Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move all Val classes to the zeek namespaces

Browse source
This commit is contained in:
Tim Wojtulewicz 2020-06-24 16:55:28 -04:00
parent ec9eff0bd5
commit 64332ca22c
265 changed files with 3154 additions and 3086 deletions
Download patch file Download diff file Expand all files Collapse all files

2
auxil/bifcl

@ -1 +1 @@
Subproject commit 10a4c007351ab7d16e5cbef0006a5ad9002ea3de
Subproject commit 6c07de13247f16490c25a2066c77db1678ccd128

2
auxil/binpac

@ -1 +1 @@
Subproject commit 9c3211ff121ddc677d0ed8bd3a85783f87921cce
Subproject commit 4bf3508143994b49b72b77c29a47efc8efc7f1b7

16
src/Anon.cc
View file

@ -358,9 +358,9 @@ AnonymizeIPAddr_A50::Node* AnonymizeIPAddr_A50::find_node(ipaddr32_t a)
return nullptr;
}
static TableValPtr anon_preserve_orig_addr;
static TableValPtr anon_preserve_resp_addr;
static TableValPtr anon_preserve_other_addr;
static zeek::TableValPtr anon_preserve_orig_addr;
static zeek::TableValPtr anon_preserve_resp_addr;
static zeek::TableValPtr anon_preserve_other_addr;
void zeek::detail::init_ip_addr_anonymizers()
{
@ -373,23 +373,23 @@ void zeek::detail::init_ip_addr_anonymizers()
auto id = global_scope()->Find("preserve_orig_addr");
if ( id )
anon_preserve_orig_addr = zeek::cast_intrusive<TableVal>(id->GetVal());
anon_preserve_orig_addr = zeek::cast_intrusive<zeek::TableVal>(id->GetVal());
id = global_scope()->Find("preserve_resp_addr");
if ( id )
anon_preserve_resp_addr = zeek::cast_intrusive<TableVal>(id->GetVal());
anon_preserve_resp_addr = zeek::cast_intrusive<zeek::TableVal>(id->GetVal());
id = global_scope()->Find("preserve_other_addr");
if ( id )
anon_preserve_other_addr = zeek::cast_intrusive<TableVal>(id->GetVal());
anon_preserve_other_addr = zeek::cast_intrusive<zeek::TableVal>(id->GetVal());
}
ipaddr32_t zeek::detail::anonymize_ip(ipaddr32_t ip, enum ip_addr_anonymization_class_t cl)
{
TableVal* preserve_addr = nullptr;
auto addr = zeek::make_intrusive<AddrVal>(ip);
auto addr = zeek::make_intrusive<zeek::AddrVal>(ip);
int method = -1;
@ -445,7 +445,7 @@ void zeek::detail::log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output
{
if ( anonymization_mapping )
mgr.Enqueue(anonymization_mapping,
zeek::make_intrusive<AddrVal>(input),
zeek::make_intrusive<zeek::AddrVal>(input),
zeek::make_intrusive<AddrVal>(output)
);
}

2
src/BifReturnVal.cc
View file

@ -6,6 +6,6 @@
BifReturnVal::BifReturnVal(std::nullptr_t) noexcept
{}
BifReturnVal::BifReturnVal(Val* v) noexcept
BifReturnVal::BifReturnVal(zeek::Val* v) noexcept
: rval(zeek::AdoptRef{}, v)
{}

11
src/BifReturnVal.h
View file

@ -2,10 +2,13 @@
#pragma once
#include "zeek-config.h"
#include "IntrusivePtr.h"
class Val;
using ValPtr = zeek::IntrusivePtr<Val>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace zeek {
using ValPtr = zeek::IntrusivePtr<zeek::Val>;
}
/**
* A simple wrapper class to use for the return value of BIFs so that
@ -23,7 +26,7 @@ public:
BifReturnVal(std::nullptr_t) noexcept;
[[deprecated("Remove in v4.1. Return an IntrusivePtr instead.")]]
BifReturnVal(Val* v) noexcept;
BifReturnVal(zeek::Val* v) noexcept;
ValPtr rval;
zeek::ValPtr rval;
};

4
src/BroList.h
View file

@ -4,8 +4,8 @@
#include "List.h"
class Val;
using val_list = PList<Val>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
using val_list = PList<zeek::Val>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
using expr_list = PList<zeek::detail::Expr>;

8
src/BroString.cc
View file

@ -338,14 +338,14 @@ BroString::Vec* BroString::Split(const BroString::IdxVec& indices) const
return result;
}
VectorVal* BroString:: VecToPolicy(Vec* vec)
zeek::VectorVal* BroString:: VecToPolicy(Vec* vec)
{
auto result = zeek::make_intrusive<VectorVal>(zeek::id::string_vec);
auto result = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
for ( unsigned int i = 0; i < vec->size(); ++i )
{
BroString* string = (*vec)[i];
auto val = zeek::make_intrusive<StringVal>(string->Len(),
auto val = zeek::make_intrusive<zeek::StringVal>(string->Len(),
(const char*) string->Bytes());
result->Assign(i+1, std::move(val));
}
@ -353,7 +353,7 @@ VectorVal* BroString:: VecToPolicy(Vec* vec)
return result.release();
}
BroString::Vec* BroString::VecFromPolicy(VectorVal* vec)
BroString::Vec* BroString::VecFromPolicy(zeek::VectorVal* vec)
{
Vec* result = new Vec();

8
src/BroString.h
View file

@ -2,6 +2,8 @@
#pragma once
#include "zeek-config.h"
#include <vector>
#include <string>
#include <iosfwd>
@ -13,7 +15,7 @@ typedef u_char* byte_vec;
// Forward declaration, for helper functions that convert (sub)string vectors
// to and from policy-level representations.
//
class VectorVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
class BroString {
public:
@ -134,8 +136,8 @@ public:
Vec* Split(const IdxVec& indices) const;
// Helper functions for vectors:
static VectorVal* VecToPolicy(Vec* vec);
static Vec* VecFromPolicy(VectorVal* vec);
static zeek::VectorVal* VecToPolicy(Vec* vec);
static Vec* VecFromPolicy(zeek::VectorVal* vec);
static char* VecToString(const Vec* vec);
protected:

78
src/CompHash.cc
View file

@ -72,7 +72,7 @@ CompositeHash::~CompositeHash()
// Computes the piece of the hash for Val*, returning the new kp.
char* CompositeHash::SingleValHash(bool type_check, char* kp0,
zeek::Type* bt, Val* v, bool optional) const
zeek::Type* bt, zeek::Val* v, bool optional) const
{
char* kp1 = nullptr;
zeek::InternalTypeTag t = bt->InternalType();
@ -176,7 +176,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_RECORD:
{
char* kp = kp0;
RecordVal* rv = v->AsRecordVal();
zeek::RecordVal* rv = v->AsRecordVal();
zeek::RecordType* rt = bt->AsRecordType();
int num_fields = rt->NumFields();
@ -203,13 +203,13 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_TABLE:
{
int* kp = AlignAndPadType<int>(kp0);
TableVal* tv = v->AsTableVal();
zeek::TableVal* tv = v->AsTableVal();
*kp = tv->Size();
kp1 = reinterpret_cast<char*>(kp+1);
auto tbl = tv->AsTable();
auto it = tbl->InitForIteration();
auto lv = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
auto lv = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
struct HashKeyComparer {
bool operator()(const HashKey* a, const HashKey* b) const
@ -262,7 +262,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_VECTOR:
{
unsigned int* kp = AlignAndPadType<unsigned int>(kp0);
VectorVal* vv = v->AsVectorVal();
zeek::VectorVal* vv = v->AsVectorVal();
zeek::VectorType* vt = v->GetType()->AsVectorType();
*kp = vv->Size();
kp1 = reinterpret_cast<char*>(kp+1);
@ -290,12 +290,12 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
case zeek::TYPE_LIST:
{
int* kp = AlignAndPadType<int>(kp0);
ListVal* lv = v->AsListVal();
zeek::ListVal* lv = v->AsListVal();
*kp = lv->Length();
kp1 = reinterpret_cast<char*>(kp+1);
for ( int i = 0; i < lv->Length(); ++i )
{
Val* v = lv->Idx(i).get();
zeek::Val* v = lv->Idx(i).get();
if ( ! (kp1 = SingleValHash(type_check, kp1, v->GetType().get(), v,
false)) )
return nullptr;
@ -336,7 +336,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
}
std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const Val& argv, bool type_check) const
std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const zeek::Val& argv, bool type_check) const
{
auto v = &argv;
@ -345,12 +345,12 @@ std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const Val& argv, bool type_c
if ( is_complex_type && v->GetType()->Tag() != zeek::TYPE_LIST )
{
ListVal lv(zeek::TYPE_ANY);
zeek::ListVal lv(zeek::TYPE_ANY);
// Cast away const to use ListVal - but since we
// re-introduce const on the recursive call, it should
// be okay; the only thing is that the ListVal unref's it.
Val* ncv = (Val*) v;
zeek::Val* ncv = (zeek::Val*) v;
lv.Append({zeek::NewRef{}, ncv});
return MakeHashKey(lv, type_check);
}
@ -388,7 +388,7 @@ std::unique_ptr<HashKey> CompositeHash::MakeHashKey(const Val& argv, bool type_c
return std::make_unique<HashKey>((k == key), (void*) k, kp - k);
}
std::unique_ptr<HashKey> CompositeHash::ComputeSingletonHash(const Val* v, bool type_check) const
std::unique_ptr<HashKey> CompositeHash::ComputeSingletonHash(const zeek::Val* v, bool type_check) const
{
if ( v->GetType()->Tag() == zeek::TYPE_LIST )
{
@ -450,7 +450,7 @@ std::unique_ptr<HashKey> CompositeHash::ComputeSingletonHash(const Val* v, bool
}
}
int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const zeek::Val* v,
bool type_check, int sz, bool optional,
bool calc_static_size) const
{
@ -509,7 +509,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
case zeek::TYPE_RECORD:
{
const RecordVal* rv = v ? v->AsRecordVal() : nullptr;
const zeek::RecordVal* rv = v ? v->AsRecordVal() : nullptr;
zeek::RecordType* rt = bt->AsRecordType();
int num_fields = rt->NumFields();
@ -535,7 +535,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return (optional && ! calc_static_size) ? sz : 0;
sz = SizeAlign(sz, sizeof(int));
TableVal* tv = const_cast<TableVal*>(v->AsTableVal());
zeek::TableVal* tv = const_cast<zeek::TableVal*>(v->AsTableVal());
auto lv = tv->ToListVal();
for ( int i = 0; i < tv->Size(); ++i )
{
@ -564,7 +564,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return (optional && ! calc_static_size) ? sz : 0;
sz = SizeAlign(sz, sizeof(unsigned int));
VectorVal* vv = const_cast<VectorVal*>(v->AsVectorVal());
zeek::VectorVal* vv = const_cast<zeek::VectorVal*>(v->AsVectorVal());
for ( unsigned int i = 0; i < vv->Size(); ++i )
{
const auto& val = vv->At(i);
@ -586,7 +586,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return (optional && ! calc_static_size) ? sz : 0;
sz = SizeAlign(sz, sizeof(int));
ListVal* lv = const_cast<ListVal*>(v->AsListVal());
zeek::ListVal* lv = const_cast<zeek::ListVal*>(v->AsListVal());
for ( int i = 0; i < lv->Length(); ++i )
{
sz = SingleTypeKeySize(lv->Idx(i)->GetType().get(), lv->Idx(i).get(),
@ -623,7 +623,7 @@ int CompositeHash::SingleTypeKeySize(zeek::Type* bt, const Val* v,
return sz;
}
int CompositeHash::ComputeKeySize(const Val* v, bool type_check, bool calc_static_size) const
int CompositeHash::ComputeKeySize(const zeek::Val* v, bool type_check, bool calc_static_size) const
{
const auto& tl = type->GetTypes();
@ -709,16 +709,16 @@ int CompositeHash::SizeAlign(int offset, unsigned int size) const
return offset;
}
ListValPtr CompositeHash::RecoverVals(const HashKey& k) const
zeek::ListValPtr CompositeHash::RecoverVals(const HashKey& k) const
{
auto l = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
auto l = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
const auto& tl = type->GetTypes();
const char* kp = (const char*) k.Key();
const char* const k_end = kp + k.Size();
for ( const auto& type : tl )
{
ValPtr v;
zeek::ValPtr v;
kp = RecoverOneVal(k, kp, k_end, type.get(), &v, false);
ASSERT(v);
l->Append(std::move(v));
@ -733,7 +733,7 @@ ListValPtr CompositeHash::RecoverVals(const HashKey& k) const
const char* CompositeHash::RecoverOneVal(
const HashKey& k, const char* kp0,
const char* const k_end, zeek::Type* t,
ValPtr* pval, bool optional) const
zeek::ValPtr* pval, bool optional) const
{
// k->Size() == 0 for a single empty string.
if ( kp0 >= k_end && k.Size() > 0 )
@ -804,11 +804,11 @@ const char* CompositeHash::RecoverOneVal(
kp1 = reinterpret_cast<const char*>(kp+1);
if ( tag == zeek::TYPE_INTERVAL )
*pval = zeek::make_intrusive<IntervalVal>(*kp, 1.0);
*pval = zeek::make_intrusive<zeek::IntervalVal>(*kp, 1.0);
else if ( tag == zeek::TYPE_TIME )
*pval = zeek::make_intrusive<TimeVal>(*kp);
*pval = zeek::make_intrusive<zeek::TimeVal>(*kp);
else
*pval = zeek::make_intrusive<DoubleVal>(*kp);
*pval = zeek::make_intrusive<zeek::DoubleVal>(*kp);
}
break;
@ -821,7 +821,7 @@ const char* CompositeHash::RecoverOneVal(
switch ( tag ) {
case zeek::TYPE_ADDR:
*pval = zeek::make_intrusive<AddrVal>(addr);
*pval = zeek::make_intrusive<zeek::AddrVal>(addr);
break;
default:
@ -836,7 +836,7 @@ const char* CompositeHash::RecoverOneVal(
{
const uint32_t* const kp = AlignType<uint32_t>(kp0);
kp1 = reinterpret_cast<const char*>(kp+5);
*pval = zeek::make_intrusive<SubNetVal>(kp, kp[4]);
*pval = zeek::make_intrusive<zeek::SubNetVal>(kp, kp[4]);
}
break;
@ -854,7 +854,7 @@ const char* CompositeHash::RecoverOneVal(
if ( ! f )
reporter->InternalError("failed to look up unique function id %" PRIu32 " in CompositeHash::RecoverOneVal()", *kp);
*pval = zeek::make_intrusive<Val>(f);
*pval = zeek::make_intrusive<zeek::Val>(f);
const auto& pvt = (*pval)->GetType();
if ( ! pvt )
@ -894,7 +894,7 @@ const char* CompositeHash::RecoverOneVal(
reporter->InternalError("failed compiling table/set key pattern: %s",
re->PatternText());
*pval = zeek::make_intrusive<PatternVal>(re);
*pval = zeek::make_intrusive<zeek::PatternVal>(re);
}
break;
@ -904,11 +904,11 @@ const char* CompositeHash::RecoverOneVal(
zeek::RecordType* rt = t->AsRecordType();
int num_fields = rt->NumFields();
std::vector<ValPtr> values;
std::vector<zeek::ValPtr> values;
int i;
for ( i = 0; i < num_fields; ++i )
{
ValPtr v;
zeek::ValPtr v;
zeek::detail::Attributes* a = rt->FieldDecl(i)->attrs.get();
bool optional = (a && a->Find(zeek::detail::ATTR_OPTIONAL));
@ -931,7 +931,7 @@ const char* CompositeHash::RecoverOneVal(
ASSERT(int(values.size()) == num_fields);
auto rv = zeek::make_intrusive<RecordVal>(zeek::IntrusivePtr{zeek::NewRef{}, rt});
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::IntrusivePtr{zeek::NewRef{}, rt});
for ( int i = 0; i < num_fields; ++i )
rv->Assign(i, std::move(values[i]));
@ -948,18 +948,18 @@ const char* CompositeHash::RecoverOneVal(
n = *kp;
kp1 = reinterpret_cast<const char*>(kp+1);
zeek::TableType* tt = t->AsTableType();
auto tv = zeek::make_intrusive<TableVal>(zeek::IntrusivePtr{zeek::NewRef{}, tt});
auto tv = zeek::make_intrusive<zeek::TableVal>(zeek::IntrusivePtr{zeek::NewRef{}, tt});
for ( int i = 0; i < n; ++i )
{
ValPtr key;
zeek::ValPtr key;
kp1 = RecoverOneVal(k, kp1, k_end, tt->GetIndices().get(), &key, false);
if ( t->IsSet() )
tv->Assign(std::move(key), nullptr);
else
{
ValPtr value;
zeek::ValPtr value;
kp1 = RecoverOneVal(k, kp1, k_end, tt->Yield().get(), &value,
false);
tv->Assign(std::move(key), std::move(value));
@ -977,7 +977,7 @@ const char* CompositeHash::RecoverOneVal(
n = *kp;
kp1 = reinterpret_cast<const char*>(kp+1);
zeek::VectorType* vt = t->AsVectorType();
auto vv = zeek::make_intrusive<VectorVal>(zeek::IntrusivePtr{zeek::NewRef{}, vt});
auto vv = zeek::make_intrusive<zeek::VectorVal>(zeek::IntrusivePtr{zeek::NewRef{}, vt});
for ( unsigned int i = 0; i < n; ++i )
{
@ -987,7 +987,7 @@ const char* CompositeHash::RecoverOneVal(
kp = AlignType<unsigned int>(kp1);
unsigned int have_val = *kp;
kp1 = reinterpret_cast<const char*>(kp+1);
ValPtr value;
zeek::ValPtr value;
if ( have_val )
kp1 = RecoverOneVal(k, kp1, k_end, vt->Yield().get(), &value,
@ -1007,11 +1007,11 @@ const char* CompositeHash::RecoverOneVal(
n = *kp;
kp1 = reinterpret_cast<const char*>(kp+1);
zeek::TypeList* tl = t->AsTypeList();
auto lv = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
auto lv = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
for ( int i = 0; i < n; ++i )
{
ValPtr v;
zeek::ValPtr v;
zeek::Type* it = tl->GetTypes()[i].get();
kp1 = RecoverOneVal(k, kp1, k_end, it, &v, false);
lv->Append(std::move(v));
@ -1047,7 +1047,7 @@ const char* CompositeHash::RecoverOneVal(
kp1 = reinterpret_cast<const char*>(kp+1);
}
*pval = zeek::make_intrusive<StringVal>(new BroString((const byte_vec) kp1, n, true));
*pval = zeek::make_intrusive<zeek::StringVal>(new BroString((const byte_vec) kp1, n, true));
kp1 += n;
}
break;

22
src/CompHash.h
View file

@ -7,10 +7,12 @@
#include "Type.h"
#include "IntrusivePtr.h"
class ListVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek);
class HashKey;
namespace zeek {
using ListValPtr = zeek::IntrusivePtr<ListVal>;
}
class CompositeHash {
public:
@ -19,27 +21,27 @@ public:
// Compute the hash corresponding to the given index val,
// or nullptr if it fails to typecheck.
std::unique_ptr<HashKey> MakeHashKey(const Val& v, bool type_check) const;
std::unique_ptr<HashKey> MakeHashKey(const zeek::Val& v, bool type_check) const;
[[deprecated("Remove in v4.1. Use MakeHashKey().")]]
HashKey* ComputeHash(const Val* v, bool type_check) const
HashKey* ComputeHash(const zeek::Val* v, bool type_check) const
{ return MakeHashKey(*v, type_check).release(); }
// Given a hash key, recover the values used to create it.
ListValPtr RecoverVals(const HashKey& k) const;
zeek::ListValPtr RecoverVals(const HashKey& k) const;
[[deprecated("Remove in v4.1. Pass in HashKey& instead.")]]
ListValPtr RecoverVals(const HashKey* k) const
zeek::ListValPtr RecoverVals(const HashKey* k) const
{ return RecoverVals(*k); }
unsigned int MemoryAllocation() const { return padded_sizeof(*this) + pad_size(size); }
protected:
std::unique_ptr<HashKey> ComputeSingletonHash(const Val* v, bool type_check) const;
std::unique_ptr<HashKey> ComputeSingletonHash(const zeek::Val* v, bool type_check) const;
// Computes the piece of the hash for Val*, returning the new kp.
// Used as a helper for ComputeHash in the non-singleton case.
char* SingleValHash(bool type_check, char* kp, zeek::Type* bt, Val* v,
char* SingleValHash(bool type_check, char* kp, zeek::Type* bt, zeek::Val* v,
bool optional) const;
// Recovers just one Val of possibly many; called from RecoverVals.
@ -48,7 +50,7 @@ protected:
// upon errors, so there is no return value for invalid input.
const char* RecoverOneVal(
const HashKey& k, const char* kp, const char* const k_end,
zeek::Type* t, ValPtr* pval, bool optional) const;
zeek::Type* t, zeek::ValPtr* pval, bool optional) const;
// Rounds the given pointer up to the nearest multiple of the
// given size, if not already a multiple.
@ -84,10 +86,10 @@ protected:
// the value is computed for the particular list of values.
// Returns 0 if the key has an indeterminant size (if v not given),
// or if v doesn't match the index type (if given).
int ComputeKeySize(const Val* v, bool type_check,
int ComputeKeySize(const zeek::Val* v, bool type_check,
bool calc_static_size) const;
int SingleTypeKeySize(zeek::Type*, const Val*,
int SingleTypeKeySize(zeek::Type*, const zeek::Val*,
bool type_check, int sz, bool optional,
bool calc_static_size) const;

38
src/Conn.cc
View file

@ -337,26 +337,26 @@ void Connection::StatusUpdateTimer(double t)
TIMER_CONN_STATUS_UPDATE);
}
RecordVal* Connection::BuildConnVal()
zeek::RecordVal* Connection::BuildConnVal()
{
return ConnVal()->Ref()->AsRecordVal();
}
const RecordValPtr& Connection::ConnVal()
const zeek::RecordValPtr& Connection::ConnVal()
{
if ( ! conn_val )
{
conn_val = zeek::make_intrusive<RecordVal>(zeek::id::connection);
conn_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::connection);
TransportProto prot_type = ConnTransport();
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(orig_addr));
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(orig_addr));
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(resp_addr));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
auto orig_endp = zeek::make_intrusive<RecordVal>(zeek::id::endpoint);
auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
orig_endp->Assign(0, val_mgr->Count(0));
orig_endp->Assign(1, val_mgr->Count(0));
orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
@ -365,27 +365,27 @@ const RecordValPtr& Connection::ConnVal()
char null[l2_len]{};
if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
orig_endp->Assign(5, zeek::make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len)));
orig_endp->Assign(5, zeek::make_intrusive<zeek::StringVal>(fmt_mac(orig_l2_addr, l2_len)));
auto resp_endp = zeek::make_intrusive<RecordVal>(zeek::id::endpoint);
auto resp_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
resp_endp->Assign(0, val_mgr->Count(0));
resp_endp->Assign(1, val_mgr->Count(0));
resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 )
resp_endp->Assign(5, zeek::make_intrusive<StringVal>(fmt_mac(resp_l2_addr, l2_len)));
resp_endp->Assign(5, zeek::make_intrusive<zeek::StringVal>(fmt_mac(resp_l2_addr, l2_len)));
conn_val->Assign(0, std::move(id_val));
conn_val->Assign(1, std::move(orig_endp));
conn_val->Assign(2, std::move(resp_endp));
// 3 and 4 are set below.
conn_val->Assign(5, zeek::make_intrusive<TableVal>(zeek::id::string_set)); // service
conn_val->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set)); // service
conn_val->Assign(6, val_mgr->EmptyString()); // history
if ( ! uid )
uid.Set(bits_per_uid);
conn_val->Assign(7, zeek::make_intrusive<StringVal>(uid.Base62("C").c_str()));
conn_val->Assign(7, zeek::make_intrusive<zeek::StringVal>(uid.Base62("C").c_str()));
if ( encapsulation && encapsulation->Depth() > 0 )
conn_val->Assign(8, encapsulation->ToVal());
@ -401,9 +401,9 @@ const RecordValPtr& Connection::ConnVal()
if ( root_analyzer )
root_analyzer->UpdateConnVal(conn_val.get());
conn_val->Assign(3, zeek::make_intrusive<TimeVal>(start_time)); // ###
conn_val->Assign(4, zeek::make_intrusive<IntervalVal>(last_time - start_time));
conn_val->Assign(6, zeek::make_intrusive<StringVal>(history.c_str()));
conn_val->Assign(3, zeek::make_intrusive<zeek::TimeVal>(start_time)); // ###
conn_val->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(last_time - start_time));
conn_val->Assign(6, zeek::make_intrusive<zeek::StringVal>(history.c_str()));
conn_val->Assign(11, val_mgr->Bool(is_successful));
conn_val->SetOrigin(this);
@ -433,7 +433,7 @@ void Connection::AppendAddl(const char* str)
const char* old = cv->GetField(6)->AsString()->CheckString();
const char* format = *old ? "%s %s" : "%s%s";
cv->Assign(6, zeek::make_intrusive<StringVal>(fmt(format, old, str)));
cv->Assign(6, zeek::make_intrusive<zeek::StringVal>(fmt(format, old, str)));
}
// Returns true if the character at s separates a version number.
@ -470,12 +470,12 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch
return;
if ( name )
EnqueueEvent(f, analyzer, zeek::make_intrusive<StringVal>(name), ConnVal());
EnqueueEvent(f, analyzer, zeek::make_intrusive<zeek::StringVal>(name), ConnVal());
else
EnqueueEvent(f, analyzer, ConnVal());
}
void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2)
void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2)
{
if ( ! f )
{
@ -697,7 +697,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
{
if ( conn_val )
{
RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal();
zeek::RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal();
endp->Assign(4, val_mgr->Count(flow_label));
}

17
src/Conn.h
View file

@ -29,11 +29,14 @@ class RuleHdrTest;
class Specific_RE_Matcher;
class RuleEndpointState;
class EncapsulationStack;
class Val;
class RecordVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecorVal, zeek);
namespace zeek {
using ValPtr = zeek::IntrusivePtr<Val>;
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
}
namespace analyzer { class TransportLayerAnalyzer; }
@ -167,12 +170,12 @@ public:
void EnableStatusUpdateTimer();
[[deprecated("Remove in v4.1. Use ConnVal() instead.")]]
RecordVal* BuildConnVal();
zeek::RecordVal* BuildConnVal();
/**
* Returns the associated "connection" record.
*/
const RecordValPtr& ConnVal();
const zeek::RecordValPtr& ConnVal();
void AppendAddl(const char* str);
@ -197,7 +200,7 @@ public:
// argument is the connection value, second argument is 'v1', and if 'v2'
// is given that will be it's third argument.
[[deprecated("Remove in v4.1. Use EnqueueEvent() instead (note it doesn't automatically add the connection argument).")]]
void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1, Val* v2 = nullptr);
void Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, zeek::Val* v1, zeek::Val* v2 = nullptr);
// If a handler exists for 'f', an event will be generated. In any case,
// reference count for each element in the 'vl' list are decremented. The
@ -238,7 +241,7 @@ public:
template <class... Args>
std::enable_if_t<
std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>>
std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
EnqueueEvent(EventHandlerPtr h, analyzer::Analyzer* analyzer, Args&&... args)
{ return EnqueueEvent(h, analyzer, zeek::Args{std::forward<Args>(args)...}); }
@ -358,7 +361,7 @@ protected:
u_char resp_l2_addr[Packet::l2_addr_len]; // Link-layer responder address, if available
double start_time, last_time;
double inactivity_timeout;
RecordValPtr conn_val;
zeek::RecordValPtr conn_val;
LoginConn* login_conn; // either nil, or this
const EncapsulationStack* encapsulation; // tunnels
int suppress_event; // suppress certain events to once per conn.

