +102,9 @@ protected:
char* res_buf_pos; char* res_buf_pos;
unsigned int res_buf_len; unsigned int res_buf_len;
bro_uint_t res_status; bro_uint_t res_status;
TableVal* res_val_headers; zeek::TableVal* res_val_headers;
TableVal* res_val_peers; zeek::TableVal* res_val_peers;
TableVal* res_val_benc; zeek::TableVal* res_val_benc;
std::vector<char> benc_stack; std::vector<char> benc_stack;
std::vector<unsigned int> benc_count; std::vector<unsigned int> benc_count;

8
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -94,7 +94,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)
{ {
EnqueueConnEvent(conn_duration_threshold_crossed, EnqueueConnEvent(conn_duration_threshold_crossed,
ConnVal(), ConnVal(),
zeek::make_intrusive<IntervalVal>(duration_thresh), zeek::make_intrusive<zeek::IntervalVal>(duration_thresh),
val_mgr->Bool(is_orig) val_mgr->Bool(is_orig)
); );
duration_thresh = 0; duration_thresh = 0;
@ -167,11 +167,11 @@ void ConnSize_Analyzer::SetDurationThreshold(double duration)
CheckThresholds(true); CheckThresholds(true);
} }
void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val) void ConnSize_Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
{ {
// RecordType *connection_type is decleared in NetVar.h // RecordType *connection_type is decleared in NetVar.h
RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal(); zeek::RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal();
RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal(); zeek::RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal();
// endpoint is the RecordType from NetVar.h // endpoint is the RecordType from NetVar.h
int pktidx = zeek::id::endpoint->FieldOffset("num_pkts"); int pktidx = zeek::id::endpoint->FieldOffset("num_pkts");

4
src/analyzer/protocol/conn-size/ConnSize.h
View file

@ -17,7 +17,7 @@ public:
void Done() override; void Done() override;
// from Analyzer.h // from Analyzer.h
void UpdateConnVal(RecordVal *conn_val) override; void UpdateConnVal(zeek::RecordVal *conn_val) override;
void FlipRoles() override; void FlipRoles() override;
void SetByteAndPacketThreshold(uint64_t threshold, bool bytes, bool orig); void SetByteAndPacketThreshold(uint64_t threshold, bool bytes, bool orig);
@ -50,4 +50,4 @@ protected:
double duration_thresh; double duration_thresh;
}; };
} } // namespace analyzer::* } } // namespace analyzer::*

6
src/analyzer/protocol/conn-size/functions.bif
View file

@ -3,7 +3,7 @@
#include "Reporter.h" #include "Reporter.h"
#include "Sessions.h" #include "Sessions.h"
static analyzer::Analyzer* GetConnsizeAnalyzer(Val* cid) static analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
{ {
Connection* c = sessions->FindConnection(cid); Connection* c = sessions->FindConnection(cid);
if ( ! c ) if ( ! c )
@ -139,7 +139,7 @@ function get_current_conn_duration_threshold%(cid: conn_id%): interval
%{ %{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a ) if ( ! a )
return zeek::make_intrusive<IntervalVal>(0.0); return zeek::make_intrusive<zeek::IntervalVal>(0.0);
return zeek::make_intrusive<IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold()); return zeek::make_intrusive<zeek::IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
%} %}

6
src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
View file

@ -83,14 +83,14 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_bind_ack ) if ( dce_rpc_bind_ack )
{ {
StringValPtr sec_addr; zeek::StringValPtr sec_addr;
// Remove the null from the end of the string if it's there. // Remove the null from the end of the string if it's there.
if ( ${bind.sec_addr}.length() > 0 && if ( ${bind.sec_addr}.length() > 0 &&
*(${bind.sec_addr}.begin() + ${bind.sec_addr}.length()) == 0 ) *(${bind.sec_addr}.begin() + ${bind.sec_addr}.length()) == 0 )
sec_addr = zeek::make_intrusive<StringVal>(${bind.sec_addr}.length()-1, (const char*) ${bind.sec_addr}.begin()); sec_addr = zeek::make_intrusive<zeek::StringVal>(${bind.sec_addr}.length()-1, (const char*) ${bind.sec_addr}.begin());
else else
sec_addr = zeek::make_intrusive<StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin()); sec_addr = zeek::make_intrusive<zeek::StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin());
zeek::BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),

26
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -1,8 +1,8 @@
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
%member{ %member{
RecordValPtr options; zeek::RecordValPtr options;
VectorValPtr all_options; zeek::VectorValPtr all_options;
%} %}
%init{ %init{
@ -19,8 +19,8 @@ refine flow DHCP_Flow += {
%{ %{
if ( ! options ) if ( ! options )
{ {
options = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Options); options = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::Options);
all_options = zeek::make_intrusive<VectorVal>(zeek::id::index_vec); all_options = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
options->Assign(0, all_options); options->Assign(0, all_options);
} }
@ -53,17 +53,17 @@ refine flow DHCP_Flow += {
std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length()); std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length());
double secs = static_cast<double>(${msg.secs}); double secs = static_cast<double>(${msg.secs});
auto dhcp_msg_val = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Msg); auto dhcp_msg_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::Msg);
dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op})); dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type})); dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid})); dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));
dhcp_msg_val->Assign(3, zeek::make_intrusive<IntervalVal>(secs)); dhcp_msg_val->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(secs));
dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags})); dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags}));
dhcp_msg_val->Assign(5, zeek::make_intrusive<AddrVal>(htonl(${msg.ciaddr}))); dhcp_msg_val->Assign(5, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.ciaddr})));
dhcp_msg_val->Assign(6, zeek::make_intrusive<AddrVal>(htonl(${msg.yiaddr}))); dhcp_msg_val->Assign(6, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.yiaddr})));
dhcp_msg_val->Assign(7, zeek::make_intrusive<AddrVal>(htonl(${msg.siaddr}))); dhcp_msg_val->Assign(7, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.siaddr})));
dhcp_msg_val->Assign(8, zeek::make_intrusive<AddrVal>(htonl(${msg.giaddr}))); dhcp_msg_val->Assign(8, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.giaddr})));
dhcp_msg_val->Assign(9, zeek::make_intrusive<StringVal>(mac_str)); dhcp_msg_val->Assign(9, zeek::make_intrusive<zeek::StringVal>(mac_str));
int last_non_null = 0; int last_non_null = 0;
@ -74,7 +74,7 @@ refine flow DHCP_Flow += {
} }
if ( last_non_null > 0 ) if ( last_non_null > 0 )
dhcp_msg_val->Assign(10, zeek::make_intrusive<StringVal>(last_non_null + 1, dhcp_msg_val->Assign(10, zeek::make_intrusive<zeek::StringVal>(last_non_null + 1,
reinterpret_cast<const char*>(${msg.sname}.begin()))); reinterpret_cast<const char*>(${msg.sname}.begin())));
last_non_null = 0; last_non_null = 0;
@ -86,7 +86,7 @@ refine flow DHCP_Flow += {
} }
if ( last_non_null > 0 ) if ( last_non_null > 0 )
dhcp_msg_val->Assign(11, zeek::make_intrusive<StringVal>(last_non_null + 1, dhcp_msg_val->Assign(11, zeek::make_intrusive<zeek::StringVal>(last_non_null + 1,
reinterpret_cast<const char*>(${msg.file_n}.begin()))); reinterpret_cast<const char*>(${msg.file_n}.begin())));
init_options(); init_options();

