From 9f16fa6474e479493dad86a947a47f6b4a9106e7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 24 Jun 2020 20:21:12 -0700 Subject: [PATCH 01/12] GH-1024: fix crash on passing wrong types to Broker store API --- src/broker/store.bif | 97 +++++++++++-------- .../Baseline/broker.store.invalid-handle/out | 2 + .../btest/broker/store/invalid-handle.zeek | 21 ++++ 3 files changed, 81 insertions(+), 39 deletions(-) create mode 100644 testing/btest/Baseline/broker.store.invalid-handle/out create mode 100644 testing/btest/broker/store/invalid-handle.zeek diff --git a/src/broker/store.bif b/src/broker/store.bif index 68262f667b..340936ebda 100644 --- a/src/broker/store.bif +++ b/src/broker/store.bif @@ -20,6 +20,9 @@ static broker::optional prepare_expiry(double e) return ts; } + +static bro_broker::StoreHandleVal* to_store_handle(Val* h) + { return dynamic_cast(h); } %%} module Broker; @@ -87,53 +90,55 @@ function Broker::__create_clone%(id: string, resync_interval: interval, function Broker::__is_closed%(h: opaque of Broker::Store%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; + auto handle = to_store_handle(h); - if ( ! h ) + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); return val_mgr->Bool(broker_mgr->LookupStore(handle->store.name())); %} function Broker::__close%(h: opaque of Broker::Store%): bool %{ bro_broker::Manager::ScriptScopeGuard ssg; + auto handle = to_store_handle(h); - if ( ! h ) + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); return val_mgr->Bool(broker_mgr->CloseStore(handle->store.name())); %} function Broker::__store_name%(h: opaque of Broker::Store%): string %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->EmptyString(); } - auto handle = static_cast(h); return make_intrusive(handle->store.name()); %} function Broker::__exists%(h: opaque of Broker::Store, k: any%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) @@ -172,13 +177,14 @@ function Broker::__exists%(h: opaque of Broker::Store, function Broker::__get%(h: opaque of Broker::Store, k: any%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) @@ -217,13 +223,14 @@ function Broker::__get%(h: opaque of Broker::Store, function Broker::__put_unique%(h: opaque of Broker::Store, k: any, v: any, e: interval%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto val = bro_broker::val_to_data(v); @@ -271,13 +278,14 @@ function Broker::__put_unique%(h: opaque of Broker::Store, function Broker::__get_index_from_value%(h: opaque of Broker::Store, k: any, i: any%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) @@ -324,14 +332,14 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); - auto trigger = frame->GetTrigger(); if ( ! trigger ) @@ -362,13 +370,14 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult function Broker::__put%(h: opaque of Broker::Store, k: any, v: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto val = bro_broker::val_to_data(v); @@ -390,13 +399,14 @@ function Broker::__put%(h: opaque of Broker::Store, function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) @@ -412,13 +422,14 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto amount = bro_broker::val_to_data(a); @@ -442,13 +453,14 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto amount = bro_broker::val_to_data(a); @@ -471,13 +483,14 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto str = bro_broker::val_to_data(s); @@ -500,13 +513,14 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto idx = bro_broker::val_to_data(i); @@ -530,13 +544,14 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, i: any, v: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto idx = bro_broker::val_to_data(i); auto val = bro_broker::val_to_data(v); @@ -567,13 +582,14 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto idx = bro_broker::val_to_data(i); @@ -597,13 +613,14 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); auto val = bro_broker::val_to_data(v); @@ -625,13 +642,14 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); auto key = bro_broker::val_to_data(k); if ( ! key ) @@ -646,13 +664,14 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool function Broker::__clear%(h: opaque of Broker::Store%): bool %{ - if ( ! h ) + auto handle = to_store_handle(h); + + if ( ! handle ) { builtin_error("invalid Broker store handle"); return val_mgr->False(); } - auto handle = static_cast(h); handle->store.clear(); return val_mgr->True(); diff --git a/testing/btest/Baseline/broker.store.invalid-handle/out b/testing/btest/Baseline/broker.store.invalid-handle/out new file mode 100644 index 0000000000..469583e41c --- /dev/null +++ b/testing/btest/Baseline/broker.store.invalid-handle/out @@ -0,0 +1,2 @@ +error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/broker.store.invalid-handle/invalid-handle.zeek, line 6: invalid Broker store handle (Broker::keys(a)) +keys, F diff --git a/testing/btest/broker/store/invalid-handle.zeek b/testing/btest/broker/store/invalid-handle.zeek new file mode 100644 index 0000000000..c7e30addbe --- /dev/null +++ b/testing/btest/broker/store/invalid-handle.zeek @@ -0,0 +1,21 @@ +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +function print_keys(a: any) + { + when ( local s = Broker::keys(a) ) + { + print "keys", s; + } + timeout 2sec + { + print fmt(""); + } + } + +global a: int = 0; + +event zeek_init() + { + print_keys(a); + } From 2b698c4e1b607dfa3a4a5742e2183f3b1221dd9e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 24 Jun 2020 22:54:46 -0700 Subject: [PATCH 02/12] Add builtin_exception() functions These work like builtin_error(), but also throw an InterpreterException --- src/Func.cc | 67 ++++++++++++++++++++++++++++++++++++++++++----------- src/Func.h | 5 +++- 2 files changed, 57 insertions(+), 15 deletions(-) diff --git a/src/Func.cc b/src/Func.cc index 8bdcf2d2c5..5acb37c8ad 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -663,29 +663,50 @@ void BuiltinFunc::Describe(ODesc* d) const d->AddCount(is_pure); } -void builtin_error(const char* msg) - { - builtin_error(msg, IntrusivePtr{}); - } - -void builtin_error(const char* msg, IntrusivePtr arg) - { - builtin_error(msg, arg.get()); - } - -void builtin_error(const char* msg, BroObj* arg) +static void builtin_error_common(const char* msg, BroObj* arg, bool unwind) { auto emit = [=](const zeek::detail::CallExpr* ce) { if ( ce ) - ce->Error(msg, arg); + { + if ( unwind ) + { + if ( arg ) + { + ODesc d; + arg->Describe(&d); + reporter->ExprRuntimeError(ce, "%s (%s), during call:", msg, + d.Description()); + } + else + reporter->ExprRuntimeError(ce, "%s", msg); + } + else + ce->Error(msg, arg); + } else - reporter->Error(msg, arg); + { + if ( arg ) + { + if ( unwind ) + reporter->RuntimeError(arg->GetLocationInfo(), "%s", msg); + else + arg->Error(msg); + } + else + { + if ( unwind ) + reporter->RuntimeError(nullptr, "%s", msg); + else + reporter->Error("%s", msg); + } + } }; - if ( call_stack.empty() ) { + // Shouldn't happen unless someone (mistakenly) calls builtin_error() + // from somewhere that's not even evaluating script-code. emit(nullptr); return; } @@ -739,6 +760,24 @@ void builtin_error(const char* msg, BroObj* arg) emit(last_call.call); } +void builtin_error(const char* msg) + { builtin_error_common(msg, nullptr, false); } + +void builtin_error(const char* msg, const IntrusivePtr& arg) + { builtin_error_common(msg, arg.get(), false); } + +void builtin_error(const char* msg, BroObj* arg) + { builtin_error_common(msg, arg, false); } + +void builtin_exception(const char* msg) + { builtin_error_common(msg, nullptr, true); } + +void builtin_exception(const char* msg, const IntrusivePtr& arg) + { builtin_error_common(msg, arg.get(), true); } + +void builtin_exception(const char* msg, BroObj* arg) + { builtin_error_common(msg, arg, true); } + #include "zeek.bif.func_h" #include "stats.bif.func_h" #include "reporter.bif.func_h" diff --git a/src/Func.h b/src/Func.h index b1a2eae796..fe391a3e8a 100644 --- a/src/Func.h +++ b/src/Func.h @@ -236,8 +236,11 @@ protected: extern void builtin_error(const char* msg); -extern void builtin_error(const char* msg, IntrusivePtr); +extern void builtin_error(const char* msg, const IntrusivePtr& arg); extern void builtin_error(const char* msg, BroObj* arg); +extern void builtin_exception(const char* msg); +extern void builtin_exception(const char* msg, const IntrusivePtr& arg); +extern void builtin_exception(const char* msg, BroObj* arg); extern void init_builtin_funcs(); extern void init_builtin_funcs_subdirs(); From a9f853efcd150644be3660c7763a498b59eb0bc0 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 24 Jun 2020 22:56:14 -0700 Subject: [PATCH 03/12] Improve Broker store API's handling of