Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Reformat code in zeek-aux with clang-format/cmake-format

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-08-07 13:52:45 -07:00
parent a1d0cebca4
commit 7ead295152
12 changed files with 1327 additions and 1459 deletions
Download patch file Download diff file Expand all files Collapse all files

7
auxil/zeek-aux/CMakeLists.txt
View file

@ -27,18 +27,13 @@ include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR})
# explicitly installed by the user via "make install-aux"
macro (AddAuxInstallTarget _target)
add_custom_target(
install-${_target} COMMAND ${CMAKE_COMMAND} -E make_directory
${CMAKE_INSTALL_PREFIX}/bin
install-${_target} COMMAND ${CMAKE_COMMAND} -E make_directory${CMAKE_INSTALL_PREFIX}/bin
COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_FILE:${_target}> ${CMAKE_INSTALL_PREFIX}/bin)
add_dependencies(install-${_target} ${_target})
set(AUX_TARGETS install-${_target};${AUX_TARGETS})
set(AUX_TARGETS ${AUX_TARGETS} PARENT_SCOPE)
endmacro (AddAuxInstallTarget)
if (NOT ZEEK_MAN_INSTALL_PATH)
set(ZEEK_MAN_INSTALL_PATH ${CMAKE_INSTALL_PREFIX}/share/man)
endif ()
add_subdirectory(adtrace)
add_subdirectory(zeek-archiver)
add_subdirectory(zeek-cut)

2
auxil/zeek-aux/adtrace/CMakeLists.txt
View file

@ -5,4 +5,4 @@ set(adtrace_SRCS adtrace.c)
add_executable(adtrace ${adtrace_SRCS})
target_include_directories(adtrace BEFORE PRIVATE ${PCAP_INCLUDE_DIR})
target_link_libraries(adtrace ${PCAP_LIBRARY})
AddAuxInstallTarget(adtrace)
addauxinstalltarget(adtrace)

34
auxil/zeek-aux/adtrace/adtrace.c
View file

@ -1,16 +1,17 @@
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
// See the file "COPYING" in the main distribution directory for copyright.
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
#include "ip.h"
#include "ether.h"
#include "ethertype.h"
#include "ip.h"
pcap_t* p;
@ -19,18 +20,19 @@ const u_char* printEAddr(const u_char* pkt, u_char* endp){
int i = 0;
ep = (const struct ether_header*)pkt;
if (pkt+ETHER_HDRLEN > endp ||
ntohs(ep->ether_type) != ETHERTYPE_IP){
if ( pkt + ETHER_HDRLEN > endp || ntohs(ep->ether_type) != ETHERTYPE_IP ) {
return 0;
}
for ( i = 0; i < ETHER_ADDR_LEN; i++ ) {
if (i>0) putchar(':');
if ( i > 0 )
putchar(':');
printf("%02x", ep->ether_shost[i]);
}
putchar(' ');
for ( i = 0; i < ETHER_ADDR_LEN; i++ ) {
if (i>0) putchar(':');
if ( i > 0 )
putchar(':');
printf("%02x", ep->ether_dhost[i]);
}
putchar(' ');
@ -39,7 +41,8 @@ const u_char* printEAddr(const u_char* pkt, u_char* endp){
void printIPAddr(const u_char* pkt, u_char* endp) {
const struct ip* iph;
if (pkt+sizeof(struct ip) > endp) return;
if ( pkt + sizeof(struct ip) > endp )
return;
iph = (const struct ip*)pkt;
fputs((char*)inet_ntoa(iph->ip_src), stdout);
putchar(' ');
@ -55,14 +58,12 @@ void handler(u_char *user, const struct pcap_pkthdr *head, const u_char *packet)
printIPAddr(packet, endp);
}
void usage(char *av[])
{
void usage(char* av[]) {
fprintf(stderr, "usage: %s filename \n", av[0]);
exit(1);
}
int main (int argc, char *argv[])
{
int main(int argc, char* argv[]) {
char* file;
char errbuf[PCAP_ERRBUF_SIZE];
u_char *pkt, endp;
@ -88,4 +89,3 @@ int main (int argc, char *argv[])
pcap_close(p);
return (0);
}

3
auxil/zeek-aux/plugin-support/skeleton/src/Plugin.cc
View file

@ -5,8 +5,7 @@ namespace plugin { namespace @PLUGIN_NAMESPACE@_@PLUGIN_NAME@ { Plugin plugin; }
using namespace plugin::@PLUGIN_NAMESPACE@_@PLUGIN_NAME@;
zeek::plugin::Configuration Plugin::Configure()
{
zeek::plugin::Configuration Plugin::Configure() {
zeek::plugin::Configuration config;
config.name = "@PLUGIN_NAMESPACE@::@PLUGIN_NAME@";
config.description = "<Insert description>";

2
auxil/zeek-aux/rst/CMakeLists.txt
View file

@ -2,4 +2,4 @@ set(rst_SRCS rst.c)
add_executable(rst ${rst_SRCS})
AddAuxInstallTarget(rst)
addauxinstalltarget(rst)

