diff --git a/CHANGES b/CHANGES index 51147f5306..9286a5409e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,14 +1,23 @@ + +2.0-57 | 2012-02-10 00:02:35 -0800 + + * Fix typos in the documentation. (Daniel Thayer) + + * Fix compiler warning about Brofiler ctor init list order. (Jon Siwek) + + * Fix missing optional field access in webapp signature_match handler. (Jon Siwek) + 2.0-41 | 2012-02-03 04:10:53 -0500 - * Updates to the Software framework to simplify the API. - (Bernhard Amann) + * Updates to the Software framework to simplify the API. (Bernhard + Amann) 2.0-40 | 2012-02-03 01:55:27 -0800 - * Fix typos in documentation. (Daniel Thayer) - - * Fix sorting of lines in Brofiler coverage.log. (Daniel Thayer) - + * Fix typos in documentation. (Daniel Thayer) + + * Fix sorting of lines in Brofiler coverage.log. (Daniel Thayer) + 2.0-38 | 2012-01-31 11:50:53 -0800 * Canonify sorting of lines in Brofiler coverage.log. (Daniel diff --git a/VERSION b/VERSION index 9d6521772a..8dd930b077 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-41 +2.0-57 diff --git a/doc/scripts/builtins.rst b/doc/scripts/builtins.rst index 37edb79904..5da551ed1f 100644 --- a/doc/scripts/builtins.rst +++ b/doc/scripts/builtins.rst @@ -22,7 +22,7 @@ The Bro scripting language supports the following built-in types. is a string of digits preceded by a ``+`` or ``-`` sign, e.g. ``-42`` or ``+5``. When using type inferencing use care so that the intended type is inferred, e.g. ``local size_difference = 0`` will - infer the :bro:type:`count` while ``local size_difference = +0`` + infer :bro:type:`count`, while ``local size_difference = +0`` will infer :bro:type:`int`. .. bro:type:: count @@ -32,7 +32,7 @@ The Bro scripting language supports the following built-in types. .. bro:type:: counter - An alias to :bro:type:`count` + An alias to :bro:type:`count`. .. TODO: is there anything special about this type? @@ -70,7 +70,7 @@ The Bro scripting language supports the following built-in types. A type used to hold character-string values which represent text. String constants are created by enclosing text in double quotes (") - and the backslash character (\) introduces escape sequences. + and the backslash character (\\) introduces escape sequences. Note that Bro represents strings internally as a count and vector of bytes rather than a NUL-terminated byte string (although string @@ -135,7 +135,7 @@ The Bro scripting language supports the following built-in types. type color: enum { Red, White, Blue, }; - The last comma is after ``Blue`` is optional. + The last comma after ``Blue`` is optional. .. bro:type:: timer @@ -150,8 +150,8 @@ The Bro scripting language supports the following built-in types. followed by one of ``/tcp``, ``/udp``, ``/icmp``, or ``/unknown``. Ports can be compared for equality and also for ordering. When - comparing order across transport-level protocols, ``/unknown`` < - ``/tcp`` < ``/udp`` < ``icmp``, for example ``65535/tcp`` is smaller + comparing order across transport-level protocols, ``unknown`` < + ``tcp`` < ``udp`` < ``icmp``, for example ``65535/tcp`` is smaller than ``0/udp``. .. bro:type:: addr @@ -228,7 +228,7 @@ The Bro scripting language supports the following built-in types. global a: table[count] of table[addr, port] of string; - which declared a table indexed by :bro:type:`count` and yielding + which declares a table indexed by :bro:type:`count` and yielding another :bro:type:`table` which is indexed by an :bro:type:`addr` and :bro:type:`port` to yield a :bro:type:`string`. @@ -390,7 +390,7 @@ The Bro scripting language supports the following built-in types. :bro:attr:`&optional` or have a :bro:attr:`&default` attribute must be specified. - To test for existence of field that is :bro:attr:`&optional`, use the + To test for existence of a field that is :bro:attr:`&optional`, use the ``?$`` operator: .. code:: bro @@ -410,7 +410,7 @@ The Bro scripting language supports the following built-in types. print f, "hello, world"; close(f); - Writing to files like this for logging usually isn't recommend, for better + Writing to files like this for logging usually isn't recommended, for better logging support see :doc:`/logging`. .. bro:type:: func @@ -510,22 +510,22 @@ scripting language supports the following built-in attributes. .. bro:attr:: &optional - Allows record field to be missing. For example the type ``record { + Allows a record field to be missing. For example the type ``record { a: int, b: port &optional }`` could be instantiated both as singleton ``[$a=127.0.0.1]`` or pair ``[$a=127.0.0.1, $b=80/tcp]``. .. bro:attr:: &default Uses a default value for a record field or container elements. For - example, ``table[int] of string &default="foo" }`` would create - table that returns The :bro:type:`string` ``"foo"`` for any + example, ``table[int] of string &default="foo" }`` would create a + table that returns the :bro:type:`string` ``"foo"`` for any non-existing index. .. bro:attr:: &redef Allows for redefinition of initial object values. This is typically used with constants, for example, ``const clever = T &redef;`` would - allow the constant to be redifined at some later point during script + allow the constant to be redefined at some later point during script execution. .. bro:attr:: &rotate_interval @@ -534,7 +534,7 @@ scripting language supports the following built-in attributes. .. bro:attr:: &rotate_size - Rotates af file after it has reached a given size in bytes. + Rotates a file after it has reached a given size in bytes. .. bro:attr:: &add_func diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro index 94a01e04a2..afcb5bd700 100644 --- a/scripts/base/frameworks/packet-filter/main.bro +++ b/scripts/base/frameworks/packet-filter/main.bro @@ -16,7 +16,7 @@ export { redef enum Notice::Type += { ## This notice is generated if a packet filter is unable to be compiled. Compile_Failure, - + ## This notice is generated if a packet filter is fails to install. Install_Failure, }; @@ -26,18 +26,18 @@ export { type Info: record { ## The time at which the packet filter installation attempt was made. ts: time &log; - + ## This is a string representation of the node that applied this ## packet filter. It's mostly useful in the context of dynamically ## changing filters on clusters. node: string &log &optional; - + ## The packet filter that is being set. filter: string &log; - + ## Indicate if this is the filter set during initialization. init: bool &log &default=F; - + ## Indicate if the filter was applied successfully. success: bool &log &default=T; }; @@ -48,16 +48,16 @@ export { ## The latter used to be default for Bro versions < 2.0. That has now ## changed however to enable port-independent protocol analysis. const all_packets = T &redef; - - ## Filter string which is unconditionally or'ed to the beginning of every + + ## Filter string which is unconditionally or'ed to the beginning of every ## dynamically built filter. const unrestricted_filter = "" &redef; - + ## Call this function to build and install a new dynamically built ## packet filter. global install: function(); - - ## This is where the default packet filter is stored and it should not + + ## This is where the default packet filter is stored and it should not ## normally be modified by users. global default_filter = ""; } @@ -89,22 +89,22 @@ function build_default_filter(): string return "ip or not ip"; # Build filter dynamically. - + # First the capture_filter. local cfilter = ""; for ( id in capture_filters ) cfilter = combine_filters(cfilter, capture_filters[id], "or"); - + # Then the restrict_filter. local rfilter = ""; for ( id in restrict_filters ) rfilter = combine_filters(rfilter, restrict_filters[id], "and"); - + # Finally, join them into one