invalid arguments * Some methods mistakenly returned a bool instead of QueryResult when passed an invalid `opaque of Broker::Store` handle. * Now generates a runtime exception for store_name() and is_closed() calls that pass an invalid `opaque of Broker::Store` handle as any returned value can't be reasonably used in any subsequent logic. * Descriptions of any invalid arguments are now given in the error message. --- src/broker/store.bif | 107 ++++++++---------- .../Baseline/broker.store.invalid-handle/out | 5 +- .../btest/broker/store/invalid-handle.zeek | 13 +++ 3 files changed, 66 insertions(+), 59 deletions(-) diff --git a/src/broker/store.bif b/src/broker/store.bif index 340936ebda..bce3da5e75 100644 --- a/src/broker/store.bif +++ b/src/broker/store.bif @@ -93,10 +93,7 @@ function Broker::__is_closed%(h: opaque of Broker::Store%): bool auto handle = to_store_handle(h); if ( ! handle ) - { - builtin_error("invalid Broker store handle"); - return val_mgr->False(); - } + builtin_exception("invalid Broker store handle", h); return val_mgr->Bool(broker_mgr->LookupStore(handle->store.name())); %} @@ -108,7 +105,7 @@ function Broker::__close%(h: opaque of Broker::Store%): bool if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -120,10 +117,7 @@ function Broker::__store_name%(h: opaque of Broker::Store%): string auto handle = to_store_handle(h); if ( ! handle ) - { - builtin_error("invalid Broker store handle"); - return val_mgr->EmptyString(); - } + builtin_exception("invalid Broker store handle", h); return make_intrusive(handle->store.name()); %} @@ -135,15 +129,15 @@ function Broker::__exists%(h: opaque of Broker::Store, if ( ! handle ) { - builtin_error("invalid Broker store handle"); - return val_mgr->False(); + builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } auto key = bro_broker::val_to_data(k); if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } @@ -181,15 +175,15 @@ function Broker::__get%(h: opaque of Broker::Store, if ( ! handle ) { - builtin_error("invalid Broker store handle"); - return val_mgr->False(); + builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } auto key = bro_broker::val_to_data(k); if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } @@ -227,8 +221,8 @@ function Broker::__put_unique%(h: opaque of Broker::Store, if ( ! handle ) { - builtin_error("invalid Broker store handle"); - return val_mgr->False(); + builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } auto key = bro_broker::val_to_data(k); @@ -236,13 +230,13 @@ function Broker::__put_unique%(h: opaque of Broker::Store, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } if ( ! val ) { - builtin_error("invalid Broker data conversion for value argument"); + builtin_error("invalid Broker data conversion for value argument", v); return bro_broker::query_result(); } @@ -282,15 +276,15 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( ! handle ) { - builtin_error("invalid Broker store handle"); - return val_mgr->False(); + builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } auto key = bro_broker::val_to_data(k); if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return bro_broker::query_result(); } @@ -298,10 +292,10 @@ function Broker::__get_index_from_value%(h: opaque of Broker::Store, if ( ! index ) { - builtin_error("invalid Broker data conversion for index argument"); + builtin_error("invalid Broker data conversion for index argument", i); return bro_broker::query_result(); } - + auto trigger = frame->GetTrigger(); if ( ! trigger ) @@ -336,8 +330,8 @@ function Broker::__keys%(h: opaque of Broker::Store%): Broker::QueryResult if ( ! handle ) { - builtin_error("invalid Broker store handle"); - return val_mgr->False(); + builtin_error("invalid Broker store handle", h); + return bro_broker::query_result(); } auto trigger = frame->GetTrigger(); @@ -374,7 +368,7 @@ function Broker::__put%(h: opaque of Broker::Store, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -383,13 +377,13 @@ function Broker::__put%(h: opaque of Broker::Store, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! val ) { - builtin_error("invalid Broker data conversion for value argument"); + builtin_error("invalid Broker data conversion for value argument", v); return val_mgr->False(); } @@ -403,7 +397,7 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -411,7 +405,7 @@ function Broker::__erase%(h: opaque of Broker::Store, k: any%): bool if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } @@ -426,7 +420,7 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -435,13 +429,13 @@ function Broker::__increment%(h: opaque of Broker::Store, k: any, a: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! amount ) { - builtin_error("invalid Broker data conversion for amount argument"); + builtin_error("invalid Broker data conversion for amount argument", a); return val_mgr->False(); } @@ -457,7 +451,7 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -466,13 +460,13 @@ function Broker::__decrement%(h: opaque of Broker::Store, k: any, a: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! amount ) { - builtin_error("invalid Broker data conversion for amount argument"); + builtin_error("invalid Broker data conversion for amount argument", a); return val_mgr->False(); } @@ -487,7 +481,7 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -496,13 +490,13 @@ function Broker::__append%(h: opaque of Broker::Store, k: any, s: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! str ) { - builtin_error("invalid Broker data conversion for str argument"); + builtin_error("invalid Broker data conversion for str argument", s); return val_mgr->False(); } @@ -517,7 +511,7 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -526,13 +520,13 @@ function Broker::__insert_into_set%(h: opaque of Broker::Store, k: any, i: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! idx ) { - builtin_error("invalid Broker data conversion for index argument"); + builtin_error("invalid Broker data conversion for index argument", i); return val_mgr->False(); } @@ -548,7 +542,7 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -558,19 +552,19 @@ function Broker::__insert_into_table%(h: opaque of Broker::Store, k: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! idx ) { - builtin_error("invalid Broker data conversion for index argument"); + builtin_error("invalid Broker data conversion for index argument", i); return val_mgr->False(); } if ( ! val ) { - builtin_error("invalid Broker data conversion for value argument"); + builtin_error("invalid Broker data conversion for value argument", v); return val_mgr->False(); } @@ -586,7 +580,7 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -595,13 +589,13 @@ function Broker::__remove_from%(h: opaque of Broker::Store, k: any, i: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! idx ) { - builtin_error("invalid Broker data conversion for index argument"); + builtin_error("invalid Broker data conversion for index argument", i); return val_mgr->False(); } @@ -617,7 +611,7 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -626,13 +620,13 @@ function Broker::__push%(h: opaque of Broker::Store, k: any, v: any, if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } if ( ! val ) { - builtin_error("invalid Broker data conversion for value argument"); + builtin_error("invalid Broker data conversion for value argument", v); return val_mgr->False(); } @@ -646,7 +640,7 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } @@ -654,7 +648,7 @@ function Broker::__pop%(h: opaque of Broker::Store, k: any, e: interval%): bool if ( ! key ) { - builtin_error("invalid Broker data conversion for key argument"); + builtin_error("invalid Broker data conversion for key argument", k); return val_mgr->False(); } @@ -668,11 +662,10 @@ function Broker::__clear%(h: opaque of Broker::Store%): bool if ( ! handle ) { - builtin_error("invalid Broker store handle"); + builtin_error("invalid Broker store handle", h); return val_mgr->False(); } - handle->store.clear(); return val_mgr->True(); %} diff --git a/testing/btest/Baseline/broker.store.invalid-handle/out b/testing/btest/Baseline/broker.store.invalid-handle/out index 469583e41c..01aac30529 100644 --- a/testing/btest/Baseline/broker.store.invalid-handle/out +++ b/testing/btest/Baseline/broker.store.invalid-handle/out @@ -1,2 +1,3 @@ -error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/broker.store.invalid-handle/invalid-handle.zeek, line 6: invalid Broker store handle (Broker::keys(a)) -keys, F +expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/broker.store.invalid-handle/invalid-handle.zeek, line 18: invalid Broker store handle (0), during call: (Broker::is_closed(a)) +error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/broker.store.invalid-handle/invalid-handle.zeek, line 6: invalid Broker store handle (Broker::keys(a) and 0) +keys, [status=Broker::FAILURE, result=[data=]] diff --git a/testing/btest/broker/store/invalid-handle.zeek b/testing/btest/broker/store/invalid-handle.zeek index c7e30addbe..c97669af60 100644 --- a/testing/btest/broker/store/invalid-handle.zeek +++ b/testing/btest/broker/store/invalid-handle.zeek @@ -13,8 +13,21 @@ function print_keys(a: any) } } +function checkit(a: any) + { + if ( Broker::is_closed(a) ) + print "this shouldn't get printed"; + else + print "this shouldn't get printed either"; + } + global a: int = 0; +event zeek_init() &priority=10 + { + checkit(a); + } + event zeek_init() { print_keys(a); From 26b3d406b4e9b20072ef4dc881954b984ec3390f Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 9 Jul 2020 20:27:59 -0700 Subject: [PATCH 04/12] Emit deprecation warning for use of &deprecated function parameters Particularly, this is meant for using &deprecated on canonical event/hook prototype parameters to encourage users to create handlers to another, non-deprecated prototype. i.e. for canonical prototypes, we may not always want to put &deprecated directly on the prototype itself since that signals deprecation of the ID entirely. --- src/Var.cc | 10 ++++++- .../out | 5 ++++ .../alternate-prototypes-deprecated-args.zeek | 28 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out create mode 100644 testing/btest/language/alternate-prototypes-deprecated-args.zeek diff --git a/src/Var.cc b/src/Var.cc index baa4c0dae7..0b19d389e2 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -450,7 +450,15 @@ static std::optional func_type_check(const zeek::Func return {}; } - return decl->FindPrototype(*impl->Params()); + auto rval = decl->FindPrototype(*impl->Params()); + + if ( rval ) + for ( auto i = 0; i < rval->args->NumFields(); ++i ) + if ( rval->args->FieldDecl(i)->GetAttr(zeek::detail::ATTR_DEPRECATED) ) + impl->Warn(fmt("use of deprecated parameter '%s'", + rval->args->FieldName(i)), decl, true); + + return rval; } static bool canonical_arg_types_match(const zeek::FuncType* decl, const zeek::FuncType* impl) diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out new file mode 100644 index 0000000000..8acfd27bf5 --- /dev/null +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out @@ -0,0 +1,5 @@ +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated parameter 'b' (event(a:string; b:string; c:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 19 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated prototype (event(a:string; b:string;) and myev) +myev (canon), one, two, three +myev (new), one, three +myev (old), one, two diff --git a/testing/btest/language/alternate-prototypes-deprecated-args.zeek b/testing/btest/language/alternate-prototypes-deprecated-args.zeek new file mode 100644 index 0000000000..659c4c7a16 --- /dev/null +++ b/testing/btest/language/alternate-prototypes-deprecated-args.zeek @@ -0,0 +1,28 @@ +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 +# +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +global myev: event(a: string, b: string &deprecated="Don't use 'b'", c: string); +global myev: event(a: string, c: string); +global myev: event(a: string, b: string) &deprecated="Don't use this prototype"; + +event myev(a: string, b: string, c: string) &priority=11 + { + print "myev (canon)", a, b, c; + } + +event myev(a: string, c: string) &priority = 7 + { + print "myev (new)", a, c; + } + +event myev(a: string, b: string) &priority = 5 + { + print "myev (old)", a, b; + } + +event zeek_init() + { + event myev("one", "two", "three"); + } + From ac1ec7668d69232e37a36580b429743a1a719ab2 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 9 Jul 2020 20:54:12 -0700 Subject: [PATCH 05/12] Improve "use of deprecated prototype" warning message The location information now points out the place of the deprecated prototype instead of the location where the ID was initially declared (which may not itself be a deprecated prototype). --- src/Var.cc | 3 ++- .../Baseline/language.alternate-event-hook-prototypes/out | 2 +- .../Baseline/language.alternate-prototypes-deprecated-args/out | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Var.cc b/src/Var.cc index 0b19d389e2..f7722064f4 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -531,7 +531,8 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, } if ( prototype->deprecated ) - t->Warn("use of deprecated prototype", id.get()); + t->Warn(fmt("use of deprecated '%s' prototype", id->Name()), + prototype->args.get(), true); } else { diff --git a/testing/btest/Baseline/language.alternate-event-hook-prototypes/out b/testing/btest/Baseline/language.alternate-event-hook-prototypes/out index aa70ccc747..66d22d20e4 100644 --- a/testing/btest/Baseline/language.alternate-event-hook-prototypes/out +++ b/testing/btest/Baseline/language.alternate-event-hook-prototypes/out @@ -1,4 +1,4 @@ -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 68 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 10: use of deprecated prototype (hook(c:count;) : bool and my_hook) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 68 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-event-hook-prototypes/alternate-event-hook-prototypes.zeek, line 13: use of deprecated 'my_hook' prototype (hook(c:count;) : bool) my_hook, infinite, 13 my_hook, 13, infinite my_hook, infinite diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out index 8acfd27bf5..0f67248592 100644 --- a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out @@ -1,5 +1,5 @@ warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated parameter 'b' (event(a:string; b:string; c:string;)) -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 19 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated prototype (event(a:string; b:string;) and myev) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 19 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated 'myev' prototype (event(a:string; b:string;)) myev (canon), one, two, three myev (new), one, three myev (old), one, two From 8597b998bb83ca8621e7e8615b6e833130b9f462 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 9 Jul 2020 21:25:35 -0700 Subject: [PATCH 06/12] Add deprecation expression to deprecated prototype/parameter messages --- src/Attr.cc | 12 ++++++ src/Attr.h | 7 ++++ src/ID.cc | 9 +---- src/Type.cc | 11 +----- src/Type.h | 1 + src/Var.cc | 39 ++++++++++++++++--- .../out | 4 +- 7 files changed, 58 insertions(+), 25 deletions(-) diff --git a/src/Attr.cc b/src/Attr.cc index a32cc89668..c464be6f54 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -40,6 +40,18 @@ Attr::Attr(AttrTag t) void Attr::SetAttrExpr(ExprPtr e) { expr = std::move(e); } +std::string Attr::DeprecationMessage() const + { + if ( tag != ATTR_DEPRECATED ) + return ""; + + if ( ! expr ) + return ""; + + auto ce = static_cast(expr.get()); + return ce->Value()->AsStringVal()->CheckString(); + } + void Attr::Describe(ODesc* d) const { AddTag(d); diff --git a/src/Attr.h b/src/Attr.h index 4439701f86..2c9d278a73 100644 --- a/src/Attr.h +++ b/src/Attr.h @@ -3,6 +3,7 @@ #pragma once #include +#include #include "Obj.h" #include "BroList.h" @@ -73,6 +74,12 @@ public: void Describe(ODesc* d) const override; void DescribeReST(ODesc* d, bool shorten = false) const; + /** + * Returns the deprecation string associated with a &deprecated attribute + * or an empty string if this is not such an attribute. + */ + std::string DeprecationMessage() const; + bool operator==(const Attr& other) const { if ( tag != other.tag ) diff --git a/src/ID.cc b/src/ID.cc index ba184ccaec..1b8c3fef58 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -294,14 +294,7 @@ std::string ID::GetDeprecationWarning() const const auto& depr_attr = GetAttr(ATTR_DEPRECATED); if ( depr_attr ) - { - auto expr = static_cast(depr_attr->GetExpr().get()); - if ( expr ) - { - StringVal* text = expr->Value()->AsStringVal(); - result = text->CheckString(); - } - } + result = depr_attr->DeprecationMessage(); if ( result.empty() ) return fmt("deprecated (%s)", Name()); diff --git a/src/Type.cc b/src/Type.cc index 6a833ddb9e..cb4b1d793f 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -563,7 +563,7 @@ FuncType::FuncType(RecordTypePtr arg_args, offsets[i] = i; } - prototypes.emplace_back(Prototype{false, args, std::move(offsets)}); + prototypes.emplace_back(Prototype{false, "", args, std::move(offsets)}); } TypePtr FuncType::ShallowClone() @@ -1120,14 +1120,7 @@ string RecordType::GetFieldDeprecationWarning(int field, bool has_check) const { string