64
src/DNS_Mgr.cc
View file

@ -122,9 +122,9 @@ public:
return req_host ? req_host : req_addr.AsString();
}
ListValPtr Addrs();
TableValPtr AddrsSet(); // addresses returned as a set
StringValPtr Host();
zeek::ListValPtr Addrs();
zeek::TableValPtr AddrsSet(); // addresses returned as a set
zeek::StringValPtr Host();
double CreationTime() const { return creation_time; }
@ -155,11 +155,11 @@ protected:
int num_names;
char** names;
StringValPtr host_val;
zeek::StringValPtr host_val;
int num_addrs;
IPAddr* addrs;
ListValPtr addrs_val;
zeek::ListValPtr addrs_val;
double creation_time;
int map_type;
@ -173,13 +173,13 @@ void DNS_Mgr_mapping_delete_func(void* v)
delete (DNS_Mapping*) v;
}
static TableValPtr empty_addr_set()
static zeek::TableValPtr empty_addr_set()
{
auto addr_t = zeek::base_type(zeek::TYPE_ADDR);
auto set_index = zeek::make_intrusive<zeek::TypeList>(addr_t);
set_index->Append(std::move(addr_t));
auto s = zeek::make_intrusive<zeek::SetType>(std::move(set_index), nullptr);
return zeek::make_intrusive<TableVal>(std::move(s));
return zeek::make_intrusive<zeek::TableVal>(std::move(s));
}
DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32_t ttl)
@ -276,23 +276,23 @@ DNS_Mapping::~DNS_Mapping()
delete [] addrs;
}
ListValPtr DNS_Mapping::Addrs()
zeek::ListValPtr DNS_Mapping::Addrs()
{
if ( failed )
return nullptr;
if ( ! addrs_val )
{
addrs_val = zeek::make_intrusive<ListVal>(zeek::TYPE_ADDR);
addrs_val = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ADDR);
for ( int i = 0; i < num_addrs; ++i )
addrs_val->Append(zeek::make_intrusive<AddrVal>(addrs[i]));
addrs_val->Append(zeek::make_intrusive<zeek::AddrVal>(addrs[i]));
}
return addrs_val;
}
TableValPtr DNS_Mapping::AddrsSet() {
zeek::TableValPtr DNS_Mapping::AddrsSet() {
auto l = Addrs();
if ( ! l )
@ -301,13 +301,13 @@ TableValPtr DNS_Mapping::AddrsSet() {
return l->ToSetVal();
}
StringValPtr DNS_Mapping::Host()
zeek::StringValPtr DNS_Mapping::Host()
{
if ( failed || num_names == 0 || ! names[0] )
return nullptr;
if ( ! host_val )
host_val = zeek::make_intrusive<StringVal>(names[0]);
host_val = zeek::make_intrusive<zeek::StringVal>(names[0]);
return host_val;
}
@ -461,12 +461,12 @@ void DNS_Mgr::InitPostScript()
LoadCache(fopen(cache_name, "r"));
}
static TableValPtr fake_name_lookup_result(const char* name)
static zeek::TableValPtr fake_name_lookup_result(const char* name)
{
hash128_t hash;
KeyedHash::StaticHash128(name, strlen(name), &hash);
auto hv = zeek::make_intrusive<ListVal>(zeek::TYPE_ADDR);
hv->Append(zeek::make_intrusive<AddrVal>(reinterpret_cast<const uint32_t*>(&hash)));
auto hv = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ADDR);
hv->Append(zeek::make_intrusive<zeek::AddrVal>(reinterpret_cast<const uint32_t*>(&hash)));
return hv->ToSetVal();
}
@ -485,7 +485,7 @@ static const char* fake_addr_lookup_result(const IPAddr& addr)
return tmp;
}
TableValPtr DNS_Mgr::LookupHost(const char* name)
zeek::TableValPtr DNS_Mgr::LookupHost(const char* name)
{
if ( mode == DNS_FAKE )
return fake_name_lookup_result(name);
@ -542,7 +542,7 @@ TableValPtr DNS_Mgr::LookupHost(const char* name)
}
}
ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
zeek::ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
{
InitSource();
@ -559,7 +559,7 @@ ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
{
string s(addr);
reporter->Warning("can't resolve IP address: %s", s.c_str());
return zeek::make_intrusive<StringVal>(s.c_str());
return zeek::make_intrusive<zeek::StringVal>(s.c_str());
}
}
}
@ -568,7 +568,7 @@ ValPtr DNS_Mgr::LookupAddr(const IPAddr& addr)
switch ( mode ) {
case DNS_PRIME:
requests.push_back(new DNS_Mgr_Request(addr));
return zeek::make_intrusive<StringVal>("<none>");
return zeek::make_intrusive<zeek::StringVal>("<none>");
case DNS_FORCE:
reporter->FatalError("can't find DNS entry for %s in cache",
@ -698,7 +698,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm)
}
void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm,
ListValPtr l1, ListValPtr l2)
zeek::ListValPtr l1, zeek::ListValPtr l2)
{
if ( ! e )
return;
@ -714,17 +714,17 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm)
mgr.Enqueue(e, BuildMappingVal(old_dm), BuildMappingVal(new_dm));
}
ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
zeek::ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
{
auto r = zeek::make_intrusive<RecordVal>(dm_rec);
auto r = zeek::make_intrusive<zeek::RecordVal>(dm_rec);
r->Assign(0, zeek::make_intrusive<TimeVal>(dm->CreationTime()));
r->Assign(1, zeek::make_intrusive<StringVal>(dm->ReqHost() ? dm->ReqHost() : ""));
r->Assign(2, zeek::make_intrusive<AddrVal>(dm->ReqAddr()));
r->Assign(0, zeek::make_intrusive<zeek::TimeVal>(dm->CreationTime()));
r->Assign(1, zeek::make_intrusive<zeek::StringVal>(dm->ReqHost() ? dm->ReqHost() : ""));
r->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dm->ReqAddr()));
r->Assign(3, val_mgr->Bool(dm->Valid()));
auto h = dm->Host();
r->Assign(4, h ? std::move(h) : zeek::make_intrusive<StringVal>("<none>"));
r->Assign(4, h ? std::move(h) : zeek::make_intrusive<zeek::StringVal>("<none>"));
r->Assign(5, dm->AddrsSet());
return r;
@ -870,9 +870,9 @@ void DNS_Mgr::CompareMappings(DNS_Mapping* prev_dm, DNS_Mapping* new_dm)
Event(dns_mapping_altered, new_dm, std::move(prev_delta), std::move(new_delta));
}
ListValPtr DNS_Mgr::AddrListDelta(ListVal* al1, ListVal* al2)
zeek::ListValPtr DNS_Mgr::AddrListDelta(zeek::ListVal* al1, zeek::ListVal* al2)
{
auto delta = zeek::make_intrusive<ListVal>(zeek::TYPE_ADDR);
auto delta = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ADDR);
for ( int i = 0; i < al1->Length(); ++i )
{
@ -894,7 +894,7 @@ ListValPtr DNS_Mgr::AddrListDelta(ListVal* al1, ListVal* al2)
return delta;
}
void DNS_Mgr::DumpAddrList(FILE* f, ListVal* al)
void DNS_Mgr::DumpAddrList(FILE* f, zeek::ListVal* al)
{
for ( int i = 0; i < al->Length(); ++i )
{
@ -980,7 +980,7 @@ const char* DNS_Mgr::LookupAddrInCache(const IPAddr& addr)
return d->names ? d->names[0] : "<\?\?\?>";
}
TableValPtr DNS_Mgr::LookupNameInCache(const string& name)
zeek::TableValPtr DNS_Mgr::LookupNameInCache(const string& name)
{
HostMap::iterator it = host_mappings.find(name);
if ( it == host_mappings.end() )
@ -1030,7 +1030,7 @@ const char* DNS_Mgr::LookupTextInCache(const string& name)
}
static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback,
TableValPtr result)
zeek::TableValPtr result)
{
callback->Resolved(result.get());
delete callback;

31
src/DNS_Mgr.h
View file

@ -13,19 +13,22 @@
#include "IPAddr.h"
#include "util.h"
template <class T> class IntrusivePtr;
class Val;
class ListVal;
class TableVal;
class Func;
class EventHandler;
class DNS_Mgr_Request;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
using ValPtr = zeek::IntrusivePtr<Val>;
using ListValPtr = zeek::IntrusivePtr<ListVal>;
using TableValPtr = zeek::IntrusivePtr<TableVal>;
}
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
typedef PList<DNS_Mgr_Request> DNS_mgr_request_list;
@ -54,9 +57,9 @@ public:
// Looks up the address or addresses of the given host, and returns
// a set of addr.
TableValPtr LookupHost(const char* host);
zeek::TableValPtr LookupHost(const char* host);
ValPtr LookupAddr(const IPAddr& addr);
zeek::ValPtr LookupAddr(const IPAddr& addr);
// Define the directory where to store the data.
void SetDir(const char* arg_dir) { dir = copy_string(arg_dir); }
@ -66,7 +69,7 @@ public:
bool Save();
const char* LookupAddrInCache(const IPAddr& addr);
TableValPtr LookupNameInCache(const std::string& name);
zeek::TableValPtr LookupNameInCache(const std::string& name);
const char* LookupTextInCache(const std::string& name);
// Support for async lookups.
@ -76,7 +79,7 @@ public:
virtual ~LookupCallback() { }
virtual void Resolved(const char* name) { };
virtual void Resolved(TableVal* addrs) { };
virtual void Resolved(zeek::TableVal* addrs) { };
virtual void Timeout() = 0;
};
@ -104,15 +107,15 @@ protected:
void Event(EventHandlerPtr e, DNS_Mapping* dm);
void Event(EventHandlerPtr e, DNS_Mapping* dm,
ListValPtr l1, ListValPtr l2);
zeek::ListValPtr l1, zeek::ListValPtr l2);
void Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm);
ValPtr BuildMappingVal(DNS_Mapping* dm);
zeek::ValPtr BuildMappingVal(DNS_Mapping* dm);
void AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r);
void CompareMappings(DNS_Mapping* prev_dm, DNS_Mapping* new_dm);
ListValPtr AddrListDelta(ListVal* al1, ListVal* al2);
void DumpAddrList(FILE* f, ListVal* al);
zeek::ListValPtr AddrListDelta(zeek::ListVal* al1, zeek::ListVal* al2);
void DumpAddrList(FILE* f, zeek::ListVal* al);
typedef std::map<std::string, std::pair<DNS_Mapping*, DNS_Mapping*> > HostMap;
typedef std::map<IPAddr, DNS_Mapping*> AddrMap;
@ -183,7 +186,7 @@ protected:
processed = true;
}
void Resolved(TableVal* addrs)
void Resolved(zeek::TableVal* addrs)
{
for ( CallbackList::iterator i = callbacks.begin();
i != callbacks.end(); ++i )

6
src/Debug.cc
View file

@ -905,7 +905,7 @@ bool pre_execute_stmt(zeek::detail::Stmt* stmt, Frame* f)
return true;
}
bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, Val* result, stmt_flow_type* flow)
bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, zeek::Val* result, stmt_flow_type* flow)
{
// Handle the case where someone issues a "next" debugger command,
// but we're at a return statement, so the next statement is in
@ -948,7 +948,7 @@ extern YYLTYPE yylloc; // holds start line and column of token
extern int line_number;
extern const char* filename;
ValPtr dbg_eval_expr(const char* expr)
zeek::ValPtr dbg_eval_expr(const char* expr)
{
// Push the current frame's associated scope.
// Note: g_debugger_state.curr_frame_idx is the user-visible number,
@ -983,7 +983,7 @@ ValPtr dbg_eval_expr(const char* expr)
yylloc.first_line = yylloc.last_line = line_number = 1;
// Parse the thing into an expr.
ValPtr result;
zeek::ValPtr result;
if ( yyparse() )
{
if ( g_curr_debug_error )

12
src/Debug.h
View file

@ -11,14 +11,12 @@
#include <map>
#include <string>
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
}
class Val;
using ValPtr = zeek::IntrusivePtr<Val>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
}
// This needs to be defined before we do the includes that come after it.
enum ParseLocationRecType { plrUnknown, plrFileAndLine, plrFunction };
@ -150,7 +148,7 @@ std::vector<ParseLocationRec> parse_location_string(const std::string& s);
// Return true to continue execution, false to abort.
bool pre_execute_stmt(zeek::detail::Stmt* stmt, Frame* f);
bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, Val* result, stmt_flow_type* flow);
bool post_execute_stmt(zeek::detail::Stmt* stmt, Frame* f, zeek::Val* result, stmt_flow_type* flow);
// Returns 1 if successful, 0 otherwise.
// If cmdfile is non-nil, it contains the location of a file of commands
@ -166,7 +164,7 @@ int dbg_handle_debug_input(); // read a line and then have it executed
int dbg_execute_command(const char* cmd);
// Interactive expression evaluation.
ValPtr dbg_eval_expr(const char* expr);
zeek::ValPtr dbg_eval_expr(const char* expr);
// Extra debugging facilities.
// TODO: current connections, memory allocated, other internal data structures.

4
src/Discard.cc
View file

@ -155,7 +155,7 @@ bool Discarder::NextPacket(const IP_Hdr* ip, int len, int caplen)
return discard_packet;
}
Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
zeek::Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
{
len -= hdrlen;
caplen -= hdrlen;
@ -163,5 +163,5 @@ Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen)
len = std::max(std::min(std::min(len, caplen), discarder_maxlen), 0);
return new StringVal(new BroString(data, len, true));
return new zeek::StringVal(new BroString(data, len, true));
}

5
src/Discard.h
View file

@ -7,10 +7,11 @@
#include "IntrusivePtr.h"
class IP_Hdr;
class Val;
class Func;
using FuncPtr = zeek::IntrusivePtr<Func>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class Discarder {
public:
Discarder();
@ -21,7 +22,7 @@ public:
bool NextPacket(const IP_Hdr* ip, int len, int caplen);
protected:
Val* BuildData(const u_char* data, int hdrlen, int len, int caplen);
zeek::Val* BuildData(const u_char* data, int hdrlen, int len, int caplen);
FuncPtr check_ip;
FuncPtr check_tcp;

4
src/Event.h
View file

@ -108,7 +108,7 @@ public:
template <class... Args>
std::enable_if_t<
std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>>
std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
Enqueue(const EventHandlerPtr& h, Args&&... args)
{ return Enqueue(h, zeek::Args{std::forward<Args>(args)...}); }
@ -143,7 +143,7 @@ protected:
Event* tail;
SourceID current_src;
analyzer::ID current_aid;
RecordVal* src_val;
zeek::RecordVal* src_val;
bool draining;
zeek::detail::Flare queue_flare;
};

10
src/EventHandler.cc
View file

@ -118,7 +118,7 @@ void EventHandler::NewEvent(zeek::Args* vl)
const auto& args = GetType()->Params();
static auto call_argument_vector = zeek::id::find_type<zeek::VectorType>("call_argument_vector");
auto vargs = zeek::make_intrusive<VectorVal>(call_argument_vector);
auto vargs = zeek::make_intrusive<zeek::VectorVal>(call_argument_vector);
for ( int i = 0; i < args->NumFields(); i++ )
{
@ -127,13 +127,13 @@ void EventHandler::NewEvent(zeek::Args* vl)
auto fdefault = args->FieldDefault(i);
static auto call_argument = zeek::id::find_type<zeek::RecordType>("call_argument");
auto rec = zeek::make_intrusive<RecordVal>(call_argument);
rec->Assign(0, zeek::make_intrusive<StringVal>(fname));
auto rec = zeek::make_intrusive<zeek::RecordVal>(call_argument);
rec->Assign(0, zeek::make_intrusive<zeek::StringVal>(fname));
ODesc d;
d.SetShort();
ftype->Describe(&d);
rec->Assign(1, zeek::make_intrusive<StringVal>(d.Description()));
rec->Assign(1, zeek::make_intrusive<zeek::StringVal>(d.Description()));
if ( fdefault )
rec->Assign(2, std::move(fdefault));
@ -145,7 +145,7 @@ void EventHandler::NewEvent(zeek::Args* vl)
}
Event* ev = new Event(new_event, {
zeek::make_intrusive<StringVal>(name),
zeek::make_intrusive<zeek::StringVal>(name),
std::move(vargs),
});
mgr.Dispatch(ev);

76
src/Expr.cc
View file

@ -235,7 +235,7 @@ ValPtr NameExpr::Eval(Frame* f) const
ValPtr v;
if ( id->IsType() )
return zeek::make_intrusive<Val>(id->GetType(), true);
return zeek::make_intrusive<zeek::Val>(id->GetType(), true);
if ( id->IsGlobal() )
v = id->GetVal();
@ -364,7 +364,7 @@ ValPtr UnaryExpr::Eval(Frame* f) const
else
out_t = GetType<zeek::VectorType>();
auto result = zeek::make_intrusive<VectorVal>(std::move(out_t));
auto result = zeek::make_intrusive<zeek::VectorVal>(std::move(out_t));
for ( unsigned int i = 0; i < v_op->Size(); ++i )
{
@ -455,7 +455,7 @@ ValPtr BinaryExpr::Eval(Frame* f) const
return nullptr;
}
auto v_result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto v_result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
for ( unsigned int i = 0; i < v_op1->Size(); ++i )
{
@ -472,7 +472,7 @@ ValPtr BinaryExpr::Eval(Frame* f) const
if ( IsVector(GetType()->Tag()) && (is_vec1 || is_vec2) )
{ // fold vector against scalar
VectorVal* vv = (is_vec1 ? v1 : v2)->AsVectorVal();
auto v_result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto v_result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
for ( unsigned int i = 0; i < vv->Size(); ++i )
{
@ -677,11 +677,11 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const
const auto& ret_type = IsVector(GetType()->Tag()) ? GetType()->Yield() : GetType();
if ( ret_type->Tag() == zeek::TYPE_INTERVAL )
return zeek::make_intrusive<IntervalVal>(d3);
return zeek::make_intrusive<zeek::IntervalVal>(d3);
else if ( ret_type->Tag() == zeek::TYPE_TIME )
return zeek::make_intrusive<TimeVal>(d3);
return zeek::make_intrusive<zeek::TimeVal>(d3);
else if ( ret_type->Tag() == zeek::TYPE_DOUBLE )
return zeek::make_intrusive<DoubleVal>(d3);
return zeek::make_intrusive<zeek::DoubleVal>(d3);
else if ( ret_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED )
return val_mgr->Count(u3);
else if ( ret_type->Tag() == zeek::TYPE_BOOL )
@ -714,7 +714,7 @@ ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const
strings.push_back(s1);
strings.push_back(s2);
return zeek::make_intrusive<StringVal>(concatenate(strings));
return zeek::make_intrusive<zeek::StringVal>(concatenate(strings));
}
default:
@ -737,7 +737,7 @@ ValPtr BinaryExpr::PatternFold(Val* v1, Val* v2) const
RE_Matcher_conjunction(re1, re2) :
RE_Matcher_disjunction(re1, re2);
return zeek::make_intrusive<PatternVal>(res);
return zeek::make_intrusive<zeek::PatternVal>(res);
}
ValPtr BinaryExpr::SetFold(Val* v1, Val* v2) const
@ -1101,9 +1101,9 @@ NegExpr::NegExpr(ExprPtr arg_op)
ValPtr NegExpr::Fold(Val* v) const
{
if ( v->GetType()->Tag() == zeek::TYPE_DOUBLE )
return zeek::make_intrusive<DoubleVal>(- v->InternalDouble());
return zeek::make_intrusive<zeek::DoubleVal>(- v->InternalDouble());
else if ( v->GetType()->Tag() == zeek::TYPE_INTERVAL )
return zeek::make_intrusive<IntervalVal>(- v->InternalDouble());
return zeek::make_intrusive<zeek::IntervalVal>(- v->InternalDouble());
else
return val_mgr->Int(- v->CoerceToInt());
}
@ -1447,7 +1447,7 @@ ValPtr DivideExpr::AddrFold(Val* v1, Val* v2) const
RuntimeError(fmt("bad IPv6 subnet prefix length: %" PRIu32, mask));
}
return zeek::make_intrusive<SubNetVal>(a, mask);
return zeek::make_intrusive<zeek::SubNetVal>(a, mask);
}
ModExpr::ModExpr(ExprPtr arg_op1, ExprPtr arg_op2)
@ -1571,7 +1571,7 @@ ValPtr BoolExpr::Eval(Frame* f) const
if ( scalar_v->IsZero() == is_and )
{
result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
result->Resize(vector_v->Size());
result->AssignRepeat(0, result->Size(), std::move(scalar_v));
}
@ -1596,7 +1596,7 @@ ValPtr BoolExpr::Eval(Frame* f) const
return nullptr;
}
auto result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
result->Resize(vec_v1->Size());
for ( unsigned int i = 0; i < vec_v1->Size(); ++i )
@ -1924,7 +1924,7 @@ ValPtr CondExpr::Eval(Frame* f) const
return nullptr;
}
auto result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
result->Resize(cond->Size());
for ( unsigned int i = 0; i < cond->Size(); ++i )
@ -2377,7 +2377,7 @@ ValPtr AssignExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
if ( aggr->GetType()->Tag() != zeek::TYPE_TABLE )
Internal("bad aggregate in AssignExpr::InitVal");
auto tv = zeek::cast_intrusive<TableVal>(std::move(aggr));
auto tv = zeek::cast_intrusive<zeek::TableVal>(std::move(aggr));
const TableType* tt = tv->GetType()->AsTableType();
const auto& yt = tv->GetType()->Yield();
@ -2574,7 +2574,7 @@ ValPtr IndexExpr::Eval(Frame* f) const
{
VectorVal* v_v1 = v1->AsVectorVal();
VectorVal* v_v2 = indv->AsVectorVal();
auto v_result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto v_result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
// Booleans select each element (or not).
if ( IsBool(v_v2->GetType()->Yield()->Tag()) )
@ -2635,7 +2635,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
else
{
size_t len = vect->Size();
auto result = zeek::make_intrusive<VectorVal>(vect->GetType<zeek::VectorType>());
auto result = zeek::make_intrusive<zeek::VectorVal>(vect->GetType<zeek::VectorType>());
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
@ -2687,7 +2687,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
substring = s->GetSubstring(first, substring_len);
}
return zeek::make_intrusive<StringVal>(substring ? substring : new BroString(""));
return zeek::make_intrusive<zeek::StringVal>(substring ? substring : new BroString(""));
}
default:
@ -3005,7 +3005,7 @@ ValPtr RecordConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
RecordVal* rv = v->AsRecordVal();
auto bt = const_cast<zeek::Type*>(t);
RecordTypePtr rt{zeek::NewRef{}, bt->AsRecordType()};
auto aggr_rec = zeek::cast_intrusive<RecordVal>(std::move(aggr));
auto aggr_rec = zeek::cast_intrusive<zeek::RecordVal>(std::move(aggr));
auto ar = rv->CoerceTo(std::move(rt), std::move(aggr_rec));
if ( ar )
@ -3024,7 +3024,7 @@ ValPtr RecordConstructorExpr::Fold(Val* v) const
if ( lv->Length() != rt->NumFields() )
RuntimeErrorWithCallStack("inconsistency evaluating record constructor");
auto rv = zeek::make_intrusive<RecordVal>(std::move(rt));
auto rv = zeek::make_intrusive<zeek::RecordVal>(std::move(rt));
for ( int i = 0; i < lv->Length(); ++i )
rv->Assign(i, lv->Idx(i));
@ -3124,7 +3124,7 @@ ValPtr TableConstructorExpr::Eval(Frame* f) const
if ( IsError() )
return nullptr;
auto aggr = zeek::make_intrusive<TableVal>(GetType<TableType>(), attrs);
auto aggr = zeek::make_intrusive<zeek::TableVal>(GetType<TableType>(), attrs);
const expr_list& exprs = op->AsListExpr()->Exprs();
for ( const auto& expr : exprs )
@ -3144,7 +3144,7 @@ ValPtr TableConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
auto tval = aggr ?
TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} :
zeek::make_intrusive<TableVal>(std::move(tt), attrs);
zeek::make_intrusive<zeek::TableVal>(std::move(tt), attrs);
const expr_list& exprs = op->AsListExpr()->Exprs();
for ( const auto& expr : exprs )
@ -3233,7 +3233,7 @@ ValPtr SetConstructorExpr::Eval(Frame* f) const
if ( IsError() )
return nullptr;
auto aggr = zeek::make_intrusive<TableVal>(IntrusivePtr{zeek::NewRef{}, type->AsTableType()},
auto aggr = zeek::make_intrusive<zeek::TableVal>(IntrusivePtr{zeek::NewRef{}, type->AsTableType()},
attrs);
const expr_list& exprs = op->AsListExpr()->Exprs();
@ -3255,7 +3255,7 @@ ValPtr SetConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
auto tt = GetType<TableType>();
auto tval = aggr ?
TableValPtr{zeek::AdoptRef{}, aggr.release()->AsTableVal()} :
zeek::make_intrusive<TableVal>(std::move(tt), attrs);
zeek::make_intrusive<zeek::TableVal>(std::move(tt), attrs);
const expr_list& exprs = op->AsListExpr()->Exprs();
for ( const auto& e : exprs )
@ -3327,7 +3327,7 @@ ValPtr VectorConstructorExpr::Eval(Frame* f) const
if ( IsError() )
return nullptr;
auto vec = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto vec = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
const expr_list& exprs = op->AsListExpr()->Exprs();
loop_over_list(exprs, i)
@ -3352,7 +3352,7 @@ ValPtr VectorConstructorExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
auto vt = GetType<zeek::VectorType>();
auto vec = aggr ?
VectorValPtr{zeek::AdoptRef{}, aggr.release()->AsVectorVal()} :
zeek::make_intrusive<VectorVal>(std::move(vt));
zeek::make_intrusive<zeek::VectorVal>(std::move(vt));
const expr_list& exprs = op->AsListExpr()->Exprs();
loop_over_list(exprs, i)
@ -3456,7 +3456,7 @@ ValPtr ArithCoerceExpr::FoldSingleVal(Val* v, InternalTypeTag t) const
{
switch ( t ) {
case zeek::TYPE_INTERNAL_DOUBLE:
return zeek::make_intrusive<DoubleVal>(v->CoerceToDouble());
return zeek::make_intrusive<zeek::DoubleVal>(v->CoerceToDouble());
case zeek::TYPE_INTERNAL_INT:
return val_mgr->Int(v->CoerceToInt());
@ -3488,7 +3488,7 @@ ValPtr ArithCoerceExpr::Fold(Val* v) const
t = GetType()->AsVectorType()->Yield()->InternalType();
VectorVal* vv = v->AsVectorVal();
auto result = zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
auto result = zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
for ( unsigned int i = 0; i < vv->Size(); ++i )
{
@ -3620,7 +3620,7 @@ ValPtr RecordCoerceExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
RecordVal* rv = v->AsRecordVal();
auto bt = const_cast<zeek::Type*>(t);
zeek::RecordTypePtr rt{zeek::NewRef{}, bt->AsRecordType()};
auto aggr_rec = zeek::cast_intrusive<RecordVal>(std::move(aggr));
auto aggr_rec = zeek::cast_intrusive<zeek::RecordVal>(std::move(aggr));
if ( auto ar = rv->CoerceTo(std::move(rt), std::move(aggr_rec)) )
return ar;
@ -3632,7 +3632,7 @@ ValPtr RecordCoerceExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
ValPtr RecordCoerceExpr::Fold(Val* v) const
{
auto val = zeek::make_intrusive<RecordVal>(GetType<RecordType>());
auto val = zeek::make_intrusive<zeek::RecordVal>(GetType<RecordType>());
RecordType* val_type = val->GetType()->AsRecordType();
RecordVal* rv = v->AsRecordVal();
@ -3738,7 +3738,7 @@ ValPtr TableCoerceExpr::Fold(Val* v) const
if ( tv->Size() > 0 )
RuntimeErrorWithCallStack("coercion of non-empty table/set");
return zeek::make_intrusive<TableVal>(GetType<TableType>(), tv->GetAttrs());
return zeek::make_intrusive<zeek::TableVal>(GetType<TableType>(), tv->GetAttrs());
}
VectorCoerceExpr::VectorCoerceExpr(ExprPtr arg_op, zeek::VectorTypePtr v)
@ -3768,7 +3768,7 @@ ValPtr VectorCoerceExpr::Fold(Val* v) const
if ( vv->Size() > 0 )
RuntimeErrorWithCallStack("coercion of non-empty vector");
return zeek::make_intrusive<VectorVal>(GetType<zeek::VectorType>());
return zeek::make_intrusive<zeek::VectorVal>(GetType<zeek::VectorType>());
}
ScheduleTimer::ScheduleTimer(const EventHandlerPtr& arg_event, zeek::Args arg_args,
@ -4206,7 +4206,7 @@ LambdaExpr::LambdaExpr(std::unique_ptr<function_ingredients> arg_ing,
// Update lamb's name
dummy_func->SetName(my_name.c_str());
auto v = zeek::make_intrusive<Val>(std::move(dummy_func));
auto v = zeek::make_intrusive<zeek::Val>(std::move(dummy_func));
id->SetVal(std::move(v));
id->SetType(ingredients->id->GetType());
id->SetConst();
@ -4232,7 +4232,7 @@ ValPtr LambdaExpr::Eval(Frame* f) const
// Allows for lookups by the receiver.
lamb->SetName(my_name.c_str());
return zeek::make_intrusive<Val>(std::move(lamb));
return zeek::make_intrusive<zeek::Val>(std::move(lamb));
}
void LambdaExpr::ExprDescribe(ODesc* d) const
@ -4367,7 +4367,7 @@ bool ListExpr::IsPure() const
ValPtr ListExpr::Eval(Frame* f) const
{
auto v = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
auto v = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
for ( const auto& expr : exprs )
{
@ -4456,7 +4456,7 @@ ValPtr ListExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
// in which case we should expand as a ListVal.
if ( ! aggr && type->AsTypeList()->AllMatch(t, true) )
{
auto v = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
auto v = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
const auto& tl = type->AsTypeList()->GetTypes();
if ( exprs.length() != static_cast<int>(tl.size()) )
@ -4493,7 +4493,7 @@ ValPtr ListExpr::InitVal(const zeek::Type* t, ValPtr aggr) const
return nullptr;
}
auto v = zeek::make_intrusive<ListVal>(zeek::TYPE_ANY);
auto v = zeek::make_intrusive<zeek::ListVal>(zeek::TYPE_ANY);
loop_over_list(exprs, i)
{

5
src/Expr.h
View file

@ -17,11 +17,14 @@
#include "Val.h"
#include "ZeekArgs.h"
template <class T> class IntrusivePtr;
class Frame;
class Scope;
struct function_ingredients;
namespace zeek {
template <class T> class IntrusivePtr;
}
namespace zeek::detail {
using IDPtr = zeek::IntrusivePtr<ID>;

8
src/File.cc
View file

@ -269,7 +269,7 @@ void BroFile::SetAttrs(zeek::detail::Attributes* arg_attrs)
EnableRawOutput();
}
RecordVal* BroFile::Rotate()
zeek::RecordVal* BroFile::Rotate()
{
if ( ! is_open )
return nullptr;
@ -279,7 +279,7 @@ RecordVal* BroFile::Rotate()
return nullptr;
static auto rotate_info = zeek::id::find_type<zeek::RecordType>("rotate_info");
RecordVal* info = new RecordVal(rotate_info);
auto* info = new zeek::RecordVal(rotate_info);
FILE* newf = rotate_file(name, info);
if ( ! newf )
@ -288,7 +288,7 @@ RecordVal* BroFile::Rotate()
return nullptr;
}
info->Assign<TimeVal>(2, open_time);
info->Assign<zeek::TimeVal>(2, open_time);
Unlink();
@ -329,7 +329,7 @@ void BroFile::RaiseOpenEvent()
return;
BroFilePtr bf{zeek::NewRef{}, this};
Event* event = new ::Event(::file_opened, {zeek::make_intrusive<Val>(std::move(bf))});
Event* event = new ::Event(::file_opened, {zeek::make_intrusive<zeek::Val>(std::move(bf))});
mgr.Dispatch(event, true);
}

