diff --git a/CHANGES b/CHANGES index bbe0cedf91..051b822154 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,83 @@ +3.2.0-dev.899 | 2020-07-14 00:02:05 +0000 + + * Improve Broker store API's handling of invalid arguments + + * Some methods mistakenly returned a bool instead of QueryResult + when passed an invalid `opaque of Broker::Store` handle. + + * Now generates a runtime exception for store_name() and is_closed() + calls that pass an invalid `opaque of Broker::Store` handle as any + returned value can't be reasonably used in any subsequent logic. + + * Descriptions of any invalid arguments are now given in the error + message. (Jon Siwek, Corelight) + + * Add zeek::detail::emit_builtin_exception() functions + + These work like zeek::emit_builtin_error(), but also throw an InterpreterException (Jon Siwek, Corelight) + + * GH-1024: fix crash on passing wrong types to Broker store API (Jon Siwek, Corelight) + +3.2.0-dev.894 | 2020-07-13 12:12:17 -0700 + + * GH-1019: deprecate icmp_conn params for ICMP events + + Previously, a single `icmp_conn` record was built per ICMP "connection" + and re-used for all events generated from it. This may have been a + historical attempt at performance optimization, but: + + * By default, Zeek does not load any scripts that handle ICMP events. + + * The one script Zeek ships with that does handle ICMP events, + "detect-traceroute", is already noted as being disabled due to + potential performance problems of doing that kind of analysis. + + * Re-use of the original `icmp_conn` record tends to misreport + TTL and length values since they come from original packet instead + of the current one. + + * Even if we chose to still re-use `icmp_conn` records and just fill + in a new TTL and length value each packet, a user script could have + stored a reference to the record and not be expecting those values + to be changed out from underneath them. + + Now, a new `icmp_info` record is created/populated in all ICMP events + and should be used instead of `icmp_conn`. It also removes the + orig_h/resp_h fields as those are redundant with what's already + available in the connection record. (Jon Siwek, Corelight) + +3.2.0-dev.892 | 2020-07-13 12:10:22 -0700 + + * Fix wrong frame offsets for locals of alternate event/hook prototypes + + Local frame offsets were being assigned based on number of the alternate + prototype's parameters, which may end up having less total parameters + than the canonical prototype, causing the local value to incorrectly + overwrite an event/hook argument value. (Jon Siwek, Corelight) + + * Add deprecation expression to deprecated prototype/parameter messages (Jon Siwek, Corelight) + + * Improve "use of deprecated prototype" warning message + + The location information now points out the place of the deprecated + prototype instead of the location where the ID was initially declared + (which may not itself be a deprecated prototype). (Jon Siwek, Corelight) + + * Emit deprecation warning for use of &deprecated function parameters + + Particularly, this is meant for using &deprecated on canonical + event/hook prototype parameters to encourage users to create handlers + to another, non-deprecated prototype. i.e. for canonical prototypes, + we may not always want to put &deprecated directly on the prototype + itself since that signals deprecation of the ID entirely. (Jon Siwek, Corelight) + +3.2.0-dev.885 | 2020-07-10 11:20:41 -0700 + + * Add more error checks to shadow log parsing (Jon Siwek, Corelight) + + i.e. Coverity warns about possible use of ftell() negative return value + 3.2.0-dev.884 | 2020-07-09 14:09:58 -0700 * Add Supervisor::{stdout,stderr}_hook (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index 00849e701f..6297a75c8e 100644 --- a/NEWS +++ b/NEWS @@ -273,6 +273,19 @@ Deprecated Functionality that the former returns a vector with indices starting at 1 while the later returns a vector with indices starting at 0. +- The ``icmp_conn`` parameter of ICMP events is deprecated, there's an + alternate version with an ``icmp_info`` parameter to use instead. + The ``icmp_conn`` record passed to ICMP events has always been re-used + amongst all events within an ICMP "connection", so the + ``itype``, ``icode``, ``len``, and ``hlim`` fields as inspected in + handlers never appears to change even if the underlying packet data + has different values for those fields. However, it's not known if + anyone relied on that behavior, so the new ``icmp_info`` record is + introduced with the more-expected behavior of being created and + populated for each new event. It also removes the orig_h/resp_h + fields since those are redundant with what's already available in + the connection parameter. + Zeek 3.1.0 ========== diff --git a/VERSION b/VERSION index 5700cf836e..3f1e5d2b23 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.2.0-dev.884 +3.2.0-dev.899 diff --git a/auxil/broker b/auxil/broker index f132cdaa28..cb0a780dd5 160000 --- a/auxil/broker +++ b/auxil/broker @@ -1 +1 @@ -Subproject commit f132cdaa28bcfe56187a67ff8c97bdf4040e303a +Subproject commit cb0a780dd5ed0dbdacad5fd1e5d5afd337aee0f7 diff --git a/doc b/doc index d5b36f9ac0..fb7d642ed8 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit d5b36f9ac02d4be67edb6aae35b39dae7bcaa00c +Subproject commit fb7d642ed8b16752daaaa01541a28a2add310f19 diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index aa8c28bd1e..87c24b6eae 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -188,6 +188,19 @@ type icmp_conn: record { v6: bool; ##< True if it's an ICMPv6 packet. }; +## Specifics about an ICMP conversation/packet. +## ICMP events typically pass this in addition to :zeek:type:`conn_id`. +## +## .. zeek:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent +## icmp_time_exceeded icmp_unreachable +type icmp_info: record { + v6: bool; ##< True if it's an ICMPv6 packet. + itype: count; ##< The ICMP type of the current packet. + icode: count; ##< The ICMP code of the current packet. + len: count; ##< The length of the ICMP payload. + ttl: count; ##< The encapsulating IP header's TTL (IPv4) or Hop Limit (IPv6). +}; + ## Packet context part of an ICMP message. The fields of this record reflect the ## packet that is described by the context. ## diff --git a/scripts/policy/misc/detect-traceroute/main.zeek b/scripts/policy/misc/detect-traceroute/main.zeek index 091ceceed6..8125fdd21e 100644 --- a/scripts/policy/misc/detect-traceroute/main.zeek +++ b/scripts/policy/misc/detect-traceroute/main.zeek @@ -95,7 +95,7 @@ event signature_match(state: signature_state, msg: string, data: string) } } -event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context) { SumStats::observe("traceroute.time_exceeded", [$str=cat(context$id$orig_h,"-",context$id$resp_h,"-",get_port_transport_proto(context$id$resp_p))], [$str=cat(c$id$orig_h)]); } diff --git a/src/Attr.cc b/src/Attr.cc index 3aff6718dc..9a446fb763 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -42,6 +42,18 @@ Attr::Attr(AttrTag t) void Attr::SetAttrExpr(ExprPtr e) { expr = std::move(e); } +std::string Attr::DeprecationMessage() const + { + if ( tag != ATTR_DEPRECATED ) + return ""; + + if ( ! expr ) + return ""; + + auto ce = static_cast(expr.get()); + return ce->Value()->AsStringVal()->CheckString(); + } + void Attr::Describe(ODesc* d) const { AddTag(d); diff --git a/src/Attr.h b/src/Attr.h index 0628530ad0..664a73386f 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -3,6 +3,7 @@ #pragma once #include +#include #include "Obj.h" #include "BroList.h" @@ -75,6 +76,12 @@ public: void Describe(ODesc* d) const override; void DescribeReST(ODesc* d, bool shorten = false) const; + /** + * Returns the deprecation string associated with a &deprecated attribute + * or an empty string if this is not such an attribute. + */ + std::string DeprecationMessage() const; + bool operator==(const Attr& other) const { if ( tag != other.tag ) diff --git a/src/Func.cc b/src/Func.cc index 97272efd1b..99cd652891 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -788,31 +788,51 @@ function_ingredients::function_ingredients(zeek::detail::ScopePtr scope, zeek::d this->body = std::move(body); } -} // namespace detail - -void emit_builtin_error(const char* msg) - { - emit_builtin_error(msg, zeek::ValPtr{}); - } - -void emit_builtin_error(const char* msg, zeek::ValPtr arg) - { - emit_builtin_error(msg, arg.get()); - } - -void emit_builtin_error(const char* msg, Obj* arg) +static void emit_builtin_error_common(const char* msg, Obj* arg, bool unwind) { auto emit = [=](const zeek::detail::CallExpr* ce) { if ( ce ) - ce->Error(msg, arg); + { + if ( unwind ) + { + if ( arg ) + { + ODesc d; + arg->Describe(&d); + reporter->ExprRuntimeError(ce, "%s (%s), during call:", msg, + d.Description()); + } + else + reporter->ExprRuntimeError(ce, "%s", msg); + } + else + ce->Error(msg, arg); + } else - reporter->Error(msg, arg); + { + if ( arg ) + { + if ( unwind ) + reporter->RuntimeError(arg->GetLocationInfo(), "%s", msg); + else + arg->Error(msg); + } + else + { + if ( unwind ) + reporter->RuntimeError(nullptr, "%s", msg); + else + reporter->Error("%s", msg); + } + } }; if ( zeek::detail::call_stack.empty() ) { + // Shouldn't happen unless someone (mistakenly) calls builtin_error() + // from somewhere that's not even evaluating script-code. emit(nullptr); return; } @@ -866,6 +886,39 @@ void emit_builtin_error(const char* msg, Obj* arg) emit(last_call.call); } +void emit_builtin_exception(const char* msg) + { + emit_builtin_error_common(msg, nullptr, true); + } + +void emit_builtin_exception(const char* msg, const zeek::ValPtr& arg) + { + emit_builtin_error_common(msg, arg.get(), true); + } + +void emit_builtin_exception(const char* msg, Obj* arg) + { + emit_builtin_error_common(msg, arg, true); + } + +} // namespace detail + + +void emit_builtin_error(const char* msg) + { + zeek::detail::emit_builtin_error_common(msg, nullptr, false); + } + +void emit_builtin_error(const char* msg, const zeek::ValPtr& arg) + { + zeek::detail::emit_builtin_error_common(msg, arg.get(), false); + } + +void emit_builtin_error(const char* msg, Obj* arg) + { + zeek::detail::emit_builtin_error_common(msg, arg, false); + } + } // namespace zeek void builtin_error(const char* msg) @@ -873,7 +926,7 @@ void builtin_error(const char* msg) zeek::emit_builtin_error(msg); } -void builtin_error(const char* msg, zeek::ValPtr arg) +void builtin_error(const char* msg, const zeek::ValPtr& arg) { zeek::emit_builtin_error(msg, arg); } diff --git a/src/Func.h b/src/Func.h index 2f3d703690..50d39607b5 100644 --- a/src/Func.h +++ b/src/Func.h @@ -275,13 +275,17 @@ extern std::vector call_stack; // This is set to true after the built-in functions have been initialized. extern bool did_builtin_init; +extern void emit_builtin_exception(const char* msg); +extern void emit_builtin_exception(const char* msg, const zeek::ValPtr& arg); +extern void emit_builtin_exception(const char* msg, Obj* arg); + } // namespace detail extern std::string render_call_stack(); // These methods are used by BIFs, so they're in the public namespace. extern void emit_builtin_error(const char* msg); -extern void emit_builtin_error(const char* msg, zeek::ValPtr); +extern void emit_builtin_error(const char* msg, const zeek::ValPtr&); extern void emit_builtin_error(const char* msg, Obj* arg); } // namespace zeek diff --git a/src/ID.cc b/src/ID.cc index ba184ccaec..1b8c3fef58 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -294,14 +294,7 @@ std::string ID::GetDeprecationWarning() const const auto& depr_attr = GetAttr(ATTR_DEPRECATED); if ( depr_attr ) - { - auto expr = static_cast(depr_attr->GetExpr().get()); - if ( expr ) - { - StringVal* text = expr->Value()->AsStringVal(); - result = text->CheckString(); - } - } + result = depr_attr->DeprecationMessage(); if ( result.empty() ) return fmt("deprecated (%s)", Name()); diff --git a/src/Type.cc b/src/Type.cc index 6a833ddb9e..cb4b1d793f 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -563,7 +563,7 @@ FuncType::FuncType(RecordTypePtr arg_args, offsets[i] = i; } - prototypes.emplace_back(Prototype{false, args, std::move(offsets)}); + prototypes.emplace_back(Prototype{false, "", args, std::move(offsets)}); } TypePtr FuncType::ShallowClone() @@ -1120,14 +1120,7 @@ string RecordType::GetFieldDeprecationWarning(int field, bool has_check) const { string result; if ( const auto& deprecation = decl->GetAttr(zeek::detail::ATTR_DEPRECATED) ) - { - auto expr = static_cast(deprecation->GetExpr().get()); - if ( expr ) - { - StringVal* text = expr->Value()->AsStringVal(); - result = text->CheckString(); - } - } + result = deprecation->DeprecationMessage(); if ( result.empty() ) return fmt("deprecated (%s%s$%s)", GetName().c_str(), has_check ? "?" : "", diff --git a/src/Type.h b/src/Type.h index b5d58a633c..a28a32c45d 100644 --- a/src/Type.h +++ b/src/Type.h @@ -427,7 +427,10 @@ public: */ struct Prototype { bool deprecated; + std::string deprecation_msg; RecordTypePtr args; + // Maps from parameter index in canonical prototype to + // parameter index in this alternate prorotype. std::map offsets; }; diff --git a/src/Var.cc b/src/Var.cc index baa4c0dae7..16e474ea02 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -96,17 +96,27 @@ static bool add_prototype(const zeek::detail::IDPtr& id, zeek::Type* t, return false; } - offsets[i] = o; + offsets[o] = i; } auto deprecated = false; + std::string depr_msg; if ( attrs ) for ( const auto& a : *attrs ) if ( a->Tag() == zeek::detail::ATTR_DEPRECATED ) + { deprecated = true; + depr_msg = a->DeprecationMessage(); + break; + } + + zeek::FuncType::Prototype p; + p.deprecated = deprecated; + p.deprecation_msg = std::move(depr_msg); + p.args = alt_args; + p.offsets = std::move(offsets); - zeek::FuncType::Prototype p{deprecated, alt_args, std::move(offsets)}; canon_ft->AddPrototype(std::move(p)); return true; } @@ -450,7 +460,25 @@ static std::optional func_type_check(const zeek::Func return {}; } - return decl->FindPrototype(*impl->Params()); + auto rval = decl->FindPrototype(*impl->Params()); + + if ( rval ) + for ( auto i = 0; i < rval->args->NumFields(); ++i ) + if ( auto ad = rval->args->FieldDecl(i)->GetAttr(zeek::detail::ATTR_DEPRECATED) ) + { + auto msg = ad->DeprecationMessage(); + + if ( msg.empty() ) + impl->Warn(fmt("use of deprecated parameter '%s'", + rval->args->FieldName(i)), + decl, true); + else + impl->Warn(fmt("use of deprecated parameter '%s': %s", + rval->args->FieldName(i), msg.data()), + decl, true); + } + + return rval; } static bool canonical_arg_types_match(const zeek::FuncType* decl, const zeek::FuncType* impl) @@ -523,7 +551,15 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, } if ( prototype->deprecated ) - t->Warn("use of deprecated prototype", id.get()); + { + if ( prototype->deprecation_msg.empty() ) + t->Warn(fmt("use of deprecated '%s' prototype", id->Name()), + prototype->args.get(), true); + else + t->Warn(fmt("use of deprecated '%s' prototype: %s", + id->Name(), prototype->deprecation_msg.data()), + prototype->args.get(), true); + } } else { @@ -568,24 +604,54 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, else id->SetType(t); + const auto& args = t->Params(); + const auto& canon_args = id->GetType()->AsFuncType()->Params(); + zeek::detail::push_scope(std::move(id), std::move(attrs)); - const auto& args = t->Params(); - int num_args = args->NumFields(); - - for ( int i = 0; i < num_args; ++i ) + for ( int i = 0; i < canon_args->NumFields(); ++i ) { - zeek::TypeDecl* arg_i = args->FieldDecl(i); + zeek::TypeDecl* arg_i; + bool hide = false; + + if ( prototype ) + { + auto it = prototype->offsets.find(i); + + if ( it == prototype->offsets.end() ) + { + // Alternate prototype hides this param + hide = true; + arg_i = canon_args->FieldDecl(i); + } + else + { + // Alternate prototype maps this param to another index + arg_i = args->FieldDecl(it->second); + } + } + else + { + if ( i < args->NumFields() ) + arg_i = args->FieldDecl(i); + else + break; + } + auto arg_id = zeek::detail::lookup_ID(arg_i->id, module_name); if ( arg_id && ! arg_id->IsGlobal() ) arg_id->Error("argument name used twice"); - arg_id = zeek::detail::install_ID(arg_i->id, module_name, false, false); - arg_id->SetType(arg_i->type); + const char* local_name = arg_i->id; - if ( prototype ) - arg_id->SetOffset(prototype->offsets[i]); + if ( hide ) + // Note the illegal '-' in hidden name implies we haven't + // clobbered any local variable names. + local_name = fmt("%s-hidden", local_name); + + arg_id = zeek::detail::install_ID(local_name, module_name, false, false); + arg_id->SetType(arg_i->type); } if ( zeek::detail::Attr* depr_attr = find_attr(zeek::detail::current_scope()->Attrs().get(), diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index fa6997d206..990262d7e1 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -204,7 +204,8 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, if ( icmp_sent ) EnqueueConnEvent(icmp_sent, ConnVal(), - BuildICMPVal(icmpp, len, icmpv6, ip_hdr) + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + BuildInfo(icmpp, len, icmpv6, ip_hdr) ); if ( icmp_sent_payload ) @@ -214,6 +215,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, EnqueueConnEvent(icmp_sent_payload, ConnVal(), BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + BuildInfo(icmpp, len, icmpv6, ip_hdr), zeek::make_intrusive(payload) ); } @@ -239,6 +241,19 @@ zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len return icmp_conn_val; } +zeek::RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len, + bool icmpv6, const IP_Hdr* ip_hdr) + { + static auto icmp_info = zeek::id::find_type("icmp_info"); + auto rval = zeek::make_intrusive(icmp_info); + rval->Assign(0, zeek::val_mgr->Bool(icmpv6)); + rval->Assign(1, zeek::val_mgr->Count(icmpp->icmp_type)); + rval->Assign(2, zeek::val_mgr->Count(icmpp->icmp_code)); + rval->Assign(3, zeek::val_mgr->Count(len)); + rval->Assign(4, zeek::val_mgr->Count(ip_hdr->TTL())); + return rval; + } + TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port) { const u_char* transport_hdr; @@ -520,6 +535,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), + BuildInfo(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), zeek::val_mgr->Count(iid), zeek::val_mgr->Count(iseq), zeek::make_intrusive(payload) @@ -548,6 +564,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x40), // Other @@ -581,6 +598,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override @@ -608,6 +626,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::make_intrusive(tgtaddr), BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) ); @@ -635,6 +654,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::make_intrusive(tgtaddr), zeek::make_intrusive(dstaddr), BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) @@ -653,6 +673,7 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), BuildNDOptionsVal(caplen, data) ); } @@ -678,6 +699,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 0, ip_hdr), + BuildInfo(icmpp, len, 0, ip_hdr), zeek::val_mgr->Count(icmpp->icmp_code), ExtractICMP4Context(caplen, data) ); @@ -716,6 +738,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::val_mgr->Count(icmpp->icmp_code), ExtractICMP6Context(caplen, data) ); diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index 2e62d477bb..f6abf31ff0 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -57,6 +57,9 @@ protected: zeek::RecordValPtr BuildICMPVal(const struct icmp* icmpp, int len, int icmpv6, const IP_Hdr* ip_hdr); + zeek::RecordValPtr BuildInfo(const struct icmp* icmpp, int len, + bool icmpv6, const IP_Hdr* ip_hdr); + void NextICMP4(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr ); diff --git a/src/analyzer/protocol/icmp/events.bif b/src/analyzer/protocol/icmp/events.bif index ada3fe48a0..96ac63cc03 100644 --- a/src/analyzer/protocol/icmp/events.bif +++ b/src/analyzer/protocol/icmp/events.bif @@ -12,8 +12,13 @@ ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## .. zeek:see:: icmp_error_message icmp_sent_payload -event icmp_sent%(c: connection, icmp: icmp_conn%); +event icmp_sent%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info%); +event icmp_sent%(c: connection, info: icmp_info%); +event icmp_sent%(c: connection, icmp: icmp_conn%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## The same as :zeek:see:`icmp_sent` except containing the ICMP payload. ## @@ -22,10 +27,15 @@ event icmp_sent%(c: connection, icmp: icmp_conn%); ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## payload: The payload of the ICMP message. ## ## .. zeek:see:: icmp_error_message icmp_sent_payload -event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); +event icmp_sent_payload%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, payload: string%); +event icmp_sent_payload%(c: connection, info: icmp_info, payload: string%); +event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *echo request* messages. ## @@ -38,6 +48,9 @@ event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## id: The *echo request* identifier. ## ## seq: The *echo request* sequence number. @@ -46,7 +59,9 @@ event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## after the first 8 bytes of the ICMP header. ## ## .. zeek:see:: icmp_echo_reply -event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); +event icmp_echo_request%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_request%(c: connection, info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn."; ## Generated for ICMP *echo reply* messages. ## @@ -59,6 +74,9 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## id: The *echo reply* identifier. ## ## seq: The *echo reply* sequence number. @@ -67,7 +85,9 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## after the first 8 bytes of the ICMP header. ## ## .. zeek:see:: icmp_echo_request -event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); +event icmp_echo_reply%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_reply%(c: connection, info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn."; ## Generated for all ICMPv6 error messages that are not handled ## separately with dedicated events. Zeek's ICMP analyzer handles a number @@ -83,6 +103,9 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## code: The ICMP code of the error message. ## ## context: A record with specifics of the original packet that the message @@ -90,7 +113,9 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa ## ## .. zeek:see:: icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem -event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_error_message%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_error_message%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *destination unreachable* messages. ## @@ -103,6 +128,9 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *unreachable* message. ## ## context: A record with specifics of the original packet that the message @@ -114,7 +142,9 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## ## .. zeek:see:: icmp_error_message icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem -event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_unreachable%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_unreachable%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMPv6 *packet too big* messages. ## @@ -127,6 +157,9 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *too big* message. ## ## context: A record with specifics of the original packet that the message @@ -138,7 +171,9 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## ## .. zeek:see:: icmp_error_message icmp_unreachable ## icmp_time_exceeded icmp_parameter_problem -event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_packet_too_big%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_packet_too_big%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *time exceeded* messages. ## @@ -151,6 +186,9 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *exceeded* message. ## ## context: A record with specifics of the original packet that the message @@ -162,7 +200,9 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## ## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_parameter_problem -event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_time_exceeded%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_time_exceeded%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMPv6 *parameter problem* messages. ## @@ -175,6 +215,9 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *parameter problem* message. ## ## context: A record with specifics of the original packet that the message @@ -186,7 +229,9 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## ## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded -event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_parameter_problem%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_parameter_problem%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *router solicitation* messages. ## @@ -199,11 +244,16 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## ## .. zeek:see:: icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect -event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%); +event icmp_router_solicitation%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, options: icmp6_nd_options%); +event icmp_router_solicitation%(c: connection, info: icmp_info, options: icmp6_nd_options%); +event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *router advertisement* messages. ## @@ -216,6 +266,9 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_n ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## cur_hop_limit: The default value that should be placed in Hop Count field ## for outgoing IP packets. ## @@ -241,7 +294,9 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_n ## ## .. zeek:see:: icmp_router_solicitation ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect -event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); +event icmp_router_advertisement%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); +event icmp_router_advertisement%(c: connection, info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); +event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *neighbor solicitation* messages. ## @@ -254,13 +309,18 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## tgt: The IP address of the target of the solicitation. ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## ## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_redirect -event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_solicitation%(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *neighbor advertisement* messages. ## @@ -273,6 +333,9 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, opt ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## router: Flag indicating the sender is a router. ## ## solicited: Flag indicating advertisement is in response to a solicitation. @@ -286,7 +349,9 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, opt ## ## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_redirect -event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_advertisement%(c: connection, info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *redirect* messages. ## @@ -299,6 +364,9 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## tgt: The address that is supposed to be a better first hop to use for ## ICMP Destination Address. ## @@ -308,5 +376,6 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## ## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement -event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%); - +event icmp_redirect%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options%); +event icmp_redirect%(c: connection, info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options%); +event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; diff --git a/src/broker/store.bif b/src/broker/store.bif index 61058b631a..81dfe0e44f 100644 --- a/src/broker/store.bif +++ b/src/broker/store.bif @@ -7,6 +7,8 @@ #include "broker/Data.h" #include "Trigger.h" +static bro_broker::StoreHandleVal* to_store_handle(zeek::Val* h) + { return dynamic_cast(h); } %%} module Broker; @@ -74,58 +76,54 @@ function Broker::__create_clone%(id: string, resync_interval: interval, function Broker::__is_closed%(h: opaque of Broker::Store%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; + auto handle = to_store_handle(h); - if ( ! h ) - { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); - } + if ( ! handle ) + zeek::detail::emit_builtin_exception("invalid Broker store handle", h); - auto handle = static_cast(h); return zeek::val_mgr->Bool(broker_mgr->LookupStore(handle->store.name())); %} function Broker::__close%(h: opaque of Broker::Store%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; + auto handle = to_store_handle(h); - if ( ! h ) + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); + zeek::emit_builtin_error("invalid Broker store handle", h); + return val_mgr->False(); } - auto handle = static_cast(h); return zeek::val_mgr->Bool(broker_mgr->CloseStore(handle->store.name())); %} function Broker::__store_name%(h: opaque of Broker::Store%): string %{ - if ( ! h ) - { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->EmptyString(); - } + auto handle = to_store_handle(h); - auto handle = static_cast(h); - return zeek::make_intrusive(handle->store.name()); + if ( ! handle ) + zeek::detail::emit_builtin_exception("invalid Broker store handle", h); + + return make_intrusive(handle->store.name()); %} function Broker::__exists%(h: opaque of Broker::Store, k: any%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); + zeek::emit_builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } @@ -159,18 +157,19 @@ function Broker::__exists%(h: opaque of Broker::Store, function Broker::__get%(h: opaque of Broker::Store, k: any%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); + zeek::emit_builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } @@ -204,25 +203,26 @@ function Broker::__get%(h: opaque of Broker::Store, function Broker::__put_unique%(h: opaque of Broker::Store, k: any, v: any, e: interval%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); + zeek::emit_builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto val = bro_broker::val_to_data(v); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } if ( ! val ) { - zeek::emit_builtin_error("invalid Broker data conversion for value argument"); + zeek::emit_builtin_error("invalid Broker data conversion for value argument", v); return bro_broker::query_result(); } @@ -258,18 +258,19 @@ function Broker::__put_unique%(h: opaque of Broker::Store, function Broker::__get_index_from_value%(h: opaque of Broker::Store, k: any, i: any%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); + zeek::emit_builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } @@ -277,7 +278,7 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( ! index ) { - zeek::emit_builtin_error("invalid Broker data conversion for index argument"); + zeek::emit_builtin_error("invalid Broker data conversion for index argument", i); return bro_broker::query_result(); } @@ -311,13 +312,13 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult %{ - if ( ! h ) - { - zeek::emit_builtin_error("invalid Broker store handle"); - return zeek::val_mgr->False(); - } + auto handle = to_store_handle(h); - auto handle = static_cast(h); + if ( ! handle ) + { + zeek::emit_builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); + } auto trigger = frame->GetTrigger(); @@ -349,25 +350,26 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult function Broker::__put%(h: opaque of Broker::Store, k: any, v: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto val = bro_broker::val_to_data(v); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! val ) { - zeek::emit_builtin_error("invalid Broker data conversion for value argument"); + zeek::emit_builtin_error("invalid Broker data conversion for value argument", v); return zeek::val_mgr->False(); } @@ -377,18 +379,19 @@ function Broker::__put%(h: opaque of Broker::Store, function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } @@ -399,25 +402,26 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto amount = bro_broker::val_to_data(a); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! amount ) { - zeek::emit_builtin_error("invalid Broker data conversion for amount argument"); + zeek::emit_builtin_error("invalid Broker data conversion for amount argument", a); return zeek::val_mgr->False(); } @@ -429,25 +433,26 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto amount = bro_broker::val_to_data(a); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! amount ) { - zeek::emit_builtin_error("invalid Broker data conversion for amount argument"); + zeek::emit_builtin_error("invalid Broker data conversion for amount argument", a); return zeek::val_mgr->False(); } @@ -458,25 +463,26 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto str = bro_broker::val_to_data(s); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! str ) { - zeek::emit_builtin_error("invalid Broker data conversion for str argument"); + zeek::emit_builtin_error("invalid Broker data conversion for str argument", s); return zeek::val_mgr->False(); } @@ -487,25 +493,26 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto idx = bro_broker::val_to_data(i); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! idx ) { - zeek::emit_builtin_error("invalid Broker data conversion for index argument"); + zeek::emit_builtin_error("invalid Broker data conversion for index