mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 13:38:19 +00:00
experiment to avoid string-to-tag-lookups
This commit is contained in:
Arne Welzel
parent
92f2f66a60
commit
7fb65bbb33
9 changed files with 43 additions and 6 deletions
|
|
@ -801,6 +801,13 @@ void SupportAnalyzer::ForwardUndelivered(uint64_t seq, int len, bool is_orig) {
|
|||
Parent()->Undelivered(seq, len, is_orig);
|
||||
}
|
||||
|
||||
zeek::Tag get_analyzer_tag(const char* name) {
|
||||
auto tag = analyzer_mgr->GetComponentTag(name);
|
||||
if ( ! tag )
|
||||
reporter->InternalError("unknown analyzer name %s; mismatch with tag analyzer::Component?", name);
|
||||
|
||||
return tag;
|
||||
}
|
||||
} // namespace zeek::analyzer
|
||||
|
||||
TEST_SUITE("Analyzer management") {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@
|
|||
|
||||
#include "zeek/EventHandler.h"
|
||||
#include "zeek/IntrusivePtr.h"
|
||||
#include "zeek/Obj.h"
|
||||
#include "zeek/Tag.h"
|
||||
#include "zeek/Timer.h"
|
||||
|
||||
|
|
@ -773,6 +772,15 @@ private:
|
|||
static ID id_counter;
|
||||
};
|
||||
|
||||
zeek::Tag get_analyzer_tag(const char* name);
|
||||
|
||||
template<const char* s>
|
||||
const zeek::Tag& AnalyzerTag() {
|
||||
static zeek::Tag tag = get_analyzer_tag(s);
|
||||
|
||||
return tag;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convenience macro to add a new timer.
|
||||
*/
|
||||
|
|
@ -826,6 +834,11 @@ public:
|
|||
sibling = nullptr;
|
||||
}
|
||||
|
||||
SupportAnalyzer(const Tag& tag, Connection* conn, bool arg_orig) : Analyzer(tag, conn) {
|
||||
orig = arg_orig;
|
||||
sibling = nullptr;
|
||||
}
|
||||
|
||||
/**
|
||||
* Destructor.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -709,7 +709,9 @@ void HTTP_Message::SkipEntityData() {
|
|||
|
||||
void HTTP_Message::Weird(const char* msg) { analyzer->Weird(msg); }
|
||||
|
||||
HTTP_Analyzer::HTTP_Analyzer(Connection* conn) : analyzer::tcp::TCP_ApplicationAnalyzer("HTTP", conn) {
|
||||
const char http[] = "HTTP";
|
||||
|
||||
HTTP_Analyzer::HTTP_Analyzer(Connection* conn) : analyzer::tcp::TCP_ApplicationAnalyzer(AnalyzerTag<http>(), conn) {
|
||||
num_requests = num_replies = 0;
|
||||
num_request_lines = num_reply_lines = 0;
|
||||
keep_alive = 0;
|
||||
|
|
|
|||
|
|
@ -142,11 +142,14 @@ protected:
|
|||
void DeactivateAnalyzer(zeek::Tag tag) override;
|
||||
};
|
||||
|
||||
const char pia_tcp[] = "PIA_TCP";
|
||||
|
||||
// PIA for TCP. Accepts both packet and stream input (and reassembles
|
||||
// packets before passing payload on to children).