72
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -11,7 +11,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_subnet_option(v: OptionValue): bool function process_subnet_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(1, zeek::make_intrusive<AddrVal>(htonl(${v.subnet}))); ${context.flow}->options->Assign(1, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.subnet})));
return true; return true;
%} %}
}; };
@ -57,14 +57,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_router_option(v: OptionValue): bool function process_router_option(v: OptionValue): bool
%{ %{
auto router_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs); auto router_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_routers = ${v.router_list}->size(); int num_routers = ${v.router_list}->size();
vector<uint32>* rlist = ${v.router_list}; vector<uint32>* rlist = ${v.router_list};
for ( int i = 0; i < num_routers; ++i ) for ( int i = 0; i < num_routers; ++i )
{ {
uint32 raddr = (*rlist)[i]; uint32 raddr = (*rlist)[i];
router_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr))); router_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
} }
${context.flow}->options->Assign(2, std::move(router_list)); ${context.flow}->options->Assign(2, std::move(router_list));
@ -91,14 +91,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_timeserver_option(v: OptionValue): bool function process_timeserver_option(v: OptionValue): bool
%{ %{
auto timeserver_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs); auto timeserver_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.timeserver_list}->size(); int num_servers = ${v.timeserver_list}->size();
vector<uint32>* rlist = ${v.timeserver_list}; vector<uint32>* rlist = ${v.timeserver_list};
for ( int i = 0; i < num_servers; ++i ) for ( int i = 0; i < num_servers; ++i )
{ {
uint32 raddr = (*rlist)[i]; uint32 raddr = (*rlist)[i];
timeserver_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr))); timeserver_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
} }
${context.flow}->options->Assign(26, std::move(timeserver_list)); ${context.flow}->options->Assign(26, std::move(timeserver_list));
@ -125,14 +125,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_nameserver_option(v: OptionValue): bool function process_nameserver_option(v: OptionValue): bool
%{ %{
auto nameserver_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs); auto nameserver_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.nameserver_list}->size(); int num_servers = ${v.nameserver_list}->size();
vector<uint32>* rlist = ${v.nameserver_list}; vector<uint32>* rlist = ${v.nameserver_list};
for ( int i = 0; i < num_servers; ++i ) for ( int i = 0; i < num_servers; ++i )
{ {
uint32 raddr = (*rlist)[i]; uint32 raddr = (*rlist)[i];
nameserver_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr))); nameserver_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
} }
${context.flow}->options->Assign(27, std::move(nameserver_list)); ${context.flow}->options->Assign(27, std::move(nameserver_list));
@ -159,14 +159,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_dns_server_option(v: OptionValue): bool function process_dns_server_option(v: OptionValue): bool
%{ %{
auto server_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs); auto server_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.dns_server_list}->size(); int num_servers = ${v.dns_server_list}->size();
vector<uint32>* rlist = ${v.dns_server_list}; vector<uint32>* rlist = ${v.dns_server_list};
for ( int i = 0; i < num_servers; ++i ) for ( int i = 0; i < num_servers; ++i )
{ {
uint32 raddr = (*rlist)[i]; uint32 raddr = (*rlist)[i];
server_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr))); server_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
} }
${context.flow}->options->Assign(3, std::move(server_list)); ${context.flow}->options->Assign(3, std::move(server_list));
@ -192,7 +192,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_host_name_option(v: OptionValue): bool function process_host_name_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(4, zeek::make_intrusive<StringVal>(${v.host_name}.length(), ${context.flow}->options->Assign(4, zeek::make_intrusive<zeek::StringVal>(${v.host_name}.length(),
reinterpret_cast<const char*>(${v.host_name}.begin()))); reinterpret_cast<const char*>(${v.host_name}.begin())));
return true; return true;
@ -225,7 +225,7 @@ refine flow DHCP_Flow += {
last_non_null = i; last_non_null = i;
} }
${context.flow}->options->Assign(5, zeek::make_intrusive<StringVal>(last_non_null == 0 ? 0 : last_non_null + 1, ${context.flow}->options->Assign(5, zeek::make_intrusive<zeek::StringVal>(last_non_null == 0 ? 0 : last_non_null + 1,
reinterpret_cast<const char*>(${v.domain_name}.begin()))); reinterpret_cast<const char*>(${v.domain_name}.begin())));
return true; return true;
@ -274,7 +274,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_broadcast_address_option(v: OptionValue): bool function process_broadcast_address_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(7, zeek::make_intrusive<AddrVal>(htonl(${v.broadcast_address}))); ${context.flow}->options->Assign(7, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.broadcast_address})));
return true; return true;
%} %}
@ -298,14 +298,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_ntpserver_option(v: OptionValue): bool function process_ntpserver_option(v: OptionValue): bool
%{ %{
auto ntpserver_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs); auto ntpserver_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.ntpserver_list}->size(); int num_servers = ${v.ntpserver_list}->size();
vector<uint32>* rlist = ${v.ntpserver_list}; vector<uint32>* rlist = ${v.ntpserver_list};
for ( int i = 0; i < num_servers; ++i ) for ( int i = 0; i < num_servers; ++i )
{ {
uint32 raddr = (*rlist)[i]; uint32 raddr = (*rlist)[i];
ntpserver_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr))); ntpserver_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
} }
${context.flow}->options->Assign(28, std::move(ntpserver_list)); ${context.flow}->options->Assign(28, std::move(ntpserver_list));
@ -331,7 +331,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_vendor_specific_option(v: OptionValue): bool function process_vendor_specific_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(8, zeek::make_intrusive<StringVal>(${v.vendor_specific}.length(), ${context.flow}->options->Assign(8, zeek::make_intrusive<zeek::StringVal>(${v.vendor_specific}.length(),
reinterpret_cast<const char*>(${v.vendor_specific}.begin()))); reinterpret_cast<const char*>(${v.vendor_specific}.begin())));
return true; return true;
@ -356,14 +356,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_nbns_option(v: OptionValue): bool function process_nbns_option(v: OptionValue): bool
%{ %{
auto server_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs); auto server_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.nbns}->size(); int num_servers = ${v.nbns}->size();
vector<uint32>* rlist = ${v.nbns}; vector<uint32>* rlist = ${v.nbns};
for ( int i = 0; i < num_servers; ++i ) for ( int i = 0; i < num_servers; ++i )
{ {
uint32 raddr = (*rlist)[i]; uint32 raddr = (*rlist)[i];
server_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr))); server_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
} }
${context.flow}->options->Assign(9, std::move(server_list)); ${context.flow}->options->Assign(9, std::move(server_list));
@ -389,7 +389,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_addr_request_option(v: OptionValue): bool function process_addr_request_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(10, zeek::make_intrusive<AddrVal>(htonl(${v.addr_request}))); ${context.flow}->options->Assign(10, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.addr_request})));
return true; return true;
%} %}
@ -414,7 +414,7 @@ refine flow DHCP_Flow += {
function process_lease_option(v: OptionValue): bool function process_lease_option(v: OptionValue): bool
%{ %{
double lease = static_cast<double>(${v.lease}); double lease = static_cast<double>(${v.lease});
${context.flow}->options->Assign(11, zeek::make_intrusive<IntervalVal>(lease)); ${context.flow}->options->Assign(11, zeek::make_intrusive<zeek::IntervalVal>(lease));
return true; return true;
%} %}
@ -438,7 +438,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_serv_id_option(v: OptionValue): bool function process_serv_id_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(12, zeek::make_intrusive<AddrVal>(htonl(${v.serv_addr}))); ${context.flow}->options->Assign(12, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.serv_addr})));
return true; return true;
%} %}
@ -462,7 +462,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_par_req_list_option(v: OptionValue): bool function process_par_req_list_option(v: OptionValue): bool
%{ %{
auto params = zeek::make_intrusive<VectorVal>(zeek::id::index_vec); auto params = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
int num_parms = ${v.par_req_list}->size(); int num_parms = ${v.par_req_list}->size();
vector<uint8>* plist = ${v.par_req_list}; vector<uint8>* plist = ${v.par_req_list};
@ -496,7 +496,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_message_option(v: OptionValue): bool function process_message_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(14, zeek::make_intrusive<StringVal>(${v.message}.length(), ${context.flow}->options->Assign(14, zeek::make_intrusive<zeek::StringVal>(${v.message}.length(),
reinterpret_cast<const char*>(${v.message}.begin()))); reinterpret_cast<const char*>(${v.message}.begin())));
return true; return true;
@ -546,7 +546,7 @@ refine flow DHCP_Flow += {
function process_renewal_time_option(v: OptionValue): bool function process_renewal_time_option(v: OptionValue): bool
%{ %{
double renewal_time = static_cast<double>(${v.renewal_time}); double renewal_time = static_cast<double>(${v.renewal_time});
${context.flow}->options->Assign(16, zeek::make_intrusive<IntervalVal>(renewal_time)); ${context.flow}->options->Assign(16, zeek::make_intrusive<zeek::IntervalVal>(renewal_time));
return true; return true;
%} %}
@ -571,7 +571,7 @@ refine flow DHCP_Flow += {
function process_rebinding_time_option(v: OptionValue): bool function process_rebinding_time_option(v: OptionValue): bool
%{ %{
double rebinding_time = static_cast<double>(${v.rebinding_time}); double rebinding_time = static_cast<double>(${v.rebinding_time});
${context.flow}->options->Assign(17, zeek::make_intrusive<IntervalVal>(rebinding_time)); ${context.flow}->options->Assign(17, zeek::make_intrusive<zeek::IntervalVal>(rebinding_time));
return true; return true;
%} %}
@ -595,7 +595,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_vendor_class_option(v: OptionValue): bool function process_vendor_class_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(18, zeek::make_intrusive<StringVal>(${v.vendor_class}.length(), ${context.flow}->options->Assign(18, zeek::make_intrusive<zeek::StringVal>(${v.vendor_class}.length(),
reinterpret_cast<const char*>(${v.vendor_class}.begin()))); reinterpret_cast<const char*>(${v.vendor_class}.begin())));
return true; return true;
@ -625,15 +625,15 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_client_id_option(v: OptionValue): bool function process_client_id_option(v: OptionValue): bool
%{ %{
auto client_id = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::ClientID); auto client_id = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientID);
client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype})); client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
StringValPtr sv; zeek::StringValPtr sv;
if ( ${v.client_id.hwtype} == 0 ) if ( ${v.client_id.hwtype} == 0 )
sv = zeek::make_intrusive<StringVal>(${v.client_id.hwaddr}.length(), sv = zeek::make_intrusive<zeek::StringVal>(${v.client_id.hwaddr}.length(),
(const char*)${v.client_id.hwaddr}.begin()); (const char*)${v.client_id.hwaddr}.begin());
else else
sv = zeek::make_intrusive<StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(), sv = zeek::make_intrusive<zeek::StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(),
${v.client_id.hwaddr}.length())); ${v.client_id.hwaddr}.length()));
client_id->Assign(1, std::move(sv)); client_id->Assign(1, std::move(sv));
@ -662,7 +662,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_user_class_option(v: OptionValue): bool function process_user_class_option(v: OptionValue): bool
%{ %{
${context.flow}->options->Assign(20, zeek::make_intrusive<StringVal>(${v.user_class}.length(), ${context.flow}->options->Assign(20, zeek::make_intrusive<zeek::StringVal>(${v.user_class}.length(),
reinterpret_cast<const char*>(${v.user_class}.begin()))); reinterpret_cast<const char*>(${v.user_class}.begin())));
return true; return true;
@ -694,12 +694,12 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += { refine flow DHCP_Flow += {
function process_client_fqdn_option(v: OptionValue): bool function process_client_fqdn_option(v: OptionValue): bool
%{ %{
auto client_fqdn = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN); auto client_fqdn = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN);
client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags})); client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1})); client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2})); client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin()); const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin());
client_fqdn->Assign(3, zeek::make_intrusive<StringVal>(${v.client_fqdn.domain_name}.length(), domain_name)); client_fqdn->Assign(3, zeek::make_intrusive<zeek::StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
${context.flow}->options->Assign(21, std::move(client_fqdn)); ${context.flow}->options->Assign(21, std::move(client_fqdn));
@ -752,14 +752,14 @@ refine flow DHCP_Flow += {
function process_relay_agent_inf_option(v: OptionValue): bool function process_relay_agent_inf_option(v: OptionValue): bool
%{ %{
auto relay_agent_sub_opt = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::SubOpts); auto relay_agent_sub_opt = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::SubOpts);
uint16 i = 0; uint16 i = 0;
for ( auto ptrsubopt = ${v.relay_agent_inf}->begin(); for ( auto ptrsubopt = ${v.relay_agent_inf}->begin();
ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt ) ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
{ {
auto r = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::SubOpt); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::SubOpt);
r->Assign(0, val_mgr->Count((*ptrsubopt)->code())); r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
r->Assign(1, to_stringval((*ptrsubopt)->value())); r->Assign(1, to_stringval((*ptrsubopt)->value()));
@ -818,7 +818,7 @@ refine flow DHCP_Flow += {
if ( string_len == 0 ) if ( string_len == 0 )
{ {
${context.flow}->options->Assign(24, zeek::make_intrusive<StringVal>(0, "")); ${context.flow}->options->Assign(24, zeek::make_intrusive<zeek::StringVal>(0, ""));
return true; return true;
} }
@ -830,7 +830,7 @@ refine flow DHCP_Flow += {
if ( has_newline ) if ( has_newline )
--string_len; --string_len;
${context.flow}->options->Assign(24, zeek::make_intrusive<StringVal>(string_len, ${context.flow}->options->Assign(24, zeek::make_intrusive<zeek::StringVal>(string_len,
reinterpret_cast<const char*>(${v.auto_proxy_config}.begin()))); reinterpret_cast<const char*>(${v.auto_proxy_config}.begin())));
return true; return true;