134
auxil/zeek-aux/rst/rst.c
View file

@ -30,20 +30,21 @@ static const char copyright[] =
#define _BSD_SOURCE /* Deprecated, but still needed by older Linux. */
#endif
// clang-format off
// This file needs to come before some of the files below or FreeBSD won't find
// some of the types it needs.
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in_systm.h>
// clang-format on
#include <arpa/inet.h>
#include <errno.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include "config.h"
@ -54,24 +55,20 @@ void pgripe(const char *);
uint16_t in_cksum(register uint16_t*, register int);
int ones_complement_checksum(const void*, int, uint32_t);
int tcp_checksum(const struct ip*, const struct tcphdr*, int);
void send_pkt(int, struct in_addr, int, uint32_t, struct in_addr,
int, uint32_t, int, int, int, int, const char *);
void terminate(int, const char *, int, uint32_t, const char *,
int, uint32_t, int, int, int, int, const char *);
void send_pkt(int, struct in_addr, int, uint32_t, struct in_addr, int, uint32_t, int, int, int, int, const char*);
void terminate(int, const char*, int, uint32_t, const char*, int, uint32_t, int, int, int, int, const char*);
void usage(void);
int main(int, char**);
const char* prog_name;
void gripe(const char *fmt, const char *arg)
{
void gripe(const char* fmt, const char* arg) {
fprintf(stderr, "%s: ", prog_name);
fprintf(stderr, fmt, arg);
fprintf(stderr, "\n");
}
void pgripe(const char *msg)
{
void pgripe(const char* msg) {
fprintf(stderr, "%s: %s (%s)\n", prog_name, msg, strerror(errno));
exit(1);
}
@ -79,9 +76,7 @@ void pgripe(const char *msg)
/*
* Checksum routine for Internet Protocol family headers (C Version)
*/
uint16_t
in_cksum(register uint16_t *addr, register int len)
{
uint16_t in_cksum(register uint16_t* addr, register int len) {
register int nleft = len;
register uint16_t* w = addr;
register uint16_t answer;
@ -113,8 +108,7 @@ in_cksum(register uint16_t *addr, register int len)
// - adapted from tcpdump
// Returns the ones-complement checksum of a chunk of b short-aligned bytes.
int ones_complement_checksum(const void *p, int b, uint32_t sum)
{
int ones_complement_checksum(const void* p, int b, uint32_t sum) {
const uint16_t* sp = (uint16_t*)p; // better be aligned!
b /= 2; // convert to count of short's
@ -129,8 +123,7 @@ int ones_complement_checksum(const void *p, int b, uint32_t sum)
return sum;
}
int tcp_checksum(const struct ip *ip, const struct tcphdr *tp, int len)
{
int tcp_checksum(const struct ip* ip, const struct tcphdr* tp, int len) {
int tcp_len = tp->th_off * 4 + len;
uint32_t sum = 0;
@ -158,11 +151,8 @@ int tcp_checksum(const struct ip *ip, const struct tcphdr *tp, int len)
return sum;
}
void send_pkt(int s, struct in_addr from, int from_port, uint32_t from_seq,
struct in_addr to, int to_port, uint32_t to_seq,
int size, int redundancy, int delay, int flags,
const char *inject)
{
void send_pkt(int s, struct in_addr from, int from_port, uint32_t from_seq, struct in_addr to, int to_port,
uint32_t to_seq, int size, int redundancy, int delay, int flags, const char* inject) {
int cc;
int pktlen = 40 + size;
const int max_injection_size = 4096;
@ -212,16 +202,13 @@ void send_pkt(int s, struct in_addr from, int from_port, uint32_t from_seq,
if ( inject && *inject ) {
char* payload = &pkt[40];
strcpy(payload, inject);
} else if ( size > 0 )
{
const char *fill_string =
(inject && *inject) ? inject : "BRO-RST\n";
}
else if ( size > 0 ) {
const char* fill_string = (inject && *inject) ? inject : "BRO-RST\n";
char* payload = &pkt[40];
int n = strlen(fill_string);
int i;
for ( i = size; i > n + 1; i -= n )
{
for ( i = size; i > n + 1; i -= n ) {
strcpy(payload, fill_string);
payload += n;
}
@ -232,8 +219,7 @@ void send_pkt(int s, struct in_addr from, int from_port, uint32_t from_seq,
tcp->th_sum = ~tcp_checksum(ip, tcp, size);
while ( redundancy-- > 0 )
{
while ( redundancy-- > 0 ) {
