diff --git a/auxil/bifcl b/auxil/bifcl index 5bf9f9b478..43e9acbf54 160000 --- a/auxil/bifcl +++ b/auxil/bifcl @@ -1 +1 @@ -Subproject commit 5bf9f9b478d8927333753c77ced5af1a91b719df +Subproject commit 43e9acbf54ef319c17b96c2fc04b82b556d49679 diff --git a/src/Base64.cc b/src/Base64.cc index de83221bd1..7f1a17e50a 100644 --- a/src/Base64.cc +++ b/src/Base64.cc @@ -88,7 +88,7 @@ int* Base64Converter::InitBase64Table(const std::string& alphabet) return base64_table; } -Base64Converter::Base64Converter(Connection* arg_conn, const std::string& arg_alphabet) +Base64Converter::Base64Converter(zeek::Connection* arg_conn, const std::string& arg_alphabet) { if ( arg_alphabet.size() > 0 ) { @@ -230,7 +230,7 @@ void Base64Converter::IllegalEncoding(const char* msg) zeek::reporter->Error("%s", msg); } -zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, Connection* conn) +zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn) { if ( a && a->Len() != 0 && a->Len() != 64 ) { @@ -264,7 +264,7 @@ err: return nullptr; } -zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connection* conn) +zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn) { if ( a && a->Len() != 0 && a->Len() != 64 ) { @@ -283,12 +283,12 @@ zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connec } // namespace zeek::detail -zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, Connection* conn) +zeek::String* decode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn) { return zeek::detail::decode_base64(s, a, conn); } -zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, Connection* conn) +zeek::String* encode_base64(const zeek::String* s, const zeek::String* a, zeek::Connection* conn) { return zeek::detail::encode_base64(s ,a ,conn); } diff --git a/src/Base64.h b/src/Base64.h index 47e70f930c..ae514dad71 100644 --- a/src/Base64.h +++ b/src/Base64.h @@ -6,7 +6,7 @@ namespace zeek { class String; } using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = zeek::String; -class Connection; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); namespace zeek::detail { @@ -62,8 +62,8 @@ protected: }; -zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr); -zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr); +zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr); +zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr); } // namespace zeek::detail @@ -71,6 +71,6 @@ using Base64Converter [[deprecated("Remove in v4.1. Use zeek::detail::Base64Conv // These can't be constexpr auto definitions due to the default parameters. [[deprecated("Remove in v4.1. Use zeek::detail::decode_base64.")]] -zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr); +zeek::String* decode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr); [[deprecated("Remove in v4.1. Use zeek::detail::encode_base64.")]] -zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, Connection* conn = nullptr); +zeek::String* encode_base64(const zeek::String* s, const zeek::String* a = nullptr, zeek::Connection* conn = nullptr); diff --git a/src/Conn.cc b/src/Conn.cc index b4a052b6e8..6de529c26c 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -21,6 +21,9 @@ #include "analyzer/Manager.h" #include "iosource/IOSource.h" +namespace zeek { +namespace detail { + void ConnectionTimer::Init(Connection* arg_conn, timer_func arg_timer, bool arg_do_expire) { @@ -54,6 +57,8 @@ void ConnectionTimer::Dispatch(double t, bool is_expire) zeek::reporter->InternalError("reference count inconsistency in ConnectionTimer::Dispatch"); } +} // namespace detail + uint64_t Connection::total_connections = 0; uint64_t Connection::current_connections = 0; @@ -551,7 +556,7 @@ void Connection::AddTimer(timer_func timer, double t, bool do_expire, if ( ! key_valid ) return; - zeek::detail::Timer* conn_timer = new ConnectionTimer(this, timer, t, do_expire, type); + zeek::detail::Timer* conn_timer = new detail::ConnectionTimer(this, timer, t, do_expire, type); zeek::detail::timer_mgr->Add(conn_timer); timers.push_back(conn_timer); } @@ -685,7 +690,7 @@ void Connection::IDString(zeek::ODesc* d) const d->Add(ntohs(resp_port)); } -void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia) +void Connection::SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, ::analyzer::pia::PIA* pia) { root_analyzer = analyzer; primary_PIA = pia; @@ -728,3 +733,5 @@ bool Connection::PermitWeird(const char* name, uint64_t threshold, uint64_t rate { return zeek::detail::PermitWeird(weird_state, name, threshold, rate, duration); } + +} // namespace zeek diff --git a/src/Conn.h b/src/Conn.h index 6a6e48493f..881c3920f2 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -21,8 +21,8 @@ #include "analyzer/Tag.h" #include "analyzer/Analyzer.h" -class Connection; -class ConnectionTimer; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); +ZEEK_FORWARD_DECLARE_NAMESPACED(ConnectionTimer, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(NetSessions, zeek); class LoginConn; ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek); @@ -38,14 +38,13 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace zeek { using ValPtr = zeek::IntrusivePtr; using RecordValPtr = zeek::IntrusivePtr; -} -typedef enum { +enum ConnEventToFlag { NUL_IN_LINE, SINGULAR_CR, SINGULAR_LF, NUM_EVENTS_TO_FLAG, -} ConnEventToFlag; +}; typedef void (Connection::*timer_func)(double t); @@ -304,9 +303,9 @@ public: void DeleteTimer(double t); // Sets the root of the analyzer tree as well as the primary PIA. - void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, analyzer::pia::PIA* pia); + void SetRootAnalyzer(zeek::analyzer::TransportLayerAnalyzer* analyzer, ::analyzer::pia::PIA* pia); zeek::analyzer::TransportLayerAnalyzer* GetRootAnalyzer() { return root_analyzer; } - analyzer::pia::PIA* GetPrimaryPIA() { return primary_PIA; } + ::analyzer::pia::PIA* GetPrimaryPIA() { return primary_PIA; } // Sets the transport protocol in use. void SetTransport(TransportProto arg_proto) { proto = arg_proto; } @@ -337,7 +336,7 @@ protected: void RemoveTimer(zeek::detail::Timer* t); // Allow other classes to access pointers to these: - friend class ConnectionTimer; + friend class detail::ConnectionTimer; void InactivityTimer(double t); void StatusUpdateTimer(double t); @@ -383,12 +382,14 @@ protected: uint32_t hist_seen; zeek::analyzer::TransportLayerAnalyzer* root_analyzer; - analyzer::pia::PIA* primary_PIA; + ::analyzer::pia::PIA* primary_PIA; zeek::UID uid; // Globally unique connection ID. zeek::detail::WeirdStateMap weird_state; }; +namespace detail { + class ConnectionTimer final : public zeek::detail::Timer { public: ConnectionTimer(Connection* arg_conn, timer_func arg_timer, @@ -409,5 +410,18 @@ protected: bool do_expire; }; +} // namespace detail +} // namespace zeek + +using ConnEventToFlag [[deprecated("Remove in v4.1. Use zeek::ConnEventToFlag.")]] = zeek::ConnEventToFlag; +constexpr auto NUL_IN_LINE [[deprecated("Remove in v4.1. Use zeek::NUL_IN_LINE.")]] = zeek::NUL_IN_LINE; +constexpr auto SINGULAR_CR [[deprecated("Remove in v4.1. Use zeek::SINGULAR_CR.")]] = zeek::SINGULAR_CR; +constexpr auto SINGULAR_LF [[deprecated("Remove in v4.1. Use zeek::SINGULAR_LF.")]] = zeek::SINGULAR_LF; +constexpr auto NUM_EVENTS_TO_FLAG [[deprecated("Remove in v4.1. Use zeek::NUM_EVENTS_TO_FLAG.")]] = zeek::NUM_EVENTS_TO_FLAG; + +using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID; +using Connection [[deprecated("Remove in v4.1. Use zeek::Connection.")]] = zeek::Connection; +using ConnectionTimer [[deprecated("Remove in v4.1. Use zeek::detail::ConnectionTimer.")]] = zeek::detail::ConnectionTimer; + #define ADD_TIMER(timer, t, do_expire, type) \ AddTimer(timer_func(timer), (t), (do_expire), (type)) diff --git a/src/IPAddr.h b/src/IPAddr.h index 80aa879cf4..4df0b6aae4 100644 --- a/src/IPAddr.h +++ b/src/IPAddr.h @@ -13,7 +13,9 @@ namespace zeek { class String; } using BroString [[deprecated("Remove in v4.1. Use zeek::String instead.")]] = zeek::String; -struct ConnID; +namespace zeek { struct ConnID; } +using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID; + ZEEK_FORWARD_DECLARE_NAMESPACED(HashKey, zeek::detail); namespace analyzer { class ExpectedConn; } diff --git a/src/Reporter.h b/src/Reporter.h index 783d437e42..264761aa7a 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -17,7 +17,7 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace file_analysis { class File; } -class Connection; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(StringVal, zeek); diff --git a/src/Sessions.h b/src/Sessions.h index 138801ce38..26e6d0bde7 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -16,9 +16,11 @@ ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulationStack, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(EncapsulatingConn, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Packet, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(PacketProfiler, zeek::detail); -class Connection; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); class ConnCompressor; -struct ConnID; + +namespace zeek { struct ConnID; } +using ConnID [[deprecated("Remove in v4.1. Use zeek::ConnID.")]] = zeek::ConnID; ZEEK_FORWARD_DECLARE_NAMESPACED(Discarder, zeek::detail); diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index 3be573d5f9..e0698a4ce6 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -11,7 +11,7 @@ #include "ID.h" #include "UID.h" -class Connection; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); namespace zeek { diff --git a/src/analyzer/Analyzer.h b/src/analyzer/Analyzer.h index 567d4cf179..57f176ed64 100644 --- a/src/analyzer/Analyzer.h +++ b/src/analyzer/Analyzer.h @@ -16,7 +16,7 @@ #include "../Timer.h" #include "../IntrusivePtr.h" -class Connection; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Rule, zeek::detail); ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); @@ -632,7 +632,7 @@ public: protected: friend class AnalyzerTimer; friend class Manager; - friend class ::Connection; + friend class zeek::Connection; friend class ::analyzer::tcp::TCP_ApplicationAnalyzer; /** diff --git a/src/analyzer/Component.h b/src/analyzer/Component.h index e27b4dd742..42498516ca 100644 --- a/src/analyzer/Component.h +++ b/src/analyzer/Component.h @@ -9,8 +9,7 @@ #include "../zeek-config.h" #include "../util.h" -class Connection; - +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace zeek::analyzer { diff --git a/src/analyzer/protocol/ayiya/AYIYA.cc b/src/analyzer/protocol/ayiya/AYIYA.cc index 240cd7cd8d..2a3dba5da0 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.cc +++ b/src/analyzer/protocol/ayiya/AYIYA.cc @@ -4,7 +4,7 @@ using namespace analyzer::ayiya; -AYIYA_Analyzer::AYIYA_Analyzer(Connection* conn) +AYIYA_Analyzer::AYIYA_Analyzer(zeek::Connection* conn) : Analyzer("AYIYA", conn) { interp = new binpac::AYIYA::AYIYA_Conn(this); diff --git a/src/analyzer/protocol/ayiya/AYIYA.h b/src/analyzer/protocol/ayiya/AYIYA.h index 3904630313..b42c21526a 100644 --- a/src/analyzer/protocol/ayiya/AYIYA.h +++ b/src/analyzer/protocol/ayiya/AYIYA.h @@ -6,14 +6,14 @@ namespace analyzer { namespace ayiya { class AYIYA_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit AYIYA_Analyzer(Connection* conn); + explicit AYIYA_Analyzer(zeek::Connection* conn); virtual ~AYIYA_Analyzer(); virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new AYIYA_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac index c36065761b..f3dc420d1b 100644 --- a/src/analyzer/protocol/ayiya/ayiya-analyzer.pac +++ b/src/analyzer/protocol/ayiya/ayiya-analyzer.pac @@ -15,7 +15,7 @@ flow AYIYA_Flow function process_ayiya(pdu: PDU): bool %{ - Connection *c = connection()->bro_analyzer()->Conn(); + zeek::Connection* c = connection()->bro_analyzer()->Conn(); const zeek::EncapsulationStack* e = c->GetEncapsulation(); if ( e && e->Depth() >= zeek::BifConst::Tunnel::max_depth ) diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.cc b/src/analyzer/protocol/bittorrent/BitTorrent.cc index c479248220..c9eabac6ff 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc @@ -7,7 +7,7 @@ using namespace analyzer::bittorrent; -BitTorrent_Analyzer::BitTorrent_Analyzer(Connection* c) +BitTorrent_Analyzer::BitTorrent_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("BITTORRENT", c) { interp = new binpac::BitTorrent::BitTorrent_Conn(this); diff --git a/src/analyzer/protocol/bittorrent/BitTorrent.h b/src/analyzer/protocol/bittorrent/BitTorrent.h index e9771d6295..17c42336ed 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrent.h +++ b/src/analyzer/protocol/bittorrent/BitTorrent.h @@ -10,7 +10,7 @@ namespace analyzer { namespace bittorrent { class BitTorrent_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit BitTorrent_Analyzer(Connection* conn); + explicit BitTorrent_Analyzer(zeek::Connection* conn); ~BitTorrent_Analyzer() override; void Done() override; @@ -18,7 +18,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new BitTorrent_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index d79ed0763b..2b72028148 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -21,7 +21,7 @@ static zeek::TableTypePtr bittorrent_peer_set; static zeek::RecordTypePtr bittorrent_benc_value; static zeek::TableTypePtr bittorrent_benc_dir; -BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(Connection* c) +BitTorrentTracker_Analyzer::BitTorrentTracker_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("BITTORRENTTRACKER", c) { if ( ! bt_tracker_headers ) diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h index 473eab3f23..23186110ca 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.h +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.h @@ -45,7 +45,7 @@ enum btt_benc_states { class BitTorrentTracker_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit BitTorrentTracker_Analyzer(Connection* conn); + explicit BitTorrentTracker_Analyzer(zeek::Connection* conn); ~BitTorrentTracker_Analyzer() override; void Done() override; @@ -53,7 +53,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new BitTorrentTracker_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/conn-size/ConnSize.cc b/src/analyzer/protocol/conn-size/ConnSize.cc index cc818d28f2..30b25bdd13 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.cc +++ b/src/analyzer/protocol/conn-size/ConnSize.cc @@ -12,7 +12,7 @@ using namespace analyzer::conn_size; -ConnSize_Analyzer::ConnSize_Analyzer(Connection* c) +ConnSize_Analyzer::ConnSize_Analyzer(zeek::Connection* c) : Analyzer("CONNSIZE", c), orig_bytes(), resp_bytes(), orig_pkts(), resp_pkts(), orig_bytes_thresh(), resp_bytes_thresh(), orig_pkts_thresh(), resp_pkts_thresh(), duration_thresh() diff --git a/src/analyzer/protocol/conn-size/ConnSize.h b/src/analyzer/protocol/conn-size/ConnSize.h index f8d69fe68d..222bece169 100644 --- a/src/analyzer/protocol/conn-size/ConnSize.h +++ b/src/analyzer/protocol/conn-size/ConnSize.h @@ -10,7 +10,7 @@ namespace analyzer { namespace conn_size { class ConnSize_Analyzer : public zeek::analyzer::Analyzer { public: - explicit ConnSize_Analyzer(Connection* c); + explicit ConnSize_Analyzer(zeek::Connection* c); ~ConnSize_Analyzer() override; void Init() override; @@ -26,7 +26,7 @@ public: void SetDurationThreshold(double duration); double GetDurationThreshold() { return duration_thresh; }; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new ConnSize_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index 7976b8a03a..582819f5a3 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -5,7 +5,7 @@ static zeek::analyzer::Analyzer* GetConnsizeAnalyzer(zeek::Val* cid) { - Connection* c = zeek::sessions->FindConnection(cid); + zeek::Connection* c = zeek::sessions->FindConnection(cid); if ( ! c ) return nullptr; diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc index d0bd2b215c..8f2610e24f 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.cc +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.cc @@ -12,8 +12,7 @@ using namespace std; using namespace analyzer::dce_rpc; - -DCE_RPC_Analyzer::DCE_RPC_Analyzer(Connection *conn) +DCE_RPC_Analyzer::DCE_RPC_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("DCE_RPC", conn) { had_gap = false; diff --git a/src/analyzer/protocol/dce-rpc/DCE_RPC.h b/src/analyzer/protocol/dce-rpc/DCE_RPC.h index 6e26ec7beb..6954dc290a 100644 --- a/src/analyzer/protocol/dce-rpc/DCE_RPC.h +++ b/src/analyzer/protocol/dce-rpc/DCE_RPC.h @@ -13,7 +13,7 @@ namespace analyzer { namespace dce_rpc { class DCE_RPC_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit DCE_RPC_Analyzer(Connection* conn); + explicit DCE_RPC_Analyzer(zeek::Connection* conn); ~DCE_RPC_Analyzer() override; void Done() override; @@ -24,7 +24,7 @@ public: bool SetFileID(uint64_t fid_in) { interp->set_file_id(fid_in); return true; } - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new DCE_RPC_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/dhcp/DHCP.cc b/src/analyzer/protocol/dhcp/DHCP.cc index ee5da50633..b4ecdca90e 100644 --- a/src/analyzer/protocol/dhcp/DHCP.cc +++ b/src/analyzer/protocol/dhcp/DHCP.cc @@ -5,7 +5,7 @@ using namespace analyzer::dhcp; -DHCP_Analyzer::DHCP_Analyzer(Connection* conn) +DHCP_Analyzer::DHCP_Analyzer(zeek::Connection* conn) : Analyzer("DHCP", conn) { interp = new binpac::DHCP::DHCP_Conn(this); diff --git a/src/analyzer/protocol/dhcp/DHCP.h b/src/analyzer/protocol/dhcp/DHCP.h index cefd4b9464..b8592c15f0 100644 --- a/src/analyzer/protocol/dhcp/DHCP.h +++ b/src/analyzer/protocol/dhcp/DHCP.h @@ -8,14 +8,14 @@ namespace analyzer { namespace dhcp { class DHCP_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit DHCP_Analyzer(Connection* conn); + explicit DHCP_Analyzer(zeek::Connection* conn); ~DHCP_Analyzer() override; void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new DHCP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/dnp3/DNP3.cc b/src/analyzer/protocol/dnp3/DNP3.cc index 5dce7a290c..71ca3cf45e 100644 --- a/src/analyzer/protocol/dnp3/DNP3.cc +++ b/src/analyzer/protocol/dnp3/DNP3.cc @@ -385,7 +385,7 @@ unsigned int DNP3_Base::CalcCRC(int len, const u_char* data) return ~crc & 0xFFFF; } -DNP3_TCP_Analyzer::DNP3_TCP_Analyzer(Connection* c) +DNP3_TCP_Analyzer::DNP3_TCP_Analyzer(zeek::Connection* c) : DNP3_Base(this), TCP_ApplicationAnalyzer("DNP3_TCP", c) { } @@ -431,7 +431,7 @@ void DNP3_TCP_Analyzer::EndpointEOF(bool is_orig) Interpreter()->FlowEOF(is_orig); } -DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(Connection* c) +DNP3_UDP_Analyzer::DNP3_UDP_Analyzer(zeek::Connection* c) : DNP3_Base(this), Analyzer("DNP3_UDP", c) { } diff --git a/src/analyzer/protocol/dnp3/DNP3.h b/src/analyzer/protocol/dnp3/DNP3.h index ff57bcafbb..ee690b9220 100644 --- a/src/analyzer/protocol/dnp3/DNP3.h +++ b/src/analyzer/protocol/dnp3/DNP3.h @@ -63,7 +63,7 @@ protected: class DNP3_TCP_Analyzer : public DNP3_Base, public tcp::TCP_ApplicationAnalyzer { public: - explicit DNP3_TCP_Analyzer(Connection* conn); + explicit DNP3_TCP_Analyzer(zeek::Connection* conn); ~DNP3_TCP_Analyzer() override; void Done() override; @@ -71,19 +71,19 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static Analyzer* Instantiate(Connection* conn) + static Analyzer* Instantiate(zeek::Connection* conn) { return new DNP3_TCP_Analyzer(conn); } }; class DNP3_UDP_Analyzer : public DNP3_Base, public zeek::analyzer::Analyzer { public: - explicit DNP3_UDP_Analyzer(Connection* conn); + explicit DNP3_UDP_Analyzer(zeek::Connection* conn); ~DNP3_UDP_Analyzer() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new DNP3_UDP_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index ed4ac6f857..fb4c33954a 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -1697,7 +1697,7 @@ zeek::RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds) return r; } -Contents_DNS::Contents_DNS(Connection* conn, bool orig, +Contents_DNS::Contents_DNS(zeek::Connection* conn, bool orig, DNS_Interpreter* arg_interp) : tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig) { @@ -1791,7 +1791,7 @@ void Contents_DNS::ProcessChunk(int& len, const u_char*& data, bool orig) state = DNS_LEN_HI; } -DNS_Analyzer::DNS_Analyzer(Connection* conn) +DNS_Analyzer::DNS_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("DNS", conn) { interp = new DNS_Interpreter(this); diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index 1e9cc843dd..e74e1191b2 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -358,7 +358,7 @@ typedef enum { // ### This should be merged with TCP_Contents_RPC. class Contents_DNS final : public tcp::TCP_SupportAnalyzer { public: - Contents_DNS(Connection* c, bool orig, DNS_Interpreter* interp); + Contents_DNS(zeek::Connection* c, bool orig, DNS_Interpreter* interp); ~Contents_DNS() override; void Flush(); ///< process any partially-received data @@ -381,7 +381,7 @@ protected: // Works for both TCP and UDP. class DNS_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit DNS_Analyzer(Connection* conn); + explicit DNS_Analyzer(zeek::Connection* conn); ~DNS_Analyzer() override; void DeliverPacket(int len, const u_char* data, bool orig, @@ -393,7 +393,7 @@ public: tcp::TCP_Endpoint* peer, bool gen_event) override; void ExpireTimer(double t); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new DNS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/file/File.cc b/src/analyzer/protocol/file/File.cc index 60c4fb78a9..f0a9a3f7ca 100644 --- a/src/analyzer/protocol/file/File.cc +++ b/src/analyzer/protocol/file/File.cc @@ -11,7 +11,7 @@ using namespace analyzer::file; -File_Analyzer::File_Analyzer(const char* name, Connection* conn) +File_Analyzer::File_Analyzer(const char* name, zeek::Connection* conn) : TCP_ApplicationAnalyzer(name, conn) { buffer_len = 0; diff --git a/src/analyzer/protocol/file/File.h b/src/analyzer/protocol/file/File.h index 0e21394023..bbc6a47272 100644 --- a/src/analyzer/protocol/file/File.h +++ b/src/analyzer/protocol/file/File.h @@ -10,7 +10,7 @@ namespace analyzer { namespace file { class File_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - File_Analyzer(const char* name, Connection* conn); + File_Analyzer(const char* name, zeek::Connection* conn); void Done() override; @@ -18,7 +18,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; -// static zeek::analyzer::Analyzer* Instantiate(Connection* conn) +// static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) // { return new File_Analyzer(conn); } protected: @@ -33,21 +33,21 @@ protected: class IRC_Data : public File_Analyzer { public: - explicit IRC_Data(Connection* conn) + explicit IRC_Data(zeek::Connection* conn) : File_Analyzer("IRC_Data", conn) { } - static Analyzer* Instantiate(Connection* conn) + static Analyzer* Instantiate(zeek::Connection* conn) { return new IRC_Data(conn); } }; class FTP_Data : public File_Analyzer { public: - explicit FTP_Data(Connection* conn) + explicit FTP_Data(zeek::Connection* conn) : File_Analyzer("FTP_Data", conn) { } - static Analyzer* Instantiate(Connection* conn) + static Analyzer* Instantiate(zeek::Connection* conn) { return new FTP_Data(conn); } }; diff --git a/src/analyzer/protocol/finger/Finger.cc b/src/analyzer/protocol/finger/Finger.cc index 924531c9f9..b6c1042a3d 100644 --- a/src/analyzer/protocol/finger/Finger.cc +++ b/src/analyzer/protocol/finger/Finger.cc @@ -13,7 +13,7 @@ using namespace analyzer::finger; -Finger_Analyzer::Finger_Analyzer(Connection* conn) +Finger_Analyzer::Finger_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("FINGER", conn) { did_deliver = 0; diff --git a/src/analyzer/protocol/finger/Finger.h b/src/analyzer/protocol/finger/Finger.h index a2369c1d7a..20c21def80 100644 --- a/src/analyzer/protocol/finger/Finger.h +++ b/src/analyzer/protocol/finger/Finger.h @@ -9,14 +9,14 @@ namespace analyzer { namespace finger { class Finger_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit Finger_Analyzer(Connection* conn); + explicit Finger_Analyzer(zeek::Connection* conn); ~Finger_Analyzer() override {} void Done() override; // Line-based input. void DeliverStream(int len, const u_char* data, bool orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Finger_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ftp/FTP.cc b/src/analyzer/protocol/ftp/FTP.cc index 6334316d75..3fa86830ff 100644 --- a/src/analyzer/protocol/ftp/FTP.cc +++ b/src/analyzer/protocol/ftp/FTP.cc @@ -17,7 +17,7 @@ using namespace analyzer::ftp; -FTP_Analyzer::FTP_Analyzer(Connection* conn) +FTP_Analyzer::FTP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("FTP", conn) { pending_reply = 0; diff --git a/src/analyzer/protocol/ftp/FTP.h b/src/analyzer/protocol/ftp/FTP.h index be7685fc8e..aab729ea3d 100644 --- a/src/analyzer/protocol/ftp/FTP.h +++ b/src/analyzer/protocol/ftp/FTP.h @@ -10,12 +10,12 @@ namespace analyzer { namespace ftp { class FTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit FTP_Analyzer(Connection* conn); + explicit FTP_Analyzer(zeek::Connection* conn); void Done() override; void DeliverStream(int len, const u_char* data, bool orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new FTP_Analyzer(conn); } @@ -36,7 +36,7 @@ protected: */ class FTP_ADAT_Analyzer final : public zeek::analyzer::SupportAnalyzer { public: - FTP_ADAT_Analyzer(Connection* conn, bool arg_orig) + FTP_ADAT_Analyzer(zeek::Connection* conn, bool arg_orig) : SupportAnalyzer("FTP_ADAT", conn, arg_orig), first_token(true) { } diff --git a/src/analyzer/protocol/gnutella/Gnutella.cc b/src/analyzer/protocol/gnutella/Gnutella.cc index bbbbe2ab9f..d5dc545dff 