Virtualize creation of flow tuples via conntuple builders

src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc

@@ -7,6 +7,7 @@
 #include "zeek/Val.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
+#include "zeek/conntuple/Manager.h"
 #include "zeek/plugin/Manager.h"
 #include "zeek/session/Manager.h"
 
@@ -22,17 +23,17 @@ IPBasedAnalyzer::~IPBasedAnalyzer() {
 }
 
 bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt) {
-    ConnTuple tuple;
-    if ( ! BuildConnTuple(len, data, pkt, tuple) )
+    ConnTuplePtr tuple = zeek::conntuple_mgr->GetBuilder().GetTuple(pkt);
+    if ( ! BuildConnTuple(len, data, pkt, *tuple) )
         return false;
 
     const std::shared_ptr<IP_Hdr>& ip_hdr = pkt->ip_hdr;
-    zeek::detail::ConnKey key(tuple);
+    zeek::detail::ConnKeyPtr key = zeek::conntuple_mgr->GetBuilder().GetKey(*tuple);
 
-    Connection* conn = session_mgr->FindConnection(key);
+    Connection* conn = session_mgr->FindConnection(*key);
 
     if ( ! conn ) {
-        conn = NewConn(&tuple, key, pkt);
+        conn = NewConn(tuple.get(), key, pkt);
         if ( conn )
             session_mgr->Insert(conn, false);
     }
@@ -41,7 +42,7 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
             conn->Event(connection_reused, nullptr);
 
             session_mgr->Remove(conn);
-            conn = NewConn(&tuple, key, pkt);
+            conn = NewConn(tuple.get(), key, pkt);
             if ( conn )
                 session_mgr->Insert(conn, false);
         }
@@ -57,7 +58,7 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
     // get logged, which means we can mark this packet as having been processed.
     pkt->processed = true;
 
-    bool is_orig = (tuple.src_addr == conn->OrigAddr()) && (tuple.src_port == conn->OrigPort());
+    bool is_orig = (tuple->src_addr == conn->OrigAddr()) && (tuple->src_port == conn->OrigPort());
     pkt->is_orig = is_orig;
 
     conn->CheckFlowLabel(is_orig, ip_hdr->FlowLabel());
@@ -140,7 +141,7 @@ bool IPBasedAnalyzer::IsLikelyServerPort(uint32_t port) const {
     return port_cache.find(port) != port_cache.end();
 }
 
-zeek::Connection* IPBasedAnalyzer::NewConn(const ConnTuple* id, const zeek::detail::ConnKey& key, const Packet* pkt) {
+zeek::Connection* IPBasedAnalyzer::NewConn(const ConnTuple* id, const zeek::detail::ConnKeyPtr key, const Packet* pkt) {
     int src_h = ntohs(id->src_port);
     int dst_h = ntohs(id->dst_port);
     bool flip = false;

src/packet_analysis/protocol/ip/IPBasedAnalyzer.h

@@ -185,7 +185,7 @@ private:
      * @param key A connection ID key generated from the ID.
      * @param pkt The packet associated with the new connection.
      */
-    zeek::Connection* NewConn(const ConnTuple* id, const zeek::detail::ConnKey& key, const Packet* pkt);
+    zeek::Connection* NewConn(const ConnTuple* id, const zeek::detail::ConnKeyPtr key, const Packet* pkt);
 
     void BuildSessionAnalyzerTree(Connection* conn);
 

src/session/Manager.cc

@@ -17,6 +17,7 @@
 #include "zeek/RunState.h"
 #include "zeek/Timer.h"
 #include "zeek/TunnelEncapsulation.h"
+#include "zeek/conntuple/Manager.h"
 #include "zeek/packet_analysis/Manager.h"
 #include "zeek/session/Session.h"
 #include "zeek/telemetry/Manager.h"
@@ -90,23 +91,23 @@ Manager::~Manager() {
 void Manager::Done() {}
 
 Connection* Manager::FindConnection(Val* v) {
-    zeek::detail::ConnKey conn_key(v);
+    zeek::detail::ConnKeyPtr conn_key = conntuple_mgr->GetBuilder().GetKey(v);
 
-    if ( ! conn_key.Valid() ) {
+    if ( ! conn_key->Valid() ) {
         // Produce a loud error for invalid script-layer conn_id records.
         const char* extra = "";
-        if ( conn_key.transport == UNKNOWN_IP_PROTO )
+        if ( conn_key->transport == UNKNOWN_IP_PROTO )
             extra = ": the proto field has the \"unknown\" 65535 value. Did you forget to set it?";
 
         zeek::emit_builtin_error(zeek::util::fmt("invalid connection ID record encountered%s", extra));
         return nullptr;
     }
 
-    return FindConnection(conn_key);
+    return FindConnection(*conn_key);
 }
 
 Connection* Manager::FindConnection(const zeek::detail::ConnKey& conn_key) {
-    detail::Key key(&conn_key, sizeof(conn_key), detail::Key::CONNECTION_KEY_TYPE, false);
+    detail::Key key{conn_key.SessionKey()};
 
     auto it = session_map.find(key);
     if ( it != session_map.end() )