5
src/File.h
View file

@ -16,8 +16,6 @@
#include "IntrusivePtr.h"
#include "util.h"
class RecordVal;
namespace zeek {
class Type;
using TypePtr = zeek::IntrusivePtr<zeek::Type>;
@ -26,6 +24,7 @@ using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::
ZEEK_FORWARD_DECLARE_NAMESPACED(PrintStmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Attributes, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
class BroFile;
using BroFilePtr = zeek::IntrusivePtr<BroFile>;
@ -66,7 +65,7 @@ public:
void Describe(ODesc* d) const override;
// Rotates the logfile. Returns rotate_info.
RecordVal* Rotate();
zeek::RecordVal* Rotate();
// Set &raw_output attribute.
void SetAttrs(zeek::detail::Attributes* attrs);

12
src/Frame.cc
View file

@ -61,22 +61,22 @@ void Frame::AddFunctionWithClosureRef(BroFunc* func)
functions_with_closure_frame_reference->emplace_back(func);
}
void Frame::SetElement(int n, Val* v)
void Frame::SetElement(int n, zeek::Val* v)
{ SetElement(n, {zeek::AdoptRef{}, v}); }
void Frame::SetElement(int n, ValPtr v)
void Frame::SetElement(int n, zeek::ValPtr v)
{
ClearElement(n);
frame[n] = {std::move(v), false};
}
void Frame::SetElementWeak(int n, Val* v)
void Frame::SetElementWeak(int n, zeek::Val* v)
{
ClearElement(n);
frame[n] = {{zeek::AdoptRef{}, v}, true};
}
void Frame::SetElement(const zeek::detail::ID* id, ValPtr v)
void Frame::SetElement(const zeek::detail::ID* id, zeek::ValPtr v)
{
if ( closure )
{
@ -105,7 +105,7 @@ void Frame::SetElement(const zeek::detail::ID* id, ValPtr v)
SetElement(id->Offset(), std::move(v));
}
const ValPtr& Frame::GetElementByID(const zeek::detail::ID* id) const
const zeek::ValPtr& Frame::GetElementByID(const zeek::detail::ID* id) const
{
if ( closure )
{
@ -172,7 +172,7 @@ Frame* Frame::Clone() const
return other;
}
static bool val_is_func(const ValPtr& v, BroFunc* func)
static bool val_is_func(const zeek::ValPtr& v, BroFunc* func)
{
if ( v->GetType()->Tag() != zeek::TYPE_FUNC )
return false;

24
src/Frame.h
View file

@ -29,7 +29,9 @@ namespace trigger {
}
}
namespace zeek {
using ValPtr = zeek::IntrusivePtr<Val>;
}
class Frame;
using FramePtr = zeek::IntrusivePtr<Frame>;
@ -56,21 +58,21 @@ public:
* @param n the index to get.
* @return the value at index *n* of the underlying array.
*/
const ValPtr& GetElement(int n) const
const zeek::ValPtr& GetElement(int n) const
{ return frame[n].val; }
[[deprecated("Remove in v4.1. Use GetElement(int).")]]
Val* NthElement(int n) const { return frame[n].val.get(); }
zeek::Val* NthElement(int n) const { return frame[n].val.get(); }
/**
* Sets the element at index *n* of the underlying array to *v*.
* @param n the index to set
* @param v the value to set it to
*/
void SetElement(int n, ValPtr v);
void SetElement(int n, zeek::ValPtr v);
[[deprecated("Remove in v4.1. Pass IntrusivePtr instead.")]]
void SetElement(int n, Val* v);
void SetElement(int n, zeek::Val* v);
/**
* Associates *id* and *v* in the frame. Future lookups of
@ -79,8 +81,8 @@ public:
* @param id the ID to associate
* @param v the value to associate it with
*/
void SetElement(const zeek::detail::ID* id, ValPtr v);
void SetElement(const zeek::detail::IDPtr& id, ValPtr v)
void SetElement(const zeek::detail::ID* id, zeek::ValPtr v);
void SetElement(const zeek::detail::IDPtr& id, zeek::ValPtr v)
{ SetElement(id.get(), std::move(v)); }
/**
@ -90,11 +92,11 @@ public:
* @param id the id who's value to retreive
* @return the value associated with *id*
*/
const ValPtr& GetElementByID(const zeek::detail::IDPtr& id) const
const zeek::ValPtr& GetElementByID(const zeek::detail::IDPtr& id) const
{ return GetElementByID(id.get()); }
[[deprecated("Remove in v4.1. Use GetElementByID().")]]
Val* GetElement(const zeek::detail::ID* id) const
zeek::Val* GetElement(const zeek::detail::ID* id) const
{ return GetElementByID(id).get(); }
/**
@ -254,13 +256,13 @@ private:
using OffsetMap = std::unordered_map<std::string, int>;
struct Element {
ValPtr val;
zeek::ValPtr val;
// Weak reference is used to prevent circular reference memory leaks
// in lambdas/closures.
bool weak_ref;
};
const ValPtr& GetElementByID(const zeek::detail::ID* id) const;
const zeek::ValPtr& GetElementByID(const zeek::detail::ID* id) const;
/**
* Sets the element at index *n* of the underlying array to *v*, but does
@ -270,7 +272,7 @@ private:
* @param v the value to set it to (caller has not Ref'd and Frame will
* not Unref it)
*/
void SetElementWeak(int n, Val* v);
void SetElementWeak(int n, zeek::Val* v);
/**
* Clone an element at an offset into other frame if not equal to a given

18
src/Func.cc
View file

@ -60,7 +60,7 @@ extern RETSIGTYPE sig_handler(int signo);
std::vector<CallInfo> call_stack;
bool did_builtin_init = false;
static const std::pair<bool, ValPtr> empty_hook_result(false, nullptr);
static const std::pair<bool, zeek::ValPtr> empty_hook_result(false, nullptr);
std::string render_call_stack()
{
@ -216,7 +216,7 @@ void Func::CopyStateInto(Func* other) const
other->unique_id = unique_id;
}
void Func::CheckPluginResult(bool handled, const ValPtr& hook_result,
void Func::CheckPluginResult(bool handled, const zeek::ValPtr& hook_result,
zeek::FunctionFlavor flavor) const
{
// Helper function factoring out this code from BroFunc:Call() for
@ -299,13 +299,13 @@ bool BroFunc::IsPure() const
[](const Body& b) { return b.stmts->IsPure(); });
}
Val* Func::Call(val_list* args, Frame* parent) const
zeek::Val* Func::Call(val_list* args, Frame* parent) const
{
auto zargs = zeek::val_list_to_args(*args);
return Invoke(&zargs, parent).release();
};
ValPtr BroFunc::Invoke(zeek::Args* args, Frame* parent) const
zeek::ValPtr BroFunc::Invoke(zeek::Args* args, Frame* parent) const
{
#ifdef PROFILE_BRO_FUNCTIONS
DEBUG_MSG("Function: %s\n", Name());
@ -357,7 +357,7 @@ ValPtr BroFunc::Invoke(zeek::Args* args, Frame* parent) const
}
stmt_flow_type flow = FLOW_NEXT;
ValPtr result;
zeek::ValPtr result;
for ( const auto& body : bodies )
{
@ -604,7 +604,7 @@ BuiltinFunc::BuiltinFunc(built_in_func arg_func, const char* arg_name,
reporter->InternalError("built-in function %s multiply defined", Name());
type = id->GetType<zeek::FuncType>();
id->SetVal(zeek::make_intrusive<Val>(zeek::IntrusivePtr{zeek::NewRef{}, this}));
id->SetVal(zeek::make_intrusive<zeek::Val>(zeek::IntrusivePtr{zeek::NewRef{}, this}));
}
BuiltinFunc::~BuiltinFunc()
@ -616,7 +616,7 @@ bool BuiltinFunc::IsPure() const
return is_pure;
}
ValPtr BuiltinFunc::Invoke(zeek::Args* args, Frame* parent) const
zeek::ValPtr BuiltinFunc::Invoke(zeek::Args* args, Frame* parent) const
{
#ifdef PROFILE_BRO_FUNCTIONS
DEBUG_MSG("Function: %s\n", Name());
@ -667,10 +667,10 @@ void BuiltinFunc::Describe(ODesc* d) const
void builtin_error(const char* msg)
{
builtin_error(msg, ValPtr{});
builtin_error(msg, zeek::ValPtr{});
}
void builtin_error(const char* msg, ValPtr arg)
void builtin_error(const char* msg, zeek::ValPtr arg)
{
builtin_error(msg, arg.get());
}

19
src/Func.h
View file

@ -17,11 +17,11 @@
#include "ZeekArgs.h"
#include "BifReturnVal.h"
class Val;
class Frame;
class Scope;
using ScopePtr = zeek::IntrusivePtr<Scope>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(ID, zeek::detail);
@ -69,7 +69,7 @@ public:
bool HasBodies() const { return bodies.size(); }
[[deprecated("Remove in v4.1. Use Invoke() instead.")]]
Val* Call(val_list* args, Frame* parent = nullptr) const;
zeek::Val* Call(val_list* args, Frame* parent = nullptr) const;
/**
* Calls a Zeek function.
@ -77,7 +77,7 @@ public:
* @param parent the frame from which the function is being called.
* @return the return value of the function call.
*/
virtual ValPtr Invoke(
virtual zeek::ValPtr Invoke(
zeek::Args* args, Frame* parent = nullptr) const = 0;
/**
@ -85,9 +85,8 @@ public:
*/
template <class... Args>
std::enable_if_t<
std::is_convertible_v<std::tuple_element_t<0, std::tuple<Args...>>,
ValPtr>,
ValPtr>
std::is_convertible_v<std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>,
zeek::ValPtr>
Invoke(Args&&... args) const
{
auto zargs = zeek::Args{std::forward<Args>(args)...};
@ -131,7 +130,7 @@ protected:
void CopyStateInto(Func* other) const;
// Helper function for checking result of plugin hook.
void CheckPluginResult(bool handled, const ValPtr& hook_result,
void CheckPluginResult(bool handled, const zeek::ValPtr& hook_result,
zeek::FunctionFlavor flavor) const;
std::vector<Body> bodies;
@ -153,7 +152,7 @@ public:
~BroFunc() override;
bool IsPure() const override;
ValPtr Invoke(zeek::Args* args, Frame* parent) const override;
zeek::ValPtr Invoke(zeek::Args* args, Frame* parent) const override;
/**
* Adds adds a closure to the function. Closures are cloned and
@ -231,7 +230,7 @@ public:
~BuiltinFunc() override;
bool IsPure() const override;
ValPtr Invoke(zeek::Args* args, Frame* parent) const override;
zeek::ValPtr Invoke(zeek::Args* args, Frame* parent) const override;
built_in_func TheFunc() const { return func; }
void Describe(ODesc* d) const override;
@ -245,7 +244,7 @@ protected:
extern void builtin_error(const char* msg);
extern void builtin_error(const char* msg, ValPtr);
extern void builtin_error(const char* msg, zeek::ValPtr);
extern void builtin_error(const char* msg, BroObj* arg);
extern void init_builtin_funcs();
extern void init_builtin_funcs_subdirs();

7
src/Hash.h
View file

@ -23,15 +23,16 @@
#include <stdlib.h>
class BroString;
// to allow bro_md5_hmac access to the hmac seed
#include "ZeekArgs.h"
class Val;
//ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class BroString;
class Frame;
class BifReturnVal;
namespace zeek::BifFunc {
extern BifReturnVal md5_hmac_bif(Frame* frame, const zeek::Args*);
extern BifReturnVal md5_hmac_bif(::Frame* frame, const zeek::Args*);
}
typedef uint64_t hash_t;

8
src/ID.cc
View file

@ -48,7 +48,7 @@ const zeek::TypePtr& zeek::id::find_type(std::string_view name)
return id->GetType();
}
const ValPtr& zeek::id::find_val(std::string_view name)
const zeek::ValPtr& zeek::id::find_val(std::string_view name)
{
auto id = global_scope()->Find(name);
@ -59,7 +59,7 @@ const ValPtr& zeek::id::find_val(std::string_view name)
return id->GetVal();
}
const ValPtr& zeek::id::find_const(std::string_view name)
const zeek::ValPtr& zeek::id::find_const(std::string_view name)
{
auto id = global_scope()->Find(name);
@ -141,7 +141,7 @@ void ID::ClearVal()
val = nullptr;
}
void ID::SetVal(ValPtr v)
void ID::SetVal(zeek::ValPtr v)
{
val = std::move(v);
Modified();
@ -170,7 +170,7 @@ void ID::SetVal(ValPtr v)
}
}
void ID::SetVal(ValPtr v, InitClass c)
void ID::SetVal(zeek::ValPtr v, InitClass c)
{
if ( c == INIT_NONE || c == INIT_FULL )
{

12
src/ID.h
View file

@ -13,25 +13,25 @@
#include <string_view>
#include <vector>
class Val;
using ValPtr = zeek::IntrusivePtr<Val>;
class Func;
using FuncPtr = zeek::IntrusivePtr<Func>;
namespace zeek { class Type; }
using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumType, zeek);
namespace zeek {
class Type;
using TypePtr = zeek::IntrusivePtr<zeek::Type>;
using RecordTypePtr = zeek::IntrusivePtr<zeek::RecordType>;
using TableTypePtr = zeek::IntrusivePtr<zeek::TableType>;
using VectorTypePtr = zeek::IntrusivePtr<zeek::VectorType>;
using EnumTypePtr = zeek::IntrusivePtr<zeek::EnumType>;
using ValPtr = zeek::IntrusivePtr<zeek::Val>;
}
using BroType [[deprecated("Remove in v4.1. Use zeek::Type instead.")]] = zeek::Type;
namespace zeek::detail {

100
src/IP.cc
View file

@ -13,15 +13,15 @@
#include "BroString.h"
#include "Reporter.h"
static VectorValPtr BuildOptionsVal(const u_char* data, int len)
static zeek::VectorValPtr BuildOptionsVal(const u_char* data, int len)
{
auto vv = zeek::make_intrusive<VectorVal>(zeek::id::find_type<zeek::VectorType>("ip6_options"));
auto vv = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("ip6_options"));
while ( len > 0 )
{
static auto ip6_option_type = zeek::id::find_type<zeek::RecordType>("ip6_option");
const struct ip6_opt* opt = (const struct ip6_opt*) data;
auto rv = zeek::make_intrusive<RecordVal>(ip6_option_type);
auto rv = zeek::make_intrusive<zeek::RecordVal>(ip6_option_type);
rv->Assign(0, val_mgr->Count(opt->ip6o_type));
if ( opt->ip6o_type == 0 )
@ -37,7 +37,7 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len)
// PadN or other option
uint16_t off = 2 * sizeof(uint8_t);
rv->Assign(1, val_mgr->Count(opt->ip6o_len));
rv->Assign(2, zeek::make_intrusive<StringVal>(
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(
new BroString(data + off, opt->ip6o_len, true)));
data += opt->ip6o_len + off;
len -= opt->ip6o_len + off;
@ -49,25 +49,25 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len)
return vv;
}
RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
zeek::RecordValPtr IPv6_Hdr::ToVal(zeek::VectorValPtr chain) const
{
RecordValPtr rv;
zeek::RecordValPtr rv;
switch ( type ) {
case IPPROTO_IPV6:
{
static auto ip6_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_hdr");
rv = zeek::make_intrusive<RecordVal>(ip6_hdr_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_hdr_type);
const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen)));
rv->Assign(3, val_mgr->Count(ip6->ip6_nxt));
rv->Assign(4, val_mgr->Count(ip6->ip6_hlim));
rv->Assign(5, zeek::make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, zeek::make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
rv->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(ip6->ip6_src)));
rv->Assign(6, zeek::make_intrusive<zeek::AddrVal>(IPAddr(ip6->ip6_dst)));
if ( ! chain )
chain = zeek::make_intrusive<VectorVal>(
chain = zeek::make_intrusive<zeek::VectorVal>(
zeek::id::find_type<zeek::VectorType>("ip6_ext_hdr_chain"));
rv->Assign(7, std::move(chain));
}
@ -76,7 +76,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_HOPOPTS:
{
static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts");
rv = zeek::make_intrusive<RecordVal>(ip6_hopopts_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_hopopts_type);
const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt));
rv->Assign(1, val_mgr->Count(hbh->ip6h_len));
@ -89,7 +89,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_DSTOPTS:
{
static auto ip6_dstopts_type = zeek::id::find_type<zeek::RecordType>("ip6_dstopts");
rv = zeek::make_intrusive<RecordVal>(ip6_dstopts_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_dstopts_type);
const struct ip6_dest* dst = (const struct ip6_dest*)data;
rv->Assign(0, val_mgr->Count(dst->ip6d_nxt));
rv->Assign(1, val_mgr->Count(dst->ip6d_len));
@ -101,21 +101,21 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_ROUTING:
{
static auto ip6_routing_type = zeek::id::find_type<zeek::RecordType>("ip6_routing");
rv = zeek::make_intrusive<RecordVal>(ip6_routing_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_routing_type);
const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
rv->Assign(0, val_mgr->Count(rt->ip6r_nxt));
rv->Assign(1, val_mgr->Count(rt->ip6r_len));
rv->Assign(2, val_mgr->Count(rt->ip6r_type));
rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
uint16_t off = 4 * sizeof(uint8_t);
rv->Assign(4, zeek::make_intrusive<StringVal>(new BroString(data + off, Length() - off, true)));
rv->Assign(4, zeek::make_intrusive<zeek::StringVal>(new BroString(data + off, Length() - off, true)));
}
break;
case IPPROTO_FRAGMENT:
{
static auto ip6_fragment_type = zeek::id::find_type<zeek::RecordType>("ip6_fragment");
rv = zeek::make_intrusive<RecordVal>(ip6_fragment_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_fragment_type);
const struct ip6_frag* frag = (const struct ip6_frag*)data;
rv->Assign(0, val_mgr->Count(frag->ip6f_nxt));
rv->Assign(1, val_mgr->Count(frag->ip6f_reserved));
@ -129,7 +129,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_AH:
{
static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah");
rv = zeek::make_intrusive<RecordVal>(ip6_ah_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_ah_type);
rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len));
rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1])));
@ -141,7 +141,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
// Payload Len was non-zero for this header.
rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
uint16_t off = 3 * sizeof(uint32_t);
rv->Assign(5, zeek::make_intrusive<StringVal>(new BroString(data + off, Length() - off, true)));
rv->Assign(5, zeek::make_intrusive<zeek::StringVal>(new BroString(data + off, Length() - off, true)));
}
}
break;
@ -149,7 +149,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_ESP:
{
static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp");
rv = zeek::make_intrusive<RecordVal>(ip6_esp_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_esp_type);
const uint32_t* esp = (const uint32_t*)data;
rv->Assign(0, val_mgr->Count(ntohl(esp[0])));
rv->Assign(1, val_mgr->Count(ntohl(esp[1])));
@ -160,7 +160,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case IPPROTO_MOBILITY:
{
static auto ip6_mob_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_hdr");
rv = zeek::make_intrusive<RecordVal>(ip6_mob_type);
rv = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_type);
const struct ip6_mobility* mob = (const struct ip6_mobility*) data;
rv->Assign(0, val_mgr->Count(mob->ip6mob_payload));
rv->Assign(1, val_mgr->Count(mob->ip6mob_len));
@ -169,7 +169,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum)));
static auto ip6_mob_msg_type = zeek::id::find_type<zeek::RecordType>("ip6_mobility_msg");
auto msg = zeek::make_intrusive<RecordVal>(ip6_mob_msg_type);
auto msg = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_msg_type);
msg->Assign(0, val_mgr->Count(mob->ip6mob_type));
uint16_t off = sizeof(ip6_mobility);
@ -187,7 +187,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
switch ( mob->ip6mob_type ) {
case 0:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mob_brr_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mob_brr_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
off += sizeof(uint16_t);
m->Assign(1, BuildOptionsVal(data + off, Length() - off));
@ -197,7 +197,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 1:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_hoti_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_hoti_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
off += sizeof(uint16_t) + sizeof(uint64_t);
@ -208,7 +208,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 2:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_coti_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_coti_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
off += sizeof(uint16_t) + sizeof(uint64_t);
@ -219,7 +219,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 3:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_hot_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_hot_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
@ -231,7 +231,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 4:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_cot_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_cot_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
@ -243,7 +243,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 5:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_bu_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_bu_type);
m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
@ -258,7 +258,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 6:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_back_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_back_type);
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
@ -271,10 +271,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
case 7:
{
auto m = zeek::make_intrusive<RecordVal>(ip6_mobility_be_type);
auto m = zeek::make_intrusive<zeek::RecordVal>(ip6_mobility_be_type);
m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
m->Assign(1, zeek::make_intrusive<AddrVal>(IPAddr(*hoa)));
m->Assign(1, zeek::make_intrusive<zeek::AddrVal>(IPAddr(*hoa)));
off += sizeof(uint16_t) + sizeof(in6_addr);
m->Assign(2, BuildOptionsVal(data + off, Length() - off));
msg->Assign(8, std::move(m));
@ -298,10 +298,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
return rv;
}
RecordValPtr IPv6_Hdr::ToVal() const
zeek::RecordValPtr IPv6_Hdr::ToVal() const
{ return ToVal(nullptr); }
RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
zeek::RecordVal* IPv6_Hdr::BuildRecordVal(zeek::VectorVal* chain) const
{
return ToVal({zeek::AdoptRef{}, chain}).release();
}
@ -326,22 +326,22 @@ IPAddr IP_Hdr::DstAddr() const
return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr();
}
RecordValPtr IP_Hdr::ToIPHdrVal() const
zeek::RecordValPtr IP_Hdr::ToIPHdrVal() const
{
RecordValPtr rval;
zeek::RecordValPtr rval;
if ( ip4 )
{
static auto ip4_hdr_type = zeek::id::find_type<zeek::RecordType>("ip4_hdr");
rval = zeek::make_intrusive<RecordVal>(ip4_hdr_type);
rval = zeek::make_intrusive<zeek::RecordVal>(ip4_hdr_type);
rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4));
rval->Assign(1, val_mgr->Count(ip4->ip_tos));
rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len)));
rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id)));
rval->Assign(4, val_mgr->Count(ip4->ip_ttl));
rval->Assign(5, val_mgr->Count(ip4->ip_p));
rval->Assign(6, zeek::make_intrusive<AddrVal>(ip4->ip_src.s_addr));
rval->Assign(7, zeek::make_intrusive<AddrVal>(ip4->ip_dst.s_addr));
rval->Assign(6, zeek::make_intrusive<zeek::AddrVal>(ip4->ip_src.s_addr));
rval->Assign(7, zeek::make_intrusive<zeek::AddrVal>(ip4->ip_dst.s_addr));
}
else
{
@ -351,23 +351,23 @@ RecordValPtr IP_Hdr::ToIPHdrVal() const
return rval;
}
RecordVal* IP_Hdr::BuildIPHdrVal() const
zeek::RecordVal* IP_Hdr::BuildIPHdrVal() const
{
return ToIPHdrVal().release();
}
RecordValPtr IP_Hdr::ToPktHdrVal() const
zeek::RecordValPtr IP_Hdr::ToPktHdrVal() const
{
static auto pkt_hdr_type = zeek::id::find_type<zeek::RecordType>("pkt_hdr");
return ToPktHdrVal(zeek::make_intrusive<RecordVal>(pkt_hdr_type), 0);
return ToPktHdrVal(zeek::make_intrusive<zeek::RecordVal>(pkt_hdr_type), 0);
}
RecordVal* IP_Hdr::BuildPktHdrVal() const
zeek::RecordVal* IP_Hdr::BuildPktHdrVal() const
{
return ToPktHdrVal().release();
}
RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
zeek::RecordValPtr IP_Hdr::ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) const
{
static auto tcp_hdr_type = zeek::id::find_type<zeek::RecordType>("tcp_hdr");
static auto udp_hdr_type = zeek::id::find_type<zeek::RecordType>("udp_hdr");
@ -386,7 +386,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_TCP:
{
const struct tcphdr* tp = (const struct tcphdr*) data;
auto tcp_hdr = zeek::make_intrusive<RecordVal>(tcp_hdr_type);
auto tcp_hdr = zeek::make_intrusive<zeek::RecordVal>(tcp_hdr_type);
int tcp_hdr_len = tp->th_off * 4;
int data_len = PayloadLen() - tcp_hdr_len;
@ -408,7 +408,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_UDP:
{
const struct udphdr* up = (const struct udphdr*) data;
auto udp_hdr = zeek::make_intrusive<RecordVal>(udp_hdr_type);
auto udp_hdr = zeek::make_intrusive<zeek::RecordVal>(udp_hdr_type);
udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
@ -421,7 +421,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_ICMP:
{
const struct icmp* icmpp = (const struct icmp *) data;
auto icmp_hdr = zeek::make_intrusive<RecordVal>(icmp_hdr_type);
auto icmp_hdr = zeek::make_intrusive<zeek::RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type));
@ -432,7 +432,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
case IPPROTO_ICMPV6:
{
const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data;
auto icmp_hdr = zeek::make_intrusive<RecordVal>(icmp_hdr_type);
auto icmp_hdr = zeek::make_intrusive<zeek::RecordVal>(icmp_hdr_type);
icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type));
@ -450,7 +450,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
return pkt_hdr;
}
RecordVal* IP_Hdr::BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const
zeek::RecordVal* IP_Hdr::BuildPktHdrVal(zeek::RecordVal* pkt_hdr, int sindex) const
{
return ToPktHdrVal({zeek::AdoptRef{}, pkt_hdr}, sindex).release();
}
@ -676,7 +676,7 @@ void IPv6_Hdr_Chain::ProcessDstOpts(const struct ip6_dest* d, uint16_t len)
}
#endif
VectorValPtr IPv6_Hdr_Chain::ToVal() const
zeek::VectorValPtr IPv6_Hdr_Chain::ToVal() const
{
static auto ip6_ext_hdr_type = zeek::id::find_type<zeek::RecordType>("ip6_ext_hdr");
static auto ip6_hopopts_type = zeek::id::find_type<zeek::RecordType>("ip6_hopopts");
@ -686,12 +686,12 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const
static auto ip6_ah_type = zeek::id::find_type<zeek::RecordType>("ip6_ah");
static auto ip6_esp_type = zeek::id::find_type<zeek::RecordType>("ip6_esp");
static auto ip6_ext_hdr_chain_type = zeek::id::find_type<zeek::VectorType>("ip6_ext_hdr_chain");
auto rval = zeek::make_intrusive<VectorVal>(ip6_ext_hdr_chain_type);
auto rval = zeek::make_intrusive<zeek::VectorVal>(ip6_ext_hdr_chain_type);
for ( size_t i = 1; i < chain.size(); ++i )
{
auto v = chain[i]->ToVal();
auto ext_hdr = zeek::make_intrusive<RecordVal>(ip6_ext_hdr_type);
auto ext_hdr = zeek::make_intrusive<zeek::RecordVal>(ip6_ext_hdr_type);
uint8_t type = chain[i]->Type();
ext_hdr->Assign(0, val_mgr->Count(type));
@ -730,7 +730,7 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const
return rval;
}
VectorVal* IPv6_Hdr_Chain::BuildVal() const
zeek::VectorVal* IPv6_Hdr_Chain::BuildVal() const
{
return ToVal().release();
}

29
src/IP.h
View file

@ -17,11 +17,14 @@
#include "IntrusivePtr.h"
class IPAddr;
class RecordVal;
class VectorVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(VectorVal, zeek);
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
using VectorValPtr = zeek::IntrusivePtr<VectorVal>;
}
#ifdef ENABLE_MOBILE_IPV6
@ -139,11 +142,11 @@ public:
/**
* Returns the script-layer record representation of the header.
*/
RecordValPtr ToVal(VectorValPtr chain) const;
RecordValPtr ToVal() const;
zeek::RecordValPtr ToVal(zeek::VectorValPtr chain) const;
zeek::RecordValPtr ToVal() const;
[[deprecated("Remove in v4.1. Use ToVal() instead.")]]
RecordVal* BuildRecordVal(VectorVal* chain = nullptr) const;
zeek::RecordVal* BuildRecordVal(zeek::VectorVal* chain = nullptr) const;
protected:
uint8_t type;
@ -232,10 +235,10 @@ public:
* Returns a vector of ip6_ext_hdr RecordVals that includes script-layer
* representation of all extension headers in the chain.
*/
VectorValPtr ToVal() const;
zeek::VectorValPtr ToVal() const;
[[deprecated("Remove in v4.1. Use ToVal() instead.")]]
VectorVal* BuildVal() const;
zeek::VectorVal* BuildVal() const;
protected:
// for access to protected ctor that changes next header values that
@ -529,28 +532,28 @@ public:
/**
* Returns an ip_hdr or ip6_hdr_chain RecordVal.
*/
RecordValPtr ToIPHdrVal() const;
zeek::RecordValPtr ToIPHdrVal() const;
[[deprecated("Remove in v4.1. Use ToIPHdrVal() instead.")]]
RecordVal* BuildIPHdrVal() const;
zeek::RecordVal* BuildIPHdrVal() const;
/**
* Returns a pkt_hdr RecordVal, which includes not only the IP header, but
* also upper-layer (tcp/udp/icmp) headers.
*/
RecordValPtr ToPktHdrVal() const;
zeek::RecordValPtr ToPktHdrVal() const;
[[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]]
RecordVal* BuildPktHdrVal() const;
zeek::RecordVal* BuildPktHdrVal() const;
/**
* Same as above, but simply add our values into the record at the
* specified starting index.
*/
RecordValPtr ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const;
zeek::RecordValPtr ToPktHdrVal(zeek::RecordValPtr pkt_hdr, int sindex) const;
[[deprecated("Remove in v4.1. Use ToPktHdrVal() instead.")]]
RecordVal* BuildPktHdrVal(RecordVal* pkt_hdr, int sindex) const;
zeek::RecordVal* BuildPktHdrVal(zeek::RecordVal* pkt_hdr, int sindex) const;
private:
const struct ip* ip4 = nullptr;