result; if ( const auto& deprecation = decl->GetAttr(zeek::detail::ATTR_DEPRECATED) ) - { - auto expr = static_cast(deprecation->GetExpr().get()); - if ( expr ) - { - StringVal* text = expr->Value()->AsStringVal(); - result = text->CheckString(); - } - } + result = deprecation->DeprecationMessage(); if ( result.empty() ) return fmt("deprecated (%s%s$%s)", GetName().c_str(), has_check ? "?" : "", diff --git a/src/Type.h b/src/Type.h index b5d58a633c..a2054473d3 100644 --- a/src/Type.h +++ b/src/Type.h @@ -427,6 +427,7 @@ public: */ struct Prototype { bool deprecated; + std::string deprecation_msg; RecordTypePtr args; std::map offsets; }; diff --git a/src/Var.cc b/src/Var.cc index f7722064f4..535c9ab096 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -100,13 +100,23 @@ static bool add_prototype(const zeek::detail::IDPtr& id, zeek::Type* t, } auto deprecated = false; + std::string depr_msg; if ( attrs ) for ( const auto& a : *attrs ) if ( a->Tag() == zeek::detail::ATTR_DEPRECATED ) + { deprecated = true; + depr_msg = a->DeprecationMessage(); + break; + } + + zeek::FuncType::Prototype p; + p.deprecated = deprecated; + p.deprecation_msg = std::move(depr_msg); + p.args = alt_args; + p.offsets = std::move(offsets); - zeek::FuncType::Prototype p{deprecated, alt_args, std::move(offsets)}; canon_ft->AddPrototype(std::move(p)); return true; } @@ -454,9 +464,19 @@ static std::optional func_type_check(const zeek::Func if ( rval ) for ( auto i = 0; i < rval->args->NumFields(); ++i ) - if ( rval->args->FieldDecl(i)->GetAttr(zeek::detail::ATTR_DEPRECATED) ) - impl->Warn(fmt("use of deprecated parameter '%s'", - rval->args->FieldName(i)), decl, true); + if ( auto ad = rval->args->FieldDecl(i)->GetAttr(zeek::detail::ATTR_DEPRECATED) ) + { + auto msg = ad->DeprecationMessage(); + + if ( msg.empty() ) + impl->Warn(fmt("use of deprecated parameter '%s'", + rval->args->FieldName(i)), + decl, true); + else + impl->Warn(fmt("use of deprecated parameter '%s': %s", + rval->args->FieldName(i), msg.data()), + decl, true); + } return rval; } @@ -531,8 +551,15 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, } if ( prototype->deprecated ) - t->Warn(fmt("use of deprecated '%s' prototype", id->Name()), - prototype->args.get(), true); + { + if ( prototype->deprecation_msg.empty() ) + t->Warn(fmt("use of deprecated '%s' prototype", id->Name()), + prototype->args.get(), true); + else + t->Warn(fmt("use of deprecated '%s' prototype: %s", + id->Name(), prototype->deprecation_msg.data()), + prototype->args.get(), true); + } } else { diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out index 0f67248592..8a8d8e5b88 100644 --- a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out @@ -1,5 +1,5 @@ -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated parameter 'b' (event(a:string; b:string; c:string;)) -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 19 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated 'myev' prototype (event(a:string; b:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated parameter 'b': Don't use 'b' (event(a:string; b:string; c:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 19 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated 'myev' prototype: Don't use this prototype (event(a:string; b:string;)) myev (canon), one, two, three myev (new), one, three myev (old), one, two From 20294d372cfb37ae78432d2a52a4e268f1ed1cf2 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 Jul 2020 01:53:26 -0700 Subject: [PATCH 07/12] Fix wrong frame offsets for locals of alternate event/hook prototypes Local frame offsets were being assigned based on number of the alternate prototype's parameters, which may end up having less total parameters than the canonical prototype, causing the local value to incorrectly overwrite an event/hook argument value. --- src/Type.h | 2 + src/Var.cc | 50 +++++++++++++++---- .../hidden-error | 3 ++ .../out | 9 ++-- .../alternate-prototypes-deprecated-args.zeek | 21 +++++++- 5 files changed, 71 insertions(+), 14 deletions(-) create mode 100644 testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error diff --git a/src/Type.h b/src/Type.h index a2054473d3..a28a32c45d 100644 --- a/src/Type.h +++ b/src/Type.h @@ -429,6 +429,8 @@ public: bool deprecated; std::string deprecation_msg; RecordTypePtr args; + // Maps from parameter index in canonical prototype to + // parameter index in this alternate prorotype. std::map offsets; }; diff --git a/src/Var.cc b/src/Var.cc index 535c9ab096..16e474ea02 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -96,7 +96,7 @@ static bool add_prototype(const zeek::detail::IDPtr& id, zeek::Type* t, return false; } - offsets[i] = o; + offsets[o] = i; } auto deprecated = false; @@ -604,24 +604,54 @@ void begin_func(zeek::detail::IDPtr id, const char* module_name, else id->SetType(t); + const auto& args = t->Params(); + const auto& canon_args = id->GetType()->AsFuncType()->Params(); + zeek::detail::push_scope(std::move(id), std::move(attrs)); - const auto& args = t->Params(); - int num_args = args->NumFields(); - - for ( int i = 0; i < num_args; ++i ) + for ( int i = 0; i < canon_args->NumFields(); ++i ) { - zeek::TypeDecl* arg_i = args->FieldDecl(i); + zeek::TypeDecl* arg_i; + bool hide = false; + + if ( prototype ) + { + auto it = prototype->offsets.find(i); + + if ( it == prototype->offsets.end() ) + { + // Alternate prototype hides this param + hide = true; + arg_i = canon_args->FieldDecl(i); + } + else + { + // Alternate prototype maps this param to another index + arg_i = args->FieldDecl(it->second); + } + } + else + { + if ( i < args->NumFields() ) + arg_i = args->FieldDecl(i); + else + break; + } + auto arg_id = zeek::detail::lookup_ID(arg_i->id, module_name); if ( arg_id && ! arg_id->IsGlobal() ) arg_id->Error("argument name used twice"); - arg_id = zeek::detail::install_ID(arg_i->id, module_name, false, false); - arg_id->SetType(arg_i->type); + const char* local_name = arg_i->id; - if ( prototype ) - arg_id->SetOffset(prototype->offsets[i]); + if ( hide ) + // Note the illegal '-' in hidden name implies we haven't + // clobbered any local variable names. + local_name = fmt("%s-hidden", local_name); + + arg_id = zeek::detail::install_ID(local_name, module_name, false, false); + arg_id->SetType(arg_i->type); } if ( zeek::detail::Attr* depr_attr = find_attr(zeek::detail::current_scope()->Attrs().get(), diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error new file mode 100644 index 0000000000..3e7b9120c4 --- /dev/null +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/hidden-error @@ -0,0 +1,3 @@ +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 11 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated parameter 'b': Don't use 'b' (event(a:string; b:string; c:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 30 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9: use of deprecated 'myev' prototype: Don't use this prototype (event(a:string; b:string;)) +error in ./hide.zeek, line 5: unknown identifier b, at or near "b" diff --git a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out index 8a8d8e5b88..b3686a0b23 100644 --- a/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out +++ b/testing/btest/Baseline/language.alternate-prototypes-deprecated-args/out @@ -1,5 +1,8 @@ -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 5: use of deprecated parameter 'b': Don't use 'b' (event(a:string; b:string; c:string;)) -warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 19 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated 'myev' prototype: Don't use this prototype (event(a:string; b:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 11 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 7: use of deprecated parameter 'b': Don't use 'b' (event(a:string; b:string; c:string;)) +warning in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 30 and /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.alternate-prototypes-deprecated-args/alternate-prototypes-deprecated-args.zeek, line 9: use of deprecated 'myev' prototype: Don't use this prototype (event(a:string; b:string;)) myev (canon), one, two, three -myev (new), one, three +myev (new), one, three, [1, 2, 3] +myev (new), one, three, 0 +myev (new), one, three, 1 +myev (new), one, three, 2 myev (old), one, two diff --git a/testing/btest/language/alternate-prototypes-deprecated-args.zeek b/testing/btest/language/alternate-prototypes-deprecated-args.zeek index 659c4c7a16..d6c40425eb 100644 --- a/testing/btest/language/alternate-prototypes-deprecated-args.zeek +++ b/testing/btest/language/alternate-prototypes-deprecated-args.zeek @@ -1,6 +1,8 @@ # @TEST-EXEC: zeek -b %INPUT >out 2>&1 # +# @TEST-EXEC-FAIL: zeek -b %INPUT hide.zeek >hidden-error 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff hidden-error global myev: event(a: string, b: string &deprecated="Don't use 'b'", c: string); global myev: event(a: string, c: string); @@ -13,7 +15,16 @@ event myev(a: string, b: string, c: string) &priority=11 event myev(a: string, c: string) &priority = 7 { - print "myev (new)", a, c; + local ddd = vector(1,2,3); + print "myev (new)", a, c, ddd; + } + +global eee = vector(1,2,3); + +event myev(a: string, c: string) &priority = 6 + { + for ( o in eee ) + print "myev (new)", a, c, o; } event myev(a: string, b: string) &priority = 5 @@ -26,3 +37,11 @@ event zeek_init() event myev("one", "two", "three"); } +@TEST-START-FILE hide.zeek +event myev(a: string, c: string) &priority = 7 + { + local ddd = vector(1,2,3); + print "myev (new)", a, c, ddd; + print b; + } +@TEST-END-FILE From 6908d1b91994db38cf06ef194168ab23367f72b6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 Jul 2020 01:35:12 -0700 Subject: [PATCH 08/12] GH-1019: deprecate icmp_conn params for ICMP events Previously, a single `icmp_conn` record was built per ICMP "connection" and re-used for all events generated from it. This may have been a historical attempt at performance optimization, but: * By default, Zeek does not load any scripts that handle ICMP events. * The one script Zeek ships with that does handle ICMP events, "detect-traceroute", is already noted as being disabled due to potential performance problems of doing that kind of analysis. * Re-use of the original `icmp_conn` record tends to misreport TTL and length values since they come from original packet instead of the current one. * Even if we chose to still re-use `icmp_conn` records and just fill in a new TTL and length value each packet, a user script could have stored a reference to the record and not be expecting those values to be changed out from underneath them. Now, a new `icmp_info` record is created/populated in all ICMP events and should be used instead of `icmp_conn`. It also removes the orig_h/resp_h fields as those are redundant with what's already available in the connection record. --- NEWS | 13 +++ scripts/base/init-bare.zeek | 13 +++ .../policy/misc/detect-traceroute/main.zeek | 2 +- src/analyzer/protocol/icmp/ICMP.cc | 25 ++++- src/analyzer/protocol/icmp/ICMP.h | 3 + src/analyzer/protocol/icmp/events.bif | 99 ++++++++++++++++--- .../Baseline/core.icmp.icmp-context/output | 6 +- .../Baseline/core.icmp.icmp-events/output | 12 +-- .../Baseline/core.icmp.icmp6-context/output | 8 +- .../Baseline/core.icmp.icmp6-events/output | 34 +++---- .../btest/Baseline/core.icmp.icmp_sent/out | 4 +- .../btest/bifs/get_current_packet_header.zeek | 4 +- testing/btest/core/icmp/icmp-context.test | 4 +- testing/btest/core/icmp/icmp-events.test | 20 ++-- testing/btest/core/icmp/icmp6-context.test | 4 +- testing/btest/core/icmp/icmp6-events.test | 52 +++++----- testing/btest/core/icmp/icmp6-nd-options.test | 6 +- testing/btest/core/icmp/icmp_sent.zeek | 8 +- .../btest/core/tunnels/gre-erspan3-dot1q.zeek | 4 +- 19 files changed, 221 insertions(+), 100 deletions(-) diff --git a/NEWS b/NEWS index 1a902c05a6..41b44de954 100644 --- a/NEWS +++ b/NEWS @@ -259,6 +259,19 @@ Deprecated Functionality that the former returns a vector with indices starting at 1 while the later returns a vector with indices starting at 0. +- The ``icmp_conn`` parameter of ICMP events is deprecated, there's an + alternate version with an ``icmp_info`` parameter to use instead. + The ``icmp_conn`` record passed to ICMP events has always been re-used + amongst all events within an ICMP "connection", so the + ``itype``, ``icode``, ``len``, and ``hlim`` fields as inspected in + handlers never appears to change even if the underlying packet data + has different values for those fields. However, it's not known if + anyone relied on that behavior, so the new ``icmp_info`` record is + introduced with the more-expected behavior of being created and + populated for each new event. It also removes the orig_h/resp_h + fields since those are redundant with what's already available in + the connection parameter. + Zeek 3.1.0 ========== diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index edef9350a8..5813e63c9e 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -188,6 +188,19 @@ type icmp_conn: record { v6: bool; ##< True if it's an ICMPv6 packet. }; +## Specifics about an ICMP conversation/packet. +## ICMP events typically pass this in addition to :zeek:type:`conn_id`. +## +## .. zeek:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent +## icmp_time_exceeded icmp_unreachable +type icmp_info: record { + v6: bool; ##< True if it's an ICMPv6 packet. + itype: count; ##< The ICMP type of the current packet. + icode: count; ##< The ICMP code of the current packet. + len: count; ##< The length of the ICMP payload. + ttl: count; ##< The encapsulating IP header's TTL (IPv4) or Hop Limit (IPv6). +}; + ## Packet context part of an ICMP message. The fields of this record reflect the ## packet that is described by the context. ## diff --git a/scripts/policy/misc/detect-traceroute/main.zeek b/scripts/policy/misc/detect-traceroute/main.zeek index 091ceceed6..8125fdd21e 100644 --- a/scripts/policy/misc/detect-traceroute/main.zeek +++ b/scripts/policy/misc/detect-traceroute/main.zeek @@ -95,7 +95,7 @@ event signature_match(state: signature_state, msg: string, data: string) } } -event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context) { SumStats::observe("traceroute.time_exceeded", [$str=cat(context$id$orig_h,"-",context$id$resp_h,"-",get_port_transport_proto(context$id$resp_p))], [$str=cat(c$id$orig_h)]); } diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index fa6997d206..990262d7e1 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -204,7 +204,8 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, if ( icmp_sent ) EnqueueConnEvent(icmp_sent, ConnVal(), - BuildICMPVal(icmpp, len, icmpv6, ip_hdr) + BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + BuildInfo(icmpp, len, icmpv6, ip_hdr) ); if ( icmp_sent_payload ) @@ -214,6 +215,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, EnqueueConnEvent(icmp_sent_payload, ConnVal(), BuildICMPVal(icmpp, len, icmpv6, ip_hdr), + BuildInfo(icmpp, len, icmpv6, ip_hdr), zeek::make_intrusive(payload) ); } @@ -239,6 +241,19 @@ zeek::RecordValPtr ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len return icmp_conn_val; } +zeek::RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len, + bool icmpv6, const IP_Hdr* ip_hdr) + { + static auto icmp_info = zeek::id::find_type("icmp_info"); + auto rval = zeek::make_intrusive(icmp_info); + rval->Assign(0, zeek::val_mgr->Bool(icmpv6)); + rval->Assign(1, zeek::val_mgr->Count(icmpp->icmp_type)); + rval->Assign(2, zeek::val_mgr->Count(icmpp->icmp_code)); + rval->Assign(3, zeek::val_mgr->Count(len)); + rval->Assign(4, zeek::val_mgr->Count(ip_hdr->TTL())); + return rval; + } + TransportProto ICMP_Analyzer::GetContextProtocol(const IP_Hdr* ip_hdr, uint32_t* src_port, uint32_t* dst_port) { const u_char* transport_hdr; @@ -520,6 +535,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), + BuildInfo(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr), zeek::val_mgr->Count(iid), zeek::val_mgr->Count(iseq), zeek::make_intrusive(payload) @@ -548,6 +564,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::val_mgr->Count(icmpp->icmp_num_addrs), // Cur Hop Limit zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x80), // Managed zeek::val_mgr->Bool(icmpp->icmp_wpa & 0x40), // Other @@ -581,6 +598,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x80), // Router zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x40), // Solicited zeek::val_mgr->Bool(icmpp->icmp_num_addrs & 0x20), // Override @@ -608,6 +626,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::make_intrusive(tgtaddr), BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) ); @@ -635,6 +654,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::make_intrusive(tgtaddr), zeek::make_intrusive(dstaddr), BuildNDOptionsVal(caplen - opt_offset, data + opt_offset) @@ -653,6 +673,7 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), BuildNDOptionsVal(caplen, data) ); } @@ -678,6 +699,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 0, ip_hdr), + BuildInfo(icmpp, len, 0, ip_hdr), zeek::val_mgr->Count(icmpp->icmp_code), ExtractICMP4Context(caplen, data) ); @@ -716,6 +738,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, EnqueueConnEvent(f, ConnVal(), BuildICMPVal(icmpp, len, 1, ip_hdr), + BuildInfo(icmpp, len, 