Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Support any type in bif const declaration.

Browse source 
Revamp of const delcaration in bifs:
* Can only declare are const in the bif, but we cannot assign a value
  or attribute to it. One has to do this in a policy file (bro.init)
* Type specification in bif is now mandatory
* Support any type in bifs (previously only bools were supported).

This will also help with automatic documentation generation, since all
const are now defined in the policy layer and thus can be documented
from there. The bif just gives the C++ layer easy access.
This commit is contained in:
Gregor Maier 2011-02-14 10:10:40 -08:00
parent fe0ae22eef
commit 782f007b5c
4 changed files with 110 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

46
policy/bro.init
View file

@ -1390,3 +1390,49 @@ const trace_output_file = "";
# packets out before we actually process them, which can be helpful # packets out before we actually process them, which can be helpful
# for debugging in case the analysis triggers a crash. # for debugging in case the analysis triggers a crash.
const record_all_packets = F &redef; const record_all_packets = F &redef;
# Some connections (e.g., SSH) retransmit the acknowledged last
# byte to keep the connection alive. If ignore_keep_alive_rexmit
# is set to T, such retransmissions will be excluded in the rexmit
# counter in conn_stats.
const ignore_keep_alive_rexmit = F &redef;
# Skip HTTP data portions for performance considerations (the skipped
# portion will not go through TCP reassembly).
const skip_http_data = F &redef;
# Whether the analysis engine parses IP packets encapsulated in
# UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro.
const parse_udp_tunnels = F &redef;
# Whether a commitment is required before writing the transformed
# trace for a connection into the dump file.
const requires_trace_commitment = F &redef;
# Whether IP address anonymization is enabled.
const anonymize_ip_addr = F &redef;
# Whether to omit place holder packets when rewriting.
const omit_rewrite_place_holder = T &redef;
# Whether trace of various protocols is being rewritten.
const rewriting_http_trace = F &redef;
const rewriting_smtp_trace = F &redef;
const rewriting_ftp_trace = F &redef;
const rewriting_ident_trace = F &redef;
const rewriting_finger_trace = F &redef;
const rewriting_dns_trace = F &redef;
const rewriting_smb_trace = F &redef;
# Whether we dump selected original packets to the output trace.
const dump_selected_source_packets = F &redef;
# If true, we dump original packets to the output trace *if and only if*
# the connection is not rewritten; if false, the policy script can decide
# whether to dump a particular connection by calling dump_packets_of_connection.
#
# NOTE: DO NOT SET THIS TO TRUE WHEN ANONYMIZING A TRACE!
# (TODO: this variable should be disabled when using '-A' option)
const dump_original_packets_if_not_rewriting = F &redef;

1
src/builtin-func.l
View file

@ -37,6 +37,7 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+))
D [[:digit:]]+ D [[:digit:]]+
HEX [0-9a-fA-F]+ HEX [0-9a-fA-F]+
%option nodefault %option nodefault
%% %%

71
src/builtin-func.y
View file

@ -159,6 +159,31 @@ const char* trace_rewriter_name = "trace_rewriter";
#include "bif_arg.h" #include "bif_arg.h"
/* Map bif/bro type names to C types for use in const declaration */
static struct {
const char* bif_type;
const char* bro_type;
const char* c_type;
const char* accessor;
const char* constructor;
} builtin_types[] = {
#define DEFINE_BIF_TYPE(id, bif_type, bro_type, c_type, accessor, constructor) \
{bif_type, bro_type, c_type, accessor, constructor},
#include "bif_type.def"
#undef DEFINE_BIF_TYPE
};
int get_type_index(const char *type_name)
{
for ( int i = 0; builtin_types[i].bif_type[0] != '\0'; ++i )
{
if (strcmp(builtin_types[i].bif_type, type_name) == 0)
return i;
}
return TYPE_OTHER;
}
int var_arg; // whether the number of arguments is variable int var_arg; // whether the number of arguments is variable
std::vector<BuiltinFuncArg*> args; std::vector<BuiltinFuncArg*> args;
@ -422,33 +447,33 @@ enum_list: enum_list TOK_ID opt_ws ',' opt_ws
| /* nothing */ | /* nothing */
; ;
const_def: const_def_1 const_init opt_attr ';'
{
fprintf(fp_bro_init, ";\n");
fprintf(fp_netvar_h, "%s extern int %s; %s\n",
decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str());
fprintf(fp_netvar_def, "%s int %s; %s\n",
decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str());
fprintf(fp_netvar_init, "\t%s = internal_val(\"%s\")->AsBool();\n",
decl.c_fullname.c_str(), decl.bro_fullname.c_str());
}
;
const_def_1: TOK_CONST opt_ws TOK_ID opt_ws const_def: TOK_CONST opt_ws TOK_ID opt_ws ':' opt_ws TOK_ID opt_ws ';'
{ {
set_definition_type(CONST_DEF, 0); set_definition_type(CONST_DEF, 0);
set_decl_name($3); set_decl_name($3);
fprintf(fp_bro_init, "const%s", $2); int typeidx = get_type_index($7);
fprintf(fp_bro_init, "%s: bool%s", decl.bro_name.c_str(), $4); char accessor[1024];
snprintf(accessor, sizeof(accessor), builtin_types[typeidx].accessor, "");
fprintf(fp_netvar_h, "%s extern %s %s; %s\n",
decl.c_namespace_start.c_str(),
builtin_types[typeidx].c_type, decl.bare_name.c_str(),
decl.c_namespace_end.c_str());
fprintf(fp_netvar_def, "%s %s %s; %s\n",
decl.c_namespace_start.c_str(),
builtin_types[typeidx].c_type, decl.bare_name.c_str(),
decl.c_namespace_end.c_str());
fprintf(fp_netvar_init, "\t%s = internal_val(\"%s\")%s;\n",
decl.c_fullname.c_str(), decl.bro_fullname.c_str(),
accessor);
} }
;
opt_const_init: /* nothing */
| const_init
;
/* Currently support only boolean and string values */ /* Currently support only boolean and string values */
const_init: '=' opt_ws TOK_BOOL opt_ws opt_attr_init: '=' opt_ws TOK_BOOL opt_ws
{ {
fprintf(fp_bro_init, "=%s%c%s", $2, ($3) ? 'T' : 'F', $4); fprintf(fp_bro_init, "=%s%c%s", $2, ($3) ? 'T' : 'F', $4);
} }
@ -458,7 +483,7 @@ const_init: '=' opt_ws TOK_BOOL opt_ws
opt_attr: /* nothing */ opt_attr: /* nothing */
| opt_attr TOK_ATTR { fprintf(fp_bro_init, "%s", $2); } | opt_attr TOK_ATTR { fprintf(fp_bro_init, "%s", $2); }
opt_ws opt_const_init opt_ws opt_attr_init
; ;
func_prefix: TOK_FUNCTION func_prefix: TOK_FUNCTION
@ -533,7 +558,7 @@ head_1: TOK_ID opt_ws arg_begin
decl.c_fullname.c_str(), decl.bro_fullname.c_str()); decl.c_fullname.c_str(), decl.bro_fullname.c_str());
fprintf(fp_func_h, fprintf(fp_func_h,
"%sextern Val* %s(Frame* frame, val_list*);\n %s", "%sextern Val* %s(Frame* frame, val_list*);%s\n",
decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str()); decl.c_namespace_start.c_str(), decl.bare_name.c_str(), decl.c_namespace_end.c_str());
fprintf(fp_func_def, fprintf(fp_func_def,

30
src/const.bif
View file

@ -4,37 +4,37 @@
# byte to keep the connection alive. If ignore_keep_alive_rexmit # byte to keep the connection alive. If ignore_keep_alive_rexmit
# is set to T, such retransmissions will be excluded in the rexmit # is set to T, such retransmissions will be excluded in the rexmit
# counter in conn_stats. # counter in conn_stats.
const ignore_keep_alive_rexmit = F &redef; const ignore_keep_alive_rexmit: bool;
# Skip HTTP data portions for performance considerations (the skipped # Skip HTTP data portions for performance considerations (the skipped
# portion will not go through TCP reassembly). # portion will not go through TCP reassembly).
const skip_http_data = F &redef; const skip_http_data: bool;
# Whether the analysis engine parses IP packets encapsulated in # Whether the analysis engine parses IP packets encapsulated in
# UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro. # UDP tunnels. See also: udp_tunnel_port, policy/udp-tunnel.bro.
const parse_udp_tunnels = F &redef; const parse_udp_tunnels: bool;
# Whether a commitment is required before writing the transformed # Whether a commitment is required before writing the transformed
# trace for a connection into the dump file. # trace for a connection into the dump file.
const requires_trace_commitment = F &redef; const requires_trace_commitment: bool;
# Whether IP address anonymization is enabled. # Whether IP address anonymization is enabled.
const anonymize_ip_addr = F &redef; const anonymize_ip_addr: bool;
# Whether to omit place holder packets when rewriting. # Whether to omit place holder packets when rewriting.
const omit_rewrite_place_holder = T &redef; const omit_rewrite_place_holder : bool ;
# Whether trace of various protocols is being rewritten. # Whether trace of various protocols is being rewritten.
const rewriting_http_trace = F &redef; const rewriting_http_trace :bool;
const rewriting_smtp_trace = F &redef; const rewriting_smtp_trace: bool;
const rewriting_ftp_trace = F &redef; const rewriting_ftp_trace: bool;
const rewriting_ident_trace = F &redef; const rewriting_ident_trace: bool;
const rewriting_finger_trace = F &redef; const rewriting_finger_trace: bool;
const rewriting_dns_trace = F &redef; const rewriting_dns_trace: bool;
const rewriting_smb_trace = F &redef; const rewriting_smb_trace: bool;
# Whether we dump selected original packets to the output trace. # Whether we dump selected original packets to the output trace.
const dump_selected_source_packets = F &redef; const dump_selected_source_packets: bool;
# If true, we dump original packets to the output trace *if and only if* # If true, we dump original packets to the output trace *if and only if*
# the connection is not rewritten; if false, the policy script can decide # the connection is not rewritten; if false, the policy script can decide
@ -42,5 +42,5 @@ const dump_selected_source_packets = F &redef;
# #
# NOTE: DO NOT SET THIS TO TRUE WHEN ANONYMIZING A TRACE! # NOTE: DO NOT SET THIS TO TRUE WHEN ANONYMIZING A TRACE!
# (TODO: this variable should be disabled when using '-A' option) # (TODO: this variable should be disabled when using '-A' option)
const dump_original_packets_if_not_rewriting = F &redef; const dump_original_packets_if_not_rewriting: bool;