2
src/Net.cc
View file

@ -194,7 +194,7 @@ void net_init(const std::optional<std::string>& interface,
writefile, pkt_dumper->ErrorMsg());
if ( const auto& id = global_scope()->Find("trace_output_file") )
id->SetVal(zeek::make_intrusive<StringVal>(writefile));
id->SetVal(zeek::make_intrusive<zeek::StringVal>(writefile));
else
reporter->Error("trace_output_file not defined in bro.init");
}

42
src/NetVar.cc
View file

@ -66,17 +66,17 @@ double icmp_inactivity_timeout;
int tcp_storm_thresh;
double tcp_storm_interarrival_thresh;
TableVal* tcp_reassembler_ports_orig;
TableVal* tcp_reassembler_ports_resp;
zeek::TableVal* tcp_reassembler_ports_orig;
zeek::TableVal* tcp_reassembler_ports_resp;
TableVal* tcp_content_delivery_ports_orig;
TableVal* tcp_content_delivery_ports_resp;
zeek::TableVal* tcp_content_delivery_ports_orig;
zeek::TableVal* tcp_content_delivery_ports_resp;
bool tcp_content_deliver_all_orig;
bool tcp_content_deliver_all_resp;
TableVal* udp_content_delivery_ports_orig;
TableVal* udp_content_delivery_ports_resp;
TableVal* udp_content_ports;
zeek::TableVal* udp_content_delivery_ports_orig;
zeek::TableVal* udp_content_delivery_ports_resp;
zeek::TableVal* udp_content_ports;
bool udp_content_deliver_all_orig;
bool udp_content_deliver_all_resp;
bool udp_content_delivery_ports_use_resp;
@ -112,15 +112,15 @@ zeek::RecordType* dns_rrsig_rr;
zeek::RecordType* dns_dnskey_rr;
zeek::RecordType* dns_nsec3_rr;
zeek::RecordType* dns_ds_rr;
TableVal* dns_skip_auth;
TableVal* dns_skip_addl;
zeek::TableVal* dns_skip_auth;
zeek::TableVal* dns_skip_addl;
int dns_skip_all_auth;
int dns_skip_all_addl;
int dns_max_queries;
double stp_delta;
double stp_idle_min;
TableVal* stp_skip_src;
zeek::TableVal* stp_skip_src;
double table_expire_interval;
double table_expire_delay;
@ -130,22 +130,22 @@ double connection_status_update_interval;
int orig_addr_anonymization, resp_addr_anonymization;
int other_addr_anonymization;
TableVal* preserve_orig_addr;
TableVal* preserve_resp_addr;
TableVal* preserve_other_addr;
zeek::TableVal* preserve_orig_addr;
zeek::TableVal* preserve_resp_addr;
zeek::TableVal* preserve_other_addr;
zeek::RecordType* rotate_info;
StringVal* log_rotate_base_time;
zeek::StringVal* log_rotate_base_time;
StringVal* peer_description;
zeek::StringVal* peer_description;
Val* profiling_file;
zeek::Val* profiling_file;
double profiling_interval;
int expensive_profiling_multiple;
int segment_profiling;
int pkt_profile_mode;
double pkt_profile_freq;
Val* pkt_profile_file;
zeek::Val* pkt_profile_file;
int load_sample_freq;
@ -162,13 +162,13 @@ int dpd_match_only_beginning;
int dpd_late_match_stop;
int dpd_ignore_ports;
TableVal* likely_server_ports;
zeek::TableVal* likely_server_ports;
int check_for_unused_event_handlers;
double timer_mgr_inactivity_timeout;
StringVal* trace_output_file;
zeek::StringVal* trace_output_file;
int record_all_packets;
@ -179,9 +179,9 @@ zeek::TableType* record_field_table;
zeek::RecordType* call_argument;
zeek::VectorType* call_argument_vector;
StringVal* cmd_line_bpf_filter;
zeek::StringVal* cmd_line_bpf_filter;
StringVal* global_hash_seed;
zeek::StringVal* global_hash_seed;
bro_uint_t bits_per_uid;

42
src/NetVar.h
View file

@ -87,23 +87,23 @@ extern int tcp_storm_thresh;
extern double tcp_storm_interarrival_thresh;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_reassembler_ports_orig;
extern zeek::TableVal* tcp_reassembler_ports_orig;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_reassembler_ports_resp;
extern zeek::TableVal* tcp_reassembler_ports_resp;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_content_delivery_ports_orig;
extern zeek::TableVal* tcp_content_delivery_ports_orig;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* tcp_content_delivery_ports_resp;
extern zeek::TableVal* tcp_content_delivery_ports_resp;
extern bool tcp_content_deliver_all_orig;
extern bool tcp_content_deliver_all_resp;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* udp_content_delivery_ports_orig;
extern zeek::TableVal* udp_content_delivery_ports_orig;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* udp_content_delivery_ports_resp;
extern zeek::TableVal* udp_content_delivery_ports_resp;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* udp_content_ports;
extern zeek::TableVal* udp_content_ports;
extern bool udp_content_deliver_all_orig;
extern bool udp_content_deliver_all_resp;
extern bool udp_content_delivery_ports_use_resp;
@ -159,9 +159,9 @@ extern zeek::RecordType* dns_nsec3_rr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern zeek::RecordType* dns_ds_rr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* dns_skip_auth;
extern zeek::TableVal* dns_skip_auth;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* dns_skip_addl;
extern zeek::TableVal* dns_skip_addl;
extern int dns_skip_all_auth;
extern int dns_skip_all_addl;
extern int dns_max_queries;
@ -169,7 +169,7 @@ extern int dns_max_queries;
extern double stp_delta;
extern double stp_idle_min;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* stp_skip_src;
extern zeek::TableVal* stp_skip_src;
extern double table_expire_interval;
extern double table_expire_delay;
@ -178,24 +178,24 @@ extern int table_incremental_step;
extern int orig_addr_anonymization, resp_addr_anonymization;
extern int other_addr_anonymization;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* preserve_orig_addr;
extern zeek::TableVal* preserve_orig_addr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* preserve_resp_addr;
extern zeek::TableVal* preserve_resp_addr;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* preserve_other_addr;
extern zeek::TableVal* preserve_other_addr;
extern double connection_status_update_interval;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern zeek::RecordType* rotate_info;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* log_rotate_base_time;
extern zeek::StringVal* log_rotate_base_time;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* peer_description;
extern zeek::StringVal* peer_description;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern Val* profiling_file;
extern zeek::Val* profiling_file;
extern double profiling_interval;
extern int expensive_profiling_multiple;
@ -203,7 +203,7 @@ extern int segment_profiling;
extern int pkt_profile_mode;
extern double pkt_profile_freq;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern Val* pkt_profile_file;
extern zeek::Val* pkt_profile_file;
extern int load_sample_freq;
@ -223,14 +223,14 @@ extern int dpd_late_match_stop;
extern int dpd_ignore_ports;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern TableVal* likely_server_ports;
extern zeek::TableVal* likely_server_ports;
extern int check_for_unused_event_handlers;
extern double timer_mgr_inactivity_timeout;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* trace_output_file;
extern zeek::StringVal* trace_output_file;
extern int record_all_packets;
@ -248,10 +248,10 @@ extern zeek::RecordType* call_argument;
extern zeek::VectorType* call_argument_vector;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* cmd_line_bpf_filter;
extern zeek::StringVal* cmd_line_bpf_filter;
[[deprecated("Remove in v4.1. Perform your own lookup.")]]
extern StringVal* global_hash_seed;
extern zeek::StringVal* global_hash_seed;
extern bro_uint_t bits_per_uid;

4
src/OpaqueVal.cc
View file

@ -15,6 +15,8 @@
#include <broker/data.hh>
#include <broker/error.hh>
namespace zeek {
// Helper to retrieve a broker value out of a broker::vector at a specified
// index, and casted to the expected destination type.
template<typename S, typename V, typename D>
@ -1035,3 +1037,5 @@ ValPtr ParaglobVal::DoClone(CloneState* state)
return nullptr;
}
}
}

31
src/OpaqueVal.h
View file

@ -14,6 +14,13 @@
namespace broker { class data; }
namespace probabilistic {
class BloomFilter;
class CardinalityCounter;
}
namespace zeek {
class OpaqueVal;
using OpaqueValPtr = zeek::IntrusivePtr<OpaqueVal>;
@ -72,18 +79,18 @@ private:
/** Macro to insert into an OpaqueVal-derived class's declaration. */
#define DECLARE_OPAQUE_VALUE(T) \
friend class OpaqueMgr::Register<T>; \
friend class zeek::OpaqueMgr::Register<T>; \
friend zeek::IntrusivePtr<T> zeek::make_intrusive<T>(); \
broker::expected<broker::data> DoSerialize() const override; \
bool DoUnserialize(const broker::data& data) override; \
const char* OpaqueName() const override { return #T; } \
static OpaqueValPtr OpaqueInstantiate() { return zeek::make_intrusive<T>(); }
static zeek::OpaqueValPtr OpaqueInstantiate() { return zeek::make_intrusive<T>(); }
#define __OPAQUE_MERGE(a, b) a ## b
#define __OPAQUE_ID(x) __OPAQUE_MERGE(_opaque, x)
/** Macro to insert into an OpaqueVal-derived class's implementation file. */
#define IMPLEMENT_OPAQUE_VALUE(T) static OpaqueMgr::Register<T> __OPAQUE_ID(__LINE__)(#T);
#define IMPLEMENT_OPAQUE_VALUE(T) static zeek::OpaqueMgr::Register<T> __OPAQUE_ID(__LINE__)(#T);
/**
* Base class for all opaque values. Opaque values are types that are managed
@ -162,11 +169,6 @@ protected:
static zeek::TypePtr UnserializeType(const broker::data& data);
};
namespace probabilistic {
class BloomFilter;
class CardinalityCounter;
}
class HashVal : public OpaqueVal {
public:
template <class T>
@ -380,3 +382,16 @@ protected:
private:
std::unique_ptr<paraglob::Paraglob> internal_paraglob;
};
}
using OpaqueMgr [[deprecated("Remove in v4.1. Use zeek::OpaqueMgr instead.")]] = zeek::OpaqueMgr;
using OpaqueVal [[deprecated("Remove in v4.1. Use zeek::OpaqueVal instead.")]] = zeek::OpaqueVal;
using HashVal [[deprecated("Remove in v4.1. Use zeek::HashVal instead.")]] = zeek::HashVal;
using MD5Val [[deprecated("Remove in v4.1. Use zeek::MD5Val instead.")]] = zeek::MD5Val;
using SHA1Val [[deprecated("Remove in v4.1. Use zeek::SHA1Val instead.")]] = zeek::SHA1Val;
using SHA256Val [[deprecated("Remove in v4.1. Use zeek::SHA256Val instead.")]] = zeek::SHA256Val;
using EntropyVal [[deprecated("Remove in v4.1. Use zeek::EntropyVal instead.")]] = zeek::EntropyVal;
using BloomFilterVal [[deprecated("Remove in v4.1. Use zeek::BloomFilterVal instead.")]] = zeek::BloomFilterVal;
using CardinalityVal [[deprecated("Remove in v4.1. Use zeek::CardinalityVal instead.")]] = zeek::CardinalityVal;
using ParaglobVal [[deprecated("Remove in v4.1. Use zeek::ParaglobVal instead.")]] = zeek::ParaglobVal;

8
src/PacketFilter.cc
View file

@ -23,7 +23,7 @@ void PacketFilter::AddSrc(const IPAddr& src, uint32_t tcp_flags, double probabil
delete prev;
}
void PacketFilter::AddSrc(Val* src, uint32_t tcp_flags, double probability)
void PacketFilter::AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability)
{
Filter* f = new Filter;
f->tcp_flags = tcp_flags;
@ -41,7 +41,7 @@ void PacketFilter::AddDst(const IPAddr& dst, uint32_t tcp_flags, double probabil
delete prev;
}
void PacketFilter::AddDst(Val* dst, uint32_t tcp_flags, double probability)
void PacketFilter::AddDst(zeek::Val* dst, uint32_t tcp_flags, double probability)
{
Filter* f = new Filter;
f->tcp_flags = tcp_flags;
@ -57,7 +57,7 @@ bool PacketFilter::RemoveSrc(const IPAddr& src)
return f != nullptr;
}
bool PacketFilter::RemoveSrc(Val* src)
bool PacketFilter::RemoveSrc(zeek::Val* src)
{
auto f = static_cast<Filter*>(src_filter.Remove(src));
delete f;
@ -71,7 +71,7 @@ bool PacketFilter::RemoveDst(const IPAddr& dst)
return f != nullptr;
}
bool PacketFilter::RemoveDst(Val* dst)
bool PacketFilter::RemoveDst(zeek::Val* dst)
{
auto f = static_cast<Filter*>(dst_filter.Remove(dst));
delete f;

10
src/PacketFilter.h
View file

@ -6,7 +6,7 @@
#include "PrefixTable.h"
class IP_Hdr;
class Val;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
class PacketFilter {
public:
@ -17,16 +17,16 @@ public:
// as an AddrVal or a SubnetVal) which hasn't any of TCP flags set
// (TH_*) with the given probability (from 0..MAX_PROB).
void AddSrc(const IPAddr& src, uint32_t tcp_flags, double probability);
void AddSrc(Val* src, uint32_t tcp_flags, double probability);
void AddSrc(zeek::Val* src, uint32_t tcp_flags, double probability);
void AddDst(const IPAddr& src, uint32_t tcp_flags, double probability);
void AddDst(Val* src, uint32_t tcp_flags, double probability);
void AddDst(zeek::Val* src, uint32_t tcp_flags, double probability);
// Removes the filter entry for the given src/dst
// Returns false if filter doesn not exist.
bool RemoveSrc(const IPAddr& src);
bool RemoveSrc(Val* dst);
bool RemoveSrc(zeek::Val* dst);
bool RemoveDst(const IPAddr& dst);
bool RemoveDst(Val* dst);
bool RemoveDst(zeek::Val* dst);
// Returns true if packet matches a drop filter
bool Match(const IP_Hdr* ip, int len, int caplen);

8
src/PrefixTable.cc
View file

@ -40,7 +40,7 @@ void* PrefixTable::Insert(const IPAddr& addr, int width, void* data)
return old;
}
void* PrefixTable::Insert(const Val* value, void* data)
void* PrefixTable::Insert(const zeek::Val* value, void* data)
{
// [elem] -> elem
if ( value->GetType()->Tag() == zeek::TYPE_LIST &&
@ -81,7 +81,7 @@ std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const IPAddr& addr, i
return out;
}
std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const SubNetVal* value) const
std::list<std::tuple<IPPrefix,void*>> PrefixTable::FindAll(const zeek::SubNetVal* value) const
{
return FindAll(value->AsSubNet().Prefix(), value->AsSubNet().LengthIPv6());
}
@ -100,7 +100,7 @@ void* PrefixTable::Lookup(const IPAddr& addr, int width, bool exact) const
return node ? node->data : nullptr;
}
void* PrefixTable::Lookup(const Val* value, bool exact) const
void* PrefixTable::Lookup(const zeek::Val* value, bool exact) const
{
// [elem] -> elem
if ( value->GetType()->Tag() == zeek::TYPE_LIST &&
@ -139,7 +139,7 @@ void* PrefixTable::Remove(const IPAddr& addr, int width)
return old;
}
void* PrefixTable::Remove(const Val* value)
void* PrefixTable::Remove(const zeek::Val* value)
{
// [elem] -> elem
if ( value->GetType()->Tag() == zeek::TYPE_LIST &&

12
src/PrefixTable.h
View file

@ -8,8 +8,8 @@ extern "C" {
#include "IPAddr.h"
class Val;
class SubNetVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(SubNetVal, zeek);
class PrefixTable {
private:
@ -30,21 +30,21 @@ public:
void* Insert(const IPAddr& addr, int width, void* data = nullptr);
// Value may be addr or subnet.
void* Insert(const Val* value, void* data = nullptr);
void* Insert(const zeek::Val* value, void* data = nullptr);
// Returns nil if not found, pointer to data otherwise.
// For items without data, returns non-nil if found.
// If exact is false, performs exact rather than longest-prefix match.
void* Lookup(const IPAddr& addr, int width, bool exact = false) const;
void* Lookup(const Val* value, bool exact = false) const;
void* Lookup(const zeek::Val* value, bool exact = false) const;
// Returns list of all found matches or empty list otherwise.
std::list<std::tuple<IPPrefix,void*>> FindAll(const IPAddr& addr, int width) const;
std::list<std::tuple<IPPrefix,void*>> FindAll(const SubNetVal* value) const;
std::list<std::tuple<IPPrefix,void*>> FindAll(const zeek::SubNetVal* value) const;
// Returns pointer to data or nil if not found.
void* Remove(const IPAddr& addr, int width);
void* Remove(const Val* value);
void* Remove(const zeek::Val* value);
void Clear() { Clear_Patricia(tree, delete_function); }

5
src/RandTest.h
View file

@ -1,13 +1,14 @@
#pragma once
#include "zeek-config.h"
#include <stdint.h>
#define RT_MONTEN 6 /* Bytes used as Monte Carlo
co-ordinates. This should be no more
bits than the mantissa of your "double"
floating point type. */
class EntropyVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(EntropyVal, zeek);
class RandTest {
public:
@ -17,7 +18,7 @@ class RandTest {
double* r_montepicalc, double* r_scc);
private:
friend class EntropyVal;
friend class zeek::EntropyVal;
int64_t ccount[256]; /* Bins to count occurrences of values */
int64_t totalc; /* Total bytes counted */

22
src/Reporter.cc
View file

@ -74,7 +74,7 @@ void Reporter::InitOptions()
HashKey* k;
IterCookie* c = wl_table->InitForIteration();
TableEntryVal* v;
zeek::TableEntryVal* v;
while ( (v = wl_table->NextEntry(k, c)) )
{
@ -345,7 +345,7 @@ bool Reporter::PermitFlowWeird(const char* name,
return false;
}
bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id)
bool Reporter::PermitExpiredConnWeird(const char* name, const zeek::RecordVal& conn_id)
{
auto conn_tuple = std::make_tuple(conn_id.GetField("orig_h")->AsAddr(),
conn_id.GetField("resp_h")->AsAddr(),
@ -384,7 +384,7 @@ void Reporter::Weird(const char* name, const char* addl)
return;
}
WeirdHelper(net_weird, {new StringVal(addl)}, "%s", name);
WeirdHelper(net_weird, {new zeek::StringVal(addl)}, "%s", name);
}
void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
@ -398,7 +398,7 @@ void Reporter::Weird(file_analysis::File* f, const char* name, const char* addl)
return;
}
WeirdHelper(file_weird, {f->ToVal()->Ref(), new StringVal(addl)},
WeirdHelper(file_weird, {f->ToVal()->Ref(), new zeek::StringVal(addl)},
"%s", name);
}
@ -413,11 +413,11 @@ void Reporter::Weird(Connection* conn, const char* name, const char* addl)
return;
}
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new StringVal(addl)},
WeirdHelper(conn_weird, {conn->ConnVal()->Ref(), new zeek::StringVal(addl)},
"%s", name);
}
void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
void Reporter::Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid,
const char* name, const char* addl)
{
UpdateWeirdStats(name);
@ -429,7 +429,7 @@ void Reporter::Weird(RecordValPtr conn_id, StringValPtr uid,
}
WeirdHelper(expired_conn_weird,
{conn_id.release(), uid.release(), new StringVal(addl)},
{conn_id.release(), uid.release(), new zeek::StringVal(addl)},
"%s", name);
}
@ -444,7 +444,7 @@ void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name, c
}
WeirdHelper(flow_weird,
{new AddrVal(orig), new AddrVal(resp), new StringVal(addl)},
{new zeek::AddrVal(orig), new zeek::AddrVal(resp), new zeek::StringVal(addl)},
"%s", name);
}
@ -558,12 +558,12 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,
vl.reserve(vl_size);
if ( time )
vl.emplace_back(zeek::make_intrusive<TimeVal>(network_time ? network_time : current_time()));
vl.emplace_back(zeek::make_intrusive<zeek::TimeVal>(network_time ? network_time : current_time()));
vl.emplace_back(zeek::make_intrusive<StringVal>(buffer));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(buffer));
if ( location )
vl.emplace_back(zeek::make_intrusive<StringVal>(loc_str.c_str()));
vl.emplace_back(zeek::make_intrusive<zeek::StringVal>(loc_str.c_str()));
if ( conn )
vl.emplace_back(conn->ConnVal());

11
src/Reporter.h
View file

@ -21,15 +21,14 @@ class Connection;
class Location;
class Reporter;
class EventHandlerPtr;
class RecordVal;
class StringVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
}
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
using StringValPtr = zeek::IntrusivePtr<StringVal>;
}
// One cannot raise this exception directly, go through the
// Reporter's methods instead.
@ -102,7 +101,7 @@ public:
void Weird(const char* name, const char* addl = ""); // Raises net_weird().
void Weird(file_analysis::File* f, const char* name, const char* addl = ""); // Raises file_weird().
void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird().
void Weird(RecordValPtr conn_id, StringValPtr uid,
void Weird(zeek::RecordValPtr conn_id, zeek::StringValPtr uid,
const char* name, const char* addl = ""); // Raises expired_conn_weird().
void Weird(const IPAddr& orig, const IPAddr& resp, const char* name, const char* addl = ""); // Raises flow_weird().
@ -275,7 +274,7 @@ private:
{ return weird_sampling_whitelist.find(name) != weird_sampling_whitelist.end(); }
bool PermitNetWeird(const char* name);
bool PermitFlowWeird(const char* name, const IPAddr& o, const IPAddr& r);
bool PermitExpiredConnWeird(const char* name, const RecordVal& conn_id);
bool PermitExpiredConnWeird(const char* name, const zeek::RecordVal& conn_id);
bool EmitToStderr(bool flag)
{ return flag || ! after_zeek_init; }

4
src/RuleAction.cc
View file

@ -23,8 +23,8 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state,
if ( signature_match )
mgr.Enqueue(signature_match,
zeek::IntrusivePtr{zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(parent, state)},
zeek::make_intrusive<StringVal>(msg),
data ? zeek::make_intrusive<StringVal>(len, (const char*)data) : val_mgr->EmptyString()
zeek::make_intrusive<zeek::StringVal>(msg),
data ? zeek::make_intrusive<zeek::StringVal>(len, (const char*)data) : val_mgr->EmptyString()
);
}

2
src/RuleCondition.cc
View file

@ -173,7 +173,7 @@ bool RuleConditionEval::DoMatch(Rule* rule, RuleEndpointState* state,
args.emplace_back(zeek::AdoptRef{}, rule_matcher->BuildRuleStateValue(rule, state));
if ( data )
args.emplace_back(zeek::make_intrusive<StringVal>(len, (const char*) data));
args.emplace_back(zeek::make_intrusive<zeek::StringVal>(len, (const char*) data));
else
args.emplace_back(val_mgr->EmptyString());

16
src/RuleMatcher.cc
View file

@ -78,12 +78,12 @@ RuleHdrTest::RuleHdrTest(Prot arg_prot, Comp arg_comp, vector<IPPrefix> arg_v)
level = 0;
}
Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
zeek::Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
const RuleEndpointState* state) const
{
static auto signature_state = zeek::id::find_type<zeek::RecordType>("signature_state");
RecordVal* val = new RecordVal(signature_state);
val->Assign(0, zeek::make_intrusive<StringVal>(rule->ID()));
auto* val = new zeek::RecordVal(signature_state);
val->Assign(0, zeek::make_intrusive<zeek::StringVal>(rule->ID()));
val->Assign(1, state->GetAnalyzer()->ConnVal());
val->Assign(2, val_mgr->Bool(state->is_orig));
val->Assign(3, val_mgr->Count(state->payload_size));
@ -1272,7 +1272,7 @@ void RuleMatcher::DumpStateStats(BroFile* f, RuleHdrTest* hdr_test)
DumpStateStats(f, h);
}
static Val* get_bro_val(const char* label)
static zeek::Val* get_bro_val(const char* label)
{
auto id = lookup_ID(label, GLOBAL_MODULE_NAME, false);
if ( ! id )
@ -1288,7 +1288,7 @@ static Val* get_bro_val(const char* label)
// Converts an atomic Val and appends it to the list. For subnet types,
// if the prefix_vector param isn't null, appending to that is preferred
// over appending to the masked val list.
static bool val_to_maskedval(Val* v, maskedvalue_list* append_to,
static bool val_to_maskedval(zeek::Val* v, maskedvalue_list* append_to,
vector<IPPrefix>* prefix_vector)
{
MaskedValue* mval = new MaskedValue;
@ -1358,7 +1358,7 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to,
void id_to_maskedvallist(const char* id, maskedvalue_list* append_to,
vector<IPPrefix>* prefix_vector)
{
Val* v = get_bro_val(id);
zeek::Val* v = get_bro_val(id);
if ( ! v )
return;
@ -1380,7 +1380,7 @@ char* id_to_str(const char* id)
const BroString* src;
char* dst;
Val* v = get_bro_val(id);
zeek::Val* v = get_bro_val(id);
if ( ! v )
goto error;
@ -1403,7 +1403,7 @@ error:
uint32_t id_to_uint(const char* id)
{
Val* v = get_bro_val(id);
zeek::Val* v = get_bro_val(id);
if ( ! v )
return 0;

5
src/RuleMatcher.h
View file

@ -27,7 +27,6 @@ extern FILE* rules_in;
extern int rules_line_number;
extern const char* current_rule_file;
class Val;
class BroFile;
class IntSet;
class IP_Hdr;
@ -37,6 +36,8 @@ class Specific_RE_Matcher;
class RuleMatcher;
extern RuleMatcher* rule_matcher;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace analyzer {
namespace pia { class PIA; }
class Analyzer;
@ -304,7 +305,7 @@ public:
unsigned int misses; // # cache misses
};
Val* BuildRuleStateValue(const Rule* rule,
zeek::Val* BuildRuleStateValue(const Rule* rule,
const RuleEndpointState* state) const;
void GetStats(Stats* stats, RuleHdrTest* hdr_test = nullptr);

3
src/Scope.h
View file

@ -12,9 +12,10 @@
#include "IntrusivePtr.h"
#include "TraverseTypes.h"
template <class T> class IntrusivePtr;
namespace zeek {
template <class T> class IntrusivePtr;
class Type;
using TypePtr = zeek::IntrusivePtr<zeek::Type>;
}

10
src/Sessions.cc
View file

@ -703,7 +703,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel());
ValPtr pkt_hdr_val;
zeek::ValPtr pkt_hdr_val;
if ( ipv6_ext_headers && ip_hdr->NumHeaders() > 1 )
{
@ -920,7 +920,7 @@ FragReassembler* NetSessions::NextFragment(double t, const IP_Hdr* ip,
return f;
}
Connection* NetSessions::FindConnection(Val* v)
Connection* NetSessions::FindConnection(zeek::Val* v)
{
const auto& vt = v->GetType();
if ( ! zeek::IsRecord(vt->Tag()) )
@ -958,8 +958,8 @@ Connection* NetSessions::FindConnection(Val* v)
const IPAddr& orig_addr = (*vl)[orig_h]->AsAddr();
const IPAddr& resp_addr = (*vl)[resp_h]->AsAddr();
PortVal* orig_portv = (*vl)[orig_p]->AsPortVal();
PortVal* resp_portv = (*vl)[resp_p]->AsPortVal();
zeek::PortVal* orig_portv = (*vl)[orig_p]->AsPortVal();
zeek::PortVal* resp_portv = (*vl)[resp_p]->AsPortVal();
ConnID id;
@ -1236,7 +1236,7 @@ bool NetSessions::IsLikelyServerPort(uint32_t port, TransportProto proto) const
if ( ! have_cache )
{
auto likely_server_ports = zeek::id::find_val<TableVal>("likely_server_ports");
auto likely_server_ports = zeek::id::find_val<zeek::TableVal>("likely_server_ports");
auto lv = likely_server_ports->ToPureListVal();
for ( int i = 0; i < lv->Length(); i++ )
port_cache.insert(lv->Idx(i)->InternalUnsigned());

2
src/Sessions.h
View file

@ -61,7 +61,7 @@ public:
// Looks up the connection referred to by the given Val,
// which should be a conn_id record. Returns nil if there's
// no such connection or the Val is ill-formed.
Connection* FindConnection(Val* v);
Connection* FindConnection(zeek::Val* v);
void Remove(Connection* c);
void Remove(FragReassembler* f);