cc = send(s, (char*)ip, pktlen, 0);
if ( cc < 0 || cc != pktlen )
pgripe("problem in sendto()");
@ -243,11 +229,8 @@ void send_pkt(int s, struct in_addr from, int from_port, uint32_t from_seq,
free(pkt);
}
void terminate(int s, const char *from_addr, int from_port, uint32_t from_seq,
const char *to_addr, int to_port, uint32_t to_seq,
int num, int redundancy, int stride, int delay,
const char *inject)
{
void terminate(int s, const char* from_addr, int from_port, uint32_t from_seq, const char* to_addr, int to_port,
uint32_t to_seq, int num, int redundancy, int stride, int delay, const char* inject) {
struct sockaddr_in where_from, where_to;
struct sockaddr_in* from = (struct sockaddr_in*)&where_from;
struct sockaddr_in* to = (struct sockaddr_in*)&where_to;
@ -267,33 +250,34 @@ void terminate(int s, const char *from_addr, int from_port, uint32_t from_seq,
if ( connect(s, (struct sockaddr*)&where_to, sizeof(where_to)) < 0 )
pgripe("can't connect");
while ( num-- > 0 )
{
send_pkt(s, from->sin_addr, from_port, from_seq,
to->sin_addr, to_port, to_seq, 0, redundancy, delay,
while ( num-- > 0 ) {
send_pkt(s, from->sin_addr, from_port, from_seq, to->sin_addr, to_port, to_seq, 0, redundancy, delay,
(*inject ? 0 : TH_RST) | TH_ACK, inject);
if ( num > 0 && stride > 1 )
send_pkt(s, from->sin_addr, from_port, from_seq,
to->sin_addr, to_port, to_seq, stride,
redundancy, delay, TH_ACK, inject);
send_pkt(s, from->sin_addr, from_port, from_seq, to->sin_addr, to_port, to_seq, stride, redundancy, delay,
TH_ACK, inject);
from_seq += stride;
}
}
void usage()
{
void usage() {
#if defined(__linux__)
fprintf(stderr, "%s [-R] [-I text-to-inject] [-i interface] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr from_port from_seq to_addr to_port to_seq\n", prog_name);
fprintf(stderr,
"%s [-R] [-I text-to-inject] [-i interface] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr "
"from_port from_seq to_addr to_port to_seq\n",
prog_name);
#else
fprintf(stderr, "%s [-R] [-I text-to-inject] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr from_port from_seq to_addr to_port to_seq\n", prog_name);
fprintf(stderr,
"%s [-R] [-I text-to-inject] [-d delay-msec] [-n num] [-r redundancy] [-s stride] from_addr from_port "
"from_seq to_addr to_port to_seq\n",
prog_name);
#endif
exit(0);
}
int main(int argc, char **argv)
{
int main(int argc, char** argv) {
extern char* optarg;
extern int optind, opterr;
const char *from_addr, *to_addr;
@ -323,12 +307,9 @@ int main(int argc, char **argv)
while ( (op = getopt(argc, argv, "RI:d:n:r:s:")) != EOF )
#endif
switch ( op ) {
case 'R':
reverse = 1;
break;
case 'R': reverse = 1; break;
case 'I':
{
case 'I': {
char* ap = optarg;
char* ip;
for ( ip = inject; *ap; ++ip, ++ap ) {
@ -337,34 +318,21 @@ int main(int argc, char **argv)
else
*ip = *ap;
}
}
break;
} break;
#if defined(__linux__)
case 'i':
interface = optarg;
break;
case 'i': interface = optarg; break;
#endif
case 'd':
delay = atoi(optarg);
break;
case 'd': delay = atoi(optarg); break;
case 'n':
num = atoi(optarg);
break;
case 'n': num = atoi(optarg); break;
case 'r':
redundancy = atoi(optarg);
break;
case 'r': redundancy = atoi(optarg); break;
case 's':
stride = atoi(optarg);
break;
case 's': stride = atoi(optarg); break;
default:
usage();
break;
default: usage(); break;
}
if ( argc - optind != 6 )
@ -396,13 +364,9 @@ int main(int argc, char **argv)
to_seq = strtoul(argv[optind++], 0, 10);
if ( reverse )
terminate(s, to_addr, to_port, to_seq,
from_addr, from_port, from_seq,
num, redundancy, stride, delay, inject);
terminate(s, to_addr, to_port, to_seq, from_addr, from_port, from_seq, num, redundancy, stride, delay, inject);
else
terminate(s, from_addr, from_port, from_seq,
to_addr, to_port, to_seq,
num, redundancy, stride, delay, inject);
terminate(s, from_addr, from_port, from_seq, to_addr, to_port, to_seq, num, redundancy, stride, delay, inject);
return 0;
}