124
src/analyzer/protocol/dns/DNS.cc
View file

@ -89,9 +89,9 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
int skip_addl = dns_skip_all_addl; int skip_addl = dns_skip_all_addl;
if ( msg.ancount > 0 ) if ( msg.ancount > 0 )
{ // We did an answer, so can potentially skip auth/addl. { // We did an answer, so can potentially skip auth/addl.
static auto dns_skip_auth = zeek::id::find_val<TableVal>("dns_skip_auth"); static auto dns_skip_auth = zeek::id::find_val<zeek::TableVal>("dns_skip_auth");
static auto dns_skip_addl = zeek::id::find_val<TableVal>("dns_skip_addl"); static auto dns_skip_addl = zeek::id::find_val<zeek::TableVal>("dns_skip_addl");
auto server = zeek::make_intrusive<AddrVal>(analyzer->Conn()->RespAddr()); auto server = zeek::make_intrusive<zeek::AddrVal>(analyzer->Conn()->RespAddr());
skip_auth = skip_auth || msg.nscount == 0 || skip_auth = skip_auth || msg.nscount == 0 ||
dns_skip_auth->FindOrDefault(server); dns_skip_auth->FindOrDefault(server);
@ -238,7 +238,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
// Note that the exact meaning of some of these fields will be // Note that the exact meaning of some of these fields will be
// re-interpreted by other, more adventurous RR types. // re-interpreted by other, more adventurous RR types.
msg->query_name = zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)); msg->query_name = zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true));
msg->atype = RR_Type(ExtractShort(data, len)); msg->atype = RR_Type(ExtractShort(data, len));
msg->aclass = ExtractShort(data, len); msg->aclass = ExtractShort(data, len);
msg->ttl = ExtractLong(data, len); msg->ttl = ExtractLong(data, len);
@ -562,7 +562,7 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)) zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true))
); );
return true; return true;
@ -603,14 +603,14 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
if ( dns_SOA_reply && ! msg->skip_event ) if ( dns_SOA_reply && ! msg->skip_event )
{ {
static auto dns_soa = zeek::id::find_type<zeek::RecordType>("dns_soa"); static auto dns_soa = zeek::id::find_type<zeek::RecordType>("dns_soa");
auto r = zeek::make_intrusive<RecordVal>(dns_soa); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_soa);
r->Assign(0, zeek::make_intrusive<StringVal>(new BroString(mname, mname_end - mname, true))); r->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(mname, mname_end - mname, true)));
r->Assign(1, zeek::make_intrusive<StringVal>(new BroString(rname, rname_end - rname, true))); r->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString(rname, rname_end - rname, true)));
r->Assign(2, val_mgr->Count(serial)); r->Assign(2, val_mgr->Count(serial));
r->Assign(3, zeek::make_intrusive<IntervalVal>(double(refresh), Seconds)); r->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(refresh), Seconds));
r->Assign(4, zeek::make_intrusive<IntervalVal>(double(retry), Seconds)); r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(retry), Seconds));
r->Assign(5, zeek::make_intrusive<IntervalVal>(double(expire), Seconds)); r->Assign(5, zeek::make_intrusive<zeek::IntervalVal>(double(expire), Seconds));
r->Assign(6, zeek::make_intrusive<IntervalVal>(double(minimum), Seconds)); r->Assign(6, zeek::make_intrusive<zeek::IntervalVal>(double(minimum), Seconds));
analyzer->EnqueueConnEvent(dns_SOA_reply, analyzer->EnqueueConnEvent(dns_SOA_reply,
analyzer->ConnVal(), analyzer->ConnVal(),
@ -646,7 +646,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)), zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
val_mgr->Count(preference) val_mgr->Count(preference)
); );
@ -687,7 +687,7 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)), zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
val_mgr->Count(priority), val_mgr->Count(priority),
val_mgr->Count(weight), val_mgr->Count(weight),
val_mgr->Count(port) val_mgr->Count(port)
@ -1009,7 +1009,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start); int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec); auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
while ( typebitmaps_len > 0 && len > 0 ) while ( typebitmaps_len > 0 && len > 0 )
{ {
@ -1024,7 +1024,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
} }
BroString* bitmap = ExtractStream(data, len, bmlen); BroString* bitmap = ExtractStream(data, len, bmlen);
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<StringVal>(bitmap)); char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
typebitmaps_len = typebitmaps_len - (2 + bmlen); typebitmaps_len = typebitmaps_len - (2 + bmlen);
} }
@ -1033,7 +1033,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)), zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
std::move(char_strings) std::move(char_strings)
); );
@ -1084,7 +1084,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start); int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec); auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
while ( typebitmaps_len > 0 && len > 0 ) while ( typebitmaps_len > 0 && len > 0 )
{ {
@ -1099,7 +1099,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
} }
BroString* bitmap = ExtractStream(data, len, bmlen); BroString* bitmap = ExtractStream(data, len, bmlen);
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<StringVal>(bitmap)); char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
typebitmaps_len = typebitmaps_len - (2 + bmlen); typebitmaps_len = typebitmaps_len - (2 + bmlen);
} }
@ -1200,7 +1200,7 @@ bool DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
zeek::make_intrusive<AddrVal>(htonl(addr)) zeek::make_intrusive<zeek::AddrVal>(htonl(addr))
); );
return true; return true;
@ -1236,7 +1236,7 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
zeek::make_intrusive<AddrVal>(addr) zeek::make_intrusive<zeek::AddrVal>(addr)
); );
return true; return true;
@ -1260,7 +1260,7 @@ bool DNS_Interpreter::ParseRR_HINFO(DNS_MsgInfo* msg,
return true; return true;
} }
static StringValPtr static zeek::StringValPtr
extract_char_string(analyzer::Analyzer* analyzer, extract_char_string(analyzer::Analyzer* analyzer,
const u_char*& data, int& len, int& rdlen) const u_char*& data, int& len, int& rdlen)
{ {
@ -1279,7 +1279,7 @@ extract_char_string(analyzer::Analyzer* analyzer,
return nullptr; return nullptr;
} }
auto rval = zeek::make_intrusive<StringVal>(str_size, reinterpret_cast<const char*>(data)); auto rval = zeek::make_intrusive<zeek::StringVal>(str_size, reinterpret_cast<const char*>(data));
rdlen -= str_size; rdlen -= str_size;
len -= str_size; len -= str_size;
@ -1299,8 +1299,8 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
return true; return true;
} }
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec); auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
StringValPtr char_string; zeek::StringValPtr char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
char_strings->Assign(char_strings->Size(), std::move(char_string)); char_strings->Assign(char_strings->Size(), std::move(char_string));
@ -1327,8 +1327,8 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg,
return true; return true;
} }
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec); auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
StringValPtr char_string; zeek::StringValPtr char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) ) while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
char_strings->Assign(char_strings->Size(), std::move(char_string)); char_strings->Assign(char_strings->Size(), std::move(char_string));
@ -1380,8 +1380,8 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
msg->BuildHdrVal(), msg->BuildHdrVal(),
msg->BuildAnswerVal(), msg->BuildAnswerVal(),
val_mgr->Count(flags), val_mgr->Count(flags),
zeek::make_intrusive<StringVal>(tag), zeek::make_intrusive<zeek::StringVal>(tag),
zeek::make_intrusive<StringVal>(value) zeek::make_intrusive<zeek::StringVal>(value)
); );
else else
{ {
@ -1407,10 +1407,10 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
analyzer->EnqueueConnEvent(event, analyzer->EnqueueConnEvent(event,
analyzer->ConnVal(), analyzer->ConnVal(),
msg->BuildHdrVal(), msg->BuildHdrVal(),
zeek::make_intrusive<StringVal>(question_name), zeek::make_intrusive<zeek::StringVal>(question_name),
val_mgr->Count(qtype), val_mgr->Count(qtype),
val_mgr->Count(qclass), val_mgr->Count(qclass),
zeek::make_intrusive<StringVal>(original_name) zeek::make_intrusive<zeek::StringVal>(original_name)
); );
} }
@ -1446,10 +1446,10 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
skip_event = 0; skip_event = 0;
} }
RecordValPtr DNS_MsgInfo::BuildHdrVal() zeek::RecordValPtr DNS_MsgInfo::BuildHdrVal()
{ {
static auto dns_msg = zeek::id::find_type<zeek::RecordType>("dns_msg"); static auto dns_msg = zeek::id::find_type<zeek::RecordType>("dns_msg");
auto r = zeek::make_intrusive<RecordVal>(dns_msg); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_msg);
r->Assign(0, val_mgr->Count(id)); r->Assign(0, val_mgr->Count(id));
r->Assign(1, val_mgr->Count(opcode)); r->Assign(1, val_mgr->Count(opcode));
@ -1468,26 +1468,26 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal()
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildAnswerVal() zeek::RecordValPtr DNS_MsgInfo::BuildAnswerVal()
{ {
static auto dns_answer = zeek::id::find_type<zeek::RecordType>("dns_answer"); static auto dns_answer = zeek::id::find_type<zeek::RecordType>("dns_answer");
auto r = zeek::make_intrusive<RecordVal>(dns_answer); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_answer);
r->Assign(0, val_mgr->Count(int(answer_type))); r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(1, query_name); r->Assign(1, query_name);
r->Assign(2, val_mgr->Count(atype)); r->Assign(2, val_mgr->Count(atype));
r->Assign(3, val_mgr->Count(aclass)); r->Assign(3, val_mgr->Count(aclass));
r->Assign(4, zeek::make_intrusive<IntervalVal>(double(ttl), Seconds)); r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(ttl), Seconds));
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildEDNS_Val() zeek::RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
{ {
// We have to treat the additional record type in EDNS differently // We have to treat the additional record type in EDNS differently
// than a regular resource record. // than a regular resource record.
static auto dns_edns_additional = zeek::id::find_type<zeek::RecordType>("dns_edns_additional"); static auto dns_edns_additional = zeek::id::find_type<zeek::RecordType>("dns_edns_additional");
auto r = zeek::make_intrusive<RecordVal>(dns_edns_additional); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_edns_additional);
r->Assign(0, val_mgr->Count(int(answer_type))); r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(1, query_name); r->Assign(1, query_name);
@ -1512,25 +1512,25 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
r->Assign(4, val_mgr->Count(return_error)); r->Assign(4, val_mgr->Count(return_error));
r->Assign(5, val_mgr->Count(version)); r->Assign(5, val_mgr->Count(version));
r->Assign(6, val_mgr->Count(z)); r->Assign(6, val_mgr->Count(z));
r->Assign(7, zeek::make_intrusive<IntervalVal>(double(ttl), Seconds)); r->Assign(7, zeek::make_intrusive<zeek::IntervalVal>(double(ttl), Seconds));
r->Assign(8, val_mgr->Count(is_query)); r->Assign(8, val_mgr->Count(is_query));
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig) zeek::RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
{ {
static auto dns_tsig_additional = zeek::id::find_type<zeek::RecordType>("dns_tsig_additional"); static auto dns_tsig_additional = zeek::id::find_type<zeek::RecordType>("dns_tsig_additional");
auto r = zeek::make_intrusive<RecordVal>(dns_tsig_additional); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_tsig_additional);
double rtime = tsig->time_s + tsig->time_ms / 1000.0; double rtime = tsig->time_s + tsig->time_ms / 1000.0;
// r->Assign(0, val_mgr->Count(int(answer_type))); // r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type))); r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::make_intrusive<StringVal>(tsig->alg_name)); r->Assign(2, zeek::make_intrusive<zeek::StringVal>(tsig->alg_name));
r->Assign(3, zeek::make_intrusive<StringVal>(tsig->sig)); r->Assign(3, zeek::make_intrusive<zeek::StringVal>(tsig->sig));
r->Assign(4, zeek::make_intrusive<TimeVal>(rtime)); r->Assign(4, zeek::make_intrusive<zeek::TimeVal>(rtime));
r->Assign(5, zeek::make_intrusive<TimeVal>(double(tsig->fudge))); r->Assign(5, zeek::make_intrusive<zeek::TimeVal>(double(tsig->fudge)));
r->Assign(6, val_mgr->Count(tsig->orig_id)); r->Assign(6, val_mgr->Count(tsig->orig_id));
r->Assign(7, val_mgr->Count(tsig->rr_error)); r->Assign(7, val_mgr->Count(tsig->rr_error));
r->Assign(8, val_mgr->Count(is_query)); r->Assign(8, val_mgr->Count(is_query));
@ -1538,47 +1538,47 @@ RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig) zeek::RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
{ {
static auto dns_rrsig_rr = zeek::id::find_type<zeek::RecordType>("dns_rrsig_rr"); static auto dns_rrsig_rr = zeek::id::find_type<zeek::RecordType>("dns_rrsig_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_rrsig_rr); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_rrsig_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type))); r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(rrsig->type_covered)); r->Assign(2, val_mgr->Count(rrsig->type_covered));
r->Assign(3, val_mgr->Count(rrsig->algorithm)); r->Assign(3, val_mgr->Count(rrsig->algorithm));
r->Assign(4, val_mgr->Count(rrsig->labels)); r->Assign(4, val_mgr->Count(rrsig->labels));
r->Assign(5, zeek::make_intrusive<IntervalVal>(double(rrsig->orig_ttl), Seconds)); r->Assign(5, zeek::make_intrusive<zeek::IntervalVal>(double(rrsig->orig_ttl), Seconds));
r->Assign(6, zeek::make_intrusive<TimeVal>(double(rrsig->sig_exp))); r->Assign(6, zeek::make_intrusive<zeek::TimeVal>(double(rrsig->sig_exp)));
r->Assign(7, zeek::make_intrusive<TimeVal>(double(rrsig->sig_incep))); r->Assign(7, zeek::make_intrusive<zeek::TimeVal>(double(rrsig->sig_incep)));
r->Assign(8, val_mgr->Count(rrsig->key_tag)); r->Assign(8, val_mgr->Count(rrsig->key_tag));
r->Assign(9, zeek::make_intrusive<StringVal>(rrsig->signer_name)); r->Assign(9, zeek::make_intrusive<zeek::StringVal>(rrsig->signer_name));
r->Assign(10, zeek::make_intrusive<StringVal>(rrsig->signature)); r->Assign(10, zeek::make_intrusive<zeek::StringVal>(rrsig->signature));
r->Assign(11, val_mgr->Count(is_query)); r->Assign(11, val_mgr->Count(is_query));
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey) zeek::RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
{ {
static auto dns_dnskey_rr = zeek::id::find_type<zeek::RecordType>("dns_dnskey_rr"); static auto dns_dnskey_rr = zeek::id::find_type<zeek::RecordType>("dns_dnskey_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_dnskey_rr); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_dnskey_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type))); r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(dnskey->dflags)); r->Assign(2, val_mgr->Count(dnskey->dflags));
r->Assign(3, val_mgr->Count(dnskey->dprotocol)); r->Assign(3, val_mgr->Count(dnskey->dprotocol));
r->Assign(4, val_mgr->Count(dnskey->dalgorithm)); r->Assign(4, val_mgr->Count(dnskey->dalgorithm));
r->Assign(5, zeek::make_intrusive<StringVal>(dnskey->public_key)); r->Assign(5, zeek::make_intrusive<zeek::StringVal>(dnskey->public_key));
r->Assign(6, val_mgr->Count(is_query)); r->Assign(6, val_mgr->Count(is_query));
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3) zeek::RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
{ {
static auto dns_nsec3_rr = zeek::id::find_type<zeek::RecordType>("dns_nsec3_rr"); static auto dns_nsec3_rr = zeek::id::find_type<zeek::RecordType>("dns_nsec3_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_nsec3_rr); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_nsec3_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type))); r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1586,26 +1586,26 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo)); r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo));
r->Assign(4, val_mgr->Count(nsec3->nsec_iter)); r->Assign(4, val_mgr->Count(nsec3->nsec_iter));
r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len)); r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len));
r->Assign(6, zeek::make_intrusive<StringVal>(nsec3->nsec_salt)); r->Assign(6, zeek::make_intrusive<zeek::StringVal>(nsec3->nsec_salt));
r->Assign(7, val_mgr->Count(nsec3->nsec_hlen)); r->Assign(7, val_mgr->Count(nsec3->nsec_hlen));
r->Assign(8, zeek::make_intrusive<StringVal>(nsec3->nsec_hash)); r->Assign(8, zeek::make_intrusive<zeek::StringVal>(nsec3->nsec_hash));
r->Assign(9, std::move(nsec3->bitmaps)); r->Assign(9, std::move(nsec3->bitmaps));
r->Assign(10, val_mgr->Count(is_query)); r->Assign(10, val_mgr->Count(is_query));
return r; return r;
} }
RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds) zeek::RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
{ {
static auto dns_ds_rr = zeek::id::find_type<zeek::RecordType>("dns_ds_rr"); static auto dns_ds_rr = zeek::id::find_type<zeek::RecordType>("dns_ds_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_ds_rr); auto r = zeek::make_intrusive<zeek::RecordVal>(dns_ds_rr);
r->Assign(0, query_name); r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type))); r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(ds->key_tag)); r->Assign(2, val_mgr->Count(ds->key_tag));
r->Assign(3, val_mgr->Count(ds->algorithm)); r->Assign(3, val_mgr->Count(ds->algorithm));
r->Assign(4, val_mgr->Count(ds->digest_type)); r->Assign(4, val_mgr->Count(ds->digest_type));
r->Assign(5, zeek::make_intrusive<StringVal>(ds->digest_val)); r->Assign(5, zeek::make_intrusive<zeek::StringVal>(ds->digest_val));
r->Assign(6, val_mgr->Count(is_query)); r->Assign(6, val_mgr->Count(is_query));
return r; return r;

20
src/analyzer/protocol/dns/DNS.h
View file

@ -165,7 +165,7 @@ struct NSEC3_DATA {
BroString* nsec_salt; BroString* nsec_salt;
unsigned short nsec_hlen; unsigned short nsec_hlen;
BroString* nsec_hash; BroString* nsec_hash;
VectorValPtr bitmaps; zeek::VectorValPtr bitmaps;
}; };
struct DS_DATA { struct DS_DATA {
@ -179,14 +179,14 @@ class DNS_MsgInfo {
public: public:
DNS_MsgInfo(DNS_RawMsgHdr* hdr, int is_query); DNS_MsgInfo(DNS_RawMsgHdr* hdr, int is_query);
RecordValPtr BuildHdrVal(); zeek::RecordValPtr BuildHdrVal();
RecordValPtr BuildAnswerVal(); zeek::RecordValPtr BuildAnswerVal();
RecordValPtr BuildEDNS_Val(); zeek::RecordValPtr BuildEDNS_Val();
RecordValPtr BuildTSIG_Val(struct TSIG_DATA*); zeek::RecordValPtr BuildTSIG_Val(struct TSIG_DATA*);
RecordValPtr BuildRRSIG_Val(struct RRSIG_DATA*); zeek::RecordValPtr BuildRRSIG_Val(struct RRSIG_DATA*);
RecordValPtr BuildDNSKEY_Val(struct DNSKEY_DATA*); zeek::RecordValPtr BuildDNSKEY_Val(struct DNSKEY_DATA*);
RecordValPtr BuildNSEC3_Val(struct NSEC3_DATA*); zeek::RecordValPtr BuildNSEC3_Val(struct NSEC3_DATA*);
RecordValPtr BuildDS_Val(struct DS_DATA*); zeek::RecordValPtr BuildDS_Val(struct DS_DATA*);
int id; int id;
int opcode; ///< query type, see DNS_Opcode int opcode; ///< query type, see DNS_Opcode
@ -203,7 +203,7 @@ public:
int arcount; ///< number of additional RRs int arcount; ///< number of additional RRs
int is_query; ///< whether it came from the session initiator int is_query; ///< whether it came from the session initiator
StringValPtr query_name; zeek::StringValPtr query_name;
RR_Type atype; RR_Type atype;
int aclass; ///< normally = 1, inet int aclass; ///< normally = 1, inet
uint32_t ttl; uint32_t ttl;

6
src/analyzer/protocol/file/File.cc
View file

@ -82,8 +82,8 @@ void File_Analyzer::Identify()
EnqueueConnEvent( EnqueueConnEvent(
file_transferred, file_transferred,
ConnVal(), ConnVal(),
zeek::make_intrusive<StringVal>(buffer_len, buffer), zeek::make_intrusive<zeek::StringVal>(buffer_len, buffer),
zeek::make_intrusive<StringVal>("<unknown>"), zeek::make_intrusive<zeek::StringVal>("<unknown>"),
zeek::make_intrusive<StringVal>(match) zeek::make_intrusive<zeek::StringVal>(match)
); );
} }

6
src/analyzer/protocol/finger/Finger.cc
View file

@ -70,8 +70,8 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
EnqueueConnEvent(finger_request, EnqueueConnEvent(finger_request,
ConnVal(), ConnVal(),
val_mgr->Bool(long_cnt), val_mgr->Bool(long_cnt),
zeek::make_intrusive<StringVal>(at - line, line), zeek::make_intrusive<zeek::StringVal>(at - line, line),
zeek::make_intrusive<StringVal>(end_of_line - host, host) zeek::make_intrusive<zeek::StringVal>(end_of_line - host, host)
); );
Conn()->Match(Rule::FINGER, (const u_char *) line, Conn()->Match(Rule::FINGER, (const u_char *) line,
@ -87,7 +87,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
EnqueueConnEvent(finger_reply, EnqueueConnEvent(finger_reply,
ConnVal(), ConnVal(),
zeek::make_intrusive<StringVal>(end_of_line - line, line) zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line)
); );
} }
} }