20
src/SmithWaterman.cc
View file

@ -56,14 +56,14 @@ bool BroSubstring::DoesCover(const BroSubstring* bst) const
return true;
}
VectorVal* BroSubstring::VecToPolicy(Vec* vec)
zeek::VectorVal* BroSubstring::VecToPolicy(Vec* vec)
{
static auto sw_substring_type = zeek::id::find_type<zeek::RecordType>("sw_substring");
static auto sw_align_type = zeek::id::find_type<zeek::RecordType>("sw_align");
static auto sw_align_vec_type = zeek::id::find_type<zeek::VectorType>("sw_align_vec");
static auto sw_substring_vec_type = zeek::id::find_type<zeek::VectorType>("sw_substring_vec");
auto result = zeek::make_intrusive<VectorVal>(sw_substring_vec_type);
auto result = zeek::make_intrusive<zeek::VectorVal>(sw_substring_vec_type);
if ( vec )
{
@ -71,17 +71,17 @@ VectorVal* BroSubstring::VecToPolicy(Vec* vec)
{
BroSubstring* bst = (*vec)[i];
auto st_val = zeek::make_intrusive<RecordVal>(sw_substring_type);
st_val->Assign(0, zeek::make_intrusive<StringVal>(new BroString(*bst)));
auto st_val = zeek::make_intrusive<zeek::RecordVal>(sw_substring_type);
st_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(*bst)));
auto aligns = zeek::make_intrusive<VectorVal>(sw_align_vec_type);
auto aligns = zeek::make_intrusive<zeek::VectorVal>(sw_align_vec_type);
for ( unsigned int j = 0; j < bst->GetNumAlignments(); ++j )
{
const BSSAlign& align = (bst->GetAlignments())[j];
auto align_val = zeek::make_intrusive<RecordVal>(sw_align_type);
align_val->Assign(0, zeek::make_intrusive<StringVal>(new BroString(*align.string)));
auto align_val = zeek::make_intrusive<zeek::RecordVal>(sw_align_type);
align_val->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(*align.string)));
align_val->Assign(1, val_mgr->Count(align.index));
aligns->Assign(j + 1, std::move(align_val));
@ -96,7 +96,7 @@ VectorVal* BroSubstring::VecToPolicy(Vec* vec)
return result.release();
}
BroSubstring::Vec* BroSubstring::VecFromPolicy(VectorVal* vec)
BroSubstring::Vec* BroSubstring::VecFromPolicy(zeek::VectorVal* vec)
{
Vec* result = new Vec();
@ -110,10 +110,10 @@ BroSubstring::Vec* BroSubstring::VecFromPolicy(VectorVal* vec)
const BroString* str = v->AsRecordVal()->GetField(0)->AsString();
BroSubstring* substr = new BroSubstring(*str);
const VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal();
const zeek::VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal();
for ( unsigned int j = 1; j <= aligns->Size(); ++j )
{
const RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal();
const zeek::RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal();
const BroString* str = align->GetField(0)->AsString();
int index = align->GetField(1)->AsCount();
substr->AddAlignment(str, index);

4
src/SmithWaterman.h
View file

@ -68,8 +68,8 @@ public:
// Helper methods for vectors:
//
static VectorVal* VecToPolicy(Vec* vec);
static Vec* VecFromPolicy(VectorVal* vec);
static zeek::VectorVal* VecToPolicy(Vec* vec);
static Vec* VecFromPolicy(zeek::VectorVal* vec);
static char* VecToString(Vec* vec);
static BroString::IdxVec* GetOffsetsVec(const Vec* vec,
unsigned int index);

10
src/Stats.cc
View file

@ -313,7 +313,7 @@ void ProfileLogger::Log()
if ( profiling_update )
{
mgr.Dispatch(new Event(profiling_update, {
zeek::make_intrusive<Val>(zeek::IntrusivePtr{zeek::NewRef{}, file}),
zeek::make_intrusive<zeek::Val>(zeek::IntrusivePtr{zeek::NewRef{}, file}),
val_mgr->Bool(expensive),
}));
}
@ -344,7 +344,7 @@ SampleLogger::SampleLogger()
if ( ! load_sample_info )
load_sample_info = zeek::id::find_type("load_sample_info")->AsTableType();
load_samples = new TableVal({zeek::NewRef{}, load_sample_info});
load_samples = new zeek::TableVal({zeek::NewRef{}, load_sample_info});
}
SampleLogger::~SampleLogger()
@ -354,13 +354,13 @@ SampleLogger::~SampleLogger()
void SampleLogger::FunctionSeen(const Func* func)
{
auto idx = zeek::make_intrusive<StringVal>(func->Name());
auto idx = zeek::make_intrusive<zeek::StringVal>(func->Name());
load_samples->Assign(std::move(idx), nullptr);
}
void SampleLogger::LocationSeen(const Location* loc)
{
auto idx = zeek::make_intrusive<StringVal>(loc->filename);
auto idx = zeek::make_intrusive<zeek::StringVal>(loc->filename);
load_samples->Assign(std::move(idx), nullptr);
}
@ -371,7 +371,7 @@ void SampleLogger::SegmentProfile(const char* /* name */,
if ( load_sample )
mgr.Enqueue(load_sample,
zeek::IntrusivePtr{zeek::NewRef{}, load_samples},
zeek::make_intrusive<IntervalVal>(dtime, Seconds),
zeek::make_intrusive<zeek::IntervalVal>(dtime, Seconds),
val_mgr->Int(dmem)
);
}

7
src/Stats.h
View file

@ -2,16 +2,19 @@
#pragma once
#include "zeek-config.h"
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <stdint.h>
class Func;
class TableVal;
class Location;
class BroFile;
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
// Object called by SegmentProfiler when it is done and reports its
// cumulative CPU/memory statistics.
class SegmentStatsReporter {
@ -98,7 +101,7 @@ protected:
void SegmentProfile(const char* name, const Location* loc,
double dtime, int dmem) override;
TableVal* load_samples;
zeek::TableVal* load_samples;
};

18
src/Stmt.cc
View file

@ -205,17 +205,17 @@ static void print_log(const std::vector<ValPtr>& vals)
{
static auto plval = lookup_enum_val("Log", "PRINTLOG");
static auto lpli = zeek::id::find_type<RecordType>("Log::PrintLogInfo");
auto record = zeek::make_intrusive<RecordVal>(lpli);
auto vec = zeek::make_intrusive<VectorVal>(zeek::id::string_vec);
auto record = zeek::make_intrusive<zeek::RecordVal>(lpli);
auto vec = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
for ( const auto& val : vals )
{
ODesc d(DESC_READABLE);
val->Describe(&d);
vec->Assign(vec->Size(), zeek::make_intrusive<StringVal>(d.Description()));
vec->Assign(vec->Size(), zeek::make_intrusive<zeek::StringVal>(d.Description()));
}
record->Assign(0, zeek::make_intrusive<TimeVal>(network_time));
record->Assign(0, zeek::make_intrusive<zeek::TimeVal>(network_time));
record->Assign(1, std::move(vec));
log_mgr->Write(plval.get(), record.get());
}
@ -1181,7 +1181,7 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
if ( v->GetType()->Tag() == TYPE_TABLE )
{
TableVal* tv = v->AsTableVal();
const PDict<TableEntryVal>* loop_vals = tv->AsTable();
const PDict<zeek::TableEntryVal>* loop_vals = tv->AsTable();
if ( ! loop_vals->Length() )
return nullptr;
@ -1248,7 +1248,7 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const
for ( int i = 0; i < sval->Len(); ++i )
{
auto sv = zeek::make_intrusive<StringVal>(1, (const char*) sval->Bytes() + i);
auto sv = zeek::make_intrusive<zeek::StringVal>(1, (const char*) sval->Bytes() + i);
f->SetElement((*loop_vars)[0], std::move(sv));
flow = FLOW_NEXT;
ret = body->Exec(f, flow);
@ -1654,13 +1654,13 @@ ValPtr InitStmt::Exec(Frame* f, stmt_flow_type& flow) const
switch ( t->Tag() ) {
case TYPE_RECORD:
v = zeek::make_intrusive<RecordVal>(zeek::cast_intrusive<RecordType>(t));
v = zeek::make_intrusive<zeek::RecordVal>(zeek::cast_intrusive<RecordType>(t));
break;
case TYPE_VECTOR:
v = zeek::make_intrusive<VectorVal>(zeek::cast_intrusive<VectorType>(t));
v = zeek::make_intrusive<zeek::VectorVal>(zeek::cast_intrusive<VectorType>(t));
break;
case TYPE_TABLE:
v = zeek::make_intrusive<TableVal>(zeek::cast_intrusive<TableType>(t),
v = zeek::make_intrusive<zeek::TableVal>(zeek::cast_intrusive<TableType>(t),
aggr->GetAttrs());
break;
default:

8
src/Tag.cc
View file

@ -17,7 +17,7 @@ Tag::Tag(zeek::EnumType* etype, type_t arg_type, subtype_t arg_subtype)
: Tag({zeek::NewRef{}, etype}, arg_type, arg_subtype)
{ }
Tag::Tag(EnumValPtr arg_val)
Tag::Tag(zeek::EnumValPtr arg_val)
{
assert(arg_val);
@ -28,7 +28,7 @@ Tag::Tag(EnumValPtr arg_val)
subtype = (i >> 31) & 0xffffffff;
}
Tag::Tag(EnumVal* arg_val)
Tag::Tag(zeek::EnumVal* arg_val)
: Tag({zeek::NewRef{}, arg_val})
{ }
@ -72,7 +72,7 @@ Tag& Tag::operator=(const Tag&& other) noexcept
return *this;
}
const EnumValPtr& Tag::AsVal(const zeek::EnumTypePtr& etype) const
const zeek::EnumValPtr& Tag::AsVal(const zeek::EnumTypePtr& etype) const
{
if ( ! val )
{
@ -83,7 +83,7 @@ const EnumValPtr& Tag::AsVal(const zeek::EnumTypePtr& etype) const
return val;
}
EnumVal* Tag::AsEnumVal(zeek::EnumType* etype) const
zeek::EnumVal* Tag::AsEnumVal(zeek::EnumType* etype) const
{
return AsVal({zeek::NewRef{}, etype}).get();
}

16
src/Tag.h
View file

@ -10,12 +10,12 @@
#include "IntrusivePtr.h"
#include "util.h"
class EnumVal;
using EnumValPtr = zeek::IntrusivePtr<EnumVal>;
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumType, zeek);
namespace zeek {
using EnumTypePtr = zeek::IntrusivePtr<zeek::EnumType>;
using EnumValPtr = zeek::IntrusivePtr<zeek::EnumVal>;
}
/**
@ -121,10 +121,10 @@ protected:
*
* @param etype the script-layer enum type associated with the tag.
*/
const EnumValPtr& AsVal(const zeek::EnumTypePtr& etype) const;
const zeek::EnumValPtr& AsVal(const zeek::EnumTypePtr& etype) const;
[[deprecated("Remove in v4.1. Use AsVal() instead.")]]
EnumVal* AsEnumVal(zeek::EnumType* etype) const;
zeek::EnumVal* AsEnumVal(zeek::EnumType* etype) const;
/**
* Constructor.
@ -147,13 +147,13 @@ protected:
*
* @param val An enum value of script type \c Analyzer::Tag.
*/
explicit Tag(EnumValPtr val);
explicit Tag(zeek::EnumValPtr val);
[[deprecated("Remove in v4.1. Construct from zeek::IntrusivePtr instead.")]]
explicit Tag(EnumVal* val);
explicit Tag(zeek::EnumVal* val);
private:
type_t type; // Main type.
subtype_t subtype; // Subtype.
mutable EnumValPtr val; // Script-layer value.
mutable zeek::EnumValPtr val; // Script-layer value.
};

2
src/Trigger.h
View file

@ -11,9 +11,9 @@
#include "IntrusivePtr.h"
class Frame;
class Val;
class ODesc;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(CallExpr, zeek::detail);

12
src/TunnelEncapsulation.cc
View file

@ -16,19 +16,19 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
}
}
RecordValPtr EncapsulatingConn::ToVal() const
zeek::RecordValPtr EncapsulatingConn::ToVal() const
{
auto rv = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::Tunnel::EncapsulatingConn);
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Tunnel::EncapsulatingConn);
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(src_addr));
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(dst_addr));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
rv->Assign(0, std::move(id_val));
rv->Assign(1, zeek::BifType::Enum::Tunnel::Type->GetVal(type));
rv->Assign(2, zeek::make_intrusive<StringVal>(uid.Base62("C").c_str()));
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(uid.Base62("C").c_str()));
return rv;
}

10
src/TunnelEncapsulation.h
View file

@ -80,10 +80,10 @@ public:
/**
* Returns record value of type "EncapsulatingConn" representing the tunnel.
*/
RecordValPtr ToVal() const;
zeek::RecordValPtr ToVal() const;
[[deprecated("Remove in v4.1. Use ToVal() instead.")]]
RecordVal* GetRecordVal() const
zeek::RecordVal* GetRecordVal() const
{ return ToVal().release(); }
friend bool operator==(const EncapsulatingConn& ec1,
@ -195,9 +195,9 @@ public:
* Get the value of type "EncapsulatingConnVector" represented by the
* entire encapsulation chain.
*/
VectorValPtr ToVal() const
zeek::VectorValPtr ToVal() const
{
auto vv = zeek::make_intrusive<VectorVal>(
auto vv = zeek::make_intrusive<zeek::VectorVal>(
zeek::id::find_type<zeek::VectorType>("EncapsulatingConnVector"));
if ( conns )
@ -210,7 +210,7 @@ public:
}
[[deprecated("Remove in v4.1. Use ToVal() instead.")]]
VectorVal* GetVectorVal() const
zeek::VectorVal* GetVectorVal() const
{ return ToVal().release(); }
friend bool operator==(const EncapsulationStack& e1,

12
src/Type.cc
View file

@ -797,7 +797,7 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const
{
static auto record_field = zeek::id::find_type<RecordType>("record_field");
static auto record_field_table = zeek::id::find_type<TableType>("record_field_table");
auto rval = zeek::make_intrusive<TableVal>(record_field_table);
auto rval = zeek::make_intrusive<zeek::TableVal>(record_field_table);
for ( int i = 0; i < NumFields(); ++i )
{
@ -810,14 +810,14 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const
bool logged = (fd->attrs && fd->GetAttr(zeek::detail::ATTR_LOG) != nullptr);
auto nr = zeek::make_intrusive<RecordVal>(record_field);
auto nr = zeek::make_intrusive<zeek::RecordVal>(record_field);
string s = container_type_name(ft.get());
nr->Assign(0, zeek::make_intrusive<StringVal>(s));
nr->Assign(0, zeek::make_intrusive<zeek::StringVal>(s));
nr->Assign(1, val_mgr->Bool(logged));
nr->Assign(2, std::move(fv));
nr->Assign(3, FieldDefault(i));
auto field_name = zeek::make_intrusive<StringVal>(FieldName(i));
auto field_name = zeek::make_intrusive<zeek::StringVal>(FieldName(i));
rval->Assign(std::move(field_name), std::move(nr));
}
@ -1163,7 +1163,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name,
AddNameInternal(module_name, name, val, is_export);
if ( vals.find(val) == vals.end() )
vals[val] = zeek::make_intrusive<EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, val);
vals[val] = zeek::make_intrusive<zeek::EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, val);
set<Type*> types = Type::GetAliases(GetName());
set<Type*>::const_iterator it;
@ -1218,7 +1218,7 @@ const EnumValPtr& EnumType::GetVal(bro_int_t i)
if ( it == vals.end() )
{
auto ev = zeek::make_intrusive<EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, i);
auto ev = zeek::make_intrusive<zeek::EnumVal>(zeek::IntrusivePtr{zeek::NewRef{}, this}, i);
return vals.emplace(i, std::move(ev)).first->second;
}

27
src/Type.h
View file

@ -14,21 +14,22 @@
#include <list>
#include <optional>
class Val;
class EnumVal;
class TableVal;
using ValPtr = zeek::IntrusivePtr<Val>;
using EnumValPtr = zeek::IntrusivePtr<EnumVal>;
using TableValPtr = zeek::IntrusivePtr<TableVal>;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(ListExpr, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Attributes, zeek::detail);
namespace zeek::detail {
namespace zeek {
using ValPtr = zeek::IntrusivePtr<Val>;
using EnumValPtr = zeek::IntrusivePtr<EnumVal>;
using TableValPtr = zeek::IntrusivePtr<TableVal>;
namespace detail {
using ListExprPtr = zeek::IntrusivePtr<ListExpr>;
}
}
namespace zeek {
@ -671,7 +672,7 @@ public:
zeek::IntrusivePtr<T> GetFieldType(int field_index) const
{ return zeek::cast_intrusive<T>((*types)[field_index]->type); }
ValPtr FieldDefault(int field) const;
zeek::ValPtr FieldDefault(int field) const;
// A field's offset is its position in the type_decl_list,
// starting at 0. Returns negative if the field doesn't exist.
@ -693,7 +694,7 @@ public:
* @param rv an optional record value, if given the values of
* all fields will be provided in the returned table.
*/
TableValPtr GetRecordFieldsVal(const RecordVal* rv = nullptr) const;
zeek::TableValPtr GetRecordFieldsVal(const zeek::RecordVal* rv = nullptr) const;
// Returns null if all is ok, otherwise a pointer to an error message.
const char* AddFields(const type_decl_list& types,
@ -791,7 +792,7 @@ public:
void DescribeReST(ODesc* d, bool roles_only = false) const override;
const EnumValPtr& GetVal(bro_int_t i);
const zeek::EnumValPtr& GetVal(bro_int_t i);
protected:
void AddNameInternal(const std::string& module_name,
@ -804,7 +805,7 @@ protected:
typedef std::map<std::string, bro_int_t> NameMap;
NameMap names;
using ValMap = std::unordered_map<bro_int_t, EnumValPtr>;
using ValMap = std::unordered_map<bro_int_t, zeek::EnumValPtr>;
ValMap vals;
// The counter is initialized to 0 and incremented on every implicit

608
src/Val.cc
View file

File diff suppressed because it is too large Load diff

49
src/Val.h
View file

@ -26,6 +26,7 @@
#define ICMP_PORT_MASK 0x30000
template<typename T> class PDict;
class IterCookie;
class BroString;
@ -33,6 +34,18 @@ class BroFunc;
class Func;
class BroFile;
class PrefixTable;
class IPAddr;
class IPPrefix;
class StateAccess;
class RE_Matcher;
class CompositeHash;
class HashKey;
class Frame;
extern double bro_start_network_time;
namespace zeek {
using BroFilePtr = zeek::IntrusivePtr<BroFile>;
using FuncPtr = zeek::IntrusivePtr<Func>;
@ -62,13 +75,6 @@ using TableValPtr = zeek::IntrusivePtr<TableVal>;
using ValPtr = zeek::IntrusivePtr<Val>;
using VectorValPtr = zeek::IntrusivePtr<VectorVal>;
class IPAddr;
class IPPrefix;
class StateAccess;
class RE_Matcher;
union BroValUnion {
// Used for bool, int, enum.
bro_int_t int_val;
@ -712,8 +718,6 @@ protected:
zeek::TypeTag tag;
};
extern double bro_start_network_time;
class TableEntryVal {
public:
explicit TableEntryVal(ValPtr v)
@ -761,10 +765,6 @@ protected:
TableVal* table;
};
class CompositeHash;
class HashKey;
class Frame;
class TableVal final : public Val, public notifier::Modifiable {
public:
explicit TableVal(zeek::TableTypePtr t, zeek::detail::AttributesPtr attrs = nullptr);
@ -1400,3 +1400,26 @@ extern bool can_cast_value_to_type(const Val* v, zeek::Type* t);
// However, even this function returns true, casting may still fail for a
// specific instance later.
extern bool can_cast_value_to_type(const zeek::Type* s, zeek::Type* t);
}
using Val [[deprecated("Remove in v4.1. Use zeek::Val instead.")]] = zeek::Val;
using PortVal [[deprecated("Remove in v4.1. Use zeek::PortVal instead.")]] = zeek::PortVal;
using AddrVal [[deprecated("Remove in v4.1. Use zeek::AddrVal instead.")]] = zeek::AddrVal;
using SubNetVal [[deprecated("Remove in v4.1. Use zeek::SubNetVal instead.")]] = zeek::SubNetVal;
using PatternVal [[deprecated("Remove in v4.1. Use zeek::PatternVal instead.")]] = zeek::PatternVal;
using TableVal [[deprecated("Remove in v4.1. Use zeek::TableVal instead.")]] = zeek::TableVal;
using TableValTimer [[deprecated("Remove in v4.1. Use zeek::TableVal instead.")]] = zeek::TableValTimer;
using RecordVal [[deprecated("Remove in v4.1. Use zeek::RecordVal instead.")]] = zeek::RecordVal;
using ListVal [[deprecated("Remove in v4.1. Use zeek::ListVal instead.")]] = zeek::ListVal;
using StringVal [[deprecated("Remove in v4.1. Use zeek::StringVal instead.")]] = zeek::StringVal;
using EnumVal [[deprecated("Remove in v4.1. Use zeek::EnumVal instead.")]] = zeek::EnumVal;
using VectorVal [[deprecated("Remove in v4.1. Use zeek::VectorVal instead.")]] = zeek::VectorVal;
using TableEntryVal [[deprecated("Remove in v4.1. Use zeek::TableEntryVal instead.")]] = zeek::TableEntryVal;
using TimeVal [[deprecated("Remove in v4.1. Use zeek::TimeVal instead.")]] = zeek::TimeVal;
using DoubleVal [[deprecated("Remove in v4.1. Use zeek::DoubleVal instead.")]] = zeek::DoubleVal;
using IntervalVal [[deprecated("Remove in v4.1. Use zeek::IntervalVal instead.")]] = zeek::IntervalVal;
using ValManager [[deprecated("Remove in v4.1. Use zeek::ValManager instead.")]] = zeek::ValManager;
// Alias for zeek::val_mgr.
extern zeek::ValManager*& val_mgr;

38
src/Var.cc
View file

@ -19,9 +19,9 @@
using namespace zeek::detail;
static ValPtr init_val(zeek::detail::Expr* init,
static zeek::ValPtr init_val(zeek::detail::Expr* init,
const zeek::Type* t,
ValPtr aggr)
zeek::ValPtr aggr)
{
try
{
@ -244,11 +244,11 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t,
else if ( dt != VAR_REDEF || init || ! attr )
{
ValPtr aggr;
zeek::ValPtr aggr;
if ( t->Tag() == zeek::TYPE_RECORD )
{
aggr = zeek::make_intrusive<RecordVal>(zeek::cast_intrusive<zeek::RecordType>(t));
aggr = zeek::make_intrusive<zeek::RecordVal>(zeek::cast_intrusive<zeek::RecordType>(t));
if ( init && t )
// Have an initialization and type is not deduced.
@ -258,13 +258,13 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t,
}
else if ( t->Tag() == zeek::TYPE_TABLE )
aggr = zeek::make_intrusive<TableVal>(zeek::cast_intrusive<zeek::TableType>(t),
aggr = zeek::make_intrusive<zeek::TableVal>(zeek::cast_intrusive<zeek::TableType>(t),
id->GetAttrs());
else if ( t->Tag() == zeek::TYPE_VECTOR )
aggr = zeek::make_intrusive<VectorVal>(zeek::cast_intrusive<zeek::VectorType>(t));
aggr = zeek::make_intrusive<zeek::VectorVal>(zeek::cast_intrusive<zeek::VectorType>(t));
ValPtr v;
zeek::ValPtr v;
if ( init )
{
@ -308,7 +308,7 @@ static void make_var(const zeek::detail::IDPtr& id, zeek::TypePtr t,
// defined.
std::vector<zeek::detail::IDPtr> inits;
auto f = zeek::make_intrusive<BroFunc>(id, nullptr, inits, 0, 0);
id->SetVal(zeek::make_intrusive<Val>(std::move(f)));
id->SetVal(zeek::make_intrusive<zeek::Val>(std::move(f)));
}
}
@ -358,7 +358,7 @@ zeek::detail::StmtPtr add_local(
extern zeek::detail::ExprPtr add_and_assign_local(
zeek::detail::IDPtr id,
zeek::detail::ExprPtr init,
ValPtr val)
zeek::ValPtr val)
{
make_var(id, nullptr, zeek::detail::INIT_FULL, init, nullptr, VAR_REGULAR, false);
auto name_expr = zeek::make_intrusive<zeek::detail::NameExpr>(std::move(id));
@ -661,7 +661,7 @@ void end_func(zeek::detail::StmtPtr body)
ingredients->frame_size,
ingredients->priority);
ingredients->id->SetVal(zeek::make_intrusive<Val>(std::move(f)));
ingredients->id->SetVal(zeek::make_intrusive<zeek::Val>(std::move(f)));
ingredients->id->SetConst();
}
@ -672,7 +672,7 @@ void end_func(zeek::detail::StmtPtr body)
ingredients.release();
}
Val* internal_val(const char* name)
zeek::Val* internal_val(const char* name)
{
return zeek::id::find_val(name).get();
}
@ -697,12 +697,12 @@ id_list gather_outer_ids(Scope* scope, zeek::detail::Stmt* body)
return idl;
}
Val* internal_const_val(const char* name)
zeek::Val* internal_const_val(const char* name)
{
return zeek::id::find_const(name).get();
}
Val* opt_internal_val(const char* name)
zeek::Val* opt_internal_val(const char* name)
{
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
return id ? id->GetVal().get() : nullptr;
@ -732,7 +732,7 @@ bro_uint_t opt_internal_unsigned(const char* name)
return v ? v->InternalUnsigned() : 0;
}
StringVal* opt_internal_string(const char* name)
zeek::StringVal* opt_internal_string(const char* name)
{
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id ) return nullptr;
@ -740,7 +740,7 @@ StringVal* opt_internal_string(const char* name)
return v ? v->AsStringVal() : nullptr;
}
TableVal* opt_internal_table(const char* name)
zeek::TableVal* opt_internal_table(const char* name)
{
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id ) return nullptr;
@ -748,22 +748,22 @@ TableVal* opt_internal_table(const char* name)
return v ? v->AsTableVal() : nullptr;
}
ListVal* internal_list_val(const char* name)
zeek::ListVal* internal_list_val(const char* name)
{
const auto& id = lookup_ID(name, GLOBAL_MODULE_NAME);
if ( ! id )
return nullptr;
Val* v = id->GetVal().get();
zeek::Val* v = id->GetVal().get();
if ( v )
{
if ( v->GetType()->Tag() == zeek::TYPE_LIST )
return (ListVal*) v;
return (zeek::ListVal*) v;
else if ( v->GetType()->IsSet() )
{
TableVal* tv = v->AsTableVal();
zeek::TableVal* tv = v->AsTableVal();
auto lv = tv->ToPureListVal();
return lv.release();
}

20
src/Var.h
View file

@ -8,10 +8,10 @@
class Scope;
class EventHandlerPtr;
class StringVal;
class TableVal;
class ListVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(TableVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(ListVal, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(FuncType, zeek);
ZEEK_FORWARD_DECLARE_NAMESPACED(Stmt, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(Expr, zeek::detail);
@ -40,7 +40,7 @@ extern zeek::detail::StmtPtr add_local(
extern zeek::detail::ExprPtr add_and_assign_local(
zeek::detail::IDPtr id,
zeek::detail::ExprPtr init,
ValPtr val = nullptr);
zeek::ValPtr val = nullptr);
extern void add_type(zeek::detail::ID* id, zeek::TypePtr t,
std::unique_ptr<std::vector<zeek::detail::AttrPtr>> attr);
@ -56,13 +56,13 @@ extern void end_func(zeek::detail::StmtPtr body);
extern id_list gather_outer_ids(Scope* scope, zeek::detail::Stmt* body);
[[deprecated("Remove in v4.1. Use zeek::id::find_val().")]]
extern Val* internal_val(const char* name);
extern zeek::Val* internal_val(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find_const().")]]
extern Val* internal_const_val(const char* name); // internal error if not const
extern zeek::Val* internal_const_val(const char* name); // internal error if not const
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern Val* opt_internal_val(const char* name); // returns nil if not defined
extern zeek::Val* opt_internal_val(const char* name); // returns nil if not defined
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern double opt_internal_double(const char* name);
@ -74,13 +74,13 @@ extern bro_int_t opt_internal_int(const char* name);
extern bro_uint_t opt_internal_unsigned(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern StringVal* opt_internal_string(const char* name);
extern zeek::StringVal* opt_internal_string(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find() or zeek::id::find_val().")]]
extern TableVal* opt_internal_table(const char* name); // nil if not defined
extern zeek::TableVal* opt_internal_table(const char* name); // nil if not defined
[[deprecated("Remove in v4.1. Use zeek::id::find(), zeek::id::find_val(), and/or TableVal::ToPureListVal().")]]
extern ListVal* internal_list_val(const char* name);
extern zeek::ListVal* internal_list_val(const char* name);
[[deprecated("Remove in v4.1. Use zeek::id::find_type().")]]
extern zeek::Type* internal_type(const char* name);

4
src/ZeekArgs.h
View file

@ -5,12 +5,12 @@
#include <vector>
#include "BroList.h"
class Val;
ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
namespace zeek {
template <class T> class IntrusivePtr;
using Args = std::vector<zeek::IntrusivePtr<Val>>;
using Args = std::vector<zeek::IntrusivePtr<zeek::Val>>;
/**
* Converts a legacy-style argument list for use in modern Zeek function

