diff --git a/src/Conn.h b/src/Conn.h index 8534e3dd73..f6ec77e59a 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -234,4 +234,9 @@ private: static uint64_t current_connections; }; +// The following is used by script optimization. +namespace detail { +extern RecordValPtr build_dummy_conn_record(); +} + } // namespace zeek diff --git a/src/analyzer/protocol/conn-size/ConnSize.h b/src/analyzer/protocol/conn-size/ConnSize.h index c5e16a54ea..3e2c62be25 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.h +++ b/src/analyzer/protocol/conn-size/ConnSize.h @@ -47,4 +47,7 @@ protected: double duration_thresh; }; +// Exposed to make it available to script optimization. +extern zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid); + } // namespace zeek::analyzer::conn_size diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index 6278f07434..8473c07177 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -3,13 +3,13 @@ #include "zeek/Reporter.h" #include "zeek/session/Manager.h" -static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid) +zeek::analyzer::Analyzer* zeek::analyzer::conn_size::GetConnsizeAnalyzer(zeek::Val* cid) { - zeek::Connection* c = zeek::session_mgr->FindConnection(cid); + auto c = zeek::session_mgr->FindConnection(cid); if ( ! c ) return nullptr; - zeek::analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE"); + auto a = c->FindAnalyzer("CONNSIZE"); if ( ! a ) zeek::reporter->Error("connection does not have ConnSize analyzer"); @@ -33,13 +33,13 @@ static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid) ## set_current_conn_duration_threshold get_current_conn_duration_threshold function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ - zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid); if ( ! a ) - return zeek::val_mgr->False(); + return val_mgr->False(); - static_cast(a)->SetByteAndPacketThreshold(threshold, true, is_orig); + static_cast(a)->SetByteAndPacketThreshold(threshold, true, is_orig); - return zeek::val_mgr->True(); + return val_mgr->True(); %} ## Sets a threshold for connection packets, overwriting any potential old thresholds. @@ -57,13 +57,13 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or ## set_current_conn_duration_threshold get_current_conn_duration_threshold function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ - zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid); if ( ! a ) - return zeek::val_mgr->False(); + return val_mgr->False(); - static_cast(a)->SetByteAndPacketThreshold(threshold, false, is_orig); + static_cast(a)->SetByteAndPacketThreshold(threshold, false, is_orig); - return zeek::val_mgr->True(); + return val_mgr->True(); %} ## Sets the current duration threshold for connection, overwriting any potential old @@ -79,13 +79,13 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_ ## get_current_conn_duration_threshold function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%): bool %{ - zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid); if ( ! a ) - return zeek::val_mgr->False(); + return val_mgr->False(); - static_cast(a)->SetDurationThreshold(threshold); + static_cast(a)->SetDurationThreshold(threshold); - return zeek::val_mgr->True(); + return val_mgr->True(); %} # Gets the current byte threshold size for a connection. @@ -101,11 +101,11 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval% ## get_current_conn_duration_threshold function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count %{ - zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid); if ( ! a ) - return zeek::val_mgr->Count(0); + return val_mgr->Count(0); - return zeek::val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(true, is_orig)); + return val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(true, is_orig)); %} ## Gets the current packet threshold size for a connection. @@ -120,11 +120,11 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count ## get_current_conn_bytes_threshold set_current_conn_duration_threshold get_current_conn_duration_threshold function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count %{ - zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid); if ( ! a ) - return zeek::val_mgr->Count(0); + return val_mgr->Count(0); - return zeek::val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(false, is_orig)); + return val_mgr->Count(static_cast(a)->GetByteAndPacketThreshold(false, is_orig)); %} ## Gets the current duration threshold size for a connection. @@ -137,9 +137,9 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun ## get_current_conn_packets_threshold set_current_conn_duration_threshold function get_current_conn_duration_threshold%(cid: conn_id%): interval %{ - zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid); + auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid); if ( ! a ) - return zeek::make_intrusive(0.0); + return make_intrusive(0.0); - return zeek::make_intrusive(static_cast(a)->GetDurationThreshold()); + return make_intrusive(static_cast(a)->GetDurationThreshold()); %} diff --git a/src/zeek.bif b/src/zeek.bif index 8afcb2e718..4134e72847 100644 --- a/src/zeek.bif +++ b/src/zeek.bif @@ -304,6 +304,38 @@ static bool next_fmt(const char*& fmt, const zeek::Args* args, zeek::ODesc* d, i return *fmt != '\0'; } + +zeek::RecordValPtr zeek::detail::build_dummy_conn_record() + { + // Return a dummy connection record. + auto c = zeek::make_intrusive(zeek::id::connection); + + auto id_val = zeek::make_intrusive(zeek::id::conn_id); + id_val->Assign(0, zeek::make_intrusive((unsigned int) 0)); + id_val->Assign(1, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP)); + id_val->Assign(2, zeek::make_intrusive((unsigned int) 0)); + id_val->Assign(3, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP)); + c->Assign(0, std::move(id_val)); + + auto orig_endp = zeek::make_intrusive(zeek::id::endpoint); + orig_endp->Assign(0, 0); + orig_endp->Assign(1, 0); + + auto resp_endp = zeek::make_intrusive(zeek::id::endpoint); + resp_endp->Assign(0, 0); + resp_endp->Assign(1, 0); + + c->Assign(1, std::move(orig_endp)); + c->Assign(2, std::move(resp_endp)); + + c->AssignTime(3, zeek::run_state::network_time); + c->AssignInterval(4, 0.0); + c->Assign(5, zeek::make_intrusive(zeek::id::string_set)); // service + c->Assign(6, zeek::val_mgr->EmptyString()); // history + + return c; + } + %%} # =========================================================================== @@ -3652,34 +3684,7 @@ function lookup_connection%(cid: conn_id%): connection return conn->GetVal(); zeek::emit_builtin_error("connection ID not a known connection", cid); - - // Return a dummy connection record. - auto c = zeek::make_intrusive(zeek::id::connection); - - auto id_val = zeek::make_intrusive(zeek::id::conn_id); - id_val->Assign(0, zeek::make_intrusive((unsigned int) 0)); - id_val->Assign(1, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP)); - id_val->Assign(2, zeek::make_intrusive((unsigned int) 0)); - id_val->Assign(3, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP)); - c->Assign(0, std::move(id_val)); - - auto orig_endp = zeek::make_intrusive(zeek::id::endpoint); - orig_endp->Assign(0, 0); - orig_endp->Assign(1, 0); - - auto resp_endp = zeek::make_intrusive(zeek::id::endpoint); - resp_endp->Assign(0, 0); - resp_endp->Assign(1, 0); - - c->Assign(1, std::move(orig_endp)); - c->Assign(2, std::move(resp_endp)); - - c->AssignTime(3, zeek::run_state::network_time); - c->AssignInterval(4, 0.0); - c->Assign(5, zeek::make_intrusive(zeek::id::string_set)); // service - c->Assign(6, zeek::val_mgr->EmptyString()); // history - - return std::move(c); + return zeek::detail::build_dummy_conn_record(); %} %%{