14
src/analyzer/protocol/ftp/FTP.cc
View file

@ -82,7 +82,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
{ {
int cmd_len; int cmd_len;
const char* cmd; const char* cmd;
StringVal* cmd_str; zeek::StringVal* cmd_str;
line = skip_whitespace(line, end_of_line); line = skip_whitespace(line, end_of_line);
get_word(end_of_line - line, line, cmd_len, cmd); get_word(end_of_line - line, line, cmd_len, cmd);
@ -91,15 +91,15 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
if ( cmd_len == 0 ) if ( cmd_len == 0 )
{ {
// Weird("FTP command missing", end_of_line - orig_line, orig_line); // Weird("FTP command missing", end_of_line - orig_line, orig_line);
cmd_str = new StringVal("<missing>"); cmd_str = new zeek::StringVal("<missing>");
} }
else else
cmd_str = (new StringVal(cmd_len, cmd))->ToUpper(); cmd_str = (new zeek::StringVal(cmd_len, cmd))->ToUpper();
vl = { vl = {
ConnVal(), ConnVal(),
zeek::IntrusivePtr{zeek::AdoptRef{}, cmd_str}, zeek::IntrusivePtr{zeek::AdoptRef{}, cmd_str},
zeek::make_intrusive<StringVal>(end_of_line - line, line), zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
}; };
f = ftp_request; f = ftp_request;
@ -178,7 +178,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
vl = { vl = {
ConnVal(), ConnVal(),
val_mgr->Count(reply_code), val_mgr->Count(reply_code),
zeek::make_intrusive<StringVal>(end_of_line - line, line), zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
val_mgr->Bool(cont_resp) val_mgr->Bool(cont_resp)
}; };
@ -216,7 +216,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
if ( strncmp(cmd, "ADAT", cmd_len) == 0 ) if ( strncmp(cmd, "ADAT", cmd_len) == 0 )
{ {
line = skip_whitespace(line + cmd_len, end_of_line); line = skip_whitespace(line + cmd_len, end_of_line);
StringVal encoded(end_of_line - line, line); zeek::StringVal encoded(end_of_line - line, line);
decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn()); decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn());
if ( first_token ) if ( first_token )
@ -291,7 +291,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
if ( end_of_line - line >= 5 && strncmp(line, "ADAT=", 5) == 0 ) if ( end_of_line - line >= 5 && strncmp(line, "ADAT=", 5) == 0 )
{ {
line += 5; line += 5;
StringVal encoded(end_of_line - line, line); zeek::StringVal encoded(end_of_line - line, line);
decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn()); decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn());
} }

22
src/analyzer/protocol/ftp/functions.bif
View file

@ -4,9 +4,9 @@ type ftp_port: record;
%%{ %%{
#include "Reporter.h" #include "Reporter.h"
static ValPtr parse_port(const char* line) static zeek::ValPtr parse_port(const char* line)
{ {
auto r = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ftp_port);
int bytes[6]; int bytes[6];
if ( line && sscanf(line, "%d,%d,%d,%d,%d,%d", if ( line && sscanf(line, "%d,%d,%d,%d,%d,%d",
@ -33,13 +33,13 @@ static ValPtr parse_port(const char* line)
good = 0; good = 0;
} }
r->Assign(0, zeek::make_intrusive<AddrVal>(htonl(addr))); r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(htonl(addr)));
r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP)); r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, val_mgr->Bool(good)); r->Assign(2, val_mgr->Bool(good));
} }
else else
{ {
r->Assign(0, zeek::make_intrusive<AddrVal>(uint32_t(0))); r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(uint32_t(0)));
r->Assign(1, val_mgr->Port(0, TRANSPORT_TCP)); r->Assign(1, val_mgr->Port(0, TRANSPORT_TCP));
r->Assign(2, val_mgr->False()); r->Assign(2, val_mgr->False());
} }
@ -47,9 +47,9 @@ static ValPtr parse_port(const char* line)
return r; return r;
} }
static ValPtr parse_eftp(const char* line) static zeek::ValPtr parse_eftp(const char* line)
{ {
auto r = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ftp_port);
int net_proto = 0; // currently not used int net_proto = 0; // currently not used
IPAddr addr; // unspecified IPv6 address (all 128 bits zero) IPAddr addr; // unspecified IPv6 address (all 128 bits zero)
@ -109,7 +109,7 @@ static ValPtr parse_eftp(const char* line)
} }
r->Assign(0, zeek::make_intrusive<AddrVal>(addr)); r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(addr));
r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP)); r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, val_mgr->Bool(good)); r->Assign(2, val_mgr->Bool(good));
@ -206,10 +206,10 @@ function fmt_ftp_port%(a: addr, p: port%): string
{ {
uint32_t a = ntohl(addr[0]); uint32_t a = ntohl(addr[0]);
uint32_t pn = p->Port(); uint32_t pn = p->Port();
return zeek::make_intrusive<StringVal>(fmt("%d,%d,%d,%d,%d,%d", return zeek::make_intrusive<zeek::StringVal>(fmt("%d,%d,%d,%d,%d,%d",
a >> 24, (a >> 16) & 0xff, a >> 24, (a >> 16) & 0xff,
(a >> 8) & 0xff, a & 0xff, (a >> 8) & 0xff, a & 0xff,
pn >> 8, pn & 0xff)); pn >> 8, pn & 0xff));
} }
else else
{ {

37
src/analyzer/protocol/gnutella/Gnutella.cc
View file

@ -72,11 +72,10 @@ void Gnutella_Analyzer::Done()
{ {
if ( ! p->msg_sent && p->msg_pos ) if ( ! p->msg_sent && p->msg_pos )
EnqueueConnEvent(gnutella_partial_binary_msg, EnqueueConnEvent(gnutella_partial_binary_msg,
ConnVal(), ConnVal(),
zeek::make_intrusive<StringVal>(p->msg), zeek::make_intrusive<zeek::StringVal>(p->msg),
val_mgr->Bool((i == 0)), val_mgr->Bool((i == 0)),
val_mgr->Count(p->msg_pos) val_mgr->Count(p->msg_pos));
);
else if ( ! p->msg_sent && p->payload_left ) else if ( ! p->msg_sent && p->payload_left )
SendEvents(p, (i == 0)); SendEvents(p, (i == 0));
@ -177,10 +176,9 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
{ {
if ( gnutella_text_msg ) if ( gnutella_text_msg )
EnqueueConnEvent(gnutella_text_msg, EnqueueConnEvent(gnutella_text_msg,
ConnVal(), ConnVal(),
val_mgr->Bool(orig), val_mgr->Bool(orig),
zeek::make_intrusive<StringVal>(ms->headers.data()) zeek::make_intrusive<zeek::StringVal>(ms->headers.data()));
);
ms->headers = ""; ms->headers = "";
state |= new_state; state |= new_state;
@ -215,17 +213,16 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig)
if ( gnutella_binary_msg ) if ( gnutella_binary_msg )
EnqueueConnEvent(gnutella_binary_msg, EnqueueConnEvent(gnutella_binary_msg,
ConnVal(), ConnVal(),
val_mgr->Bool(is_orig), val_mgr->Bool(is_orig),
val_mgr->Count(p->msg_type), val_mgr->Count(p->msg_type),
val_mgr->Count(p->msg_ttl), val_mgr->Count(p->msg_ttl),
val_mgr->Count(p->msg_hops), val_mgr->Count(p->msg_hops),
val_mgr->Count(p->msg_len), val_mgr->Count(p->msg_len),
zeek::make_intrusive<StringVal>(p->payload), zeek::make_intrusive<zeek::StringVal>(p->payload),
val_mgr->Count(p->payload_len), val_mgr->Count(p->payload_len),
val_mgr->Bool((p->payload_len < std::min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))), val_mgr->Bool((p->payload_len < std::min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))),
val_mgr->Bool((p->payload_left == 0)) val_mgr->Bool((p->payload_left == 0)));
);
} }