16
src/analyzer/Analyzer.cc
View file

@ -710,18 +710,18 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
if ( ! protocol_violation )
return;
StringValPtr r;
zeek::StringValPtr r;
if ( data && len )
{
const char *tmp = copy_string(reason);
r = zeek::make_intrusive<StringVal>(fmt("%s [%s%s]", tmp,
r = zeek::make_intrusive<zeek::StringVal>(fmt("%s [%s%s]", tmp,
fmt_bytes(data, min(40, len)),
len > 40 ? "..." : ""));
delete [] tmp;
}
else
r = zeek::make_intrusive<StringVal>(reason);
r = zeek::make_intrusive<zeek::StringVal>(reason);
const auto& tval = tag.AsVal();
mgr.Enqueue(protocol_violation, ConnVal(), tval, val_mgr->Count(id), std::move(r));
@ -783,18 +783,18 @@ unsigned int Analyzer::MemoryAllocation() const
return mem;
}
void Analyzer::UpdateConnVal(RecordVal *conn_val)
void Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
{
LOOP_OVER_CHILDREN(i)
(*i)->UpdateConnVal(conn_val);
}
RecordVal* Analyzer::BuildConnVal()
zeek::RecordVal* Analyzer::BuildConnVal()
{
return conn->ConnVal()->Ref()->AsRecordVal();
}
const RecordValPtr& Analyzer::ConnVal()
const zeek::RecordValPtr& Analyzer::ConnVal()
{
return conn->ConnVal();
}
@ -804,7 +804,7 @@ void Analyzer::Event(EventHandlerPtr f, const char* name)
conn->Event(f, this, name);
}
void Analyzer::Event(EventHandlerPtr f, Val* v1, Val* v2)
void Analyzer::Event(EventHandlerPtr f, zeek::Val* v1, zeek::Val* v2)
{
zeek::IntrusivePtr val1{zeek::AdoptRef{}, v1};
zeek::IntrusivePtr val2{zeek::AdoptRef{}, v2};
@ -942,7 +942,7 @@ void TransportLayerAnalyzer::PacketContents(const u_char* data, int len)
if ( packet_contents && len > 0 )
{
BroString* cbs = new BroString(data, len, true);
auto contents = zeek::make_intrusive<StringVal>(cbs);
auto contents = zeek::make_intrusive<zeek::StringVal>(cbs);
EnqueueConnEvent(packet_contents, ConnVal(), std::move(contents));
}
}

16
src/analyzer/Analyzer.h
View file

@ -23,6 +23,10 @@ class Rule;
class Connection;
class IP_Hdr;
namespace zeek {
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
}
namespace analyzer {
namespace tcp { class TCP_ApplicationAnalyzer; }
@ -37,8 +41,6 @@ using analyzer_list = std::list<Analyzer*>;
typedef uint32_t ID;
typedef void (Analyzer::*analyzer_timer_func)(double t);
using RecordValPtr = zeek::IntrusivePtr<RecordVal>;
/**
* Class to receive processed output from an anlyzer.
*/
@ -547,20 +549,20 @@ public:
*
* @param conn_val The connenction value being updated.
*/
virtual void UpdateConnVal(RecordVal *conn_val);
virtual void UpdateConnVal(zeek::RecordVal *conn_val);
/**
* Convenience function that forwards directly to
* Connection::BuildConnVal().
*/
[[deprecated("Remove in v4.1. Use ConnVal() instead.")]]
RecordVal* BuildConnVal();
zeek::RecordVal* BuildConnVal();
/**
* Convenience function that forwards directly to
* Connection::ConnVal().
*/
const RecordValPtr& ConnVal();
const zeek::RecordValPtr& ConnVal();
/**
* Convenience function that forwards directly to the corresponding
@ -573,7 +575,7 @@ public:
* Connection::Event().
*/
[[deprecated("Remove in v4.1. Use EnqueueConnEvent() instead (note it doesn't automatically ad the connection argument).")]]
void Event(EventHandlerPtr f, Val* v1, Val* v2 = nullptr);
void Event(EventHandlerPtr f, zeek::Val* v1, zeek::Val* v2 = nullptr);
/**
* Convenience function that forwards directly to
@ -608,7 +610,7 @@ public:
template <class... Args>
std::enable_if_t<
std::is_convertible_v<
std::tuple_element_t<0, std::tuple<Args...>>, ValPtr>>
std::tuple_element_t<0, std::tuple<Args...>>, zeek::ValPtr>>
EnqueueConnEvent(EventHandlerPtr h, Args&&... args)
{ return EnqueueConnEvent(h, zeek::Args{std::forward<Args>(args)...}); }

26
src/analyzer/Manager.cc
View file

@ -154,7 +154,7 @@ bool Manager::EnableAnalyzer(const Tag& tag)
return true;
}
bool Manager::EnableAnalyzer(EnumVal* val)
bool Manager::EnableAnalyzer(zeek::EnumVal* val)
{
Component* p = Lookup(val);
@ -180,7 +180,7 @@ bool Manager::DisableAnalyzer(const Tag& tag)
return true;
}
bool Manager::DisableAnalyzer(EnumVal* val)
bool Manager::DisableAnalyzer(zeek::EnumVal* val)
{
Component* p = Lookup(val);
@ -220,7 +220,7 @@ bool Manager::IsEnabled(const Tag& tag)
return p->Enabled();
}
bool Manager::IsEnabled(EnumVal* val)
bool Manager::IsEnabled(zeek::EnumVal* val)
{
Component* p = Lookup(val);
@ -231,7 +231,7 @@ bool Manager::IsEnabled(EnumVal* val)
}
bool Manager::RegisterAnalyzerForPort(EnumVal* val, PortVal* port)
bool Manager::RegisterAnalyzerForPort(zeek::EnumVal* val, zeek::PortVal* port)
{
Component* p = Lookup(val);
@ -241,7 +241,7 @@ bool Manager::RegisterAnalyzerForPort(EnumVal* val, PortVal* port)
return RegisterAnalyzerForPort(p->Tag(), port->PortType(), port->Port());
}
bool Manager::UnregisterAnalyzerForPort(EnumVal* val, PortVal* port)
bool Manager::UnregisterAnalyzerForPort(zeek::EnumVal* val, zeek::PortVal* port)
{
Component* p = Lookup(val);
@ -353,7 +353,7 @@ Manager::tag_set* Manager::LookupPort(TransportProto proto, uint32_t port, bool
return l;
}
Manager::tag_set* Manager::LookupPort(PortVal* val, bool add_if_not_found)
Manager::tag_set* Manager::LookupPort(zeek::PortVal* val, bool add_if_not_found)
{
return LookupPort(val->PortType(), val->Port(), add_if_not_found);
}
@ -438,8 +438,8 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
if ( tcp_contents && ! reass )
{
static auto tcp_content_delivery_ports_orig = zeek::id::find_val<TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::find_val<TableVal>("tcp_content_delivery_ports_resp");
static auto tcp_content_delivery_ports_orig = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_orig");
static auto tcp_content_delivery_ports_resp = zeek::id::find_val<zeek::TableVal>("tcp_content_delivery_ports_resp");
const auto& dport = val_mgr->Port(ntohs(conn->RespPort()), TRANSPORT_TCP);
if ( ! reass )
@ -462,8 +462,8 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
uint16_t resp_port = ntohs(conn->RespPort());
if ( resp_port == 22 || resp_port == 23 || resp_port == 513 )
{
static auto stp_skip_src = zeek::id::find_val<TableVal>("stp_skip_src");
auto src = zeek::make_intrusive<AddrVal>(conn->OrigAddr());
static auto stp_skip_src = zeek::id::find_val<zeek::TableVal>("stp_skip_src");
auto src = zeek::make_intrusive<zeek::AddrVal>(conn->OrigAddr());
if ( ! stp_skip_src->FindOrDefault(src) )
tcp->AddChildAnalyzer(new stepping_stone::SteppingStone_Analyzer(conn), false);
@ -573,10 +573,10 @@ void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp,
ScheduleAnalyzer(orig, resp, resp_p, proto, tag, timeout);
}
void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal* resp_p,
Val* analyzer, double timeout)
void Manager::ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, zeek::PortVal* resp_p,
zeek::Val* analyzer, double timeout)
{
EnumValPtr ev{zeek::NewRef{}, analyzer->AsEnumVal()};
zeek::EnumValPtr ev{zeek::NewRef{}, analyzer->AsEnumVal()};
return ScheduleAnalyzer(orig, resp, resp_p->Port(), resp_p->PortType(),
Tag(std::move(ev)), timeout);
}

19
src/analyzer/Manager.h
View file

@ -101,7 +101,7 @@ public:
*
* @return True if successful.
*/
bool EnableAnalyzer(EnumVal* tag);
bool EnableAnalyzer(zeek::EnumVal* tag);
/**
* Enables an analyzer type. Disabled analyzers will not be
@ -122,7 +122,7 @@ public:
*
* @return True if successful.
*/
bool DisableAnalyzer(EnumVal* tag);
bool DisableAnalyzer(zeek::EnumVal* tag);
/**
* Disables all currently registered analyzers.
@ -150,7 +150,7 @@ public:
* @param tag The analyzer's tag as an enum of script type \c
* Analyzer::Tag.
*/
bool IsEnabled(EnumVal* tag);
bool IsEnabled(zeek::EnumVal* tag);
/**
* Registers a well-known port for an analyzer. Once registered,
@ -164,7 +164,7 @@ public:
*
* @return True if successful.
*/
bool RegisterAnalyzerForPort(EnumVal* tag, PortVal* port);
bool RegisterAnalyzerForPort(zeek::EnumVal* tag, zeek::PortVal* port);
/**
* Registers a well-known port for an analyzer. Once registered,
@ -193,7 +193,7 @@ public:
* registered for the analyzer).
*
*/
bool UnregisterAnalyzerForPort(EnumVal* tag, PortVal* port);
bool UnregisterAnalyzerForPort(zeek::EnumVal* tag, zeek::PortVal* port);
/**
* Unregisters a well-known port for an anlyzers.
@ -311,7 +311,8 @@ public:
*
* @return True if at least one scheduled analyzer was found.
*/
bool ApplyScheduledAnalyzers(Connection* conn, bool init_and_event = true, TransportLayerAnalyzer* parent = nullptr);
bool ApplyScheduledAnalyzers(Connection* conn, bool init_and_event = true,
TransportLayerAnalyzer* parent = nullptr);
/**
* Schedules a particular analyzer for an upcoming connection. Once
@ -332,8 +333,8 @@ public:
* @param timeout An interval after which to timeout the request to
* schedule this analyzer. Must be non-zero.
*/
void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, PortVal* resp_p,
Val* analyzer, double timeout);
void ScheduleAnalyzer(const IPAddr& orig, const IPAddr& resp, zeek::PortVal* resp_p,
zeek::Val* analyzer, double timeout);
/**
* @return the UDP port numbers to be associated with VXLAN traffic.
@ -346,7 +347,7 @@ private:
using tag_set = std::set<Tag>;
using analyzer_map_by_port = std::map<uint32_t, tag_set*>;
tag_set* LookupPort(PortVal* val, bool add_if_not_found);
tag_set* LookupPort(zeek::PortVal* val, bool add_if_not_found);
tag_set* LookupPort(TransportProto proto, uint32_t port, bool add_if_not_found);
tag_set GetScheduled(const Connection* conn);

8
src/analyzer/Tag.cc
View file

@ -16,20 +16,20 @@ analyzer::Tag& analyzer::Tag::operator=(const analyzer::Tag& other)
return *this;
}
const EnumValPtr& analyzer::Tag::AsVal() const
const zeek::EnumValPtr& analyzer::Tag::AsVal() const
{
return ::Tag::AsVal(analyzer_mgr->GetTagType());
}
EnumVal* analyzer::Tag::AsEnumVal() const
zeek::EnumVal* analyzer::Tag::AsEnumVal() const
{
return AsVal().get();
}
analyzer::Tag::Tag(EnumValPtr val)
analyzer::Tag::Tag(zeek::EnumValPtr val)
: ::Tag(std::move(val))
{ }
analyzer::Tag::Tag(EnumVal* val)
analyzer::Tag::Tag(zeek::EnumVal* val)
: ::Tag({zeek::NewRef{}, val})
{ }

11
src/analyzer/Tag.h
View file

@ -1,3 +1,4 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
@ -5,7 +6,7 @@
#include "zeek-config.h"
#include "../Tag.h"
class EnumVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(EnumVal, zeek);
namespace zeek::plugin {
template <class T> class TaggedComponent;
@ -89,10 +90,10 @@ public:
*
* @param etype the script-layer enum type associated with the tag.
*/
const EnumValPtr& AsVal() const;
const zeek::EnumValPtr& AsVal() const;
[[deprecated("Remove in v4.1. Use AsVal() instead.")]]
EnumVal* AsEnumVal() const;
zeek::EnumVal* AsEnumVal() const;
static const Tag Error;
@ -118,10 +119,10 @@ protected:
*
* @param val An enum value of script type \c Analyzer::Tag.
*/
explicit Tag(EnumValPtr val);
explicit Tag(zeek::EnumValPtr val);
[[deprecated("Remove in v4.1. Construct from IntrusivePtr instead")]]
explicit Tag(EnumVal* val);
explicit Tag(zeek::EnumVal* val);
};
}

2
src/analyzer/analyzer.bif
View file

@ -42,7 +42,7 @@ function Analyzer::__schedule_analyzer%(orig: addr, resp: addr, resp_p: port,
function __name%(atype: Analyzer::Tag%) : string
%{
const auto& n = analyzer_mgr->GetComponentName(zeek::IntrusivePtr{zeek::NewRef{}, atype->AsEnumVal()});
return zeek::make_intrusive<StringVal>(n);
return zeek::make_intrusive<zeek::StringVal>(n);
%}
function __tag%(name: string%) : Analyzer::Tag

14
src/analyzer/protocol/arp/ARP.cc
View file

@ -196,7 +196,7 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg)
ToEthAddrStr((const u_char*) ar_sha(hdr)),
ToAddrVal(ar_tpa(hdr)),
ToEthAddrStr((const u_char*) ar_tha(hdr)),
zeek::make_intrusive<StringVal>(msg)
zeek::make_intrusive<zeek::StringVal>(msg)
);
}
@ -223,22 +223,22 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e,
);
}
AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr)
zeek::AddrVal* ARP_Analyzer::ConstructAddrVal(const void* addr)
{ return ToAddrVal(addr).release(); }
AddrValPtr ARP_Analyzer::ToAddrVal(const void* addr)
zeek::AddrValPtr ARP_Analyzer::ToAddrVal(const void* addr)
{
// ### For now, we only handle IPv4 addresses.
return zeek::make_intrusive<AddrVal>(*(const uint32_t*) addr);
return zeek::make_intrusive<zeek::AddrVal>(*(const uint32_t*) addr);
}
StringVal* ARP_Analyzer::EthAddrToStr(const u_char* addr)
zeek::StringVal* ARP_Analyzer::EthAddrToStr(const u_char* addr)
{ return ToEthAddrStr(addr).release(); }
StringValPtr ARP_Analyzer::ToEthAddrStr(const u_char* addr)
zeek::StringValPtr ARP_Analyzer::ToEthAddrStr(const u_char* addr)
{
char buf[1024];
snprintf(buf, sizeof(buf), "%02x:%02x:%02x:%02x:%02x:%02x",
addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
return zeek::make_intrusive<StringVal>(buf);
return zeek::make_intrusive<zeek::StringVal>(buf);
}

8
src/analyzer/protocol/arp/ARP.h
View file

@ -47,12 +47,12 @@ public:
protected:
[[deprecated("Remove in v4.1. Use ToAddrVal().")]]
AddrVal* ConstructAddrVal(const void* addr);
zeek::AddrVal* ConstructAddrVal(const void* addr);
[[deprecated("Remove in v4.1. Use ToEthAddrStr().")]]
StringVal* EthAddrToStr(const u_char* addr);
zeek::StringVal* EthAddrToStr(const u_char* addr);
AddrValPtr ToAddrVal(const void* addr);
StringValPtr ToEthAddrStr(const u_char* addr);
zeek::AddrValPtr ToAddrVal(const void* addr);
zeek::StringValPtr ToEthAddrStr(const u_char* addr);
void BadARP(const struct arp_pkthdr* hdr, const char* string);
void Corrupted(const char* string);
};

28
src/analyzer/protocol/asn1/asn1.pac
View file

@ -3,12 +3,12 @@
%}
%header{
ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t);
ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t);
StringValPtr asn1_oid_to_val(const ASN1Encoding* oid);
StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid);
StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s);
StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s);
zeek::ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t);
zeek::ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t);
zeek::StringValPtr asn1_oid_to_val(const ASN1Encoding* oid);
zeek::StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid);
zeek::StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s);
zeek::StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s);
%}
############################## ASN.1 Encodings
@ -102,12 +102,12 @@ function binary_to_int64(bs: bytestring): int64
%code{
ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t)
zeek::ValPtr asn1_integer_to_val(const ASN1Integer* i, zeek::TypeTag t)
{
return asn1_integer_to_val(i->encoding(), t);
}
ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t)
zeek::ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t)
{
auto v = binary_to_int64(i->content());
@ -125,12 +125,12 @@ ValPtr asn1_integer_to_val(const ASN1Encoding* i, zeek::TypeTag t)
}
}
StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid)
zeek::StringValPtr asn1_oid_to_val(const ASN1ObjectIdentifier* oid)
{
return asn1_oid_to_val(oid->encoding());
}
StringValPtr asn1_oid_to_val(const ASN1Encoding* oid)
zeek::StringValPtr asn1_oid_to_val(const ASN1Encoding* oid)
{
vector<uint64> oid_components;
vector<vector<uint8> > subidentifiers;
@ -191,17 +191,17 @@ StringValPtr asn1_oid_to_val(const ASN1Encoding* oid)
}
}
return zeek::make_intrusive<StringVal>(rval);
return zeek::make_intrusive<zeek::StringVal>(rval);
}
StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s)
zeek::StringValPtr asn1_octet_string_to_val(const ASN1OctetString* s)
{
return asn1_octet_string_to_val(s->encoding());
}
StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s)
zeek::StringValPtr asn1_octet_string_to_val(const ASN1Encoding* s)
{
bytestring const& bs = s->content();
return zeek::make_intrusive<StringVal>(bs.length(), reinterpret_cast<const char*>(bs.data()));
return zeek::make_intrusive<zeek::StringVal>(bs.length(), reinterpret_cast<const char*>(bs.data()));
}
%}

3
src/analyzer/protocol/bittorrent/BitTorrent.cc
View file

@ -122,6 +122,5 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
EnqueueConnEvent(bittorrent_peer_weird,
ConnVal(),
val_mgr->Bool(orig),
zeek::make_intrusive<StringVal>(msg)
);
zeek::make_intrusive<zeek::StringVal>(msg));
}

38
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -45,7 +45,7 @@ BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c)
req_buf_pos = req_buf;
req_buf_len = 0;
req_val_uri = nullptr;
req_val_headers = new TableVal(bt_tracker_headers);
req_val_headers = new zeek::TableVal(bt_tracker_headers);
res_state = BTT_RES_STATUS;
res_allow_blank_line = false;
@ -53,9 +53,9 @@ BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c)
res_buf_pos = res_buf;
res_buf_len = 0;
res_status = 0;
res_val_headers = new TableVal(bt_tracker_headers);
res_val_peers = new TableVal(bittorrent_peer_set);
res_val_benc = new TableVal(bittorrent_benc_dir);
res_val_headers = new zeek::TableVal(bt_tracker_headers);
res_val_peers = new zeek::TableVal(bittorrent_peer_set);
res_val_benc = new zeek::TableVal(bittorrent_benc_dir);
InitBencParser();
@ -136,7 +136,7 @@ void BitTorrentTracker_Analyzer::ClientRequest(int len, const u_char* data)
req_buf_len -= (req_buf_pos - req_buf);
memmove(req_buf, req_buf_pos, req_buf_len);
req_buf_pos = req_buf;
req_val_headers = new TableVal(bt_tracker_headers);
req_val_headers = new zeek::TableVal(bt_tracker_headers);
}
}
}
@ -198,9 +198,9 @@ void BitTorrentTracker_Analyzer::ServerReply(int len, const u_char* data)
res_buf_pos = res_buf;
res_status = 0;
res_val_headers = new TableVal(bt_tracker_headers);
res_val_peers = new TableVal(bittorrent_peer_set);
res_val_benc = new TableVal(bittorrent_benc_dir);
res_val_headers = new zeek::TableVal(bt_tracker_headers);
res_val_peers = new zeek::TableVal(bittorrent_peer_set);
res_val_benc = new zeek::TableVal(bittorrent_benc_dir);
InitBencParser();
}
@ -248,7 +248,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig)
EnqueueConnEvent(bt_tracker_weird,
ConnVal(),
val_mgr->Bool(orig),
zeek::make_intrusive<StringVal>(msg)
zeek::make_intrusive<zeek::StringVal>(msg)
);
}
@ -338,7 +338,7 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line)
void BitTorrentTracker_Analyzer::RequestGet(char* uri)
{
req_val_uri = new StringVal(uri);
req_val_uri = new zeek::StringVal(uri);
}
void BitTorrentTracker_Analyzer::EmitRequest(void)
@ -456,8 +456,8 @@ void BitTorrentTracker_Analyzer::ParseHeader(char* name, char* value,
}
#ifdef BTTRACKER_STORE_HEADERS
StringVal* name_ = new StringVal(name);
StringVal* value_ = new StringVal(value);
zeek::StringVal* name_ = new zeek::StringVal(name);
zeek::StringVal* value_ = new zeek::StringVal(value);
(is_request ? req_val_headers : res_val_headers)->Assign(name_, value_);
Unref(name_);
@ -478,17 +478,17 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
uint32_t ad = extract_uint32((u_char*) value);
uint16_t pt = ntohs((value[4] << 8) | value[5]);
auto peer = zeek::make_intrusive<RecordVal>(bittorrent_peer);
peer->Assign(0, zeek::make_intrusive<AddrVal>(ad));
auto peer = zeek::make_intrusive<zeek::RecordVal>(bittorrent_peer);
peer->Assign(0, zeek::make_intrusive<zeek::AddrVal>(ad));
peer->Assign(1, val_mgr->Port(pt, TRANSPORT_TCP));
res_val_peers->Assign(std::move(peer), nullptr);
}
}
else
{
auto name_ = zeek::make_intrusive<StringVal>(name_len, name);
auto benc_value = zeek::make_intrusive<RecordVal>(bittorrent_benc_value);
benc_value->Assign(type, zeek::make_intrusive<StringVal>(value_len, value));
auto name_ = zeek::make_intrusive<zeek::StringVal>(name_len, name);
auto benc_value = zeek::make_intrusive<zeek::RecordVal>(bittorrent_benc_value);
benc_value->Assign(type, zeek::make_intrusive<zeek::StringVal>(value_len, value));
res_val_benc->Assign(std::move(name_), std::move(benc_value));
}
}
@ -496,8 +496,8 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
enum btt_benc_types type, bro_int_t value)
{
auto benc_value = zeek::make_intrusive<RecordVal>(bittorrent_benc_value);
auto name_ = zeek::make_intrusive<StringVal>(name_len, name);
auto benc_value = zeek::make_intrusive<zeek::RecordVal>(bittorrent_benc_value);
auto name_ = zeek::make_intrusive<zeek::StringVal>(name_len, name);
benc_value->Assign(type, val_mgr->Int(value));
res_val_benc->Assign(std::move(name_), std::move(benc_value));

12
src/analyzer/protocol/bittorrent/BitTorrentTracker.h
View file

@ -6,7 +6,7 @@
#define BTTRACKER_BUF 2048
class StringVal;
ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek);
namespace analyzer { namespace bittorrent {
@ -92,8 +92,8 @@ protected:
char req_buf[BTTRACKER_BUF];
char* req_buf_pos;
unsigned int req_buf_len;
StringVal* req_val_uri;
TableVal* req_val_headers;
zeek::StringVal* req_val_uri;
zeek::TableVal* req_val_headers;
// Response.
enum btt_states res_state;
@ -102,9 +102,9 @@ protected:
char* res_buf_pos;
unsigned int res_buf_len;
bro_uint_t res_status;
TableVal* res_val_headers;
TableVal* res_val_peers;
TableVal* res_val_benc;
zeek::TableVal* res_val_headers;
zeek::TableVal* res_val_peers;
zeek::TableVal* res_val_benc;
std::vector<char> benc_stack;
std::vector<unsigned int> benc_count;

8
src/analyzer/protocol/conn-size/ConnSize.cc
View file

@ -94,7 +94,7 @@ void ConnSize_Analyzer::CheckThresholds(bool is_orig)
{
EnqueueConnEvent(conn_duration_threshold_crossed,
ConnVal(),
zeek::make_intrusive<IntervalVal>(duration_thresh),
zeek::make_intrusive<zeek::IntervalVal>(duration_thresh),
val_mgr->Bool(is_orig)
);
duration_thresh = 0;
@ -167,11 +167,11 @@ void ConnSize_Analyzer::SetDurationThreshold(double duration)
CheckThresholds(true);
}
void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
void ConnSize_Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
{
// RecordType *connection_type is decleared in NetVar.h
RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal();
RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal();
zeek::RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal();
zeek::RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal();
// endpoint is the RecordType from NetVar.h
int pktidx = zeek::id::endpoint->FieldOffset("num_pkts");

2
src/analyzer/protocol/conn-size/ConnSize.h
View file

@ -17,7 +17,7 @@ public:
void Done() override;
// from Analyzer.h
void UpdateConnVal(RecordVal *conn_val) override;
void UpdateConnVal(zeek::RecordVal *conn_val) override;
void FlipRoles() override;
void SetByteAndPacketThreshold(uint64_t threshold, bool bytes, bool orig);

6
src/analyzer/protocol/conn-size/functions.bif
View file

@ -3,7 +3,7 @@
#include "Reporter.h"
#include "Sessions.h"
static analyzer::Analyzer* GetConnsizeAnalyzer(Val* cid)
static analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
{
Connection* c = sessions->FindConnection(cid);
if ( ! c )
@ -139,7 +139,7 @@ function get_current_conn_duration_threshold%(cid: conn_id%): interval
%{
analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
if ( ! a )
return zeek::make_intrusive<IntervalVal>(0.0);
return zeek::make_intrusive<zeek::IntervalVal>(0.0);
return zeek::make_intrusive<IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
return zeek::make_intrusive<zeek::IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
%}

6
src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
View file

@ -83,14 +83,14 @@ refine connection DCE_RPC_Conn += {
%{
if ( dce_rpc_bind_ack )
{
StringValPtr sec_addr;
zeek::StringValPtr sec_addr;
// Remove the null from the end of the string if it's there.
if ( ${bind.sec_addr}.length() > 0 &&
*(${bind.sec_addr}.begin() + ${bind.sec_addr}.length()) == 0 )
sec_addr = zeek::make_intrusive<StringVal>(${bind.sec_addr}.length()-1, (const char*) ${bind.sec_addr}.begin());
sec_addr = zeek::make_intrusive<zeek::StringVal>(${bind.sec_addr}.length()-1, (const char*) ${bind.sec_addr}.begin());
else
sec_addr = zeek::make_intrusive<StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin());
sec_addr = zeek::make_intrusive<zeek::StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin());
zeek::BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(),
bro_analyzer()->Conn(),

26
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -1,8 +1,8 @@
refine flow DHCP_Flow += {
%member{
RecordValPtr options;
VectorValPtr all_options;
zeek::RecordValPtr options;
zeek::VectorValPtr all_options;
%}
%init{
@ -19,8 +19,8 @@ refine flow DHCP_Flow += {
%{
if ( ! options )
{
options = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Options);
all_options = zeek::make_intrusive<VectorVal>(zeek::id::index_vec);
options = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::Options);
all_options = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
options->Assign(0, all_options);
}
@ -53,17 +53,17 @@ refine flow DHCP_Flow += {
std::string mac_str = fmt_mac(${msg.chaddr}.data(), ${msg.chaddr}.length());
double secs = static_cast<double>(${msg.secs});
auto dhcp_msg_val = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::Msg);
auto dhcp_msg_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::Msg);
dhcp_msg_val->Assign(0, val_mgr->Count(${msg.op}));
dhcp_msg_val->Assign(1, val_mgr->Count(${msg.type}));
dhcp_msg_val->Assign(2, val_mgr->Count(${msg.xid}));
dhcp_msg_val->Assign(3, zeek::make_intrusive<IntervalVal>(secs));
dhcp_msg_val->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(secs));
dhcp_msg_val->Assign(4, val_mgr->Count(${msg.flags}));
dhcp_msg_val->Assign(5, zeek::make_intrusive<AddrVal>(htonl(${msg.ciaddr})));
dhcp_msg_val->Assign(6, zeek::make_intrusive<AddrVal>(htonl(${msg.yiaddr})));
dhcp_msg_val->Assign(7, zeek::make_intrusive<AddrVal>(htonl(${msg.siaddr})));
dhcp_msg_val->Assign(8, zeek::make_intrusive<AddrVal>(htonl(${msg.giaddr})));
dhcp_msg_val->Assign(9, zeek::make_intrusive<StringVal>(mac_str));
dhcp_msg_val->Assign(5, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.ciaddr})));
dhcp_msg_val->Assign(6, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.yiaddr})));
dhcp_msg_val->Assign(7, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.siaddr})));
dhcp_msg_val->Assign(8, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.giaddr})));
dhcp_msg_val->Assign(9, zeek::make_intrusive<zeek::StringVal>(mac_str));
int last_non_null = 0;
@ -74,7 +74,7 @@ refine flow DHCP_Flow += {
}
if ( last_non_null > 0 )
dhcp_msg_val->Assign(10, zeek::make_intrusive<StringVal>(last_non_null + 1,
dhcp_msg_val->Assign(10, zeek::make_intrusive<zeek::StringVal>(last_non_null + 1,
reinterpret_cast<const char*>(${msg.sname}.begin())));
last_non_null = 0;
@ -86,7 +86,7 @@ refine flow DHCP_Flow += {
}
if ( last_non_null > 0 )
dhcp_msg_val->Assign(11, zeek::make_intrusive<StringVal>(last_non_null + 1,
dhcp_msg_val->Assign(11, zeek::make_intrusive<zeek::StringVal>(last_non_null + 1,
reinterpret_cast<const char*>(${msg.file_n}.begin())));
init_options();