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.cc +++ b/src/analyzer/protocol/gnutella/Gnutella.cc @@ -33,7 +33,7 @@ GnutellaMsgState::GnutellaMsgState() } -Gnutella_Analyzer::Gnutella_Analyzer(Connection* conn) +Gnutella_Analyzer::Gnutella_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("GNUTELLA", conn) { state = 0; diff --git a/src/analyzer/protocol/gnutella/Gnutella.h b/src/analyzer/protocol/gnutella/Gnutella.h index 2da0185f6a..da3633e085 100644 --- a/src/analyzer/protocol/gnutella/Gnutella.h +++ b/src/analyzer/protocol/gnutella/Gnutella.h @@ -35,13 +35,13 @@ public: class Gnutella_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit Gnutella_Analyzer(Connection* conn); + explicit Gnutella_Analyzer(zeek::Connection* conn); ~Gnutella_Analyzer() override; void Done () override; void DeliverStream(int len, const u_char* data, bool orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Gnutella_Analyzer(conn); } private: diff --git a/src/analyzer/protocol/gssapi/GSSAPI.cc b/src/analyzer/protocol/gssapi/GSSAPI.cc index c57e092403..6f52240f4c 100644 --- a/src/analyzer/protocol/gssapi/GSSAPI.cc +++ b/src/analyzer/protocol/gssapi/GSSAPI.cc @@ -7,7 +7,7 @@ using namespace analyzer::gssapi; -GSSAPI_Analyzer::GSSAPI_Analyzer(Connection* c) +GSSAPI_Analyzer::GSSAPI_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("GSSAPI", c) { interp = new binpac::GSSAPI::GSSAPI_Conn(this); diff --git a/src/analyzer/protocol/gssapi/GSSAPI.h b/src/analyzer/protocol/gssapi/GSSAPI.h index ea361fb73c..dec78a324b 100644 --- a/src/analyzer/protocol/gssapi/GSSAPI.h +++ b/src/analyzer/protocol/gssapi/GSSAPI.h @@ -12,7 +12,7 @@ namespace analyzer { namespace gssapi { class GSSAPI_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit GSSAPI_Analyzer(Connection* conn); + explicit GSSAPI_Analyzer(zeek::Connection* conn); ~GSSAPI_Analyzer() override; // Overriden from Analyzer. @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new GSSAPI_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/gtpv1/GTPv1.cc b/src/analyzer/protocol/gtpv1/GTPv1.cc index 62e63d1311..af24edb4b5 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.cc +++ b/src/analyzer/protocol/gtpv1/GTPv1.cc @@ -6,7 +6,7 @@ using namespace analyzer::gtpv1; -GTPv1_Analyzer::GTPv1_Analyzer(Connection* conn) +GTPv1_Analyzer::GTPv1_Analyzer(zeek::Connection* conn) : Analyzer("GTPV1", conn) { interp = new binpac::GTPv1::GTPv1_Conn(this); diff --git a/src/analyzer/protocol/gtpv1/GTPv1.h b/src/analyzer/protocol/gtpv1/GTPv1.h index a7ca0ab09e..ce5f46e444 100644 --- a/src/analyzer/protocol/gtpv1/GTPv1.h +++ b/src/analyzer/protocol/gtpv1/GTPv1.h @@ -6,14 +6,14 @@ namespace analyzer { namespace gtpv1 { class GTPv1_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit GTPv1_Analyzer(Connection* conn); + explicit GTPv1_Analyzer(zeek::Connection* conn); virtual ~GTPv1_Analyzer(); virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new GTPv1_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac index ad725ca7c8..3ccab06b25 100644 --- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac +++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac @@ -647,7 +647,7 @@ flow GTPv1_Flow(is_orig: bool) function process_gtpv1(pdu: GTPv1_Header): bool %{ BroAnalyzer a = connection()->bro_analyzer(); - Connection *c = a->Conn(); + zeek::Connection* c = a->Conn(); const zeek::EncapsulationStack* e = c->GetEncapsulation(); connection()->set_valid(is_orig(), false); @@ -712,7 +712,7 @@ flow GTPv1_Flow(is_orig: bool) function process_g_pdu(pdu: GTPv1_Header): bool %{ BroAnalyzer a = connection()->bro_analyzer(); - Connection *c = a->Conn(); + zeek::Connection* c = a->Conn(); const zeek::EncapsulationStack* e = c->GetEncapsulation(); if ( ${pdu.packet}.length() < (int)sizeof(struct ip) ) diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 8cc2fcf588..398456f9dc 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -825,7 +825,7 @@ void HTTP_Message::Weird(const char* msg) analyzer->Weird(msg); } -HTTP_Analyzer::HTTP_Analyzer(Connection* conn) +HTTP_Analyzer::HTTP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("HTTP", conn) { num_requests = num_replies = 0; diff --git a/src/analyzer/protocol/http/HTTP.h b/src/analyzer/protocol/http/HTTP.h index 55d014c7d5..64fb9aa8f8 100644 --- a/src/analyzer/protocol/http/HTTP.h +++ b/src/analyzer/protocol/http/HTTP.h @@ -150,7 +150,7 @@ protected: class HTTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - HTTP_Analyzer(Connection* conn); + HTTP_Analyzer(zeek::Connection* conn); void HTTP_Header(bool is_orig, mime::MIME_Header* h); void HTTP_EntityData(bool is_orig, zeek::String* entity_data); @@ -195,7 +195,7 @@ public: int GetRequestOngoing() { return request_ongoing; }; int GetReplyOngoing() { return reply_ongoing; }; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new HTTP_Analyzer(conn); } static bool Available() diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index c1527c90b6..4fe0347b16 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -20,7 +20,7 @@ using namespace analyzer::icmp; -ICMP_Analyzer::ICMP_Analyzer(Connection* c) +ICMP_Analyzer::ICMP_Analyzer(zeek::Connection* c) : TransportLayerAnalyzer("ICMP", c), icmp_conn_val(), type(), code(), request_len(-1), reply_len(-1) { @@ -506,7 +506,7 @@ void ICMP_Analyzer::UpdateEndpointVal(const zeek::ValPtr& endp_arg, bool is_orig unsigned int ICMP_Analyzer::MemoryAllocation() const { return Analyzer::MemoryAllocation() - + padded_sizeof(*this) - padded_sizeof(Connection) + + padded_sizeof(*this) - padded_sizeof(zeek::Connection) + (icmp_conn_val ? icmp_conn_val->MemoryAllocation() : 0); } diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index 327b5ace75..db12ca6a3d 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -22,11 +22,11 @@ typedef enum { // RuleMatcherState to perform our own matching. class ICMP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: - explicit ICMP_Analyzer(Connection* conn); + explicit ICMP_Analyzer(zeek::Connection* conn); void UpdateConnVal(zeek::RecordVal *conn_val) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new ICMP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc index bf1cb9073a..b76833cca3 100644 --- a/src/analyzer/protocol/ident/Ident.cc +++ b/src/analyzer/protocol/ident/Ident.cc @@ -13,7 +13,7 @@ using namespace analyzer::ident; -Ident_Analyzer::Ident_Analyzer(Connection* conn) +Ident_Analyzer::Ident_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("IDENT", conn) { did_bad_reply = did_deliver = false; diff --git a/src/analyzer/protocol/ident/Ident.h b/src/analyzer/protocol/ident/Ident.h index 214700abba..7ff44d3474 100644 --- a/src/analyzer/protocol/ident/Ident.h +++ b/src/analyzer/protocol/ident/Ident.h @@ -9,12 +9,12 @@ namespace analyzer { namespace ident { class Ident_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit Ident_Analyzer(Connection* conn); + explicit Ident_Analyzer(zeek::Connection* conn); void Done() override; void DeliverStream(int length, const u_char* data, bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Ident_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/imap/IMAP.cc b/src/analyzer/protocol/imap/IMAP.cc index 31dcbf231e..54965c429c 100644 --- a/src/analyzer/protocol/imap/IMAP.cc +++ b/src/analyzer/protocol/imap/IMAP.cc @@ -6,7 +6,7 @@ using namespace analyzer::imap; -IMAP_Analyzer::IMAP_Analyzer(Connection* conn) +IMAP_Analyzer::IMAP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("IMAP", conn) { interp = new binpac::IMAP::IMAP_Conn(this); diff --git a/src/analyzer/protocol/imap/IMAP.h b/src/analyzer/protocol/imap/IMAP.h index 5733c306d9..e37a0df5d9 100644 --- a/src/analyzer/protocol/imap/IMAP.h +++ b/src/analyzer/protocol/imap/IMAP.h @@ -12,7 +12,7 @@ namespace analyzer { namespace imap { class IMAP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit IMAP_Analyzer(Connection* conn); + explicit IMAP_Analyzer(zeek::Connection* conn); ~IMAP_Analyzer() override; void Done() override; @@ -24,7 +24,7 @@ public: void StartTLS(); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new IMAP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index ba969adc78..5e4bc35703 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -12,7 +12,7 @@ using namespace analyzer::irc; using namespace std; -IRC_Analyzer::IRC_Analyzer(Connection* conn) +IRC_Analyzer::IRC_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("IRC", conn) { invalid_msg_count = 0; diff --git a/src/analyzer/protocol/irc/IRC.h b/src/analyzer/protocol/irc/IRC.h index 852df06be1..1af05b64fd 100644 --- a/src/analyzer/protocol/irc/IRC.h +++ b/src/analyzer/protocol/irc/IRC.h @@ -16,7 +16,7 @@ public: /** * \brief Constructor, builds a new analyzer object. */ - explicit IRC_Analyzer(Connection* conn); + explicit IRC_Analyzer(zeek::Connection* conn); /** * \brief Called when connection is closed. @@ -32,7 +32,7 @@ public: */ void DeliverStream(int len, const u_char* data, bool orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new IRC_Analyzer(conn); } diff --git a/src/analyzer/protocol/krb/KRB.cc b/src/analyzer/protocol/krb/KRB.cc index 3e4285fd7f..bcedc63771 100644 --- a/src/analyzer/protocol/krb/KRB.cc +++ b/src/analyzer/protocol/krb/KRB.cc @@ -16,7 +16,7 @@ krb5_keytab KRB_Analyzer::krb_keytab = nullptr; std::once_flag KRB_Analyzer::krb_initialized; #endif -KRB_Analyzer::KRB_Analyzer(Connection* conn) +KRB_Analyzer::KRB_Analyzer(zeek::Connection* conn) : Analyzer("KRB", conn) { interp = new binpac::KRB::KRB_Conn(this); diff --git a/src/analyzer/protocol/krb/KRB.h b/src/analyzer/protocol/krb/KRB.h index 4c71a3448f..56bc8dc208 100644 --- a/src/analyzer/protocol/krb/KRB.h +++ b/src/analyzer/protocol/krb/KRB.h @@ -15,14 +15,14 @@ namespace analyzer { namespace krb { class KRB_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit KRB_Analyzer(Connection* conn); + explicit KRB_Analyzer(zeek::Connection* conn); virtual ~KRB_Analyzer(); virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new KRB_Analyzer(conn); } zeek::StringValPtr GetAuthenticationInfo(const zeek::String* principal, diff --git a/src/analyzer/protocol/krb/KRB_TCP.cc b/src/analyzer/protocol/krb/KRB_TCP.cc index c8b2ac75f9..270993c807 100644 --- a/src/analyzer/protocol/krb/KRB_TCP.cc +++ b/src/analyzer/protocol/krb/KRB_TCP.cc @@ -7,7 +7,7 @@ using namespace analyzer::krb_tcp; -KRB_Analyzer::KRB_Analyzer(Connection* conn) +KRB_Analyzer::KRB_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("KRB_TCP", conn) { interp = new binpac::KRB_TCP::KRB_Conn(this); diff --git a/src/analyzer/protocol/krb/KRB_TCP.h b/src/analyzer/protocol/krb/KRB_TCP.h index 33ae9152c7..6b55eec0ca 100644 --- a/src/analyzer/protocol/krb/KRB_TCP.h +++ b/src/analyzer/protocol/krb/KRB_TCP.h @@ -11,7 +11,7 @@ namespace analyzer { namespace krb_tcp { class KRB_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit KRB_Analyzer(Connection* conn); + explicit KRB_Analyzer(zeek::Connection* conn); ~KRB_Analyzer() override; void Done() override; @@ -26,7 +26,7 @@ public: const bro_uint_t enctype) { return zeek::val_mgr->EmptyString(); } - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new KRB_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 653d95a279..5e6a9b2077 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -27,7 +27,7 @@ static zeek::RE_Matcher* re_login_timeouts; static zeek::RE_Matcher* init_RE(zeek::ListVal* l); -Login_Analyzer::Login_Analyzer(const char* name, Connection* conn) +Login_Analyzer::Login_Analyzer(const char* name, zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer(name, conn), user_text() { state = LOGIN_STATE_AUTHENTICATE; @@ -91,7 +91,7 @@ void Login_Analyzer::DeliverStream(int length, const u_char* line, bool orig) str[j++] = line[i]; else { - if ( Conn()->FlagEvent(NUL_IN_LINE) ) + if ( Conn()->FlagEvent(zeek::NUL_IN_LINE) ) Weird("NUL_in_line"); } diff --git a/src/analyzer/protocol/login/Login.h b/src/analyzer/protocol/login/Login.h index c26f0ae133..169df850e6 100644 --- a/src/analyzer/protocol/login/Login.h +++ b/src/analyzer/protocol/login/Login.h @@ -22,7 +22,7 @@ typedef enum { class Login_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - Login_Analyzer(const char* name, Connection* conn); + Login_Analyzer(const char* name, zeek::Connection* conn); ~Login_Analyzer() override; void DeliverStream(int len, const u_char* data, bool orig) override; diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index cf2b6c0c13..d515239d82 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -380,7 +380,7 @@ void TelnetBinaryOption::InconsistentOption(unsigned int /* type */) } -NVT_Analyzer::NVT_Analyzer(Connection* conn, bool orig) +NVT_Analyzer::NVT_Analyzer(zeek::Connection* conn, bool orig) : tcp::ContentLine_Analyzer("NVT", conn, orig), options() { } @@ -536,7 +536,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data) else { - if ( Conn()->FlagEvent(SINGULAR_LF) ) + if ( Conn()->FlagEvent(zeek::SINGULAR_LF) ) Conn()->Weird("line_terminated_with_single_LF"); buf[offset++] = c; } @@ -574,7 +574,7 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data) if ( ! (CRLFAsEOL() & CR_as_EOL) && last_char == '\r' && c != '\n' && c != '\0' ) { - if ( Conn()->FlagEvent(SINGULAR_CR) ) + if ( Conn()->FlagEvent(zeek::SINGULAR_CR) ) Weird("line_terminated_with_single_CR"); } diff --git a/src/analyzer/protocol/login/NVT.h b/src/analyzer/protocol/login/NVT.h index f77c6105be..b0bfb5aa6f 100644 --- a/src/analyzer/protocol/login/NVT.h +++ b/src/analyzer/protocol/login/NVT.h @@ -124,7 +124,7 @@ protected: class NVT_Analyzer final : public tcp::ContentLine_Analyzer { public: - NVT_Analyzer(Connection* conn, bool orig); + NVT_Analyzer(zeek::Connection* conn, bool orig); ~NVT_Analyzer() override; TelnetOption* FindOption(unsigned int code); diff --git a/src/analyzer/protocol/login/RSH.cc b/src/analyzer/protocol/login/RSH.cc index ffd4620f42..031db4cec3 100644 --- a/src/analyzer/protocol/login/RSH.cc +++ b/src/analyzer/protocol/login/RSH.cc @@ -13,8 +13,8 @@ using namespace analyzer::login; // FIXME: this code should probably be merged with Rlogin.cc. -Contents_Rsh_Analyzer::Contents_Rsh_Analyzer(Connection* conn, bool orig, - Rsh_Analyzer* arg_analyzer) +Contents_Rsh_Analyzer::Contents_Rsh_Analyzer(zeek::Connection* conn, bool orig, + Rsh_Analyzer* arg_analyzer) : tcp::ContentLine_Analyzer("CONTENTS_RSH", conn, orig) { num_bytes_to_scan = 0; @@ -144,7 +144,7 @@ void Contents_Rsh_Analyzer::BadProlog() state = RSH_UNKNOWN; } -Rsh_Analyzer::Rsh_Analyzer(Connection* conn) +Rsh_Analyzer::Rsh_Analyzer(zeek::Connection* conn) : Login_Analyzer("RSH", conn) { contents_orig = new Contents_Rsh_Analyzer(conn, true, this); diff --git a/src/analyzer/protocol/login/RSH.h b/src/analyzer/protocol/login/RSH.h index 0c107adcf3..1b71b5d17f 100644 --- a/src/analyzer/protocol/login/RSH.h +++ b/src/analyzer/protocol/login/RSH.h @@ -24,7 +24,7 @@ class Rsh_Analyzer; class Contents_Rsh_Analyzer final : public tcp::ContentLine_Analyzer { public: - Contents_Rsh_Analyzer(Connection* conn, bool orig, Rsh_Analyzer* analyzer); + Contents_Rsh_Analyzer(zeek::Connection* conn, bool orig, Rsh_Analyzer* analyzer); ~Contents_Rsh_Analyzer() override; rsh_state RshSaveState() const { return save_state; } @@ -41,14 +41,14 @@ protected: class Rsh_Analyzer final : public Login_Analyzer { public: - explicit Rsh_Analyzer(Connection* conn); + explicit Rsh_Analyzer(zeek::Connection* conn); void DeliverStream(int len, const u_char* data, bool orig) override; void ClientUserName(const char* s); void ServerUserName(const char* s); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Rsh_Analyzer(conn); } Contents_Rsh_Analyzer* contents_orig; diff --git a/src/analyzer/protocol/login/Rlogin.cc b/src/analyzer/protocol/login/Rlogin.cc index a745640e37..68b4bdad3d 100644 --- a/src/analyzer/protocol/login/Rlogin.cc +++ b/src/analyzer/protocol/login/Rlogin.cc @@ -11,7 +11,7 @@ using namespace analyzer::login; -Contents_Rlogin_Analyzer::Contents_Rlogin_Analyzer(Connection* conn, bool orig, Rlogin_Analyzer* arg_analyzer) +Contents_Rlogin_Analyzer::Contents_Rlogin_Analyzer(zeek::Connection* conn, bool orig, Rlogin_Analyzer* arg_analyzer) : tcp::ContentLine_Analyzer("CONTENTLINE", conn, orig) { num_bytes_to_scan = 0; @@ -208,7 +208,7 @@ void Contents_Rlogin_Analyzer::BadProlog() } -Rlogin_Analyzer::Rlogin_Analyzer(Connection* conn) +Rlogin_Analyzer::Rlogin_Analyzer(zeek::Connection* conn) : Login_Analyzer("RLOGIN", conn) { Contents_Rlogin_Analyzer* orig = diff --git a/src/analyzer/protocol/login/Rlogin.h b/src/analyzer/protocol/login/Rlogin.h index 657d476f2a..c7ba428cf7 100644 --- a/src/analyzer/protocol/login/Rlogin.h +++ b/src/analyzer/protocol/login/Rlogin.h @@ -32,8 +32,8 @@ class Rlogin_Analyzer; class Contents_Rlogin_Analyzer final : public tcp::ContentLine_Analyzer { public: - Contents_Rlogin_Analyzer(Connection* conn, bool orig, - Rlogin_Analyzer* analyzer); + Contents_Rlogin_Analyzer(zeek::Connection* conn, bool orig, + Rlogin_Analyzer* analyzer); ~Contents_Rlogin_Analyzer() override; void SetPeer(Contents_Rlogin_Analyzer* arg_peer) @@ -55,13 +55,13 @@ protected: class Rlogin_Analyzer final : public Login_Analyzer { public: - explicit Rlogin_Analyzer(Connection* conn); + explicit Rlogin_Analyzer(zeek::Connection* conn); void ClientUserName(const char* s); void ServerUserName(const char* s); void TerminalType(const char* s); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Rlogin_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/login/Telnet.cc b/src/analyzer/protocol/login/Telnet.cc index 5a187a8221..798c6f3e7d 100644 --- a/src/analyzer/protocol/login/Telnet.cc +++ b/src/analyzer/protocol/login/Telnet.cc @@ -9,7 +9,7 @@ using namespace analyzer::login; -Telnet_Analyzer::Telnet_Analyzer(Connection* conn) +Telnet_Analyzer::Telnet_Analyzer(zeek::Connection* conn) : Login_Analyzer("TELNET", conn) { NVT_Analyzer* nvt_orig = new NVT_Analyzer(conn, true); @@ -21,4 +21,3 @@ Telnet_Analyzer::Telnet_Analyzer(Connection* conn) AddSupportAnalyzer(nvt_orig); AddSupportAnalyzer(nvt_resp); } - diff --git a/src/analyzer/protocol/login/Telnet.h b/src/analyzer/protocol/login/Telnet.h index 3ef6fc0803..af28665fd7 100644 --- a/src/analyzer/protocol/login/Telnet.h +++ b/src/analyzer/protocol/login/Telnet.h @@ -8,10 +8,10 @@ namespace analyzer { namespace login { class Telnet_Analyzer : public Login_Analyzer { public: - explicit Telnet_Analyzer(Connection* conn); + explicit Telnet_Analyzer(zeek::Connection* conn); ~Telnet_Analyzer() override {} - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Telnet_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/login/functions.bif b/src/analyzer/protocol/login/functions.bif index af23c98005..6b0e195529 100644 --- a/src/analyzer/protocol/login/functions.bif +++ b/src/analyzer/protocol/login/functions.bif @@ -26,7 +26,7 @@ ## .. zeek:see:: set_login_state function get_login_state%(cid: conn_id%): count %{ - Connection* c = sessions->FindConnection(cid); + zeek::Connection* c = sessions->FindConnection(cid); if ( ! c ) return zeek::val_mgr->False(); @@ -50,7 +50,7 @@ function get_login_state%(cid: conn_id%): count ## .. zeek:see:: get_login_state function set_login_state%(cid: conn_id, new_state: count%): bool %{ - Connection* c = sessions->FindConnection(cid); + zeek::Connection* c = sessions->FindConnection(cid); if ( ! c ) return zeek::val_mgr->False(); diff --git a/src/analyzer/protocol/modbus/Modbus.cc b/src/analyzer/protocol/modbus/Modbus.cc index a371f8c88a..9becb31359 100644 --- a/src/analyzer/protocol/modbus/Modbus.cc +++ b/src/analyzer/protocol/modbus/Modbus.cc @@ -6,7 +6,7 @@ using namespace analyzer::modbus; -ModbusTCP_Analyzer::ModbusTCP_Analyzer(Connection* c) +ModbusTCP_Analyzer::ModbusTCP_Analyzer(zeek::Connection* c) : TCP_ApplicationAnalyzer("MODBUS", c) { interp = new binpac::ModbusTCP::ModbusTCP_Conn(this); @@ -42,4 +42,3 @@ void ModbusTCP_Analyzer::EndpointEOF(bool is_orig) TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); } - diff --git a/src/analyzer/protocol/modbus/Modbus.h b/src/analyzer/protocol/modbus/Modbus.h index 6cdc58eb20..c94bfc5d16 100644 --- a/src/analyzer/protocol/modbus/Modbus.h +++ b/src/analyzer/protocol/modbus/Modbus.h @@ -7,7 +7,7 @@ namespace analyzer { namespace modbus { class ModbusTCP_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit ModbusTCP_Analyzer(Connection* conn); + explicit ModbusTCP_Analyzer(zeek::Connection* conn); ~ModbusTCP_Analyzer() override; void Done() override; @@ -16,7 +16,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new ModbusTCP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/mqtt/MQTT.cc b/src/analyzer/protocol/mqtt/MQTT.cc index 4514f4d907..b5f94d3660 100644 --- a/src/analyzer/protocol/mqtt/MQTT.cc +++ b/src/analyzer/protocol/mqtt/MQTT.cc @@ -9,7 +9,7 @@ using namespace analyzer::MQTT; -MQTT_Analyzer::MQTT_Analyzer(Connection* c) +MQTT_Analyzer::MQTT_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("MQTT", c) { interp = new binpac::MQTT::MQTT_Conn(this); diff --git a/src/analyzer/protocol/mqtt/MQTT.h b/src/analyzer/protocol/mqtt/MQTT.h index 85a4dba268..d84885406f 100644 --- a/src/analyzer/protocol/mqtt/MQTT.h +++ b/src/analyzer/protocol/mqtt/MQTT.h @@ -12,7 +12,7 @@ namespace analyzer { namespace MQTT { class MQTT_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - MQTT_Analyzer(Connection* conn); + MQTT_Analyzer(zeek::Connection* conn); ~MQTT_Analyzer() override; void Done() override; @@ -20,7 +20,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) { return new MQTT_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/mysql/MySQL.cc b/src/analyzer/protocol/mysql/MySQL.cc index 16225bd59f..7714906b02 100644 --- a/src/analyzer/protocol/mysql/MySQL.cc +++ b/src/analyzer/protocol/mysql/MySQL.cc @@ -7,7 +7,7 @@ using namespace analyzer::MySQL; -MySQL_Analyzer::MySQL_Analyzer(Connection* c) +MySQL_Analyzer::MySQL_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("MySQL", c) { interp = new binpac::MySQL::MySQL_Conn(this); diff --git a/src/analyzer/protocol/mysql/MySQL.h b/src/analyzer/protocol/mysql/MySQL.h index 5b38aa1f7c..af4ad2ef52 100644 --- a/src/analyzer/protocol/mysql/MySQL.h +++ b/src/analyzer/protocol/mysql/MySQL.h @@ -12,7 +12,7 @@ namespace analyzer { namespace MySQL { class MySQL_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit MySQL_Analyzer(Connection* conn); + explicit MySQL_Analyzer(zeek::Connection* conn); ~MySQL_Analyzer() override; // Overriden from Analyzer. @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new MySQL_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index e468344677..604dc246d0 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -163,7 +163,7 @@ void NCP_FrameBuffer::compute_msg_length() msg_len = (msg_len << 8) | data[4+i]; } -Contents_NCP_Analyzer::Contents_NCP_Analyzer(Connection* conn, bool orig, NCP_Session* arg_session) +Contents_NCP_Analyzer::Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, NCP_Session* arg_session) : tcp::TCP_SupportAnalyzer("CONTENTS_NCP", conn, orig) { session = arg_session; @@ -244,7 +244,7 @@ void Contents_NCP_Analyzer::Undelivered(uint64_t seq, int len, bool orig) resync = true; } -NCP_Analyzer::NCP_Analyzer(Connection* conn) +NCP_Analyzer::NCP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("NCP", conn) { session = new NCP_Session(this); diff --git a/src/analyzer/protocol/ncp/NCP.h b/src/analyzer/protocol/ncp/NCP.h index c360c05da8..287de6d606 100644 --- a/src/analyzer/protocol/ncp/NCP.h +++ b/src/analyzer/protocol/ncp/NCP.h @@ -84,7 +84,7 @@ protected: class Contents_NCP_Analyzer : public tcp::TCP_SupportAnalyzer { public: - Contents_NCP_Analyzer(Connection* conn, bool orig, NCP_Session* session); + Contents_NCP_Analyzer(zeek::Connection* conn, bool orig, NCP_Session* session); ~Contents_NCP_Analyzer() override; protected: @@ -101,10 +101,10 @@ protected: class NCP_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit NCP_Analyzer(Connection* conn); + explicit NCP_Analyzer(zeek::Connection* conn); ~NCP_Analyzer() override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new NCP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index 0011c97dc1..669d6993ec 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -332,8 +332,8 @@ void NetbiosSSN_Interpreter::Event(zeek::EventHandlerPtr event, const u_char* da } -Contents_NetbiosSSN::Contents_NetbiosSSN(Connection* conn, bool orig, - NetbiosSSN_Interpreter* arg_interp) +Contents_NetbiosSSN::Contents_NetbiosSSN(zeek::Connection* conn, bool orig, + NetbiosSSN_Interpreter* arg_interp) : tcp::TCP_SupportAnalyzer("CONTENTS_NETBIOSSSN", conn, orig) { interp = arg_interp; @@ -453,7 +453,7 @@ void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig) state = NETBIOS_SSN_TYPE; } -NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(Connection* conn) +NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("NETBIOSSSN", conn) { //smb_session = new SMB_Session(this); diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.h b/src/analyzer/protocol/netbios/NetbiosSSN.h index 7442b8a571..1cac17cd73 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.h +++ b/src/analyzer/protocol/netbios/NetbiosSSN.h @@ -114,7 +114,7 @@ typedef enum { // ### This should be merged with TCP_Contents_RPC, TCP_Contents_DNS. class Contents_NetbiosSSN final : public tcp::TCP_SupportAnalyzer { public: - Contents_NetbiosSSN(Connection* conn, bool orig, + Contents_NetbiosSSN(zeek::Connection* conn, bool orig, NetbiosSSN_Interpreter* interp); ~Contents_NetbiosSSN() override; @@ -141,14 +141,14 @@ protected: class NetbiosSSN_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit NetbiosSSN_Analyzer(Connection* conn); + explicit NetbiosSSN_Analyzer(zeek::Connection* conn); ~NetbiosSSN_Analyzer() override; void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new NetbiosSSN_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ntlm/NTLM.cc b/src/analyzer/protocol/ntlm/NTLM.cc index 62ea81c9e9..b76de6a59f 100644 --- a/src/analyzer/protocol/ntlm/NTLM.cc +++ b/src/analyzer/protocol/ntlm/NTLM.cc @@ -7,7 +7,7 @@ using namespace analyzer::ntlm; -NTLM_Analyzer::NTLM_Analyzer(Connection* c) +NTLM_Analyzer::NTLM_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("NTLM", c) { interp = new binpac::NTLM::NTLM_Conn(this); diff --git a/src/analyzer/protocol/ntlm/NTLM.h b/src/analyzer/protocol/ntlm/NTLM.h index 1bdbe5a0ff..60f0067af6 100644 --- a/src/analyzer/protocol/ntlm/NTLM.h +++ b/src/analyzer/protocol/ntlm/NTLM.h @@ -12,7 +12,7 @@ namespace analyzer { namespace ntlm { class NTLM_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit NTLM_Analyzer(Connection* conn); + explicit NTLM_Analyzer(zeek::Connection* conn); ~NTLM_Analyzer() override; // Overriden from Analyzer. @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new NTLM_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ntp/NTP.cc b/src/analyzer/protocol/ntp/NTP.cc index d4f2ff56f7..a38fd8531a 100644 --- a/src/analyzer/protocol/ntp/NTP.cc +++ b/src/analyzer/protocol/ntp/NTP.cc @@ -6,7 +6,7 @@ using namespace analyzer::NTP; -NTP_Analyzer::NTP_Analyzer(Connection* c) +NTP_Analyzer::NTP_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("NTP", c) { interp = new binpac::NTP::NTP_Conn(this); diff --git a/src/analyzer/protocol/ntp/NTP.h b/src/analyzer/protocol/ntp/NTP.h index 99cac3807c..1f38953b07 100644 --- a/src/analyzer/protocol/ntp/NTP.h +++ b/src/analyzer/protocol/ntp/NTP.h @@ -11,7 +11,7 @@ namespace analyzer { namespace NTP { class NTP_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit NTP_Analyzer(Connection* conn); + explicit NTP_Analyzer(zeek::Connection* conn); ~NTP_Analyzer() override; // Overriden from Analyzer. @@ -19,7 +19,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new NTP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/pia/PIA.h b/src/analyzer/protocol/pia/PIA.h index 3c216d41fe..97865144e1 100644 --- a/src/analyzer/protocol/pia/PIA.h +++ b/src/analyzer/protocol/pia/PIA.h @@ -77,25 +77,25 @@ protected: void DoMatch(const u_char* data, int len, bool is_orig, bool bol, bool eol, bool clear_state, const zeek::IP_Hdr* ip = nullptr); - void SetConn(Connection* c) { conn = c; } + void SetConn(zeek::Connection* c) { conn = c; } Buffer pkt_buffer; private: zeek::analyzer::Analyzer* as_analyzer; - Connection* conn; + zeek::Connection* conn; DataBlock current_packet; }; // PIA for UDP. class PIA_UDP : public PIA, public zeek::analyzer::Analyzer { public: - explicit PIA_UDP(Connection* conn) + explicit PIA_UDP(zeek::Connection* conn) : PIA(this), Analyzer("PIA_UDP", conn) { SetConn(conn); } ~PIA_UDP() override { } - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new PIA_UDP(conn); } protected: @@ -120,7 +120,7 @@ protected: // packets before passing payload on to children). class PIA_TCP : public PIA, public tcp::TCP_ApplicationAnalyzer { public: - explicit PIA_TCP(Connection* conn) + explicit PIA_TCP(zeek::Connection* conn) : PIA(this), tcp::TCP_ApplicationAnalyzer("PIA_TCP", conn) { stream_mode = false; SetConn(conn); } @@ -140,7 +140,7 @@ public: void ReplayStreamBuffer(zeek::analyzer::Analyzer* analyzer); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new PIA_TCP(conn); } protected: diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index 0b5931e8e6..52ae99b5c2 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -26,7 +26,7 @@ static const char* pop3_cmd_word[] = { #define POP3_CMD_WORD(code) ((code >= 0) ? pop3_cmd_word[code] : "(UNKNOWN)") -POP3_Analyzer::POP3_Analyzer(Connection* conn) +POP3_Analyzer::POP3_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("POP3", conn) { masterState = POP3_START; diff --git a/src/analyzer/protocol/pop3/POP3.h b/src/analyzer/protocol/pop3/POP3.h index 5aa3419a66..f59a35d111 100644 --- a/src/analyzer/protocol/pop3/POP3.h +++ b/src/analyzer/protocol/pop3/POP3.h @@ -63,13 +63,13 @@ typedef enum { class POP3_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit POP3_Analyzer(Connection* conn); + explicit POP3_Analyzer(zeek::Connection* conn); ~POP3_Analyzer() override; void Done() override; void DeliverStream(int len, const u_char* data, bool orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new POP3_Analyzer(conn); } diff --git a/src/analyzer/protocol/radius/RADIUS.cc b/src/analyzer/protocol/radius/RADIUS.cc index 9ddf9318e7..2a3de1d6b8 100644 --- a/src/analyzer/protocol/radius/RADIUS.cc +++ b/src/analyzer/protocol/radius/RADIUS.cc @@ -8,7 +8,7 @@ using namespace analyzer::RADIUS; -RADIUS_Analyzer::RADIUS_Analyzer(Connection* c) +RADIUS_Analyzer::RADIUS_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("RADIUS", c) { interp = new binpac::RADIUS::RADIUS_Conn(this); diff --git a/src/analyzer/protocol/radius/RADIUS.h b/src/analyzer/protocol/radius/RADIUS.h index 9ac473937d..b76ebd7630 100644 --- a/src/analyzer/protocol/radius/RADIUS.h +++ b/src/analyzer/protocol/radius/RADIUS.h @@ -13,7 +13,7 @@ namespace analyzer { namespace RADIUS { class RADIUS_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit RADIUS_Analyzer(Connection* conn); + explicit RADIUS_Analyzer(zeek::Connection* conn); ~RADIUS_Analyzer() override; // Overriden from Analyzer. @@ -21,7 +21,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new RADIUS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index f8ffd75ed4..5691eaf439 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -6,7 +6,7 @@ using namespace analyzer::rdp; -RDP_Analyzer::RDP_Analyzer(Connection* c) +RDP_Analyzer::RDP_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("RDP", c) { interp = new binpac::RDP::RDP_Conn(this); diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h index 5cb0850e60..6b6d90cee9 100644 --- a/src/analyzer/protocol/rdp/RDP.h +++ b/src/analyzer/protocol/rdp/RDP.h @@ -10,7 +10,7 @@ namespace analyzer { namespace rdp { class RDP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit RDP_Analyzer(Connection* conn); + explicit RDP_Analyzer(zeek::Connection* conn); ~RDP_Analyzer() override; // Overriden from Analyzer. @@ -19,7 +19,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) { return new RDP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rdp/RDPEUDP.cc b/src/analyzer/protocol/rdp/RDPEUDP.cc index 457be271ba..e1238161a6 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.cc +++ b/src/analyzer/protocol/rdp/RDPEUDP.cc @@ -5,7 +5,7 @@ using namespace analyzer::rdpeudp; -RDP_Analyzer::RDP_Analyzer(Connection* c) +RDP_Analyzer::RDP_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("RDPEUDP", c) { interp = new binpac::RDPEUDP::RDPEUDP_Conn(this); diff --git a/src/analyzer/protocol/rdp/RDPEUDP.h b/src/analyzer/protocol/rdp/RDPEUDP.h index c5409a7817..e692c32acc 100644 --- a/src/analyzer/protocol/rdp/RDPEUDP.h +++ b/src/analyzer/protocol/rdp/RDPEUDP.h @@ -8,13 +8,13 @@ namespace analyzer { namespace rdpeudp { class RDP_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit RDP_Analyzer(Connection* conn); + explicit RDP_Analyzer(zeek::Connection* conn); ~RDP_Analyzer() override; void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) { return new RDP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rfb/RFB.cc b/src/analyzer/protocol/rfb/RFB.cc index c3226f1223..52d8699fa7 100644 --- a/src/analyzer/protocol/rfb/RFB.cc +++ b/src/analyzer/protocol/rfb/RFB.cc @@ -8,7 +8,7 @@ using namespace analyzer::rfb; -RFB_Analyzer::RFB_Analyzer(Connection* c) +RFB_Analyzer::RFB_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("RFB", c) diff --git a/src/analyzer/protocol/rfb/RFB.h b/src/analyzer/protocol/rfb/RFB.h index 56626d508a..148c1ee35e 100644 --- a/src/analyzer/protocol/rfb/RFB.h +++ b/src/analyzer/protocol/rfb/RFB.h @@ -12,7 +12,7 @@ namespace analyzer { namespace rfb { class RFB_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit RFB_Analyzer(Connection* conn); + explicit RFB_Analyzer(zeek::Connection* conn); ~RFB_Analyzer() override; // Overriden from Analyzer. @@ -24,7 +24,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) { return new RFB_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/rpc/MOUNT.cc b/src/analyzer/protocol/rpc/MOUNT.cc index 17a403e86c..af30ee359a 100644 --- a/src/analyzer/protocol/rpc/MOUNT.cc +++ b/src/analyzer/protocol/rpc/MOUNT.cc @@ -280,7 +280,7 @@ zeek::RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n, return rep; } -MOUNT_Analyzer::MOUNT_Analyzer(Connection* conn) +MOUNT_Analyzer::MOUNT_Analyzer(zeek::Connection* conn) : RPC_Analyzer("MOUNT", conn, new MOUNT_Interp(this)) { orig_rpc = resp_rpc = nullptr; diff --git a/src/analyzer/protocol/rpc/MOUNT.h b/src/analyzer/protocol/rpc/MOUNT.h index 345029c57d..0019354987 100644 --- a/src/analyzer/protocol/rpc/MOUNT.h +++ b/src/analyzer/protocol/rpc/MOUNT.h @@ -39,10 +39,10 @@ protected: class MOUNT_Analyzer : public RPC_Analyzer { public: - explicit MOUNT_Analyzer(Connection* conn); + explicit MOUNT_Analyzer(zeek::Connection* conn); void Init() override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new MOUNT_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/rpc/NFS.cc b/src/analyzer/protocol/rpc/NFS.cc index 6e40cb5554..84ed067d49 100644 --- a/src/analyzer/protocol/rpc/NFS.cc +++ b/src/analyzer/protocol/rpc/NFS.cc @@ -817,7 +817,7 @@ zeek::ValPtr NFS_Interp::ExtractBool(const u_char*& buf, int& n) } -NFS_Analyzer::NFS_Analyzer(Connection* conn) +NFS_Analyzer::NFS_Analyzer(zeek::Connection* conn) : RPC_Analyzer("NFS", conn, new NFS_Interp(this)) { orig_rpc = resp_rpc = nullptr; diff --git a/src/analyzer/protocol/rpc/NFS.h b/src/analyzer/protocol/rpc/NFS.h index daf01d4e57..2f0bac4ae6 100644 --- a/src/analyzer/protocol/rpc/NFS.h +++ b/src/analyzer/protocol/rpc/NFS.h @@ -81,10 +81,10 @@ protected: class NFS_Analyzer : public RPC_Analyzer { public: - explicit NFS_Analyzer(Connection* conn); + explicit NFS_Analyzer(zeek::Connection* conn); void Init() override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new NFS_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index 9086562efe..bbbc8b151f 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -289,7 +289,7 @@ void PortmapperInterp::Event(zeek::EventHandlerPtr f, zeek::ValPtr request, BifE analyzer->EnqueueConnEvent(f, std::move(vl)); } -Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn) +Portmapper_Analyzer::Portmapper_Analyzer(zeek::Connection* conn) : RPC_Analyzer("PORTMAPPER", conn, new PortmapperInterp(this)) { orig_rpc = resp_rpc = nullptr; diff --git a/src/analyzer/protocol/rpc/Portmap.h b/src/analyzer/protocol/rpc/Portmap.h index 85db91ab89..5a8be03d6b 100644 --- a/src/analyzer/protocol/rpc/Portmap.h +++ b/src/analyzer/protocol/rpc/Portmap.h @@ -26,11 +26,11 @@ protected: class Portmapper_Analyzer : public RPC_Analyzer { public: - explicit Portmapper_Analyzer(Connection* conn); + explicit Portmapper_Analyzer(zeek::Connection* conn); ~Portmapper_Analyzer() override; void Init() override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Portmapper_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 504a7851ea..acdd7811b3 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -412,8 +412,8 @@ bool RPC_Reasm_Buffer::ConsumeChunk(const u_char*& data, int& len) return (expected == processed); } -Contents_RPC::Contents_RPC(Connection* conn, bool orig, - RPC_Interpreter* arg_interp) +Contents_RPC::Contents_RPC(zeek::Connection* conn, bool orig, + RPC_Interpreter* arg_interp) : tcp::TCP_SupportAnalyzer("CONTENTS_RPC", conn, orig) { interp = arg_interp; @@ -720,8 +720,8 @@ void Contents_RPC::DeliverStream(int len, const u_char* data, bool orig) } // end while } -RPC_Analyzer::RPC_Analyzer(const char* name, Connection* conn, - RPC_Interpreter* arg_interp) +RPC_Analyzer::RPC_Analyzer(const char* name, zeek::Connection* conn, + RPC_Interpreter* arg_interp) : tcp::TCP_ApplicationAnalyzer(name, conn), interp(arg_interp), orig_rpc(), resp_rpc() { diff --git a/src/analyzer/protocol/rpc/RPC.h b/src/analyzer/protocol/rpc/RPC.h index f7c1ba91d5..cb5eb1d272 100644 --- a/src/analyzer/protocol/rpc/RPC.h +++ b/src/analyzer/protocol/rpc/RPC.h @@ -186,7 +186,7 @@ protected: /* Support Analyzer for reassembling RPC-over-TCP messages */ class Contents_RPC final : public tcp::TCP_SupportAnalyzer { public: - Contents_RPC(Connection* conn, bool orig, RPC_Interpreter* interp); + Contents_RPC(zeek::Connection* conn, bool orig, RPC_Interpreter* interp); ~Contents_RPC() override; protected: @@ -232,7 +232,7 @@ protected: class RPC_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - RPC_Analyzer(const char* name, Connection* conn, + RPC_Analyzer(const char* name, zeek::Connection* conn, RPC_Interpreter* arg_interp); ~RPC_Analyzer() override; diff --git a/src/analyzer/protocol/sip/SIP.cc b/src/analyzer/protocol/sip/SIP.cc index 3ea5acbeaf..7c7ff312f3 100644 --- a/src/analyzer/protocol/sip/SIP.cc +++ b/src/analyzer/protocol/sip/SIP.cc @@ -4,7 +4,7 @@ using namespace analyzer::SIP; -SIP_Analyzer::SIP_Analyzer(Connection* c) +SIP_Analyzer::SIP_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("SIP", c) { interp = new binpac::SIP::SIP_Conn(this); diff --git a/src/analyzer/protocol/sip/SIP.h b/src/analyzer/protocol/sip/SIP.h index e3acec9f0f..2f1149346a 100644 --- a/src/analyzer/protocol/sip/SIP.h +++ b/src/analyzer/protocol/sip/SIP.h @@ -9,7 +9,7 @@ namespace analyzer { namespace SIP { class SIP_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit SIP_Analyzer(Connection* conn); + explicit SIP_Analyzer(zeek::Connection* conn); ~SIP_Analyzer() override; // Overridden from Analyzer @@ -18,7 +18,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SIP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/sip/SIP_TCP.cc b/src/analyzer/protocol/sip/SIP_TCP.cc index c9ab8bba71..a7ab9a5ffc 100644 --- a/src/analyzer/protocol/sip/SIP_TCP.cc +++ b/src/analyzer/protocol/sip/SIP_TCP.cc @@ -9,7 +9,7 @@ using namespace analyzer::sip_tcp; -SIP_Analyzer::SIP_Analyzer(Connection* conn) +SIP_Analyzer::SIP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("SIP_TCP", conn) { interp = new binpac::SIP_TCP::SIP_Conn(this); diff --git a/src/analyzer/protocol/sip/SIP_TCP.h b/src/analyzer/protocol/sip/SIP_TCP.h index ed64b22056..84d6d22166 100644 --- a/src/analyzer/protocol/sip/SIP_TCP.h +++ b/src/analyzer/protocol/sip/SIP_TCP.h @@ -13,7 +13,7 @@ namespace analyzer { namespace sip_tcp { class SIP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit SIP_Analyzer(Connection* conn); + explicit SIP_Analyzer(zeek::Connection* conn); ~SIP_Analyzer() override; void Done() override; @@ -23,7 +23,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SIP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/smb/SMB.cc b/src/analyzer/protocol/smb/SMB.cc index 9fd925f233..eff26b9b9a 100644 --- a/src/analyzer/protocol/smb/SMB.cc +++ b/src/analyzer/protocol/smb/SMB.cc @@ -6,7 +6,7 @@ using namespace analyzer::smb; // being seen. #define SMB_MAX_LEN (1<<18) -SMB_Analyzer::SMB_Analyzer(Connection *conn) +SMB_Analyzer::SMB_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("SMB", conn) { chunks=0; diff --git a/src/analyzer/protocol/smb/SMB.h b/src/analyzer/protocol/smb/SMB.h index a076c1e429..a8c406ba9d 100644 --- a/src/analyzer/protocol/smb/SMB.h +++ b/src/analyzer/protocol/smb/SMB.h @@ -7,7 +7,7 @@ namespace analyzer { namespace smb { class SMB_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit SMB_Analyzer(Connection* conn); + explicit SMB_Analyzer(zeek::Connection* conn); ~SMB_Analyzer() override; void Done() override; @@ -18,7 +18,7 @@ public: bool HasSMBHeader(int len, const u_char* data); void NeedResync(); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SMB_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 177dcf9d1a..91c0ff996b 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -26,7 +26,7 @@ static const char* unknown_cmd = "(UNKNOWN)"; #define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : unknown_cmd) -SMTP_Analyzer::SMTP_Analyzer(Connection* conn) +SMTP_Analyzer::SMTP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("SMTP", conn) { expect_sender = false; diff --git a/src/analyzer/protocol/smtp/SMTP.h b/src/analyzer/protocol/smtp/SMTP.h index 4bf39eb38f..9d67b16588 100644 --- a/src/analyzer/protocol/smtp/SMTP.h +++ b/src/analyzer/protocol/smtp/SMTP.h @@ -37,7 +37,7 @@ typedef enum { class SMTP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit SMTP_Analyzer(Connection* conn); + explicit SMTP_Analyzer(zeek::Connection* conn); ~SMTP_Analyzer() override; void Done() override; @@ -47,7 +47,7 @@ public: void SkipData() { skip_data = 1; } // skip delivery of data lines - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SMTP_Analyzer(conn); } diff --git a/src/analyzer/protocol/snmp/SNMP.cc b/src/analyzer/protocol/snmp/SNMP.cc index c998c9fcde..2687823ac0 100644 --- a/src/analyzer/protocol/snmp/SNMP.cc +++ b/src/analyzer/protocol/snmp/SNMP.cc @@ -8,7 +8,7 @@ using namespace analyzer::snmp; -SNMP_Analyzer::SNMP_Analyzer(Connection* conn) +SNMP_Analyzer::SNMP_Analyzer(zeek::Connection* conn) : Analyzer("SNMP", conn) { interp = new binpac::SNMP::SNMP_Conn(this); diff --git a/src/analyzer/protocol/snmp/SNMP.h b/src/analyzer/protocol/snmp/SNMP.h index 4d6001933e..5521a81964 100644 --- a/src/analyzer/protocol/snmp/SNMP.h +++ b/src/analyzer/protocol/snmp/SNMP.h @@ -10,14 +10,14 @@ class SNMP_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit SNMP_Analyzer(Connection* conn); + explicit SNMP_Analyzer(zeek::Connection* conn); virtual ~SNMP_Analyzer(); virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen); - static zeek::analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + static zeek::analyzer::Analyzer* InstantiateAnalyzer(zeek::Connection* conn) { return new SNMP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/socks/SOCKS.cc b/src/analyzer/protocol/socks/SOCKS.cc index 6490f38165..b203495335 100644 --- a/src/analyzer/protocol/socks/SOCKS.cc +++ b/src/analyzer/protocol/socks/SOCKS.cc @@ -6,7 +6,7 @@ using namespace analyzer::socks; -SOCKS_Analyzer::SOCKS_Analyzer(Connection* conn) +SOCKS_Analyzer::SOCKS_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("SOCKS", conn) { interp = new binpac::SOCKS::SOCKS_Conn(this); @@ -90,4 +90,3 @@ void SOCKS_Analyzer::Undelivered(uint64_t seq, int len, bool orig) tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); interp->NewGap(orig, len); } - diff --git a/src/analyzer/protocol/socks/SOCKS.h b/src/analyzer/protocol/socks/SOCKS.h index f97c544a30..7dcddcc82c 100644 --- a/src/analyzer/protocol/socks/SOCKS.h +++ b/src/analyzer/protocol/socks/SOCKS.h @@ -15,7 +15,7 @@ namespace analyzer { namespace socks { class SOCKS_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit SOCKS_Analyzer(Connection* conn); + explicit SOCKS_Analyzer(zeek::Connection* conn); ~SOCKS_Analyzer() override; void EndpointDone(bool orig); @@ -25,7 +25,7 @@ public: void Undelivered(uint64_t seq, int len, bool orig) override; void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SOCKS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index c43a4ce1fc..c301e4eb2a 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -11,7 +11,7 @@ using namespace analyzer::SSH; -SSH_Analyzer::SSH_Analyzer(Connection* c) +SSH_Analyzer::SSH_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("SSH", c) { interp = new binpac::SSH::SSH_Conn(this); diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index b3a5b224d4..78788df91b 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -12,7 +12,7 @@ namespace analyzer { class SSH_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit SSH_Analyzer(Connection* conn); + explicit SSH_Analyzer(zeek::Connection* conn); ~SSH_Analyzer() override; // Overriden from Analyzer. @@ -23,7 +23,7 @@ namespace analyzer { // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SSH_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc index e155f79a0a..fca05e0c54 100644 --- a/src/analyzer/protocol/ssl/DTLS.cc +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -10,7 +10,7 @@ using namespace analyzer::dtls; -DTLS_Analyzer::DTLS_Analyzer(Connection* c) +DTLS_Analyzer::DTLS_Analyzer(zeek::Connection* c) : zeek::analyzer::Analyzer("DTLS", c) { interp = new binpac::DTLS::SSL_Conn(this); diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h index ff059efa2d..20d38ae62c 100644 --- a/src/analyzer/protocol/ssl/DTLS.h +++ b/src/analyzer/protocol/ssl/DTLS.h @@ -12,7 +12,7 @@ namespace analyzer { namespace dtls { class DTLS_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit DTLS_Analyzer(Connection* conn); + explicit DTLS_Analyzer(zeek::Connection* conn); ~DTLS_Analyzer() override; // Overriden from Analyzer. @@ -24,7 +24,7 @@ public: void SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, uint32_t length, const u_char* begin, const u_char* end, bool orig); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new DTLS_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index 4f54568a43..8c78062d56 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -10,7 +10,7 @@ using namespace analyzer::ssl; -SSL_Analyzer::SSL_Analyzer(Connection* c) +SSL_Analyzer::SSL_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("SSL", c) { interp = new binpac::SSL::SSL_Conn(this); diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h index fa318c9b3f..51a5f6d53b 100644 --- a/src/analyzer/protocol/ssl/SSL.h +++ b/src/analyzer/protocol/ssl/SSL.h @@ -12,7 +12,7 @@ namespace analyzer { namespace ssl { class SSL_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit SSL_Analyzer(Connection* conn); + explicit SSL_Analyzer(zeek::Connection* conn); ~SSL_Analyzer() override; // Overriden from Analyzer. @@ -28,7 +28,7 @@ public: // Overriden from tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SSL_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.cc b/src/analyzer/protocol/stepping-stone/SteppingStone.cc index 7cb644e7c0..a367ee25c4 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc @@ -152,7 +152,7 @@ void SteppingStoneEndpoint::CreateEndpEvent(bool is_orig) ); } -SteppingStone_Analyzer::SteppingStone_Analyzer(Connection* c) +SteppingStone_Analyzer::SteppingStone_Analyzer(zeek::Connection* c) : tcp::TCP_ApplicationAnalyzer("STEPPINGSTONE", c) { stp_manager = zeek::sessions->GetSTPManager(); diff --git a/src/analyzer/protocol/stepping-stone/SteppingStone.h b/src/analyzer/protocol/stepping-stone/SteppingStone.h index 474a9bbe04..3824dc77e9 100644 --- a/src/analyzer/protocol/stepping-stone/SteppingStone.h +++ b/src/analyzer/protocol/stepping-stone/SteppingStone.h @@ -42,13 +42,13 @@ protected: class SteppingStone_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit SteppingStone_Analyzer(Connection* c); + explicit SteppingStone_Analyzer(zeek::Connection* c); ~SteppingStone_Analyzer() override {}; void Init() override; void Done() override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new SteppingStone_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/syslog/Syslog.cc b/src/analyzer/protocol/syslog/Syslog.cc index c0184b11ab..01541c5087 100644 --- a/src/analyzer/protocol/syslog/Syslog.cc +++ b/src/analyzer/protocol/syslog/Syslog.cc @@ -6,7 +6,7 @@ using namespace analyzer::syslog; -Syslog_Analyzer::Syslog_Analyzer(Connection* conn) +Syslog_Analyzer::Syslog_Analyzer(zeek::Connection* conn) : Analyzer("SYSLOG", conn) { interp = new binpac::Syslog::Syslog_Conn(this); @@ -49,7 +49,7 @@ void Syslog_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint // t + Syslog_session_timeout, true, TIMER_Syslog_EXPIRE); // } -//Syslog_tcp::TCP_Analyzer::Syslog_tcp::TCP_Analyzer(Connection* conn) +//Syslog_tcp::TCP_Analyzer::Syslog_tcp::TCP_Analyzer(zeek::Connection* conn) //: tcp::TCP_ApplicationAnalyzer(conn) // { // interp = new binpac::Syslog_on_TCP::Syslog_TCP_Conn(this); diff --git a/src/analyzer/protocol/syslog/Syslog.h b/src/analyzer/protocol/syslog/Syslog.h index 9b68982c2e..6e36f90f4c 100644 --- a/src/analyzer/protocol/syslog/Syslog.h +++ b/src/analyzer/protocol/syslog/Syslog.h @@ -10,14 +10,14 @@ namespace analyzer { namespace syslog { class Syslog_Analyzer : public zeek::analyzer::Analyzer { public: - explicit Syslog_Analyzer(Connection* conn); + explicit Syslog_Analyzer(zeek::Connection* conn); ~Syslog_Analyzer() override; void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Syslog_Analyzer(conn); } protected: @@ -30,7 +30,7 @@ protected: // //class Syslog_tcp::TCP_Analyzer : public tcp::TCP_ApplicationAnalyzer { //public: -// Syslog_tcp::TCP_Analyzer(Connection* conn); +// Syslog_tcp::TCP_Analyzer(zeek::Connection* conn); // virtual ~Syslog_tcp::TCP_Analyzer(); // // virtual void Done(); @@ -38,7 +38,7 @@ protected: // virtual void Undelivered(uint64_t seq, int len, bool orig); // virtual void EndpointEOF(tcp::TCP_Reassembler* endp); // -// static zeek::analyzer::Analyzer* Instantiate(Connection* conn) +// static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) // { return new Syslog_tcp::TCP_Analyzer(conn); } // //protected: diff --git a/src/analyzer/protocol/tcp/ContentLine.cc b/src/analyzer/protocol/tcp/ContentLine.cc index 6c532ce2f4..f8fcef337c 100644 --- a/src/analyzer/protocol/tcp/ContentLine.cc +++ b/src/analyzer/protocol/tcp/ContentLine.cc @@ -6,13 +6,13 @@ using namespace analyzer::tcp; -ContentLine_Analyzer::ContentLine_Analyzer(Connection* conn, bool orig, int max_line_length) +ContentLine_Analyzer::ContentLine_Analyzer(zeek::Connection* conn, bool orig, int max_line_length) : TCP_SupportAnalyzer("CONTENTLINE", conn, orig), max_line_length(max_line_length) { InitState(); } -ContentLine_Analyzer::ContentLine_Analyzer(const char* name, Connection* conn, bool orig, int max_line_length) +ContentLine_Analyzer::ContentLine_Analyzer(const char* name, zeek::Connection* conn, bool orig, int max_line_length) : TCP_SupportAnalyzer(name, conn, orig), max_line_length(max_line_length) { InitState(); @@ -261,7 +261,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data) else { - if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_LF) ) + if ( ! suppress_weirds && Conn()->FlagEvent(zeek::SINGULAR_LF) ) Conn()->Weird("line_terminated_with_single_LF"); buf[offset++] = c; } @@ -280,7 +280,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data) } if ( last_char == '\r' ) - if ( ! suppress_weirds && Conn()->FlagEvent(SINGULAR_CR) ) + if ( ! suppress_weirds && Conn()->FlagEvent(zeek::SINGULAR_CR) ) Conn()->Weird("line_terminated_with_single_CR"); last_char = c; @@ -310,7 +310,7 @@ void ContentLine_Analyzer::CheckNUL() ; // Ignore it. else { - if ( ! suppress_weirds && Conn()->FlagEvent(NUL_IN_LINE) ) + if ( ! suppress_weirds && Conn()->FlagEvent(zeek::NUL_IN_LINE) ) Conn()->Weird("NUL_in_line"); flag_NULs = false; } diff --git a/src/analyzer/protocol/tcp/ContentLine.h b/src/analyzer/protocol/tcp/ContentLine.h index e7f310e90e..b9d1837a73 100644 --- a/src/analyzer/protocol/tcp/ContentLine.h +++ b/src/analyzer/protocol/tcp/ContentLine.h @@ -14,7 +14,7 @@ namespace analyzer { namespace tcp { class ContentLine_Analyzer : public TCP_SupportAnalyzer { public: - ContentLine_Analyzer(Connection* conn, bool orig, int max_line_length=DEFAULT_MAX_LINE_LENGTH); + ContentLine_Analyzer(zeek::Connection* conn, bool orig, int max_line_length=DEFAULT_MAX_LINE_LENGTH); ~ContentLine_Analyzer() override; void SupressWeirds(bool enable) @@ -62,7 +62,7 @@ public: { return seq + length <= seq_to_skip; } protected: - ContentLine_Analyzer(const char* name, Connection* conn, bool orig, int max_line_length=DEFAULT_MAX_LINE_LENGTH); + ContentLine_Analyzer(const char* name, zeek::Connection* conn, bool orig, int max_line_length=DEFAULT_MAX_LINE_LENGTH); void DeliverStream(int len, const u_char* data, bool is_orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 8758a24ffc..8ec00cf130 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -123,7 +123,7 @@ static zeek::RecordVal* build_syn_packet_val(bool is_orig, const zeek::IP_Hdr* i } -TCP_Analyzer::TCP_Analyzer(Connection* conn) +TCP_Analyzer::TCP_Analyzer(zeek::Connection* conn) : TransportLayerAnalyzer("TCP", conn) { // Set a timer to eventually time out this connection. @@ -2092,7 +2092,7 @@ zeek::RecordVal* TCPStats_Endpoint::BuildStats() return stats; } -TCPStats_Analyzer::TCPStats_Analyzer(Connection* c) +TCPStats_Analyzer::TCPStats_Analyzer(zeek::Connection* c) : TCP_ApplicationAnalyzer("TCPSTATS", c), orig_stats(), resp_stats() { diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 982e18231b..96ce110c34 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -23,7 +23,7 @@ class TCP_Reassembler; class TCP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: - explicit TCP_Analyzer(Connection* conn); + explicit TCP_Analyzer(zeek::Connection* conn); ~TCP_Analyzer() override; void EnableReassembly(); @@ -68,7 +68,7 @@ public: int ParseTCPOptions(const struct tcphdr* tcp, bool is_orig); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new TCP_Analyzer(conn); } protected: @@ -142,7 +142,7 @@ protected: void CheckRecording(bool need_contents, TCP_Flags flags); void CheckPIA_FirstPacket(bool is_orig, const zeek::IP_Hdr* ip); - friend class ConnectionTimer; + friend class zeek::detail::ConnectionTimer; void AttemptTimer(double t); void PartialCloseTimer(double t); void ExpireTimer(double t); @@ -192,10 +192,10 @@ private: class TCP_ApplicationAnalyzer : public zeek::analyzer::Analyzer { public: - TCP_ApplicationAnalyzer(const char* name, Connection* conn) + TCP_ApplicationAnalyzer(const char* name, zeek::Connection* conn) : Analyzer(name, conn), tcp(nullptr) { } - explicit TCP_ApplicationAnalyzer(Connection* conn) + explicit TCP_ApplicationAnalyzer(zeek::Connection* conn) : Analyzer(conn), tcp(nullptr) { } ~TCP_ApplicationAnalyzer() override { } @@ -246,7 +246,7 @@ private: class TCP_SupportAnalyzer : public zeek::analyzer::SupportAnalyzer { public: - TCP_SupportAnalyzer(const char* name, Connection* conn, bool arg_orig) + TCP_SupportAnalyzer(const char* name, zeek::Connection* conn, bool arg_orig) : zeek::analyzer::SupportAnalyzer(name, conn, arg_orig) { } ~TCP_SupportAnalyzer() override {} @@ -285,13 +285,13 @@ protected: class TCPStats_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: - explicit TCPStats_Analyzer(Connection* c); + explicit TCPStats_Analyzer(zeek::Connection* c); ~TCPStats_Analyzer() override; void Init() override; void Done() override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new TCPStats_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index d4f9c4deab..e16624620f 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -56,7 +56,7 @@ TCP_Endpoint::~TCP_Endpoint() delete contents_processor; } -Connection* TCP_Endpoint::Conn() const +zeek::Connection* TCP_Endpoint::Conn() const { return tcp_analyzer->Conn(); } diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.h b/src/analyzer/protocol/tcp/TCP_Endpoint.h index bae3358717..f55b01b566 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.h +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.h @@ -5,8 +5,7 @@ #include "IPAddr.h" #include "File.h" -class Connection; - +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(IP_Hdr, zeek); namespace analyzer { namespace tcp { @@ -140,7 +139,7 @@ public: return ack == start || ack == start + 1; } - Connection* Conn() const; + zeek::Connection* Conn() const; bool HasContents() const { return contents_processor != nullptr; } bool HadGap() const; diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index 553ae29f8c..4993ea431b 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -5,8 +5,7 @@ #include "TCP_Flags.h" #include "File.h" -class Connection; - +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(Analyzer, zeek, analyzer); namespace analyzer::tcp { diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 7fabf603b8..194da778b2 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -18,7 +18,7 @@ ## .. zeek:see:: get_resp_seq function get_orig_seq%(cid: conn_id%): count %{ - Connection* c = zeek::sessions->FindConnection(cid); + zeek::Connection* c = zeek::sessions->FindConnection(cid); if ( ! c ) return zeek::val_mgr->Count(0); @@ -47,7 +47,7 @@ function get_orig_seq%(cid: conn_id%): count ## .. zeek:see:: get_orig_seq function get_resp_seq%(cid: conn_id%): count %{ - Connection* c = zeek::sessions->FindConnection(cid); + zeek::Connection* c = zeek::sessions->FindConnection(cid); if ( ! c ) return zeek::val_mgr->Count(0); @@ -97,7 +97,7 @@ function get_resp_seq%(cid: conn_id%): count ## .. zeek:see:: get_contents_file set_record_packets contents_file_write_failure function set_contents_file%(cid: conn_id, direction: count, f: file%): bool %{ - Connection* c = zeek::sessions->FindConnection(cid); + zeek::Connection* c = zeek::sessions->FindConnection(cid); if ( ! c ) return zeek::val_mgr->False(); @@ -120,7 +120,7 @@ function set_contents_file%(cid: conn_id, direction: count, f: file%): bool ## .. zeek:see:: set_contents_file set_record_packets contents_file_write_failure function get_contents_file%(cid: conn_id, direction: count%): file %{ - Connection* c = zeek::sessions->FindConnection(cid); + zeek::Connection* c = zeek::sessions->FindConnection(cid); if ( c ) { diff --git a/src/analyzer/protocol/teredo/Teredo.h b/src/analyzer/protocol/teredo/Teredo.h index bd9437df60..4a956e957b 100644 --- a/src/analyzer/protocol/teredo/Teredo.h +++ b/src/analyzer/protocol/teredo/Teredo.h @@ -8,19 +8,17 @@ namespace analyzer { namespace teredo { class Teredo_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit Teredo_Analyzer(Connection* conn) : Analyzer("TEREDO", conn), - valid_orig(false), valid_resp(false) - {} + explicit Teredo_Analyzer(zeek::Connection* conn) + : Analyzer("TEREDO", conn), valid_orig(false), valid_resp(false) {} - ~Teredo_Analyzer() override - {} + ~Teredo_Analyzer() override = default; void Done() override; void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Teredo_Analyzer(conn); } /** diff --git a/src/analyzer/protocol/udp/UDP.cc b/src/analyzer/protocol/udp/UDP.cc index f56d1d9584..8626c7ff1b 100644 --- a/src/analyzer/protocol/udp/UDP.cc +++ b/src/analyzer/protocol/udp/UDP.cc @@ -15,7 +15,7 @@ using namespace analyzer::udp; -UDP_Analyzer::UDP_Analyzer(Connection* conn) +UDP_Analyzer::UDP_Analyzer(zeek::Connection* conn) : TransportLayerAnalyzer("UDP", conn) { conn->EnableStatusUpdateTimer(); diff --git a/src/analyzer/protocol/udp/UDP.h b/src/analyzer/protocol/udp/UDP.h index 5ba9f02377..211478b129 100644 --- a/src/analyzer/protocol/udp/UDP.h +++ b/src/analyzer/protocol/udp/UDP.h @@ -14,13 +14,13 @@ typedef enum { class UDP_Analyzer final : public zeek::analyzer::TransportLayerAnalyzer { public: - explicit UDP_Analyzer(Connection* conn); + explicit UDP_Analyzer(zeek::Connection* conn); ~UDP_Analyzer() override; void Init() override; void UpdateConnVal(zeek::RecordVal *conn_val) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new UDP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/vxlan/VXLAN.h b/src/analyzer/protocol/vxlan/VXLAN.h index fbdbf7407d..afbad5bdf1 100644 --- a/src/analyzer/protocol/vxlan/VXLAN.h +++ b/src/analyzer/protocol/vxlan/VXLAN.h @@ -8,7 +8,7 @@ namespace analyzer { namespace vxlan { class VXLAN_Analyzer final : public zeek::analyzer::Analyzer { public: - explicit VXLAN_Analyzer(Connection* conn) + explicit VXLAN_Analyzer(zeek::Connection* conn) : Analyzer("VXLAN", conn) {} @@ -17,7 +17,7 @@ public: void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip, int caplen) override; - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new VXLAN_Analyzer(conn); } }; diff --git a/src/analyzer/protocol/xmpp/XMPP.cc b/src/analyzer/protocol/xmpp/XMPP.cc index f9132a7a65..3969d8efaf 100644 --- a/src/analyzer/protocol/xmpp/XMPP.cc +++ b/src/analyzer/protocol/xmpp/XMPP.cc @@ -6,7 +6,7 @@ using namespace analyzer::xmpp; -XMPP_Analyzer::XMPP_Analyzer(Connection* conn) +XMPP_Analyzer::XMPP_Analyzer(zeek::Connection* conn) : tcp::TCP_ApplicationAnalyzer("XMPP", conn) { interp = unique_ptr(new binpac::XMPP::XMPP_Conn(this)); diff --git a/src/analyzer/protocol/xmpp/XMPP.h b/src/analyzer/protocol/xmpp/XMPP.h index 31b6ae9381..b5b32cfea2 100644 --- a/src/analyzer/protocol/xmpp/XMPP.h +++ b/src/analyzer/protocol/xmpp/XMPP.h @@ -10,7 +10,7 @@ namespace analyzer { namespace xmpp { class XMPP_Analyzer final : public tcp::TCP_ApplicationAnalyzer { public: - explicit XMPP_Analyzer(Connection* conn); + explicit XMPP_Analyzer(zeek::Connection* conn); ~XMPP_Analyzer() override; void Done() override; @@ -22,7 +22,7 @@ public: void StartTLS(); - static zeek::analyzer::Analyzer* Instantiate(Connection* conn) + static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new XMPP_Analyzer(conn); } protected: diff --git a/src/analyzer/protocol/zip/ZIP.cc b/src/analyzer/protocol/zip/ZIP.cc index 38d6fac2b7..cea4ab2066 100644 --- a/src/analyzer/protocol/zip/ZIP.cc +++ b/src/analyzer/protocol/zip/ZIP.cc @@ -4,7 +4,7 @@ using namespace analyzer::zip; -ZIP_Analyzer::ZIP_Analyzer(Connection* conn, bool orig, Method arg_method) +ZIP_Analyzer::ZIP_Analyzer(zeek::Connection* conn, bool orig, Method arg_method) : tcp::TCP_SupportAnalyzer("ZIP", conn, orig) { zip = nullptr; diff --git a/src/analyzer/protocol/zip/ZIP.h b/src/analyzer/protocol/zip/ZIP.h index 2892ef4727..ab075c7a14 100644 --- a/src/analyzer/protocol/zip/ZIP.h +++ b/src/analyzer/protocol/zip/ZIP.h @@ -13,7 +13,7 @@ class ZIP_Analyzer final : public tcp::TCP_SupportAnalyzer { public: enum Method { GZIP, DEFLATE }; - ZIP_Analyzer(Connection* conn, bool orig, Method method = GZIP); + ZIP_Analyzer(zeek::Connection* conn, bool orig, Method method = GZIP); ~ZIP_Analyzer() override; void Done() override; diff --git a/src/binpac_bro-lib.pac b/src/binpac_bro-lib.pac index bd06f6122d..4b029813f1 100644 --- a/src/binpac_bro-lib.pac +++ b/src/binpac_bro-lib.pac @@ -7,7 +7,7 @@ %} %code{ -zeek::StringValPtr utf16_to_utf8_val(Connection* conn, const bytestring& utf16) +zeek::StringValPtr utf16_to_utf8_val(zeek::Connection* conn, const bytestring& utf16) { std::string resultstring; @@ -55,7 +55,7 @@ zeek::StringValPtr utf16_to_utf8_val(Connection* conn, const bytestring& utf16) return zeek::make_intrusive(resultstring.c_str()); } -zeek::StringVal* utf16_bytestring_to_utf8_val(Connection* conn, const bytestring& utf16) +zeek::StringVal* utf16_bytestring_to_utf8_val(zeek::Connection* conn, const bytestring& utf16) { return utf16_to_utf8_val(conn, utf16).release(); } diff --git a/src/binpac_bro.h b/src/binpac_bro.h index 6878d5511c..73b984967a 100644 --- a/src/binpac_bro.h +++ b/src/binpac_bro.h @@ -34,9 +34,9 @@ inline zeek::StringValPtr to_stringval(const_bytestring const& str) return zeek::make_intrusive(str.length(), (const char*) str.begin()); } -zeek::StringValPtr utf16_to_utf8_val(Connection* conn, const bytestring& utf16); +zeek::StringValPtr utf16_to_utf8_val(zeek::Connection* conn, const bytestring& utf16); [[deprecated("Remove in v4.1. Use utf16_to_utf8_val() instead.")]] -zeek::StringVal* utf16_bytestring_to_utf8_val(Connection* conn, const bytestring& utf16); +zeek::StringVal* utf16_bytestring_to_utf8_val(zeek::Connection* conn, const bytestring& utf16); } // namespace binpac diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index 7d8bfe5615..10baa0454f 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -30,7 +30,7 @@ static zeek::TableValPtr empty_connection_table() return zeek::make_intrusive(std::move(tbl_type)); } -static zeek::RecordValPtr get_conn_id_val(const Connection* conn) +static zeek::RecordValPtr get_conn_id_val(const zeek::Connection* conn) { auto v = zeek::make_intrusive(zeek::id::conn_id); v->Assign(0, zeek::make_intrusive(conn->OrigAddr())); @@ -80,7 +80,7 @@ void File::StaticInit() meta_inferred_idx = Idx("inferred", zeek::id::fa_metadata); } -File::File(const std::string& file_id, const std::string& source_name, Connection* conn, +File::File(const std::string& file_id, const std::string& source_name, zeek::Connection* conn, zeek::analyzer::Tag tag, bool is_orig) : id(file_id), val(nullptr), file_reassembler(nullptr), stream_offset(0), reassembly_max_buffer(0), did_metadata_inference(false), @@ -123,7 +123,7 @@ double File::GetLastActivityTime() const return val->GetField(last_active_idx)->AsTime(); } -bool File::UpdateConnectionFields(Connection* conn, bool is_orig) +bool File::UpdateConnectionFields(zeek::Connection* conn, bool is_orig) { if ( ! conn ) return false; @@ -146,7 +146,7 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig) return true; } -void File::RaiseFileOverNewConnection(Connection* conn, bool is_orig) +void File::RaiseFileOverNewConnection(zeek::Connection* conn, bool is_orig) { if ( conn && FileEventAvailable(file_over_new_connection) ) { diff --git a/src/file_analysis/File.h b/src/file_analysis/File.h index 3c69adc96f..da47e10cff 100644 --- a/src/file_analysis/File.h +++ b/src/file_analysis/File.h @@ -13,8 +13,7 @@ #include "ZeekArgs.h" #include "WeirdState.h" -class Connection; - +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(EventHandlerPtr, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordVal, zeek); ZEEK_FORWARD_DECLARE_NAMESPACED(RecordType, zeek); @@ -253,7 +252,7 @@ protected: * of the connection to the responder. False indicates the other * direction. */ - File(const std::string& file_id, const std::string& source_name, Connection* conn = nullptr, + File(const std::string& file_id, const std::string& source_name, zeek::Connection* conn = nullptr, zeek::analyzer::Tag tag = zeek::analyzer::Tag::Error, bool is_orig = false); /** @@ -263,12 +262,12 @@ protected: * @param is_orig true if the connection originator is sending the file. * @return true if the connection was previously unknown. */ - bool UpdateConnectionFields(Connection* conn, bool is_orig); + bool UpdateConnectionFields(zeek::Connection* conn, bool is_orig); /** * Raise the file_over_new_connection event with given arguments. */ - void RaiseFileOverNewConnection(Connection* conn, bool is_orig); + void RaiseFileOverNewConnection(zeek::Connection* conn, bool is_orig); /** * Increment a byte count field of #val record by \a size. diff --git a/src/file_analysis/FileReassembler.h b/src/file_analysis/FileReassembler.h index 5113981e18..0924198235 100644 --- a/src/file_analysis/FileReassembler.h +++ b/src/file_analysis/FileReassembler.h @@ -5,7 +5,7 @@ namespace zeek { class File; } using BroFile [[deprecated("Remove in v4.1. Use zeek::File.")]] = zeek::File; -class Connection; +ZEEK_FORWARD_DECLARE_NAMESPACED(Connection, zeek); namespace file_analysis { diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index 6c6e3ee758..09bb527bc6 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -91,7 +91,7 @@ void Manager::SetHandle(const string& handle) } string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, - const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, + const zeek::analyzer::Tag& tag, zeek::Connection* conn, bool is_orig, const string& precomputed_id, const string& mime_type) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -121,8 +121,8 @@ string Manager::DataIn(const u_char* data, uint64_t len, uint64_t offset, } string Manager::DataIn(const u_char* data, uint64_t len, const zeek::analyzer::Tag& tag, - Connection* conn, bool is_orig, const string& precomputed_id, - const string& mime_type) + zeek::Connection* conn, bool is_orig, const string& precomputed_id, + const string& mime_type) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; // Sequential data input shouldn't be going over multiple conns, so don't @@ -161,13 +161,13 @@ void Manager::DataIn(const u_char* data, uint64_t len, const string& file_id, RemoveFile(file->GetID()); } -void Manager::EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn) +void Manager::EndOfFile(const zeek::analyzer::Tag& tag, zeek::Connection* conn) { EndOfFile(tag, conn, true); EndOfFile(tag, conn, false); } -void Manager::EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig) +void Manager::EndOfFile(const zeek::analyzer::Tag& tag, zeek::Connection* conn, bool is_orig) { // Don't need to create a file if we're just going to remove it right away. RemoveFile(GetFileID(tag, conn, is_orig)); @@ -179,7 +179,7 @@ void Manager::EndOfFile(const string& file_id) } string Manager::Gap(uint64_t offset, uint64_t len, const zeek::analyzer::Tag& tag, - Connection* conn, bool is_orig, const string& precomputed_id) + zeek::Connection* conn, bool is_orig, const string& precomputed_id) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; File* file = GetFile(id, conn, tag, is_orig); @@ -191,7 +191,7 @@ string Manager::Gap(uint64_t offset, uint64_t len, const zeek::analyzer::Tag& ta return id; } -string Manager::SetSize(uint64_t size, const zeek::analyzer::Tag& tag, Connection* conn, +string Manager::SetSize(uint64_t size, const zeek::analyzer::Tag& tag, zeek::Connection* conn, bool is_orig, const string& precomputed_id) { string id = precomputed_id.empty() ? GetFileID(tag, conn, is_orig) : precomputed_id; @@ -303,7 +303,7 @@ bool Manager::RemoveAnalyzer(const string& file_id, const file_analysis::Tag& ta return file->RemoveAnalyzer(tag, std::move(args)); } -File* Manager::GetFile(const string& file_id, Connection* conn, +File* Manager::GetFile(const string& file_id, zeek::Connection* conn, const zeek::analyzer::Tag& tag, bool is_orig, bool update_conn, const char* source_name) { @@ -420,7 +420,7 @@ bool Manager::IsIgnored(const string& file_id) return ignored.find(file_id) != ignored.end(); } -string Manager::GetFileID(const zeek::analyzer::Tag& tag, Connection* c, bool is_orig) +string Manager::GetFileID(const zeek::analyzer::Tag& tag, zeek::Connection* c, bool is_orig) { current_file_id.clear(); diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index c3b60d2034..dc5a667942 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -104,7 +104,7 @@ public: * indicates the associate file is not going to be analyzed further. */ std::string DataIn(const u_char* data, uint64_t len, uint64_t offset, - const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig, + const zeek::analyzer::Tag& tag, zeek::Connection* conn, bool is_orig, const std::string& precomputed_file_id = "", const std::string& mime_type = ""); @@ -131,7 +131,7 @@ public: * indicates the associated file is not going to be analyzed further. */ std::string DataIn(const u_char* data, uint64_t len, const zeek::analyzer::Tag& tag, - Connection* conn, bool is_orig, + zeek::Connection* conn, bool is_orig, const std::string& precomputed_file_id = "", const std::string& mime_type = ""); @@ -153,7 +153,7 @@ public: * @param tag network protocol over which the file data is transferred. * @param conn network connection over which the file data is transferred. */ - void EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn); + void EndOfFile(const zeek::analyzer::Tag& tag, zeek::Connection* conn); /** * Signal the end of file data being transferred over a connection in @@ -161,7 +161,7 @@ public: * @param tag network protocol over which the file data is transferred. * @param conn network connection over which the file data is transferred. */ - void EndOfFile(const zeek::analyzer::Tag& tag, Connection* conn, bool is_orig); + void EndOfFile(const zeek::analyzer::Tag& tag, zeek::Connection* conn, bool is_orig); /** * Signal the end of file data being transferred using the file identifier. @@ -186,7 +186,7 @@ public: * indicates the associate file is not going to be analyzed further. */ std::string Gap(uint64_t offset, uint64_t len, const zeek::analyzer::Tag& tag, - Connection* conn, bool is_orig, + zeek::Connection* conn, bool is_orig, const std::string& precomputed_file_id = ""); /** @@ -204,7 +204,7 @@ public: * the \c get_file_handle script-layer event). An empty string * indicates the associate file is not going to be analyzed further. */ - std::string SetSize(uint64_t size, const zeek::analyzer::Tag& tag, Connection* conn, + std::string SetSize(uint64_t size, const zeek::analyzer::Tag& tag, zeek::Connection* conn, bool is_orig, const std::string& precomputed_file_id = ""); /** @@ -369,7 +369,7 @@ protected: * exist, the activity time is refreshed along with any * connection-related fields. */ - File* GetFile(const std::string& file_id, Connection* conn = nullptr, + File* GetFile(const std::string& file_id, zeek::Connection* conn = nullptr, const zeek::analyzer::Tag& tag = zeek::analyzer::Tag::Error, bool is_orig = false, bool update_conn = true, const char* source_name = nullptr); @@ -401,7 +401,7 @@ protected: * @return #current_file_id, which is a hash of a unique file handle string * set by a \c get_file_handle event handler. */ - std::string GetFileID(const zeek::analyzer::Tag& tag, Connection* c, bool is_orig); + std::string GetFileID(const zeek::analyzer::Tag& tag, zeek::Connection* c, bool is_orig); /** * Check if analysis is available for files transferred over a given diff --git a/src/fuzzers/pop3-fuzzer.cc b/src/fuzzers/pop3-fuzzer.cc index 7915de8bb9..04c4eddd2c 100644 --- a/src/fuzzers/pop3-fuzzer.cc +++ b/src/fuzzers/pop3-fuzzer.cc @@ -13,7 +13,7 @@ static constexpr auto ZEEK_FUZZ_ANALYZER = "pop3"; -static Connection* add_connection() +static zeek::Connection* add_connection() { static constexpr double network_time_start = 1439471031; net_update_time(network_time_start); @@ -25,14 +25,14 @@ static Connection* add_connection() conn_id.src_port = htons(23132); conn_id.dst_port = htons(80); ConnIDKey key = BuildConnIDKey(conn_id); - Connection* conn = new Connection(sessions, key, network_time_start, + zeek::Connection* conn = new Connection(sessions, key, network_time_start, &conn_id, 1, &p, nullptr); conn->SetTransport(TRANSPORT_TCP); sessions->Insert(conn); return conn; } -static zeek::analyzer::Analyzer* add_analyzer(Connection* conn) +static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) { analyzer::tcp::TCP_Analyzer* tcp = new analyzer::tcp::TCP_Analyzer(conn); analyzer::pia::PIA* pia = new analyzer::pia::PIA_TCP(conn); diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index be46a246b6..34a795b970 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -865,7 +865,7 @@ bool Manager::HookLogWrite(const std::string& writer, } bool Manager::HookReporter(const std::string& prefix, const EventHandlerPtr event, - const Connection* conn, const val_list* addl, bool location, + const zeek::Connection* conn, const val_list* addl, bool location, const zeek::detail::Location* location1, const zeek::detail::Location* location2, bool time, const std::string& message)