110
src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -4,9 +4,9 @@
%} %}
%code{ %code{
RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu) zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
{ {
auto rv = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtpv1_hdr); auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtpv1_hdr);
rv->Assign(0, val_mgr->Count(pdu->version())); rv->Assign(0, val_mgr->Count(pdu->version()));
rv->Assign(1, val_mgr->Bool(pdu->pt_flag())); rv->Assign(1, val_mgr->Bool(pdu->pt_flag()));
@ -28,14 +28,14 @@ RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
return rv; return rv;
} }
static ValPtr BuildIMSI(const InformationElement* ie) static zeek::ValPtr BuildIMSI(const InformationElement* ie)
{ {
return val_mgr->Count(ie->imsi()->value()); return val_mgr->Count(ie->imsi()->value());
} }
static ValPtr BuildRAI(const InformationElement* ie) static zeek::ValPtr BuildRAI(const InformationElement* ie)
{ {
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_rai); auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_rai);
ev->Assign(0, val_mgr->Count(ie->rai()->mcc())); ev->Assign(0, val_mgr->Count(ie->rai()->mcc()));
ev->Assign(1, val_mgr->Count(ie->rai()->mnc())); ev->Assign(1, val_mgr->Count(ie->rai()->mnc()));
ev->Assign(2, val_mgr->Count(ie->rai()->lac())); ev->Assign(2, val_mgr->Count(ie->rai()->lac()));
@ -43,49 +43,49 @@ static ValPtr BuildRAI(const InformationElement* ie)
return ev; return ev;
} }
static ValPtr BuildRecovery(const InformationElement* ie) static zeek::ValPtr BuildRecovery(const InformationElement* ie)
{ {
return val_mgr->Count(ie->recovery()->restart_counter()); return val_mgr->Count(ie->recovery()->restart_counter());
} }
static ValPtr BuildSelectionMode(const InformationElement* ie) static zeek::ValPtr BuildSelectionMode(const InformationElement* ie)
{ {
return val_mgr->Count(ie->selection_mode()->mode()); return val_mgr->Count(ie->selection_mode()->mode());
} }
static ValPtr BuildTEID1(const InformationElement* ie) static zeek::ValPtr BuildTEID1(const InformationElement* ie)
{ {
return val_mgr->Count(ie->teid1()->value()); return val_mgr->Count(ie->teid1()->value());
} }
static ValPtr BuildTEID_ControlPlane(const InformationElement* ie) static zeek::ValPtr BuildTEID_ControlPlane(const InformationElement* ie)
{ {
return val_mgr->Count(ie->teidcp()->value()); return val_mgr->Count(ie->teidcp()->value());
} }
static ValPtr BuildNSAPI(const InformationElement* ie) static zeek::ValPtr BuildNSAPI(const InformationElement* ie)
{ {
return val_mgr->Count(ie->nsapi()->nsapi()); return val_mgr->Count(ie->nsapi()->nsapi());
} }
static ValPtr BuildChargingCharacteristics(const InformationElement* ie) static zeek::ValPtr BuildChargingCharacteristics(const InformationElement* ie)
{ {
return val_mgr->Count(ie->charging_characteristics()->value()); return val_mgr->Count(ie->charging_characteristics()->value());
} }
static ValPtr BuildTraceReference(const InformationElement* ie) static zeek::ValPtr BuildTraceReference(const InformationElement* ie)
{ {
return val_mgr->Count(ie->trace_reference()->value()); return val_mgr->Count(ie->trace_reference()->value());
} }
static ValPtr BuildTraceType(const InformationElement* ie) static zeek::ValPtr BuildTraceType(const InformationElement* ie)
{ {
return val_mgr->Count(ie->trace_type()->value()); return val_mgr->Count(ie->trace_type()->value());
} }
ValPtr BuildEndUserAddr(const InformationElement* ie) zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
{ {
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_end_user_addr); auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_end_user_addr);
ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org())); ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num())); ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
@ -97,15 +97,15 @@ ValPtr BuildEndUserAddr(const InformationElement* ie)
switch ( ie->end_user_addr()->pdp_type_num() ) { switch ( ie->end_user_addr()->pdp_type_num() ) {
case 0x21: case 0x21:
ev->Assign(2, zeek::make_intrusive<AddrVal>( ev->Assign(2, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv4, (const uint32*) d, IPAddr::Network))); IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
break; break;
case 0x57: case 0x57:
ev->Assign(2, zeek::make_intrusive<AddrVal>( ev->Assign(2, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv6, (const uint32*) d, IPAddr::Network))); IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
break; break;
default: default:
ev->Assign(3, zeek::make_intrusive<StringVal>( ev->Assign(3, zeek::make_intrusive<zeek::StringVal>(
new BroString((const u_char*) d, len, false))); new BroString((const u_char*) d, len, false)));
break; break;
} }
@ -114,121 +114,121 @@ ValPtr BuildEndUserAddr(const InformationElement* ie)
return ev; return ev;
} }
ValPtr BuildAccessPointName(const InformationElement* ie) zeek::ValPtr BuildAccessPointName(const InformationElement* ie)
{ {
BroString* bs = new BroString((const u_char*) ie->ap_name()->value().data(), BroString* bs = new BroString((const u_char*) ie->ap_name()->value().data(),
ie->ap_name()->value().length(), false); ie->ap_name()->value().length(), false);
return zeek::make_intrusive<StringVal>(bs); return zeek::make_intrusive<zeek::StringVal>(bs);
} }
ValPtr BuildProtoConfigOptions(const InformationElement* ie) zeek::ValPtr BuildProtoConfigOptions(const InformationElement* ie)
{ {
const u_char* d = (const u_char*) ie->proto_config_opts()->value().data(); const u_char* d = (const u_char*) ie->proto_config_opts()->value().data();
int len = ie->proto_config_opts()->value().length(); int len = ie->proto_config_opts()->value().length();
return zeek::make_intrusive<StringVal>(new BroString(d, len, false)); return zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false));
} }
ValPtr BuildGSN_Addr(const InformationElement* ie) zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
{ {
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_gsn_addr); auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_gsn_addr);
int len = ie->gsn_addr()->value().length(); int len = ie->gsn_addr()->value().length();
const uint8* d = ie->gsn_addr()->value().data(); const uint8* d = ie->gsn_addr()->value().data();
if ( len == 4 ) if ( len == 4 )
ev->Assign(0, zeek::make_intrusive<AddrVal>( ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv4, (const uint32*) d, IPAddr::Network))); IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
else if ( len == 16 ) else if ( len == 16 )
ev->Assign(0, zeek::make_intrusive<AddrVal>( ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv6, (const uint32*) d, IPAddr::Network))); IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
else else
ev->Assign(1, zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false))); ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false)));
return ev; return ev;
} }
ValPtr BuildMSISDN(const InformationElement* ie) zeek::ValPtr BuildMSISDN(const InformationElement* ie)
{ {
const u_char* d = (const u_char*) ie->msisdn()->value().data(); const u_char* d = (const u_char*) ie->msisdn()->value().data();
int len = ie->msisdn()->value().length(); int len = ie->msisdn()->value().length();
return zeek::make_intrusive<StringVal>(new BroString(d, len, false)); return zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false));
} }
ValPtr BuildQoS_Profile(const InformationElement* ie) zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
{ {
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_qos_profile); auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_qos_profile);
const u_char* d = (const u_char*) ie->qos_profile()->data().data(); const u_char* d = (const u_char*) ie->qos_profile()->data().data();
int len = ie->qos_profile()->data().length(); int len = ie->qos_profile()->data().length();
ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority())); ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
ev->Assign(1, zeek::make_intrusive<StringVal>(new BroString(d, len, false))); ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false)));
return ev; return ev;
} }
ValPtr BuildTrafficFlowTemplate(const InformationElement* ie) zeek::ValPtr BuildTrafficFlowTemplate(const InformationElement* ie)
{ {
const uint8* d = ie->traffic_flow_template()->value().data(); const uint8* d = ie->traffic_flow_template()->value().data();
int len = ie->traffic_flow_template()->value().length(); int len = ie->traffic_flow_template()->value().length();
return zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false)); return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
} }
ValPtr BuildTriggerID(const InformationElement* ie) zeek::ValPtr BuildTriggerID(const InformationElement* ie)
{ {
const uint8* d = ie->trigger_id()->value().data(); const uint8* d = ie->trigger_id()->value().data();
int len = ie->trigger_id()->value().length(); int len = ie->trigger_id()->value().length();
return zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false)); return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
} }
ValPtr BuildOMC_ID(const InformationElement* ie) zeek::ValPtr BuildOMC_ID(const InformationElement* ie)
{ {
const uint8* d = ie->omc_id()->value().data(); const uint8* d = ie->omc_id()->value().data();
int len = ie->omc_id()->value().length(); int len = ie->omc_id()->value().length();
return zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false)); return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
} }
ValPtr BuildPrivateExt(const InformationElement* ie) zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
{ {
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_private_extension); auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_private_extension);
const uint8* d = ie->private_ext()->value().data(); const uint8* d = ie->private_ext()->value().data();
int len = ie->private_ext()->value().length(); int len = ie->private_ext()->value().length();
ev->Assign(0, val_mgr->Count(ie->private_ext()->id())); ev->Assign(0, val_mgr->Count(ie->private_ext()->id()));
ev->Assign(1, zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false))); ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false)));
return ev; return ev;
} }
static ValPtr BuildCause(const InformationElement* ie) static zeek::ValPtr BuildCause(const InformationElement* ie)
{ {
return val_mgr->Count(ie->cause()->value()); return val_mgr->Count(ie->cause()->value());
} }
static ValPtr BuildReorderReq(const InformationElement* ie) static zeek::ValPtr BuildReorderReq(const InformationElement* ie)
{ {
return val_mgr->Bool(ie->reorder_req()->req()); return val_mgr->Bool(ie->reorder_req()->req());
} }
static ValPtr BuildChargingID(const InformationElement* ie) static zeek::ValPtr BuildChargingID(const InformationElement* ie)
{ {
return val_mgr->Count(ie->charging_id()->value());; return val_mgr->Count(ie->charging_id()->value());;
} }
ValPtr BuildChargingGatewayAddr(const InformationElement* ie) zeek::ValPtr BuildChargingGatewayAddr(const InformationElement* ie)
{ {
const uint8* d = ie->charging_gateway_addr()->value().data(); const uint8* d = ie->charging_gateway_addr()->value().data();
int len = ie->charging_gateway_addr()->value().length(); int len = ie->charging_gateway_addr()->value().length();
if ( len == 4 ) if ( len == 4 )
return zeek::make_intrusive<AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network)); return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network));
else if ( len == 16 ) else if ( len == 16 )
return zeek::make_intrusive<AddrVal>(IPAddr(IPv6, (const uint32*) d, IPAddr::Network)); return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, (const uint32*) d, IPAddr::Network));
else else
return nullptr; return nullptr;
} }
static ValPtr BuildTeardownInd(const InformationElement* ie) static zeek::ValPtr BuildTeardownInd(const InformationElement* ie)
{ {
return val_mgr->Bool(ie->teardown_ind()->ind()); return val_mgr->Bool(ie->teardown_ind()->ind());
} }
@ -237,7 +237,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
{ {
if ( ! ::gtpv1_create_pdp_ctx_request ) return; if ( ! ::gtpv1_create_pdp_ctx_request ) return;
auto rv = zeek::make_intrusive<RecordVal>( auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_create_pdp_ctx_request_elements); zeek::BifType::Record::gtp_create_pdp_ctx_request_elements);
const vector<InformationElement *> * v = pdu->create_pdp_ctx_request(); const vector<InformationElement *> * v = pdu->create_pdp_ctx_request();
@ -337,7 +337,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_create_pdp_ctx_response ) if ( ! ::gtpv1_create_pdp_ctx_response )
return; return;
auto rv = zeek::make_intrusive<RecordVal>( auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_create_pdp_ctx_response_elements); zeek::BifType::Record::gtp_create_pdp_ctx_response_elements);
const vector<InformationElement *> * v = pdu->create_pdp_ctx_response(); const vector<InformationElement *> * v = pdu->create_pdp_ctx_response();
@ -406,7 +406,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_update_pdp_ctx_request ) if ( ! ::gtpv1_update_pdp_ctx_request )
return; return;
auto rv = zeek::make_intrusive<RecordVal>( auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_update_pdp_ctx_request_elements); zeek::BifType::Record::gtp_update_pdp_ctx_request_elements);
const vector<InformationElement *> * v = pdu->update_pdp_ctx_request(); const vector<InformationElement *> * v = pdu->update_pdp_ctx_request();
@ -484,7 +484,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_update_pdp_ctx_response ) if ( ! ::gtpv1_update_pdp_ctx_response )
return; return;
auto rv = zeek::make_intrusive<RecordVal>( auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_update_pdp_ctx_response_elements); zeek::BifType::Record::gtp_update_pdp_ctx_response_elements);
const vector<InformationElement *> * v = pdu->update_pdp_ctx_response(); const vector<InformationElement *> * v = pdu->update_pdp_ctx_response();
@ -544,7 +544,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_delete_pdp_ctx_request ) if ( ! ::gtpv1_delete_pdp_ctx_request )
return; return;
auto rv = zeek::make_intrusive<RecordVal>( auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_delete_pdp_ctx_request_elements); zeek::BifType::Record::gtp_delete_pdp_ctx_request_elements);
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request(); const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request();
@ -578,7 +578,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_delete_pdp_ctx_response ) if ( ! ::gtpv1_delete_pdp_ctx_response )
return; return;
auto rv = zeek::make_intrusive<RecordVal>( auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_delete_pdp_ctx_response_elements); zeek::BifType::Record::gtp_delete_pdp_ctx_response_elements);
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response(); const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response();
@ -760,7 +760,7 @@ flow GTPv1_Flow(is_orig: bool)
if ( ::gtpv1_g_pdu_packet ) if ( ::gtpv1_g_pdu_packet )
zeek::BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu), zeek::BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu),
inner->ToPktHdrVal()); inner->ToPktHdrVal());
EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1); EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);