argument", i); return zeek::val_mgr->False(); } @@ -517,32 +524,33 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, i: any, v: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto idx = bro_broker::val_to_data(i); auto val = bro_broker::val_to_data(v); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! idx ) { - zeek::emit_builtin_error("invalid Broker data conversion for index argument"); + zeek::emit_builtin_error("invalid Broker data conversion for index argument", i); return zeek::val_mgr->False(); } if ( ! val ) { - zeek::emit_builtin_error("invalid Broker data conversion for value argument"); + zeek::emit_builtin_error("invalid Broker data conversion for value argument", v); return zeek::val_mgr->False(); } @@ -554,25 +562,26 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto idx = bro_broker::val_to_data(i); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! idx ) { - zeek::emit_builtin_error("invalid Broker data conversion for index argument"); + zeek::emit_builtin_error("invalid Broker data conversion for index argument", i); return zeek::val_mgr->False(); } @@ -584,25 +593,26 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto val = bro_broker::val_to_data(v); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } if ( ! val ) { - zeek::emit_builtin_error("invalid Broker data conversion for value argument"); + zeek::emit_builtin_error("invalid Broker data conversion for value argument", v); return zeek::val_mgr->False(); } @@ -612,18 +622,19 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) { - zeek::emit_builtin_error("invalid Broker data conversion for key argument"); + zeek::emit_builtin_error("invalid Broker data conversion for key argument", k); return zeek::val_mgr->False(); } @@ -633,14 +644,14 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool function Broker::__clear%(h: opaque of Broker::Store%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { - zeek::emit_builtin_error("invalid Broker store handle"); + zeek::emit_builtin_error("invalid Broker store handle", h); return zeek::val_mgr->False(); } - auto handle = static_cast(h); - handle->store.clear(); return zeek::val_mgr->True(); %} diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc index c1646d82f5..897fd36fb9 100644 --- a/src/logging/writers/ascii/Ascii.cc +++ b/src/logging/writers/ascii/Ascii.cc @@ -111,9 +111,35 @@ static std::optional parse_shadow_log(const std::string& fname) return rval; } - fseek(sf_stream, 0, SEEK_END); + int res = fseek(sf_stream, 0, SEEK_END); + + if ( res == -1 ) + { + rval.error = fmt("Failed to fseek(SEEK_END) on %s: %s", + rval.shadow_filename.data(), strerror(errno)); + fclose(sf_stream); + return rval; + } + auto sf_len = ftell(sf_stream); - fseek(sf_stream, 0, SEEK_SET); + + if ( sf_len == -1 ) + { + rval.error = fmt("Failed to ftell() on %s: %s", + rval.shadow_filename.data(), strerror(errno)); + fclose(sf_stream); + return rval; + } + + res = fseek(sf_stream, 0, SEEK_SET); + + if ( res == -1 ) + { + rval.error = fmt("Failed to fseek(SEEK_SET) on %s: %s", + rval.shadow_filename.data(), strerror(errno)); + fclose(sf_stream); + return rval; + } auto sf_content = std::make_unique(sf_len); auto bytes_read = fread(sf_content.get(), 1, sf_len, sf_stream); diff --git a/testing/btest/Baseline/broker.store.invalid-handle/out b/testing/btest/Baseline/broker.store.invalid-handle/out new file mode 100644 index 0000000000..01aac30529 --- /dev/null +++ b/testing/btest/Baseline/broker.store.invalid-handle/out @@ -0,0 +1,3 @@ +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/broker.store.invalid-handle/invalid-handle.zeek, line 18: invalid Broker store handle (0), during call: (Broker::is_closed(a)) +error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/broker.store.invalid-handle/invalid-handle.zeek, line 6: invalid Broker store handle (Broker::keys(a) and 0) +keys, [status=Broker::FAILURE, result=[data=]] diff --git a/testing/btest/Baseline/core.icmp.icmp-context/output b/testing/btest/Baseline/core.icmp.icmp-context/output index 40dc778d8b..d3dc6b08a3 100644 --- a/testing/btest/Baseline/core.icmp.icmp-context/output +++ b/testing/btest/Baseline/core.icmp.icmp-context/output @@ -1,12 +1,12 @@ icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, hlim=64, v6=F] + icmp_info: [v6=F, itype=3, icode=0, len=0, ttl=64] icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, hlim=64, v6=F] + icmp_info: [v6=F, itype=3, icode=0, len=20, ttl=64] icmp_context: [id=[orig_h=10.0.0.2, orig_p=0/unknown, resp_h=10.0.0.1, resp_p=0/unknown], len=20, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=3) conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp] - icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F] + icmp_info: [v6=F, itype=3, icode=3, len=148, ttl=128] icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp-events/output b/testing/btest/Baseline/core.icmp.icmp-events/output index c72af480d5..e4867b6cd4 100644 --- a/testing/btest/Baseline/core.icmp.icmp-events/output +++ b/testing/btest/Baseline/core.icmp.icmp-events/output @@ -1,20 +1,20 @@ icmp_unreachable (code=3) conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp] - icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F] + icmp_info: [v6=F, itype=3, icode=3, len=148, ttl=128] icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, hlim=64, v6=F] + icmp_info: [v6=F, itype=11, icode=0, len=32, ttl=64] icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=8, icode=0, len=56, ttl=64] icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=0, icode=0, len=56, ttl=56] icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=8, icode=0, len=56, ttl=64] icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=0, icode=0, len=56, ttl=56] diff --git a/testing/btest/Baseline/core.icmp.icmp6-context/output b/testing/btest/Baseline/core.icmp.icmp6-context/output index 7a83679018..f295164626 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-context/output +++ b/testing/btest/Baseline/core.icmp.icmp6-context/output @@ -1,16 +1,16 @@ icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=0, ttl=64] icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=40, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=60, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=48, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-events/output b/testing/btest/Baseline/core.icmp.icmp6-events/output index fdb58e5be1..b5a9bc7263 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-events/output +++ b/testing/btest/Baseline/core.icmp.icmp6-events/output @@ -1,46 +1,46 @@ icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=60, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_packet_too_big (code=0) conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, hlim=64, v6=T] + icmp_info: [v6=T, itype=2, icode=0, len=52, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, hlim=64, v6=T] + icmp_info: [v6=T, itype=3, icode=0, len=52, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_parameter_problem (code=0) conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, hlim=64, v6=T] + icmp_info: [v6=T, itype=4, icode=0, len=52, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_redirect (tgt=fe80::cafe, dest=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T] + icmp_info: [v6=T, itype=137, icode=0, len=32, ttl=255] options: [] icmp_router_advertisement cur_hop_limit=13 @@ -54,20 +54,20 @@ icmp_router_advertisement reachable_time=3.0 secs 700.0 msecs retrans_timer=1.0 sec 300.0 msecs conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T] + icmp_info: [v6=T, itype=134, icode=0, len=8, ttl=255] options: [] icmp_neighbor_advertisement (tgt=fe80::babe) router=T solicited=F override=T conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T] + icmp_info: [v6=T, itype=136, icode=0, len=16, ttl=255] options: [] icmp_router_solicitation conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T] + icmp_info: [v6=T, itype=133, icode=0, len=0, ttl=255] options: [] icmp_neighbor_solicitation (tgt=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T] + icmp_info: [v6=T, itype=135, icode=0, len=16, ttl=255] options: [] diff --git a/testing/btest/Baseline/core.icmp.icmp_sent/out b/testing/btest/Baseline/core.icmp.icmp_sent/out index cf8fe9e4e1..42457061ba 100644 --- a/testing/btest/Baseline/core.icmp.icmp_sent/out +++ b/testing/btest/Baseline/core.icmp.icmp_sent/out @@ -1,2 +1,2 @@ -icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T] -icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T], 20 +icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [v6=T, itype=143, icode=0, len=20, ttl=1] +icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [v6=T, itype=143, icode=0, len=20, ttl=1], 20 diff --git a/testing/btest/Baseline/language.alternate-event-hook-prototypes/out b/testing/btest/Baseline/language.alternate-event-hook-prototypes/out index aa70ccc747..66d22d20e4 100644 --- a/testing/btest/Baseline/language.alternate-event-hook-prototypes/out +++ b/testing/btest/Baseline/language.alternate-event-hook-prototypes/out @@ -1,4 +1,4 @@ -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 68 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 10: use of deprecated prototype (hook(c:count;) : bool and my_hook) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 68 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 13: use of deprecated 'my_hook' prototype (hook(c:count;) : bool) my_hook, infinite, 13 my_hook, 13, infinite my_hook, infinite diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error new file mode 100644 index 0000000000..3e7b9120c4 --- /dev/null +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error @@ -0,0 +1,3 @@ +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 11 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated parameter 'b': Don't use 'b' (event(a:string; b:string; c:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 30 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9: use of deprecated 'myev' prototype: Don't use this prototype (event(a:string; b:string;)) +error in ./hide.zeek, line 5: unknown identifier b, at or near "b" diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out new file mode 100644 index 0000000000..b3686a0b23 --- /dev/null +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out @@ -0,0 +1,8 @@ +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 11 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated parameter 'b': Don't use 'b' (event(a:string; b:string; c:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 30 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9: use of deprecated 'myev' prototype: Don't use this prototype (event(a:string; b:string;)) +myev (canon), one, two, three +myev (new), one, three, [1, 2, 3] +myev (new), one, three, 0 +myev (new), one, three, 1 +myev (new), one, three, 2 +myev (old), one, two diff --git a/testing/btest/bifs/get_current_packet_header.zeek b/testing/btest/bifs/get_current_packet_header.zeek index 8efa727e11..aeca5a8bdc 100644 --- a/testing/btest/bifs/get_current_packet_header.zeek +++ b/testing/btest/bifs/get_current_packet_header.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: zeek -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output # @TEST-EXEC: btest-diff output -event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_solicitation(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options) { local hdr: raw_pkt_hdr = get_current_packet_header(); print fmt("%s", hdr); - } \ No newline at end of file + } diff --git a/testing/btest/broker/store/invalid-handle.zeek b/testing/btest/broker/store/invalid-handle.zeek new file mode 100644 index 0000000000..c97669af60 --- /dev/null +++ b/testing/btest/broker/store/invalid-handle.zeek @@ -0,0 +1,34 @@ +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +function print_keys(a: any) + { + when ( local s = Broker::keys(a) ) + { + print "keys", s; + } + timeout 2sec + { + print fmt(""); + } + } + +function checkit(a: any) + { + if ( Broker::is_closed(a) ) + print "this shouldn't get printed"; + else + print "this shouldn't get printed either"; + } + +global a: int = 0; + +event zeek_init() &priority=10 + { + checkit(a); + } + +event zeek_init() + { + print_keys(a); + } diff --git a/testing/btest/core/icmp/icmp-context.test b/testing/btest/core/icmp/icmp-context.test index 58e696cf9c..b88ea2e473 100644 --- a/testing/btest/core/icmp/icmp-context.test +++ b/testing/btest/core/icmp/icmp-context.test @@ -5,10 +5,10 @@ # @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } diff --git a/testing/btest/core/icmp/icmp-events.test b/testing/btest/core/icmp/icmp-events.test index 3aa0ee1177..5504e8dd3e 100644 --- a/testing/btest/core/icmp/icmp-events.test +++ b/testing/btest/core/icmp/icmp-events.test @@ -6,39 +6,39 @@ # @TEST-EXEC: btest-diff output -event icmp_sent(c: connection, icmp: icmp_conn) +event icmp_sent(c: connection, info: icmp_info) { print "icmp_sent"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_request(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_request (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_reply(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_reply (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_time_exceeded (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } diff --git a/testing/btest/core/icmp/icmp6-context.test b/testing/btest/core/icmp/icmp6-context.test index 66d57b527b..9c50aa6ccc 