1, ip_hdr), zeek::val_mgr->Count(icmpp->icmp_code), ExtractICMP6Context(caplen, data) ); diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index 2e62d477bb..f6abf31ff0 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -57,6 +57,9 @@ protected: zeek::RecordValPtr BuildICMPVal(const struct icmp* icmpp, int len, int icmpv6, const IP_Hdr* ip_hdr); + zeek::RecordValPtr BuildInfo(const struct icmp* icmpp, int len, + bool icmpv6, const IP_Hdr* ip_hdr); + void NextICMP4(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr ); diff --git a/src/analyzer/protocol/icmp/events.bif b/src/analyzer/protocol/icmp/events.bif index ada3fe48a0..96ac63cc03 100644 --- a/src/analyzer/protocol/icmp/events.bif +++ b/src/analyzer/protocol/icmp/events.bif @@ -12,8 +12,13 @@ ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## .. zeek:see:: icmp_error_message icmp_sent_payload -event icmp_sent%(c: connection, icmp: icmp_conn%); +event icmp_sent%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info%); +event icmp_sent%(c: connection, info: icmp_info%); +event icmp_sent%(c: connection, icmp: icmp_conn%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## The same as :zeek:see:`icmp_sent` except containing the ICMP payload. ## @@ -22,10 +27,15 @@ event icmp_sent%(c: connection, icmp: icmp_conn%); ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## payload: The payload of the ICMP message. ## ## .. zeek:see:: icmp_error_message icmp_sent_payload -event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); +event icmp_sent_payload%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, payload: string%); +event icmp_sent_payload%(c: connection, info: icmp_info, payload: string%); +event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *echo request* messages. ## @@ -38,6 +48,9 @@ event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## id: The *echo request* identifier. ## ## seq: The *echo request* sequence number. @@ -46,7 +59,9 @@ event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## after the first 8 bytes of the ICMP header. ## ## .. zeek:see:: icmp_echo_reply -event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); +event icmp_echo_request%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_request%(c: connection, info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn."; ## Generated for ICMP *echo reply* messages. ## @@ -59,6 +74,9 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## id: The *echo reply* identifier. ## ## seq: The *echo reply* sequence number. @@ -67,7 +85,9 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## after the first 8 bytes of the ICMP header. ## ## .. zeek:see:: icmp_echo_request -event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); +event icmp_echo_reply%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_reply%(c: connection, info: icmp_info, id: count, seq: count, payload: string%); +event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn."; ## Generated for all ICMPv6 error messages that are not handled ## separately with dedicated events. Zeek's ICMP analyzer handles a number @@ -83,6 +103,9 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## +## info: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## ## code: The ICMP code of the error message. ## ## context: A record with specifics of the original packet that the message @@ -90,7 +113,9 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa ## ## .. zeek:see:: icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem -event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_error_message%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_error_message%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *destination unreachable* messages. ## @@ -103,6 +128,9 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *unreachable* message. ## ## context: A record with specifics of the original packet that the message @@ -114,7 +142,9 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## ## .. zeek:see:: icmp_error_message icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem -event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_unreachable%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_unreachable%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMPv6 *packet too big* messages. ## @@ -127,6 +157,9 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *too big* message. ## ## context: A record with specifics of the original packet that the message @@ -138,7 +171,9 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## ## .. zeek:see:: icmp_error_message icmp_unreachable ## icmp_time_exceeded icmp_parameter_problem -event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_packet_too_big%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_packet_too_big%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *time exceeded* messages. ## @@ -151,6 +186,9 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *exceeded* message. ## ## context: A record with specifics of the original packet that the message @@ -162,7 +200,9 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## ## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_parameter_problem -event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_time_exceeded%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_time_exceeded%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMPv6 *parameter problem* messages. ## @@ -175,6 +215,9 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## code: The ICMP code of the *parameter problem* message. ## ## context: A record with specifics of the original packet that the message @@ -186,7 +229,9 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## ## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded -event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); +event icmp_parameter_problem%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, code: count, context: icmp_context%); +event icmp_parameter_problem%(c: connection, info: icmp_info, code: count, context: icmp_context%); +event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *router solicitation* messages. ## @@ -199,11 +244,16 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## ## .. zeek:see:: icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect -event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%); +event icmp_router_solicitation%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, options: icmp6_nd_options%); +event icmp_router_solicitation%(c: connection, info: icmp_info, options: icmp6_nd_options%); +event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *router advertisement* messages. ## @@ -216,6 +266,9 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_n ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## cur_hop_limit: The default value that should be placed in Hop Count field ## for outgoing IP packets. ## @@ -241,7 +294,9 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_n ## ## .. zeek:see:: icmp_router_solicitation ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect -event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); +event icmp_router_advertisement%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); +event icmp_router_advertisement%(c: connection, info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); +event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *neighbor solicitation* messages. ## @@ -254,13 +309,18 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## tgt: The IP address of the target of the solicitation. ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## ## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_redirect -event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_solicitation%(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *neighbor advertisement* messages. ## @@ -273,6 +333,9 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, opt ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## router: Flag indicating the sender is a router. ## ## solicited: Flag indicating advertisement is in response to a solicitation. @@ -286,7 +349,9 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, opt ## ## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_redirect -event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_advertisement%(c: connection, info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); +event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; ## Generated for ICMP *redirect* messages. ## @@ -299,6 +364,9 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## info: Additional ICMP-specific information augmenting the standard connection +## record *c*. +## ## tgt: The address that is supposed to be a better first hop to use for ## ICMP Destination Address. ## @@ -308,5 +376,6 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## ## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement -event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%); - +event icmp_redirect%(c: connection, icmp: icmp_conn &deprecated="Remove in v4.1", info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options%); +event icmp_redirect%(c: connection, info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options%); +event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%) &deprecated="Remove in v4.1. The icmp_info record is replacing icmp_conn"; diff --git a/testing/btest/Baseline/core.icmp.icmp-context/output b/testing/btest/Baseline/core.icmp.icmp-context/output index 40dc778d8b..d3dc6b08a3 100644 --- a/testing/btest/Baseline/core.icmp.icmp-context/output +++ b/testing/btest/Baseline/core.icmp.icmp-context/output @@ -1,12 +1,12 @@ icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, hlim=64, v6=F] + icmp_info: [v6=F, itype=3, icode=0, len=0, ttl=64] icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, hlim=64, v6=F] + icmp_info: [v6=F, itype=3, icode=0, len=20, ttl=64] icmp_context: [id=[orig_h=10.0.0.2, orig_p=0/unknown, resp_h=10.0.0.1, resp_p=0/unknown], len=20, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=3) conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp] - icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F] + icmp_info: [v6=F, itype=3, icode=3, len=148, ttl=128] icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp-events/output b/testing/btest/Baseline/core.icmp.icmp-events/output index c72af480d5..e4867b6cd4 100644 --- a/testing/btest/Baseline/core.icmp.icmp-events/output +++ b/testing/btest/Baseline/core.icmp.icmp-events/output @@ -1,20 +1,20 @@ icmp_unreachable (code=3) conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp] - icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F] + icmp_info: [v6=F, itype=3, icode=3, len=148, ttl=128] icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, hlim=64, v6=F] + icmp_info: [v6=F, itype=11, icode=0, len=32, ttl=64] icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=8, icode=0, len=56, ttl=64] icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=0, icode=0, len=56, ttl=56] icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=8, icode=0, len=56, ttl=64] icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] + icmp_info: [v6=F, itype=0, icode=0, len=56, ttl=56] diff --git a/testing/btest/Baseline/core.icmp.icmp6-context/output b/testing/btest/Baseline/core.icmp.icmp6-context/output index 7a83679018..f295164626 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-context/output +++ b/testing/btest/Baseline/core.icmp.icmp6-context/output @@ -1,16 +1,16 @@ icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=0, ttl=64] icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=40, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=60, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=48, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-events/output b/testing/btest/Baseline/core.icmp.icmp6-events/output index fdb58e5be1..b5a9bc7263 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-events/output +++ b/testing/btest/Baseline/core.icmp.icmp6-events/output @@ -1,46 +1,46 @@ icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_info: [v6=T, itype=1, icode=0, len=60, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_packet_too_big (code=0) conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, hlim=64, v6=T] + icmp_info: [v6=T, itype=2, icode=0, len=52, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, hlim=64, v6=T] + icmp_info: [v6=T, itype=3, icode=0, len=52, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_parameter_problem (code=0) conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, hlim=64, v6=T] + icmp_info: [v6=T, itype=4, icode=0, len=52, ttl=64] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128] icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47] icmp_redirect (tgt=fe80::cafe, dest=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T] + icmp_info: [v6=T, itype=137, icode=0, len=32, ttl=255] options: [] icmp_router_advertisement cur_hop_limit=13 @@ -54,20 +54,20 @@ icmp_router_advertisement reachable_time=3.0 secs 700.0 msecs retrans_timer=1.0 sec 300.0 msecs conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T] + icmp_info: [v6=T, itype=134, icode=0, len=8, ttl=255] options: [] icmp_neighbor_advertisement (tgt=fe80::babe) router=T solicited=F override=T conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T] + icmp_info: [v6=T, itype=136, icode=0, len=16, ttl=255] options: [] icmp_router_solicitation conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T] + icmp_info: [v6=T, itype=133, icode=0, len=0, ttl=255] options: [] icmp_neighbor_solicitation (tgt=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T] + icmp_info: [v6=T, itype=135, icode=0, len=16, ttl=255] options: [] diff --git a/testing/btest/Baseline/core.icmp.icmp_sent/out b/testing/btest/Baseline/core.icmp.icmp_sent/out index cf8fe9e4e1..42457061ba 100644 --- a/testing/btest/Baseline/core.icmp.icmp_sent/out +++ b/testing/btest/Baseline/core.icmp.icmp_sent/out @@ -1,2 +1,2 @@ -icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T] -icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T], 20 +icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [v6=T, itype=143, icode=0, len=20, ttl=1] +icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [v6=T, itype=143, icode=0, len=20, ttl=1], 20 diff --git a/testing/btest/bifs/get_current_packet_header.zeek b/testing/btest/bifs/get_current_packet_header.zeek index 8efa727e11..aeca5a8bdc 100644 --- a/testing/btest/bifs/get_current_packet_header.zeek +++ b/testing/btest/bifs/get_current_packet_header.zeek @@ -1,8 +1,8 @@ # @TEST-EXEC: zeek -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output # @TEST-EXEC: btest-diff output -event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_solicitation(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options) { local hdr: raw_pkt_hdr = get_current_packet_header(); print fmt("%s", hdr); - } \ No newline at end of file + } diff --git a/testing/btest/core/icmp/icmp-context.test b/testing/btest/core/icmp/icmp-context.test index 58e696cf9c..b88ea2e473 100644 --- a/testing/btest/core/icmp/icmp-context.test +++ b/testing/btest/core/icmp/icmp-context.test @@ -5,10 +5,10 @@ # @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp-destunreach-udp.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } diff --git a/testing/btest/core/icmp/icmp-events.test b/testing/btest/core/icmp/icmp-events.test index 3aa0ee1177..5504e8dd3e 100644 --- a/testing/btest/core/icmp/icmp-events.test +++ b/testing/btest/core/icmp/icmp-events.test @@ -6,39 +6,39 @@ # @TEST-EXEC: btest-diff output -event icmp_sent(c: connection, icmp: icmp_conn) +event icmp_sent(c: connection, info: icmp_info) { print "icmp_sent"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_request(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_request (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_reply(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_reply (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_time_exceeded (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } diff --git a/testing/btest/core/icmp/icmp6-context.test b/testing/btest/core/icmp/icmp6-context.test index 66d57b527b..9c50aa6ccc 100644 --- a/testing/btest/core/icmp/icmp6-context.test +++ b/testing/btest/core/icmp/icmp6-context.test @@ -6,10 +6,10 @@ # @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp6-destunreach-ip6ext.pcap %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 6174e697fd..374a15150b 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -13,103 +13,103 @@ # @TEST-EXEC: btest-diff output -event icmp_sent(c: connection, icmp: icmp_conn) +event icmp_sent(c: connection, info: icmp_info) { print "icmp_sent"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_request(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_request (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_reply(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "icmp_echo_reply (id=" + fmt("%d", id) + ", seq=" + fmt("%d", seq) + ", payload=" + payload + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); } -event icmp_unreachable(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_unreachable(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_unreachable (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_packet_too_big(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_packet_too_big(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_packet_too_big (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_time_exceeded(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_time_exceeded (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_parameter_problem(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_parameter_problem(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_parameter_problem (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options) +event icmp_redirect(c: connection, info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options) { print "icmp_redirect (tgt=" + fmt("%s", tgt) + ", dest=" + fmt("%s", dest) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_error_message(c: connection, icmp: icmp_conn, code: count, context: icmp_context) +event icmp_error_message(c: connection, info: icmp_info, code: count, context: icmp_context) { print "icmp_error_message (code=" + fmt("%d", code) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " icmp_context: " + fmt("%s", context); } -event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_solicitation(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_solicitation (tgt=" + fmt("%s", tgt) + ")"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_advertisement(c: connection, info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_advertisement (tgt=" + fmt("%s", tgt) + ")"; print " router=" + fmt("%s", router); print " solicited=" + fmt("%s", solicited); print " override=" + fmt("%s", override); print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_router_solicitation(c: connection, icmp: icmp_conn, options: icmp6_nd_options) +event icmp_router_solicitation(c: connection, info: icmp_info, options: icmp6_nd_options) { print "icmp_router_solicitation"; print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } -event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) +event icmp_router_advertisement(c: connection, info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) { print "icmp_router_advertisement"; print " cur_hop_limit=" + fmt("%s", cur_hop_limit); @@ -123,6 +123,6 @@ event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: c print " reachable_time=" + fmt("%s", reachable_time); print " retrans_timer=" + fmt("%s", retrans_timer); print " conn_id: " + fmt("%s", c$id); - print " icmp_conn: " + fmt("%s", icmp); + print " icmp_info: " + fmt("%s", info); print " options: " + fmt("%s", options); } diff --git a/testing/btest/core/icmp/icmp6-nd-options.test b/testing/btest/core/icmp/icmp6-nd-options.test index 93f1931524..4defa83b09 100644 --- a/testing/btest/core/icmp/icmp6-nd-options.test +++ b/testing/btest/core/icmp/icmp6-nd-options.test @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-diff output -event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) +event icmp_router_advertisement(c: connection, info: icmp_info, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options) { print "icmp_router_advertisement options"; for ( o in options ) @@ -17,7 +17,7 @@ event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: c } } -event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) +event icmp_neighbor_advertisement(c: connection, info: icmp_info, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options) { print "icmp_neighbor_advertisement options"; for ( o in options ) @@ -27,7 +27,7 @@ event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, } } -event icmp_redirect(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options) +event icmp_redirect(c: connection, info: icmp_info, tgt: addr, dest: addr, options: icmp6_nd_options) { print "icmp_redirect options"; for ( o in options ) diff --git a/testing/btest/core/icmp/icmp_sent.zeek b/testing/btest/core/icmp/icmp_sent.zeek index 72e6ab543b..5ca4be7b3d 100644 --- a/testing/btest/core/icmp/icmp_sent.zeek +++ b/testing/btest/core/icmp/icmp_sent.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: zeek -b -r $TRACES/icmp/icmp_sent.pcap %INPUT >out # @TEST-EXEC: btest-diff out -event icmp_sent(c: connection, icmp: icmp_conn) +event icmp_sent(c: connection, info: icmp_info) { - print "icmp_sent", c$id, icmp; + print "icmp_sent", c$id, info; } -event icmp_sent_payload(c: connection, icmp: icmp_conn, payload: string) +event icmp_sent_payload(c: connection, info: icmp_info, payload: string) { - print "icmp_sent_payload", c$id, icmp, |payload|; + print "icmp_sent_payload", c$id, info, |payload|; } diff --git a/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek b/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek index 1b572a007a..caeb9cfc2d 100644 --- a/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek +++ b/testing/btest/core/tunnels/gre-erspan3-dot1q.zeek @@ -1,12 +1,12 @@ # @TEST-EXEC: zeek -b -r $TRACES/tunnels/gre-erspan3-dot1q.pcap %INPUT > out # @TEST-EXEC: btest-diff out -event icmp_echo_request(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_request(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "echo request", id, seq; } -event icmp_echo_reply(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string) +event icmp_echo_reply(c: connection, info: icmp_info, id: count, seq: count, payload: string) { print "echo reply", id, seq; } From ba0ba7c684d460327fbc23de8d06a136d0bc49ae Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 Jul 2020 11:19:37 -0700 Subject: [PATCH 09/12] Add more error checks to shadow log parsing i.e. Coverity warns about possible use of ftell() negative return value --- CHANGES | 6 ++++++ VERSION | 2 +- src/logging/writers/ascii/Ascii.cc | 30 ++++++++++++++++++++++++++++-- 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index bbe0cedf91..9f5288efd5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +3.2.0-dev.885 | 2020-07-10 11:20:41 -0700 + + * Add more error checks to shadow log parsing (Jon Siwek, Corelight) + + i.e. Coverity warns about possible use of ftell() negative return value + 3.2.0-dev.884 | 2020-07-09 14:09:58 -0700 * Add Supervisor::{stdout,stderr}_hook (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 5700cf836e..4f4873ddb1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.2.0-dev.884 +3.2.0-dev.885 diff --git a/src/logging/writers/ascii/Ascii.cc b/src/logging/writers/ascii/Ascii.cc index c1646d82f5..897fd36fb9 100644 --- a/src/logging/writers/ascii/Ascii.cc +++ b/src/logging/writers/ascii/Ascii.cc @@ -111,9 +111,35 @@ static std::optional parse_shadow_log(const std::string& fname) return rval; } - fseek(sf_stream, 0, SEEK_END); + int res = fseek(sf_stream, 0, SEEK_END); + + if ( res == -1 ) + { + rval.error = fmt("Failed to fseek(SEEK_END) on %s: %s", + rval.shadow_filename.data(), strerror(errno)); + fclose(sf_stream); + return rval; + } + auto sf_len = ftell(sf_stream); - fseek(sf_stream, 0, SEEK_SET); + + if ( sf_len == -1 ) + { + rval.error = fmt("Failed to ftell() on %s: %s", + rval.shadow_filename.data(), strerror(errno)); + fclose(sf_stream); + return rval; + } + + res = fseek(sf_stream, 0, SEEK_SET); + + if ( res == -1 ) + { + rval.error = fmt("Failed to fseek(SEEK_SET) on %s: %s", + rval.shadow_filename.data(), strerror(errno)); + fclose(sf_stream); + return rval; + } auto sf_content = std::make_unique(sf_len); auto bytes_read = fread(sf_content.get(), 1, sf_len, sf_stream); From 11df252f5fc96e27e2d85eb72787a9a80970823a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 10 Jul 2020 16:52:18 -0700 Subject: [PATCH 10/12] Update submodule(s) [nomail] --- auxil/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auxil/broker b/auxil/broker index f132cdaa28..0c1eaf693f 160000 --- a/auxil/broker +++ b/auxil/broker @@ -1 +1 @@ -Subproject commit f132cdaa28bcfe56187a67ff8c97bdf4040e303a +Subproject commit 0c1eaf693fee471709a692ee3752825a6c18aa04 From 034be246ba8184509a7a87c5d8b065b8c7f5b379 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 13 Jul 2020 09:20:30 -0700 Subject: [PATCH 11/12] Update submodule(s) [nomail] --- auxil/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auxil/broker b/auxil/broker index 0c1eaf693f..cb0a780dd5 160000 --- a/auxil/broker +++ b/auxil/broker @@ -1 +1 @@ -Subproject commit 0c1eaf693fee471709a692ee3752825a6c18aa04 +Subproject commit cb0a780dd5ed0dbdacad5fd1e5d5afd337aee0f7 From 37dbca965e7e733226adac467de1c9d4b4bddec1 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Mon, 13 Jul 2020 12:39:32 -0700 Subject: [PATCH 12/12] Update submodule(s) [nomail] --- doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc b/doc index d5b36f9ac0..fb7d642ed8 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit d5b36f9ac02d4be67edb6aae35b39dae7bcaa00c +Subproject commit fb7d642ed8b16752daaaa01541a28a2add310f19