345
auxil/zeek-aux/zeek-archiver/zeek-archiver.cc
View file

@ -1,28 +1,28 @@
#define _XOPEN_SOURCE
#include <time.h>
// See the file "COPYING" in the main distribution directory for copyright.
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
#define _XOPEN_SOURCE
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <algorithm>
#include <cerrno>
#include <chrono>
#include <csignal>
#include <cstdarg>
#include <cstdio>
#include <cstdlib>
#include <cstdarg>
#include <cstring>
#include <cerrno>
#include <fstream>
#include <chrono>
#include <optional>
#include <set>
#include <string>
#include <string_view>
#include <optional>
#include <vector>
#include <set>
constexpr auto ZEEK_ARCHIVER_VERSION = "v0.50-174";
@ -51,8 +51,7 @@ struct LogFile {
std::string ext;
std::string suffix;
std::string DestDir() const
{
std::string DestDir() const {
char buf[64];
auto res = strftime(buf, sizeof(buf), "%Y-%m-%d", &open);
@ -62,8 +61,7 @@ struct LogFile {
return buf;
}
std::string DestFile() const
{
std::string DestFile() const {
constexpr auto time_fmt = "%H:%M:%S";
char buf[64];
auto res = strftime(buf, sizeof(buf), time_fmt, &open);
@ -88,8 +86,7 @@ struct LogFile {
}
};
static double now()
{
static double now() {
struct timeval tv;
if ( gettimeofday(&tv, 0) < 0 )
@ -99,8 +96,7 @@ static double now()
}
static void debug(const char* format, ...) __attribute__((format(printf, 1, 2)));
static void debug(const char* format, ...)
{
static void debug(const char* format, ...) {
if ( ! options.verbose )
return;
@ -116,8 +112,7 @@ static void debug(const char* format, ...)
}
static void info(const char* format, ...) __attribute__((format(printf, 1, 2)));
static void info(const char* format, ...)
{
static void info(const char* format, ...) {
auto f = stdout;
fprintf(f, "[%17.06f] [INFO] ", now());
@ -130,8 +125,7 @@ static void info(const char* format, ...)
}
static void error(const char* format, ...) __attribute__((format(printf, 1, 2)));
static void error(const char* format, ...)
{
static void error(const char* format, ...) {
auto f = stderr;
fprintf(f, "[%17.06f] [ERROR] ", now());
@ -144,8 +138,7 @@ static void error(const char* format, ...)
}
static void fatal(const char* format, ...) __attribute__((format(printf, 1, 2)));
static void fatal(const char* format, ...)
{
static void fatal(const char* format, ...) {
auto f = stderr;
fprintf(f, "[%17.06f] [FATAL] ", now());
@ -158,13 +151,9 @@ static void fatal(const char* format, ...)
exit(1);
}
static void print_version(FILE* f)
{
fprintf(f, "zeek-archiver %s\n", ZEEK_ARCHIVER_VERSION);
}
static void print_version(FILE* f) { fprintf(f, "zeek-archiver %s\n", ZEEK_ARCHIVER_VERSION); }
static void print_usage()
{
static void print_usage() {
print_version(stderr);
fprintf(stderr, "usage: zeek-archiver [options] <src_dir> <dst_dir>\n");
fprintf(stderr, " <src_dir> | A directory to monitor for Zeek log files\n");
@ -173,21 +162,24 @@ static void print_usage()
fprintf(stderr, " -1 | Archive current logs and exit w/o looping\n");
fprintf(stderr, " -h|--help | Show this usage information\n");
fprintf(stderr, " -v|--verbose | Print verbose/debug logs to stderr\n");
fprintf(stderr, " -c|--compress <ext,cmd> | File extension and compression command,\n"
fprintf(stderr,
" -c|--compress <ext,cmd> | File extension and compression command,\n"
" empty string means \"disable compression\"\n"
" (default: \"gz,gzip\")\n");
fprintf(stderr, " -d|--delimiter <string> | Delimiter between timestamps in log names\n"
fprintf(stderr,
" -d|--delimiter <string> | Delimiter between timestamps in log names\n"
" (default: \"__\")\n");
fprintf(stderr, " -t|--time-fmt <string> | Format of timestamps within input file names\n"
fprintf(stderr,
" -t|--time-fmt <string> | Format of timestamps within input file names\n"
" (default: \"%%Y-%%m-%%d-%%H-%%M-%%S\")\n");
fprintf(stderr, " -z|--zip-extensions <strings> | File extensions for already-zipped logs,\n"
fprintf(stderr,
" -z|--zip-extensions <strings> | File extensions for already-zipped logs,\n"
" an empty string disables this feature\n"
" (default: \"gz,bz2,lz,lz4\")\n");
}
static void usage_error(const char* format, ...) __attribute__((format(printf, 1, 2)));
static void usage_error(const char* format, ...)
{
static void usage_error(const char* format, ...) {
print_usage();
fprintf(stderr, "ERROR: ");
@ -202,15 +194,12 @@ static void usage_error(const char* format, ...)
exit(1);
}
static std::vector<std::string>
split_string(std::string_view input, std::string_view delim)
{
static std::vector<std::string> split_string(std::string_view input, std::string_view delim) {
std::vector<std::string> rval;
size_t pos = 0;
size_t n = 0;
while ( (n = input.find(delim, pos)) != std::string::npos )
{
while ( (n = input.find(delim, pos)) != std::string::npos ) {
rval.emplace_back(input.substr(pos, n - pos));
pos = n + delim.size();
}
@ -219,30 +208,25 @@ split_string(std::string_view input, std::string_view delim)
return rval;
}
static std::string strip_string(std::string s)
{
auto notspace = [](unsigned char c)
{
return ! std::isspace(c);
};
static std::string strip_string(std::string s) {
auto notspace = [](unsigned char c) { return ! std::isspace(c); };
s.erase(s.begin(), std::find_if(s.begin(), s.end(), notspace));