100644 --- a/testing/btest/core/icmp/icmp6-context.test +++ b/testing/btest/core/icmp/icmp6-context.test @@ -6,10 +6,10 @@ # @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 6174e697fd..374a15150b 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -13,103 +13,103 @@ # @TEST-EXEC: btest-diff output -event icmp_sent(c: connection, icmp: icmp_conn) +event icmp_sent(c: connection, info: icmp_info) { print "icmp_sent"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_request(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_request (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_reply(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_reply (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_packet_too_big(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_packet_too_big(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_packet_too_big (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_time_exceeded (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_parameter_problem(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_parameter_problem(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_parameter_problem (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options) +event icmp_redirect(c: connection, info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options) { print "icmp_redirect (tgt=" + fmt("%s", tgt) + ", dest=" + fmt("%s", dest) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_error_message(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_error_message(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_error_message (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_solicitation(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_solicitation (tgt=" + fmt("%s", tgt) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_advertisement(c: connection, info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_advertisement (tgt=" + fmt("%s", tgt) + ")"; print " router=" + fmt("%s", router); print " solicited=" + fmt("%s", solicited); print " override=" + fmt("%s", override); print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_router_solicitation(c: connection, icmp: icmp_conn, options: icmp6_nd_options) +event icmp_router_solicitation(c: connection, info: icmp_info, options: icmp6_nd_options) { print "icmp_router_solicitation"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) +event icmp_router_advertisement(c: connection, info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) { print "icmp_router_advertisement"; print " cur_hop_limit=" + fmt("%s", cur_hop_limit); @@ -123,6 +123,6 @@ event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: c print " reachable_time=" + fmt("%s", reachable_time); print " retrans_timer=" + fmt("%s", retrans_timer); print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } diff --git a/testing/btest/core/icmp/icmp6-nd-options.test b/testing/btest/core/icmp/icmp6-nd-options.test index 93f1931524..4defa83b09 100644 --- a/testing/btest/core/icmp/icmp6-nd-options.test +++ b/testing/btest/core/icmp/icmp6-nd-options.test @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-diff output -event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) +event icmp_router_advertisement(c: connection, info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) { print "icmp_router_advertisement options"; for ( o in options ) @@ -17,7 +17,7 @@ event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: c } } -event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_advertisement(c: connection, info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_advertisement options"; for ( o in options ) @@ -27,7 +27,7 @@ event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, } } -event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options) +event icmp_redirect(c: connection, info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options) { print "icmp_redirect options"; for ( o in options ) diff --git a/testing/btest/core/icmp/icmp_sent.zeek b/testing/btest/core/icmp/icmp_sent.zeek index 72e6ab543b..5ca4be7b3d 100644 --- a/testing/btest/core/icmp/icmp_sent.zeek +++ b/testing/btest/core/icmp/icmp_sent.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out # @TEST-EXEC: btest-diff out -event icmp_sent(c: connection, icmp: icmp_conn) +event icmp_sent(c: connection, info: icmp_info) { - print "icmp_sent", c$id, icmp; + print "icmp_sent", c$id, info; } -event icmp_sent_payload(c: connection, icmp: icmp_conn, payload: string) +event icmp_sent_payload(c: connection, info: icmp_info, payload: string) { - print "icmp_sent_payload", c$id, icmp, |payload|; + print "icmp_sent_payload", c$id, info, |payload|; } diff --git a/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek b/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek index 1b572a007a..caeb9cfc2d 100644 --- a/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek +++ b/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: zeek -b -r $TRACES/tunnels/gre-erspan3-dot1q.pcap %INPUT > out # @TEST-EXEC: btest-diff out -event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_request(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "echo request", id, seq; } -event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_reply(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "echo reply", id, seq; } diff --git a/testing/btest/language/alternate-prototypes-deprecated-args.zeek b/testing/btest/language/alternate-prototypes-deprecated-args.zeek new file mode 100644 index 0000000000..d6c40425eb --- /dev/null +++ b/testing/btest/language/alternate-prototypes-deprecated-args.zeek @@ -0,0 +1,47 @@ +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 +# +# @TEST-EXEC-FAIL: zeek -b %INPUT hide.zeek >hidden-error 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff hidden-error + +global myev: event(a: string, b: string &deprecated="Don't use 'b'", c: string); +global myev: event(a: string, c: string); +global myev: event(a: string, b: string) &deprecated="Don't use this prototype"; + +event myev(a: string, b: string, c: string) &priority=11 + { + print "myev (canon)", a, b, c; + } + +event myev(a: string, c: string) &priority = 7 + { + local ddd = vector(1,2,3); + print "myev (new)", a, c, ddd; + } + +global eee = vector(1,2,3); + +event myev(a: string, c: string) &priority = 6 + { + for ( o in eee ) + print "myev (new)", a, c, o; + } + +event myev(a: string, b: string) &priority = 5 + { + print "myev (old)", a, b; + } + +event zeek_init() + { + event myev("one", "two", "three"); + } + +@TEST-START-FILE hide.zeek +event myev(a: string, c: string) &priority = 7 + { + local ddd = vector(1,2,3); + print "myev (new)", a, c, ddd; + print b; + } +@TEST-END-FILE