46
src/analyzer/protocol/http/HTTP.cc
View file

@ -613,14 +613,14 @@ HTTP_Message::~HTTP_Message()
delete [] entity_data_buffer; delete [] entity_data_buffer;
} }
RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg) zeek::RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
{ {
static auto http_message_stat = zeek::id::find_type<zeek::RecordType>("http_message_stat"); static auto http_message_stat = zeek::id::find_type<zeek::RecordType>("http_message_stat");
auto stat = zeek::make_intrusive<RecordVal>(http_message_stat); auto stat = zeek::make_intrusive<zeek::RecordVal>(http_message_stat);
int field = 0; int field = 0;
stat->Assign(field++, zeek::make_intrusive<TimeVal>(start_time)); stat->Assign(field++, zeek::make_intrusive<zeek::TimeVal>(start_time));
stat->Assign(field++, val_mgr->Bool(interrupted)); stat->Assign(field++, val_mgr->Bool(interrupted));
stat->Assign(field++, zeek::make_intrusive<StringVal>(msg)); stat->Assign(field++, zeek::make_intrusive<zeek::StringVal>(msg));
stat->Assign(field++, val_mgr->Count(body_length)); stat->Assign(field++, val_mgr->Count(body_length));
stat->Assign(field++, val_mgr->Count(content_gap_length)); stat->Assign(field++, val_mgr->Count(content_gap_length));
stat->Assign(field++, val_mgr->Count(header_length)); stat->Assign(field++, val_mgr->Count(header_length));
@ -1153,11 +1153,11 @@ void HTTP_Analyzer::GenStats()
if ( http_stats ) if ( http_stats )
{ {
static auto http_stats_rec = zeek::id::find_type<zeek::RecordType>("http_stats_rec"); static auto http_stats_rec = zeek::id::find_type<zeek::RecordType>("http_stats_rec");
auto r = zeek::make_intrusive<RecordVal>(http_stats_rec); auto r = zeek::make_intrusive<zeek::RecordVal>(http_stats_rec);
r->Assign(0, val_mgr->Count(num_requests)); r->Assign(0, val_mgr->Count(num_requests));
r->Assign(1, val_mgr->Count(num_replies)); r->Assign(1, val_mgr->Count(num_replies));
r->Assign(2, zeek::make_intrusive<DoubleVal>(request_version.ToDouble())); r->Assign(2, zeek::make_intrusive<zeek::DoubleVal>(request_version.ToDouble()));
r->Assign(3, zeek::make_intrusive<DoubleVal>(reply_version.ToDouble())); r->Assign(3, zeek::make_intrusive<zeek::DoubleVal>(reply_version.ToDouble()));
// DEBUG_MSG("%.6f http_stats\n", network_time); // DEBUG_MSG("%.6f http_stats\n", network_time);
EnqueueConnEvent(http_stats, ConnVal(), std::move(r)); EnqueueConnEvent(http_stats, ConnVal(), std::move(r));
@ -1242,7 +1242,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
return -1; return -1;
} }
request_method = zeek::make_intrusive<StringVal>(end_of_method - line, line); request_method = zeek::make_intrusive<zeek::StringVal>(end_of_method - line, line);
Conn()->Match(Rule::HTTP_REQUEST, Conn()->Match(Rule::HTTP_REQUEST,
(const u_char*) unescaped_URI->AsString()->Bytes(), (const u_char*) unescaped_URI->AsString()->Bytes(),
@ -1312,8 +1312,8 @@ bool HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line)
// NormalizeURI(line, end_of_uri); // NormalizeURI(line, end_of_uri);
request_URI = zeek::make_intrusive<StringVal>(end_of_uri - line, line); request_URI = zeek::make_intrusive<zeek::StringVal>(end_of_uri - line, line);
unescaped_URI = zeek::make_intrusive<StringVal>( unescaped_URI = zeek::make_intrusive<zeek::StringVal>(
unescape_URI((const u_char*) line, (const u_char*) end_of_uri, this)); unescape_URI((const u_char*) line, (const u_char*) end_of_uri, this));
return true; return true;
@ -1352,21 +1352,21 @@ void HTTP_Analyzer::SetVersion(HTTP_VersionNumber* version, HTTP_VersionNumber n
void HTTP_Analyzer::HTTP_Event(const char* category, const char* detail) void HTTP_Analyzer::HTTP_Event(const char* category, const char* detail)
{ {
HTTP_Event(category, zeek::make_intrusive<StringVal>(detail)); HTTP_Event(category, zeek::make_intrusive<zeek::StringVal>(detail));
} }
void HTTP_Analyzer::HTTP_Event(const char* category, StringValPtr detail) void HTTP_Analyzer::HTTP_Event(const char* category, zeek::StringValPtr detail)
{ {
if ( http_event ) if ( http_event )
// DEBUG_MSG("%.6f http_event\n", network_time); // DEBUG_MSG("%.6f http_event\n", network_time);
EnqueueConnEvent(http_event, EnqueueConnEvent(http_event,
ConnVal(), ConnVal(),
zeek::make_intrusive<StringVal>(category), zeek::make_intrusive<zeek::StringVal>(category),
std::move(detail)); std::move(detail));
} }
StringValPtr zeek::StringValPtr
HTTP_Analyzer::TruncateURI(const StringValPtr& uri) HTTP_Analyzer::TruncateURI(const zeek::StringValPtr& uri)
{ {
const BroString* str = uri->AsString(); const BroString* str = uri->AsString();
@ -1375,7 +1375,7 @@ HTTP_Analyzer::TruncateURI(const StringValPtr& uri)
u_char* s = new u_char[truncate_http_URI + 4]; u_char* s = new u_char[truncate_http_URI + 4];
memcpy(s, str->Bytes(), truncate_http_URI); memcpy(s, str->Bytes(), truncate_http_URI);
memcpy(s + truncate_http_URI, "...", 4); memcpy(s + truncate_http_URI, "...", 4);
return zeek::make_intrusive<StringVal>(new BroString(true, s, truncate_http_URI+3)); return zeek::make_intrusive<zeek::StringVal>(new BroString(true, s, truncate_http_URI+3));
} }
else else
return uri; return uri;
@ -1398,7 +1398,7 @@ void HTTP_Analyzer::HTTP_Request()
request_method, request_method,
TruncateURI(request_URI), TruncateURI(request_URI),
TruncateURI(unescaped_URI), TruncateURI(unescaped_URI),
zeek::make_intrusive<StringVal>(fmt("%.1f", request_version.ToDouble())) zeek::make_intrusive<zeek::StringVal>(fmt("%.1f", request_version.ToDouble()))
); );
} }
@ -1407,11 +1407,11 @@ void HTTP_Analyzer::HTTP_Reply()
if ( http_reply ) if ( http_reply )
EnqueueConnEvent(http_reply, EnqueueConnEvent(http_reply,
ConnVal(), ConnVal(),
zeek::make_intrusive<StringVal>(fmt("%.1f", reply_version.ToDouble())), zeek::make_intrusive<zeek::StringVal>(fmt("%.1f", reply_version.ToDouble())),
val_mgr->Count(reply_code), val_mgr->Count(reply_code),
reply_reason_phrase ? reply_reason_phrase ?
reply_reason_phrase : reply_reason_phrase :
zeek::make_intrusive<StringVal>("<empty>") zeek::make_intrusive<zeek::StringVal>("<empty>")
); );
else else
reply_reason_phrase = nullptr; reply_reason_phrase = nullptr;
@ -1473,7 +1473,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg)
if ( http_connection_upgrade ) if ( http_connection_upgrade )
EnqueueConnEvent(http_connection_upgrade, EnqueueConnEvent(http_connection_upgrade,
ConnVal(), ConnVal(),
zeek::make_intrusive<StringVal>(upgrade_protocol) zeek::make_intrusive<zeek::StringVal>(upgrade_protocol)
); );
} }
@ -1487,7 +1487,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg)
reply_state = EXPECT_REPLY_LINE; reply_state = EXPECT_REPLY_LINE;
} }
void HTTP_Analyzer::RequestClash(Val* /* clash_val */) void HTTP_Analyzer::RequestClash(zeek::Val* /* clash_val */)
{ {
Weird("multiple_HTTP_request_elements"); Weird("multiple_HTTP_request_elements");
@ -1551,7 +1551,7 @@ int HTTP_Analyzer::HTTP_ReplyLine(const char* line, const char* end_of_line)
rest = skip_whitespace(rest, end_of_line); rest = skip_whitespace(rest, end_of_line);
reply_reason_phrase = reply_reason_phrase =
zeek::make_intrusive<StringVal>(end_of_line - rest, (const char *) rest); zeek::make_intrusive<zeek::StringVal>(end_of_line - rest, (const char *) rest);
return 1; return 1;
} }
@ -1655,7 +1655,7 @@ void HTTP_Analyzer::HTTP_EntityData(bool is_orig, BroString* entity_data)
ConnVal(), ConnVal(),
val_mgr->Bool(is_orig), val_mgr->Bool(is_orig),
val_mgr->Count(entity_data->Len()), val_mgr->Count(entity_data->Len()),
zeek::make_intrusive<StringVal>(entity_data) zeek::make_intrusive<zeek::StringVal>(entity_data)
); );
else else
delete entity_data; delete entity_data;

18
src/analyzer/protocol/http/HTTP.h
View file

@ -145,7 +145,7 @@ protected:
HTTP_Entity* current_entity; HTTP_Entity* current_entity;
RecordValPtr BuildMessageStat(bool interrupted, const char* msg); zeek::RecordValPtr BuildMessageStat(bool interrupted, const char* msg);
}; };
class HTTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { class HTTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
@ -156,7 +156,7 @@ public:
void HTTP_EntityData(bool is_orig, BroString* entity_data); void HTTP_EntityData(bool is_orig, BroString* entity_data);
void HTTP_MessageDone(bool is_orig, HTTP_Message* message); void HTTP_MessageDone(bool is_orig, HTTP_Message* message);
void HTTP_Event(const char* category, const char* detail); void HTTP_Event(const char* category, const char* detail);
void HTTP_Event(const char* category, StringValPtr detail); void HTTP_Event(const char* category, zeek::StringValPtr detail);
void SkipEntityData(bool is_orig); void SkipEntityData(bool is_orig);
@ -230,14 +230,14 @@ protected:
void RequestMade(bool interrupted, const char* msg); void RequestMade(bool interrupted, const char* msg);
void ReplyMade(bool interrupted, const char* msg); void ReplyMade(bool interrupted, const char* msg);
void RequestClash(Val* clash_val); void RequestClash(zeek::Val* clash_val);
const BroString* UnansweredRequestMethod(); const BroString* UnansweredRequestMethod();
int HTTP_ReplyCode(const char* code_str); int HTTP_ReplyCode(const char* code_str);
int ExpectReplyMessageBody(); int ExpectReplyMessageBody();
StringValPtr TruncateURI(const StringValPtr& uri); zeek::StringValPtr TruncateURI(const zeek::StringValPtr& uri);
int request_state, reply_state; int request_state, reply_state;
int num_requests, num_replies; int num_requests, num_replies;
@ -257,19 +257,19 @@ protected:
// in a reply. // in a reply.
std::string upgrade_protocol; std::string upgrade_protocol;
StringValPtr request_method; zeek::StringValPtr request_method;
// request_URI is in the original form (may contain '%<hex><hex>' // request_URI is in the original form (may contain '%<hex><hex>'
// sequences). // sequences).
StringValPtr request_URI; zeek::StringValPtr request_URI;
// unescaped_URI does not contain escaped sequences. // unescaped_URI does not contain escaped sequences.
StringValPtr unescaped_URI; zeek::StringValPtr unescaped_URI;
std::queue<StringValPtr> unanswered_requests; std::queue<zeek::StringValPtr> unanswered_requests;
int reply_code; int reply_code;
StringValPtr reply_reason_phrase; zeek::StringValPtr reply_reason_phrase;
tcp::ContentLine_Analyzer* content_line_orig; tcp::ContentLine_Analyzer* content_line_orig;
tcp::ContentLine_Analyzer* content_line_resp; tcp::ContentLine_Analyzer* content_line_resp;