filter. local filter = combine_filters(rfilter, cfilter, "and"); if ( unrestricted_filter != "" ) filter = combine_filters(unrestricted_filter, filter, "or"); - + return filter; } @@ -114,32 +114,32 @@ function install() if ( ! precompile_pcap_filter(DefaultPcapFilter, default_filter) ) { - NOTICE([$note=Compile_Failure, + NOTICE([$note=Compile_Failure, $msg=fmt("Compiling packet filter failed"), $sub=default_filter]); Reporter::fatal(fmt("Bad pcap filter '%s'", default_filter)); } - + # Do an audit log for the packet filter. local info: Info; info$ts = network_time(); # If network_time() is 0.0 we're at init time so use the wall clock. - if ( info$ts == 0.0 ) + if ( info$ts == 0.0 ) { info$ts = current_time(); info$init = T; } info$filter = default_filter; - + if ( ! install_pcap_filter(DefaultPcapFilter) ) { # Installing the filter failed for some reason. info$success = F; - NOTICE([$note=Install_Failure, + NOTICE([$note=Install_Failure, $msg=fmt("Installing packet filter failed"), $sub=default_filter]); } - + if ( reading_live_traffic() || reading_traces() ) Log::write(PacketFilter::LOG, info); } diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 200947938d..9f4e0355f0 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -601,10 +601,10 @@ function add_signature_file(sold: string, snew: string): string } ## Signature files to read. Use ``redef signature_files += "foo.sig"`` to -## extend. Signature files will be searched relative to ``BRO_PATH``. +## extend. Signature files will be searched relative to ``BROPATH``. global signature_files = "" &add_func = add_signature_file; -## ``p0f`` fingerprint file to use. Will be searched relative to ``BRO_PATH``. +## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``. const passive_fingerprint_file = "base/misc/p0f.fp" &redef; # todo::testing to see if I can remove these without causing problems. diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.bro index afb95074e2..796da5c29a 100644 --- a/scripts/policy/protocols/http/detect-webapps.bro +++ b/scripts/policy/protocols/http/detect-webapps.bro @@ -28,7 +28,7 @@ event signature_match(state: signature_state, msg: string, data: string) &priori local c = state$conn; local si = Software::Info; - si = [$unparsed_version=msg, $host=c$id$resp_h, $host_p=c$id$resp_p, $software_type=WEB_APPLICATION]; + si = [$name=msg, $unparsed_version=msg, $host=c$id$resp_h, $host_p=c$id$resp_p, $software_type=WEB_APPLICATION]; si$url = build_url_http(c$http); if ( c$id$resp_h in Software::tracked && si$name in Software::tracked[c$id$resp_h] ) diff --git a/src/Analyzer.h b/src/Analyzer.h index 7797e215fe..86cfb0266b 100644 --- a/src/Analyzer.h +++ b/src/Analyzer.h @@ -1,4 +1,3 @@ -// Main analyzer interface. #ifndef ANALYZER_H #define ANALYZER_H diff --git a/src/Anon.cc b/src/Anon.cc index aeaf49feea..ca2a1e6361 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -154,7 +154,7 @@ void AnonymizeIPAddr_A50::init() int AnonymizeIPAddr_A50::PreservePrefix(ipaddr32_t input, int num_bits) { DEBUG_MSG("%s/%d\n", - string(IPAddr(IPAddr::IPv4, &input, IPAddr::Network)).c_str(), + IPAddr(IPAddr::IPv4, &input, IPAddr::Network)->AsString().c_str(), num_bits); if ( ! before_anonymization ) diff --git a/src/Brofiler.cc b/src/Brofiler.cc index 60e57f0964..783d027761 100644 --- a/src/Brofiler.cc +++ b/src/Brofiler.cc @@ -5,7 +5,7 @@ #include "util.h" Brofiler::Brofiler() - : delim('\t'), ignoring(0) + : ignoring(0), delim('\t') { } diff --git a/src/CompHash.cc b/src/CompHash.cc index 44484ca005..77a06976fb 100644 --- a/src/CompHash.cc +++ b/src/CompHash.cc @@ -727,7 +727,9 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0, { const uint32* const kp = AlignType(kp0); kp1 = reinterpret_cast(kp+4); + IPAddr addr(IPAddr::IPv6, kp, IPAddr::Network); + switch ( tag ) { case TYPE_ADDR: pval = new AddrVal(addr); diff --git a/src/Conn.cc b/src/Conn.cc index deb89d50d3..7f5b936646 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -751,14 +751,14 @@ void Connection::Describe(ODesc* d) const } d->SP(); - d->Add(string(orig_addr).c_str()); + d->Add(orig_addr); d->Add(":"); d->Add(ntohs(orig_port)); d->SP(); d->AddSP("->"); - d->Add(string(resp_addr).c_str()); + d->Add(resp_addr); d->Add(":"); d->Add(ntohs(resp_port)); @@ -781,13 +781,8 @@ bool Connection::DoSerialize(SerialInfo* info) const // First we write the members which are needed to // create the HashKey. - uint32 orig_a[4]; - uint32 resp_a[4]; - orig_addr.CopyIPv6(orig_a); - resp_addr.CopyIPv6(resp_a); - for ( int j = 0; j < 4; ++j ) - if ( ! SERIALIZE(orig_a[j]) || ! SERIALIZE(resp_a[j]) ) - return false; + if ( ! SERIALIZE(orig_addr) || ! SERIALIZE(resp_addr) ) + return false; if ( ! SERIALIZE(orig_port) || ! SERIALIZE(resp_port) ) return false; @@ -834,14 +829,9 @@ bool Connection::DoUnserialize(UnserialInfo* info) // Build the hash key first. Some of the recursive *::Unserialize() // functions may need it. ConnID id; - uint32 orig_a[4]; - uint32 resp_a[4]; - for ( int i = 0; i < 4; ++i ) - if ( ! UNSERIALIZE(&orig_a[i]) || ! UNSERIALIZE(&resp_a[i]) ) - goto error; - orig_addr = IPAddr(IPAddr::IPv6, orig_a, IPAddr::Network); - resp_addr = IPAddr(IPAddr::IPv6, resp_a, IPAddr::Network); + if ( ! UNSERIALIZE(&orig_addr) || ! UNSERIALIZE(&resp_addr) ) + goto error; if ( ! UNSERIALIZE(&orig_port) || ! UNSERIALIZE(&resp_port) ) goto error; diff --git a/src/DCE_RPC.cc b/src/DCE_RPC.cc index 2aae4aa76a..a8a81813b7 100644 --- a/src/DCE_RPC.cc +++ b/src/DCE_RPC.cc @@ -139,6 +139,7 @@ bool is_mapped_dce_rpc_endpoint(const ConnID* id, TransportProto proto) { if ( id->dst_addr.family() == IPAddr::IPv6 ) return false; + dce_rpc_endpoint_addr addr; addr.addr = id->dst_addr; addr.port = ntohs(id->dst_port); diff --git a/src/DCE_RPC.h b/src/DCE_RPC.h index c736928a43..481e7f37a3 100644 --- a/src/DCE_RPC.h +++ b/src/DCE_RPC.h @@ -34,7 +34,7 @@ protected: const char* uuid_to_string(const u_char* uuid_data); struct dce_rpc_endpoint_addr { - // All fields except addr are in host byteorder. + // All fields are in host byteorder. IPAddr addr; u_short port; TransportProto proto; @@ -65,7 +65,7 @@ struct dce_rpc_endpoint_addr { { static char buf[128]; snprintf(buf, sizeof(buf), "%s/%d/%s", - string(addr).c_str(), port, + addr->AsString().c_str(), port, proto == TRANSPORT_TCP ? "tcp" : (proto == TRANSPORT_UDP ? "udp" : "?")); diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index e89dbf7d2f..d0c562da37 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -94,10 +94,9 @@ public: // Returns nil if this was an address request. const char* ReqHost() const { return req_host; } uint32 ReqAddr() const { return req_addr; } - const char* ReqStr() const + string ReqStr() const { - return req_host ? req_host : - string(IPAddr(IPAddr::IPv4, &req_addr, IPAddr::Network)).c_str(); + return req_host ? req_host : IPAddr(IPAddr::IPv4, &req_addr, IPAddr::Network); } ListVal* Addrs(); @@ -199,8 +198,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) req_host = copy_string(req_buf); else { - string s(req_buf); - IPAddr addr(s); + IPAddr addr(req_buf); const uint32* bytes; addr.GetBytes(&bytes); req_addr = *bytes; //FIXME: IPv6 support @@ -226,8 +224,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) if ( newline ) *newline = '\0'; - string s(buf); - IPAddr addr(s); + IPAddr addr(buf); const uint32* bytes; addr.GetBytes(&bytes); addrs[i] = *bytes; //FIXME IPv6 support @@ -350,13 +347,13 @@ void DNS_Mapping::Save(FILE* f) const { fprintf(f, "%.0f %d %s %d %s %d\n", creation_time, req_host != 0, req_host ? req_host : - string(IPAddr(IPAddr::IPv4, &req_addr, IPAddr::Network)).c_str(), + IPAddr(IPAddr::IPv4, &req_addr, IPAddr::Network)->AsString()->c_str(), failed, (names && names[0]) ? names[0] : "*", num_addrs); for ( int i = 0; i < num_addrs; ++i ) fprintf(f, "%s\n", - string(IPAddr(IPAddr::IPv4, &addrs[i], IPAddr::Network)).c_str()); + IPAddr(IPAddr::IPv4, &addrs[i], IPAddr::Network)->AsString().c_str()); } @@ -521,7 +518,7 @@ Val* DNS_Mgr::LookupAddr(uint32 addr) case DNS_FORCE: reporter->FatalError("can't find DNS entry for %s in cache", - string(IPAddr(IPAddr::IPv4, &addr, IPAddr::Network)).c_str()); + IPAddr(IPAddr::IPv4, &addr, IPAddr::Network)->AsString().c_str()); return 0; case DNS_DEFAULT: @@ -813,7 +810,7 @@ void DNS_Mgr::DumpAddrList(FILE* f, ListVal* al) for ( int i = 0; i < al->Length(); ++i ) { const IPAddr* al_i = al->Index(i)->AsAddr(); - fprintf(f, "%s%s", i > 0 ? "," : "", string(*al_i).c_str()); + fprintf(f, "%s%s", i > 0 ? "," : "", al_i->AsString().c_str()); } } diff --git a/src/Desc.cc b/src/Desc.cc index 12b4a524eb..df49d84ba2 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -157,6 +157,18 @@ void ODesc::Add(double d) } } +void ODesc::Add(const IPAddr& addr) + { + string s = addr->AsString(); + AddBytes(s.c_str()); + } + +void ODesc::Add(const IPPrefix& prefix) + { + string s = prefix->AsString(); + AddBytes(s.c_str()); + } + void ODesc::AddCS(const char* s) { int n = strlen(s); diff --git a/src/Desc.h b/src/Desc.h index 27cbd4fa01..c633f2d812 100644 --- a/src/Desc.h +++ b/src/Desc.h @@ -73,6 +73,8 @@ public: void Add(int64 i); void Add(uint64 u); void Add(double d); + void Add(const IPAddr& addr); + void Add(const IPPrefix& prefix); // Add s as a counted string. void AddCS(const char* s); diff --git a/src/Expr.cc b/src/Expr.cc index 848fe6d351..60e9cdb4ba 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -837,8 +837,8 @@ Val* BinaryExpr::AddrFold(Val* v1, Val* v2) const { uint32 a1[4]; uint32 a2[4]; - v1->AsAddr()->CopyIPv6(a1); - v2->AsAddr()->CopyIPv6(a2); + v1->AsAddr().CopyIPv6(a1); + v2->AsAddr().CopyIPv6(a2); int result = 0; switch ( tag ) { @@ -861,10 +861,10 @@ Val* BinaryExpr::AddrFold(Val* v1, Val* v2) const Val* BinaryExpr::SubNetFold(Val* v1, Val* v2) const { - const IPPrefix* n1 = v1->AsSubNet(); - const IPPrefix* n2 = v2->AsSubNet(); + const IPPrefix& n1 = v1->AsSubNet(); + const IPPrefix& n2 = v2->AsSubNet(); - if ( *n1 == *n2 ) + if ( n1 == n2 ) return new Val(1, TYPE_BOOL); else return new Val(0, TYPE_BOOL); @@ -1673,7 +1673,7 @@ Val* DivideExpr::AddrFold(Val* v1, Val* v2) const else mask = static_cast(v2->InternalInt()); - return new SubNetVal(*v1->AsAddr(), mask); + return new SubNetVal(v1->AsAddr(), mask); } Expr* DivideExpr::DoSimplify() @@ -4493,7 +4493,7 @@ Val* InExpr::Fold(Val* v1, Val* v2) const if ( v1->Type()->Tag() == TYPE_ADDR && v2->Type()->Tag() == TYPE_SUBNET ) - return new Val(v2->AsSubNetVal()->Contains(*v1->AsAddr()), TYPE_BOOL); + return new Val(v2->AsSubNetVal().Contains(v1->AsAddr()), TYPE_BOOL); TableVal* vt = v2->AsTableVal(); if ( vt->Lookup(v1, false) ) diff --git a/src/ICMP.cc b/src/ICMP.cc index 279adbd7dd..5da897b0d5 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -243,7 +243,7 @@ void ICMP_Analyzer::Describe(ODesc* d) const d->Add(Conn()->LastTime()); d->AddSP(")"); - d->Add(string(Conn()->OrigAddr()).c_str()); + d->Add(Conn()->OrigAddr()); d->Add("."); d->Add(type); d->Add("."); @@ -252,7 +252,7 @@ void ICMP_Analyzer::Describe(ODesc* d) const d->SP(); d->AddSP("->"); - d->Add(string(Conn()->RespAddr()).c_str()); + d->Add(Conn()->RespAddr()); } void ICMP_Analyzer::UpdateConnVal(RecordVal *conn_val) diff --git a/src/IPAddr.cc b/src/IPAddr.cc index fa8e5567eb..7d306e1b2d 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -1,3 +1,5 @@ +// See the file "COPYING" in the main distribution directory for copyright. + #include "IPAddr.h" #include "Reporter.h" @@ -7,7 +9,7 @@ const uint8_t IPAddr::v4_mapped_prefix[12] = { 0, 0, 0, 0, void IPAddr::Mask(int top_bits_to_keep) { - if ( top_bits_to_keep <=0 || top_bits_to_keep > 128 ) + if ( top_bits_to_keep <= 0 || top_bits_to_keep > 128 ) { reporter->Error("Bad IPAddr::Mask value %d", top_bits_to_keep); return; @@ -18,6 +20,7 @@ void IPAddr::Mask(int top_bits_to_keep) int word = 3; int bits_to_chop = 128 - top_bits_to_keep; + while ( bits_to_chop >= 32 ) { tmp[word] = 0; @@ -29,12 +32,13 @@ void IPAddr::Mask(int top_bits_to_keep) w >>= bits_to_chop; w <<= bits_to_chop; tmp[word] = htonl(w); + memcpy(in6.s6_addr, tmp, sizeof(in6.s6_addr)); } void IPAddr::ReverseMask(int top_bits_to_chop) { - if ( top_bits_to_chop <=0 || top_bits_to_chop > 128 ) + if ( top_bits_to_chop <= 0 || top_bits_to_chop > 128 ) { reporter->Error("Bad IPAddr::ReverseMask value %d", top_bits_to_chop); return; @@ -45,6 +49,7 @@ void IPAddr::ReverseMask(int top_bits_to_chop) int word = 0; int bits_to_chop = top_bits_to_chop; + while ( bits_to_chop >= 32 ) { tmp[word] = 0; @@ -56,20 +61,23 @@ void IPAddr::ReverseMask(int top_bits_to_chop) w <<= bits_to_chop; w >>= bits_to_chop; tmp[word] = htonl(w); + memcpy(in6.s6_addr, tmp, sizeof(in6.s6_addr)); } void IPAddr::Init(const std::string& s) { - if ( s.find(':') == std::string::npos ) //IPv4 + if ( s.find(':') == std::string::npos ) // IPv4. { memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); + if ( inet_pton(AF_INET, s.c_str(), &in6.s6_addr[12]) <=0 ) { reporter->Error("Bad IP address: %s", s.c_str()); memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); } } + else { if ( inet_pton(AF_INET6, s.c_str(), in6.s6_addr) <=0 ) @@ -80,11 +88,34 @@ void IPAddr::Init(const std::string& s) } } +string IPAddr::AsString() const + { + if ( family() == IPv4 ) + { + char s[INET_ADDRSTRLEN]; + + if ( inet_ntop(AF_INET, &in6.s6_addr[12], s, INET_ADDRSTRLEN) == NULL ) + return " 32 ) reporter->InternalError("Bad in4_addr IPPrefix length : %d", length); + prefix.Mask(this->length); } @@ -93,6 +124,7 @@ IPPrefix::IPPrefix(const in6_addr& in6, uint8_t length) { if ( length > 128 ) reporter->InternalError("Bad in6_addr IPPrefix length : %d", length); + prefix.Mask(this->length); } @@ -104,15 +136,19 @@ IPPrefix::IPPrefix(const IPAddr& addr, uint8_t length) if ( length > 32 ) reporter->InternalError("Bad IPAddr(v4) IPPrefix length : %d", length); + this->length = length + 96; } + else { if ( length > 128 ) reporter->InternalError("Bad IPAddr(v6) IPPrefix length : %d", length); + this->length = length; } + prefix.Mask(this->length); } @@ -121,7 +157,22 @@ IPPrefix::IPPrefix(const std::string& s, uint8_t length) { if ( prefix.family() == IPAddr::IPv4 && length > 32 ) reporter->InternalError("Bad string IPPrefix length : %d", length); + else if ( prefix.family() == IPAddr::IPv6 && length > 128 ) reporter->InternalError("Bad string IPPrefix length : %d", length); + prefix.Mask(this->length); } + +string IPPrefix::AsString() const + { + char l[16]; + + if ( prefix.family() == IPAddr::IPv4 ) + modp_uitoa10(length - 96, l); + else + modp_uitoa10(length, l); + + return prefix->AsString() +"/" + l; + } + diff --git a/src/IPAddr.h b/src/IPAddr.h index dbcad95d75..07891fcee0 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -1,3 +1,4 @@ +// See the file "COPYING" in the main distribution directory for copyright. #ifndef IPADDR_H #define IPADDR_H @@ -11,97 +12,108 @@ typedef in_addr in4_addr; -/// Class storing both IPv4 and IPv6 addresses. +/** + * Class storing both IPv4 and IPv6 addresses. + */ class IPAddr { public: - /// Address family. + /** + * Address family. + */ enum Family { IPv4, IPv6 }; - /// Byte order. + /** + * Byte order. + */ enum ByteOrder { Host, Network }; - /// Constructs the unspecified IPv6 address (all 128 bits zeroed). + /** + * Constructs the unspecified IPv6 address (all 128 bits zeroed). + */ IPAddr() { memset(in6.s6_addr, 0, sizeof(in6.s6_addr)); } - /// Constructs an address instance from an IPv4 address. - /// - /// @param in6 The IPv6 address. + /** + * Constructs an address instance from an IPv4 address. + * + * @param in6 The IPv6 address. + */ IPAddr(const in4_addr& in4) { memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); memcpy(&in6.s6_addr[12], &in4.s_addr, sizeof(in4.s_addr)); } - /// Constructs an address instance from an IPv6 address. - /// - /// @param in6 The IPv6 address. + /** + * Constructs an address instance from an IPv6 address. + * + * @param in6 The IPv6 address. + */ IPAddr(const in6_addr& arg_in6) : in6(arg_in6) { } - /// Constructs an address instance from a string representation. - /// - /// @param s String containing an IP address as either a dotted IPv4 - /// address or a hex IPv6 address. + /** + * Constructs an address instance from a string representation. + * + * @param s String containing an IP address as either a dotted IPv4 + * address or a hex IPv6 address. + */ IPAddr(const std::string& s) { Init(s); } - /// Constructs an address instance from a string representation. - /// - /// @param s String containing an IP address as either a dotted IPv4 - /// address or a hex IPv6 address. + /** + * Constructs an address instance from a string representation. + * + * @param s ASCIIZ string containing an IP address as either a + * dotted IPv4 address or a hex IPv6 address. + */ + IPAddr(const char* s) + { + Init(s); + } + + /** + * Constructs an address instance from a string representation. + * + * @param s String containing an IP address as either a dotted IPv4 + * address or a hex IPv6 address. + */ IPAddr(const BroString& s) { Init(s.CheckString()); } - /// Constructs an address instance from a raw byte representation. - /// - /// @param family The address family. - /// - /// @param bytes A pointer to the raw byte representation. This must point - /// to 4 bytes if \a family is IPv4, and to 16 bytes if \a family is - /// IPv6. - /// - /// @param order Indicates whether the raw representation pointed to - /// by \a bytes is stored in network or host order. - IPAddr(Family family, const uint32_t* bytes, ByteOrder order) - { - if ( family == IPv4 ) - { - memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix)); - memcpy(&in6.s6_addr[12], bytes, sizeof(uint32_t)); - if ( order == Host ) - { - uint32_t* p = (uint32_t*) &in6.s6_addr[12]; - *p = htonl(*p); - } - } - else - { - memcpy(in6.s6_addr, bytes, sizeof(in6.s6_addr)); - if ( order == Host ) - { - for ( unsigned int i = 0; i < 4; ++ i) - { - uint32_t* p = (uint32_t*) &in6.s6_addr[i*4]; - *p = htonl(*p); - } - } - } - } + /** + * Constructs an address instance from a raw byte representation. + * + * @param family The address family. + * + * @param bytes A pointer to the raw byte representation. This must point + * to 4 bytes if \a family is IPv4, and to 16 bytes if \a family is + * IPv6. + * + * @param order Indicates whether the raw representation pointed to + * by \a bytes is stored in network or host order. + */ + IPAddr(Family family, const uint32_t* bytes, ByteOrder order); - /// Copy constructor. + /** + * Copy constructor. + */ IPAddr(const IPAddr& other) : in6(other.in6) { }; - /// Destructor. + /** + * Destructor. + */ ~IPAddr() { }; - /// Returns the address' family. + /** + * Returns the address' family. + */ Family family() const { if ( memcmp(in6.s6_addr, v4_mapped_prefix, 12) == 0 ) @@ -110,23 +122,14 @@ public: return IPv6; } - /// Returns true if the address represents a loopback device. - bool IsLoopback() const - { - if ( family() == IPv4 ) - return in6.s6_addr[12] == 127; - else - return ((in6.s6_addr[0] == 0) && (in6.s6_addr[1] == 0) - && (in6.s6_addr[2] == 0) && (in6.s6_addr[3] == 0) - && (in6.s6_addr[4] == 0) && (in6.s6_addr[5] == 0) - && (in6.s6_addr[6] == 0) && (in6.s6_addr[7] == 0) - && (in6.s6_addr[8] == 0) && (in6.s6_addr[9] == 0) - && (in6.s6_addr[10] == 0) && (in6.s6_addr[11] == 0) - && (in6.s6_addr[12] == 0) && (in6.s6_addr[13] == 0) - && (in6.s6_addr[14] == 0) && (in6.s6_addr[15] == 1)); - } + /** + * Returns true if the address represents a loopback device. + */ + bool IsLoopback() const; - /// Returns true if the address represents a multicast address. + /** + * Returns true if the address represents a multicast address. + */ bool IsMulticast() const { if ( family() == IPv4 ) @@ -135,27 +138,31 @@ public: return in6.s6_addr[0] == 0xff; } - /// Returns true if the address represents a broadcast address. + /** + * Returns true if the address represents a broadcast address. + */ bool IsBroadcast() const { if ( family() == IPv4 ) return ((in6.s6_addr[12] == 0xff) && (in6.s6_addr[13] == 0xff) - && (in6.s6_addr[14] == 0xff) && (in6.s6_addr[15] == 0xff)); + && (in6.s6_addr[14] == 0xff) && (in6.s6_addr[15] == 0xff)); else return false; } - /// Retrieves the raw byte representation of the address. - /// - /// @param bytes The pointer to which \a bytes points will be set to - /// the address of the raw representation in network-byte order. - /// The return value indicates how many 32-bit words are valid starting at - /// that address. The pointer will be valid as long as the address instance - /// exists. - /// - /// @return The number of 32-bit words the raw representation uses. This - /// will be 1 for an IPv4 address and 4 for an IPv6 address. - int GetBytes(uint32_t** bytes) + /** + * Retrieves the raw byte representation of the address. + * + * @param bytes The pointer to which \a bytes points will be set to + * the address of the raw representation in network-byte order. + * The return value indicates how many 32-bit words are valid starting at + * that address. The pointer will be valid as long as the address instance + * exists. + * + * @return The number of 32-bit words the raw representation uses. This + * will be 1 for an IPv4 address and 4 for an IPv6 address. + */ + int GetBytes(const uint32_t* const * bytes) const { if ( family() == IPv4 ) { @@ -169,51 +176,45 @@ public: } } - int GetBytes(const uint32_t** bytes) const - { - if ( family() == IPv4 ) - { - *bytes = (uint32_t*) &in6.s6_addr[12]; - return 1; - } - else - { - *bytes = (uint32_t*) in6.s6_addr; - return 4; - } - } - - /// Retrieves a copy of the IPv6 raw byte representation of the address. - /// If the internal address is IPv4, then the copied bytes use the - /// IPv4 to IPv6 address mapping to return a full 16 bytes. - /// - /// @param bytes The pointer to a memory location in which the - /// raw bytes of the address are to be copied in network byte-order. + /** + * Retrieves a copy of the IPv6 raw byte representation of the address. + * If the internal address is IPv4, then the copied bytes use the + * IPv4 to IPv6 address mapping to return a full 16 bytes. + * + * @param bytes The pointer to a memory location in which the + * raw bytes of the address are to be copied in network byte-order. + */ void CopyIPv6(uint32_t* bytes) const { memcpy(bytes, in6.s6_addr, sizeof(in6.s6_addr)); } - /// Masks out lower bits of the address. - /// - /// @param top_bits_to_keep The number of bits \a not to mask out, - /// counting from the highest order bit. The value is always - /// interpreted relative to the IPv6 bit width, even if the address - /// is IPv4. That means if compute ``192.168.1.2/16``, you need to - /// pass in 112 (i.e., 96 + 16). The value must be in the range from - /// 0 to 128. + /** + * Masks out lower bits of the address. + * + * @param top_bits_to_keep The number of bits \a not to mask out, + * counting from the highest order bit. The value is always + * interpreted relative to the IPv6 bit width, even if the address + * is IPv4. That means if compute ``192.168.1.2/16``, you need to + * pass in 112 (i.e., 96 + 16). The value must be in the range from + * 0 to 128. + */ void Mask(int top_bits_to_keep); - /// Masks out top bits of the address. - /// - /// @param top_bits_to_chop The number of bits to mask out, counting - /// from the highest order bit. The value is always interpreted relative - /// to the IPv6 bit width, even if the address is IPv4. So to mask out - /// the first 16 bits of an IPv4 address, pass in 112 (i.e., 96 + 16). - /// The value must be in the range from 0 to 128. + /** + * Masks out top bits of the address. + * + * @param top_bits_to_chop The number of bits to mask out, counting + * from the highest order bit. The value is always interpreted relative + * to the IPv6 bit width, even if the address is IPv4. So to mask out + * the first 16 bits of an IPv4 address, pass in 112 (i.e., 96 + 16). + * The value must be in the range from 0 to 128. + */ void ReverseMask(int top_bits_to_chop); - /// Assignment operator. + /** + * Assignment operator. + */ IPAddr& operator=(const IPAddr& other) { // No self-assignment check here because it's correct without it and @@ -222,30 +223,22 @@ public: return *this; } - /// Returns a string representation of the address. IPv4 addresses - /// will be returned in dotted representation, IPv6 addresses in - /// compressed hex. - operator std::string() const - { - if ( family() == IPv4 ) - { - char s[INET_ADDRSTRLEN]; - if ( inet_ntop(AF_INET, &in6.s6_addr[12], s, INET_ADDRSTRLEN) == NULL ) - return "Read(&net[0], "net0") && - fmt->Read(&net[1], "net1") && - fmt->Read(&net[2], "net2") && - fmt->Read(&net[3], "net3") && - fmt->Read(&net[4], "width")) ) + IPPrefix prefix; + if ( ! fmt->Read(&prefix), "subnet" ) return false; - val.subnet_val = new IPPrefix(IPAddr(IPAddr::IPv6, net, - IPAddr::Network), net[4]); + + val.subnet_val = new IPPrefix(prefix); return true; } case TYPE_ADDR: { - uint32 addr[4]; - if ( ! (fmt->Read(&addr[0], "addr0") && - fmt->Read(&addr[1], "addr1") && - fmt->Read(&addr[2], "addr2") && - fmt->Read(&addr[3], "addr3")) ) + IPAddr addr; + if ( ! fmt->Read(&addr), "net" ) return false; - val.addr_val = new IPAddr(IPAddr::IPv6, addr, IPAddr::Network); + val.addr_val = new IPAddr(prefix); return true; } @@ -301,25 +294,11 @@ bool LogVal::Write(SerializationFormat* fmt) const return fmt->Write(val.uint_val, "uint"); case TYPE_SUBNET: - { - uint32 net[4]; - val.subnet_val->Prefix().CopyIPv6(net); - return fmt->Write(net[0], "net0") && - fmt->Write(net[1], "net1") && - fmt->Write(net[2], "net2") && - fmt->Write(net[3], "net3") && - fmt->Write((uint32)val.subnet_val->Length(), "width"); - } + return fmt->Write(*val.subnet_val, "subnet"); + case TYPE_ADDR: - { - uint32 addr[4]; - val.addr_val->CopyIPv6(addr); - return fmt->Write(addr[0], "addr0") && - fmt->Write(addr[1], "addr1") && - fmt->Write(addr[2], "addr2") && - fmt->Write(addr[3], "addr3"); - } + return fmt->Write(*val.addr_val, "addr"); case TYPE_DOUBLE: case TYPE_TIME: @@ -1086,12 +1065,12 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty) break; case TYPE_SUBNET: - lval->val.subnet_val = new IPPrefix(*val->AsSubNet()); + lval->val.subnet_val = new IPPrefix(val->AsSubNet()); break; case TYPE_ADDR: { - lval->val.addr_val = new IPAddr(*val->AsAddr()); + lval->val.addr_val = new IPAddr(val->AsAddr()); break; } diff --git a/src/LogWriterAscii.cc b/src/LogWriterAscii.cc index 84fe8a3c31..8dd36e1991 100644 --- a/src/LogWriterAscii.cc +++ b/src/LogWriterAscii.cc @@ -166,11 +166,11 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field) break; case TYPE_SUBNET: - desc->Add(string(*val->val.subnet_val).c_str()); + desc->Add(*val->val.subnet_val); break; case TYPE_ADDR: - desc->Add(string(*val->val.addr_val).c_str()); + desc->Add(*val->val.addr_val); break; case TYPE_TIME: diff --git a/src/PrefixTable.cc b/src/PrefixTable.cc index 62e6fe5c12..bbe391bfcb 100644 --- a/src/PrefixTable.cc +++ b/src/PrefixTable.cc @@ -42,12 +42,12 @@ void* PrefixTable::Insert(const Val* value, void* data) switch ( value->Type()->Tag() ) { case TYPE_ADDR: - return Insert(*value->AsAddr(), 128, data); + return Insert(value->AsAddr(), 128, data); break; case TYPE_SUBNET: - return Insert(value->AsSubNet()->Prefix(), - value->AsSubNet()->LengthIPv6(), data); + return Insert(value->AsSubNet().Prefix(), + value->AsSubNet().LengthIPv6(), data); break; default: @@ -76,12 +76,12 @@ void* PrefixTable::Lookup(const Val* value, bool exact) const switch ( value->Type()->Tag() ) { case TYPE_ADDR: - return Lookup(*value->AsAddr(), 128, exact); + return Lookup(value->AsAddr(), 128, exact); break; case TYPE_SUBNET: - return Lookup(value->AsSubNet()->Prefix(), - value->AsSubNet()->LengthIPv6(), exact); + return Lookup(value->AsSubNet().Prefix(), + value->AsSubNet().LengthIPv6(), exact); break; default: @@ -115,12 +115,12 @@ void* PrefixTable::Remove(const Val* value) switch ( value->Type()->Tag() ) { case TYPE_ADDR: - return Remove(*value->AsAddr(), 128); + return Remove(value->AsAddr(), 128); break; case TYPE_SUBNET: - return Remove(value->AsSubNet()->Prefix(), - value->AsSubNet()->LengthIPv6()); + return Remove(value->AsSubNet().Prefix(), + value->AsSubNet().LengthIPv6()); break; default: diff --git a/src/Reporter.cc b/src/Reporter.cc index 2caf3f5dfb..37470cd690 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -155,20 +155,6 @@ void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* add delete vl; } -void Reporter::WeirdFlowHelper(const uint32* orig, const uint32* resp, const char* fmt_name, ...) - { - val_list* vl = new val_list(2); - vl->append(new AddrVal(orig)); - vl->append(new AddrVal(resp)); - - va_list ap; - va_start(ap, fmt_name); - DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap); - va_end(ap); - - delete vl; - } - void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...) { val_list* vl = new val_list(2); @@ -198,11 +184,6 @@ void Reporter::Weird(Val* conn_val, const char* name, const char* addl) WeirdHelper(conn_weird, conn_val, addl, "%s", name); } -void Reporter::Weird(const uint32* orig, const uint32* resp, const char* name) - { - WeirdFlowHelper(orig, resp, "%s", name); - } - void Reporter::Weird(const IPAddr& orig, const IPAddr& resp, const char* name) { WeirdFlowHelper(orig, resp, "%s", name); diff --git a/src/Reporter.h b/src/Reporter.h index 10bb96306d..210dd241d2 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -75,7 +75,6 @@ public: void Weird(const char* name); // Raises net_weird(). void Weird(Connection* conn, const char* name, const char* addl = ""); // Raises conn_weird(). void Weird(Val* conn_val, const char* name, const char* addl = ""); // Raises conn_weird(). - void Weird(const uint32* orig, const uint32* resp, const char* name); // Raises flow_weird(). void Weird(const IPAddr& orig, const IPAddr& resp, const char* name); // Raises flow_weird(). // Syslog a message. This methods does nothing if we're running @@ -123,7 +122,6 @@ private: // The order if addl, name needs to be like that since fmt_name can // contain format specifiers void WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* addl, const char* fmt_name, ...); - void WeirdFlowHelper(const uint32* orig, const uint32* resp, const char* fmt_name, ...); void WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const char* fmt_name, ...); int errors; diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 63b56aa341..b7138ee388 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -1070,14 +1070,16 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to) { const uint32* n; uint32 m[4]; - v->AsSubNet()->Prefix().GetBytes(&n); - v->AsSubNetVal()->Mask().CopyIPv6(m); + v->AsSubNet().Prefix().GetBytes(&n); + v->AsSubNetVal().Mask().CopyIPv6(m); + for ( unsigned int i = 0; i < 4; ++i ) m[i] = ntohl(m[i]); + bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0]; - if ( v->AsSubNet()->Prefix().family() == IPAddr::IPv4 && + if ( v->AsSubNet().Prefix().family() == IPAddr::IPv4 && is_v4_mask ) { mval->val = ntohl(*n); diff --git a/src/SSH.cc b/src/SSH.cc index 1f3666da2f..3a8f468ae4 100644 --- a/src/SSH.cc +++ b/src/SSH.cc @@ -50,23 +50,24 @@ void SSH_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) // SSH-.-\n // // We're interested in the "version" part here. - + if ( length < 4 || memcmp(line, "SSH-", 4) != 0 ) { Weird("malformed_ssh_identification"); ProtocolViolation("malformed ssh identification", line, length); return; } - + int i; for ( i = 4; i < length && line[i] != '-'; ++i ) ; - + if ( TCP() ) { if ( length >= i ) { IPAddr dst; + if ( is_orig ) dst = TCP()->Orig()->dst_addr; else diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index 5e3a68a42e..c88e2979b8 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -230,6 +230,28 @@ bool BinarySerializationFormat::Read(string* v, const char* tag) return true; } +bool BinarySerializationFormat::Read(IPAddr* addr, const char* tag) + { + string s; + if ( ! Read(&s, tag) ) + return false; + + *addr = IPAddr(s); + return true; + } + +bool BinarySerializationFormat::Read(IPPrefix* prefix, const char* tag) + { + string s; + int len; + + if ( ! (Read(&s, tag) && Read(&len, tag)) ) + return false; + + *prefix = IPPrefix(IPAddr(s), len); + return true; + } + bool BinarySerializationFormat::Write(char v, const char* tag) { DBG_LOG(DBG_SERIAL, "Write char %s [%s]", fmt_bytes(&v, 1), tag); @@ -299,6 +321,16 @@ bool BinarySerializationFormat::Write(const string& s, const char* tag) return Write(s.data(), s.size(), tag); } +bool BinarySerializationFormat::Write(const IPAddr& addr, const char* tag) + { + return Write(addr.AsString()); + } + +bool BinarySerializationFormat::Write(const IPPrefix& prefix, const char* tag) + { + return Write(addr.AsString(), tag) && Write(prefix->Length(), tag); + } + bool BinarySerializationFormat::WriteOpenTag(const char* tag) { return true; diff --git a/src/SerializationFormat.h b/src/SerializationFormat.h index 2067456bf1..c6dd1e86b0 100644 --- a/src/SerializationFormat.h +++ b/src/SerializationFormat.h @@ -28,6 +28,8 @@ public: virtual bool Read(bool* v, const char* tag) = 0; virtual bool Read(double* d, const char* tag) = 0; virtual bool Read(string* s, const char* tag) = 0; + virtual bool Read(IPAddr* addr, const char* tag) = 0; + virtual bool Read(IPPrefix* prefix, const char* tag) = 0; // Returns number of raw bytes read since last call to StartRead(). int BytesRead() const { return bytes_read; } @@ -50,6 +52,8 @@ public: virtual bool Write(const char* s, const char* tag) = 0; virtual bool Write(const char* buf, int len, const char* tag) = 0; virtual bool Write(const string& s, const char* tag) = 0; + virtual bool Write(const IPAddr& addr, const char* tag) = 0; + virtual bool Write(const IPPrefix& prefix, const char* tag) = 0; virtual bool WriteOpenTag(const char* tag) = 0; virtual bool WriteCloseTag(const char* tag) = 0; diff --git a/src/Serializer.cc b/src/Serializer.cc index ba593b84be..06bbf73f48 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -1103,9 +1103,9 @@ void EventPlayer::Process() void Packet::Describe(ODesc* d) const { const IP_Hdr ip = IP(); - d->Add(string(ip.SrcAddr()).c_str()); + d->Add(ip.SrcAddr()); d->Add("->"); - d->Add(string(ip.DstAddr()).c_str()); + d->Add(ip.DstAddr()); } bool Packet::Serialize(SerialInfo* info) const diff --git a/src/Sessions.cc b/src/Sessions.cc index 54a6a85f7b..cec44acb3c 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -287,6 +287,7 @@ void NetSessions::NextPacket(double t, const struct pcap_pkthdr* hdr, IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt + hdr_size)); DoNextPacket(t, hdr, &ip_hdr, pkt, hdr_size); } + else { Weird("unknown_packet_type", hdr, pkt); @@ -604,8 +605,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr, int record_packet = 1; // whether to record the packet at all int record_content = 1; // whether to record its data - int is_orig = id.src_addr == conn->OrigAddr() && - id.src_port == conn->OrigPort(); + int is_orig = (id.src_addr == conn->OrigAddr()) && + (id.src_port == conn->OrigPort()); if ( new_packet && ip4 ) conn->Event(new_packet, 0, BuildHeader(ip4)); @@ -811,16 +812,16 @@ Connection* NetSessions::FindConnection(Val* v) // types, too. } - IPAddr* orig_addr = (*vl)[orig_h]->AsAddr(); - IPAddr* resp_addr = (*vl)[resp_h]->AsAddr(); + const IPAddr& orig_addr = (*vl)[orig_h]->AsAddr(); + const IPAddr& resp_addr = (*vl)[resp_h]->AsAddr(); PortVal* orig_portv = (*vl)[orig_p]->AsPortVal(); PortVal* resp_portv = (*vl)[resp_p]->AsPortVal(); ConnID id; - id.src_addr = *orig_addr; - id.dst_addr = *resp_addr; + id.src_addr = orig_addr; + id.dst_addr = resp_addr; id.src_port = htons((unsigned short) orig_portv->Port()); id.dst_port = htons((unsigned short) resp_portv->Port()); diff --git a/src/TCP_Endpoint.cc b/src/TCP_Endpoint.cc index 4fe53a4b60..626680966f 100644 --- a/src/TCP_Endpoint.cc +++ b/src/TCP_Endpoint.cc @@ -35,9 +35,9 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig) const uint32* src_bytes; const uint32* dst_bytes; int n = src_addr.GetBytes(&src_bytes); - dst_addr.GetBytes(&dst_bytes); + int m = dst_addr.GetBytes(&dst_bytes); checksum_base = ones_complement_checksum((void*) src_bytes, n*4, 0); - checksum_base = ones_complement_checksum((void*) dst_bytes, n*4, checksum_base); + checksum_base = ones_complement_checksum((void*) dst_bytes, m*4, checksum_base); // Note, for IPv6, strictly speaking this field is 32 bits // rather than 16 bits. But because the upper bits are all zero, // we get the same checksum either way. The same applies to diff --git a/src/Val.cc b/src/Val.cc index 7de63534c4..0e49dca030 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -205,31 +205,10 @@ bool Val::DoSerialize(SerialInfo* info) const val.string_val->Len()); case TYPE_INTERNAL_ADDR: - { - const uint32* addrp; - int words = val.addr_val->GetBytes(&addrp); - if ( ! SERIALIZE(words) ) - return false; - for ( int i = 0; i < words; ++i ) - if ( ! SERIALIZE(ntohl(addrp[i])) ) - return false; - return true; - } + return SERIALIZE(*val.addr_val); case TYPE_INTERNAL_SUBNET: - { - const uint32* addrp; - int words = val.subnet_val->Prefix().GetBytes(&addrp); - if ( ! (info->s->WriteOpenTag("subnet") && SERIALIZE(words)) ) - return false; - for ( int i = 0; i < words; ++i ) - if ( ! SERIALIZE(ntohl(addrp[i])) ) - return false; - if ( ! (SERIALIZE(val.subnet_val->Length()) && - info->s->WriteCloseTag("subnet")) ) - return false; - return true; - } + return SERIALIZE(*val.subnet_val); case TYPE_INTERNAL_OTHER: // Derived classes are responsible for this. @@ -296,71 +275,15 @@ bool Val::DoUnserialize(UnserialInfo* info) case TYPE_INTERNAL_ADDR: { - int num_words; - if ( ! UNSERIALIZE(&num_words) ) - return false; - - if ( num_words != 1 && num_words != 4 ) - { - info->s->Error("bad address type"); - return false; - } - - uint32 a[4]; // big enough to hold either - - for ( int i = 0; i < num_words; ++i ) - { - if ( ! UNSERIALIZE(&a[i]) ) - return false; - - a[i] = htonl(a[i]); - } - - if ( num_words == 1) - val.addr_val = new IPAddr(IPAddr::IPv4, a, IPAddr::Network); - else - val.addr_val = new IPAddr(IPAddr::IPv6, a, IPAddr::Network); + val.addr_val = new IPAddr(); + return UNSERIALIZE(val.addr_val); } - return true; case TYPE_INTERNAL_SUBNET: { - int num_words; - if ( ! UNSERIALIZE(&num_words) ) - return false; - - if ( num_words != 1 && num_words != 4 ) - { - info->s->Error("bad subnet type"); - return false; - } - - uint32 a[4]; // big enough to hold either - - for ( int i = 0; i < num_words; ++i ) - { - if ( ! UNSERIALIZE(&a[i]) ) - return false; - - a[i] = htonl(a[i]); - } - - int width; - if ( ! UNSERIALIZE(&width) ) - return false; - - if ( num_words == 1 ) - { - IPAddr tmp(IPAddr::IPv4, a, IPAddr::Network); - val.subnet_val = new IPPrefix(tmp, width); - } - else - { - IPAddr tmp(IPAddr::IPv6, a, IPAddr::Network); - val.subnet_val = new IPPrefix(tmp, width); - } + val.subnet_val = new IPPrefix(); + return UNSERIALIZE(val.subnet_val); } - return true; case TYPE_INTERNAL_OTHER: // Derived classes are responsible for this. @@ -569,10 +492,10 @@ void Val::ValDescribe(ODesc* d) const case TYPE_INTERNAL_UNSIGNED: d->Add(val.uint_val); break; case TYPE_INTERNAL_DOUBLE: d->Add(val.double_val); break; case TYPE_INTERNAL_STRING: d->AddBytes(val.string_val); break; - case TYPE_INTERNAL_ADDR: d->Add(string(*val.addr_val).c_str()); break; + case TYPE_INTERNAL_ADDR: d->Add(val.addr_val->AsString().c_str()); break; case TYPE_INTERNAL_SUBNET: - d->Add(string(*val.subnet_val).c_str()); + d->Add(val.subnet_val->AsString().c_str()); break; case TYPE_INTERNAL_ERROR: d->AddCS("error"); break; @@ -683,7 +606,7 @@ ID* MutableVal::Bind() const ip = htonl(0x7f000001); // 127.0.0.1 safe_snprintf(name, MAX_NAME_SIZE, "#%s#%d#", - string(IPAddr(IPAddr::IPv4, &ip, IPAddr::Network)).c_str(), + IPAddr(IPAddr::IPv4, &ip, IPAddr::Network)->AsString().c_str(), getpid()); #else safe_snprintf(name, MAX_NAME_SIZE, "#%s#%d#", host, getpid()); @@ -935,9 +858,10 @@ bool PortVal::DoUnserialize(UnserialInfo* info) AddrVal::AddrVal(const char* text) : Val(TYPE_ADDR) { - val.addr_val = new IPAddr(string(text)); + val.addr_val = new IPAddr(text); } +#if 0 AddrVal::AddrVal(uint32 addr) : Val(TYPE_ADDR) { // ### perhaps do gethostbyaddr here? @@ -948,6 +872,7 @@ AddrVal::AddrVal(const uint32* addr) : Val(TYPE_ADDR) { val.addr_val = new IPAddr(IPAddr::IPv6, addr, IPAddr::Network); } +#endif AddrVal::AddrVal(const IPAddr& addr) : Val(TYPE_ADDR) { @@ -991,6 +916,7 @@ SubNetVal::SubNetVal(const char* text) : Val(TYPE_SUBNET) const char* sep = strchr(text, '/'); if ( ! sep ) Internal("separator missing in SubNetVal::SubNetVal"); + val.subnet_val = new IPPrefix(text, atoi(sep+1)); } @@ -999,6 +925,7 @@ SubNetVal::SubNetVal(const char* text, int width) : Val(TYPE_SUBNET) val.subnet_val = new IPPrefix(text, width); } +#if 0 SubNetVal::SubNetVal(uint32 addr, int width) : Val(TYPE_SUBNET) { IPAddr a(IPAddr::IPv4, &addr, IPAddr::Network); @@ -1010,6 +937,7 @@ SubNetVal::SubNetVal(const uint32* addr, int width) : Val(TYPE_SUBNET) IPAddr a(IPAddr::IPv6, addr, IPAddr::Network); val.subnet_val = new IPPrefix(a, width); } +#endif SubNetVal::SubNetVal(const IPAddr& addr, int width) : Val(TYPE_SUBNET) { @@ -1037,6 +965,7 @@ void SubNetVal::ValDescribe(ODesc* d) const d->Add(string(*val.subnet_val).c_str()); } +#if 0 IPAddr SubNetVal::Mask() const { if ( val.subnet_val->Length() == 0 ) @@ -1069,22 +998,20 @@ IPAddr SubNetVal::Mask() const bool SubNetVal::Contains(const uint32 addr) const { IPAddr a(IPAddr::IPv4, &addr, IPAddr::Network); - a.Mask(val.subnet_val->Length()); - return a == val.subnet_val->Prefix(); + return val.subnet_val->Contains(a); } bool SubNetVal::Contains(const uint32* addr) const { IPAddr a(IPAddr::IPv6, addr, IPAddr::Network); - a.Mask(val.subnet_val->Length()); - return a == val.subnet_val->Prefix(); + return val.subnet_val->Contains(a); } +#endif bool SubNetVal::Contains(const IPAddr& addr) const { IPAddr a(addr); - a.Mask(val.subnet_val->Length()); - return a == val.subnet_val->Prefix(); + return val.subnet_val->Contains(a); } IMPLEMENT_SERIAL(SubNetVal, SER_SUBNET_VAL); @@ -3300,9 +3227,9 @@ int same_atomic_val(const Val* v1, const Val* v2) case TYPE_INTERNAL_STRING: return Bstr_eq(v1->AsString(), v2->AsString()); case TYPE_INTERNAL_ADDR: - return *v1->AsAddr() == *v2->AsAddr(); + return v1->AsAddr() == v2->AsAddr(); case TYPE_INTERNAL_SUBNET: - return *v1->AsSubNet() == *v2->AsSubNet(); + return v1->AsSubNet() == v2->AsSubNet(); default: reporter->InternalError("same_atomic_val called for non-atomic value"); diff --git a/src/Val.h b/src/Val.h index 11a11dc6e5..e987726601 100644 --- a/src/Val.h +++ b/src/Val.h @@ -227,10 +227,10 @@ public: CONST_ACCESSOR(TYPE_PATTERN, RE_Matcher*, re_val, AsPattern) CONST_ACCESSOR(TYPE_VECTOR, vector*, vector_val, AsVector) - const IPPrefix* AsSubNet() const + const IPPrefix& AsSubNet() const { CHECK_TAG(type->Tag(), TYPE_SUBNET, "Val::SubNet", type_name) - return val.subnet_val; + return *val.subnet_val; } BroType* AsType() const @@ -239,11 +239,11 @@ public: return type; } - const IPAddr* AsAddr() const + const IPAddr& AsAddr() const { if ( type->Tag() != TYPE_ADDR ) BadTag("Val::AsAddr", type_name(type->Tag())); - return val.addr_val; + return *val.addr_val; } #define ACCESSOR(tag, ctype, accessor, name) \ @@ -562,8 +562,10 @@ public: Val* SizeVal() const; // Constructor for address already in network order. +#if 0 AddrVal(uint32 addr); AddrVal(const uint32* addr); +#endif AddrVal(const IPAddr& addr); unsigned int MemoryAllocation() const; @@ -581,8 +583,10 @@ class SubNetVal : public Val { public: SubNetVal(const char* text); SubNetVal(const char* text, int width); +#if 0 SubNetVal(uint32 addr, int width); SubNetVal(const uint32* addr, int width); +#endif SubNetVal(const IPAddr& addr, int width); ~SubNetVal(); @@ -590,10 +594,12 @@ public: const IPAddr& Prefix() const { return val.subnet_val->Prefix(); } int Width() const { return val.subnet_val->Length(); } +#if 0 IPAddr Mask() const; - bool Contains(const uint32 addr) const; bool Contains(const uint32* addr) const; +#endif + bool Contains(const IPAddr& addr) const; unsigned int MemoryAllocation() const; diff --git a/src/bro.bif b/src/bro.bif index e5f5a6d6c3..cc3c2f335c 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -179,9 +179,10 @@ static void do_fmt(const char*& fmt, Val* v, ODesc* d) // This makes only a very slight difference, so not // clear it would e worth the hassle. - const IPAddr* u = v->AsAddr(); + const IPAddr& u = v->AsAddr(); const uint32* net_order_u; int len = u->GetBytes(&net_order_u); + if ( len == 4 ) { // We explicitly convert the address to host order @@ -1974,21 +1975,29 @@ function is_local_interface%(ip: addr%) : bool host[MAXHOSTNAMELEN-1] = '\0'; struct hostent* ent = gethostbyname2(host, AF_INET); + if ( ent ) + { for ( unsigned int len = 0; ent->h_addr_list[len]; ++len ) addrs.push_back(IPAddr(IPAddr::IPv4, (uint32*)ent->h_addr_list[len], IPAddr::Network)); + } ent = gethostbyname2(host, AF_INET6); + if ( ent ) + { for ( unsigned int len = 0; ent->h_addr_list[len]; ++len ) addrs.push_back(IPAddr(IPAddr::IPv6, (uint32*)ent->h_addr_list[len], IPAddr::Network)); + } list::const_iterator it; for ( it = addrs.begin(); it != addrs.end(); ++it ) - if ( *it == *ip->AsAddr() ) + { + if ( *it == ip->AsAddr() ) return new Val(1, TYPE_BOOL); + } return new Val(0, TYPE_BOOL); %} @@ -2058,7 +2067,7 @@ function is_v4_addr%(a: addr%): bool ## Returns: true if *a* is an IPv6 address, else false. function is_v6_addr%(a: addr%): bool %{ - if ( a->AsAddr()->family() == IPAddr::IPv6 ) + if ( a->AsAddr().Family() == IPAddr::IPv6 ) return new Val(1, TYPE_BOOL); else return new Val(0, TYPE_BOOL); @@ -2479,7 +2488,7 @@ function addr_to_ptr_name%(a: addr%): string ## .. bro:see:: addr_to_ptr_name parse_dotted_addr function parse_dotted_addr%(s: string%): addr %{ - IPAddr a(string(s->CheckString())); + IPAddr a(s->CheckString()); return new AddrVal(a); %} @@ -2991,7 +3000,7 @@ function strftime%(fmt: string, d: time%) : string ## .. bro:see:: remask_addr function mask_addr%(a: addr, top_bits_to_keep: count%): subnet %{ - return new SubNetVal(*a->AsAddr(), top_bits_to_keep); + return new SubNetVal(a->AsAddr(), top_bits_to_keep); %} ## Takes some top bits (e.g., subnet address) from one address and the other @@ -3013,9 +3022,9 @@ function mask_addr%(a: addr, top_bits_to_keep: count%): subnet ## .. bro:see:: mask_addr function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr %{ - IPAddr addr1(*a1->AsAddr()); + IPAddr addr1(a1->AsAddr()); addr1.Mask(top_bits_from_a1); - IPAddr addr2(*a2->AsAddr()); + IPAddr addr2(a2->AsAddr()); addr1.ReverseMask(top_bits_from_a1); uint32 x1[4]; uint32 x2[4]; @@ -3196,13 +3205,13 @@ const char* conn_id_string(Val* c) Val* id = (*(c->AsRecord()))[0]; const val_list* vl = id->AsRecord(); - const IPAddr* orig_h = (*vl)[0]->AsAddr(); + const IPAddr& orig_h = (*vl)[0]->AsAddr(); uint32 orig_p = (*vl)[1]->AsPortVal()->Port(); - const IPAddr* resp_h = (*vl)[2]->AsAddr(); + const IPAddr& resp_h = (*vl)[2]->AsAddr(); uint32 resp_p = (*vl)[3]->AsPortVal()->Port(); - return fmt("%s/%u -> %s/%u\n", string(*orig_h).c_str(), orig_p, - string(*resp_h).c_str(), resp_p); + return fmt("%s/%u -> %s/%u\n", orig_h.AsString().c_str(), orig_p, + resp_h.AsString().c_str(), resp_p); } %%} @@ -3432,7 +3441,7 @@ function lookup_addr%(host: addr%) : string frame->SetDelayed(); trigger->Hold(); - if ( host->AsAddr()->family() != IPAddr::IPv4 ) + if ( host->AsAddr().Family() != IPAddr::IPv4 ) { // FIXME: This is a temporary work-around until we get this // fixed. We warn the user once, and always trigger a timeout. @@ -3449,7 +3458,7 @@ function lookup_addr%(host: addr%) : string } const uint32* bytes; - host->AsAddr()->GetBytes(&bytes); + host->AsAddr().GetBytes(&bytes); dns_mgr->AsyncLookupAddr(*bytes, new LookupHostCallback(trigger, frame->GetCall(), true)); return 0; @@ -3558,10 +3567,10 @@ function lookup_location%(a: addr%) : geo_location } #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6 - if ( geoip_v6 && a->AsAddr()->family() == IPAddr::IPv6 ) + if ( geoip_v6 && a->AsAddr().Family() == IPAddr::IPv6 ) { const uint32* bytes; - a->AsAddr()->GetBytes(&bytes); + a->AsAddr().GetBytes(&bytes); geoipv6_t ga; memcpy(&ga, bytes, 16); if ( have_cityv6_db ) @@ -3572,10 +3581,10 @@ function lookup_location%(a: addr%) : geo_location else #endif - if ( geoip && a->AsAddr()->family() == IPAddr::IPv4 ) + if ( geoip && a->AsAddr().Family() == IPAddr::IPv4 ) { const uint32* bytes; - a->AsAddr()->GetBytes(&bytes); + a->AsAddr().GetBytes(&bytes); if ( have_city_db ) gir = GeoIP_record_by_ipnum(geoip, ntohl(*bytes)); else @@ -3658,7 +3667,7 @@ function lookup_asn%(a: addr%) : count if ( a->AsAddr()->family() == IPAddr::IPv6 ) { const uint32* bytes; - a->AsAddr()->GetBytes(&bytes); + a->AsAddr().GetBytes(&bytes); geoipv6_t ga; memcpy(&ga, bytes, 16); gir = GeoIP_name_by_ipnum_v6(geoip_asn, ga); @@ -3666,10 +3675,10 @@ function lookup_asn%(a: addr%) : count else #endif - if ( a->AsAddr()->family() == IPAddr::IPv4 ) + if ( a->AsAddr().Family() == IPAddr::IPv4 ) { const uint32* bytes; - a->AsAddr()->GetBytes(&bytes); + a->AsAddr().GetBytes(&bytes); gir = GeoIP_name_by_ipnum(geoip_asn, ntohl(*bytes)); } } @@ -3953,7 +3962,7 @@ function file_mode%(mode: count%): string function expect_connection%(orig: addr, resp: addr, resp_p: port, analyzer: count, tout: interval%) : any %{ - dpm->ExpectConnection(*orig->AsAddr(), *resp->AsAddr(), resp_p->Port(), + dpm->ExpectConnection(orig->AsAddr(), resp->AsAddr(), resp_p->Port(), resp_p->PortType(), (AnalyzerTag::Tag) analyzer, tout, 0); return new Val(1, TYPE_BOOL); %} @@ -4727,7 +4736,7 @@ function pcap_error%(%): string ## .. todo:: The return value should be changed to any. function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool %{ - sessions->GetPacketFilter()->AddSrc(*ip->AsAddr(), tcp_flags, prob); + sessions->GetPacketFilter()->AddSrc(ip->AsAddr(), tcp_flags, prob); return new Val(1, TYPE_BOOL); %} @@ -4779,7 +4788,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## pcap_error function uninstall_src_addr_filter%(ip: addr%) : bool %{ - return new Val(sessions->GetPacketFilter()->RemoveSrc(*ip->AsAddr()), TYPE_BOOL); + return new Val(sessions->GetPacketFilter()->RemoveSrc(ip->AsAddr()), TYPE_BOOL); %} ## Removes a source subnet filter. @@ -4829,7 +4838,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool ## .. todo:: The return value should be changed to any. function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : bool %{ - sessions->GetPacketFilter()->AddDst(*ip->AsAddr(), tcp_flags, prob); + sessions->GetPacketFilter()->AddDst(ip->AsAddr(), tcp_flags, prob); return new Val(1, TYPE_BOOL); %} @@ -4881,7 +4890,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## pcap_error function uninstall_dst_addr_filter%(ip: addr%) : bool %{ - return new Val(sessions->GetPacketFilter()->RemoveDst(*ip->AsAddr()), TYPE_BOOL); + return new Val(sessions->GetPacketFilter()->RemoveDst(ip->AsAddr()), TYPE_BOOL); %} ## Removes a destination subnet filter. @@ -5022,7 +5031,7 @@ function capture_state_updates%(filename: string%) : bool ## send_id function connect%(ip: addr, p: port, our_class: string, retry: interval, ssl: bool%) : count %{ - return new Val(uint32(remote_serializer->Connect(*ip->AsAddr(), p->Port(), + return new Val(uint32(remote_serializer->Connect(ip->AsAddr(), p->Port(), our_class->CheckString(), retry, ssl)), TYPE_COUNT); %} @@ -5137,7 +5146,7 @@ function set_compression_level%(p: event_peer, level: count%) : bool ## .. bro:see:: connect disconnect function listen%(ip: addr, p: port, ssl: bool %) : bool %{ - return new Val(remote_serializer->Listen(*ip->AsAddr(), p->Port(), ssl), TYPE_BOOL); + return new Val(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl), TYPE_BOOL); %} ## Checks whether the last raised event came from a remote peer. @@ -5393,12 +5402,12 @@ function preserve_prefix%(a: addr, width: count%): any AnonymizeIPAddr* ip_anon = ip_anonymizer[PREFIX_PRESERVING_A50]; if ( ip_anon ) { - if ( a->AsAddr()->family() == IPAddr::IPv6 ) + if ( a->AsAddr().Family() == IPAddr::IPv6 ) builtin_error("preserve_prefix() not supported for IPv6 addresses"); else { const uint32* bytes; - a->AsAddr()->GetBytes(&bytes); + a->AsAddr().GetBytes(&bytes); ip_anon->PreservePrefix(*bytes, width); } } @@ -5418,16 +5427,16 @@ function preserve_prefix%(a: addr, width: count%): any ## .. todo:: Currently dysfunctional. function preserve_subnet%(a: subnet%): any %{ - DEBUG_MSG("%s/%d\n", string(a->Prefix()).c_str(), a->Width()); + DEBUG_MSG("%s/%d\n", a->Prefix().AsString().c_str(), a->Width()); AnonymizeIPAddr* ip_anon = ip_anonymizer[PREFIX_PRESERVING_A50]; if ( ip_anon ) { - if ( a->AsSubNet()->Prefix().family() == IPAddr::IPv6 ) + if ( a->AsSubNet()->Prefix().Family() == IPAddr::IPv6 ) builtin_error("preserve_subnet() not supported for IPv6 addresses"); else { const uint32* bytes; - a->AsSubNet()->Prefix().GetBytes(&bytes); + a->AsSubNet().Prefix().GetBytes(&bytes); ip_anon->PreservePrefix(*bytes, a->AsSubNet()->Length()); } } @@ -5458,7 +5467,7 @@ function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr if ( anon_class < 0 || anon_class >= NUM_ADDR_ANONYMIZATION_CLASSES ) builtin_error("anonymize_addr(): invalid ip addr anonymization class"); - if ( a->AsAddr()->family() == IPAddr::IPv6 ) + if ( a->AsAddr().Family() == IPAddr::IPv6 ) { builtin_error("anonymize_addr() not supported for IPv6 addresses"); return 0; @@ -5466,7 +5475,7 @@ function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr else { const uint32* bytes; - a->AsAddr()->GetBytes(&bytes); + a->AsAddr().GetBytes(&bytes); return new AddrVal(anonymize_ip(*bytes, (enum ip_addr_anonymization_class_t) anon_class)); } @@ -5519,7 +5528,7 @@ function generate_idmef%(src_ip: addr, src_port: port, newNode(newAddress( newAttribute("category","ipv4-addr"), newSimpleElement("address", - copy_string(string(*src_ip->AsAddr()).c_str())), + copy_string(src_ip->AsAddr().AsString().c_str())), NULL), NULL), newService( newSimpleElement("port", @@ -5529,7 +5538,7 @@ function generate_idmef%(src_ip: addr, src_port: port, newNode(newAddress( newAttribute("category","ipv4-addr"), newSimpleElement("address", - copy_string(string(*dst_ip->AsAddr()).c_str())), + copy_string(dst_ip->AsAddr().AsString().c_str())), NULL), NULL), newService( newSimpleElement("port",