Remove deprecated protocol_confirmation/violation events and methods

doc

@@ -1 +1 @@
-Subproject commit f6efe0c5770bcdb36f25e915b64eaaa8ae176597
+Subproject commit 189dddc9e80cf3649672e491a5d89e200d3248f6

src/analyzer/Analyzer.cc

@@ -678,50 +678,6 @@ void Analyzer::FlipRoles()
 	resp_supporters = tmp;
 	}
 
-void Analyzer::ProtocolConfirmation(zeek::Tag arg_tag)
-	{
-	if ( protocol_confirmed )
-		return;
-
-	protocol_confirmed = true;
-
-	const auto& tval = arg_tag ? arg_tag.AsVal() : tag.AsVal();
-	// Enqueue both of these events. In the base scripts, only the analyzer version is handled.
-	// The protocol remains just for handling scripts that haven't been updated. Once that event
-	// is removed, this method is also removed.
-	if ( analyzer_confirmation )
-		event_mgr.Enqueue(analyzer_confirmation, ConnVal(), tval, val_mgr->Count(id));
-	if ( protocol_confirmation )
-		event_mgr.Enqueue(protocol_confirmation, ConnVal(), tval, val_mgr->Count(id));
-	}
-
-void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
-	{
-	if ( ! protocol_violation && ! analyzer_violation )
-		return;
-
-	StringValPtr r;
-
-	if ( data && len )
-		{
-		const char* tmp = util::copy_string(reason);
-		r = make_intrusive<StringVal>(util::fmt(
-			"%s [%s%s]", tmp, util::fmt_bytes(data, min(40, len)), len > 40 ? "..." : ""));
-		delete[] tmp;
-		}
-	else
-		r = make_intrusive<StringVal>(reason);
-
-	const auto& tval = tag.AsVal();
-	// Enqueue both of these events. In the base scripts, only the analyzer version is handled.
-	// The protocol remains just for handling scripts that haven't been updated. Once that event
-	// is removed, this method is also removed.
-	if ( analyzer_confirmation )
-		event_mgr.Enqueue(analyzer_violation, ConnVal(), tval, val_mgr->Count(id), std::move(r));
-	if ( protocol_confirmation )
-		event_mgr.Enqueue(protocol_violation, ConnVal(), tval, val_mgr->Count(id), std::move(r));
-	}
-
 void Analyzer::AnalyzerConfirmation(zeek::Tag arg_tag)
 	{
 	if ( analyzer_confirmed )

src/analyzer/Analyzer.h

@@ -522,47 +522,6 @@ public:
 	 */
 	void RemoveSupportAnalyzer(SupportAnalyzer* analyzer);
 
-	/**
-	 * Signals Zeek's protocol detection that the analyzer has recognized
-	 * the input to indeed conform to the expected protocol. This should
-	 * be called as early as possible during a connection's life-time. It
-	 * may turn into \c protocol_confirmed event at the script-layer (but
-	 * only once per analyzer for each connection, even if the method is
-	 * called multiple times).
-	 *
-	 * If tag is given, it overrides the analyzer tag passed to the
-	 * scripting layer; the default is the one of the analyzer itself.
-	 */
-	[[deprecated("Remove in v5.1. Use AnalyzerConfirmation.")]] virtual void
-	ProtocolConfirmation(zeek::Tag tag = zeek::Tag());
-
-	/**
-	 * Signals Zeek's protocol detection that the analyzer has found a
-	 * severe protocol violation that could indicate that it's not
-	 * parsing the expected protocol. This turns into \c
-	 * protocol_violation events at the script-layer (one such event is
-	 * raised for each call to this method so that the script-layer can
-	 * built up a notion of how prevalent protocol violations are; the
-	 * more, the less likely it's the right protocol).
-	 *
-	 * @param reason A textual description of the error encountered.
-	 *
-	 * @param data An optional pointer to the malformed data.
-	 *
-	 * @param len If \a data is given, the length of it.
-	 */
-	[[deprecated("Remove in v5.1. Use AnalyzerViolation.")]] virtual void
-	ProtocolViolation(const char* reason, const char* data = nullptr, int len = 0);
-
-	/**
-	 * Returns true if ProtocolConfirmation() has been called at least
-	 * once.
-	 */
-	[[deprecated("Remove in v5.1. Use AnalyzerConfirmed.")]] bool ProtocolConfirmed() const
-		{
-		return protocol_confirmed;
-		}
-
 	/**
 	 * Signals Zeek's protocol detection that the analyzer has recognized
 	 * the input to indeed conform to the expected protocol. This should