72
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -11,7 +11,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_subnet_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(1, zeek::make_intrusive<AddrVal>(htonl(${v.subnet})));
${context.flow}->options->Assign(1, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.subnet})));
return true;
%}
};
@ -57,14 +57,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_router_option(v: OptionValue): bool
%{
auto router_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
auto router_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_routers = ${v.router_list}->size();
vector<uint32>* rlist = ${v.router_list};
for ( int i = 0; i < num_routers; ++i )
{
uint32 raddr = (*rlist)[i];
router_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr)));
router_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
}
${context.flow}->options->Assign(2, std::move(router_list));
@ -91,14 +91,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_timeserver_option(v: OptionValue): bool
%{
auto timeserver_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
auto timeserver_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.timeserver_list}->size();
vector<uint32>* rlist = ${v.timeserver_list};
for ( int i = 0; i < num_servers; ++i )
{
uint32 raddr = (*rlist)[i];
timeserver_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr)));
timeserver_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
}
${context.flow}->options->Assign(26, std::move(timeserver_list));
@ -125,14 +125,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_nameserver_option(v: OptionValue): bool
%{
auto nameserver_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
auto nameserver_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.nameserver_list}->size();
vector<uint32>* rlist = ${v.nameserver_list};
for ( int i = 0; i < num_servers; ++i )
{
uint32 raddr = (*rlist)[i];
nameserver_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr)));
nameserver_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
}
${context.flow}->options->Assign(27, std::move(nameserver_list));
@ -159,14 +159,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_dns_server_option(v: OptionValue): bool
%{
auto server_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
auto server_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.dns_server_list}->size();
vector<uint32>* rlist = ${v.dns_server_list};
for ( int i = 0; i < num_servers; ++i )
{
uint32 raddr = (*rlist)[i];
server_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr)));
server_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
}
${context.flow}->options->Assign(3, std::move(server_list));
@ -192,7 +192,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_host_name_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(4, zeek::make_intrusive<StringVal>(${v.host_name}.length(),
${context.flow}->options->Assign(4, zeek::make_intrusive<zeek::StringVal>(${v.host_name}.length(),
reinterpret_cast<const char*>(${v.host_name}.begin())));
return true;
@ -225,7 +225,7 @@ refine flow DHCP_Flow += {
last_non_null = i;
}
${context.flow}->options->Assign(5, zeek::make_intrusive<StringVal>(last_non_null == 0 ? 0 : last_non_null + 1,
${context.flow}->options->Assign(5, zeek::make_intrusive<zeek::StringVal>(last_non_null == 0 ? 0 : last_non_null + 1,
reinterpret_cast<const char*>(${v.domain_name}.begin())));
return true;
@ -274,7 +274,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_broadcast_address_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(7, zeek::make_intrusive<AddrVal>(htonl(${v.broadcast_address})));
${context.flow}->options->Assign(7, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.broadcast_address})));
return true;
%}
@ -298,14 +298,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_ntpserver_option(v: OptionValue): bool
%{
auto ntpserver_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
auto ntpserver_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.ntpserver_list}->size();
vector<uint32>* rlist = ${v.ntpserver_list};
for ( int i = 0; i < num_servers; ++i )
{
uint32 raddr = (*rlist)[i];
ntpserver_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr)));
ntpserver_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
}
${context.flow}->options->Assign(28, std::move(ntpserver_list));
@ -331,7 +331,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_vendor_specific_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(8, zeek::make_intrusive<StringVal>(${v.vendor_specific}.length(),
${context.flow}->options->Assign(8, zeek::make_intrusive<zeek::StringVal>(${v.vendor_specific}.length(),
reinterpret_cast<const char*>(${v.vendor_specific}.begin())));
return true;
@ -356,14 +356,14 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_nbns_option(v: OptionValue): bool
%{
auto server_list = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
auto server_list = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::Addrs);
int num_servers = ${v.nbns}->size();
vector<uint32>* rlist = ${v.nbns};
for ( int i = 0; i < num_servers; ++i )
{
uint32 raddr = (*rlist)[i];
server_list->Assign(i, zeek::make_intrusive<AddrVal>(htonl(raddr)));
server_list->Assign(i, zeek::make_intrusive<zeek::AddrVal>(htonl(raddr)));
}
${context.flow}->options->Assign(9, std::move(server_list));
@ -389,7 +389,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_addr_request_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(10, zeek::make_intrusive<AddrVal>(htonl(${v.addr_request})));
${context.flow}->options->Assign(10, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.addr_request})));
return true;
%}
@ -414,7 +414,7 @@ refine flow DHCP_Flow += {
function process_lease_option(v: OptionValue): bool
%{
double lease = static_cast<double>(${v.lease});
${context.flow}->options->Assign(11, zeek::make_intrusive<IntervalVal>(lease));
${context.flow}->options->Assign(11, zeek::make_intrusive<zeek::IntervalVal>(lease));
return true;
%}
@ -438,7 +438,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_serv_id_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(12, zeek::make_intrusive<AddrVal>(htonl(${v.serv_addr})));
${context.flow}->options->Assign(12, zeek::make_intrusive<zeek::AddrVal>(htonl(${v.serv_addr})));
return true;
%}
@ -462,7 +462,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_par_req_list_option(v: OptionValue): bool
%{
auto params = zeek::make_intrusive<VectorVal>(zeek::id::index_vec);
auto params = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
int num_parms = ${v.par_req_list}->size();
vector<uint8>* plist = ${v.par_req_list};
@ -496,7 +496,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_message_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(14, zeek::make_intrusive<StringVal>(${v.message}.length(),
${context.flow}->options->Assign(14, zeek::make_intrusive<zeek::StringVal>(${v.message}.length(),
reinterpret_cast<const char*>(${v.message}.begin())));
return true;
@ -546,7 +546,7 @@ refine flow DHCP_Flow += {
function process_renewal_time_option(v: OptionValue): bool
%{
double renewal_time = static_cast<double>(${v.renewal_time});
${context.flow}->options->Assign(16, zeek::make_intrusive<IntervalVal>(renewal_time));
${context.flow}->options->Assign(16, zeek::make_intrusive<zeek::IntervalVal>(renewal_time));
return true;
%}
@ -571,7 +571,7 @@ refine flow DHCP_Flow += {
function process_rebinding_time_option(v: OptionValue): bool
%{
double rebinding_time = static_cast<double>(${v.rebinding_time});
${context.flow}->options->Assign(17, zeek::make_intrusive<IntervalVal>(rebinding_time));
${context.flow}->options->Assign(17, zeek::make_intrusive<zeek::IntervalVal>(rebinding_time));
return true;
%}
@ -595,7 +595,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_vendor_class_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(18, zeek::make_intrusive<StringVal>(${v.vendor_class}.length(),
${context.flow}->options->Assign(18, zeek::make_intrusive<zeek::StringVal>(${v.vendor_class}.length(),
reinterpret_cast<const char*>(${v.vendor_class}.begin())));
return true;
@ -625,15 +625,15 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_client_id_option(v: OptionValue): bool
%{
auto client_id = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::ClientID);
auto client_id = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientID);
client_id->Assign(0, val_mgr->Count(${v.client_id.hwtype}));
StringValPtr sv;
zeek::StringValPtr sv;
if ( ${v.client_id.hwtype} == 0 )
sv = zeek::make_intrusive<StringVal>(${v.client_id.hwaddr}.length(),
sv = zeek::make_intrusive<zeek::StringVal>(${v.client_id.hwaddr}.length(),
(const char*)${v.client_id.hwaddr}.begin());
else
sv = zeek::make_intrusive<StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(),
sv = zeek::make_intrusive<zeek::StringVal>(fmt_mac(${v.client_id.hwaddr}.begin(),
${v.client_id.hwaddr}.length()));
client_id->Assign(1, std::move(sv));
@ -662,7 +662,7 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_user_class_option(v: OptionValue): bool
%{
${context.flow}->options->Assign(20, zeek::make_intrusive<StringVal>(${v.user_class}.length(),
${context.flow}->options->Assign(20, zeek::make_intrusive<zeek::StringVal>(${v.user_class}.length(),
reinterpret_cast<const char*>(${v.user_class}.begin())));
return true;
@ -694,12 +694,12 @@ refine casetype OptionValue += {
refine flow DHCP_Flow += {
function process_client_fqdn_option(v: OptionValue): bool
%{
auto client_fqdn = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN);
auto client_fqdn = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN);
client_fqdn->Assign(0, val_mgr->Count(${v.client_fqdn.flags}));
client_fqdn->Assign(1, val_mgr->Count(${v.client_fqdn.rcode1}));
client_fqdn->Assign(2, val_mgr->Count(${v.client_fqdn.rcode2}));
const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin());
client_fqdn->Assign(3, zeek::make_intrusive<StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
client_fqdn->Assign(3, zeek::make_intrusive<zeek::StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
${context.flow}->options->Assign(21, std::move(client_fqdn));
@ -752,14 +752,14 @@ refine flow DHCP_Flow += {
function process_relay_agent_inf_option(v: OptionValue): bool
%{
auto relay_agent_sub_opt = zeek::make_intrusive<VectorVal>(zeek::BifType::Vector::DHCP::SubOpts);
auto relay_agent_sub_opt = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::DHCP::SubOpts);
uint16 i = 0;
for ( auto ptrsubopt = ${v.relay_agent_inf}->begin();
ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
{
auto r = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::DHCP::SubOpt);
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::SubOpt);
r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
r->Assign(1, to_stringval((*ptrsubopt)->value()));
@ -818,7 +818,7 @@ refine flow DHCP_Flow += {
if ( string_len == 0 )
{
${context.flow}->options->Assign(24, zeek::make_intrusive<StringVal>(0, ""));
${context.flow}->options->Assign(24, zeek::make_intrusive<zeek::StringVal>(0, ""));
return true;
}
@ -830,7 +830,7 @@ refine flow DHCP_Flow += {
if ( has_newline )
--string_len;
${context.flow}->options->Assign(24, zeek::make_intrusive<StringVal>(string_len,
${context.flow}->options->Assign(24, zeek::make_intrusive<zeek::StringVal>(string_len,
reinterpret_cast<const char*>(${v.auto_proxy_config}.begin())));
return true;

124
src/analyzer/protocol/dns/DNS.cc
View file

@ -89,9 +89,9 @@ void DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
int skip_addl = dns_skip_all_addl;
if ( msg.ancount > 0 )
{ // We did an answer, so can potentially skip auth/addl.
static auto dns_skip_auth = zeek::id::find_val<TableVal>("dns_skip_auth");
static auto dns_skip_addl = zeek::id::find_val<TableVal>("dns_skip_addl");
auto server = zeek::make_intrusive<AddrVal>(analyzer->Conn()->RespAddr());
static auto dns_skip_auth = zeek::id::find_val<zeek::TableVal>("dns_skip_auth");
static auto dns_skip_addl = zeek::id::find_val<zeek::TableVal>("dns_skip_addl");
auto server = zeek::make_intrusive<zeek::AddrVal>(analyzer->Conn()->RespAddr());
skip_auth = skip_auth || msg.nscount == 0 ||
dns_skip_auth->FindOrDefault(server);
@ -238,7 +238,7 @@ bool DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
// Note that the exact meaning of some of these fields will be
// re-interpreted by other, more adventurous RR types.
msg->query_name = zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true));
msg->query_name = zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true));
msg->atype = RR_Type(ExtractShort(data, len));
msg->aclass = ExtractShort(data, len);
msg->ttl = ExtractLong(data, len);
@ -562,7 +562,7 @@ bool DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true))
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true))
);
return true;
@ -603,14 +603,14 @@ bool DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
if ( dns_SOA_reply && ! msg->skip_event )
{
static auto dns_soa = zeek::id::find_type<zeek::RecordType>("dns_soa");
auto r = zeek::make_intrusive<RecordVal>(dns_soa);
r->Assign(0, zeek::make_intrusive<StringVal>(new BroString(mname, mname_end - mname, true)));
r->Assign(1, zeek::make_intrusive<StringVal>(new BroString(rname, rname_end - rname, true)));
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_soa);
r->Assign(0, zeek::make_intrusive<zeek::StringVal>(new BroString(mname, mname_end - mname, true)));
r->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString(rname, rname_end - rname, true)));
r->Assign(2, val_mgr->Count(serial));
r->Assign(3, zeek::make_intrusive<IntervalVal>(double(refresh), Seconds));
r->Assign(4, zeek::make_intrusive<IntervalVal>(double(retry), Seconds));
r->Assign(5, zeek::make_intrusive<IntervalVal>(double(expire), Seconds));
r->Assign(6, zeek::make_intrusive<IntervalVal>(double(minimum), Seconds));
r->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(refresh), Seconds));
r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(retry), Seconds));
r->Assign(5, zeek::make_intrusive<zeek::IntervalVal>(double(expire), Seconds));
r->Assign(6, zeek::make_intrusive<zeek::IntervalVal>(double(minimum), Seconds));
analyzer->EnqueueConnEvent(dns_SOA_reply,
analyzer->ConnVal(),
@ -646,7 +646,7 @@ bool DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
val_mgr->Count(preference)
);
@ -687,7 +687,7 @@ bool DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
val_mgr->Count(priority),
val_mgr->Count(weight),
val_mgr->Count(port)
@ -1009,7 +1009,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec);
auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
@ -1024,7 +1024,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
}
BroString* bitmap = ExtractStream(data, len, bmlen);
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<StringVal>(bitmap));
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
typebitmaps_len = typebitmaps_len - (2 + bmlen);
}
@ -1033,7 +1033,7 @@ bool DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<StringVal>(new BroString(name, name_end - name, true)),
zeek::make_intrusive<zeek::StringVal>(new BroString(name, name_end - name, true)),
std::move(char_strings)
);
@ -1084,7 +1084,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
int typebitmaps_len = rdlength - (data - data_start);
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec);
auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
@ -1099,7 +1099,7 @@ bool DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
}
BroString* bitmap = ExtractStream(data, len, bmlen);
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<StringVal>(bitmap));
char_strings->Assign(char_strings->Size(), zeek::make_intrusive<zeek::StringVal>(bitmap));
typebitmaps_len = typebitmaps_len - (2 + bmlen);
}
@ -1200,7 +1200,7 @@ bool DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<AddrVal>(htonl(addr))
zeek::make_intrusive<zeek::AddrVal>(htonl(addr))
);
return true;
@ -1236,7 +1236,7 @@ bool DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg,
analyzer->ConnVal(),
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
zeek::make_intrusive<AddrVal>(addr)
zeek::make_intrusive<zeek::AddrVal>(addr)
);
return true;
@ -1260,7 +1260,7 @@ bool DNS_Interpreter::ParseRR_HINFO(DNS_MsgInfo* msg,
return true;
}
static StringValPtr
static zeek::StringValPtr
extract_char_string(analyzer::Analyzer* analyzer,
const u_char*& data, int& len, int& rdlen)
{
@ -1279,7 +1279,7 @@ extract_char_string(analyzer::Analyzer* analyzer,
return nullptr;
}
auto rval = zeek::make_intrusive<StringVal>(str_size, reinterpret_cast<const char*>(data));
auto rval = zeek::make_intrusive<zeek::StringVal>(str_size, reinterpret_cast<const char*>(data));
rdlen -= str_size;
len -= str_size;
@ -1299,8 +1299,8 @@ bool DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
return true;
}
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec);
StringValPtr char_string;
auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
zeek::StringValPtr char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
char_strings->Assign(char_strings->Size(), std::move(char_string));
@ -1327,8 +1327,8 @@ bool DNS_Interpreter::ParseRR_SPF(DNS_MsgInfo* msg,
return true;
}
auto char_strings = zeek::make_intrusive<VectorVal>(zeek::id::string_vec);
StringValPtr char_string;
auto char_strings = zeek::make_intrusive<zeek::VectorVal>(zeek::id::string_vec);
zeek::StringValPtr char_string;
while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
char_strings->Assign(char_strings->Size(), std::move(char_string));
@ -1380,8 +1380,8 @@ bool DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
msg->BuildHdrVal(),
msg->BuildAnswerVal(),
val_mgr->Count(flags),
zeek::make_intrusive<StringVal>(tag),
zeek::make_intrusive<StringVal>(value)
zeek::make_intrusive<zeek::StringVal>(tag),
zeek::make_intrusive<zeek::StringVal>(value)
);
else
{
@ -1407,10 +1407,10 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
analyzer->EnqueueConnEvent(event,
analyzer->ConnVal(),
msg->BuildHdrVal(),
zeek::make_intrusive<StringVal>(question_name),
zeek::make_intrusive<zeek::StringVal>(question_name),
val_mgr->Count(qtype),
val_mgr->Count(qclass),
zeek::make_intrusive<StringVal>(original_name)
zeek::make_intrusive<zeek::StringVal>(original_name)
);
}
@ -1446,10 +1446,10 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
skip_event = 0;
}
RecordValPtr DNS_MsgInfo::BuildHdrVal()
zeek::RecordValPtr DNS_MsgInfo::BuildHdrVal()
{
static auto dns_msg = zeek::id::find_type<zeek::RecordType>("dns_msg");
auto r = zeek::make_intrusive<RecordVal>(dns_msg);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_msg);
r->Assign(0, val_mgr->Count(id));
r->Assign(1, val_mgr->Count(opcode));
@ -1468,26 +1468,26 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal()
return r;
}
RecordValPtr DNS_MsgInfo::BuildAnswerVal()
zeek::RecordValPtr DNS_MsgInfo::BuildAnswerVal()
{
static auto dns_answer = zeek::id::find_type<zeek::RecordType>("dns_answer");
auto r = zeek::make_intrusive<RecordVal>(dns_answer);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_answer);
r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(1, query_name);
r->Assign(2, val_mgr->Count(atype));
r->Assign(3, val_mgr->Count(aclass));
r->Assign(4, zeek::make_intrusive<IntervalVal>(double(ttl), Seconds));
r->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(double(ttl), Seconds));
return r;
}
RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
zeek::RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
{
// We have to treat the additional record type in EDNS differently
// than a regular resource record.
static auto dns_edns_additional = zeek::id::find_type<zeek::RecordType>("dns_edns_additional");
auto r = zeek::make_intrusive<RecordVal>(dns_edns_additional);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_edns_additional);
r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(1, query_name);
@ -1512,25 +1512,25 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
r->Assign(4, val_mgr->Count(return_error));
r->Assign(5, val_mgr->Count(version));
r->Assign(6, val_mgr->Count(z));
r->Assign(7, zeek::make_intrusive<IntervalVal>(double(ttl), Seconds));
r->Assign(7, zeek::make_intrusive<zeek::IntervalVal>(double(ttl), Seconds));
r->Assign(8, val_mgr->Count(is_query));
return r;
}
RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
zeek::RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
{
static auto dns_tsig_additional = zeek::id::find_type<zeek::RecordType>("dns_tsig_additional");
auto r = zeek::make_intrusive<RecordVal>(dns_tsig_additional);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_tsig_additional);
double rtime = tsig->time_s + tsig->time_ms / 1000.0;
// r->Assign(0, val_mgr->Count(int(answer_type)));
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, zeek::make_intrusive<StringVal>(tsig->alg_name));
r->Assign(3, zeek::make_intrusive<StringVal>(tsig->sig));
r->Assign(4, zeek::make_intrusive<TimeVal>(rtime));
r->Assign(5, zeek::make_intrusive<TimeVal>(double(tsig->fudge)));
r->Assign(2, zeek::make_intrusive<zeek::StringVal>(tsig->alg_name));
r->Assign(3, zeek::make_intrusive<zeek::StringVal>(tsig->sig));
r->Assign(4, zeek::make_intrusive<zeek::TimeVal>(rtime));
r->Assign(5, zeek::make_intrusive<zeek::TimeVal>(double(tsig->fudge)));
r->Assign(6, val_mgr->Count(tsig->orig_id));
r->Assign(7, val_mgr->Count(tsig->rr_error));
r->Assign(8, val_mgr->Count(is_query));
@ -1538,47 +1538,47 @@ RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
return r;
}
RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
zeek::RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
{
static auto dns_rrsig_rr = zeek::id::find_type<zeek::RecordType>("dns_rrsig_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_rrsig_rr);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_rrsig_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(rrsig->type_covered));
r->Assign(3, val_mgr->Count(rrsig->algorithm));
r->Assign(4, val_mgr->Count(rrsig->labels));
r->Assign(5, zeek::make_intrusive<IntervalVal>(double(rrsig->orig_ttl), Seconds));
r->Assign(6, zeek::make_intrusive<TimeVal>(double(rrsig->sig_exp)));
r->Assign(7, zeek::make_intrusive<TimeVal>(double(rrsig->sig_incep)));
r->Assign(5, zeek::make_intrusive<zeek::IntervalVal>(double(rrsig->orig_ttl), Seconds));
r->Assign(6, zeek::make_intrusive<zeek::TimeVal>(double(rrsig->sig_exp)));
r->Assign(7, zeek::make_intrusive<zeek::TimeVal>(double(rrsig->sig_incep)));
r->Assign(8, val_mgr->Count(rrsig->key_tag));
r->Assign(9, zeek::make_intrusive<StringVal>(rrsig->signer_name));
r->Assign(10, zeek::make_intrusive<StringVal>(rrsig->signature));
r->Assign(9, zeek::make_intrusive<zeek::StringVal>(rrsig->signer_name));
r->Assign(10, zeek::make_intrusive<zeek::StringVal>(rrsig->signature));
r->Assign(11, val_mgr->Count(is_query));
return r;
}
RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
zeek::RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
{
static auto dns_dnskey_rr = zeek::id::find_type<zeek::RecordType>("dns_dnskey_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_dnskey_rr);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_dnskey_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(dnskey->dflags));
r->Assign(3, val_mgr->Count(dnskey->dprotocol));
r->Assign(4, val_mgr->Count(dnskey->dalgorithm));
r->Assign(5, zeek::make_intrusive<StringVal>(dnskey->public_key));
r->Assign(5, zeek::make_intrusive<zeek::StringVal>(dnskey->public_key));
r->Assign(6, val_mgr->Count(is_query));
return r;
}
RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
zeek::RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
{
static auto dns_nsec3_rr = zeek::id::find_type<zeek::RecordType>("dns_nsec3_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_nsec3_rr);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_nsec3_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
@ -1586,26 +1586,26 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo));
r->Assign(4, val_mgr->Count(nsec3->nsec_iter));
r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len));
r->Assign(6, zeek::make_intrusive<StringVal>(nsec3->nsec_salt));
r->Assign(6, zeek::make_intrusive<zeek::StringVal>(nsec3->nsec_salt));
r->Assign(7, val_mgr->Count(nsec3->nsec_hlen));
r->Assign(8, zeek::make_intrusive<StringVal>(nsec3->nsec_hash));
r->Assign(8, zeek::make_intrusive<zeek::StringVal>(nsec3->nsec_hash));
r->Assign(9, std::move(nsec3->bitmaps));
r->Assign(10, val_mgr->Count(is_query));
return r;
}
RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
zeek::RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
{
static auto dns_ds_rr = zeek::id::find_type<zeek::RecordType>("dns_ds_rr");
auto r = zeek::make_intrusive<RecordVal>(dns_ds_rr);
auto r = zeek::make_intrusive<zeek::RecordVal>(dns_ds_rr);
r->Assign(0, query_name);
r->Assign(1, val_mgr->Count(int(answer_type)));
r->Assign(2, val_mgr->Count(ds->key_tag));
r->Assign(3, val_mgr->Count(ds->algorithm));
r->Assign(4, val_mgr->Count(ds->digest_type));
r->Assign(5, zeek::make_intrusive<StringVal>(ds->digest_val));
r->Assign(5, zeek::make_intrusive<zeek::StringVal>(ds->digest_val));
r->Assign(6, val_mgr->Count(is_query));
return r;

20
src/analyzer/protocol/dns/DNS.h
View file

@ -165,7 +165,7 @@ struct NSEC3_DATA {
BroString* nsec_salt;
unsigned short nsec_hlen;
BroString* nsec_hash;
VectorValPtr bitmaps;
zeek::VectorValPtr bitmaps;
};
struct DS_DATA {
@ -179,14 +179,14 @@ class DNS_MsgInfo {
public:
DNS_MsgInfo(DNS_RawMsgHdr* hdr, int is_query);
RecordValPtr BuildHdrVal();
RecordValPtr BuildAnswerVal();
RecordValPtr BuildEDNS_Val();
RecordValPtr BuildTSIG_Val(struct TSIG_DATA*);
RecordValPtr BuildRRSIG_Val(struct RRSIG_DATA*);
RecordValPtr BuildDNSKEY_Val(struct DNSKEY_DATA*);
RecordValPtr BuildNSEC3_Val(struct NSEC3_DATA*);
RecordValPtr BuildDS_Val(struct DS_DATA*);
zeek::RecordValPtr BuildHdrVal();
zeek::RecordValPtr BuildAnswerVal();
zeek::RecordValPtr BuildEDNS_Val();
zeek::RecordValPtr BuildTSIG_Val(struct TSIG_DATA*);
zeek::RecordValPtr BuildRRSIG_Val(struct RRSIG_DATA*);
zeek::RecordValPtr BuildDNSKEY_Val(struct DNSKEY_DATA*);
zeek::RecordValPtr BuildNSEC3_Val(struct NSEC3_DATA*);
zeek::RecordValPtr BuildDS_Val(struct DS_DATA*);
int id;
int opcode; ///< query type, see DNS_Opcode
@ -203,7 +203,7 @@ public:
int arcount; ///< number of additional RRs
int is_query; ///< whether it came from the session initiator
StringValPtr query_name;
zeek::StringValPtr query_name;
RR_Type atype;
int aclass; ///< normally = 1, inet
uint32_t ttl;

6
src/analyzer/protocol/file/File.cc
View file

@ -82,8 +82,8 @@ void File_Analyzer::Identify()
EnqueueConnEvent(
file_transferred,
ConnVal(),
zeek::make_intrusive<StringVal>(buffer_len, buffer),
zeek::make_intrusive<StringVal>("<unknown>"),
zeek::make_intrusive<StringVal>(match)
zeek::make_intrusive<zeek::StringVal>(buffer_len, buffer),
zeek::make_intrusive<zeek::StringVal>("<unknown>"),
zeek::make_intrusive<zeek::StringVal>(match)
);
}

6
src/analyzer/protocol/finger/Finger.cc
View file

@ -70,8 +70,8 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
EnqueueConnEvent(finger_request,
ConnVal(),
val_mgr->Bool(long_cnt),
zeek::make_intrusive<StringVal>(at - line, line),
zeek::make_intrusive<StringVal>(end_of_line - host, host)
zeek::make_intrusive<zeek::StringVal>(at - line, line),
zeek::make_intrusive<zeek::StringVal>(end_of_line - host, host)
);
Conn()->Match(Rule::FINGER, (const u_char *) line,
@ -87,7 +87,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
EnqueueConnEvent(finger_reply,
ConnVal(),
zeek::make_intrusive<StringVal>(end_of_line - line, line)
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line)
);
}
}

14
src/analyzer/protocol/ftp/FTP.cc
View file

@ -82,7 +82,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
{
int cmd_len;
const char* cmd;
StringVal* cmd_str;
zeek::StringVal* cmd_str;
line = skip_whitespace(line, end_of_line);
get_word(end_of_line - line, line, cmd_len, cmd);
@ -91,15 +91,15 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
if ( cmd_len == 0 )
{
// Weird("FTP command missing", end_of_line - orig_line, orig_line);
cmd_str = new StringVal("<missing>");
cmd_str = new zeek::StringVal("<missing>");
}
else
cmd_str = (new StringVal(cmd_len, cmd))->ToUpper();
cmd_str = (new zeek::StringVal(cmd_len, cmd))->ToUpper();
vl = {
ConnVal(),
zeek::IntrusivePtr{zeek::AdoptRef{}, cmd_str},
zeek::make_intrusive<StringVal>(end_of_line - line, line),
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
};
f = ftp_request;
@ -178,7 +178,7 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
vl = {
ConnVal(),
val_mgr->Count(reply_code),
zeek::make_intrusive<StringVal>(end_of_line - line, line),
zeek::make_intrusive<zeek::StringVal>(end_of_line - line, line),
val_mgr->Bool(cont_resp)
};
@ -216,7 +216,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
if ( strncmp(cmd, "ADAT", cmd_len) == 0 )
{
line = skip_whitespace(line + cmd_len, end_of_line);
StringVal encoded(end_of_line - line, line);
zeek::StringVal encoded(end_of_line - line, line);
decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn());
if ( first_token )
@ -291,7 +291,7 @@ void FTP_ADAT_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
if ( end_of_line - line >= 5 && strncmp(line, "ADAT=", 5) == 0 )
{
line += 5;
StringVal encoded(end_of_line - line, line);
zeek::StringVal encoded(end_of_line - line, line);
decoded_adat = decode_base64(encoded.AsString(), nullptr, Conn());
}

16
src/analyzer/protocol/ftp/functions.bif
View file

@ -4,9 +4,9 @@ type ftp_port: record;
%%{
#include "Reporter.h"
static ValPtr parse_port(const char* line)
static zeek::ValPtr parse_port(const char* line)
{
auto r = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port);
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ftp_port);
int bytes[6];
if ( line && sscanf(line, "%d,%d,%d,%d,%d,%d",
@ -33,13 +33,13 @@ static ValPtr parse_port(const char* line)
good = 0;
}
r->Assign(0, zeek::make_intrusive<AddrVal>(htonl(addr)));
r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(htonl(addr)));
r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, val_mgr->Bool(good));
}
else
{
r->Assign(0, zeek::make_intrusive<AddrVal>(uint32_t(0)));
r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(uint32_t(0)));
r->Assign(1, val_mgr->Port(0, TRANSPORT_TCP));
r->Assign(2, val_mgr->False());
}
@ -47,9 +47,9 @@ static ValPtr parse_port(const char* line)
return r;
}
static ValPtr parse_eftp(const char* line)
static zeek::ValPtr parse_eftp(const char* line)
{
auto r = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::ftp_port);
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ftp_port);
int net_proto = 0; // currently not used
IPAddr addr; // unspecified IPv6 address (all 128 bits zero)
@ -109,7 +109,7 @@ static ValPtr parse_eftp(const char* line)
}
r->Assign(0, zeek::make_intrusive<AddrVal>(addr));
r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(addr));
r->Assign(1, val_mgr->Port(port, TRANSPORT_TCP));
r->Assign(2, val_mgr->Bool(good));
@ -206,7 +206,7 @@ function fmt_ftp_port%(a: addr, p: port%): string
{
uint32_t a = ntohl(addr[0]);
uint32_t pn = p->Port();
return zeek::make_intrusive<StringVal>(fmt("%d,%d,%d,%d,%d,%d",
return zeek::make_intrusive<zeek::StringVal>(fmt("%d,%d,%d,%d,%d,%d",
a >> 24, (a >> 16) & 0xff,
(a >> 8) & 0xff, a & 0xff,
pn >> 8, pn & 0xff));