s.erase(std::find_if(s.rbegin(), s.rend(), notspace).base(), s.end());
return s;
}
static void consume_option_value(const std::string& flag, std::string arg_value)
{
if ( flag == "-c" || flag == "--compress" )
{
static void consume_option_value(const std::string& flag, std::string arg_value) {
if ( flag == "-c" || flag == "--compress" ) {
if ( arg_value.empty() )
options.compress_cmd = "";
else
{
else {
auto parts = split_string(arg_value, ",");
if ( parts.size() != 2 )
usage_error("--compress must give a 'ext,compress_cmd' formatted "
"value, got: %s", arg_value.data());
usage_error(
"--compress must give a 'ext,compress_cmd' formatted "
"value, got: %s",
arg_value.data());
options.compress_ext = parts[0];
options.compress_cmd = parts[1];
@ -250,55 +234,45 @@ static void consume_option_value(const std::string& flag, std::string arg_value)
}
else if ( flag == "-d" || flag == "--delimiter" )
{
else if ( flag == "-d" || flag == "--delimiter" ) {
if ( arg_value.empty() )
usage_error("flag '%s' is missing a value", flag.data());
options.delimiter = std::move(arg_value);
}
else if ( flag == "-t" || flag == "--time-fmt" )
{
else if ( flag == "-t" || flag == "--time-fmt" ) {
if ( arg_value.empty() )
usage_error("flag '%s' is missing a value", flag.data());
options.timestamp_fmt = std::move(arg_value);
}
else if ( flag == "-z" || flag == "--zip-extensions" )
{
else if ( flag == "-z" || flag == "--zip-extensions" ) {
options.zip_file_extensions = split_string(arg_value, ",");
}
}
static void parse_options(int argc, char** argv)
{
static void parse_options(int argc, char** argv) {
std::set<std::string> flags = {
"--version",
"-1",
"-h", "--help",
"-v", "--verbose",
"-c", "--compress",
"-d", "--delimiter",
"-t", "--time-fmt",
"-z", "--zip-extensions",
"--version", "-1", "-h", "--help", "-v", "--verbose", "-c",
"--compress", "-d", "--delimiter", "-t", "--time-fmt", "-z", "--zip-extensions",
};
bool in_options = true;
for ( auto i = 1; i < argc; ++i )
{
for ( auto i = 1; i < argc; ++i ) {
auto arg = argv[i];
if ( ! arg[0] )
continue;
if ( arg[0] == '-' )
{
if ( arg[0] == '-' ) {
if ( ! in_options )
usage_error("optional flags must precede non-optional arguments: "
"'%s'", arg);
usage_error(
"optional flags must precede non-optional arguments: "
"'%s'",
arg);
if ( ! arg[1] )
// Has to be something after a '-'
@ -313,13 +287,11 @@ static void parse_options(int argc, char** argv)
auto it = flag.find('=');
if ( it == std::string::npos )
{
if ( it == std::string::npos ) {
if ( i + 1 < argc )
opt_value = argv[i + 1];
}
else
{
else {
opt_value = flag.substr(it + 1);
flag = flag.substr(0, it);
}
@ -327,8 +299,7 @@ static void parse_options(int argc, char** argv)
if ( flags.find(flag) == flags.end() )
usage_error("invalid argument: '%s'", arg);
if ( flag == "-1" )
{
if ( flag == "-1" ) {
if ( ! opt_value.empty() && it != std::string::npos )
usage_error("invalid argument=value: '%s'", arg);
@ -336,8 +307,7 @@ static void parse_options(int argc, char** argv)
continue;
}
if ( flag == "--version" )
{
if ( flag == "--version" ) {
if ( ! opt_value.empty() && it != std::string::npos )
usage_error("invalid argument=value: '%s'", arg);
@ -345,8 +315,7 @@ static void parse_options(int argc, char** argv)
exit(0);
}
if ( flag == "-h" || flag == "--help" )
{
if ( flag == "-h" || flag == "--help" ) {
if ( ! opt_value.empty() && it != std::string::npos )
usage_error("invalid argument=value: '%s'", arg);
@ -354,8 +323,7 @@ static void parse_options(int argc, char** argv)
exit(0);
}
if ( flag == "-v" || flag == "--verbose" )
{
if ( flag == "-v" || flag == "--verbose" ) {
if ( ! opt_value.empty() && it != std::string::npos )
usage_error("invalid argument=value: '%s'", arg);
@ -369,22 +337,20 @@ static void parse_options(int argc, char** argv)
consume_option_value(flag, std::move(opt_value));
continue;
}
else
{
if ( options.src_dir.empty() )
{
else {
if ( options.src_dir.empty() ) {
in_options = false;
options.src_dir = arg;
}
else if ( options.dst_dir.empty() )
{
else if ( options.dst_dir.empty() ) {
in_options = false;
options.dst_dir = arg;
}
else
usage_error("extra/invalid argument: '%s': <src_dir>/<dst_dir> "
"already provided: %s/%s", arg,
options.src_dir.data(), options.dst_dir.data());
usage_error(
"extra/invalid argument: '%s': <src_dir>/<dst_dir> "
"already provided: %s/%s",
arg, options.src_dir.data(), options.dst_dir.data());
}
}
@ -395,16 +361,14 @@ static void parse_options(int argc, char** argv)
usage_error("no <dst_dir> provided");
}
static bool make_dir(const char* dir)
{
static bool make_dir(const char* dir) {
if ( mkdir(dir, 0775) == 0 )
return true;
auto mkdir_errno = errno;
struct stat st;
if ( stat(dir, &st) == -1 )
{
if ( stat(dir, &st) == -1 ) {
// Show the original failure reason for mkdir() since nothing's there
// or we can't even tell what is now.
error("Failed to create directory %s: %s", dir, strerror(mkdir_errno));
@ -418,8 +382,7 @@ static bool make_dir(const char* dir)
return false;
}
static bool make_dirs(std::string_view dir)
{
static bool make_dirs(std::string_view dir) {
auto parts = split_string(dir, "/");
std::string current_dir = dir[0] == '/' ? "/" : "";
std::vector<std::string> dirs;
@ -428,8 +391,7 @@ static bool make_dirs(std::string_view dir)
if ( ! p.empty() )
dirs.emplace_back(std::move(p));
for ( size_t i = 0; i < dirs.size(); ++i )
{
for ( size_t i = 0; i < dirs.size(); ++i ) {
if ( i > 0 )
current_dir += '/';
@ -442,12 +404,10 @@ static bool make_dirs(std::string_view dir)
return true;
}
bool is_file(const char* path)
{
bool is_file(const char* path) {
struct stat st;
if ( stat(path, &st) == -1 )
{
if ( stat(path, &st) == -1 ) {
if ( errno != ENOENT )
error("can't stat %s: %s", path, strerror(errno));
@ -457,19 +417,16 @@ bool is_file(const char* path)
return S_ISREG(st.st_mode);
}
std::optional<bool> same_filesystem(const char* path1, const char* path2)
{
std::optional<bool> same_filesystem(const char* path1, const char* path2) {
struct stat st1;
struct stat st2;
if ( stat(path1, &st1) == -1 )
{
if ( stat(path1, &st1) == -1 ) {
error("can't stat %s: %s", path1, strerror(errno));
return {};
}
if ( stat(path2, &st2) == -1 )
{
if ( stat(path2, &st2) == -1 ) {
error("can't stat %s: %s", path2, strerror(errno));
return {};
}
@ -477,16 +434,14 @@ std::optional<bool> same_filesystem(const char* path1, const char* path2)
return st1.st_dev == st2.st_dev;
}
static bool ends_with(std::string_view s, std::string_view ending)
{
static bool ends_with(std::string_view s, std::string_view ending) {
if ( ending.size() > s.size() )
return false;
return std::equal(ending.rbegin(), ending.rend(), s.rbegin());
}
static bool already_zipped(std::string_view file)
{
static bool already_zipped(std::string_view file) {
for ( const auto& e : options.zip_file_extensions )
if ( ends_with(file, e) )
return true;
@ -496,10 +451,8 @@ static bool already_zipped(std::string_view file)
static pid_t child_pid = -1;
static void signal_handler(int signal)
{
if ( child_pid > 0 )
{
static void signal_handler(int signal) {
if ( child_pid > 0 ) {
kill(child_pid, SIGKILL);
int status;
waitpid(child_pid, &status, 0);
@ -510,30 +463,24 @@ static void signal_handler(int signal)
// Fork a child and associate its stdin/stdout with the src and dst files,
// then run compress_cmd via system().
static int run_compress_cmd(const char* src_file, const char* dst_file)
{
static int run_compress_cmd(const char* src_file, const char* dst_file) {
child_pid = fork();
if ( child_pid == -1 )
{
if ( child_pid == -1 ) {
error("Failed to fork() to run compress command: %s", strerror(errno));
return -1;
}
if ( child_pid == 0 )
{
if ( child_pid == 0 ) {
int src_fd = open(src_file, O_RDONLY);
if ( src_fd < 0 )
{
if ( src_fd < 0 ) {
error("Failed to open src_file %s: %s", src_file, strerror(errno));
exit(254);
}
if ( dup2(src_fd, STDIN_FILENO) == -1 )
{
error("Failed to redirect src_file %s to stdin: %s", src_file,
strerror(errno));
if ( dup2(src_fd, STDIN_FILENO) == -1 ) {
error("Failed to redirect src_file %s to stdin: %s", src_file, strerror(errno));
exit(253);
}
@ -542,16 +489,13 @@ static int run_compress_cmd(const char* src_file, const char* dst_file)
int dst_fd = open(dst_file, O_CREAT | O_TRUNC | O_WRONLY, 0664);
if ( dst_fd < 0 )
{
if ( dst_fd < 0 ) {
error("Failed to open dst_file %s: %s", dst_file, strerror(errno));
exit(252);
}
if ( dup2(dst_fd, STDOUT_FILENO) == -1 )
{
error("Failed to redirect dst_file %s to stdout: %s", dst_file,
strerror(errno));
if ( dup2(dst_fd, STDOUT_FILENO) == -1 ) {
error("Failed to redirect dst_file %s to stdout: %s", dst_file, strerror(errno));
exit(251);
}
@ -568,17 +512,13 @@ static int run_compress_cmd(const char* src_file, const char* dst_file)
waitpid(child_pid, &status, 0);
child_pid = -1;
if ( ! (WIFEXITED(status) && WEXITSTATUS(status) == 0) )
{
if ( ! (WIFEXITED(status) && WEXITSTATUS(status) == 0) ) {
if ( WIFEXITED(status) )
error("Compression of %s failed, command exit status: %d (0x%x)",
src_file, WEXITSTATUS(status), status);
error("Compression of %s failed, command exit status: %d (0x%x)", src_file, WEXITSTATUS(status), status);
else if ( WIFSIGNALED(status) )
error("Compression of %s failed, got signal: %d (0x%x)",
src_file, WTERMSIG(status), status);
error("Compression of %s failed, got signal: %d (0x%x)", src_file, WTERMSIG(status), status);
else
error("Compression of %s failed, unknown reason/status: (0x%x)",
src_file, status);
error("Compression of %s failed, unknown reason/status: (0x%x)", src_file, status);
// If the compression command failed, unlink the destination
// file. Ignore any errors - it may not have been created.
@ -588,14 +528,12 @@ static int run_compress_cmd(const char* src_file, const char* dst_file)
return WIFEXITED(status) ? WEXITSTATUS(status) : -1;
}
static int archive_logs()
{
static int archive_logs() {
int rval = 0;
auto d = opendir(options.src_dir.data());
if ( ! d )
{
if ( ! d ) {
debug("Source directory '%s', does not exist", options.src_dir.data());
return rval;
}
@ -603,15 +541,13 @@ static int archive_logs()
struct dirent* dp;
std::vector<LogFile> log_files;
while ( (dp = readdir(d)) )
{
while ( (dp = readdir(d)) ) {
if ( dp->d_name[0] == '.' )
continue;
std::string path = options.src_dir + "/" + dp->d_name;
if ( ! is_file(path.data()) )
{
if ( ! is_file(path.data()) ) {
debug("Skipping archival of non-file: %s", dp->d_name);
continue;
}
@ -634,8 +570,7 @@ static int archive_logs()
//
auto parts = split_string(dp->d_name, options.delimiter);
if ( parts.size() != 4 && parts.size() != 5)
{
if ( parts.size() != 4 && parts.size() != 5 ) {
debug("Skipping archival of non-log: %s", dp->d_name);
continue;
}
@ -646,8 +581,7 @@ static int archive_logs()
auto res = strptime(parts[1].data(), options.timestamp_fmt.data(), &lf.open);
if ( ! res )
{
if ( ! res ) {
debug("Skipping archival of log with bad timestamp format: %s", dp->d_name);
continue;
}
@ -657,8 +591,7 @@ static int archive_logs()
res = strptime(parts[2].data(), options.timestamp_fmt.data(), &lf.close);
if ( ! res )
{
if ( ! res ) {
debug("Skipping archival of log with bad timestamp format: %s", dp->d_name);
continue;
}
@ -668,8 +601,7 @@ static int archive_logs()
if ( parts.size() == 4 )
lf.ext = parts[3];
else
{
else {
lf.ext = parts[4];
bool metadata_error = false;
@ -680,36 +612,30 @@ static int archive_logs()
if ( ! parts[3].empty() )
metadata_parts = split_string(parts[3], ",");
for (const auto& entry : metadata_parts)
{
for ( const auto& entry : metadata_parts ) {
auto key_value = split_string(entry, "=");
if ( key_value.size() != 2 )
{
if ( key_value.size() != 2 ) {
metadata_error = true;
break;
}
auto key = strip_string(key_value[0]);
auto value = strip_string(key_value[1]);
if ( key.empty() || value.empty() )
{
if ( key.empty() || value.empty() ) {
metadata_error = true;
break;
}
// Only log_suffix is understood as metadata.
if ( key == "log_suffix" )
{
if ( key == "log_suffix" ) {
debug("Using log_suffix '%s'", value.data());
lf.suffix = value;
}
else
debug("Ignoring unknown metadata entry %s in %s", key.data(), dp->d_name);
}
if ( metadata_error )
{
if ( metadata_error ) {
debug("Skipping archival of log with bad metadata format: %s", dp->d_name);
continue;
}
@ -720,24 +646,20 @@ static int archive_logs()
closedir(d);
for ( const auto& lf : log_files )
{
for ( const auto& lf : log_files ) {
auto dst_dir = options.dst_dir + "/" + lf.DestDir();
auto dst_file = dst_dir + "/" + lf.DestFile();
auto tmp_file = dst_dir + "/.tmp." + lf.DestFile();
const auto& src_file = lf.path;
if ( ! make_dirs(dst_dir) )
{
error("Skipped archiving %s: failed to create dir %s",
src_file.data(), dst_dir.data());
if ( ! make_dirs(dst_dir) ) {
error("Skipped archiving %s: failed to create dir %s", src_file.data(), dst_dir.data());
continue;
}
bool compress = ! options.compress_cmd.empty() && ! already_zipped(lf.ext);
if ( compress )
{
if ( compress ) {
if ( ! options.compress_ext.empty() )
dst_file += "." + options.compress_ext;
@ -749,10 +671,8 @@ static int archive_logs()
res = rename(tmp_file.data(), dst_file.data());
if ( res == -1 )
{
error("Failed to rename %s -> %s: %s",
tmp_file.data(), dst_file.data(), strerror(errno));
if ( res == -1 ) {
error("Failed to rename %s -> %s: %s", tmp_file.data(), dst_file.data(), strerror(errno));
continue;
}
@ -767,26 +687,21 @@ static int archive_logs()
auto same_fs = same_filesystem(src_file.data(), dst_dir.data());
if ( ! same_fs )
{
error("Failed to compare filesystems of %s and %s",
src_file.data(), dst_dir.data());
if ( ! same_fs ) {
error("Failed to compare filesystems of %s and %s", src_file.data(), dst_dir.data());
continue;
}
if ( *same_fs )
{
if ( *same_fs ) {
debug("Archive via rename: %s -> %s", src_file.data(), dst_file.data());
auto res = rename(src_file.data(), dst_file.data());
if ( res == -1 )
error("Failed to rename %s -> %s: %s",
src_file.data(), dst_file.data(), strerror(errno));
error("Failed to rename %s -> %s: %s", src_file.data(), dst_file.data(), strerror(errno));
else
++rval;
}
else
{
else {
debug("Archive via copy: %s -> %s", src_file.data(), dst_file.data());
std::ifstream src;
@ -794,25 +709,20 @@ static int archive_logs()
src.exceptions(std::ifstream::failbit | std::ifstream::badbit);
dst.exceptions(std::ofstream::failbit | std::ofstream::badbit);
try
{
try {
src.open(src_file, std::ios::binary);
dst.open(tmp_file, std::ios::binary);
dst << src.rdbuf();
}
catch ( const std::system_error& e )
{
error("Failed to copy %s to temporary file %s: %s",
src_file.data(), tmp_file.data(), e.code().message().data());
} catch ( const std::system_error& e ) {
error("Failed to copy %s to temporary file %s: %s", src_file.data(), tmp_file.data(),
e.code().message().data());
continue;
}
auto res = rename(tmp_file.data(), dst_file.data());
if ( res == -1 )
{
error("Failed to rename %s -> %s: %s",
tmp_file.data(), dst_file.data(), strerror(errno));
if ( res == -1 ) {
error("Failed to rename %s -> %s: %s", tmp_file.data(), dst_file.data(), strerror(errno));
continue;
}
@ -827,8 +737,7 @@ static int archive_logs()
return rval;
}
int main(int argc, char** argv)
{
int main(int argc, char** argv) {
signal(SIGTERM, signal_handler);
parse_options(argc, argv);
@ -847,15 +756,13 @@ int main(int argc, char** argv)
if ( ! make_dirs(options.dst_dir) )
fatal("Failed to create destination archive dir: %s", options.dst_dir.data());
for ( ; ; )
{
for ( ;; ) {
using hrc = std::chrono::high_resolution_clock;
auto t0 = hrc::now();
auto num_archived = archive_logs();
auto t1 = hrc::now();
if ( num_archived > 0 )
{
if ( num_archived > 0 ) {
auto dt = std::chrono::duration<double>(t1 - t0).count();
info("Archived %d logs in %f seconds", num_archived, dt);
}

75
auxil/zeek-aux/zeek-cut/zeek-cut.c
View file

@ -1,14 +1,14 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include <string.h>
#include <limits.h>
#include <getopt.h>
#include <limits.h>
#include <string.h>
// define required for FreeBSD
#define _WITH_GETLINE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
#include <unistd.h>
/* The maximum length of converted timestamp that zeek-cut can handle. */
#define MAX_TIMESTAMP_LEN 100
@ -82,7 +82,8 @@ char parsesep(const char *sepstr) {
if ( ! strncmp(sepstr, "\\x", 2) ) {
long sepval = strtol(sepstr + 2, NULL, 16);
ifs = sepval;
} else {
}
else {
ifs = sepstr[0];
}
@ -204,7 +205,8 @@ int find_output_indexes(char *line, struct logparams *lp, struct useropts *bopts
}
}
out_idx = bopts->num_columns;
} else {
}
else {
/* The "-n" option was specified on cmd-line */
out_indexes = (int*)realloc(lp->out_indexes, lp->num_fields * sizeof(int));
if ( out_indexes == NULL ) {
@ -244,16 +246,19 @@ void output_time(const char *field, struct logparams *lp, struct useropts *bopts
if ( tl < 0 || tl == LONG_MAX ) {
fprintf(stderr, "zeek-cut: time value out-of-range: %s\n", field);
} else if (*tmp != '.') {
}
else if ( *tmp != '.' ) {
if ( strcmp(field, lp->unsetf) ) {
/* field is not a valid value and is not the unset field string */
fprintf(stderr, "zeek-cut: time field is not valid: %s\n", field);
}
} else if (tl == lp->prev_ts) {
}
else if ( tl == lp->prev_ts ) {
/* timestamp is same as the previous one, so skip the conversion */
fputs(tbuf, stdout);
return;
} else {
}
else {
time_t tt = tl;
struct tm tmval;
struct tm* tmptr;
@ -265,10 +270,12 @@ void output_time(const char *field, struct logparams *lp, struct useropts *bopts
fputs(tbuf, stdout);
lp->prev_ts = tl;
return;
} else {
}
else {
fputs("zeek-cut: failed to convert timestamp (try a shorter format string)\n", stderr);
}
} else {
}
else {
/* the time conversion will fail for large values */
fprintf(stderr, "zeek-cut: time value out-of-range: %s\n", field);
}
@ -327,14 +334,15 @@ void output_indexes(int hdr, char *line, struct logparams *lp, struct useropts *
if ( dotimeconv && lp->time_cols[idxval] ) {
/* output time field */
output_time(lp->tmp_fields[idxval], lp, bopts);
} else if (dotimetypeconv && !strcmp("time", lp->tmp_fields[idxval + hdr])) {
}
else if ( dotimetypeconv && ! strcmp("time", lp->tmp_fields[idxval + hdr]) ) {
/* change the "time" type field to "string" */
fputs("string", stdout);
} else {
}
else {
/* output the field without modification */
fputs(lp->tmp_fields[idxval + hdr], stdout);
}
}
/* Note: even when idxval == -1, we still need to set "firstdone" so
@ -425,7 +433,8 @@ int zeek_cut(struct useropts bopts) {
* use the log file's input field separator.
*/
lp.ofs[0] = bopts.ofs[0] ? bopts.ofs[0] : lp.ifs[0];
} else if (!strncmp(line, "#unset_field", 12)) {
}
else if ( ! strncmp(line, "#unset_field", 12) ) {
if ( line[12] && line[13] ) {
free(lp.unsetf);
if ( (lp.unsetf = strdup(line + 13)) == NULL ) {
@ -433,19 +442,22 @@ int zeek_cut(struct useropts bopts) {
ret = 1;
break;
}
} else {
}
else {
fputs("zeek-cut: bad log header (invalid #unset_field line)\n", stderr);
ret = 1;
break;
}
} else if (!strncmp(line, "#fields", 7)) {
}
else if ( ! strncmp(line, "#fields", 7) ) {
prev_fields_line = 1;
if ( find_output_indexes(line + 8, &lp, &bopts) ) {
fputs("zeek-cut: out of memory\n", stderr);
ret = 1;
break;
}
} else if (!strncmp(line, "#types", 6)) {
}
else if ( ! strncmp(line, "#types", 6) ) {
if ( ! prev_fields_line ) {
fputs("zeek-cut: bad log header (missing #fields line)\n", stderr);
ret = 1;
@ -466,12 +478,12 @@ int zeek_cut(struct useropts bopts) {
if ( ! strncmp(line, "#fields", 7) || (! strncmp(line, "#types", 6) && (bopts.minimalview == 0)) ) {
/* Output a modified "#fields" or "#types" header line */
output_indexes(1, line, &lp, &bopts);
} else if (bopts.minimalview == 0) {
}
else if ( bopts.minimalview == 0 ) {
/* Output the header line with no changes */
puts(line);
}
}
}
free(lp.time_cols);
@ -488,7 +500,9 @@ int main(int argc, char *argv[]) {
if ( envtimefmt == NULL ) {
envtimefmt = getenv("BRO_CUT_TIMEFMT");
if ( envtimefmt != NULL )
fprintf(stderr, "zeek-cut warning: using legacy environment variable BRO_CUT_TIMEFMT, set ZEEK_CUT_TIMEFMT instead\n");
fprintf(
stderr,
"zeek-cut warning: using legacy environment variable BRO_CUT_TIMEFMT, set ZEEK_CUT_TIMEFMT instead\n");
}
struct useropts bopts;
@ -499,10 +513,7 @@ int main(int argc, char *argv[]) {
bopts.ofs = "";
bopts.timefmt = envtimefmt ? envtimefmt : "%Y-%m-%dT%H:%M:%S%z";
static struct option long_opts[] = {
{"help", no_argument, 0, 'h'},
{0, 0, 0, 0}
};
static struct option long_opts[] = {{"help", no_argument, 0, 'h'}, {0, 0, 0, 0}};
while ( (c = getopt_long(argc, argv, "cCmMnF:duD:U:h", long_opts, NULL)) != -1 ) {
switch ( c ) {
@ -522,9 +533,7 @@ int main(int argc, char *argv[]) {
bopts.minimalview = 1;
bopts.showhdr = 2;
break;
case 'n':
bopts.negate = 1;
break;
case 'n': bopts.negate = 1; break;
case 'F':
if ( strlen(optarg) != 1 ) {
fputs("zeek-cut: field separator must be a single character\n", stderr);
@ -532,12 +541,8 @@ int main(int argc, char *argv[]) {
}
bopts.ofs = optarg;
break;
case 'd':
bopts.timeconv = 1;
break;
case 'u':
bopts.timeconv = 2;
break;
case 'd': bopts.timeconv = 1; break;
case 'u': bopts.timeconv = 2; break;
case 'D':
bopts.timeconv = 1;
bopts.timefmt = optarg;
@ -546,9 +551,7 @@ int main(int argc, char *argv[]) {
bopts.timeconv = 2;
bopts.timefmt = optarg;
break;
default:
usage();
break;
default: usage(); break;
}
}