src/event.bif

@@ -372,15 +372,12 @@ event content_gap%(c: connection, is_orig: bool, seq: count, length: count%);
 ##        be used to reference the analyzer when using builtin functions like
 ##        :zeek:id:`disable_analyzer`.
 ##
-## .. zeek:see:: protocol_violation
-##
 ## .. note::
 ##
 ##    Zeek's default scripts use this event to determine the ``service`` column
 ##    of :zeek:type:`Conn::Info`: once confirmed, the protocol will be listed
 ##    there (and thus in ``conn.log``).
 event analyzer_confirmation%(c: connection, atype: Analyzer::Tag, aid: count%);
-event protocol_confirmation%(c: connection, atype: AllAnalyzers::Tag, aid: count%) &deprecated="Remove in v5.1. Use analyzer_confirmation.";
 
 ## Generated if a DPD signature matched but the DPD buffer is already exhausted
 ## and thus the analyzer could not be attached. While this does not confirm
@@ -417,8 +414,6 @@ event protocol_late_match%(c: connection, atype: Analyzer::Tag%);
 ##
 ## reason: TODO.
 ##
-## .. zeek:see:: protocol_confirmation
-##
 ## .. note::
 ##
 ##    Zeek's default scripts use this event to disable an analyzer via
@@ -426,7 +421,6 @@ event protocol_late_match%(c: connection, atype: Analyzer::Tag%);
 ##    however a script-level decision and not done automatically by the event
 ##    engine.
 event analyzer_violation%(c: connection, atype: Analyzer::Tag, aid: count, reason: string%);
-event protocol_violation%(c: connection, atype: AllAnalyzers::Tag, aid: count, reason: string%) &deprecated="Remove in v.5.1. Use analyzer_violation.";
 
 ## Generated when a TCP connection terminated, passing on statistics about the
 ## two endpoints. This event is always generated when Zeek flushes the internal

testing/btest/plugins/binpac-flowbuffer-frame-length-plugin/src/FOO.cc

@@ -53,7 +53,7 @@ void FOO_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 	catch ( const binpac::Exception& e )
 		{
 		printf("Exception: %s\n", e.c_msg());
-		ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg()));
+		AnalyzerViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg()));
 		}
 	}
 

testing/btest/plugins/binpac-flowbuffer-frame-length-plugin/src/foo.pac

@@ -41,7 +41,7 @@ refine flow FOO_Flow += {
     function proc_foo_message(msg: FOO_PDU): bool
         %{
         // printf("FOO %d %d\n", msg->hdr()->len(), msg->hdr_len());
-        connection()->bro_analyzer()->ProtocolConfirmation();
+        connection()->bro_analyzer()->AnalyzerConfirmation();
         zeek::BifEvent::Foo::enqueue_foo_message(
                         connection()->bro_analyzer(),
                         connection()->bro_analyzer()->Conn(),

testing/btest/plugins/protocol-plugin/src/Foo.cc

@@ -3,7 +3,7 @@
 #include "foo_pac.h"
 #include "events.bif.h"
 
-#include <zeek/analyzer/protocol/tcp/TCP_Reassembler.h>
+#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 
 using namespace btest::plugin::Demo_Foo;
 
@@ -45,7 +45,7 @@ void Foo::DeliverStream(int len, const u_char* data, bool orig)
 		}
 	catch ( const binpac::Exception& e )
 		{
-		ProtocolViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg()));
+		AnalyzerViolation(zeek::util::fmt("Binpac exception: %s", e.c_msg()));
 		}
 	}