|
||||
class PIA_TCP : public PIA, public analyzer::tcp::TCP_ApplicationAnalyzer {
|
||||
public:
|
||||
explicit PIA_TCP(Connection* conn) : PIA(this), analyzer::tcp::TCP_ApplicationAnalyzer("PIA_TCP", conn) {
|
||||
explicit PIA_TCP(Connection* conn)
|
||||
: PIA(this), analyzer::tcp::TCP_ApplicationAnalyzer(AnalyzerTag<pia_tcp>(), conn) {
|
||||
stream_mode = false;
|
||||
SetConn(conn);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,9 @@ static byte_buffer fmt_seq(uint32_t num) {
|
|||
return out;
|
||||
}
|
||||
|
||||
SSL_Analyzer::SSL_Analyzer(Connection* c) : analyzer::tcp::TCP_ApplicationAnalyzer("SSL", c) {
|
||||
const char ssl[] = "SSL";
|
||||
|
||||
SSL_Analyzer::SSL_Analyzer(Connection* c) : analyzer::tcp::TCP_ApplicationAnalyzer(AnalyzerTag<ssl>(), c) {
|
||||
interp = new binpac::SSL::SSL_Conn(this);
|
||||
handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this);
|
||||
had_gap = false;
|
||||
|
|
|
|||
|
|
@ -8,8 +8,10 @@
|
|||
|
||||
namespace zeek::analyzer::tcp {
|
||||
|
||||
const char contentline[] = "CONTENTLINE";
|
||||
|
||||
ContentLine_Analyzer::ContentLine_Analyzer(Connection* conn, bool orig, int max_line_length)
|
||||
: TCP_SupportAnalyzer("CONTENTLINE", conn, orig), max_line_length(max_line_length) {
|
||||
: TCP_SupportAnalyzer(AnalyzerTag<contentline>(), conn, orig), max_line_length(max_line_length) {
|
||||
InitState();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ class TCP_ApplicationAnalyzer;
|
|||
class TCP_ApplicationAnalyzer : public analyzer::Analyzer {
|
||||
public:
|
||||
TCP_ApplicationAnalyzer(const char* name, Connection* conn) : Analyzer(name, conn), tcp(nullptr) {}
|
||||
TCP_ApplicationAnalyzer(const zeek::Tag& tag, Connection* conn) : Analyzer(tag, conn), tcp(nullptr) {}
|
||||
|
||||
explicit TCP_ApplicationAnalyzer(Connection* conn) : Analyzer(conn), tcp(nullptr) {}
|
||||
|
||||
|
|
@ -74,6 +75,9 @@ public:
|
|||
TCP_SupportAnalyzer(const char* name, Connection* conn, bool arg_orig)
|
||||
: analyzer::SupportAnalyzer(name, conn, arg_orig) {}
|
||||
|
||||
TCP_SupportAnalyzer(const zeek::Tag& tag, Connection* conn, bool arg_orig)
|
||||
: analyzer::SupportAnalyzer(tag, conn, arg_orig) {}
|
||||
|
||||
~TCP_SupportAnalyzer() override {}
|
||||
|
||||
// These are passed on from TCPSessionAdapter.
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ class IPBasedAnalyzer;
|
|||
class SessionAdapter : public analyzer::Analyzer {
|
||||
public:
|
||||
SessionAdapter(const char* name, Connection* conn) : analyzer::Analyzer(name, conn) {}
|
||||
SessionAdapter(const zeek::Tag& tag, Connection* conn) : analyzer::Analyzer(tag, conn) {}
|
||||
|
||||
/**
|
||||
* Overridden from parent class.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,10 @@ constexpr int32_t TOO_LARGE_SEQ_DELTA = 1048576;
|
|||
using namespace zeek;
|
||||
using namespace zeek::packet_analysis::TCP;
|
||||
|
||||
TCPSessionAdapter::TCPSessionAdapter(Connection* conn) : packet_analysis::IP::SessionAdapter("TCP", conn) {
|
||||
const char tcp[] = "TCP";
|
||||
|
||||
TCPSessionAdapter::TCPSessionAdapter(Connection* conn)
|
||||
: packet_analysis::IP::SessionAdapter(analyzer::AnalyzerTag<tcp>(), conn) {
|
||||
// Set a timer to eventually time out this connection.
|
||||
ADD_ANALYZER_TIMER(&TCPSessionAdapter::ExpireTimer, run_state::network_time + zeek::detail::tcp_SYN_timeout, false,
|
||||
zeek::detail::TIMER_TCP_EXPIRE);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue