mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
factor some functionality used by BiFs to make accessible to ZAM instructions
This commit is contained in:
Vern Paxson
Tim Wojtulewicz
parent
7c8c83efc4
commit
68aa8221e1
4 changed files with 65 additions and 52 deletions
|
|
@ -234,4 +234,9 @@ private:
|
|||
static uint64_t current_connections;
|
||||
};
|
||||
|
||||
// The following is used by script optimization.
|
||||
namespace detail {
|
||||
extern RecordValPtr build_dummy_conn_record();
|
||||
}
|
||||
|
||||
} // namespace zeek
|
||||
|
|
|
|||
|
|
@ -47,4 +47,7 @@ protected:
|
|||
double duration_thresh;
|
||||
};
|
||||
|
||||
// Exposed to make it available to script optimization.
|
||||
extern zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid);
|
||||
|
||||
} // namespace zeek::analyzer::conn_size
|
||||
|
|
|
|||
|
|
@ -3,13 +3,13 @@
|
|||
#include "zeek/Reporter.h"
|
||||
#include "zeek/session/Manager.h"
|
||||
|
||||
static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
|
||||
zeek::analyzer::Analyzer* zeek::analyzer::conn_size::GetConnsizeAnalyzer(zeek::Val* cid)
|
||||
{
|
||||
zeek::Connection* c = zeek::session_mgr->FindConnection(cid);
|
||||
auto c = zeek::session_mgr->FindConnection(cid);
|
||||
if ( ! c )
|
||||
return nullptr;
|
||||
|
||||
zeek::analyzer::Analyzer* a = c->FindAnalyzer("CONNSIZE");
|
||||
auto a = c->FindAnalyzer("CONNSIZE");
|
||||
if ( ! a )
|
||||
zeek::reporter->Error("connection does not have ConnSize analyzer");
|
||||
|
||||
|
|
@ -33,13 +33,13 @@ static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid)
|
|||
## set_current_conn_duration_threshold get_current_conn_duration_threshold
|
||||
function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool
|
||||
%{
|
||||
zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return zeek::val_mgr->False();
|
||||
return val_mgr->False();
|
||||
|
||||
static_cast<zeek::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig);
|
||||
static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, true, is_orig);
|
||||
|
||||
return zeek::val_mgr->True();
|
||||
return val_mgr->True();
|
||||
%}
|
||||
|
||||
## Sets a threshold for connection packets, overwriting any potential old thresholds.
|
||||
|
|
@ -57,13 +57,13 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or
|
|||
## set_current_conn_duration_threshold get_current_conn_duration_threshold
|
||||
function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool
|
||||
%{
|
||||
zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return zeek::val_mgr->False();
|
||||
return val_mgr->False();
|
||||
|
||||
static_cast<zeek::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig);
|
||||
static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetByteAndPacketThreshold(threshold, false, is_orig);
|
||||
|
||||
return zeek::val_mgr->True();
|
||||
return val_mgr->True();
|
||||
%}
|
||||
|
||||
## Sets the current duration threshold for connection, overwriting any potential old
|
||||
|
|
@ -79,13 +79,13 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_
|
|||
## get_current_conn_duration_threshold
|
||||
function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%): bool
|
||||
%{
|
||||
zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return zeek::val_mgr->False();
|
||||
return val_mgr->False();
|
||||
|
||||
static_cast<zeek::analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold);
|
||||
static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->SetDurationThreshold(threshold);
|
||||
|
||||
return zeek::val_mgr->True();
|
||||
return val_mgr->True();
|
||||
%}
|
||||
|
||||
# Gets the current byte threshold size for a connection.
|
||||
|
|
@ -101,11 +101,11 @@ function set_current_conn_duration_threshold%(cid: conn_id, threshold: interval%
|
|||
## get_current_conn_duration_threshold
|
||||
function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
|
||||
%{
|
||||
zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return zeek::val_mgr->Count(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
return zeek::val_mgr->Count(static_cast<zeek::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
|
||||
return val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(true, is_orig));
|
||||
%}
|
||||
|
||||
## Gets the current packet threshold size for a connection.
|
||||
|
|
@ -120,11 +120,11 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count
|
|||
## get_current_conn_bytes_threshold set_current_conn_duration_threshold get_current_conn_duration_threshold
|
||||
function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count
|
||||
%{
|
||||
zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return zeek::val_mgr->Count(0);
|
||||
return val_mgr->Count(0);
|
||||
|
||||
return zeek::val_mgr->Count(static_cast<zeek::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
|
||||
return val_mgr->Count(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetByteAndPacketThreshold(false, is_orig));
|
||||
%}
|
||||
|
||||
## Gets the current duration threshold size for a connection.
|
||||
|
|
@ -137,9 +137,9 @@ function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): coun
|
|||
## get_current_conn_packets_threshold set_current_conn_duration_threshold
|
||||
function get_current_conn_duration_threshold%(cid: conn_id%): interval
|
||||
%{
|
||||
zeek::analyzer::Analyzer* a = GetConnsizeAnalyzer(cid);
|
||||
auto a = analyzer::conn_size::GetConnsizeAnalyzer(cid);
|
||||
if ( ! a )
|
||||
return zeek::make_intrusive<zeek::IntervalVal>(0.0);
|
||||
return make_intrusive<IntervalVal>(0.0);
|
||||
|
||||
return zeek::make_intrusive<zeek::IntervalVal>(static_cast<zeek::analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
|
||||
return make_intrusive<IntervalVal>(static_cast<analyzer::conn_size::ConnSize_Analyzer*>(a)->GetDurationThreshold());
|
||||
%}
|
||||
|
|
|
|||
61
src/zeek.bif
61
src/zeek.bif
|
|
@ -304,6 +304,38 @@ static bool next_fmt(const char*& fmt, const zeek::Args* args, zeek::ODesc* d, i
|
|||
|
||||
return *fmt != '\0';
|
||||
}
|
||||
|
||||
zeek::RecordValPtr zeek::detail::build_dummy_conn_record()
|
||||
{
|
||||
// Return a dummy connection record.
|
||||
auto c = zeek::make_intrusive<zeek::RecordVal>(zeek::id::connection);
|
||||
|
||||
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
|
||||
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>((unsigned int) 0));
|
||||
id_val->Assign(1, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP));
|
||||
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>((unsigned int) 0));
|
||||
id_val->Assign(3, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP));
|
||||
c->Assign(0, std::move(id_val));
|
||||
|
||||
auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
|
||||
orig_endp->Assign(0, 0);
|
||||
orig_endp->Assign(1, 0);
|
||||
|
||||
auto resp_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
|
||||
resp_endp->Assign(0, 0);
|
||||
resp_endp->Assign(1, 0);
|
||||
|
||||
c->Assign(1, std::move(orig_endp));
|
||||
c->Assign(2, std::move(resp_endp));
|
||||
|
||||
c->AssignTime(3, zeek::run_state::network_time);
|
||||
c->AssignInterval(4, 0.0);
|
||||
c->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set)); // service
|
||||
c->Assign(6, zeek::val_mgr->EmptyString()); // history
|
||||
|
||||
return c;
|
||||
}
|
||||
|
||||
%%}
|
||||
|
||||
# ===========================================================================
|
||||
|
|
@ -3652,34 +3684,7 @@ function lookup_connection%(cid: conn_id%): connection
|
|||
return conn->GetVal();
|
||||
|
||||
zeek::emit_builtin_error("connection ID not a known connection", cid);
|
||||
|
||||
// Return a dummy connection record.
|
||||
auto c = zeek::make_intrusive<zeek::RecordVal>(zeek::id::connection);
|
||||
|
||||
auto id_val = zeek::make_intrusive<zeek::RecordVal>(zeek::id::conn_id);
|
||||
id_val->Assign(0, zeek::make_intrusive<zeek::AddrVal>((unsigned int) 0));
|
||||
id_val->Assign(1, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP));
|
||||
id_val->Assign(2, zeek::make_intrusive<zeek::AddrVal>((unsigned int) 0));
|
||||
id_val->Assign(3, zeek::val_mgr->Port(ntohs(0), TRANSPORT_UDP));
|
||||
c->Assign(0, std::move(id_val));
|
||||
|
||||
auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
|
||||
orig_endp->Assign(0, 0);
|
||||
orig_endp->Assign(1, 0);
|
||||
|
||||
auto resp_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
|
||||
resp_endp->Assign(0, 0);
|
||||
resp_endp->Assign(1, 0);
|
||||
|
||||
c->Assign(1, std::move(orig_endp));
|
||||
c->Assign(2, std::move(resp_endp));
|
||||
|
||||
c->AssignTime(3, zeek::run_state::network_time);
|
||||
c->AssignInterval(4, 0.0);
|
||||
c->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set)); // service
|
||||
c->Assign(6, zeek::val_mgr->EmptyString()); // history
|
||||
|
||||
return std::move(c);
|
||||
return zeek::detail::build_dummy_conn_record();
|
||||
%}
|
||||
|
||||
%%{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue