Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Use zeek::BifEvent:: for enqueue_ functions instead of BifEvent::

Browse source
This commit is contained in:
Jon Siwek 2020-05-14 14:48:18 -07:00
parent ca1e5fe4be
commit 7843416e51
77 changed files with 325 additions and 325 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -128,7 +128,7 @@ Deprecated Functionality
- ``Analyzer::BuildConnVal()`` is deprecated, use ``Analyzer::ConnVal()``. - ``Analyzer::BuildConnVal()`` is deprecated, use ``Analyzer::ConnVal()``.
- ``BifEvent::generate_`` functions are deprecated, use ``BifEvent::enqueue_``. - ``BifEvent::generate_`` functions are deprecated, use ``zeek::BifEvent::enqueue_``.
- ``binpac::bytestring_to_val()`` is deprecated, use ``binpac::to_stringval()``. - ``binpac::bytestring_to_val()`` is deprecated, use ``binpac::to_stringval()``.

2
aux/bifcl

@ -1 +1 @@
Subproject commit 2d56fd7e6d59aab754176b3ec90e71600d22d713 Subproject commit b155d04585c61c8fdd0768e1f2a403b27447bb9d

26
src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac
View file

@ -61,7 +61,7 @@ flow BitTorrent_Flow(is_orig: bool) {
handshake_ok = true; handshake_ok = true;
if ( ::bittorrent_peer_handshake ) if ( ::bittorrent_peer_handshake )
{ {
BifEvent::enqueue_bittorrent_peer_handshake( zeek::BifEvent::enqueue_bittorrent_peer_handshake(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -79,7 +79,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_keep_alive ) if ( ::bittorrent_peer_keep_alive )
{ {
BifEvent::enqueue_bittorrent_peer_keep_alive( zeek::BifEvent::enqueue_bittorrent_peer_keep_alive(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig()); is_orig());
@ -92,7 +92,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_choke ) if ( ::bittorrent_peer_choke )
{ {
BifEvent::enqueue_bittorrent_peer_choke( zeek::BifEvent::enqueue_bittorrent_peer_choke(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig()); is_orig());
@ -105,7 +105,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_unchoke ) if ( ::bittorrent_peer_unchoke )
{ {
BifEvent::enqueue_bittorrent_peer_unchoke( zeek::BifEvent::enqueue_bittorrent_peer_unchoke(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig()); is_orig());
@ -118,7 +118,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_interested ) if ( ::bittorrent_peer_interested )
{ {
BifEvent::enqueue_bittorrent_peer_interested( zeek::BifEvent::enqueue_bittorrent_peer_interested(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig()); is_orig());
@ -131,7 +131,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_not_interested ) if ( ::bittorrent_peer_not_interested )
{ {
BifEvent::enqueue_bittorrent_peer_not_interested( zeek::BifEvent::enqueue_bittorrent_peer_not_interested(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig()); is_orig());
@ -144,7 +144,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_have ) if ( ::bittorrent_peer_have )
{ {
BifEvent::enqueue_bittorrent_peer_have( zeek::BifEvent::enqueue_bittorrent_peer_have(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -158,7 +158,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_bitfield ) if ( ::bittorrent_peer_bitfield )
{ {
BifEvent::enqueue_bittorrent_peer_bitfield( zeek::BifEvent::enqueue_bittorrent_peer_bitfield(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -173,7 +173,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_request ) if ( ::bittorrent_peer_request )
{ {
BifEvent::enqueue_bittorrent_peer_request( zeek::BifEvent::enqueue_bittorrent_peer_request(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -188,7 +188,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_piece ) if ( ::bittorrent_peer_piece )
{ {
BifEvent::enqueue_bittorrent_peer_piece( zeek::BifEvent::enqueue_bittorrent_peer_piece(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -203,7 +203,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_cancel ) if ( ::bittorrent_peer_cancel )
{ {
BifEvent::enqueue_bittorrent_peer_cancel( zeek::BifEvent::enqueue_bittorrent_peer_cancel(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -217,7 +217,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_port ) if ( ::bittorrent_peer_port )
{ {
BifEvent::enqueue_bittorrent_peer_port( zeek::BifEvent::enqueue_bittorrent_peer_port(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -231,7 +231,7 @@ flow BitTorrent_Flow(is_orig: bool) {
%{ %{
if ( ::bittorrent_peer_unknown ) if ( ::bittorrent_peer_unknown )
{ {
BifEvent::enqueue_bittorrent_peer_unknown( zeek::BifEvent::enqueue_bittorrent_peer_unknown(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),

14
src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
View file

@ -37,7 +37,7 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_message ) if ( dce_rpc_message )
{ {
BifEvent::enqueue_dce_rpc_message(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_message(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${header.is_orig}, ${header.is_orig},
fid, fid,
@ -51,7 +51,7 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_bind ) if ( dce_rpc_bind )
{ {
BifEvent::enqueue_dce_rpc_bind(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_bind(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
fid, fid,
${req.id}, ${req.id},
@ -67,7 +67,7 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_alter_context ) if ( dce_rpc_alter_context )
{ {
BifEvent::enqueue_dce_rpc_alter_context(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_alter_context(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
fid, fid,
${req.id}, ${req.id},
@ -92,7 +92,7 @@ refine connection DCE_RPC_Conn += {
else else
sec_addr = make_intrusive<StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin()); sec_addr = make_intrusive<StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin());
BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
fid, fid,
std::move(sec_addr)); std::move(sec_addr));
@ -104,7 +104,7 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_alter_context_resp ) if ( dce_rpc_alter_context_resp )
{ {
BifEvent::enqueue_dce_rpc_alter_context_resp(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_alter_context_resp(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
fid); fid);
} }
@ -115,7 +115,7 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_request ) if ( dce_rpc_request )
{ {
BifEvent::enqueue_dce_rpc_request(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
fid, fid,
${req.context_id}, ${req.context_id},
@ -132,7 +132,7 @@ refine connection DCE_RPC_Conn += {
%{ %{
if ( dce_rpc_response ) if ( dce_rpc_response )
{ {
BifEvent::enqueue_dce_rpc_response(bro_analyzer(), zeek::BifEvent::enqueue_dce_rpc_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
fid, fid,
${resp.context_id}, ${resp.context_id},

2
src/analyzer/protocol/dhcp/dhcp-analyzer.pac
View file

@ -91,7 +91,7 @@ refine flow DHCP_Flow += {
init_options(); init_options();
BifEvent::enqueue_dhcp_message(connection()->bro_analyzer(), zeek::BifEvent::enqueue_dhcp_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.is_orig}, ${msg.is_orig},
std::move(dhcp_msg_val), std::move(dhcp_msg_val),

102
src/analyzer/protocol/dnp3/dnp3-analyzer.pac
View file

@ -29,7 +29,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_header_block ) if ( ::dnp3_header_block )
{ {
BifEvent::enqueue_dnp3_header_block( zeek::BifEvent::enqueue_dnp3_header_block(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), len, ctrl, dest_addr, src_addr); is_orig(), len, ctrl, dest_addr, src_addr);
@ -42,7 +42,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_application_request_header ) if ( ::dnp3_application_request_header )
{ {
BifEvent::enqueue_dnp3_application_request_header( zeek::BifEvent::enqueue_dnp3_application_request_header(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -57,7 +57,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_application_response_header ) if ( ::dnp3_application_response_header )
{ {
BifEvent::enqueue_dnp3_application_response_header( zeek::BifEvent::enqueue_dnp3_application_response_header(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), is_orig(),
@ -73,7 +73,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_object_header ) if ( ::dnp3_object_header )
{ {
BifEvent::enqueue_dnp3_object_header( zeek::BifEvent::enqueue_dnp3_object_header(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), obj_type, qua_field, number, rf_low, rf_high); is_orig(), obj_type, qua_field, number, rf_low, rf_high);
@ -86,7 +86,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_object_prefix ) if ( ::dnp3_object_prefix )
{ {
BifEvent::enqueue_dnp3_object_prefix( zeek::BifEvent::enqueue_dnp3_object_prefix(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), prefix_value); is_orig(), prefix_value);
@ -99,7 +99,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_response_data_object ) if ( ::dnp3_response_data_object )
{ {
BifEvent::enqueue_dnp3_response_data_object( zeek::BifEvent::enqueue_dnp3_response_data_object(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), data_value); is_orig(), data_value);
@ -113,7 +113,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_attribute_common ) if ( ::dnp3_attribute_common )
{ {
BifEvent::enqueue_dnp3_attribute_common( zeek::BifEvent::enqueue_dnp3_attribute_common(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), data_type_code, leng, to_stringval(attribute_obj) ); is_orig(), data_type_code, leng, to_stringval(attribute_obj) );
@ -127,7 +127,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_crob ) if ( ::dnp3_crob )
{ {
BifEvent::enqueue_dnp3_crob( zeek::BifEvent::enqueue_dnp3_crob(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), control_code, count8, on_time, off_time, status_code); is_orig(), control_code, count8, on_time, off_time, status_code);
@ -141,7 +141,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_pcb ) if ( ::dnp3_pcb )
{ {
BifEvent::enqueue_dnp3_pcb( zeek::BifEvent::enqueue_dnp3_pcb(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), control_code, count8, on_time, off_time, status_code); is_orig(), control_code, count8, on_time, off_time, status_code);
@ -155,7 +155,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_counter_32wFlag ) if ( ::dnp3_counter_32wFlag )
{ {
BifEvent::enqueue_dnp3_counter_32wFlag( zeek::BifEvent::enqueue_dnp3_counter_32wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, count_value); is_orig(), flag, count_value);
@ -169,7 +169,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_counter_16wFlag ) if ( ::dnp3_counter_16wFlag )
{ {
BifEvent::enqueue_dnp3_counter_16wFlag( zeek::BifEvent::enqueue_dnp3_counter_16wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, count_value); is_orig(), flag, count_value);
@ -183,7 +183,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_counter_32woFlag ) if ( ::dnp3_counter_32woFlag )
{ {
BifEvent::enqueue_dnp3_counter_32woFlag( zeek::BifEvent::enqueue_dnp3_counter_32woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), count_value); is_orig(), count_value);
@ -197,7 +197,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_counter_16woFlag ) if ( ::dnp3_counter_16woFlag )
{ {
BifEvent::enqueue_dnp3_counter_16woFlag( zeek::BifEvent::enqueue_dnp3_counter_16woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), count_value); is_orig(), count_value);
@ -211,7 +211,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_counter_32wFlag ) if ( ::dnp3_frozen_counter_32wFlag )
{ {
BifEvent::enqueue_dnp3_frozen_counter_32wFlag( zeek::BifEvent::enqueue_dnp3_frozen_counter_32wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, count_value); is_orig(), flag, count_value);
@ -225,7 +225,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_counter_16wFlag ) if ( ::dnp3_frozen_counter_16wFlag )
{ {
BifEvent::enqueue_dnp3_frozen_counter_16wFlag( zeek::BifEvent::enqueue_dnp3_frozen_counter_16wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, count_value); is_orig(), flag, count_value);
@ -239,7 +239,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_counter_32wFlagTime ) if ( ::dnp3_frozen_counter_32wFlagTime )
{ {
BifEvent::enqueue_dnp3_frozen_counter_32wFlagTime( zeek::BifEvent::enqueue_dnp3_frozen_counter_32wFlagTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, count_value, bytestring_to_time(time48)); is_orig(), flag, count_value, bytestring_to_time(time48));
@ -253,7 +253,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_counter_16wFlagTime ) if ( ::dnp3_frozen_counter_16wFlagTime )
{ {
BifEvent::enqueue_dnp3_frozen_counter_16wFlagTime( zeek::BifEvent::enqueue_dnp3_frozen_counter_16wFlagTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, count_value, bytestring_to_time(time48)); is_orig(), flag, count_value, bytestring_to_time(time48));
@ -267,7 +267,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_counter_32woFlag ) if ( ::dnp3_frozen_counter_32woFlag )
{ {
BifEvent::enqueue_dnp3_frozen_counter_32woFlag( zeek::BifEvent::enqueue_dnp3_frozen_counter_32woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), count_value); is_orig(), count_value);
@ -281,7 +281,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_counter_16woFlag ) if ( ::dnp3_frozen_counter_16woFlag )
{ {
BifEvent::enqueue_dnp3_frozen_counter_16woFlag( zeek::BifEvent::enqueue_dnp3_frozen_counter_16woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), count_value); is_orig(), count_value);
@ -295,7 +295,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_32wFlag ) if ( ::dnp3_analog_input_32wFlag )
{ {
BifEvent::enqueue_dnp3_analog_input_32wFlag( zeek::BifEvent::enqueue_dnp3_analog_input_32wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value); is_orig(), flag, value);
@ -309,7 +309,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_16wFlag ) if ( ::dnp3_analog_input_16wFlag )
{ {
BifEvent::enqueue_dnp3_analog_input_16wFlag( zeek::BifEvent::enqueue_dnp3_analog_input_16wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value); is_orig(), flag, value);
@ -323,7 +323,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_32woFlag ) if ( ::dnp3_analog_input_32woFlag )
{ {
BifEvent::enqueue_dnp3_analog_input_32woFlag( zeek::BifEvent::enqueue_dnp3_analog_input_32woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), value); is_orig(), value);
@ -337,7 +337,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_16woFlag ) if ( ::dnp3_analog_input_16woFlag )
{ {
BifEvent::enqueue_dnp3_analog_input_16woFlag( zeek::BifEvent::enqueue_dnp3_analog_input_16woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), value); is_orig(), value);
@ -351,7 +351,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_SPwFlag ) if ( ::dnp3_analog_input_SPwFlag )
{ {
BifEvent::enqueue_dnp3_analog_input_SPwFlag( zeek::BifEvent::enqueue_dnp3_analog_input_SPwFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value); is_orig(), flag, value);
@ -365,7 +365,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_DPwFlag ) if ( ::dnp3_analog_input_DPwFlag )
{ {
BifEvent::enqueue_dnp3_analog_input_DPwFlag( zeek::BifEvent::enqueue_dnp3_analog_input_DPwFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value_low, value_high); is_orig(), flag, value_low, value_high);
@ -379,7 +379,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_32wFlag ) if ( ::dnp3_frozen_analog_input_32wFlag )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_32wFlag( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_32wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value); is_orig(), flag, frozen_value);
@ -393,7 +393,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_16wFlag ) if ( ::dnp3_frozen_analog_input_16wFlag )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_16wFlag( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_16wFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value); is_orig(), flag, frozen_value);
@ -407,7 +407,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_32wTime ) if ( ::dnp3_frozen_analog_input_32wTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_32wTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_32wTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value, bytestring_to_time(time48)); is_orig(), flag, frozen_value, bytestring_to_time(time48));
@ -421,7 +421,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_16wTime ) if ( ::dnp3_frozen_analog_input_16wTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_16wTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_16wTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value, bytestring_to_time(time48)); is_orig(), flag, frozen_value, bytestring_to_time(time48));
@ -435,7 +435,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_32woFlag ) if ( ::dnp3_frozen_analog_input_32woFlag )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_32woFlag( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_32woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), frozen_value); is_orig(), frozen_value);
@ -449,7 +449,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_16woFlag ) if ( ::dnp3_frozen_analog_input_16woFlag )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_16woFlag( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_16woFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), frozen_value); is_orig(), frozen_value);
@ -463,7 +463,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_SPwFlag ) if ( ::dnp3_frozen_analog_input_SPwFlag )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_SPwFlag( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_SPwFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value); is_orig(), flag, frozen_value);
@ -477,7 +477,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_DPwFlag ) if ( ::dnp3_frozen_analog_input_DPwFlag )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_DPwFlag( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_DPwFlag(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value_low, frozen_value_high); is_orig(), flag, frozen_value_low, frozen_value_high);
@ -491,7 +491,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_32woTime ) if ( ::dnp3_analog_input_event_32woTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_32woTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_32woTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value); is_orig(), flag, value);
@ -505,7 +505,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_16woTime ) if ( ::dnp3_analog_input_event_16woTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_16woTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_16woTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value); is_orig(), flag, value);
@ -519,7 +519,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_32wTime ) if ( ::dnp3_analog_input_event_32wTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_32wTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_32wTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value, bytestring_to_time(time48)); is_orig(), flag, value, bytestring_to_time(time48));
@ -533,7 +533,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_16wTime ) if ( ::dnp3_analog_input_event_16wTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_16wTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_16wTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value, bytestring_to_time(time48)); is_orig(), flag, value, bytestring_to_time(time48));
@ -547,7 +547,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_SPwoTime ) if ( ::dnp3_analog_input_event_SPwoTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_SPwoTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_SPwoTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value); is_orig(), flag, value);
@ -561,7 +561,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_DPwoTime ) if ( ::dnp3_analog_input_event_DPwoTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_DPwoTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_DPwoTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value_low, value_high); is_orig(), flag, value_low, value_high);
@ -575,7 +575,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_SPwTime ) if ( ::dnp3_analog_input_event_SPwTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_SPwTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_SPwTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value, bytestring_to_time(time48)); is_orig(), flag, value, bytestring_to_time(time48));
@ -589,7 +589,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_analog_input_event_DPwTime ) if ( ::dnp3_analog_input_event_DPwTime )
{ {
BifEvent::enqueue_dnp3_analog_input_event_DPwTime( zeek::BifEvent::enqueue_dnp3_analog_input_event_DPwTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, value_low, value_high, bytestring_to_time(time48)); is_orig(), flag, value_low, value_high, bytestring_to_time(time48));
@ -603,7 +603,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_32woTime ) if ( ::dnp3_frozen_analog_input_event_32woTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_32woTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_32woTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value); is_orig(), flag, frozen_value);
@ -617,7 +617,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_16woTime ) if ( ::dnp3_frozen_analog_input_event_16woTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_16woTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_16woTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value); is_orig(), flag, frozen_value);
@ -631,7 +631,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_32wTime ) if ( ::dnp3_frozen_analog_input_event_32wTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_32wTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_32wTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value, bytestring_to_time(time48)); is_orig(), flag, frozen_value, bytestring_to_time(time48));
@ -645,7 +645,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_16wTime ) if ( ::dnp3_frozen_analog_input_event_16wTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_16wTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_16wTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value, bytestring_to_time(time48)); is_orig(), flag, frozen_value, bytestring_to_time(time48));
@ -659,7 +659,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_SPwoTime ) if ( ::dnp3_frozen_analog_input_event_SPwoTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwoTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwoTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value); is_orig(), flag, frozen_value);
@ -673,7 +673,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_DPwoTime ) if ( ::dnp3_frozen_analog_input_event_DPwoTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwoTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwoTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value_low, frozen_value_high); is_orig(), flag, frozen_value_low, frozen_value_high);
@ -687,7 +687,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_SPwTime ) if ( ::dnp3_frozen_analog_input_event_SPwTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value, bytestring_to_time(time48)); is_orig(), flag, frozen_value, bytestring_to_time(time48));
@ -701,7 +701,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_frozen_analog_input_event_DPwTime ) if ( ::dnp3_frozen_analog_input_event_DPwTime )
{ {
BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwTime( zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwTime(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), flag, frozen_value_low, frozen_value_high, bytestring_to_time(time48)); is_orig(), flag, frozen_value_low, frozen_value_high, bytestring_to_time(time48));
@ -715,7 +715,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_file_transport ) if ( ::dnp3_file_transport )
{ {
BifEvent::enqueue_dnp3_file_transport( zeek::BifEvent::enqueue_dnp3_file_transport(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), file_handle, block_num, to_stringval(file_data)); is_orig(), file_handle, block_num, to_stringval(file_data));
@ -729,7 +729,7 @@ flow DNP3_Flow(is_orig: bool) {
%{ %{
if ( ::dnp3_debug_byte ) if ( ::dnp3_debug_byte )
{ {
BifEvent::enqueue_dnp3_debug_byte ( zeek::BifEvent::enqueue_dnp3_debug_byte (
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), to_stringval(debug)); is_orig(), to_stringval(debug));

2
src/analyzer/protocol/gssapi/gssapi-analyzer.pac
View file

@ -61,7 +61,7 @@ refine connection GSSAPI_Conn += {
%{ %{
if ( gssapi_neg_result ) if ( gssapi_neg_result )
{ {
BifEvent::enqueue_gssapi_neg_result(bro_analyzer(), zeek::BifEvent::enqueue_gssapi_neg_result(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
binary_to_int64(${val.neg_state.encoding.content})); binary_to_int64(${val.neg_state.encoding.content}));
} }

16
src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -328,7 +328,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
} }
} }
BifEvent::enqueue_gtpv1_create_pdp_ctx_request(a, a->Conn(), zeek::BifEvent::enqueue_gtpv1_create_pdp_ctx_request(a, a->Conn(),
BuildGTPv1Hdr(pdu), std::move(rv)); BuildGTPv1Hdr(pdu), std::move(rv));
} }
@ -397,7 +397,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
} }
} }
BifEvent::enqueue_gtpv1_create_pdp_ctx_response(a, a->Conn(), zeek::BifEvent::enqueue_gtpv1_create_pdp_ctx_response(a, a->Conn(),
BuildGTPv1Hdr(pdu), std::move(rv)); BuildGTPv1Hdr(pdu), std::move(rv));
} }
@ -475,7 +475,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
} }
} }
BifEvent::enqueue_gtpv1_update_pdp_ctx_request(a, a->Conn(), zeek::BifEvent::enqueue_gtpv1_update_pdp_ctx_request(a, a->Conn(),
BuildGTPv1Hdr(pdu), std::move(rv)); BuildGTPv1Hdr(pdu), std::move(rv));
} }
@ -535,7 +535,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
} }
} }
BifEvent::enqueue_gtpv1_update_pdp_ctx_response(a, a->Conn(), zeek::BifEvent::enqueue_gtpv1_update_pdp_ctx_response(a, a->Conn(),
BuildGTPv1Hdr(pdu), std::move(rv)); BuildGTPv1Hdr(pdu), std::move(rv));
} }
@ -569,7 +569,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
} }
} }
BifEvent::enqueue_gtpv1_delete_pdp_ctx_request(a, a->Conn(), zeek::BifEvent::enqueue_gtpv1_delete_pdp_ctx_request(a, a->Conn(),
BuildGTPv1Hdr(pdu), std::move(rv)); BuildGTPv1Hdr(pdu), std::move(rv));
} }
@ -600,7 +600,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
} }
} }
BifEvent::enqueue_gtpv1_delete_pdp_ctx_response(a, a->Conn(), zeek::BifEvent::enqueue_gtpv1_delete_pdp_ctx_response(a, a->Conn(),
BuildGTPv1Hdr(pdu), std::move(rv)); BuildGTPv1Hdr(pdu), std::move(rv));
} }
%} %}
@ -679,7 +679,7 @@ flow GTPv1_Flow(is_orig: bool)
} }
if ( ::gtpv1_message ) if ( ::gtpv1_message )
BifEvent::enqueue_gtpv1_message(a, c, BuildGTPv1Hdr(pdu)); zeek::BifEvent::enqueue_gtpv1_message(a, c, BuildGTPv1Hdr(pdu));
switch ( ${pdu.msg_type} ) { switch ( ${pdu.msg_type} ) {
case 16: case 16:
@ -759,7 +759,7 @@ flow GTPv1_Flow(is_orig: bool)
} }
if ( ::gtpv1_g_pdu_packet ) if ( ::gtpv1_g_pdu_packet )
BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu), zeek::BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu),
inner->ToPktHdrVal()); inner->ToPktHdrVal());
EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1); EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);

4
src/analyzer/protocol/imap/imap-analyzer.pac
View file

@ -45,7 +45,7 @@ refine connection IMAP_Conn += {
bro_analyzer()->StartTLS(); bro_analyzer()->StartTLS();
if ( imap_starttls ) if ( imap_starttls )
BifEvent::enqueue_imap_starttls(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_imap_starttls(bro_analyzer(), bro_analyzer()->Conn());
} }
else else
reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS"); reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS");
@ -67,7 +67,7 @@ refine connection IMAP_Conn += {
capv->Assign(i, make_intrusive<StringVal>(capability.length(), (const char*)capability.data())); capv->Assign(i, make_intrusive<StringVal>(capability.length(), (const char*)capability.data()));
} }
BifEvent::enqueue_imap_capabilities(bro_analyzer(), bro_analyzer()->Conn(), std::move(capv)); zeek::BifEvent::enqueue_imap_capabilities(bro_analyzer(), bro_analyzer()->Conn(), std::move(capv));
return true; return true;
%} %}

20
src/analyzer/protocol/krb/krb-analyzer.pac
View file

@ -180,7 +180,7 @@ refine connection KRB_Conn += {
return false; return false;
RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer()); RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv}); zeek::BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
return true; return true;
} }
@ -190,7 +190,7 @@ refine connection KRB_Conn += {
return false; return false;
RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer()); RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv}); zeek::BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
return true; return true;
} }
@ -223,7 +223,7 @@ refine connection KRB_Conn += {
if ( ! krb_as_response ) if ( ! krb_as_response )
return false; return false;
BifEvent::enqueue_krb_as_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg()); zeek::BifEvent::enqueue_krb_as_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg());
return true; return true;
} }
@ -232,7 +232,7 @@ refine connection KRB_Conn += {
if ( ! krb_tgs_response ) if ( ! krb_tgs_response )
return false; return false;
BifEvent::enqueue_krb_tgs_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg()); zeek::BifEvent::enqueue_krb_tgs_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg());
return true; return true;
} }
@ -248,7 +248,7 @@ refine connection KRB_Conn += {
proc_error_arguments(rv.get(), ${msg.args1}, 0); proc_error_arguments(rv.get(), ${msg.args1}, 0);
rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT)); rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT));
proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content})); proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content}));
BifEvent::enqueue_krb_error(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv)); zeek::BifEvent::enqueue_krb_error(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv));
} }
return true; return true;
%} %}
@ -268,7 +268,7 @@ refine connection KRB_Conn += {
if ( authenticationinfo ) if ( authenticationinfo )
rvticket->Assign(5, authenticationinfo); rvticket->Assign(5, authenticationinfo);
BifEvent::enqueue_krb_ap_request(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_krb_ap_request(bro_analyzer(), bro_analyzer()->Conn(),
std::move(rvticket), std::move(rv)); std::move(rvticket), std::move(rv));
} }
return true; return true;
@ -279,7 +279,7 @@ refine connection KRB_Conn += {
bro_analyzer()->ProtocolConfirmation(); bro_analyzer()->ProtocolConfirmation();
if ( krb_ap_response ) if ( krb_ap_response )
{ {
BifEvent::enqueue_krb_ap_response(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_krb_ap_response(bro_analyzer(), bro_analyzer()->Conn());
} }
return true; return true;
%} %}
@ -337,7 +337,7 @@ refine connection KRB_Conn += {
break; break;
} }
} }
BifEvent::enqueue_krb_safe(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}, std::move(rv)); zeek::BifEvent::enqueue_krb_safe(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}, std::move(rv));
} }
return true; return true;
%} %}
@ -347,7 +347,7 @@ refine connection KRB_Conn += {
bro_analyzer()->ProtocolConfirmation(); bro_analyzer()->ProtocolConfirmation();
if ( krb_priv ) if ( krb_priv )
{ {
BifEvent::enqueue_krb_priv(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}); zeek::BifEvent::enqueue_krb_priv(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig});
} }
return true; return true;
%} %}
@ -357,7 +357,7 @@ refine connection KRB_Conn += {
bro_analyzer()->ProtocolConfirmation(); bro_analyzer()->ProtocolConfirmation();
if ( krb_cred ) if ( krb_cred )
{ {
BifEvent::enqueue_krb_cred(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}, zeek::BifEvent::enqueue_krb_cred(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig},
proc_tickets(${msg.tickets})); proc_tickets(${msg.tickets}));
} }
return true; return true;

56
src/analyzer/protocol/modbus/modbus-analyzer.pac
View file

@ -88,7 +88,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_message ) if ( ::modbus_message )
{ {
BifEvent::enqueue_modbus_message(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
is_orig()); is_orig());
@ -117,7 +117,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_exception ) if ( ::modbus_exception )
{ {
BifEvent::enqueue_modbus_exception(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_exception(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.code}); ${message.code});
@ -131,7 +131,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_coils_request ) if ( ::modbus_read_coils_request )
{ {
BifEvent::enqueue_modbus_read_coils_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_coils_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.start_address},
@ -146,7 +146,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_coils_response ) if ( ::modbus_read_coils_response )
{ {
BifEvent::enqueue_modbus_read_coils_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_coils_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
bytestring_to_coils(${message.bits}, ${message.bits}.length()*8)); bytestring_to_coils(${message.bits}, ${message.bits}.length()*8));
@ -159,7 +159,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_discrete_inputs_request ) if ( ::modbus_read_discrete_inputs_request )
{ {
BifEvent::enqueue_modbus_read_discrete_inputs_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_discrete_inputs_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.quantity}); ${message.start_address}, ${message.quantity});
@ -173,7 +173,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_discrete_inputs_response ) if ( ::modbus_read_discrete_inputs_response )
{ {
BifEvent::enqueue_modbus_read_discrete_inputs_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_discrete_inputs_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
bytestring_to_coils(${message.bits}, ${message.bits}.length()*8)); bytestring_to_coils(${message.bits}, ${message.bits}.length()*8));
@ -188,7 +188,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_holding_registers_request ) if ( ::modbus_read_holding_registers_request )
{ {
BifEvent::enqueue_modbus_read_holding_registers_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_holding_registers_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.quantity}); ${message.start_address}, ${message.quantity});
@ -217,7 +217,7 @@ refine flow ModbusTCP_Flow += {
t->Assign(i, r); t->Assign(i, r);
} }
BifEvent::enqueue_modbus_read_holding_registers_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_holding_registers_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
std::move(t)); std::move(t));
@ -232,7 +232,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_input_registers_request ) if ( ::modbus_read_input_registers_request )
{ {
BifEvent::enqueue_modbus_read_input_registers_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_input_registers_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.quantity}); ${message.start_address}, ${message.quantity});
@ -261,7 +261,7 @@ refine flow ModbusTCP_Flow += {
t->Assign(i, r); t->Assign(i, r);
} }
BifEvent::enqueue_modbus_read_input_registers_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_input_registers_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
std::move(t)); std::move(t));
@ -288,7 +288,7 @@ refine flow ModbusTCP_Flow += {
return false; return false;
} }
BifEvent::enqueue_modbus_write_single_coil_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_single_coil_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.address}, ${message.address},
@ -315,7 +315,7 @@ refine flow ModbusTCP_Flow += {
return false; return false;
} }
BifEvent::enqueue_modbus_write_single_coil_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_single_coil_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.address}, ${message.address},
@ -331,7 +331,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_write_single_register_request ) if ( ::modbus_write_single_register_request )
{ {
BifEvent::enqueue_modbus_write_single_register_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_single_register_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.address}, ${message.value}); ${message.address}, ${message.value});
@ -345,7 +345,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_write_single_register_response ) if ( ::modbus_write_single_register_response )
{ {
BifEvent::enqueue_modbus_write_single_register_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_single_register_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.address}, ${message.value}); ${message.address}, ${message.value});
@ -360,7 +360,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_write_multiple_coils_request ) if ( ::modbus_write_multiple_coils_request )
{ {
BifEvent::enqueue_modbus_write_multiple_coils_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_multiple_coils_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.start_address},
@ -375,7 +375,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_write_multiple_coils_response ) if ( ::modbus_write_multiple_coils_response )
{ {
BifEvent::enqueue_modbus_write_multiple_coils_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_multiple_coils_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.quantity}); ${message.start_address}, ${message.quantity});
@ -405,7 +405,7 @@ refine flow ModbusTCP_Flow += {
t->Assign(i, r); t->Assign(i, r);
} }
BifEvent::enqueue_modbus_write_multiple_registers_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_multiple_registers_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, std::move(t)); ${message.start_address}, std::move(t));
@ -419,7 +419,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_write_multiple_registers_response ) if ( ::modbus_write_multiple_registers_response )
{ {
BifEvent::enqueue_modbus_write_multiple_registers_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_multiple_registers_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}, ${message.quantity}); ${message.start_address}, ${message.quantity});
@ -447,7 +447,7 @@ refine flow ModbusTCP_Flow += {
// t->Assign(i, l); // t->Assign(i, l);
// } // }
BifEvent::enqueue_modbus_read_file_record_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_file_record_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header)); HeaderToVal(header));
} }
@ -468,7 +468,7 @@ refine flow ModbusTCP_Flow += {
// t->Assign(i, r); // t->Assign(i, r);
// } // }
BifEvent::enqueue_modbus_read_file_record_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_file_record_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header)); HeaderToVal(header));
} }
@ -500,7 +500,7 @@ refine flow ModbusTCP_Flow += {
// } // }
// } // }
BifEvent::enqueue_modbus_write_file_record_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_file_record_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header)); HeaderToVal(header));
} }
@ -532,7 +532,7 @@ refine flow ModbusTCP_Flow += {
// t->Assign(i, k); // t->Assign(i, k);
// } // }
BifEvent::enqueue_modbus_write_file_record_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_write_file_record_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header)); HeaderToVal(header));
} }
@ -545,7 +545,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_mask_write_register_request ) if ( ::modbus_mask_write_register_request )
{ {
BifEvent::enqueue_modbus_mask_write_register_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_mask_write_register_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.address}, ${message.address},
@ -560,7 +560,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_mask_write_register_response ) if ( ::modbus_mask_write_register_response )
{ {
BifEvent::enqueue_modbus_mask_write_register_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_mask_write_register_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.address}, ${message.address},
@ -590,7 +590,7 @@ refine flow ModbusTCP_Flow += {
t->Assign(i, r); t->Assign(i, r);
} }
BifEvent::enqueue_modbus_read_write_multiple_registers_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_write_multiple_registers_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.read_start_address}, ${message.read_start_address},
@ -622,7 +622,7 @@ refine flow ModbusTCP_Flow += {
t->Assign(i, r); t->Assign(i, r);
} }
BifEvent::enqueue_modbus_read_write_multiple_registers_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_write_multiple_registers_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
std::move(t)); std::move(t));
@ -636,7 +636,7 @@ refine flow ModbusTCP_Flow += {
%{ %{
if ( ::modbus_read_fifo_queue_request ) if ( ::modbus_read_fifo_queue_request )
{ {
BifEvent::enqueue_modbus_read_fifo_queue_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_fifo_queue_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
${message.start_address}); ${message.start_address});
@ -666,7 +666,7 @@ refine flow ModbusTCP_Flow += {
t->Assign(i, r); t->Assign(i, r);
} }
BifEvent::enqueue_modbus_read_fifo_queue_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_modbus_read_fifo_queue_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
HeaderToVal(header), HeaderToVal(header),
std::move(t)); std::move(t));

2
src/analyzer/protocol/mqtt/commands/connack.pac
View file

@ -18,7 +18,7 @@ refine flow MQTT_Flow += {
auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg); auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
m->Assign(0, val_mgr->Count(${msg.return_code})); m->Assign(0, val_mgr->Count(${msg.return_code}));
m->Assign(1, val_mgr->Bool(${msg.session_present})); m->Assign(1, val_mgr->Bool(${msg.session_present}));
BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(m)); std::move(m));
} }

2
src/analyzer/protocol/mqtt/commands/connect.pac
View file

@ -75,7 +75,7 @@ refine flow MQTT_Flow += {
reinterpret_cast<const char*>(${msg.pass.str}.begin()))); reinterpret_cast<const char*>(${msg.pass.str}.begin())));
} }
BifEvent::enqueue_mqtt_connect(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_connect(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(m)); std::move(m));
} }

2
src/analyzer/protocol/mqtt/commands/disconnect.pac
View file

@ -11,7 +11,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_disconnect ) if ( mqtt_disconnect )
{ {
BifEvent::enqueue_mqtt_disconnect(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_disconnect(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn()); connection()->bro_analyzer()->Conn());
} }

2
src/analyzer/protocol/mqtt/commands/pingreq.pac
View file

@ -11,7 +11,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_pingreq ) if ( mqtt_pingreq )
{ {
BifEvent::enqueue_mqtt_pingreq(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_pingreq(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn()); connection()->bro_analyzer()->Conn());
} }

2
src/analyzer/protocol/mqtt/commands/pingresp.pac
View file

@ -11,7 +11,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_pingresp ) if ( mqtt_pingresp )
{ {
BifEvent::enqueue_mqtt_pingresp(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_pingresp(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn()); connection()->bro_analyzer()->Conn());
} }

2
src/analyzer/protocol/mqtt/commands/puback.pac
View file

@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_puback ) if ( mqtt_puback )
{ {
BifEvent::enqueue_mqtt_puback(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_puback(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig, is_orig,
${msg.msg_id}); ${msg.msg_id});

2
src/analyzer/protocol/mqtt/commands/pubcomp.pac
View file

@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_pubcomp ) if ( mqtt_pubcomp )
{ {
BifEvent::enqueue_mqtt_pubcomp(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_pubcomp(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig, is_orig,
${msg.msg_id}); ${msg.msg_id});

2
src/analyzer/protocol/mqtt/commands/publish.pac
View file

@ -42,7 +42,7 @@ refine flow MQTT_Flow += {
m->Assign(5, val_mgr->Count(${msg.payload}.length())); m->Assign(5, val_mgr->Count(${msg.payload}.length()));
BifEvent::enqueue_mqtt_publish(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_publish(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${pdu.is_orig}, ${pdu.is_orig},
${msg.qos} == 0 ? 0 : ${msg.msg_id}, ${msg.qos} == 0 ? 0 : ${msg.msg_id},

2
src/analyzer/protocol/mqtt/commands/pubrec.pac
View file

@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_pubrec ) if ( mqtt_pubrec )
{ {
BifEvent::enqueue_mqtt_pubrec(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_pubrec(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig, is_orig,
${msg.msg_id}); ${msg.msg_id});

2
src/analyzer/protocol/mqtt/commands/pubrel.pac
View file

@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_pubrel ) if ( mqtt_pubrel )
{ {
BifEvent::enqueue_mqtt_pubrel(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_pubrel(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig, is_orig,
${msg.msg_id}); ${msg.msg_id});

2
src/analyzer/protocol/mqtt/commands/suback.pac
View file

@ -14,7 +14,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_suback ) if ( mqtt_suback )
{ {
BifEvent::enqueue_mqtt_suback(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_suback(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.msg_id}, ${msg.msg_id},
${msg.granted_QoS}); ${msg.granted_QoS});

2
src/analyzer/protocol/mqtt/commands/subscribe.pac
View file

@ -31,7 +31,7 @@ refine flow MQTT_Flow += {
qos_levels->Assign(qos_levels->Size(), qos); qos_levels->Assign(qos_levels->Size(), qos);
} }
BifEvent::enqueue_mqtt_subscribe(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_subscribe(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.msg_id}, ${msg.msg_id},
std::move(topics), std::move(topics),

2
src/analyzer/protocol/mqtt/commands/unsuback.pac
View file

@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
%{ %{
if ( mqtt_unsuback ) if ( mqtt_unsuback )
{ {
BifEvent::enqueue_mqtt_unsuback(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_unsuback(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.msg_id}); ${msg.msg_id});
} }

2
src/analyzer/protocol/mqtt/commands/unsubscribe.pac
View file

@ -23,7 +23,7 @@ refine flow MQTT_Flow += {
topics->Assign(topics->Size(), unsubscribe_topic); topics->Assign(topics->Size(), unsubscribe_topic);
} }
BifEvent::enqueue_mqtt_unsubscribe(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mqtt_unsubscribe(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.msg_id}, ${msg.msg_id},
std::move(topics)); std::move(topics));

18
src/analyzer/protocol/mysql/mysql-analyzer.pac
View file

@ -6,11 +6,11 @@ refine flow MySQL_Flow += {
if ( mysql_server_version ) if ( mysql_server_version )
{ {
if ( ${msg.version} == 10 ) if ( ${msg.version} == 10 )
BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
make_intrusive<StringVal>(c_str(${msg.handshake10.server_version}))); make_intrusive<StringVal>(c_str(${msg.handshake10.server_version})));
if ( ${msg.version} == 9 ) if ( ${msg.version} == 9 )
BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
make_intrusive<StringVal>(c_str(${msg.handshake9.server_version}))); make_intrusive<StringVal>(c_str(${msg.handshake9.server_version})));
} }
@ -25,11 +25,11 @@ refine flow MySQL_Flow += {
if ( mysql_handshake ) if ( mysql_handshake )
{ {
if ( ${msg.version} == 10 ) if ( ${msg.version} == 10 )
BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
make_intrusive<StringVal>(c_str(${msg.v10_response.username}))); make_intrusive<StringVal>(c_str(${msg.v10_response.username})));
if ( ${msg.version} == 9 ) if ( ${msg.version} == 9 )
BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
make_intrusive<StringVal>(c_str(${msg.v9_response.username}))); make_intrusive<StringVal>(c_str(${msg.v9_response.username})));
} }
@ -39,7 +39,7 @@ refine flow MySQL_Flow += {
function proc_mysql_command_request_packet(msg: Command_Request_Packet): bool function proc_mysql_command_request_packet(msg: Command_Request_Packet): bool
%{ %{
if ( mysql_command_request ) if ( mysql_command_request )
BifEvent::enqueue_mysql_command_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_command_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.command}, ${msg.command},
to_stringval(${msg.arg})); to_stringval(${msg.arg}));
@ -49,7 +49,7 @@ refine flow MySQL_Flow += {
function proc_err_packet(msg: ERR_Packet): bool function proc_err_packet(msg: ERR_Packet): bool
%{ %{
if ( mysql_error ) if ( mysql_error )
BifEvent::enqueue_mysql_error(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_error(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.code}, ${msg.code},
to_stringval(${msg.msg})); to_stringval(${msg.msg}));
@ -59,7 +59,7 @@ refine flow MySQL_Flow += {
function proc_ok_packet(msg: OK_Packet): bool function proc_ok_packet(msg: OK_Packet): bool
%{ %{
if ( mysql_ok ) if ( mysql_ok )
BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.rows}); ${msg.rows});
return true; return true;
@ -71,7 +71,7 @@ refine flow MySQL_Flow += {
{ {
// This is a bit fake... // This is a bit fake...
if ( mysql_ok ) if ( mysql_ok )
BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
0); 0);
} }
@ -98,7 +98,7 @@ refine flow MySQL_Flow += {
vv->Assign(vv->Size(), make_intrusive<StringVal>(bstring.length(), ptr)); vv->Assign(vv->Size(), make_intrusive<StringVal>(bstring.length(), ptr));
} }
BifEvent::enqueue_mysql_result_row(connection()->bro_analyzer(), zeek::BifEvent::enqueue_mysql_result_row(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(vv)); std::move(vv));

6
src/analyzer/protocol/ntlm/ntlm-analyzer.pac
View file

@ -122,7 +122,7 @@ refine connection NTLM_Conn += {
if ( ${val}->has_version() ) if ( ${val}->has_version() )
result->Assign(3, build_version_record(${val.version})); result->Assign(3, build_version_record(${val.version}));
BifEvent::enqueue_ntlm_negotiate(bro_analyzer(), zeek::BifEvent::enqueue_ntlm_negotiate(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
std::move(result)); std::move(result));
@ -146,7 +146,7 @@ refine connection NTLM_Conn += {
if ( ${val}->has_target_info() ) if ( ${val}->has_target_info() )
result->Assign(3, build_av_record(${val.target_info}, ${val.target_info_fields.length})); result->Assign(3, build_av_record(${val.target_info}, ${val.target_info_fields.length}));
BifEvent::enqueue_ntlm_challenge(bro_analyzer(), zeek::BifEvent::enqueue_ntlm_challenge(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
std::move(result)); std::move(result));
@ -176,7 +176,7 @@ refine connection NTLM_Conn += {
if ( ${val}->has_version() ) if ( ${val}->has_version() )
result->Assign(5, build_version_record(${val.version})); result->Assign(5, build_version_record(${val.version}));
BifEvent::enqueue_ntlm_authenticate(bro_analyzer(), zeek::BifEvent::enqueue_ntlm_authenticate(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
std::move(result)); std::move(result));
return true; return true;

2
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -147,7 +147,7 @@ refine flow NTP_Flow += {
else if ( ${msg.mode} == 7 ) else if ( ${msg.mode} == 7 )
rv->Assign(4, BuildNTPMode7Msg(${msg.mode7})); rv->Assign(4, BuildNTPMode7Msg(${msg.mode7}));
BifEvent::enqueue_ntp_message(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ntp_message(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig(), std::move(rv)); is_orig(), std::move(rv));
return true; return true;

4
src/analyzer/protocol/radius/radius-analyzer.pac
View file

@ -41,7 +41,7 @@ refine flow RADIUS_Flow += {
result->Assign(3, attributes); result->Assign(3, attributes);
} }
BifEvent::enqueue_radius_message(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), std::move(result)); zeek::BifEvent::enqueue_radius_message(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), std::move(result));
return true; return true;
%} %}
@ -50,7 +50,7 @@ refine flow RADIUS_Flow += {
if ( ! radius_attribute ) if ( ! radius_attribute )
return false; return false;
BifEvent::enqueue_radius_attribute(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), zeek::BifEvent::enqueue_radius_attribute(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
${attr.code}, to_stringval(${attr.value})); ${attr.code}, to_stringval(${attr.value}));
return true; return true;
%} %}

2
src/analyzer/protocol/rdp/RDP.cc
View file

@ -75,7 +75,7 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
else else
{ {
if ( rdp_native_encrypted_data ) if ( rdp_native_encrypted_data )
BifEvent::enqueue_rdp_native_encrypted_data( zeek::BifEvent::enqueue_rdp_native_encrypted_data(
interp->bro_analyzer(), interp->bro_analyzer()->Conn(), interp->bro_analyzer(), interp->bro_analyzer()->Conn(),
orig, len); orig, len);
} }

20
src/analyzer/protocol/rdp/rdp-analyzer.pac
View file

@ -9,7 +9,7 @@ refine flow RDP_Flow += {
%{ %{
if ( rdp_connect_request ) if ( rdp_connect_request )
{ {
BifEvent::enqueue_rdp_connect_request(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_connect_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(${cr.cookie_value})); to_stringval(${cr.cookie_value}));
} }
@ -21,7 +21,7 @@ refine flow RDP_Flow += {
%{ %{
if ( rdp_negotiation_response ) if ( rdp_negotiation_response )
{ {
BifEvent::enqueue_rdp_negotiation_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_negotiation_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${nr.selected_protocol}); ${nr.selected_protocol});
} }
@ -33,7 +33,7 @@ refine flow RDP_Flow += {
%{ %{
if ( rdp_negotiation_failure ) if ( rdp_negotiation_failure )
{ {
BifEvent::enqueue_rdp_negotiation_failure(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_negotiation_failure(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${nf.failure_code}); ${nf.failure_code});
} }
@ -47,7 +47,7 @@ refine flow RDP_Flow += {
connection()->bro_analyzer()->ProtocolConfirmation(); connection()->bro_analyzer()->ProtocolConfirmation();
if ( rdp_gcc_server_create_response ) if ( rdp_gcc_server_create_response )
BifEvent::enqueue_rdp_gcc_server_create_response(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_gcc_server_create_response(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${gcc_response.result}); ${gcc_response.result});
@ -94,7 +94,7 @@ refine flow RDP_Flow += {
ccd->Assign(18, std::move(ec_flags)); ccd->Assign(18, std::move(ec_flags));
ccd->Assign(19, utf16_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.dig_product_id})); ccd->Assign(19, utf16_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.dig_product_id}));
BifEvent::enqueue_rdp_client_core_data(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_client_core_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(ccd)); std::move(ccd));
} }
@ -111,7 +111,7 @@ refine flow RDP_Flow += {
csd->Assign(0, val_mgr->Count(${csec.encryption_methods})); csd->Assign(0, val_mgr->Count(${csec.encryption_methods}));
csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods})); csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods}));
BifEvent::enqueue_rdp_client_security_data(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_client_security_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(csd)); std::move(csd));
return true; return true;
@ -148,7 +148,7 @@ refine flow RDP_Flow += {
channels->Assign(channels->Size(), std::move(channel_def)); channels->Assign(channels->Size(), std::move(channel_def));
} }
BifEvent::enqueue_rdp_client_network_data(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_client_network_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(channels)); std::move(channels));
} }
@ -169,7 +169,7 @@ refine flow RDP_Flow += {
ccld->Assign(4, val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID})); ccld->Assign(4, val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}));
ccld->Assign(5, val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD})); ccld->Assign(5, val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD}));
BifEvent::enqueue_rdp_client_cluster_data(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
std::move(ccld)); std::move(ccld));
return true; return true;
@ -180,7 +180,7 @@ refine flow RDP_Flow += {
connection()->bro_analyzer()->ProtocolConfirmation(); connection()->bro_analyzer()->ProtocolConfirmation();
if ( rdp_server_security ) if ( rdp_server_security )
BifEvent::enqueue_rdp_server_security(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_server_security(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${ssd.encryption_method}, ${ssd.encryption_method},
${ssd.encryption_level}); ${ssd.encryption_level});
@ -192,7 +192,7 @@ refine flow RDP_Flow += {
%{ %{
if ( rdp_server_certificate ) if ( rdp_server_certificate )
{ {
BifEvent::enqueue_rdp_server_certificate(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rdp_server_certificate(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${cert.cert_type}, ${cert.cert_type},
${cert.permanently_issued}); ${cert.permanently_issued});

2
src/analyzer/protocol/rdp/rdp-protocol.pac
View file

@ -383,7 +383,7 @@ refine connection RDP_Conn += {
if ( rdp_begin_encryption ) if ( rdp_begin_encryption )
{ {
BifEvent::enqueue_rdp_begin_encryption(bro_analyzer(), zeek::BifEvent::enqueue_rdp_begin_encryption(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${method}); ${method});
} }

12
src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
View file

@ -45,7 +45,7 @@ refine connection RDPEUDP_Conn += {
orig_lossy_ = true; orig_lossy_ = true;
if ( rdpeudp_syn ) if ( rdpeudp_syn )
BifEvent::enqueue_rdpeudp_syn(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_rdpeudp_syn(bro_analyzer(), bro_analyzer()->Conn());
state_ = NEED_SYNACK; state_ = NEED_SYNACK;
return true; return true;
@ -60,7 +60,7 @@ refine connection RDPEUDP_Conn += {
return false; return false;
if ( rdpeudp_synack ) if ( rdpeudp_synack )
BifEvent::enqueue_rdpeudp_synack(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_rdpeudp_synack(bro_analyzer(), bro_analyzer()->Conn());
bro_analyzer()->ProtocolConfirmation(); bro_analyzer()->ProtocolConfirmation();
state_ = NEED_ACK; state_ = NEED_ACK;
@ -79,11 +79,11 @@ refine connection RDPEUDP_Conn += {
state_ = ESTABLISHED; state_ = ESTABLISHED;
if ( rdpeudp_established ) if ( rdpeudp_established )
BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 1); zeek::BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 1);
} }
if ( state_ == ESTABLISHED && rdpeudp_data ) if ( state_ == ESTABLISHED && rdpeudp_data )
BifEvent::enqueue_rdpeudp_data(bro_analyzer(), zeek::BifEvent::enqueue_rdpeudp_data(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
is_orig, is_orig,
1, 1,
@ -102,13 +102,13 @@ refine connection RDPEUDP_Conn += {
if ( state_ == NEED_ACK ) if ( state_ == NEED_ACK )
{ {
if ( rdpeudp_established ) if ( rdpeudp_established )
BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 2); zeek::BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 2);
state_ = ESTABLISHED; state_ = ESTABLISHED;
} }
if ( state_ == ESTABLISHED && rdpeudp_data ) if ( state_ == ESTABLISHED && rdpeudp_data )
BifEvent::enqueue_rdpeudp_data(bro_analyzer(), zeek::BifEvent::enqueue_rdpeudp_data(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
is_orig, is_orig,
2, 2,

14
src/analyzer/protocol/rfb/rfb-analyzer.pac
View file

@ -4,7 +4,7 @@ refine flow RFB_Flow += {
if ( client ) if ( client )
{ {
if ( rfb_client_version ) if ( rfb_client_version )
BifEvent::enqueue_rfb_client_version(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rfb_client_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(major), to_stringval(major),
to_stringval(minor)); to_stringval(minor));
@ -14,7 +14,7 @@ refine flow RFB_Flow += {
else else
{ {
if ( rfb_server_version ) if ( rfb_server_version )
BifEvent::enqueue_rfb_server_version(connection()->bro_analyzer(), zeek::BifEvent::enqueue_rfb_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(major), to_stringval(major),
to_stringval(minor)); to_stringval(minor));
@ -26,21 +26,21 @@ refine flow RFB_Flow += {
function proc_rfb_share_flag(shared: bool) : bool function proc_rfb_share_flag(shared: bool) : bool
%{ %{
if ( rfb_share_flag ) if ( rfb_share_flag )
BifEvent::enqueue_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared); zeek::BifEvent::enqueue_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared);
return true; return true;
%} %}
function proc_security_types(msg: RFBSecurityType) : bool function proc_security_types(msg: RFBSecurityType) : bool
%{ %{
if ( rfb_authentication_type ) if ( rfb_authentication_type )
BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype}); zeek::BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype});
return true; return true;
%} %}
function proc_security_types37(msg: RFBAuthTypeSelected) : bool function proc_security_types37(msg: RFBAuthTypeSelected) : bool
%{ %{
if ( rfb_authentication_type ) if ( rfb_authentication_type )
BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type}); zeek::BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type});
return true; return true;
%} %}
@ -50,7 +50,7 @@ refine flow RFB_Flow += {
{ {
auto vec_ptr = ${msg.name}; auto vec_ptr = ${msg.name};
auto name_ptr = &((*vec_ptr)[0]); auto name_ptr = &((*vec_ptr)[0]);
BifEvent::enqueue_rfb_server_parameters( zeek::BifEvent::enqueue_rfb_server_parameters(
connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
make_intrusive<StringVal>(${msg.name}->size(), (const char*)name_ptr), make_intrusive<StringVal>(${msg.name}->size(), (const char*)name_ptr),
${msg.width}, ${msg.width},
@ -62,7 +62,7 @@ refine flow RFB_Flow += {
function proc_handle_security_result(result : uint32) : bool function proc_handle_security_result(result : uint32) : bool
%{ %{
if ( rfb_auth_result ) if ( rfb_auth_result )
BifEvent::enqueue_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result); zeek::BifEvent::enqueue_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result);
return true; return true;
%} %}
}; };

12
src/analyzer/protocol/sip/sip-analyzer.pac
View file

@ -20,7 +20,7 @@ refine flow SIP_Flow += {
%{ %{
if ( sip_request ) if ( sip_request )
{ {
BifEvent::enqueue_sip_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), zeek::BifEvent::enqueue_sip_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
to_stringval(method), to_stringval(uri), to_stringval(method), to_stringval(uri),
to_stringval(${vers.vers_str})); to_stringval(${vers.vers_str}));
} }
@ -35,7 +35,7 @@ refine flow SIP_Flow += {
connection()->bro_analyzer()->ProtocolConfirmation(); connection()->bro_analyzer()->ProtocolConfirmation();
if ( sip_reply ) if ( sip_reply )
{ {
BifEvent::enqueue_sip_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), zeek::BifEvent::enqueue_sip_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
to_stringval(${vers.vers_str}), code, to_stringval(reason)); to_stringval(${vers.vers_str}), code, to_stringval(reason));
} }
@ -53,7 +53,7 @@ refine flow SIP_Flow += {
{ {
auto nameval = to_stringval(name); auto nameval = to_stringval(name);
nameval->ToUpper(); nameval->ToUpper();
BifEvent::enqueue_sip_header(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), zeek::BifEvent::enqueue_sip_header(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
is_orig(), std::move(nameval), to_stringval(value)); is_orig(), std::move(nameval), to_stringval(value));
} }
@ -83,7 +83,7 @@ refine flow SIP_Flow += {
%{ %{
if ( sip_all_headers ) if ( sip_all_headers )
{ {
BifEvent::enqueue_sip_all_headers(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), zeek::BifEvent::enqueue_sip_all_headers(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
is_orig(), {AdoptRef{}, build_sip_headers_val()}); is_orig(), {AdoptRef{}, build_sip_headers_val()});
} }
@ -127,7 +127,7 @@ refine flow SIP_Flow += {
%{ %{
if ( sip_begin_entity ) if ( sip_begin_entity )
{ {
BifEvent::enqueue_sip_begin_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); zeek::BifEvent::enqueue_sip_begin_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
} }
%} %}
@ -135,7 +135,7 @@ refine flow SIP_Flow += {
%{ %{
if ( sip_end_entity ) if ( sip_end_entity )
{ {
BifEvent::enqueue_sip_end_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig()); zeek::BifEvent::enqueue_sip_end_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
} }
return true; return true;

4
src/analyzer/protocol/smb/smb1-com-check-directory.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_check_directory_request(header: SMB_Header, val: SMB1_check_directory_request): bool function proc_smb1_check_directory_request(header: SMB_Header, val: SMB1_check_directory_request): bool
%{ %{
if ( smb1_check_directory_request ) if ( smb1_check_directory_request )
BifEvent::enqueue_smb1_check_directory_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_check_directory_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.directory_name})); smb_string2stringval(${val.directory_name}));
@ -13,7 +13,7 @@ refine connection SMB_Conn += {
function proc_smb1_check_directory_response(header: SMB_Header, val: SMB1_check_directory_response): bool function proc_smb1_check_directory_response(header: SMB_Header, val: SMB1_check_directory_response): bool
%{ %{
if ( smb1_check_directory_response ) if ( smb1_check_directory_response )
BifEvent::enqueue_smb1_check_directory_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_check_directory_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header)); SMBHeaderVal(header));
return true; return true;

2
src/analyzer/protocol/smb/smb1-com-close.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_close_request(h: SMB_Header, val: SMB1_close_request): bool function proc_smb1_close_request(h: SMB_Header, val: SMB1_close_request): bool
%{ %{
if ( smb1_close_request ) if ( smb1_close_request )
BifEvent::enqueue_smb1_close_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_close_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h), SMBHeaderVal(h),
${val.file_id}); ${val.file_id});

4
src/analyzer/protocol/smb/smb1-com-create-directory.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_create_directory_request(header: SMB_Header, val: SMB1_create_directory_request): bool function proc_smb1_create_directory_request(header: SMB_Header, val: SMB1_create_directory_request): bool
%{ %{
if ( smb1_create_directory_request ) if ( smb1_create_directory_request )
BifEvent::enqueue_smb1_create_directory_request(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb1_create_directory_request(bro_analyzer(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.directory_name})); smb_string2stringval(${val.directory_name}));
return true; return true;
@ -11,7 +11,7 @@ refine connection SMB_Conn += {
function proc_smb1_create_directory_response(header: SMB_Header, val: SMB1_create_directory_response): bool function proc_smb1_create_directory_response(header: SMB_Header, val: SMB1_create_directory_response): bool
%{ %{
if ( smb1_create_directory_response ) if ( smb1_create_directory_response )
BifEvent::enqueue_smb1_create_directory_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_create_directory_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header)); SMBHeaderVal(header));
return true; return true;

4
src/analyzer/protocol/smb/smb1-com-echo.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_echo_request(header: SMB_Header, val: SMB1_echo_request): bool function proc_smb1_echo_request(header: SMB_Header, val: SMB1_echo_request): bool
%{ %{
if ( smb1_echo_request ) if ( smb1_echo_request )
BifEvent::enqueue_smb1_echo_request(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb1_echo_request(bro_analyzer(), bro_analyzer()->Conn(),
${val.echo_count}, to_stringval(${val.data})); ${val.echo_count}, to_stringval(${val.data}));
return true; return true;
%} %}
@ -11,7 +11,7 @@ refine connection SMB_Conn += {
function proc_smb1_echo_response(header: SMB_Header, val: SMB1_echo_response): bool function proc_smb1_echo_response(header: SMB_Header, val: SMB1_echo_response): bool
%{ %{
if ( smb1_echo_response ) if ( smb1_echo_response )
BifEvent::enqueue_smb1_echo_response(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb1_echo_response(bro_analyzer(), bro_analyzer()->Conn(),
${val.seq_num}, to_stringval(${val.data})); ${val.seq_num}, to_stringval(${val.data}));
return true; return true;
%} %}

2
src/analyzer/protocol/smb/smb1-com-logoff-andx.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_logoff_andx(header: SMB_Header, val: SMB1_logoff_andx): bool function proc_smb1_logoff_andx(header: SMB_Header, val: SMB1_logoff_andx): bool
%{ %{
if ( smb1_logoff_andx ) if ( smb1_logoff_andx )
BifEvent::enqueue_smb1_logoff_andx(bro_analyzer(), bro_analyzer()->Conn(), ${val.is_orig}); zeek::BifEvent::enqueue_smb1_logoff_andx(bro_analyzer(), bro_analyzer()->Conn(), ${val.is_orig});
return true; return true;
%} %}

4
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -23,7 +23,7 @@ refine connection SMB_Conn += {
dialects->Assign(i, std::move(dia)); dialects->Assign(i, std::move(dia));
} }
BifEvent::enqueue_smb1_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb1_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(dialects)); std::move(dialects));
} }
@ -135,7 +135,7 @@ refine connection SMB_Conn += {
} }
break; break;
} }
BifEvent::enqueue_smb1_negotiate_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_negotiate_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(response)); std::move(response));

2
src/analyzer/protocol/smb/smb1-com-nt-cancel.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_nt_cancel_request(header: SMB_Header, val: SMB1_nt_cancel_request): bool function proc_smb1_nt_cancel_request(header: SMB_Header, val: SMB1_nt_cancel_request): bool
%{ %{
if ( smb1_nt_cancel_request ) if ( smb1_nt_cancel_request )
BifEvent::enqueue_smb1_nt_cancel_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_nt_cancel_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header)); SMBHeaderVal(header));
return true; return true;

6
src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
View file

@ -9,13 +9,13 @@ refine connection SMB_Conn += {
set_tree_is_pipe(${header.tid}); set_tree_is_pipe(${header.tid});
if ( smb_pipe_connect_heuristic ) if ( smb_pipe_connect_heuristic )
BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(), zeek::BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(),
bro_analyzer()->Conn()); bro_analyzer()->Conn());
} }
if ( smb1_nt_create_andx_request ) if ( smb1_nt_create_andx_request )
{ {
BifEvent::enqueue_smb1_nt_create_andx_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_nt_create_andx_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(filename)); std::move(filename));
@ -28,7 +28,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb1_nt_create_andx_response ) if ( smb1_nt_create_andx_response )
{ {
BifEvent::enqueue_smb1_nt_create_andx_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_nt_create_andx_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
${val.file_id}, ${val.file_id},

2
src/analyzer/protocol/smb/smb1-com-query-information.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_query_information_request(header: SMB_Header, val: SMB1_query_information_request): bool function proc_smb1_query_information_request(header: SMB_Header, val: SMB1_query_information_request): bool
%{ %{
if ( smb1_query_information_request ) if ( smb1_query_information_request )
BifEvent::enqueue_smb1_query_information_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_query_information_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.filename})); smb_string2stringval(${val.filename}));

4
src/analyzer/protocol/smb/smb1-com-read-andx.pac
View file

@ -9,7 +9,7 @@ refine connection SMB_Conn += {
function proc_smb1_read_andx_request(h: SMB_Header, val: SMB1_read_andx_request): bool function proc_smb1_read_andx_request(h: SMB_Header, val: SMB1_read_andx_request): bool
%{ %{
if ( smb1_read_andx_request ) if ( smb1_read_andx_request )
BifEvent::enqueue_smb1_read_andx_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_read_andx_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h), SMBHeaderVal(h),
${val.file_id}, ${val.file_id},
@ -23,7 +23,7 @@ refine connection SMB_Conn += {
function proc_smb1_read_andx_response(h: SMB_Header, val: SMB1_read_andx_response): bool function proc_smb1_read_andx_response(h: SMB_Header, val: SMB1_read_andx_response): bool
%{ %{
if ( smb1_read_andx_response ) if ( smb1_read_andx_response )
BifEvent::enqueue_smb1_read_andx_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_read_andx_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h), SMBHeaderVal(h),
${val.data_len}); ${val.data_len});

4
src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
View file

@ -78,7 +78,7 @@ refine connection SMB_Conn += {
break; break;
} }
BifEvent::enqueue_smb1_session_setup_andx_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_session_setup_andx_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(request)); std::move(request));
@ -112,7 +112,7 @@ refine connection SMB_Conn += {
break; break;
} }
BifEvent::enqueue_smb1_session_setup_andx_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_session_setup_andx_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(response)); std::move(response));

2
src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
View file

@ -45,7 +45,7 @@ refine connection SMB_Conn += {
payload_str = val_mgr->EmptyString(); payload_str = val_mgr->EmptyString();
} }
BifEvent::enqueue_smb1_transaction_secondary_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_transaction_secondary_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(args), std::move(args),

4
src/analyzer/protocol/smb/smb1-com-transaction.pac
View file

@ -62,7 +62,7 @@ refine connection SMB_Conn += {
else else
payload_str = val_mgr->EmptyString(); payload_str = val_mgr->EmptyString();
BifEvent::enqueue_smb1_transaction_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_transaction_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.name}), smb_string2stringval(${val.name}),
@ -87,7 +87,7 @@ refine connection SMB_Conn += {
else else
payload_str = val_mgr->EmptyString(); payload_str = val_mgr->EmptyString();
BifEvent::enqueue_smb1_transaction_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_transaction_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(parameters), std::move(parameters),

2
src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac
View file

@ -19,7 +19,7 @@ refine connection SMB_Conn += {
auto parameters = make_intrusive<StringVal>(${val.parameters}.length(), (const char*)${val.parameters}.data()); auto parameters = make_intrusive<StringVal>(${val.parameters}.length(), (const char*)${val.parameters}.data());
auto payload = make_intrusive<StringVal>(${val.data}.length(), (const char*)${val.data}.data()); auto payload = make_intrusive<StringVal>(${val.data}.length(), (const char*)${val.data}.data());
BifEvent::enqueue_smb1_transaction2_secondary_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_transaction2_secondary_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(args), std::move(args),

10
src/analyzer/protocol/smb/smb1-com-transaction2.pac
View file

@ -38,7 +38,7 @@ refine connection SMB_Conn += {
args->Assign(10, val_mgr->Count(${val.data_offset})); args->Assign(10, val_mgr->Count(${val.data_offset}));
args->Assign(11, val_mgr->Count(${val.setup_count})); args->Assign(11, val_mgr->Count(${val.setup_count}));
BifEvent::enqueue_smb1_transaction2_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_transaction2_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(args), std::move(args),
@ -51,7 +51,7 @@ refine connection SMB_Conn += {
function proc_smb1_transaction2_response(header: SMB_Header, val: SMB1_transaction2_response): bool function proc_smb1_transaction2_response(header: SMB_Header, val: SMB1_transaction2_response): bool
%{ %{
//if ( smb1_transaction2_response ) //if ( smb1_transaction2_response )
// BifEvent::enqueue_smb1_transaction2_response(bro_analyzer(), bro_analyzer()->Conn(), SMBHeaderVal(header), ${val.sub_cmd}); // zeek::BifEvent::enqueue_smb1_transaction2_response(bro_analyzer(), bro_analyzer()->Conn(), SMBHeaderVal(header), ${val.sub_cmd});
return true; return true;
%} %}
@ -138,7 +138,7 @@ refine connection SMB_Conn += {
result->Assign(3, val_mgr->Count(${val.info_level})); result->Assign(3, val_mgr->Count(${val.info_level}));
result->Assign(4, val_mgr->Count(${val.search_storage_type})); result->Assign(4, val_mgr->Count(${val.search_storage_type}));
result->Assign(5, smb_string2stringval(${val.file_name})); result->Assign(5, smb_string2stringval(${val.file_name}));
BifEvent::enqueue_smb1_trans2_find_first2_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_trans2_find_first2_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(result)); std::move(result));
@ -217,7 +217,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb1_trans2_query_path_info_request ) if ( smb1_trans2_query_path_info_request )
{ {
BifEvent::enqueue_smb1_trans2_query_path_info_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_trans2_query_path_info_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.file_name})); smb_string2stringval(${val.file_name}));
@ -322,7 +322,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb1_trans2_get_dfs_referral_request ) if ( smb1_trans2_get_dfs_referral_request )
{ {
BifEvent::enqueue_smb1_trans2_get_dfs_referral_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_trans2_get_dfs_referral_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.file_name})); smb_string2stringval(${val.file_name}));

4
src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_tree_connect_andx_request(header: SMB_Header, val: SMB1_tree_connect_andx_request): bool function proc_smb1_tree_connect_andx_request(header: SMB_Header, val: SMB1_tree_connect_andx_request): bool
%{ %{
if ( smb1_tree_connect_andx_request ) if ( smb1_tree_connect_andx_request )
BifEvent::enqueue_smb1_tree_connect_andx_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_tree_connect_andx_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
smb_string2stringval(${val.path}), smb_string2stringval(${val.path}),
@ -20,7 +20,7 @@ refine connection SMB_Conn += {
set_tree_is_pipe(${header.tid}); set_tree_is_pipe(${header.tid});
if ( smb1_tree_connect_andx_response ) if ( smb1_tree_connect_andx_response )
BifEvent::enqueue_smb1_tree_connect_andx_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_tree_connect_andx_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
std::move(service_string), std::move(service_string),

2
src/analyzer/protocol/smb/smb1-com-tree-disconnect.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_tree_disconnect(header: SMB_Header, val: SMB1_tree_disconnect): bool function proc_smb1_tree_disconnect(header: SMB_Header, val: SMB1_tree_disconnect): bool
%{ %{
if ( smb1_tree_disconnect ) if ( smb1_tree_disconnect )
BifEvent::enqueue_smb1_tree_disconnect(bro_analyzer(), zeek::BifEvent::enqueue_smb1_tree_disconnect(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header), SMBHeaderVal(header),
${val.is_orig}); ${val.is_orig});

4
src/analyzer/protocol/smb/smb1-com-write-andx.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb1_write_andx_request(h: SMB_Header, val: SMB1_write_andx_request): bool function proc_smb1_write_andx_request(h: SMB_Header, val: SMB1_write_andx_request): bool
%{ %{
if ( smb1_write_andx_request ) if ( smb1_write_andx_request )
BifEvent::enqueue_smb1_write_andx_request(bro_analyzer(), zeek::BifEvent::enqueue_smb1_write_andx_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h), SMBHeaderVal(h),
${val.file_id}, ${val.file_id},
@ -24,7 +24,7 @@ refine connection SMB_Conn += {
function proc_smb1_write_andx_response(h: SMB_Header, val: SMB1_write_andx_response): bool function proc_smb1_write_andx_response(h: SMB_Header, val: SMB1_write_andx_response): bool
%{ %{
if ( smb1_write_andx_response ) if ( smb1_write_andx_response )
BifEvent::enqueue_smb1_write_andx_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_write_andx_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h), SMBHeaderVal(h),
${val.written_bytes}); ${val.written_bytes});

8
src/analyzer/protocol/smb/smb1-protocol.pac
View file

@ -43,7 +43,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb1_message ) if ( smb1_message )
{ {
BifEvent::enqueue_smb1_message(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb1_message(bro_analyzer(), bro_analyzer()->Conn(),
SMBHeaderVal(h), SMBHeaderVal(h),
is_orig); is_orig);
} }
@ -54,7 +54,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb1_empty_response ) if ( smb1_empty_response )
{ {
BifEvent::enqueue_smb1_empty_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_empty_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(header)); SMBHeaderVal(header));
} }
@ -67,7 +67,7 @@ refine connection SMB_Conn += {
{ {
if ( smb1_empty_response ) if ( smb1_empty_response )
{ {
BifEvent::enqueue_smb1_empty_response(bro_analyzer(), zeek::BifEvent::enqueue_smb1_empty_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h)); SMBHeaderVal(h));
} }
@ -75,7 +75,7 @@ refine connection SMB_Conn += {
else else
{ {
if ( smb1_error ) if ( smb1_error )
BifEvent::enqueue_smb1_error(bro_analyzer(), zeek::BifEvent::enqueue_smb1_error(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
SMBHeaderVal(h), is_orig); SMBHeaderVal(h), is_orig);
} }

4
src/analyzer/protocol/smb/smb2-com-close.pac
View file

@ -4,7 +4,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_close_request ) if ( smb2_close_request )
{ {
BifEvent::enqueue_smb2_close_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_close_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
BuildSMB2GUID(${val.file_id})); BuildSMB2GUID(${val.file_id}));
@ -30,7 +30,7 @@ refine connection SMB_Conn += {
${val.change_time})); ${val.change_time}));
resp->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs})); resp->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs}));
BifEvent::enqueue_smb2_close_response(bro_analyzer(), zeek::BifEvent::enqueue_smb2_close_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(resp)); std::move(resp));

6
src/analyzer/protocol/smb/smb2-com-create.pac
View file

@ -10,7 +10,7 @@ refine connection SMB_Conn += {
set_tree_is_pipe(${h.tree_id}); set_tree_is_pipe(${h.tree_id});
if ( smb_pipe_connect_heuristic ) if ( smb_pipe_connect_heuristic )
BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(), zeek::BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(),
bro_analyzer()->Conn()); bro_analyzer()->Conn());
} }
@ -20,7 +20,7 @@ refine connection SMB_Conn += {
requestinfo->Assign(0, std::move(filename)); requestinfo->Assign(0, std::move(filename));
requestinfo->Assign(1, val_mgr->Count(${val.disposition})); requestinfo->Assign(1, val_mgr->Count(${val.disposition}));
requestinfo->Assign(2, val_mgr->Count(${val.create_options})); requestinfo->Assign(2, val_mgr->Count(${val.create_options}));
BifEvent::enqueue_smb2_create_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_create_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(requestinfo)); std::move(requestinfo));
@ -42,7 +42,7 @@ refine connection SMB_Conn += {
${val.change_time})); ${val.change_time}));
responseinfo->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs})); responseinfo->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs}));
responseinfo->Assign(4, val_mgr->Count(${val.create_action})); responseinfo->Assign(4, val_mgr->Count(${val.create_action}));
BifEvent::enqueue_smb2_create_response(bro_analyzer(), zeek::BifEvent::enqueue_smb2_create_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(responseinfo)); std::move(responseinfo));

4
src/analyzer/protocol/smb/smb2-com-negotiate.pac
View file

@ -27,7 +27,7 @@ refine connection SMB_Conn += {
for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i ) for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
dialects->Assign(i, val_mgr->Count((*${val.dialects})[i])); dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));
BifEvent::enqueue_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(dialects)); std::move(dialects));
} }
@ -60,7 +60,7 @@ refine connection SMB_Conn += {
nr->Assign(6, std::move(cv)); nr->Assign(6, std::move(cv));
BifEvent::enqueue_smb2_negotiate_response(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb2_negotiate_response(bro_analyzer(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(nr)); std::move(nr));
} }

2
src/analyzer/protocol/smb/smb2-com-read.pac
View file

@ -26,7 +26,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_read_request ) if ( smb2_read_request )
{ {
BifEvent::enqueue_smb2_read_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_read_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
BuildSMB2GUID(${val.file_id}), BuildSMB2GUID(${val.file_id}),

4
src/analyzer/protocol/smb/smb2-com-session-setup.pac
View file

@ -7,7 +7,7 @@ refine connection SMB_Conn += {
auto req = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest); auto req = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest);
req->Assign(0, val_mgr->Count(${val.security_mode})); req->Assign(0, val_mgr->Count(${val.security_mode}));
BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(req)); std::move(req));
@ -28,7 +28,7 @@ refine connection SMB_Conn += {
auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse); auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
resp->Assign(0, std::move(flags)); resp->Assign(0, std::move(flags));
BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(), zeek::BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
std::move(resp)); std::move(resp));

28
src/analyzer/protocol/smb/smb2-com-set-info.pac
View file

@ -28,7 +28,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file(val: SMB2_file_basic_info): bool function proc_smb2_set_info_request_file(val: SMB2_file_basic_info): bool
%{ %{
if ( smb2_file_sattr ) if ( smb2_file_sattr )
BifEvent::enqueue_smb2_file_sattr(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_sattr(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -44,7 +44,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_rename(val: SMB2_file_rename_info): bool function proc_smb2_set_info_request_file_rename(val: SMB2_file_rename_info): bool
%{ %{
if ( smb2_file_rename ) if ( smb2_file_rename )
BifEvent::enqueue_smb2_file_rename(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_rename(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -56,7 +56,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_delete(val: SMB2_file_disposition_info): bool function proc_smb2_set_info_request_file_delete(val: SMB2_file_disposition_info): bool
%{ %{
if ( smb2_file_delete ) if ( smb2_file_delete )
BifEvent::enqueue_smb2_file_delete(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_delete(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -68,7 +68,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_allocation(val: SMB2_file_allocation_info): bool function proc_smb2_set_info_request_file_allocation(val: SMB2_file_allocation_info): bool
%{ %{
if ( smb2_file_allocation ) if ( smb2_file_allocation )
BifEvent::enqueue_smb2_file_allocation(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_allocation(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -80,7 +80,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_endoffile(val: SMB2_file_endoffile_info): bool function proc_smb2_set_info_request_file_endoffile(val: SMB2_file_endoffile_info): bool
%{ %{
if ( smb2_file_endoffile ) if ( smb2_file_endoffile )
BifEvent::enqueue_smb2_file_endoffile(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_endoffile(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -104,7 +104,7 @@ refine connection SMB_Conn += {
eas->Assign(i, std::move(r)); eas->Assign(i, std::move(r));
} }
BifEvent::enqueue_smb2_file_fullea(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_fullea(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -117,7 +117,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_link(val: SMB2_file_link_info): bool function proc_smb2_set_info_request_file_link(val: SMB2_file_link_info): bool
%{ %{
if ( smb2_file_link ) if ( smb2_file_link )
BifEvent::enqueue_smb2_file_link(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_link(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -130,7 +130,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_mode(val: SMB2_file_mode_info): bool function proc_smb2_set_info_request_file_mode(val: SMB2_file_mode_info): bool
%{ %{
if ( smb2_file_mode ) if ( smb2_file_mode )
BifEvent::enqueue_smb2_file_mode(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_mode(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -142,7 +142,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_pipe(val: SMB2_file_pipe_info): bool function proc_smb2_set_info_request_file_pipe(val: SMB2_file_pipe_info): bool
%{ %{
if ( smb2_file_pipe ) if ( smb2_file_pipe )
BifEvent::enqueue_smb2_file_pipe(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_pipe(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -155,7 +155,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_position(val: SMB2_file_position_info): bool function proc_smb2_set_info_request_file_position(val: SMB2_file_position_info): bool
%{ %{
if ( smb2_file_position ) if ( smb2_file_position )
BifEvent::enqueue_smb2_file_position(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_position(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -167,7 +167,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_shortname(val: SMB2_file_shortname_info): bool function proc_smb2_set_info_request_file_shortname(val: SMB2_file_shortname_info): bool
%{ %{
if ( smb2_file_shortname ) if ( smb2_file_shortname )
BifEvent::enqueue_smb2_file_shortname(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_shortname(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -179,7 +179,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_validdatalength(val: SMB2_file_validdatalength_info): bool function proc_smb2_set_info_request_file_validdatalength(val: SMB2_file_validdatalength_info): bool
%{ %{
if ( smb2_file_validdatalength ) if ( smb2_file_validdatalength )
BifEvent::enqueue_smb2_file_validdatalength(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_validdatalength(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -200,7 +200,7 @@ refine connection SMB_Conn += {
r->Assign(4, val_mgr->Count(${val.default_quota_limit})); r->Assign(4, val_mgr->Count(${val.default_quota_limit}));
r->Assign(5, val_mgr->Count(${val.file_system_control_flags})); r->Assign(5, val_mgr->Count(${val.file_system_control_flags}));
BifEvent::enqueue_smb2_file_fscontrol(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_fscontrol(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),
@ -213,7 +213,7 @@ refine connection SMB_Conn += {
function proc_smb2_set_info_request_file_fsobjectid(val: SMB2_file_fsobjectid_info): bool function proc_smb2_set_info_request_file_fsobjectid(val: SMB2_file_fsobjectid_info): bool
%{ %{
if ( smb2_file_fsobjectid ) if ( smb2_file_fsobjectid )
BifEvent::enqueue_smb2_file_fsobjectid(bro_analyzer(), zeek::BifEvent::enqueue_smb2_file_fsobjectid(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(${val.sir.header}), BuildSMB2HeaderVal(${val.sir.header}),
BuildSMB2GUID(${val.sir.file_id}), BuildSMB2GUID(${val.sir.file_id}),

2
src/analyzer/protocol/smb/smb2-com-transform-header.pac
View file

@ -11,7 +11,7 @@ refine connection SMB_Conn += {
r->Assign(3, val_mgr->Count(${hdr.flags})); r->Assign(3, val_mgr->Count(${hdr.flags}));
r->Assign(4, val_mgr->Count(${hdr.session_id})); r->Assign(4, val_mgr->Count(${hdr.session_id}));
BifEvent::enqueue_smb2_transform_header(bro_analyzer(), zeek::BifEvent::enqueue_smb2_transform_header(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
std::move(r)); std::move(r));
} }

4
src/analyzer/protocol/smb/smb2-com-tree-connect.pac
View file

@ -3,7 +3,7 @@ refine connection SMB_Conn += {
function proc_smb2_tree_connect_request(header: SMB2_Header, val: SMB2_tree_connect_request): bool function proc_smb2_tree_connect_request(header: SMB2_Header, val: SMB2_tree_connect_request): bool
%{ %{
if ( smb2_tree_connect_request ) if ( smb2_tree_connect_request )
BifEvent::enqueue_smb2_tree_connect_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_tree_connect_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(header), BuildSMB2HeaderVal(header),
smb2_string2stringval(${val.path})); smb2_string2stringval(${val.path}));
@ -21,7 +21,7 @@ refine connection SMB_Conn += {
auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse); auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse);
resp->Assign(0, val_mgr->Count(${val.share_type})); resp->Assign(0, val_mgr->Count(${val.share_type}));
BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(), zeek::BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(header), BuildSMB2HeaderVal(header),
std::move(resp)); std::move(resp));

4
src/analyzer/protocol/smb/smb2-com-tree-disconnect.pac
View file

@ -7,7 +7,7 @@ refine connection SMB_Conn += {
if ( smb2_tree_disconnect_request ) if ( smb2_tree_disconnect_request )
{ {
BifEvent::enqueue_smb2_tree_disconnect_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_tree_disconnect_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(header)); BuildSMB2HeaderVal(header));
} }
@ -19,7 +19,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_tree_disconnect_response ) if ( smb2_tree_disconnect_response )
{ {
BifEvent::enqueue_smb2_tree_disconnect_response(bro_analyzer(), zeek::BifEvent::enqueue_smb2_tree_disconnect_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(header)); BuildSMB2HeaderVal(header));
} }

4
src/analyzer/protocol/smb/smb2-com-write.pac
View file

@ -4,7 +4,7 @@ refine connection SMB_Conn += {
%{ %{
if ( smb2_write_request ) if ( smb2_write_request )
{ {
BifEvent::enqueue_smb2_write_request(bro_analyzer(), zeek::BifEvent::enqueue_smb2_write_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
BuildSMB2GUID(${val.file_id}), BuildSMB2GUID(${val.file_id}),
@ -27,7 +27,7 @@ refine connection SMB_Conn += {
if ( smb2_write_response ) if ( smb2_write_response )
{ {
BifEvent::enqueue_smb2_write_response(bro_analyzer(), zeek::BifEvent::enqueue_smb2_write_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), BuildSMB2HeaderVal(h),
${val.write_count}); ${val.write_count});

2
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -250,7 +250,7 @@ refine connection SMB_Conn += {
if ( smb2_message ) if ( smb2_message )
{ {
BifEvent::enqueue_smb2_message(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_smb2_message(bro_analyzer(), bro_analyzer()->Conn(),
BuildSMB2HeaderVal(h), is_orig); BuildSMB2HeaderVal(h), is_orig);
} }
return true; return true;

26
src/analyzer/protocol/snmp/snmp-analyzer.pac
View file

@ -209,7 +209,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_get_request ) if ( ! snmp_get_request )
return false; return false;
BifEvent::enqueue_snmp_get_request(bro_analyzer(), zeek::BifEvent::enqueue_snmp_get_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -222,7 +222,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_get_next_request ) if ( ! snmp_get_next_request )
return false; return false;
BifEvent::enqueue_snmp_get_next_request(bro_analyzer(), zeek::BifEvent::enqueue_snmp_get_next_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -235,7 +235,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_response ) if ( ! snmp_response )
return false; return false;
BifEvent::enqueue_snmp_response(bro_analyzer(), zeek::BifEvent::enqueue_snmp_response(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -248,7 +248,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_set_request ) if ( ! snmp_set_request )
return false; return false;
BifEvent::enqueue_snmp_set_request(bro_analyzer(), zeek::BifEvent::enqueue_snmp_set_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -261,7 +261,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_trap ) if ( ! snmp_trap )
return false; return false;
BifEvent::enqueue_snmp_trap(bro_analyzer(), zeek::BifEvent::enqueue_snmp_trap(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -274,7 +274,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_get_bulk_request ) if ( ! snmp_get_bulk_request )
return false; return false;
BifEvent::enqueue_snmp_get_bulk_request(bro_analyzer(), zeek::BifEvent::enqueue_snmp_get_bulk_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -287,7 +287,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_inform_request ) if ( ! snmp_inform_request )
return false; return false;
BifEvent::enqueue_snmp_inform_request(bro_analyzer(), zeek::BifEvent::enqueue_snmp_inform_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -300,7 +300,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_trapV2 ) if ( ! snmp_trapV2 )
return false; return false;
BifEvent::enqueue_snmp_trapV2(bro_analyzer(), zeek::BifEvent::enqueue_snmp_trapV2(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -313,7 +313,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_report ) if ( ! snmp_report )
return false; return false;
BifEvent::enqueue_snmp_report(bro_analyzer(), zeek::BifEvent::enqueue_snmp_report(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${pdu.header.is_orig}, ${pdu.header.is_orig},
build_hdr(${pdu.header}), build_hdr(${pdu.header}),
@ -326,7 +326,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_unknown_header_version ) if ( ! snmp_unknown_header_version )
return false; return false;
BifEvent::enqueue_snmp_unknown_header_version(bro_analyzer(), zeek::BifEvent::enqueue_snmp_unknown_header_version(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${rec.header.is_orig}, ${rec.header.is_orig},
${rec.header.version}); ${rec.header.version});
@ -338,7 +338,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_unknown_pdu ) if ( ! snmp_unknown_pdu )
return false; return false;
BifEvent::enqueue_snmp_unknown_pdu(bro_analyzer(), zeek::BifEvent::enqueue_snmp_unknown_pdu(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${rec.header.is_orig}, ${rec.header.is_orig},
build_hdr(${rec.header}), build_hdr(${rec.header}),
@ -351,7 +351,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_unknown_scoped_pdu ) if ( ! snmp_unknown_scoped_pdu )
return false; return false;
BifEvent::enqueue_snmp_unknown_scoped_pdu(bro_analyzer(), zeek::BifEvent::enqueue_snmp_unknown_scoped_pdu(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${rec.header.is_orig}, ${rec.header.is_orig},
build_hdr(${rec.header}), build_hdr(${rec.header}),
@ -364,7 +364,7 @@ refine connection SNMP_Conn += {
if ( ! snmp_encrypted_pdu ) if ( ! snmp_encrypted_pdu )
return false; return false;
BifEvent::enqueue_snmp_encrypted_pdu(bro_analyzer(), zeek::BifEvent::enqueue_snmp_encrypted_pdu(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${rec.header.is_orig}, ${rec.header.is_orig},
build_hdr(${rec.header})); build_hdr(${rec.header}));

12
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -31,7 +31,7 @@ refine connection SOCKS_Conn += {
if ( ${request.v4a} ) if ( ${request.v4a} )
sa->Assign(1, array_to_string(${request.name})); sa->Assign(1, array_to_string(${request.name}));
BifEvent::enqueue_socks_request(bro_analyzer(), zeek::BifEvent::enqueue_socks_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
4, 4,
${request.command}, ${request.command},
@ -53,7 +53,7 @@ refine connection SOCKS_Conn += {
auto sa = make_intrusive<RecordVal>(socks_address); auto sa = make_intrusive<RecordVal>(socks_address);
sa->Assign(0, make_intrusive<AddrVal>(htonl(${reply.addr}))); sa->Assign(0, make_intrusive<AddrVal>(htonl(${reply.addr})));
BifEvent::enqueue_socks_reply(bro_analyzer(), zeek::BifEvent::enqueue_socks_reply(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
4, 4,
${reply.status}, ${reply.status},
@ -107,7 +107,7 @@ refine connection SOCKS_Conn += {
} }
if ( socks_request ) if ( socks_request )
BifEvent::enqueue_socks_request(bro_analyzer(), zeek::BifEvent::enqueue_socks_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
5, 5,
${request.command}, ${request.command},
@ -147,7 +147,7 @@ refine connection SOCKS_Conn += {
} }
if ( socks_reply ) if ( socks_reply )
BifEvent::enqueue_socks_reply(bro_analyzer(), zeek::BifEvent::enqueue_socks_reply(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
5, 5,
${reply.reply}, ${reply.reply},
@ -167,7 +167,7 @@ refine connection SOCKS_Conn += {
auto user = make_intrusive<StringVal>(${request.username}.length(), (const char*) ${request.username}.begin()); auto user = make_intrusive<StringVal>(${request.username}.length(), (const char*) ${request.username}.begin());
auto pass = make_intrusive<StringVal>(${request.password}.length(), (const char*) ${request.password}.begin()); auto pass = make_intrusive<StringVal>(${request.password}.length(), (const char*) ${request.password}.begin());
BifEvent::enqueue_socks_login_userpass_request(bro_analyzer(), zeek::BifEvent::enqueue_socks_login_userpass_request(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
std::move(user), std::move(pass)); std::move(user), std::move(pass));
return true; return true;
@ -188,7 +188,7 @@ refine connection SOCKS_Conn += {
function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool
%{ %{
if ( socks_login_userpass_reply ) if ( socks_login_userpass_reply )
BifEvent::enqueue_socks_login_userpass_reply(bro_analyzer(), zeek::BifEvent::enqueue_socks_login_userpass_reply(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${reply.code}); ${reply.code});
return true; return true;

12
src/analyzer/protocol/ssh/SSH.cc
View file

@ -91,7 +91,7 @@ void SSH_Analyzer::Undelivered(uint64_t seq, int len, bool orig)
void SSH_Analyzer::ProcessEncryptedSegment(int len, bool orig) void SSH_Analyzer::ProcessEncryptedSegment(int len, bool orig)
{ {
if ( ssh_encrypted_packet ) if ( ssh_encrypted_packet )
BifEvent::enqueue_ssh_encrypted_packet(interp->bro_analyzer(), zeek::BifEvent::enqueue_ssh_encrypted_packet(interp->bro_analyzer(),
interp->bro_analyzer()->Conn(), interp->bro_analyzer()->Conn(),
orig, len); orig, len);
@ -132,9 +132,9 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
{ {
auth_decision_made = true; auth_decision_made = true;
if ( ssh_auth_attempted ) if ( ssh_auth_attempted )
BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true); zeek::BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
if ( ssh_auth_successful ) if ( ssh_auth_successful )
BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true); zeek::BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
return; return;
} }
@ -159,7 +159,7 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
if ( len == userauth_failure_size ) if ( len == userauth_failure_size )
{ {
if ( ssh_auth_attempted ) if ( ssh_auth_attempted )
BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false); zeek::BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
return; return;
} }
@ -168,9 +168,9 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
{ {
auth_decision_made = true; auth_decision_made = true;
if ( ssh_auth_attempted ) if ( ssh_auth_attempted )
BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true); zeek::BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
if ( ssh_auth_successful ) if ( ssh_auth_successful )
BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false); zeek::BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
return; return;
} }
} }

16
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -52,13 +52,13 @@ refine flow SSH_Flow += {
%{ %{
if ( ssh_client_version && ${msg.is_orig } ) if ( ssh_client_version && ${msg.is_orig } )
{ {
BifEvent::enqueue_ssh_client_version(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh_client_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(${msg.version})); to_stringval(${msg.version}));
} }
else if ( ssh_server_version ) else if ( ssh_server_version )
{ {
BifEvent::enqueue_ssh_server_version(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh_server_version(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(${msg.version})); to_stringval(${msg.version}));
} }
@ -103,7 +103,7 @@ refine flow SSH_Flow += {
result->Assign(6, val_mgr->Bool(!${msg.is_orig})); result->Assign(6, val_mgr->Bool(!${msg.is_orig}));
BifEvent::enqueue_ssh_capabilities(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh_capabilities(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), to_stringval(${msg.cookie}), connection()->bro_analyzer()->Conn(), to_stringval(${msg.cookie}),
result); result);
@ -115,7 +115,7 @@ refine flow SSH_Flow += {
%{ %{
if ( ssh2_dh_server_params ) if ( ssh2_dh_server_params )
{ {
BifEvent::enqueue_ssh2_dh_server_params(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh2_dh_server_params(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(${msg.p.val}), to_stringval(${msg.g.val})); to_stringval(${msg.p.val}), to_stringval(${msg.g.val}));
} }
@ -126,7 +126,7 @@ refine flow SSH_Flow += {
%{ %{
if ( ssh2_ecc_key ) if ( ssh2_ecc_key )
{ {
BifEvent::enqueue_ssh2_ecc_key(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh2_ecc_key(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
is_orig, to_stringval(q)); is_orig, to_stringval(q));
} }
@ -137,7 +137,7 @@ refine flow SSH_Flow += {
%{ %{
if ( ssh2_gss_error ) if ( ssh2_gss_error )
{ {
BifEvent::enqueue_ssh2_gss_error(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh2_gss_error(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${msg.major_status}, ${msg.minor_status}, ${msg.major_status}, ${msg.minor_status},
to_stringval(${msg.message.val})); to_stringval(${msg.message.val}));
@ -149,7 +149,7 @@ refine flow SSH_Flow += {
%{ %{
if ( ssh2_server_host_key ) if ( ssh2_server_host_key )
{ {
BifEvent::enqueue_ssh2_server_host_key(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh2_server_host_key(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(${key})); to_stringval(${key}));
} }
@ -160,7 +160,7 @@ refine flow SSH_Flow += {
%{ %{
if ( ssh1_server_host_key ) if ( ssh1_server_host_key )
{ {
BifEvent::enqueue_ssh1_server_host_key(connection()->bro_analyzer(), zeek::BifEvent::enqueue_ssh1_server_host_key(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
to_stringval(${p}), to_stringval(${p}),
to_stringval(${e})); to_stringval(${e}));

2
src/analyzer/protocol/ssl/proc-client-hello.pac
View file

@ -42,7 +42,7 @@
} }
} }
BifEvent::enqueue_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
version, record_version(), ts, version, record_version(), ts,
make_intrusive<StringVal>(client_random.length(), make_intrusive<StringVal>(client_random.length(),
(const char*) client_random.data()), (const char*) client_random.data()),

2
src/analyzer/protocol/ssl/proc-server-hello.pac
View file

@ -25,7 +25,7 @@
if ( v2 == 0 && server_random.length() >= 4 ) if ( v2 == 0 && server_random.length() >= 4 )
ts = ntohl(*((uint32*)server_random.data())); ts = ntohl(*((uint32*)server_random.data()));
BifEvent::enqueue_ssl_server_hello(bro_analyzer(), zeek::BifEvent::enqueue_ssl_server_hello(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
version, record_version(), ts, version, record_version(), ts,
make_intrusive<StringVal>(server_random.length(), make_intrusive<StringVal>(server_random.length(),

2
src/analyzer/protocol/ssl/ssl-analyzer.pac
View file

@ -18,7 +18,7 @@ refine connection SSL_Conn += {
function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool
%{ %{
if ( ssl_established ) if ( ssl_established )
BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
return true; return true;
%} %}

12
src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
View file

@ -32,7 +32,7 @@ refine connection SSL_Conn += {
function proc_alert(rec: SSLRecord, level : int, desc : int) : bool function proc_alert(rec: SSLRecord, level : int, desc : int) : bool
%{ %{
if ( ssl_alert ) if ( ssl_alert )
BifEvent::enqueue_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, level, desc); ${rec.is_orig}, level, desc);
return true; return true;
%} %}
@ -52,11 +52,11 @@ refine connection SSL_Conn += {
{ {
established_ = true; established_ = true;
if ( ssl_established ) if ( ssl_established )
BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
} }
if ( ssl_encrypted_data ) if ( ssl_encrypted_data )
BifEvent::enqueue_ssl_encrypted_data(bro_analyzer(), zeek::BifEvent::enqueue_ssl_encrypted_data(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.raw_tls_version}, ${rec.content_type}, ${rec.length}); bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.raw_tls_version}, ${rec.content_type}, ${rec.length});
return true; return true;
@ -65,7 +65,7 @@ refine connection SSL_Conn += {
function proc_plaintext_record(rec : SSLRecord) : bool function proc_plaintext_record(rec : SSLRecord) : bool
%{ %{
if ( ssl_plaintext_data ) if ( ssl_plaintext_data )
BifEvent::enqueue_ssl_plaintext_data(bro_analyzer(), zeek::BifEvent::enqueue_ssl_plaintext_data(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.raw_tls_version}, ${rec.content_type}, ${rec.length}); bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.raw_tls_version}, ${rec.content_type}, ${rec.length});
return true; return true;
@ -74,7 +74,7 @@ refine connection SSL_Conn += {
function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool
%{ %{
if ( ssl_heartbeat ) if ( ssl_heartbeat )
BifEvent::enqueue_ssl_heartbeat(bro_analyzer(), zeek::BifEvent::enqueue_ssl_heartbeat(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length,
make_intrusive<StringVal>(data.length(), (const char*) data.data())); make_intrusive<StringVal>(data.length(), (const char*) data.data()));
return true; return true;
@ -96,7 +96,7 @@ refine connection SSL_Conn += {
function proc_ccs(rec: SSLRecord) : bool function proc_ccs(rec: SSLRecord) : bool
%{ %{
if ( ssl_change_cipher_spec ) if ( ssl_change_cipher_spec )
BifEvent::enqueue_ssl_change_cipher_spec(bro_analyzer(), zeek::BifEvent::enqueue_ssl_change_cipher_spec(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}); bro_analyzer()->Conn(), ${rec.is_orig});
return true; return true;

54
src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
View file

@ -34,7 +34,7 @@ refine connection Handshake_Conn += {
%{ %{
if ( ssl_session_ticket_handshake ) if ( ssl_session_ticket_handshake )
{ {
BifEvent::enqueue_ssl_session_ticket_handshake(bro_analyzer(), zeek::BifEvent::enqueue_ssl_session_ticket_handshake(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${rec.ticket_lifetime_hint}, ${rec.ticket_lifetime_hint},
make_intrusive<StringVal>(${rec.data}.length(), (const char*) ${rec.data}.data())); make_intrusive<StringVal>(${rec.data}.length(), (const char*) ${rec.data}.data()));
@ -64,7 +64,7 @@ refine connection Handshake_Conn += {
const unsigned char* data = sourcedata.begin() + 4; const unsigned char* data = sourcedata.begin() + 4;
if ( ssl_extension ) if ( ssl_extension )
BifEvent::enqueue_ssl_extension(bro_analyzer(), zeek::BifEvent::enqueue_ssl_extension(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}, type, bro_analyzer()->Conn(), ${rec.is_orig}, type,
make_intrusive<StringVal>(length, reinterpret_cast<const char*>(data))); make_intrusive<StringVal>(length, reinterpret_cast<const char*>(data)));
return true; return true;
@ -83,7 +83,7 @@ refine connection Handshake_Conn += {
points->Assign(i, val_mgr->Count((*point_format_list)[i])); points->Assign(i, val_mgr->Count((*point_format_list)[i]));
} }
BifEvent::enqueue_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(points)); ${rec.is_orig}, std::move(points));
return true; return true;
@ -102,7 +102,7 @@ refine connection Handshake_Conn += {
curves->Assign(i, val_mgr->Count((*list)[i])); curves->Assign(i, val_mgr->Count((*list)[i]));
} }
BifEvent::enqueue_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(curves)); ${rec.is_orig}, std::move(curves));
return true; return true;
@ -121,7 +121,7 @@ refine connection Handshake_Conn += {
nglist->Assign(i, val_mgr->Count((*keyshare)[i]->namedgroup())); nglist->Assign(i, val_mgr->Count((*keyshare)[i]->namedgroup()));
} }
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist)); zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
return true; return true;
%} %}
@ -134,7 +134,7 @@ refine connection Handshake_Conn += {
auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec); auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup())); nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist)); zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
return true; return true;
%} %}
@ -146,7 +146,7 @@ refine connection Handshake_Conn += {
auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec); auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
nglist->Assign(0u, val_mgr->Count(namedgroup)); nglist->Assign(0u, val_mgr->Count(namedgroup));
BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist)); zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
return true; return true;
%} %}
@ -168,7 +168,7 @@ refine connection Handshake_Conn += {
} }
} }
BifEvent::enqueue_ssl_extension_signature_algorithm(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(slist)); zeek::BifEvent::enqueue_ssl_extension_signature_algorithm(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(slist));
return true; return true;
%} %}
@ -186,7 +186,7 @@ refine connection Handshake_Conn += {
plist->Assign(i, make_intrusive<StringVal>((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data())); plist->Assign(i, make_intrusive<StringVal>((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data()));
} }
BifEvent::enqueue_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(plist)); ${rec.is_orig}, std::move(plist));
return true; return true;
@ -215,7 +215,7 @@ refine connection Handshake_Conn += {
} }
if ( ssl_extension_server_name ) if ( ssl_extension_server_name )
BifEvent::enqueue_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(servers)); ${rec.is_orig}, std::move(servers));
return true; return true;
@ -234,7 +234,7 @@ refine connection Handshake_Conn += {
versions->Assign(i, val_mgr->Count((*versions_list)[i])); versions->Assign(i, val_mgr->Count((*versions_list)[i]));
} }
BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(versions)); ${rec.is_orig}, std::move(versions));
return true; return true;
@ -248,7 +248,7 @@ refine connection Handshake_Conn += {
auto versions = make_intrusive<VectorVal>(zeek::id::index_vec); auto versions = make_intrusive<VectorVal>(zeek::id::index_vec);
versions->Assign(0u, val_mgr->Count(version)); versions->Assign(0u, val_mgr->Count(version));
BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(versions)); ${rec.is_orig}, std::move(versions));
return true; return true;
@ -267,7 +267,7 @@ refine connection Handshake_Conn += {
modes->Assign(i, val_mgr->Count((*mode_list)[i])); modes->Assign(i, val_mgr->Count((*mode_list)[i]));
} }
BifEvent::enqueue_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(modes)); ${rec.is_orig}, std::move(modes));
return true; return true;
@ -314,7 +314,7 @@ refine connection Handshake_Conn += {
bro_analyzer()->Conn(), false, file_id, "application/ocsp-response"); bro_analyzer()->Conn(), false, file_id, "application/ocsp-response");
if ( ssl_stapled_ocsp ) if ( ssl_stapled_ocsp )
BifEvent::enqueue_ssl_stapled_ocsp(bro_analyzer(), zeek::BifEvent::enqueue_ssl_stapled_ocsp(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${rec.is_orig}, ${rec.is_orig},
make_intrusive<StringVal>(response.length(), (const char*) response.data())); make_intrusive<StringVal>(response.length(), (const char*) response.data()));
@ -335,7 +335,7 @@ refine connection Handshake_Conn += {
return true; return true;
if ( ssl_ecdh_server_params ) if ( ssl_ecdh_server_params )
BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(), zeek::BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${kex.params.curve}, ${kex.params.curve},
make_intrusive<StringVal>(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); make_intrusive<StringVal>(${kex.params.point}.length(), (const char*)${kex.params.point}.data()));
@ -356,7 +356,7 @@ refine connection Handshake_Conn += {
ha->Assign(1, val_mgr->Count(256)); ha->Assign(1, val_mgr->Count(256));
} }
BifEvent::enqueue_ssl_server_signature(bro_analyzer(), zeek::BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
std::move(ha), std::move(ha),
make_intrusive<StringVal>(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data())); make_intrusive<StringVal>(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data()));
@ -371,7 +371,7 @@ refine connection Handshake_Conn += {
return true; return true;
if ( ssl_ecdh_server_params ) if ( ssl_ecdh_server_params )
BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(), zeek::BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
${kex.params.curve}, ${kex.params.curve},
make_intrusive<StringVal>(${kex.params.point}.length(), (const char*)${kex.params.point}.data())); make_intrusive<StringVal>(${kex.params.point}.length(), (const char*)${kex.params.point}.data()));
@ -382,7 +382,7 @@ refine connection Handshake_Conn += {
function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool
%{ %{
if ( ssl_rsa_client_pms ) if ( ssl_rsa_client_pms )
BifEvent::enqueue_ssl_rsa_client_pms(bro_analyzer(), zeek::BifEvent::enqueue_ssl_rsa_client_pms(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
make_intrusive<StringVal>(rsa_pms.length(), (const char*)rsa_pms.data())); make_intrusive<StringVal>(rsa_pms.length(), (const char*)rsa_pms.data()));
@ -392,7 +392,7 @@ refine connection Handshake_Conn += {
function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool
%{ %{
if ( ssl_dh_client_params ) if ( ssl_dh_client_params )
BifEvent::enqueue_ssl_dh_client_params(bro_analyzer(), zeek::BifEvent::enqueue_ssl_dh_client_params(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
make_intrusive<StringVal>(Yc.length(), (const char*)Yc.data())); make_intrusive<StringVal>(Yc.length(), (const char*)Yc.data()));
@ -402,7 +402,7 @@ refine connection Handshake_Conn += {
function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool
%{ %{
if ( ssl_ecdh_client_params ) if ( ssl_ecdh_client_params )
BifEvent::enqueue_ssl_ecdh_client_params(bro_analyzer(), zeek::BifEvent::enqueue_ssl_ecdh_client_params(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
make_intrusive<StringVal>(point.length(), (const char*)point.data())); make_intrusive<StringVal>(point.length(), (const char*)point.data()));
@ -418,7 +418,7 @@ refine connection Handshake_Conn += {
ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm())); ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm())); ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(bro_analyzer(), zeek::BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}, bro_analyzer()->Conn(), ${rec.is_orig},
version, version,
make_intrusive<StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())), make_intrusive<StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),
@ -433,7 +433,7 @@ refine connection Handshake_Conn += {
function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool
%{ %{
if ( ssl_ecdh_server_params ) if ( ssl_ecdh_server_params )
BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(), zeek::BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
make_intrusive<StringVal>(p.length(), (const char*) p.data()), make_intrusive<StringVal>(p.length(), (const char*) p.data()),
make_intrusive<StringVal>(g.length(), (const char*) g.data()), make_intrusive<StringVal>(g.length(), (const char*) g.data()),
@ -456,7 +456,7 @@ refine connection Handshake_Conn += {
ha->Assign(1, val_mgr->Count(256)); ha->Assign(1, val_mgr->Count(256));
} }
BifEvent::enqueue_ssl_server_signature(bro_analyzer(), zeek::BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
bro_analyzer()->Conn(), std::move(ha), bro_analyzer()->Conn(), std::move(ha),
make_intrusive<StringVal>(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data()) make_intrusive<StringVal>(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data())
); );
@ -468,7 +468,7 @@ refine connection Handshake_Conn += {
function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool
%{ %{
if ( ssl_dh_server_params ) if ( ssl_dh_server_params )
BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(), zeek::BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(),
bro_analyzer()->Conn(), bro_analyzer()->Conn(),
make_intrusive<StringVal>(p.length(), (const char*) p.data()), make_intrusive<StringVal>(p.length(), (const char*) p.data()),
make_intrusive<StringVal>(g.length(), (const char*) g.data()), make_intrusive<StringVal>(g.length(), (const char*) g.data()),
@ -481,7 +481,7 @@ refine connection Handshake_Conn += {
function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool
%{ %{
if ( ssl_handshake_message ) if ( ssl_handshake_message )
BifEvent::enqueue_ssl_handshake_message(bro_analyzer(), zeek::BifEvent::enqueue_ssl_handshake_message(bro_analyzer(),
bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length));
return true; return true;
@ -513,7 +513,7 @@ refine connection Handshake_Conn += {
blist->Assign(blist->Size(), make_intrusive<StringVal>(binder->binder().length(), (const char*) binder->binder().data())); blist->Assign(blist->Size(), make_intrusive<StringVal>(binder->binder().length(), (const char*) binder->binder().data()));
} }
BifEvent::enqueue_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(), zeek::BifEvent::enqueue_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
${rec.is_orig}, std::move(slist), std::move(blist)); ${rec.is_orig}, std::move(slist), std::move(blist));
return true; return true;
@ -524,7 +524,7 @@ refine connection Handshake_Conn += {
if ( ! ssl_extension_pre_shared_key_client_hello ) if ( ! ssl_extension_pre_shared_key_client_hello )
return true; return true;
BifEvent::enqueue_ssl_extension_pre_shared_key_server_hello(bro_analyzer(), zeek::BifEvent::enqueue_ssl_extension_pre_shared_key_server_hello(bro_analyzer(),
bro_analyzer()->Conn(), ${rec.is_orig}, selected_identity); bro_analyzer()->Conn(), ${rec.is_orig}, selected_identity);
return true; return true;

4
src/analyzer/protocol/syslog/syslog-analyzer.pac
View file

@ -15,7 +15,7 @@ flow Syslog_Flow
return true; return true;
if ( ${m.has_pri} ) if ( ${m.has_pri} )
BifEvent::enqueue_syslog_message( zeek::BifEvent::enqueue_syslog_message(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${m.PRI.facility}, ${m.PRI.facility},
@ -23,7 +23,7 @@ flow Syslog_Flow
make_intrusive<StringVal>(${m.msg}.length(), (const char*)${m.msg}.begin()) make_intrusive<StringVal>(${m.msg}.length(), (const char*)${m.msg}.begin())
); );
else else
BifEvent::enqueue_syslog_message( zeek::BifEvent::enqueue_syslog_message(
connection()->bro_analyzer(), connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
999, 999,

2
src/analyzer/protocol/xmpp/xmpp-analyzer.pac
View file

@ -33,7 +33,7 @@ refine connection XMPP_Conn += {
{ {
bro_analyzer()->StartTLS(); bro_analyzer()->StartTLS();
if ( xmpp_starttls ) if ( xmpp_starttls )
BifEvent::enqueue_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); zeek::BifEvent::enqueue_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn());
} }
else if ( !is_orig && token == "proceed" ) else if ( !is_orig && token == "proceed" )
reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls"); reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls");

2
testing/btest/plugins/protocol-plugin/src/foo-analyzer.pac
View file

@ -4,7 +4,7 @@ refine connection Foo_Conn += {
function Foo_data(msg: Foo_Message): bool function Foo_data(msg: Foo_Message): bool
%{ %{
auto data = make_intrusive<StringVal>(${msg.data}.length(), (const char*) ${msg.data}.data()); auto data = make_intrusive<StringVal>(${msg.data}.length(), (const char*) ${msg.data}.data());
BifEvent::enqueue_foo_message(bro_analyzer(), bro_analyzer()->Conn(), std::move(data)); zeek::BifEvent::enqueue_foo_message(bro_analyzer(), bro_analyzer()->Conn(), std::move(data));
return true; return true;
%} %}