2
src/analyzer/protocol/http/functions.bif
View file

@ -52,5 +52,5 @@ function unescape_URI%(URI: string%): string
const u_char* line = URI->Bytes(); const u_char* line = URI->Bytes();
const u_char* const line_end = line + URI->Len(); const u_char* const line_end = line + URI->Len();
return zeek::make_intrusive<StringVal>(analyzer::http::unescape_URI(line, line_end, 0)); return zeek::make_intrusive<zeek::StringVal>(analyzer::http::unescape_URI(line, line_end, 0));
%} %}

71
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -214,22 +214,21 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
EnqueueConnEvent(icmp_sent_payload, EnqueueConnEvent(icmp_sent_payload,
ConnVal(), ConnVal(),
BuildICMPVal(icmpp, len, icmpv6, ip_hdr), BuildICMPVal(icmpp, len, icmpv6, ip_hdr),
zeek::make_intrusive<StringVal>(payload) zeek::make_intrusive<zeek::StringVal>(payload)
); );
} }
} }
RecordValPtr zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, int icmpv6, const IP_Hdr* ip_hdr)
int icmpv6, const IP_Hdr* ip_hdr)
{ {
if ( ! icmp_conn_val ) if ( ! icmp_conn_val )
{ {
static auto icmp_conn = zeek::id::find_type<zeek::RecordType>("icmp_conn"); static auto icmp_conn = zeek::id::find_type<zeek::RecordType>("icmp_conn");
icmp_conn_val = zeek::make_intrusive<RecordVal>(icmp_conn); icmp_conn_val = zeek::make_intrusive<zeek::RecordVal>(icmp_conn);
icmp_conn_val->Assign(0, zeek::make_intrusive<AddrVal>(Conn()->OrigAddr())); icmp_conn_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(Conn()->OrigAddr()));
icmp_conn_val->Assign(1, zeek::make_intrusive<AddrVal>(Conn()->RespAddr())); icmp_conn_val->Assign(1, zeek::make_intrusive<zeek::AddrVal>(Conn()->RespAddr()));
icmp_conn_val->Assign(2, val_mgr->Count(icmpp->icmp_type)); icmp_conn_val->Assign(2, val_mgr->Count(icmpp->icmp_type));
icmp_conn_val->Assign(3, val_mgr->Count(icmpp->icmp_code)); icmp_conn_val->Assign(3, val_mgr->Count(icmpp->icmp_code));
icmp_conn_val->Assign(4, val_mgr->Count(len)); icmp_conn_val->Assign(4, val_mgr->Count(len));
@ -305,7 +304,7 @@ TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t*
return proto; return proto;
} }
RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data) zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
{ {
const IP_Hdr ip_hdr_data((const struct ip*) data, false); const IP_Hdr ip_hdr_data((const struct ip*) data, false);
const IP_Hdr* ip_hdr = &ip_hdr_data; const IP_Hdr* ip_hdr = &ip_hdr_data;
@ -352,12 +351,12 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
} }
static auto icmp_context = zeek::id::find_type<zeek::RecordType>("icmp_context"); static auto icmp_context = zeek::id::find_type<zeek::RecordType>("icmp_context");
auto iprec = zeek::make_intrusive<RecordVal>(icmp_context); auto iprec = zeek::make_intrusive<zeek::RecordVal>(icmp_context);
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id); auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(src_addr)); id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto)); id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(dst_addr)); id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto)); id_val->Assign(3, val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val)); iprec->Assign(0, std::move(id_val));
@ -372,7 +371,7 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
return iprec; return iprec;
} }
RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data) zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
{ {
int DF = 0, MF = 0, bad_hdr_len = 0; int DF = 0, MF = 0, bad_hdr_len = 0;
TransportProto proto = TRANSPORT_UNKNOWN; TransportProto proto = TRANSPORT_UNKNOWN;
@ -412,12 +411,12 @@ RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
} }
static auto icmp_context = zeek::id::find_type<zeek::RecordType>("icmp_context"); static auto icmp_context = zeek::id::find_type<zeek::RecordType>("icmp_context");
auto iprec = zeek::make_intrusive<RecordVal>(icmp_context); auto iprec = zeek::make_intrusive<zeek::RecordVal>(icmp_context);
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id); auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(src_addr)); id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto)); id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(dst_addr)); id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto)); id_val->Assign(3, val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val)); iprec->Assign(0, std::move(id_val));
@ -457,7 +456,7 @@ void ICMP_Analyzer::Describe(ODesc* d) const
d->Add(Conn()->RespAddr()); d->Add(Conn()->RespAddr());
} }
void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val) void ICMP_Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
{ {
const auto& orig_endp = conn_val->GetField("orig"); const auto& orig_endp = conn_val->GetField("orig");
const auto& resp_endp = conn_val->GetField("resp"); const auto& resp_endp = conn_val->GetField("resp");
@ -469,7 +468,7 @@ void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val)
Analyzer::UpdateConnVal(conn_val); Analyzer::UpdateConnVal(conn_val);
} }
void ICMP_Analyzer::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig) void ICMP_Analyzer::UpdateEndpointVal(const zeek::ValPtr& endp_arg, bool is_orig)
{ {
Conn()->EnableStatusUpdateTimer(); Conn()->EnableStatusUpdateTimer();
@ -523,7 +522,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr),
val_mgr->Count(iid), val_mgr->Count(iid),
val_mgr->Count(iseq), val_mgr->Count(iseq),
zeek::make_intrusive<StringVal>(payload) zeek::make_intrusive<zeek::StringVal>(payload)
); );
} }
@ -556,9 +555,9 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
val_mgr->Count((icmpp->icmp_wpa & 0x18)>>3), // Pref val_mgr->Count((icmpp->icmp_wpa & 0x18)>>3), // Pref
val_mgr->Bool(icmpp->icmp_wpa & 0x04), // Proxy val_mgr->Bool(icmpp->icmp_wpa & 0x04), // Proxy
val_mgr->Count(icmpp->icmp_wpa & 0x02), // Reserved val_mgr->Count(icmpp->icmp_wpa & 0x02), // Reserved
zeek::make_intrusive<IntervalVal>((double)ntohs(icmpp->icmp_lifetime), Seconds), zeek::make_intrusive<zeek::IntervalVal>((double)ntohs(icmpp->icmp_lifetime), Seconds),
zeek::make_intrusive<IntervalVal>((double)ntohl(reachable), Milliseconds), zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(reachable), Milliseconds),
zeek::make_intrusive<IntervalVal>((double)ntohl(retrans), Milliseconds), zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(retrans), Milliseconds),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
); );
} }
@ -585,7 +584,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router
val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited
val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override
zeek::make_intrusive<AddrVal>(tgtaddr), zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
); );
} }
@ -609,7 +608,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f, EnqueueConnEvent(f,
ConnVal(), ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr), BuildICMPVal(icmpp, len, 1, ip_hdr),
zeek::make_intrusive<AddrVal>(tgtaddr), zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
); );
} }
@ -636,8 +635,8 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f, EnqueueConnEvent(f,
ConnVal(), ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr), BuildICMPVal(icmpp, len, 1, ip_hdr),
zeek::make_intrusive<AddrVal>(tgtaddr), zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
zeek::make_intrusive<AddrVal>(dstaddr), zeek::make_intrusive<zeek::AddrVal>(dstaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
); );
} }
@ -722,12 +721,12 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
); );
} }
VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data) zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
{ {
static auto icmp6_nd_option_type = zeek::id::find_type<zeek::RecordType>("icmp6_nd_option"); static auto icmp6_nd_option_type = zeek::id::find_type<zeek::RecordType>("icmp6_nd_option");
static auto icmp6_nd_prefix_info_type = zeek::id::find_type<zeek::RecordType>("icmp6_nd_prefix_info"); static auto icmp6_nd_prefix_info_type = zeek::id::find_type<zeek::RecordType>("icmp6_nd_prefix_info");
auto vv = zeek::make_intrusive<VectorVal>( auto vv = zeek::make_intrusive<zeek::VectorVal>(
zeek::id::find_type<zeek::VectorType>("icmp6_nd_options")); zeek::id::find_type<zeek::VectorType>("icmp6_nd_options"));
while ( caplen > 0 ) while ( caplen > 0 )
@ -748,7 +747,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
break; break;
} }
auto rv = zeek::make_intrusive<RecordVal>(icmp6_nd_option_type); auto rv = zeek::make_intrusive<zeek::RecordVal>(icmp6_nd_option_type);
rv->Assign(0, val_mgr->Count(type)); rv->Assign(0, val_mgr->Count(type));
rv->Assign(1, val_mgr->Count(length)); rv->Assign(1, val_mgr->Count(length));
@ -769,7 +768,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
if ( caplen >= length ) if ( caplen >= length )
{ {
BroString* link_addr = new BroString(data, length, false); BroString* link_addr = new BroString(data, length, false);
rv->Assign(2, zeek::make_intrusive<StringVal>(link_addr)); rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(link_addr));
} }
else else
set_payload_field = true; set_payload_field = true;
@ -782,7 +781,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
{ {
if ( caplen >= 30 ) if ( caplen >= 30 )
{ {
auto info = zeek::make_intrusive<RecordVal>(icmp6_nd_prefix_info_type); auto info = zeek::make_intrusive<zeek::RecordVal>(icmp6_nd_prefix_info_type);
uint8_t prefix_len = *((const uint8_t*)(data)); uint8_t prefix_len = *((const uint8_t*)(data));
bool L_flag = (*((const uint8_t*)(data + 1)) & 0x80) != 0; bool L_flag = (*((const uint8_t*)(data + 1)) & 0x80) != 0;
bool A_flag = (*((const uint8_t*)(data + 1)) & 0x40) != 0; bool A_flag = (*((const uint8_t*)(data + 1)) & 0x40) != 0;
@ -792,9 +791,9 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
info->Assign(0, val_mgr->Count(prefix_len)); info->Assign(0, val_mgr->Count(prefix_len));
info->Assign(1, val_mgr->Bool(L_flag)); info->Assign(1, val_mgr->Bool(L_flag));
info->Assign(2, val_mgr->Bool(A_flag)); info->Assign(2, val_mgr->Bool(A_flag));
info->Assign(3, zeek::make_intrusive<IntervalVal>((double)ntohl(valid_life), Seconds)); info->Assign(3, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(valid_life), Seconds));
info->Assign(4, zeek::make_intrusive<IntervalVal>((double)ntohl(prefer_life), Seconds)); info->Assign(4, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(prefer_life), Seconds));
info->Assign(5, zeek::make_intrusive<AddrVal>(IPAddr(prefix))); info->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(prefix)));
rv->Assign(3, std::move(info)); rv->Assign(3, std::move(info));
} }
@ -839,7 +838,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
if ( set_payload_field ) if ( set_payload_field )
{ {
BroString* payload = new BroString(data, std::min((int)length, caplen), false); BroString* payload = new BroString(data, std::min((int)length, caplen), false);
rv->Assign(6, zeek::make_intrusive<StringVal>(payload)); rv->Assign(6, zeek::make_intrusive<zeek::StringVal>(payload));
} }
data += length; data += length;

Some files were not shown because too many files have changed in this diff Show more