13
src/analyzer/protocol/gnutella/Gnutella.cc
View file

@ -73,10 +73,9 @@ void Gnutella_Analyzer::Done()
if ( ! p->msg_sent && p->msg_pos )
EnqueueConnEvent(gnutella_partial_binary_msg,
ConnVal(),
zeek::make_intrusive<StringVal>(p->msg),
zeek::make_intrusive<zeek::StringVal>(p->msg),
val_mgr->Bool((i == 0)),
val_mgr->Count(p->msg_pos)
);
val_mgr->Count(p->msg_pos));
else if ( ! p->msg_sent && p->payload_left )
SendEvents(p, (i == 0));
@ -179,8 +178,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
EnqueueConnEvent(gnutella_text_msg,
ConnVal(),
val_mgr->Bool(orig),
zeek::make_intrusive<StringVal>(ms->headers.data())
);
zeek::make_intrusive<zeek::StringVal>(ms->headers.data()));
ms->headers = "";
state |= new_state;
@ -221,11 +219,10 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig)
val_mgr->Count(p->msg_ttl),
val_mgr->Count(p->msg_hops),
val_mgr->Count(p->msg_len),
zeek::make_intrusive<StringVal>(p->payload),
zeek::make_intrusive<zeek::StringVal>(p->payload),
val_mgr->Count(p->payload_len),
val_mgr->Bool((p->payload_len < std::min(p->msg_len, (unsigned int)GNUTELLA_MAX_PAYLOAD))),
val_mgr->Bool((p->payload_left == 0))
);
val_mgr->Bool((p->payload_left == 0)));
}

108
src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -4,9 +4,9 @@
%}
%code{
RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
{
auto rv = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtpv1_hdr);
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtpv1_hdr);
rv->Assign(0, val_mgr->Count(pdu->version()));
rv->Assign(1, val_mgr->Bool(pdu->pt_flag()));
@ -28,14 +28,14 @@ RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
return rv;
}
static ValPtr BuildIMSI(const InformationElement* ie)
static zeek::ValPtr BuildIMSI(const InformationElement* ie)
{
return val_mgr->Count(ie->imsi()->value());
}
static ValPtr BuildRAI(const InformationElement* ie)
static zeek::ValPtr BuildRAI(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_rai);
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_rai);
ev->Assign(0, val_mgr->Count(ie->rai()->mcc()));
ev->Assign(1, val_mgr->Count(ie->rai()->mnc()));
ev->Assign(2, val_mgr->Count(ie->rai()->lac()));
@ -43,49 +43,49 @@ static ValPtr BuildRAI(const InformationElement* ie)
return ev;
}
static ValPtr BuildRecovery(const InformationElement* ie)
static zeek::ValPtr BuildRecovery(const InformationElement* ie)
{
return val_mgr->Count(ie->recovery()->restart_counter());
}
static ValPtr BuildSelectionMode(const InformationElement* ie)
static zeek::ValPtr BuildSelectionMode(const InformationElement* ie)
{
return val_mgr->Count(ie->selection_mode()->mode());
}
static ValPtr BuildTEID1(const InformationElement* ie)
static zeek::ValPtr BuildTEID1(const InformationElement* ie)
{
return val_mgr->Count(ie->teid1()->value());
}
static ValPtr BuildTEID_ControlPlane(const InformationElement* ie)
static zeek::ValPtr BuildTEID_ControlPlane(const InformationElement* ie)
{
return val_mgr->Count(ie->teidcp()->value());
}
static ValPtr BuildNSAPI(const InformationElement* ie)
static zeek::ValPtr BuildNSAPI(const InformationElement* ie)
{
return val_mgr->Count(ie->nsapi()->nsapi());
}
static ValPtr BuildChargingCharacteristics(const InformationElement* ie)
static zeek::ValPtr BuildChargingCharacteristics(const InformationElement* ie)
{
return val_mgr->Count(ie->charging_characteristics()->value());
}
static ValPtr BuildTraceReference(const InformationElement* ie)
static zeek::ValPtr BuildTraceReference(const InformationElement* ie)
{
return val_mgr->Count(ie->trace_reference()->value());
}
static ValPtr BuildTraceType(const InformationElement* ie)
static zeek::ValPtr BuildTraceType(const InformationElement* ie)
{
return val_mgr->Count(ie->trace_type()->value());
}
ValPtr BuildEndUserAddr(const InformationElement* ie)
zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_end_user_addr);
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_end_user_addr);
ev->Assign(0, val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
ev->Assign(1, val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
@ -97,15 +97,15 @@ ValPtr BuildEndUserAddr(const InformationElement* ie)
switch ( ie->end_user_addr()->pdp_type_num() ) {
case 0x21:
ev->Assign(2, zeek::make_intrusive<AddrVal>(
ev->Assign(2, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
break;
case 0x57:
ev->Assign(2, zeek::make_intrusive<AddrVal>(
ev->Assign(2, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
break;
default:
ev->Assign(3, zeek::make_intrusive<StringVal>(
ev->Assign(3, zeek::make_intrusive<zeek::StringVal>(
new BroString((const u_char*) d, len, false)));
break;
}
@ -114,121 +114,121 @@ ValPtr BuildEndUserAddr(const InformationElement* ie)
return ev;
}
ValPtr BuildAccessPointName(const InformationElement* ie)
zeek::ValPtr BuildAccessPointName(const InformationElement* ie)
{
BroString* bs = new BroString((const u_char*) ie->ap_name()->value().data(),
ie->ap_name()->value().length(), false);
return zeek::make_intrusive<StringVal>(bs);
return zeek::make_intrusive<zeek::StringVal>(bs);
}
ValPtr BuildProtoConfigOptions(const InformationElement* ie)
zeek::ValPtr BuildProtoConfigOptions(const InformationElement* ie)
{
const u_char* d = (const u_char*) ie->proto_config_opts()->value().data();
int len = ie->proto_config_opts()->value().length();
return zeek::make_intrusive<StringVal>(new BroString(d, len, false));
return zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false));
}
ValPtr BuildGSN_Addr(const InformationElement* ie)
zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_gsn_addr);
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_gsn_addr);
int len = ie->gsn_addr()->value().length();
const uint8* d = ie->gsn_addr()->value().data();
if ( len == 4 )
ev->Assign(0, zeek::make_intrusive<AddrVal>(
ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv4, (const uint32*) d, IPAddr::Network)));
else if ( len == 16 )
ev->Assign(0, zeek::make_intrusive<AddrVal>(
ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
IPAddr(IPv6, (const uint32*) d, IPAddr::Network)));
else
ev->Assign(1, zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false)));
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false)));
return ev;
}
ValPtr BuildMSISDN(const InformationElement* ie)
zeek::ValPtr BuildMSISDN(const InformationElement* ie)
{
const u_char* d = (const u_char*) ie->msisdn()->value().data();
int len = ie->msisdn()->value().length();
return zeek::make_intrusive<StringVal>(new BroString(d, len, false));
return zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false));
}
ValPtr BuildQoS_Profile(const InformationElement* ie)
zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_qos_profile);
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_qos_profile);
const u_char* d = (const u_char*) ie->qos_profile()->data().data();
int len = ie->qos_profile()->data().length();
ev->Assign(0, val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
ev->Assign(1, zeek::make_intrusive<StringVal>(new BroString(d, len, false)));
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString(d, len, false)));
return ev;
}
ValPtr BuildTrafficFlowTemplate(const InformationElement* ie)
zeek::ValPtr BuildTrafficFlowTemplate(const InformationElement* ie)
{
const uint8* d = ie->traffic_flow_template()->value().data();
int len = ie->traffic_flow_template()->value().length();
return zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false));
return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
}
ValPtr BuildTriggerID(const InformationElement* ie)
zeek::ValPtr BuildTriggerID(const InformationElement* ie)
{
const uint8* d = ie->trigger_id()->value().data();
int len = ie->trigger_id()->value().length();
return zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false));
return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
}
ValPtr BuildOMC_ID(const InformationElement* ie)
zeek::ValPtr BuildOMC_ID(const InformationElement* ie)
{
const uint8* d = ie->omc_id()->value().data();
int len = ie->omc_id()->value().length();
return zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false));
return zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false));
}
ValPtr BuildPrivateExt(const InformationElement* ie)
zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
{
auto ev = zeek::make_intrusive<RecordVal>(zeek::BifType::Record::gtp_private_extension);
auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_private_extension);
const uint8* d = ie->private_ext()->value().data();
int len = ie->private_ext()->value().length();
ev->Assign(0, val_mgr->Count(ie->private_ext()->id()));
ev->Assign(1, zeek::make_intrusive<StringVal>(new BroString((const u_char*) d, len, false)));
ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new BroString((const u_char*) d, len, false)));
return ev;
}
static ValPtr BuildCause(const InformationElement* ie)
static zeek::ValPtr BuildCause(const InformationElement* ie)
{
return val_mgr->Count(ie->cause()->value());
}
static ValPtr BuildReorderReq(const InformationElement* ie)
static zeek::ValPtr BuildReorderReq(const InformationElement* ie)
{
return val_mgr->Bool(ie->reorder_req()->req());
}
static ValPtr BuildChargingID(const InformationElement* ie)
static zeek::ValPtr BuildChargingID(const InformationElement* ie)
{
return val_mgr->Count(ie->charging_id()->value());;
}
ValPtr BuildChargingGatewayAddr(const InformationElement* ie)
zeek::ValPtr BuildChargingGatewayAddr(const InformationElement* ie)
{
const uint8* d = ie->charging_gateway_addr()->value().data();
int len = ie->charging_gateway_addr()->value().length();
if ( len == 4 )
return zeek::make_intrusive<AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network));
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv4, (const uint32*) d, IPAddr::Network));
else if ( len == 16 )
return zeek::make_intrusive<AddrVal>(IPAddr(IPv6, (const uint32*) d, IPAddr::Network));
return zeek::make_intrusive<zeek::AddrVal>(IPAddr(IPv6, (const uint32*) d, IPAddr::Network));
else
return nullptr;
}
static ValPtr BuildTeardownInd(const InformationElement* ie)
static zeek::ValPtr BuildTeardownInd(const InformationElement* ie)
{
return val_mgr->Bool(ie->teardown_ind()->ind());
}
@ -237,7 +237,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
{
if ( ! ::gtpv1_create_pdp_ctx_request ) return;
auto rv = zeek::make_intrusive<RecordVal>(
auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_create_pdp_ctx_request_elements);
const vector<InformationElement *> * v = pdu->create_pdp_ctx_request();
@ -337,7 +337,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_create_pdp_ctx_response )
return;
auto rv = zeek::make_intrusive<RecordVal>(
auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_create_pdp_ctx_response_elements);
const vector<InformationElement *> * v = pdu->create_pdp_ctx_response();
@ -406,7 +406,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_update_pdp_ctx_request )
return;
auto rv = zeek::make_intrusive<RecordVal>(
auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_update_pdp_ctx_request_elements);
const vector<InformationElement *> * v = pdu->update_pdp_ctx_request();
@ -484,7 +484,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_update_pdp_ctx_response )
return;
auto rv = zeek::make_intrusive<RecordVal>(
auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_update_pdp_ctx_response_elements);
const vector<InformationElement *> * v = pdu->update_pdp_ctx_response();
@ -544,7 +544,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_delete_pdp_ctx_request )
return;
auto rv = zeek::make_intrusive<RecordVal>(
auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_delete_pdp_ctx_request_elements);
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request();
@ -578,7 +578,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
if ( ! ::gtpv1_delete_pdp_ctx_response )
return;
auto rv = zeek::make_intrusive<RecordVal>(
auto rv = zeek::make_intrusive<zeek::RecordVal>(
zeek::BifType::Record::gtp_delete_pdp_ctx_response_elements);
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response();

46
src/analyzer/protocol/http/HTTP.cc
View file

@ -613,14 +613,14 @@ HTTP_Message::~HTTP_Message()
delete [] entity_data_buffer;
}
RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
zeek::RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
{
static auto http_message_stat = zeek::id::find_type<zeek::RecordType>("http_message_stat");
auto stat = zeek::make_intrusive<RecordVal>(http_message_stat);
auto stat = zeek::make_intrusive<zeek::RecordVal>(http_message_stat);
int field = 0;
stat->Assign(field++, zeek::make_intrusive<TimeVal>(start_time));
stat->Assign(field++, zeek::make_intrusive<zeek::TimeVal>(start_time));
stat->Assign(field++, val_mgr->Bool(interrupted));
stat->Assign(field++, zeek::make_intrusive<StringVal>(msg));
stat->Assign(field++, zeek::make_intrusive<zeek::StringVal>(msg));
stat->Assign(field++, val_mgr->Count(body_length));
stat->Assign(field++, val_mgr->Count(content_gap_length));
stat->Assign(field++, val_mgr->Count(header_length));
@ -1153,11 +1153,11 @@ void HTTP_Analyzer::GenStats()
if ( http_stats )
{
static auto http_stats_rec = zeek::id::find_type<zeek::RecordType>("http_stats_rec");
auto r = zeek::make_intrusive<RecordVal>(http_stats_rec);
auto r = zeek::make_intrusive<zeek::RecordVal>(http_stats_rec);
r->Assign(0, val_mgr->Count(num_requests));
r->Assign(1, val_mgr->Count(num_replies));
r->Assign(2, zeek::make_intrusive<DoubleVal>(request_version.ToDouble()));
r->Assign(3, zeek::make_intrusive<DoubleVal>(reply_version.ToDouble()));
r->Assign(2, zeek::make_intrusive<zeek::DoubleVal>(request_version.ToDouble()));
r->Assign(3, zeek::make_intrusive<zeek::DoubleVal>(reply_version.ToDouble()));
// DEBUG_MSG("%.6f http_stats\n", network_time);
EnqueueConnEvent(http_stats, ConnVal(), std::move(r));
@ -1242,7 +1242,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
return -1;
}
request_method = zeek::make_intrusive<StringVal>(end_of_method - line, line);
request_method = zeek::make_intrusive<zeek::StringVal>(end_of_method - line, line);
Conn()->Match(Rule::HTTP_REQUEST,
(const u_char*) unescaped_URI->AsString()->Bytes(),
@ -1312,8 +1312,8 @@ bool HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line)
// NormalizeURI(line, end_of_uri);
request_URI = zeek::make_intrusive<StringVal>(end_of_uri - line, line);
unescaped_URI = zeek::make_intrusive<StringVal>(
request_URI = zeek::make_intrusive<zeek::StringVal>(end_of_uri - line, line);
unescaped_URI = zeek::make_intrusive<zeek::StringVal>(
unescape_URI((const u_char*) line, (const u_char*) end_of_uri, this));
return true;
@ -1352,21 +1352,21 @@ void HTTP_Analyzer::SetVersion(HTTP_VersionNumber* version, HTTP_VersionNumber n
void HTTP_Analyzer::HTTP_Event(const char* category, const char* detail)
{
HTTP_Event(category, zeek::make_intrusive<StringVal>(detail));
HTTP_Event(category, zeek::make_intrusive<zeek::StringVal>(detail));
}
void HTTP_Analyzer::HTTP_Event(const char* category, StringValPtr detail)
void HTTP_Analyzer::HTTP_Event(const char* category, zeek::StringValPtr detail)
{
if ( http_event )
// DEBUG_MSG("%.6f http_event\n", network_time);
EnqueueConnEvent(http_event,
ConnVal(),
zeek::make_intrusive<StringVal>(category),
zeek::make_intrusive<zeek::StringVal>(category),
std::move(detail));
}
StringValPtr
HTTP_Analyzer::TruncateURI(const StringValPtr& uri)
zeek::StringValPtr
HTTP_Analyzer::TruncateURI(const zeek::StringValPtr& uri)
{
const BroString* str = uri->AsString();
@ -1375,7 +1375,7 @@ HTTP_Analyzer::TruncateURI(const StringValPtr& uri)
u_char* s = new u_char[truncate_http_URI + 4];
memcpy(s, str->Bytes(), truncate_http_URI);
memcpy(s + truncate_http_URI, "...", 4);
return zeek::make_intrusive<StringVal>(new BroString(true, s, truncate_http_URI+3));
return zeek::make_intrusive<zeek::StringVal>(new BroString(true, s, truncate_http_URI+3));
}
else
return uri;
@ -1398,7 +1398,7 @@ void HTTP_Analyzer::HTTP_Request()
request_method,
TruncateURI(request_URI),
TruncateURI(unescaped_URI),
zeek::make_intrusive<StringVal>(fmt("%.1f", request_version.ToDouble()))
zeek::make_intrusive<zeek::StringVal>(fmt("%.1f", request_version.ToDouble()))
);
}
@ -1407,11 +1407,11 @@ void HTTP_Analyzer::HTTP_Reply()
if ( http_reply )
EnqueueConnEvent(http_reply,
ConnVal(),
zeek::make_intrusive<StringVal>(fmt("%.1f", reply_version.ToDouble())),
zeek::make_intrusive<zeek::StringVal>(fmt("%.1f", reply_version.ToDouble())),
val_mgr->Count(reply_code),
reply_reason_phrase ?
reply_reason_phrase :
zeek::make_intrusive<StringVal>("<empty>")
zeek::make_intrusive<zeek::StringVal>("<empty>")
);
else
reply_reason_phrase = nullptr;
@ -1473,7 +1473,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg)
if ( http_connection_upgrade )
EnqueueConnEvent(http_connection_upgrade,
ConnVal(),
zeek::make_intrusive<StringVal>(upgrade_protocol)
zeek::make_intrusive<zeek::StringVal>(upgrade_protocol)
);
}
@ -1487,7 +1487,7 @@ void HTTP_Analyzer::ReplyMade(bool interrupted, const char* msg)
reply_state = EXPECT_REPLY_LINE;
}
void HTTP_Analyzer::RequestClash(Val* /* clash_val */)
void HTTP_Analyzer::RequestClash(zeek::Val* /* clash_val */)
{
Weird("multiple_HTTP_request_elements");
@ -1551,7 +1551,7 @@ int HTTP_Analyzer::HTTP_ReplyLine(const char* line, const char* end_of_line)
rest = skip_whitespace(rest, end_of_line);
reply_reason_phrase =
zeek::make_intrusive<StringVal>(end_of_line - rest, (const char *) rest);
zeek::make_intrusive<zeek::StringVal>(end_of_line - rest, (const char *) rest);
return 1;
}
@ -1655,7 +1655,7 @@ void HTTP_Analyzer::HTTP_EntityData(bool is_orig, BroString* entity_data)
ConnVal(),
val_mgr->Bool(is_orig),
val_mgr->Count(entity_data->Len()),
zeek::make_intrusive<StringVal>(entity_data)
zeek::make_intrusive<zeek::StringVal>(entity_data)
);
else
delete entity_data;

18
src/analyzer/protocol/http/HTTP.h
View file

@ -145,7 +145,7 @@ protected:
HTTP_Entity* current_entity;
RecordValPtr BuildMessageStat(bool interrupted, const char* msg);
zeek::RecordValPtr BuildMessageStat(bool interrupted, const char* msg);
};
class HTTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer {
@ -156,7 +156,7 @@ public:
void HTTP_EntityData(bool is_orig, BroString* entity_data);
void HTTP_MessageDone(bool is_orig, HTTP_Message* message);
void HTTP_Event(const char* category, const char* detail);
void HTTP_Event(const char* category, StringValPtr detail);
void HTTP_Event(const char* category, zeek::StringValPtr detail);
void SkipEntityData(bool is_orig);
@ -230,14 +230,14 @@ protected:
void RequestMade(bool interrupted, const char* msg);
void ReplyMade(bool interrupted, const char* msg);
void RequestClash(Val* clash_val);
void RequestClash(zeek::Val* clash_val);
const BroString* UnansweredRequestMethod();
int HTTP_ReplyCode(const char* code_str);
int ExpectReplyMessageBody();
StringValPtr TruncateURI(const StringValPtr& uri);
zeek::StringValPtr TruncateURI(const zeek::StringValPtr& uri);
int request_state, reply_state;
int num_requests, num_replies;
@ -257,19 +257,19 @@ protected:
// in a reply.
std::string upgrade_protocol;
StringValPtr request_method;
zeek::StringValPtr request_method;
// request_URI is in the original form (may contain '%<hex><hex>'
// sequences).
StringValPtr request_URI;
zeek::StringValPtr request_URI;
// unescaped_URI does not contain escaped sequences.
StringValPtr unescaped_URI;
zeek::StringValPtr unescaped_URI;
std::queue<StringValPtr> unanswered_requests;
std::queue<zeek::StringValPtr> unanswered_requests;
int reply_code;
StringValPtr reply_reason_phrase;
zeek::StringValPtr reply_reason_phrase;
tcp::ContentLine_Analyzer* content_line_orig;
tcp::ContentLine_Analyzer* content_line_resp;

2
src/analyzer/protocol/http/functions.bif
View file

@ -52,5 +52,5 @@ function unescape_URI%(URI: string%): string
const u_char* line = URI->Bytes();
const u_char* const line_end = line + URI->Len();
return zeek::make_intrusive<StringVal>(analyzer::http::unescape_URI(line, line_end, 0));
return zeek::make_intrusive<zeek::StringVal>(analyzer::http::unescape_URI(line, line_end, 0));
%}

69
src/analyzer/protocol/icmp/ICMP.cc
View file

@ -214,22 +214,21 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
EnqueueConnEvent(icmp_sent_payload,
ConnVal(),
BuildICMPVal(icmpp, len, icmpv6, ip_hdr),
zeek::make_intrusive<StringVal>(payload)
zeek::make_intrusive<zeek::StringVal>(payload)
);
}
}
RecordValPtr
ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len,
int icmpv6, const IP_Hdr* ip_hdr)
{
if ( ! icmp_conn_val )
{
static auto icmp_conn = zeek::id::find_type<zeek::RecordType>("icmp_conn");
icmp_conn_val = zeek::make_intrusive<RecordVal>(icmp_conn);
icmp_conn_val = zeek::make_intrusive<zeek::RecordVal>(icmp_conn);
icmp_conn_val->Assign(0, zeek::make_intrusive<AddrVal>(Conn()->OrigAddr()));
icmp_conn_val->Assign(1, zeek::make_intrusive<AddrVal>(Conn()->RespAddr()));
icmp_conn_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(Conn()->OrigAddr()));
icmp_conn_val->Assign(1, zeek::make_intrusive<zeek::AddrVal>(Conn()->RespAddr()));
icmp_conn_val->Assign(2, val_mgr->Count(icmpp->icmp_type));
icmp_conn_val->Assign(3, val_mgr->Count(icmpp->icmp_code));
icmp_conn_val->Assign(4, val_mgr->Count(len));
@ -305,7 +304,7 @@ TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t*
return proto;
}
RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
zeek::RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
{
const IP_Hdr ip_hdr_data((const struct ip*) data, false);
const IP_Hdr* ip_hdr = &ip_hdr_data;
@ -352,12 +351,12 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
}
static auto icmp_context = zeek::id::find_type<zeek::RecordType>("icmp_context");
auto iprec = zeek::make_intrusive<RecordVal>(icmp_context);
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id);
auto iprec = zeek::make_intrusive<zeek::RecordVal>(icmp_context);
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(src_addr));
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(dst_addr));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val));
@ -372,7 +371,7 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
return iprec;
}
RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
zeek::RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
{
int DF = 0, MF = 0, bad_hdr_len = 0;
TransportProto proto = TRANSPORT_UNKNOWN;
@ -412,12 +411,12 @@ RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
}
static auto icmp_context = zeek::id::find_type<zeek::RecordType>("icmp_context");
auto iprec = zeek::make_intrusive<RecordVal>(icmp_context);
auto id_val = zeek::make_intrusive<RecordVal>(zeek::id::conn_id);
auto iprec = zeek::make_intrusive<zeek::RecordVal>(icmp_context);
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
id_val->Assign(0, zeek::make_intrusive<AddrVal>(src_addr));
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>(src_addr));
id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(2, zeek::make_intrusive<AddrVal>(dst_addr));
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto));
iprec->Assign(0, std::move(id_val));
@ -457,7 +456,7 @@ void ICMP_Analyzer::Describe(ODesc* d) const
d->Add(Conn()->RespAddr());
}
void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val)
void ICMP_Analyzer::UpdateConnVal(zeek::RecordVal *conn_val)
{
const auto& orig_endp = conn_val->GetField("orig");
const auto& resp_endp = conn_val->GetField("resp");
@ -469,7 +468,7 @@ void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val)
Analyzer::UpdateConnVal(conn_val);
}
void ICMP_Analyzer::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig)
void ICMP_Analyzer::UpdateEndpointVal(const zeek::ValPtr& endp_arg, bool is_orig)
{
Conn()->EnableStatusUpdateTimer();
@ -523,7 +522,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr),
val_mgr->Count(iid),
val_mgr->Count(iseq),
zeek::make_intrusive<StringVal>(payload)
zeek::make_intrusive<zeek::StringVal>(payload)
);
}
@ -556,9 +555,9 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
val_mgr->Count((icmpp->icmp_wpa & 0x18)>>3), // Pref
val_mgr->Bool(icmpp->icmp_wpa & 0x04), // Proxy
val_mgr->Count(icmpp->icmp_wpa & 0x02), // Reserved
zeek::make_intrusive<IntervalVal>((double)ntohs(icmpp->icmp_lifetime), Seconds),
zeek::make_intrusive<IntervalVal>((double)ntohl(reachable), Milliseconds),
zeek::make_intrusive<IntervalVal>((double)ntohl(retrans), Milliseconds),
zeek::make_intrusive<zeek::IntervalVal>((double)ntohs(icmpp->icmp_lifetime), Seconds),
zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(reachable), Milliseconds),
zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(retrans), Milliseconds),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
);
}
@ -585,7 +584,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router
val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited
val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override
zeek::make_intrusive<AddrVal>(tgtaddr),
zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
);
}
@ -609,7 +608,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr),
zeek::make_intrusive<AddrVal>(tgtaddr),
zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
);
}
@ -636,8 +635,8 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
EnqueueConnEvent(f,
ConnVal(),
BuildICMPVal(icmpp, len, 1, ip_hdr),
zeek::make_intrusive<AddrVal>(tgtaddr),
zeek::make_intrusive<AddrVal>(dstaddr),
zeek::make_intrusive<zeek::AddrVal>(tgtaddr),
zeek::make_intrusive<zeek::AddrVal>(dstaddr),
BuildNDOptionsVal(caplen - opt_offset, data + opt_offset)
);
}
@ -722,12 +721,12 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
);
}
VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
zeek::VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
{
static auto icmp6_nd_option_type = zeek::id::find_type<zeek::RecordType>("icmp6_nd_option");
static auto icmp6_nd_prefix_info_type = zeek::id::find_type<zeek::RecordType>("icmp6_nd_prefix_info");
auto vv = zeek::make_intrusive<VectorVal>(
auto vv = zeek::make_intrusive<zeek::VectorVal>(
zeek::id::find_type<zeek::VectorType>("icmp6_nd_options"));
while ( caplen > 0 )
@ -748,7 +747,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
break;
}
auto rv = zeek::make_intrusive<RecordVal>(icmp6_nd_option_type);
auto rv = zeek::make_intrusive<zeek::RecordVal>(icmp6_nd_option_type);
rv->Assign(0, val_mgr->Count(type));
rv->Assign(1, val_mgr->Count(length));
@ -769,7 +768,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
if ( caplen >= length )
{
BroString* link_addr = new BroString(data, length, false);
rv->Assign(2, zeek::make_intrusive<StringVal>(link_addr));
rv->Assign(2, zeek::make_intrusive<zeek::StringVal>(link_addr));
}
else
set_payload_field = true;
@ -782,7 +781,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
{
if ( caplen >= 30 )
{
auto info = zeek::make_intrusive<RecordVal>(icmp6_nd_prefix_info_type);
auto info = zeek::make_intrusive<zeek::RecordVal>(icmp6_nd_prefix_info_type);
uint8_t prefix_len = *((const uint8_t*)(data));
bool L_flag = (*((const uint8_t*)(data + 1)) & 0x80) != 0;
bool A_flag = (*((const uint8_t*)(data + 1)) & 0x40) != 0;
@ -792,9 +791,9 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
info->Assign(0, val_mgr->Count(prefix_len));
info->Assign(1, val_mgr->Bool(L_flag));
info->Assign(2, val_mgr->Bool(A_flag));
info->Assign(3, zeek::make_intrusive<IntervalVal>((double)ntohl(valid_life), Seconds));
info->Assign(4, zeek::make_intrusive<IntervalVal>((double)ntohl(prefer_life), Seconds));
info->Assign(5, zeek::make_intrusive<AddrVal>(IPAddr(prefix)));
info->Assign(3, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(valid_life), Seconds));
info->Assign(4, zeek::make_intrusive<zeek::IntervalVal>((double)ntohl(prefer_life), Seconds));
info->Assign(5, zeek::make_intrusive<zeek::AddrVal>(IPAddr(prefix)));
rv->Assign(3, std::move(info));
}
@ -839,7 +838,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
if ( set_payload_field )
{
BroString* payload = new BroString(data, std::min((int)length, caplen), false);
rv->Assign(6, zeek::make_intrusive<StringVal>(payload));
rv->Assign(6, zeek::make_intrusive<zeek::StringVal>(payload));
}
data += length;

Some files were not shown because too many files have changed in this diff Show more